CVE

Id
54438  
CVE No.
CVE-2012-1195  
Status
Candidate  
Description
Unrestricted file upload vulnerability in andesk/managementsuite/core/core.anonymous/ServerSetup.asmx in the ServerSetup web service in Lenovo ThinkManagement Console 9.0.3 allows remote attackers to execute arbitrary code by uploading a file with an executable extension via a PutUpdateFileCore command in a RunAMTCommand SOAP request, then accessing the file via a direct request to the file in the web root.  
Phase
Assigned (20120217)  
Votes
None (candidate not yet proposed)  
Comments
 

Actions

Related CVE References

Id CVE Id CVE No. Reference Actions
572121 54438 CVE-2012-1195 BID:52023  View
572122 54438 CVE-2012-1195 URL:http://www.securityfocus.com/bid/52023  View
572123 54438 CVE-2012-1195 OSVDB:79276  View
572124 54438 CVE-2012-1195 URL:http://osvdb.org/79276  View
572125 54438 CVE-2012-1195 SECTRACK:1026693  View
572126 54438 CVE-2012-1195 URL:http://www.securitytracker.com/id?1026693  View
572127 54438 CVE-2012-1195 SECUNIA:47666  View
572128 54438 CVE-2012-1195 URL:http://secunia.com/advisories/47666  View
572129 54438 CVE-2012-1195 XF:thinkmanagement-serversetup-file-upload(73207)  View

Related JVN

Id JVN No. Title Summary CVE No. CVE Id CVSS_v2 CVSS_v3 JVN URL Actions
25815 JVNDB-2012-001522 Nova CMS における PHP リモートファイルインクルージョンの脆弱性 Nova CMS には、PHP リモートファイルインクルージョンの脆弱性が存在します。 CVE-2012-1200 54438 7.5 http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001522.html  View