CVE-2013-4804
https://notcve.org/view.php?id=CVE-2013-4804
Unspecified vulnerability in HP Business Process Monitor 9.13.1 patch 1 and 9.22 patch 1 allows remote attackers to execute arbitrary code and obtain sensitive information via unknown vectors. Vulnerabilidad sin especificar en HP Business Process Monitor 9.13.1 patch 1 y 9.22 patch 1 permite a atacantes remotos ejecutar código arbitrario y obtener información sensible a través de vectores desconocidos. • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03844594 •
CVE-2013-2366 – HP Business Process Monitor tp_bpm_admin.exe Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2013-2366
Unspecified vulnerability in HP Business Process Monitor 9.13.1 patch 1 and 9.22 patch 1 allows remote attackers to execute arbitrary code and obtain sensitive information via unknown vectors, aka ZDI-CAN-1802. Vulnerabilidad no especificada en HP Business Process Monitor 9.13.1 parche 1, y 9.22 parche 1 permite a atacantes remotos ejecutar código de forma arbitraria y obtener información sensible a través de vectores desconocidos, tambien conocido como ZDI-CAN-1802. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Business Process Monitor. Authentication is not required to exploit this vulnerability. The specific flaw exists in the handling of requests to the tp_bpm_admin.exe server which listens by default on TCP port 2696. This server exposes file upload functionality that is vulnerable to a directory traversal. • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03844594 •