CVE-2008-4411
https://notcve.org/view.php?id=CVE-2008-4411
Cross-site scripting (XSS) vulnerability in HP System Management Homepage (SMH) before 2.1.15.210 on Linux and Windows allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2008-1663. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en versiones de HP System Management Homepage (SMH) anteriores a la 2.1.15.210 en Linux y Windows permite a atacantes remotos inyectar código HTML o secuencias de comandos web o arbitrarios a través de vectores no especificados. Se trata de una vulnerabilidad diferente a la CVE-2008-1663. • http://marc.info/?l=bugtraq&m=122356588429626&w=2 http://secunia.com/advisories/32199 http://securityreason.com/securityalert/4398 http://securitytracker.com/id?1021015 http://www.securityfocus.com/bid/31663 http://www.vupen.com/english/advisories/2008/2778 https://exchange.xforce.ibmcloud.com/vulnerabilities/45754 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2008-1663
https://notcve.org/view.php?id=CVE-2008-1663
Cross-site scripting (XSS) vulnerability in HP System Management Homepage (SMH) 2.1.10 and 2.1.11 on Linux and Windows allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de secuencias de comandos en sitios cruzados en HP System Management Homepage (SMH) 2.1.10 y 2.1.11 en Linux y Windows que permite a los atacantes remotos insertar una secuencia arbitraria de comandos web o HTML a través de vectores no especificados. Further analysis regarding the HP System Management • http://marc.info/?l=bugtraq&m=121492633526894&w=2 http://secunia.com/advisories/30912 http://securityreason.com/securityalert/3979 http://www.securityfocus.com/bid/30029 http://www.securitytracker.com/id?1020406 http://www.vupen.com/english/advisories/2008/1990/references • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2007-4931
https://notcve.org/view.php?id=CVE-2007-4931
HP System Management Homepage (SMH) for Windows, when used in conjunction with HP Version Control Agent or Version Control Repository Manager, leaves old OpenSSL software active after an OpenSSL update, which has unknown impact and attack vectors, probably related to previous vulnerabilities for OpenSSL. HP System Management Homepage (SMH) para Windows, cuando se usa en conjunto con HP Version Control Agent o Version Control REpository Manager, deja el software OpenSSL activo después de una actualización OpenSSL, lo cual tiene impacto y vectores de ataque desconocidos, probablemente relacionados con vulnerabilidades previas para OpenSSL. • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01164065 http://osvdb.org/45941 http://securitytracker.com/id?1018696 http://www.securityfocus.com/bid/25675 •
CVE-2007-3260
https://notcve.org/view.php?id=CVE-2007-3260
HP System Management Homepage (SMH) before 2.1.9 for Linux, when used with Novell eDirectory, assigns the eDirectory members to the root group, which allows remote authenticated eDirectory users to gain privileges. HP System Management Homepage (SMH) anterior a 2.1.9 para Linux, cuando se usa con Novel eDirectory, asigna a los miembros de eDirectory al grupo root, lo cual permite a usuarios de eDirectory autenticados remotamente obtener privilegios. • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01072894 http://osvdb.org/37513 http://secunia.com/advisories/25689 http://www.securityfocus.com/bid/24486 http://www.securitytracker.com/id?1018256 http://www.vupen.com/english/advisories/2007/2232 https://exchange.xforce.ibmcloud.com/vulnerabilities/34900 •
CVE-2007-3062
https://notcve.org/view.php?id=CVE-2007-3062
Cross-site scripting (XSS) vulnerability in HP System Management Homepage (SMH) before 2.1.2 running on Linux and Windows allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en HP System Management Homepage (SMH) en versiones anteriores a 2.1.2 corriendo en Linux y Windows permite a atacantes remotos inyectar secuencias de comandos (script) web o HTML de su elección a través de vectores sin especificar. • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01056592 http://jvn.jp/jp/JVN%2319240523/index.html http://osvdb.org/36829 http://secunia.com/advisories/25493 http://www.kb.cert.org/vuls/id/292457 http://www.securityfocus.com/bid/24256 http://www.securitytracker.com/id?1018179 http://www.vupen.com/english/advisories/2007/2013 https://exchange.xforce.ibmcloud.com/vulnerabilities/34656 •