CVE-2010-1586 – HP System Management Homepage - 'RedirectUrl' Open Redirection
https://notcve.org/view.php?id=CVE-2010-1586
Open redirect vulnerability in red2301.html in HP System Management Homepage (SMH) 2.x.x.x allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the RedirectUrl parameter. Vulnerabilidad de redireccionamiento directo en red2301.html en HP System Management Homepage (SMH) v2.x.x.x permite a atacantse remotos redireccionar a los usuarios a un sitio web a su elección y provocar ataques phishing a través del parámetro REdirectUrl. • https://www.exploit-db.com/exploits/33873 http://www.securityfocus.com/bid/39676 http://yehg.net/lab/pr0js/advisories/hp_system_management_homepage_url_redirection_abuse https://exchange.xforce.ibmcloud.com/vulnerabilities/58107 • CWE-20: Improper Input Validation •
CVE-2010-1034
https://notcve.org/view.php?id=CVE-2010-1034
Unspecified vulnerability in HP System Management Homepage (SMH) 6.0 before 6.0.0-95 on Linux, and 6.0 before 6.0.0.96 on Windows, allows remote authenticated users to obtain sensitive information, modify data, and cause a denial of service via unknown vectors. Vulnerabilidad no especificada en HP System Management Homepage (SMH) v6.0 anterior a v6.0.0-95 para Linux y v6.0 anterior a v6.0.0.96 para Windows, permite a usuarios autenticados en remoto obtener información sensible, modificar datos y provocar denegaciones de servicio mediante vectores desconocidos. • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02029444 http://securitytracker.com/id?1023909 http://www.osvdb.org/64089 •
CVE-2009-4185
https://notcve.org/view.php?id=CVE-2009-4185
Cross-site scripting (XSS) vulnerability in proxy/smhui/getuiinfo in HP System Management Homepage (SMH) before 6.0 allows remote attackers to inject arbitrary web script or HTML via the servercert parameter. Vulnerabilidad de ejecución de comandos en sitios cruzados(XSS)en proxy/smhui/getuiinfo en HP System Management Homepage (SMH) anterior v6.0 permite a atacantes remotos inyectar código web o HTML de su elección a través del parámetro servercert. • http://marc.info/?l=bugtraq&m=126529736830358&w=2 http://secunia.com/advisories/38341 http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr09-15 http://www.securityfocus.com/archive/1/509195/100/0/threaded http://www.securityfocus.com/bid/38081 http://www.securitytracker.com/id?1023541 http://www.vupen.com/english/advisories/2010/0294 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2009-1418
https://notcve.org/view.php?id=CVE-2009-1418
Cross-site scripting (XSS) vulnerability in HP System Management Homepage (SMH) before 3.0.1.73 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en HP System Management Homepage (SMH) anteriores a v3.0.1.73 permite a atacantes remotos inyectar secuencias de comandos web o HTML de forma arbitraria a través de vectores inespecíficos. • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01745065 http://jvn.jp/en/jp/JVN02331156/index.html http://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000029.html http://secunia.com/advisories/35108 http://securitytracker.com/id?1022242 http://www.securityfocus.com/bid/35031 https://exchange.xforce.ibmcloud.com/vulnerabilities/50633 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2008-4413
https://notcve.org/view.php?id=CVE-2008-4413
Unspecified vulnerability in HP System Management Homepage (SMH) 2.2.6 and earlier on HP-UX B.11.11 and B.11.23, and SMH 2.2.6 and 2.2.8 and earlier on HP-UX B.11.23 and B.11.31, allows local users to gain "unauthorized access" via unknown vectors, possibly related to temporary file permissions. Vulnerabilidad no especificada en HP System Management Homepage (SMH) v2.2.6 y anteriores en HP-UX B.11.11 y B.11.23, y SMH 2.2.6 y 2.2.8 y anteriores en HP-UX B.11.23 y B.11.31; permite a usuarios locales obtener "acceso no autorizado" a través de vectores desconocidos. Puede que esté relacionado con los permisos de los ficheros temporales. • http://marc.info/?l=bugtraq&m=122581539223159&w=2 http://osvdb.org/49521 http://secunia.com/advisories/32544 http://securityreason.com/securityalert/4545 http://www.securitytracker.com/id?1021133 http://www.vupen.com/english/advisories/2008/2999 https://exchange.xforce.ibmcloud.com/vulnerabilities/46313 • CWE-264: Permissions, Privileges, and Access Controls •