CVE-2012-0199
published 2012-03-06CVE-2012-0199: Multiple SQL injection vulnerabilities in IBM Tivoli Provisioning Manager Express for Software Distribution 4.1.1 allow remote attackers to execute arbitrary…
PriorityP343high7.5CVSS 2.0
AVNACLAuNCPIPAP
EPSS
1.78%
75.4th percentile
Multiple SQL injection vulnerabilities in IBM Tivoli Provisioning Manager Express for Software Distribution 4.1.1 allow remote attackers to execute arbitrary SQL commands via (1) a SOAP message to the Printer.getPrinterAgentKey function in the SoapServlet servlet, (2) the User.updateUserValue function in the register.do servlet, (3) the User.isExistingUser function in the logon.do servlet, (4) the Asset.getHWKey function in the CallHomeExec servlet, (5) the Asset.getMimeType function in the getAttachment (aka GetAttachmentServlet) servlet, (6) the addAsset.do servlet, or (7) a crafted EG2 file.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ibm | tivoli_provisioning_manager_express_for_software_distribution | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Bugzilla
CVE-2013-0199 CVE-2012-4546 freeipa various flaws [fedora-all]
bugzilla·2013-01-23·CVSS 4.3
CVE-2013-0199 [MEDIUM] CVE-2013-0199 CVE-2012-4546 freeipa various flaws [fedora-all]
CVE-2013-0199 CVE-2012-4546 freeipa various flaws [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please use the bodhi submission link
noted in the next comment(s). This will include the bug IDs of this
tracking bug as well as the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
Bodhi notes field when available.
fedora-18 tracking bug for freeipa: see bl
Talos
When combining exploits for added effect goes wrong
blogs_talos·2017-08-14·CVSS 8.8
CVE-2017-0199 [HIGH] When combining exploits for added effect goes wrong
### IntroductionSince public disclosure in April 2017,CVE-2017-0199has been frequently used within malicious Office documents. The vulnerability allows attackers to include Ole2Link objects within RTF documents to launch remote code when HTA applications are opened and parsed by Microsoft Word.
In this recent campaign, attackers combined CVE-2017-0199 exploitation with an earlier exploit, CVE-2012-0158, possibly in an attempt to evade user prompts by Word, or to arrive at code execution via a different mechanism. Potentially, this was just a test run in order to test a new concept. In any case, the attackers made mistakes which caused the attack to be a lot less effective than it could have been.
Analysis of the payload highlights the potential for the Ole2Link exploit to launch other do
2012-03-06
Published