CVE-2018-7091
https://notcve.org/view.php?id=CVE-2018-7091
HPE XP P9000 Command View Advanced Edition Software (CVAE) has open URL redirection vulnerability in versions 7.0.0-00 to earlier than 8.60-00 of DevMgr, TSMgr and RepMgr. HPE XP P9000 Command View Advanced Edition (CVAE) tiene una vulnerabilidad de redirección abierta de URL, desde la versión 7.0.0-00 hasta antes de la 8.60-00 de DevMgr, TSMgr y RepMgr. • https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03859en_us • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVE-2018-7090
https://notcve.org/view.php?id=CVE-2018-7090
HPE XP P9000 Command View Advanced Edition Software (CVAE) has local and remote cross site scripting vulnerability in versions 7.0.0-00 to earlier than 8.60-00 of DevMgr, TSMgr and RepMgr. HPE XP P9000 Command View Advanced Edition (CVAE) tiene una vulnerabilidad de Cross-Site Scripting (XSS) remoto y local, desde la versión 7.0.0-00 hasta antes de la 8.60-00 de DevMgr, TSMgr y RepMgr. • https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03859en_us • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2016-4378
https://notcve.org/view.php?id=CVE-2016-4378
The (1) Device Manager, (2) Tiered Storage Manager, (3) Replication Manager, (4) Replication Monitor, and (5) Hitachi Automation Director (HAD) components in HPE XP P9000 Command View Advanced Edition Software before 8.4.1-00 and XP7 Command View Advanced Edition Suite before 8.4.1-00 allow remote attackers to obtain sensitive information via unspecified vectors. Los componentes (1) Device Manager, (2) Tiered Storage Manager, (3) Replication Manager, (4) Replication Monitor y (5) Hitachi Automation Director (HAD) en HPE XP P9000 Command View Advanced Edition Software en versiones anteriores a 8.4.1-00 y XP7 Command View Advanced Edition Suite en versiones anteriores a 8.4.1-00 permiten a atacantes remotos obtener información sensible a través de vectores no especificados. • http://www.securityfocus.com/bid/92649 http://www.securitytracker.com/id/1036686 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05241355 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2013-4814
https://notcve.org/view.php?id=CVE-2013-4814
Cross-site scripting (XSS) vulnerability in HP XP P9000 Command View Advanced Edition Suite Software 7.x before 7.5.0-02 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad XSS en HP XP P9000 Command View Advanced Edition Suite Software v7.x anterior a v7.5.0-02 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarias a través de vectores no especificados. • https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03898171 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2010-4107 – HP JetDirect PJL - Interface Universal Directory Traversal
https://notcve.org/view.php?id=CVE-2010-4107
The default configuration of the PJL Access value in the File System External Access settings on HP LaserJet MFP printers, Color LaserJet MFP printers, and LaserJet 4100, 4200, 4300, 5100, 8150, and 9000 printers enables PJL commands that use the device's filesystem, which allows remote attackers to read arbitrary files via a command inside a print job, as demonstrated by a directory traversal attack. La configuración por defecto del valor PJL Access en las opciones de File System External Access de las impresoras HP LaserJet MFP, Color LaserJet MFP, LaserJet 4100, 4200, 4300, 5100, 8150, y 9000, activan los comandos PJL que usa el sistema de archivos del dispositivo, lo que permite a atacantes remotos la lectura de archivos de su elección a través de un comando en el trabajo activo como se ha demostrado con un ataque de salto de directorio. A directory traversal vulnerability has been found in the PJL file system access interface of various HP LaserJet MFP devices. File system access through PJL is usually restricted to a specific part of the file system. Using a pathname such as 0:\..\..\..\ it is possible to get access to the complete file system of the device. • https://www.exploit-db.com/exploits/17635 https://www.exploit-db.com/exploits/17636 https://www.exploit-db.com/exploits/15631 https://www.exploit-db.com/exploits/32990 http://secunia.com/advisories/42238 http://securityreason.com/securityalert/8328 http://securitytracker.com/id?1024741 http://www.exploit-db.com/exploits/15631 http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02004333 http://www.nruns.com/_downloads/SA-2010%20003-Hewlett-Packard.pdf http:/ • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •