Published: 18/02/2012 Updated: 29/08/2017

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 510

Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N

Subscribe to Lenovo Thinkmanagement Console

Directory traversal vulnerability in the VulCore web service (WSVulnerabilityCore/VulCore.asmx) in Lenovo ThinkManagement Console 9.0.3 allows remote malicious users to delete arbitrary files via a .. (dot dot) in the filename parameter in a SetTaskLogByFile SOAP request.

Vulnerable Product	Search on Vulmon	Subscribe to Product
landesk lenovo thinkmanagement console 9.0.3

## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions Please see the Metasploit # web site for more information on licensing and terms of use # metasploitcom/ ## require 'msf/core' class Metasploit3 < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit ...

LANDesk Lenovo ThinkManagement Suite 903 Core Server WSVulnerabilityCoredll SetTaskLogByFile() Remote Arbitrary File Deletion Vulnerability Tested against: Microsoft Windows Server 2003 r2 sp2 Software home page: wwwlandeskcom/lenovo/thinkmanagement-consoleaspx Download url: wwwlandeskcom/downloads/lenovo/50aspx Files te ...

CWE-22 http://www.securityfocus.com/bid/52023 http://secunia.com/advisories/47666 http://osvdb.org/79277 http://www.securitytracker.com/id?1026693 https://exchange.xforce.ibmcloud.com/vulnerabilities/73208 https://nvd.nist.gov https://www.exploit-db.com/exploits/18714/

CVE-2012-1196

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect