5 results (0.010 seconds)

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

Unauthorized escalation of local privileges vulnerability on Micro Focus Operation Agent, affecting all versions prior to versions 12.11. The vulnerability could be exploited to escalate the local privileges and gain root access on the system. Una vulnerabilidad de escalada de privilegios local no autorizada en Micro Focus Operation Agent, que afecta a todas las versiones anteriores a la versión 12.11. La vulnerabilidad podría ser explotada para escalar los privilegios locales y conseguir acceso root en el sistema • https://softwaresupport.softwaregrp.com/doc/KM03709900 •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 2

Cross-site scripting (XSS) vulnerability in HP Operations Agent in HP Operations Manager (formerly OpenView Communications Broker) before 11.14 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en HP Operations Agent en HP Operations Manager (anteriormente OpenView Communications Broker) anterior a 11.14 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados. • https://www.exploit-db.com/exploits/35076 http://www.exploit-db.com/exploits/35076 https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04472444 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 10.0EPSS: 95%CPEs: 13EXPL: 1

Unspecified vulnerability in HP Operations Agent before 11.03.12 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1325. Vulnerabilidad no especificada en HP Agente de Operaciones antes de 3.11.12 permite a atacantes remotos ejecutar código arbitrario a través de vectores desconocidos, también conocido como ZDI-CAN-1325. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP OpenView Performance Agent. Authentication is not required to exploit this vulnerability. The specific flaw exists within the coda.exe process which listens on a random TCP port by default. The process trusts a value within a GET request as a size. • https://www.exploit-db.com/exploits/22306 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03397769 •

CVSS: 10.0EPSS: 95%CPEs: 13EXPL: 1

Unspecified vulnerability in HP Operations Agent before 11.03.12 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1326. Vulnerabilidad no especificada en HP Operations Agent antes de v3.11.12 permite a atacantes remotos ejecutar código arbitrario a través de vectores desconocidos, también conocido como ZDI-CAN-1326. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP OpenView Performance Agent. Authentication is not required to exploit this vulnerability. The specific flaw exists within the coda.exe process which listens on a random TCP port by default. The process trusts a value within a GET request as a size. • https://www.exploit-db.com/exploits/22305 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03397769 •

CVSS: 6.4EPSS: 3%CPEs: 9EXPL: 2

ovbbccb.exe 6.20.50.0 and other versions in HP OpenView Performance Agent 4.70 and 5.0; and Operations Agent 11.0, 8.60.005, 8.60.006, 8.60.007, 8.60.008, 8.60.501, and 8.53; allows remote attackers to delete arbitrary files via a full pathname in the File field in a Register command. ovbbccb.exe versión 6.20.50.0 y otras versiones en OpenView Performance Agent versiones 4.70 y 5.0; y el Operations Agent versiones 11.0, 8.60.005, 8.60.006, 8.60.007, 8.60.008, 8.60.501 y 8.53, de HP; permite a los atacantes remotos eliminar archivos arbitrarios por medio de un nombre de ruta completo en el campo File en un comando Register. • http://aluigi.altervista.org/adv/ovbbccb_1-adv.txt http://marc.info/?l=bugtraq&m=131188898632504&w=2 http://secunia.com/advisories/45079 http://securitytracker.com/id?1025715 http://www.securityfocus.com/bid/48481 https://exchange.xforce.ibmcloud.com/vulnerabilities/68269 • CWE-20: Improper Input Validation •