CVE-2008-4411
https://notcve.org/view.php?id=CVE-2008-4411
Cross-site scripting (XSS) vulnerability in HP System Management Homepage (SMH) before 2.1.15.210 on Linux and Windows allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2008-1663. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en versiones de HP System Management Homepage (SMH) anteriores a la 2.1.15.210 en Linux y Windows permite a atacantes remotos inyectar código HTML o secuencias de comandos web o arbitrarios a través de vectores no especificados. Se trata de una vulnerabilidad diferente a la CVE-2008-1663. • http://marc.info/?l=bugtraq&m=122356588429626&w=2 http://secunia.com/advisories/32199 http://securityreason.com/securityalert/4398 http://securitytracker.com/id?1021015 http://www.securityfocus.com/bid/31663 http://www.vupen.com/english/advisories/2008/2778 https://exchange.xforce.ibmcloud.com/vulnerabilities/45754 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2007-4931
https://notcve.org/view.php?id=CVE-2007-4931
HP System Management Homepage (SMH) for Windows, when used in conjunction with HP Version Control Agent or Version Control Repository Manager, leaves old OpenSSL software active after an OpenSSL update, which has unknown impact and attack vectors, probably related to previous vulnerabilities for OpenSSL. HP System Management Homepage (SMH) para Windows, cuando se usa en conjunto con HP Version Control Agent o Version Control REpository Manager, deja el software OpenSSL activo después de una actualización OpenSSL, lo cual tiene impacto y vectores de ataque desconocidos, probablemente relacionados con vulnerabilidades previas para OpenSSL. • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01164065 http://osvdb.org/45941 http://securitytracker.com/id?1018696 http://www.securityfocus.com/bid/25675 •