CVE-2011-4155
https://notcve.org/view.php?id=CVE-2011-4155
Cross-site scripting (XSS) vulnerability in HP Network Node Manager i (NNMi) 9.0x and 9.1x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2011-4156. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados en HP Network Node Manager i (NNMi) v9.x y v9.1x, permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través de vectores no especificados. Una vulnerabilidad diferente de CVE-2011-4156. • http://securityreason.com/securityalert/8532 http://www.securityfocus.com/archive/1/520459 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2011-1483 – JBossWS remote Denial of Service
https://notcve.org/view.php?id=CVE-2011-1483
wsf/common/DOMUtils.java in JBossWS Native in Red Hat JBoss Enterprise Application Platform 4.2.0.CP09, 4.3, and 5.1.1; JBoss Enterprise Portal Platform 4.3.CP06 and 5.1.1; JBoss Enterprise SOA Platform 4.2.CP05, 4.3.CP05, and 5.1.0; JBoss Communications Platform 1.2.11 and 5.1.1; JBoss Enterprise BRMS Platform 5.1.0; and JBoss Enterprise Web Platform 5.1.1 does not properly handle recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted request containing an XML document with a DOCTYPE declaration and a large number of nested entity references, a similar issue to CVE-2003-1564. wsf/common/DOMUtils.java en JBossWS Native en Red Hat JBoss Enterprise Application Platform 4.2.0.CP09, 4.3, y 5.1.1; JBoss Enterprise Portal Platform 4.3.CP06 y 5.1.1; JBoss Enterprise SOA Platform 4.2.CP05, 4.3.CP05, y 5.1.0; JBoss Communications Platform 1.2.11 y 5.1.1; JBoss Enterprise BRMS Platform 5.1.0; y JBoss Enterprise Web Platform 5.1.1, no manejan adecuadamente la recursividad durante la expansión de una entidad, lo que permite a atacantes remotos provocar una denegación de servicio (consumo de memoria y CPU) a través de una petición manipulada que contiene un documento XML una declaración DOCTYPE y un gran número de referencias a entidades anidadas. Similar cuestión que el CVE-2003-1564. • http://source.jboss.org/changelog/JBossWS/?cs=13996 https://bugzilla.redhat.com/show_bug.cgi?id=692584 https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03824583 https://access.redhat.com/security/cve/CVE-2011-1483 •
CVE-2011-1855
https://notcve.org/view.php?id=CVE-2011-1855
Unspecified vulnerability in HP Network Node Manager i (NNMi) 9.0x allows local users to read or modify (1) log files or (2) other data via unknown vectors. Vulnerabilidad no especificada en HP Network Node Manager i (NNMi) v9.0x permite a usuarios locales leer o modificar (1) archivos de registro o (2) otros datos a través de vectores desconocidos. • http://marc.info/?l=bugtraq&m=130514065522575&w=2 http://securityreason.com/securityalert/8249 http://www.securitytracker.com/id?1025520 •
CVE-2011-1534
https://notcve.org/view.php?id=CVE-2011-1534
Unspecified vulnerability in HP Network Node Manager i (NNMi) 9.0x allows remote authenticated users to obtain access to processes via unknown vectors. Vulnerabilidad no especificada en HP Network Node Manager i (NNMi) 9.0x permite a usuarios remotos autenticados para obtener acceso a los procesos a través de vectores desconocidos. • http://marc.info/?l=bugtraq&m=132094759631216&w=2 http://secunia.com/advisories/44230 http://www.securitytracker.com/id?1025386 http://www.vupen.com/english/advisories/2011/1024 https://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02788734 •