CVE

Id
25329  
CVE No.
CVE-2007-1972  
Status
Candidate  
Description
** DISPUTED ** PatrolAgent.exe in BMC Performance Manager does not require authentication for requests to modify configuration files, which allows remote attackers to execute arbitrary code via a request on TCP port 3181 for modification of the masterAgentName and masterAgentStartLine SNMP parameters. NOTE: the vendor disputes this vulnerability, stating that it does not exist when the system is properly configured.  
Phase
Assigned (20070411)  
Votes
None (candidate not yet proposed)  
Comments
 

Actions

Related CVE References

Id CVE Id CVE No. Reference Actions
252553 25329 CVE-2007-1972 BUGTRAQ:20070418 ZDI-07-020: BMC Performance Manager SNMP Command Execution Vulnerability  View
252554 25329 CVE-2007-1972 URL:http://www.securityfocus.com/archive/1/archive/1/466223/100/0/threaded  View
252555 25329 CVE-2007-1972 BUGTRAQ:20070419 Re: ZDI-07-020: BMC Performance Manager SNMP Command Execution Vulnerability  View
252556 25329 CVE-2007-1972 URL:http://www.securityfocus.com/archive/1/archive/1/466274/100/0/threaded  View
252557 25329 CVE-2007-1972 MISC:http://www.zerodayinitiative.com/advisories/ZDI-07-020.html  View
252558 25329 CVE-2007-1972 BID:23559  View
252559 25329 CVE-2007-1972 URL:http://www.securityfocus.com/bid/23559  View
252560 25329 CVE-2007-1972 VUPEN:ADV-2007-1458  View
252561 25329 CVE-2007-1972 URL:http://www.vupen.com/english/advisories/2007/1458  View
252562 25329 CVE-2007-1972 SECTRACK:1017935  View
252563 25329 CVE-2007-1972 URL:http://www.securitytracker.com/id?1017935  View
252564 25329 CVE-2007-1972 SREASON:2599  View

Related JVN

Id JVN No. Title Summary CVE No. CVE Id CVSS_v2 CVSS_v3 JVN URL Actions
56698 JVNDB-2007-005390 Xoops モジュールで使用される WF-Section における SQL インジェクションの脆弱性 (1) Zmagazine、(2) Happy Linux XFsectionなどの Xoops モジュールで使用される WF-Section の class/wfsarticle.php の getArticle 関数には、SQL インジェクションの脆弱性が存在します。 CVE-2007-1974 25329 7.5 http://jvndb.jvn.jp/ja/contents/2007/JVNDB-2007-005390.html  View