CVE-2015-2120 – Hewlett-Packard SiteScope Log Analyzer Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2015-2120
Unspecified vulnerability in HP SiteScope 11.1x before 11.13, 11.2x before 11.24.391, and 11.3x before 11.30.521 allows remote authenticated users to gain privileges via unknown vectors, aka ZDI-CAN-2567. Vulnerabilidad no especificada en HP SiteScope 11.1x anterior a 11.13, 11.2x anterior a 11.24.391, y 11.3x anterior a 11.30.521 permite a usuarios remotos autenticados ganar privilegios a través de vectores desconocidos, también conocido como ZDI-CAN-2567. This vulnerability allows remote attackers to read arbitrary files on vulnerable installations of Hewlett-Packard SiteScope. Authentication is required to exploit this vulnerability. The specific flaw exists within the Log Analysis Tool. This tool does not validate or restrict the log path allowing users to read the users.config file. • http://www.securityfocus.com/bid/74801 http://www.zerodayinitiative.com/advisories/ZDI-15-239 https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04688784 •
CVE-2014-7882
https://notcve.org/view.php?id=CVE-2014-7882
Unspecified vulnerability in HP SiteScope 11.1x and 11.2x allows remote authenticated users to gain privileges via unknown vectors. Vulnerabilidad no especificada en HP SiteScope 11.1x y 11.2x permite a usuarios remotos autenticados ganar privilegios a través de vectores desconocidos. • http://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04539443 http://secunia.com/advisories/62654 http://www.securityfocus.com/bid/72459 http://www.securitytracker.com/id/1031619 https://exchange.xforce.ibmcloud.com/vulnerabilities/100642 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2014-2614 – Hewlett-Packard SiteScope EmailServlet servlet Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2014-2614
Unspecified vulnerability in HP SiteScope 11.1x through 11.13 and 11.2x through 11.24 allows remote attackers to bypass authentication via unknown vectors, aka ZDI-CAN-2140. Vulnerabilidad no especificada en HP SiteScope 11.1x hasta 11.13 y 11.2x hasta 11.24 permite a atacantes remotos evadir la autenticación a través de vectores desconocidos, también conocido como ZDI-CAN-2140. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard SiteScope. Authentication is not required to exploit this vulnerability. The specific flaw exists within the EmailServlet servlet. The issue lies in the ability to download arbitrary files. • http://www.securityfocus.com/bid/68361 http://www.securitytracker.com/id/1030519 https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04355129 • CWE-287: Improper Authentication •
CVE-2013-6207 – Hewlett-Packard SiteScope SOAP Arbitrary File Download and Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2013-6207
Unspecified vulnerability in the loadFileContents function in the SOAP implementation in HP SiteScope 10.1x, 11.1x, and 11.21 allows remote attackers to read arbitrary files or cause a denial of service via unknown vectors, aka ZDI-CAN-2084. Vulnerabilidad no especificada en la función loadFileContents en la implementación SOAP en HP SiteScope 10.1x, 11.1x y 11.21 permite a atacantes remotos leer archivos arbitrarios o causar una denegación de servicio a través de vectores desconocidos, también conocido como ZDI-CAN-2084. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard SiteScope. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of SOAP requests. The issue lies in failure to require authentication to several SOAP endpoints. • https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03969435 https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c03969435 •
CVE-2013-4835 – HP SiteScope issueSiebelCmd SOAP Request Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2013-4835
The APISiteScopeImpl SOAP service in HP SiteScope 10.1x and 11.x before 11.22 allows remote attackers to bypass authentication and execute arbitrary code via a direct request to the issueSiebelCmd method, aka ZDI-CAN-1765. El servicio SOAP de APISiteScopeImpl en HP SiteScope versiones 10.1x y versiones 11.x anteriores a 11.22, permite a los atacantes remotos omitir la autenticación y ejecutar código arbitrario mediante una petición directa al método issueSiebelCmd, también conocido como ZDI-CAN-1765. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP SiteScope. Authentication is not required to exploit this vulnerability. The specific flaw exists within the issueSiebelCmd() web method. A remote attacker can abuse this web method in order to remotely execute code under the context of the SYSTEM user. • https://www.exploit-db.com/exploits/30473 http://www.exploit-db.com/exploits/30473 https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03969435 https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c03969435 •