2 results (0.007 seconds)

CVSS: 10.0EPSS: 77%CPEs: 1EXPL: 2

CVE-2009-4188 – HP Operations Dashboard 2.1 - Portal Default Manager Account Remote Security

https://notcve.org/view.php?id=CVE-2009-4188

HP Operations Dashboard has a default password of j2deployer for the j2deployer account, which allows remote attackers to execute arbitrary code via a session that uses the manager role to conduct unrestricted file upload attacks against the /manager servlet in the Tomcat servlet container. NOTE: this might overlap CVE-2009-3098. HP Operations Dashboard tiene una contraseña por defecto "j2deployer" en la cuenta j2deployer, lo que permite a atacantes remotos ejecutar código arbitrario a atraves de una sesión que utilice el perfil manager para dirigir ataque de subida de ficheros sin restricción contra el servlet de manager en el repositorio de servlets de Tomcat. NOTA: Esta vulnerabilidad podria solaparse con CVE-2009-3098. • https://www.exploit-db.com/exploits/33211 https://www.exploit-db.com/exploits/16317 http://www.intevydis.com/blog/?p=87 http://www.securityfocus.com/bid/36258 http://www-01.ibm.com/support/docview.wss?uid=swg21419179 http://tomcat.apache.org/tomcat-5.5-doc/manager-howto.html • CWE-255: Credentials Management Errors •

CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0

CVE-2009-3098

https://notcve.org/view.php?id=CVE-2009-3098

Unspecified vulnerability in the Portal in HP Operations Dashboard 2.1 on Windows Server 2003 SP2 allows remote attackers to have an unknown impact, related to a "Remote exploit," as demonstrated by a certain module in VulnDisco Pack Professional 8.11. NOTE: as of 20090903, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. Vulnerabilidad no especificada en el portal en HP Operations Dashboard v2.1 para Windows Server 2003 SP2 permite a atacantes remotos provocar un impacto desconocido, relacionado con un exploit remoto, como se ha demostrado por cierto módulo en VulnDisco Pack Professional v8.11. NOTA: hasta el 3-3-2009, esta divulgación no tenía información para su puesta en práctica. • http://intevydis.com/vd-list.shtml http://secunia.com/advisories/36535 •