CVE-2014-7884 – ArcSight Logger - Arbitrary File Upload / Code Execution
https://notcve.org/view.php?id=CVE-2014-7884
Multiple unspecified vulnerabilities in HP ArcSight Logger before 6.0P1 have unknown impact and remote authenticated attack vectors. Múltiples vulnerabilidades no especificadas en HP ArcSight Logger anterior a 6.0P1 tiene un impacto desconocidos y autenticación remota de vectores de ataque. • https://www.exploit-db.com/exploits/36370 http://www.kb.cert.org/vuls/id/868948 http://www.securitytracker.com/id/1031921 https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04562193 •
CVE-2012-5199
https://notcve.org/view.php?id=CVE-2012-5199
Unspecified vulnerability in HP ArcSight Connector Appliance 6.3 and earlier and ArcSight Logger 5.2 and earlier allows remote authenticated users to execute arbitrary code via unknown vectors. Vulnerabilidad no especificada en HP ArcSight Connector Appliance v6.3 y anteriores y ArcSight Logger v5.2 y anteriores permite a usuarios remotos autenticados ejecutar código arbitrario mediante vectores desconocidos. • http://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c03606700 •
CVE-2012-3286
https://notcve.org/view.php?id=CVE-2012-3286
Unspecified vulnerability in HP ArcSight Connector Appliance 6.3 and earlier and ArcSight Logger 5.2 and earlier allows remote authenticated users to obtain sensitive information, modify data, or cause a denial of service via unknown vectors. Vulnerabilidad no especificada en HP ArcSight Connector Appliance anterior a v6.3 y anteriores y ArcSight Logger v5.2 y anteriores permite a atacantes remotos obtener informacion sensible, modificar datos o causar una denegación de servicio mediante vectores desconocidos. • http://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c03606700 http://www.kb.cert.org/vuls/id/829260 •
CVE-2012-5198
https://notcve.org/view.php?id=CVE-2012-5198
Unspecified vulnerability in HP ArcSight Connector Appliance before 6.3 and ArcSight Logger 5.2 and earlier allows remote attackers to obtain sensitive information via unknown vectors. Vulnerabilidad no especificada en HP ArcSight Connector Appliance anterior a v6.3 y ArcSight Logger v5.2 y anteriores permite a atacantes remotos obtener informacion sensible mediante vectores desconocidos. • http://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c03606700 http://www.kb.cert.org/vuls/id/988100 •
CVE-2012-2960
https://notcve.org/view.php?id=CVE-2012-2960
Cross-site scripting (XSS) vulnerability in the import functionality in HP ArcSight Connector appliance 6.2.0.6244.0 and ArcSight Logger appliance 5.2.0.6288.0 allows remote attackers to inject arbitrary web script or HTML via a crafted file. Vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en la funcionalidad de importación en HP ArcSight Connector del aparato v6.2.0.6244.0 y ArcSight Logger v5.2.0.6288.0 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de un archivo malicioso. • http://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c03606700 http://www.kb.cert.org/vuls/id/960468 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •