Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.8
CVSSv2

CVE-2009-0880

Published: 12/03/2009 Updated: 10/10/2018
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
VMScore: 690
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Subscribe to Director

Vulnerability Summary

Directory traversal vulnerability in the CIM server in IBM Director prior to 5.20.3 Service Update 2 on Windows allows remote malicious users to load and execute arbitrary local DLL code via a .. (dot dot) in a /CIMListener/ URI in an M-POST request.

Vulnerable Product Search on Vulmon Subscribe to Product

ibm director 5.20.2

ibm director 5.20.1

ibm director 4.12

ibm director 4.10

ibm director 5.10.1

ibm director 5.10.0

ibm director 4.22

ibm director 5.10.2

ibm director 4.11

ibm director 4.21

ibm director 4.20

ibm director 5.20.0

ibm director 5.10.3

ibm director 3.1.1

ibm director

Exploits

Exploit DB: IBM System Director Remote DLL Load
By sending a specially crafted request to a vulnerable IBM System Director sever, an attacker can force it to load a DLL remotely from a WebDAV share Versions 5203 and below are vulnerable ...
Exploit DB: IBM System Director Agent - Remote System Level
IBM System Director Remote System Level Exploit (CVE-2009-0880 extended zeroday) Copyright (C) 2012 Kingcope IBM System Director has the port 6988 open By using a special request to a vulnerable server, the attacker can force to load a dll remotely from a WebDAV share The following exploit will load the dll from \\isowarezde\\director\wootwoot ...
Exploit DB: IBM System Director Agent - DLL Injection (Metasploit)
## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions Please see the Metasploit # web site for more information on licensing and terms of use # metasploitcom/ ## require 'msf/core' class Metasploit3 < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit ...

References

CWE-22https://www.sec-consult.com/files/20090305-2_IBM_director_privilege_escalation.txthttp://www.vupen.com/english/advisories/2009/0656http://secunia.com/advisories/34212https://www14.software.ibm.com/webapp/iwm/web/reg/download.do?source=dmp&S_PKG=director_x_520&S_TACT=sms&lang=en_US&cp=UTF-8http://www.securityfocus.com/bid/34065http://osvdb.org/52616https://exchange.xforce.ibmcloud.com/vulnerabilities/49286http://www.securityfocus.com/archive/1/501639/100/0/threadedhttps://nvd.nist.govhttps://packetstormsecurity.com/files/118549/IBM-System-Director-Remote-DLL-Load.htmlhttps://www.exploit-db.com/exploits/23074/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48700CVE-2022-48689CVE-2024-27956CVE-2023-6363SQLNULL pointer dereferenceCVE-2023-41830CVE-2015-2051arbitrary
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook