Page 3 of 62 results (0.012 seconds)

CVSS: 5.6EPSS: 0%CPEs: 3EXPL: 0

A local arbitrary command execution vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was found. Se ha encontrado una vulnerabilidad de ejecución local de comandos arbitrarios en HPE System Management Homepage para Windows y Linux en versiones anteriores a la 7.6. • http://www.securityfocus.com/bid/101029 http://www.securitytracker.com/id/1039437 https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbmu03753en_us •

CVSS: 10.0EPSS: 5%CPEs: 1EXPL: 0

HPE System Management Homepage before v7.6 allows remote attackers to have an unspecified impact via unknown vectors, related to a "Buffer Overflow" issue. HPE System Management Homepage en versiones anteriores a v7.6 permite a atacantes remotos tener un impacto no especificado a través de vectores desconocidos, relacionado con un problema de "desbordamiento de búfer". This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise System Management Homepage. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of /proxy/sso requests. When parsing the TKN parameter, the process copies user-supplied data into a fixed-length stack buffer. • http://www.securityfocus.com/bid/93961 http://www.zerodayinitiative.com/advisories/ZDI-16-588 https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05320149 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722 https://www.tenable.com/security/research/tra-2016-32 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

HPE System Management Homepage before v7.6 allows remote attackers to obtain sensitive information via unspecified vectors, related to an "HSTS" issue. HPE System Management Homepage en versiones anteriores a v7.6 permite a atacantes remotos obtener información sensible a través de vectores no especificados, relacionado con un problema de "HSTS". • http://www.securityfocus.com/bid/93961 https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05320149 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722 • CWE-254: 7PK - Security Features •

CVSS: 10.0EPSS: 5%CPEs: 1EXPL: 0

HPE System Management Homepage before v7.6 allows remote attackers to have an unspecified impact via unknown vectors, related to a "Buffer Overflow" issue. HPE System Management Homepage en versiones anteriores a v7.6 permite a atacantes remotos tener un impacto no especificado a través de vectores desconocidos, relacionado con un problema de "desbordamiento de búfer". This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise System Management Homepage. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of /proxy/SetSMHData requests. When parsing admin-group, operator-group, or user-group parameters, the process copies user-supplied data into a fixed-length stack buffer. • http://www.securityfocus.com/bid/93961 http://www.zerodayinitiative.com/advisories/ZDI-16-587 https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05320149 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722 https://www.tenable.com/security/research/tra-2016-32 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0

HPE System Management Homepage before v7.6 allows "remote authenticated" attackers to obtain sensitive information via unspecified vectors, related to an "XSS" issue. HPE System Management Homepage en versiones anteriores a v7.6 permite a atacantes "remotos autenticados" obtener información sensible a través de vectores no especificados, relacionado con un problema de "XSS". • http://www.securityfocus.com/bid/93961 https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05320149 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •