5 results (0.005 seconds)

CVSS: 9.4EPSS: 21%CPEs: 8EXPL: 0

Unspecified vulnerability in the loadFileContents function in the SOAP implementation in HP SiteScope 10.1x, 11.1x, and 11.21 allows remote attackers to read arbitrary files or cause a denial of service via unknown vectors, aka ZDI-CAN-2084. Vulnerabilidad no especificada en la función loadFileContents en la implementación SOAP en HP SiteScope 10.1x, 11.1x y 11.21 permite a atacantes remotos leer archivos arbitrarios o causar una denegación de servicio a través de vectores desconocidos, también conocido como ZDI-CAN-2084. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard SiteScope. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of SOAP requests. The issue lies in failure to require authentication to several SOAP endpoints. • https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03969435 https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c03969435 •

CVSS: 8.3EPSS: 1%CPEs: 6EXPL: 0

Session fixation vulnerability in HP SiteScope 9.x, 10.x, and 11.x allows remote attackers to hijack web sessions via unspecified vectors. Una vulnerabilidad de fijación de sesión en HP SiteScope v9.x, v10.x y v11.x permite a atacantes remotos secuestrar sesiones web a través de vectores no especificados. • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02940969 http://osvdb.org/74114 http://secunia.com/advisories/45440 http://securitytracker.com/id?1025856 http://www.securityfocus.com/bid/48916 https://exchange.xforce.ibmcloud.com/vulnerabilities/68868 •

CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0

Cross-site scripting (XSS) vulnerability in HP SiteScope 9.x, 10.x, and 11.x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de ejecución de comandos en sitios cruzados en HP SiteScope v9.x, v10.x y v11.x permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores no especificados. • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02940969 http://osvdb.org/74113 http://secunia.com/advisories/45440 http://securitytracker.com/id?1025856 http://www.securityfocus.com/bid/48913 https://exchange.xforce.ibmcloud.com/vulnerabilities/68867 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0

Cross-site scripting (XSS) vulnerability in HP SiteScope 9.54, 10.13, 11.01, and 11.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to an "HTML injection" issue. Vulnerabilidad de ejecución de comandos en sitios cruzados(XSS) en HP SiteScope v9.54, v10.13, v11.01 y v11.1 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores no especificados, relacionados con un problema de "inyección de HTML". • http://marc.info/?l=bugtraq&m=130374351406700&w=2 http://osvdb.org/72061 http://secunia.com/advisories/44322 http://secunia.com/advisories/44354 http://securityreason.com/securityalert/8235 http://www.securityfocus.com/bid/47554 http://www.securitytracker.com/id?1025436 http://www.vupen.com/english/advisories/2011/1091 https://exchange.xforce.ibmcloud.com/vulnerabilities/67020 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0

Cross-site scripting (XSS) vulnerability in HP SiteScope 9.54, 10.13, 11.01, and 11.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en HP SiteScope v9.54, v10.13, v11.01, y v11.1, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores no especificados. • http://marc.info/?l=bugtraq&m=130374351406700&w=2 http://osvdb.org/72060 http://secunia.com/advisories/44322 http://secunia.com/advisories/44354 http://securityreason.com/securityalert/8235 http://www.securityfocus.com/bid/47554 http://www.securitytracker.com/id?1025436 http://www.vupen.com/english/advisories/2011/1091 https://exchange.xforce.ibmcloud.com/vulnerabilities/67018 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •