Page 58 of 315 results (0.006 seconds)

CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0

SQL injection vulnerability in HP Intelligent Management Center (iMC) and HP IMC Service Operation Management Software Module allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka ZDI-CAN-1664. Vulnerabilidad de inyección SQL en HP Intelligent Management Center (iMC) y HP IMC Service Operation Management Software Module permite a atacantes remotos ejecutar comandos SQL arbitrarios a través de vectores sin especificar, también conocido como ZDI-CAN-1664. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Intelligent Management Center. Authentication is not required to exploit this vulnerability. The specific flaw exists within the APM module's AppDataDaoImpl class. The monitorId parameter does not sufficiently sanitize input, allowing for SQL injection without authentication. • https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03943547 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 9.4EPSS: 97%CPEs: 2EXPL: 0

Unspecified vulnerability in HP Intelligent Management Center (iMC) and HP IMC Service Operation Management Software Module allows remote attackers to bypass authentication via unknown vectors, aka ZDI-CAN-1644. Vulnerabilidad no especificada en P Intelligent Management Center (iMC) y HP IMC Service Operation Management Software Module permite a atacantes remotos sortear la autenticación a través de vectores desconocidos, tambien conocido como ZDI-CAN-1644. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Intelligent Management Center. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SOM's euAccountService servlet. No authentication is required to take advantage of this vulnerability, which allows the creation of a web administration account. • https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03943547 • CWE-287: Improper Authentication •

CVSS: 7.8EPSS: 10%CPEs: 2EXPL: 0

Unspecified vulnerability in HP Intelligent Management Center (iMC) and HP IMC Service Operation Management Software Module allows remote attackers to obtain sensitive information via unknown vectors, aka ZDI-CAN-1647. Vulnerabilidad no especificada en HP Intelligent Management Center (iMC) y HP IMC Service Operation Management Software Module permite a atacantes remotos obtener información sensible a través de vectores desconocidos, tambien conocido como ZDI-CAN-1647 This vulnerability allows remote attackers to obtain sensitive information on vulnerable installations of Hewlett-Packard Intelligent Management Center. Authentication is not required to exploit this vulnerability. The specific flaw exists within the sdFileDownload servlet. Authentication is not required to access this servlet, which allows any file readable by SYSTEM to be disclosed. By abusing this behavior an attacker can disclose administrative credentials and possibly leverage this situation to achieve remote code execution. • https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03943547 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 7.5EPSS: 10%CPEs: 2EXPL: 0

Unspecified vulnerability in HP Intelligent Management Center (iMC) and HP IMC Service Operation Management Software Module allows remote attackers to bypass intended access restrictions via unknown vectors, aka ZDI-CAN-1645. Vulnerabilidad no especificada en HP Intelligent Management Center (iMC) y HP IMC Service Operation Management Software Module permite a atacantes remotos sortear restricciones de acceso a través de vectores deconocidos, tambien conocido como ZDI-CAN-1645. This vulnerability allows remote attackers to obtain sensitive information on vulnerable installations of Hewlett-Packard Intelligent Management Center. Authentication is not required to exploit this vulnerability. The specific flaw exists within the CommonUtil class. This application uses a static key and the DES algorithm in ECB mode to store Administrator credentials. • https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03943547 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 10.0EPSS: 96%CPEs: 13EXPL: 1

Unspecified vulnerability in HP Intelligent Management Center (iMC) and HP IMC Branch Intelligent Management System Software Module (aka BIMS) allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1606. Vulnerabilidad sin especificar en HP Intelligent Management Center (iMC) y HP IMC Branch Intelligent Management System Software Module (también conocido como BIMS) permite a atacantes remotos ejecutar código arbitrario a través de vectores desconocidos, también conocido como ZDI-CAN-1606. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard Intelligent Management Center. Authentication is not required to exploit this vulnerability. The specific flaw exists within the UploadServlet in the Branch Intelligent Management Module. Authentication is not required to access this servlet, which allows a file to be written to the server. • https://www.exploit-db.com/exploits/29130 https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03943425 •