6 results (0.049 seconds)

CVSS: 9.4EPSS: 21%CPEs: 8EXPL: 0

Unspecified vulnerability in the loadFileContents function in the SOAP implementation in HP SiteScope 10.1x, 11.1x, and 11.21 allows remote attackers to read arbitrary files or cause a denial of service via unknown vectors, aka ZDI-CAN-2084. Vulnerabilidad no especificada en la función loadFileContents en la implementación SOAP en HP SiteScope 10.1x, 11.1x y 11.21 permite a atacantes remotos leer archivos arbitrarios o causar una denegación de servicio a través de vectores desconocidos, también conocido como ZDI-CAN-2084. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard SiteScope. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of SOAP requests. The issue lies in failure to require authentication to several SOAP endpoints. • https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03969435 https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c03969435 •

CVSS: 10.0EPSS: 96%CPEs: 9EXPL: 2

The APISiteScopeImpl SOAP service in HP SiteScope 10.1x and 11.x before 11.22 allows remote attackers to bypass authentication and execute arbitrary code via a direct request to the issueSiebelCmd method, aka ZDI-CAN-1765. El servicio SOAP de APISiteScopeImpl en HP SiteScope versiones 10.1x y versiones 11.x anteriores a 11.22, permite a los atacantes remotos omitir la autenticación y ejecutar código arbitrario mediante una petición directa al método issueSiebelCmd, también conocido como ZDI-CAN-1765. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP SiteScope. Authentication is not required to exploit this vulnerability. The specific flaw exists within the issueSiebelCmd() web method. A remote attacker can abuse this web method in order to remotely execute code under the context of the SYSTEM user. • https://www.exploit-db.com/exploits/30473 http://www.exploit-db.com/exploits/30473 https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03969435 https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c03969435 •

CVSS: 8.3EPSS: 1%CPEs: 6EXPL: 0

Session fixation vulnerability in HP SiteScope 9.x, 10.x, and 11.x allows remote attackers to hijack web sessions via unspecified vectors. Una vulnerabilidad de fijación de sesión en HP SiteScope v9.x, v10.x y v11.x permite a atacantes remotos secuestrar sesiones web a través de vectores no especificados. • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02940969 http://osvdb.org/74114 http://secunia.com/advisories/45440 http://securitytracker.com/id?1025856 http://www.securityfocus.com/bid/48916 https://exchange.xforce.ibmcloud.com/vulnerabilities/68868 •

CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0

Cross-site scripting (XSS) vulnerability in HP SiteScope 9.x, 10.x, and 11.x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de ejecución de comandos en sitios cruzados en HP SiteScope v9.x, v10.x y v11.x permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores no especificados. • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02940969 http://osvdb.org/74113 http://secunia.com/advisories/45440 http://securitytracker.com/id?1025856 http://www.securityfocus.com/bid/48913 https://exchange.xforce.ibmcloud.com/vulnerabilities/68867 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0

Cross-site scripting (XSS) vulnerability in HP SiteScope 9.54, 10.13, 11.01, and 11.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to an "HTML injection" issue. Vulnerabilidad de ejecución de comandos en sitios cruzados(XSS) en HP SiteScope v9.54, v10.13, v11.01 y v11.1 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores no especificados, relacionados con un problema de "inyección de HTML". • http://marc.info/?l=bugtraq&m=130374351406700&w=2 http://osvdb.org/72061 http://secunia.com/advisories/44322 http://secunia.com/advisories/44354 http://securityreason.com/securityalert/8235 http://www.securityfocus.com/bid/47554 http://www.securitytracker.com/id?1025436 http://www.vupen.com/english/advisories/2011/1091 https://exchange.xforce.ibmcloud.com/vulnerabilities/67020 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •