Vulnerabilites related to hp - insight_diagnostics
Vulnerability from fkie_nvd
Published
2013-06-14 13:07
Modified
2024-11-21 01:53
Severity ?
Summary
Absolute path traversal vulnerability in hpdiags/frontend2/commands/saveCompareConfig.php in HP Insight Diagnostics 9.4.0.4710 allows remote attackers to write data to arbitrary files via a full pathname in the argument to the devicePath (aka mount) parameter.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cret@cert.org | http://www.kb.cert.org/vuls/id/324668 | US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.kb.cert.org/vuls/id/324668 | US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| hp | insight_diagnostics | 9.4.0.4710 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hp:insight_diagnostics:9.4.0.4710:*:*:*:*:*:*:*",
"matchCriteriaId": "1D72CAC8-28F5-4428-B659-E04A1EC5E5B2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Absolute path traversal vulnerability in hpdiags/frontend2/commands/saveCompareConfig.php in HP Insight Diagnostics 9.4.0.4710 allows remote attackers to write data to arbitrary files via a full pathname in the argument to the devicePath (aka mount) parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad de salto de directorio en hpdiags/frontend2/commands/saveCompareConfig.php en HP Insight Diagnostics 9.4.0.4710, permite a atacantes remotos escribir datos en archivos arbitrarios a trav\u00e9s de un nombre completo de ruta en el argumento del par\u00e1metro \"devicePAth\" (aka mount)."
}
],
"id": "CVE-2013-3574",
"lastModified": "2024-11-21T01:53:54.767",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:C/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-06-14T13:07:29.563",
"references": [
{
"source": "cret@cert.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/324668"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/324668"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-12-22 21:00
Modified
2024-11-21 01:20
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in HP Insight Diagnostics Online Edition before 8.5.1.3712 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hp:insight_diagnostics:*:*:online:*:*:*:*:*",
"matchCriteriaId": "840DC08F-DBDD-423D-AACE-1F201025969E",
"versionEndIncluding": "8.5.0.3625",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:insight_diagnostics:6.3.0.878:*:online:*:*:*:*:*",
"matchCriteriaId": "008AF936-70AF-4AD7-962D-22B59F2D4FB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:insight_diagnostics:6.3.1.887:*:online:*:*:*:*:*",
"matchCriteriaId": "C4705800-60BC-4F6A-B3A3-C8DB0C4938CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:insight_diagnostics:7.0.0.1198:*:online:*:*:*:*:*",
"matchCriteriaId": "D61B097E-EE9F-457D-AECC-75F4D96645AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:insight_diagnostics:7.0.1.1219:*:online:*:*:*:*:*",
"matchCriteriaId": "48373FEA-5A79-4C80-8F71-BF854467D5F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:insight_diagnostics:7.4.0.1570:*:online:*:*:*:*:*",
"matchCriteriaId": "2650D1E8-CA36-4237-8A53-1E0AC015AAD0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:insight_diagnostics:7.5.0.1679:*:online:*:*:*:*:*",
"matchCriteriaId": "A3B28649-2348-4E78-89D0-3C7712422B0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:insight_diagnostics:7.5.5.1681:*:online:*:*:*:*:*",
"matchCriteriaId": "22D19F51-B757-4F69-9796-E7E32E71A6AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:insight_diagnostics:7.6.0.1984:*:online:*:*:*:*:*",
"matchCriteriaId": "5D4B4A33-1BF3-45D7-B394-27670710B072",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:insight_diagnostics:7.7.0.2112:*:online:*:*:*:*:*",
"matchCriteriaId": "C99437E8-6685-4D22-93AD-1CB8D280FA8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:insight_diagnostics:7.8.0.2257:*:online:*:*:*:*:*",
"matchCriteriaId": "FB1741DB-74A4-4D3F-B600-D311A8C90503",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:insight_diagnostics:7.9.0.2359:*:online:*:*:*:*:*",
"matchCriteriaId": "4C0920BB-52F1-411E-9F75-5654AF319747",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:insight_diagnostics:7.9.1.2401:*:online:*:*:*:*:*",
"matchCriteriaId": "109C20FF-3904-43D4-B85A-EBACB81DC87C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:insight_diagnostics:8.0.0.2587:*:online:*:*:*:*:*",
"matchCriteriaId": "E75B324B-F684-43E6-A934-9397899BD8F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:insight_diagnostics:8.1.0.2718:*:online:*:*:*:*:*",
"matchCriteriaId": "5CA5901D-6A92-4FA2-A022-304AC5B08638",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:insight_diagnostics:8.1.1.2784:*:online:*:*:*:*:*",
"matchCriteriaId": "FB224D14-A3A1-47BF-989F-7C0DFC1C7B51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:insight_diagnostics:8.1.5.2890:*:online:*:*:*:*:*",
"matchCriteriaId": "7C11502F-262C-46A4-8E69-3563FDA90C64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:insight_diagnostics:8.2.0.3058:*:online:*:*:*:*:*",
"matchCriteriaId": "41466918-A889-4DE3-9DBE-0B3D8F00265E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:insight_diagnostics:8.2.5.3157:*:online:*:*:*:*:*",
"matchCriteriaId": "D8DF56C8-75DE-488A-9E52-C32B3B3D2E05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:insight_diagnostics:8.3.0.3320:*:online:*:*:*:*:*",
"matchCriteriaId": "BFB36B66-D444-4208-9D92-BEF519A034F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:insight_diagnostics:8.4.0.3521:*:online:*:*:*:*:*",
"matchCriteriaId": "8304267C-8389-42FF-B172-74C995953453",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hp:insight_diagnostics:*:*:online:*:*:*:*:*",
"matchCriteriaId": "FB96BD5A-5304-40F1-A1B8-813EA22462E8",
"versionEndIncluding": "8.5.0-11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:insight_diagnostics:6.3.0-15:*:online:*:*:*:*:*",
"matchCriteriaId": "664125FD-10C7-4EA1-8C68-9673F87D9623",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:insight_diagnostics:6.3.1-1:*:online:*:*:*:*:*",
"matchCriteriaId": "9344DE52-A0C5-4420-AEC1-D9BAEED72610",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:insight_diagnostics:7.0.0-30:*:online:*:*:*:*:*",
"matchCriteriaId": "FB40075E-3B36-4DB7-826F-DEB247234B03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:insight_diagnostics:7.0.1-8:*:online:*:*:*:*:*",
"matchCriteriaId": "9EC77E07-09B2-4804-A30D-3B2B3779EC92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:insight_diagnostics:7.4.0-11:*:online:*:*:*:*:*",
"matchCriteriaId": "F7BC0E2A-404E-4377-98E7-05961D7F65D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:insight_diagnostics:7.5.0-14:*:online:*:*:*:*:*",
"matchCriteriaId": "790A1AA4-4386-4C68-881A-BC46787068AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:insight_diagnostics:7.5.5-1:*:online:*:*:*:*:*",
"matchCriteriaId": "3D2F0B21-02FE-4CDD-917B-E71A2185FB55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:insight_diagnostics:7.6.0-23:*:online:*:*:*:*:*",
"matchCriteriaId": "0ED5B8CB-F4E9-462F-84F6-F42A6411119D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:insight_diagnostics:7.7.0-142:*:online:*:*:*:*:*",
"matchCriteriaId": "E9B8C2A0-43CC-4D70-AC53-945A52DF9F1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:insight_diagnostics:7.8.0-159:*:online:*:*:*:*:*",
"matchCriteriaId": "4C965B94-D725-4697-A879-A789A2621E82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:insight_diagnostics:7.9.0-105:*:online:*:*:*:*:*",
"matchCriteriaId": "B5EEF9F4-945B-41AC-926E-33D086E03B45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:insight_diagnostics:7.9.1-15:*:online:*:*:*:*:*",
"matchCriteriaId": "D72A858F-47A0-40D5-9A67-0F7417016B12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:insight_diagnostics:8.0.0-210:*:online:*:*:*:*:*",
"matchCriteriaId": "77079190-D4D6-4938-AB15-8263C134D1FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:insight_diagnostics:8.1.0-136:*:online:*:*:*:*:*",
"matchCriteriaId": "EB72A9B5-D2D7-466F-8FEA-F87160238174",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:insight_diagnostics:8.1.1-206:*:online:*:*:*:*:*",
"matchCriteriaId": "262415F1-D2BA-401B-8D55-5C8DCBF57DAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:insight_diagnostics:8.1.5-311:*:online:*:*:*:*:*",
"matchCriteriaId": "67FA5785-AD17-4CEA-B0F4-A0D142C47F46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:insight_diagnostics:8.3.0-14:*:online:*:*:*:*:*",
"matchCriteriaId": "0C04A5ED-4E51-4698-B88C-65263CD1D32B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:insight_diagnostics:8.3.1-105:*:online:*:*:*:*:*",
"matchCriteriaId": "49C4E5AD-F465-4FCC-B7CE-7E4F7A3F44B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:insight_diagnostics:8.4.0-18:*:online:*:*:*:*:*",
"matchCriteriaId": "6E2BF320-05D5-47B1-9B86-F31BD312FC19",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "155AD4FB-E527-4103-BCEF-801B653DEA37",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in HP Insight Diagnostics Online Edition before 8.5.1.3712 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en HP Insight Diagnostics Online Edition anterior v8.5.1.3712 permite a atacantes remotos inyectar c\u00f3digo web o HTML de su elecci\u00f3n a trav\u00e9s de vectores no especificados. \r\n\r\n\r\n"
}
],
"id": "CVE-2010-4111",
"lastModified": "2024-11-21T01:20:16.423",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2010-12-22T21:00:18.207",
"references": [
{
"source": "hp-security-alert@hp.com",
"tags": [
"Vendor Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=129245189832672\u0026w=2"
},
{
"source": "hp-security-alert@hp.com",
"tags": [
"Vendor Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=129245189832672\u0026w=2"
},
{
"source": "hp-security-alert@hp.com",
"url": "http://www.securitytracker.com/id?1024897"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=129245189832672\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=129245189832672\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1024897"
}
],
"sourceIdentifier": "hp-security-alert@hp.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-06-14 13:07
Modified
2024-11-21 01:53
Severity ?
Summary
hpdiags/frontend2/help/pageview.php in HP Insight Diagnostics 9.4.0.4710 does not properly restrict PHP include or require statements, which allows remote attackers to include arbitrary hpdiags/frontend2/help/ .html files via the path parameter.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cret@cert.org | http://www.kb.cert.org/vuls/id/324668 | US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.kb.cert.org/vuls/id/324668 | US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| hp | insight_diagnostics | 9.4.0.4710 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hp:insight_diagnostics:9.4.0.4710:*:*:*:*:*:*:*",
"matchCriteriaId": "1D72CAC8-28F5-4428-B659-E04A1EC5E5B2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "hpdiags/frontend2/help/pageview.php in HP Insight Diagnostics 9.4.0.4710 does not properly restrict PHP include or require statements, which allows remote attackers to include arbitrary hpdiags/frontend2/help/ .html files via the path parameter."
},
{
"lang": "es",
"value": "hpdiags/frontend2/help/pageview.php en HP Insight Diagnostics 9.4.0.4710 no restringe adecuadamente las inclusiones de archivos PHP o las sentencias \"require\", lo que permite a atacantes remotos a\u00f1adir archivos arbitrarios .html hpdiags/frontend2/help/ a trav\u00e9s del par\u00e1metro \"path\"."
}
],
"id": "CVE-2013-3575",
"lastModified": "2024-11-21T01:53:54.873",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-06-14T13:07:29.593",
"references": [
{
"source": "cret@cert.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/324668"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/324668"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-10-02 18:18
Modified
2024-11-21 00:49
Severity ?
Summary
Unspecified vulnerability in HP Insight Diagnostics before 7.9.1.2402 allows remote attackers to read arbitrary files via unknown vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| hp | insight_diagnostics | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hp:insight_diagnostics:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B8F7A101-2AD2-4496-AF19-4C659C9E39C4",
"versionEndExcluding": "7.9.1.2402",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in HP Insight Diagnostics before 7.9.1.2402 allows remote attackers to read arbitrary files via unknown vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en HP Insight Diagnostics en versiones anteriores a v7.9.1.2402 permite a atacantes remotos leer ficheros de su elecci\u00f3n a trav\u00e9s de vectores desconocidos."
}
],
"id": "CVE-2008-3542",
"lastModified": "2024-11-21T00:49:29.817",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-10-02T18:18:05.820",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=122271894520640\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=122271894520640\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/32061"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://securityreason.com/securityalert/4346"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/31479"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1020953"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2008/2695"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45506"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=122271894520640\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=122271894520640\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/32061"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://securityreason.com/securityalert/4346"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/31479"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1020953"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2008/2695"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45506"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-09-10 18:00
Modified
2024-11-21 01:17
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in HP Insight Diagnostics Online Edition before 8.5.0-11 on Linux allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| hp | insight_diagnostics | * | |
| hp | insight_diagnostics | 6.3.0-15 | |
| hp | insight_diagnostics | 6.3.1-1 | |
| hp | insight_diagnostics | 7.0.0-30 | |
| hp | insight_diagnostics | 7.0.1-8 | |
| hp | insight_diagnostics | 7.4.0-11 | |
| hp | insight_diagnostics | 7.5.0-14 | |
| hp | insight_diagnostics | 7.5.5-1 | |
| hp | insight_diagnostics | 7.6.0-23 | |
| hp | insight_diagnostics | 7.7.0-142 | |
| hp | insight_diagnostics | 7.8.0-159 | |
| hp | insight_diagnostics | 7.9.0-105 | |
| hp | insight_diagnostics | 7.9.1-15 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hp:insight_diagnostics:*:unknown:online_linux:*:*:*:*:*",
"matchCriteriaId": "425A2910-7BA2-4C59-8D78-87CFFB7DC682",
"versionEndIncluding": "8.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:insight_diagnostics:6.3.0-15:unknown:online_linux:*:*:*:*:*",
"matchCriteriaId": "C34F8F76-49FB-451C-A2B6-1E2ACBB72DD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:insight_diagnostics:6.3.1-1:unknown:online_linux:*:*:*:*:*",
"matchCriteriaId": "16F2C4EA-9C98-4749-8AB9-AF19CA8A352B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:insight_diagnostics:7.0.0-30:unknown:online_linux:*:*:*:*:*",
"matchCriteriaId": "1D14EAFA-204C-41A7-8312-CAFDA506F1B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:insight_diagnostics:7.0.1-8:unknown:online_linux:*:*:*:*:*",
"matchCriteriaId": "984C473A-247A-4B66-846D-E38EEED78464",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:insight_diagnostics:7.4.0-11:unknown:online_linux:*:*:*:*:*",
"matchCriteriaId": "CF4E2CED-3927-4C7B-8A98-FCD5E5328242",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:insight_diagnostics:7.5.0-14:unknown:online_linux:*:*:*:*:*",
"matchCriteriaId": "1F01C32F-7AD7-420E-A3B9-EFD9E486E440",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:insight_diagnostics:7.5.5-1:unknown:online_linux:*:*:*:*:*",
"matchCriteriaId": "D5DE411B-BF4B-42FB-8E1E-EABC22BC1608",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:insight_diagnostics:7.6.0-23:unknown:online_linux:*:*:*:*:*",
"matchCriteriaId": "14A7EBAA-19B1-46E5-BF45-310FB2EA4FA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:insight_diagnostics:7.7.0-142:unknown:online_linux:*:*:*:*:*",
"matchCriteriaId": "71005822-DD4C-4AA6-8125-43D2D9DAB0E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:insight_diagnostics:7.8.0-159:unknown:online_linux:*:*:*:*:*",
"matchCriteriaId": "C958DCA7-CF2F-4341-A418-3A27015CA4C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:insight_diagnostics:7.9.0-105:unknown:online_linux:*:*:*:*:*",
"matchCriteriaId": "A928BB6C-2250-49EF-873F-9655B3350D97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:insight_diagnostics:7.9.1-15:unknown:online_linux:*:*:*:*:*",
"matchCriteriaId": "521886DB-FE4A-4291-B5C5-DEF7EA50F5A9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in HP Insight Diagnostics Online Edition before 8.5.0-11 on Linux allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en HP Insight Diagnostics Online Edition anteriores a v8.5.0-11 en Linux permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de vectores desconocidos."
}
],
"id": "CVE-2010-3003",
"lastModified": "2024-11-21T01:17:51.377",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2010-09-10T18:00:02.300",
"references": [
{
"source": "hp-security-alert@hp.com",
"tags": [
"Vendor Advisory"
],
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02492472"
},
{
"source": "hp-security-alert@hp.com",
"tags": [
"Vendor Advisory"
],
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02492472"
},
{
"source": "hp-security-alert@hp.com",
"url": "http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr10-05"
},
{
"source": "hp-security-alert@hp.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/2245"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02492472"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02492472"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr10-05"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/2245"
}
],
"sourceIdentifier": "hp-security-alert@hp.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-06-14 13:07
Modified
2024-11-21 01:53
Severity ?
Summary
HP Insight Diagnostics 9.4.0.4710 allows remote attackers to conduct unspecified injection attacks via unknown vectors.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cret@cert.org | http://www.kb.cert.org/vuls/id/324668 | US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.kb.cert.org/vuls/id/324668 | US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| hp | insight_diagnostics | 9.4.0.4710 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hp:insight_diagnostics:9.4.0.4710:*:*:*:*:*:*:*",
"matchCriteriaId": "1D72CAC8-28F5-4428-B659-E04A1EC5E5B2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "HP Insight Diagnostics 9.4.0.4710 allows remote attackers to conduct unspecified injection attacks via unknown vectors."
},
{
"lang": "es",
"value": "HP Insight Diagnostics 9.4.0.4710, permite a atacantes remotos llevar a cabo diversos ataques de inyecci\u00f3n a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2013-3573",
"lastModified": "2024-11-21T01:53:54.660",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-06-14T13:07:29.530",
"references": [
{
"source": "cret@cert.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/324668"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/324668"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2010-3003
Vulnerability from cvelistv5
Published
2010-09-10 17:00
Modified
2024-09-17 01:36
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in HP Insight Diagnostics Online Edition before 8.5.0-11 on Linux allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02492472 | vendor-advisory, x_refsource_HP | |
| http://www.vupen.com/english/advisories/2010/2245 | vdb-entry, x_refsource_VUPEN | |
| http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr10-05 | x_refsource_MISC | |
| http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02492472 | vendor-advisory, x_refsource_HP |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T02:55:46.437Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "HPSBMA02571",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02492472"
},
{
"name": "ADV-2010-2245",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/2245"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr10-05"
},
{
"name": "SSRT100034",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02492472"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in HP Insight Diagnostics Online Edition before 8.5.0-11 on Linux allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-09-10T17:00:00Z",
"orgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
"shortName": "hp"
},
"references": [
{
"name": "HPSBMA02571",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02492472"
},
{
"name": "ADV-2010-2245",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/2245"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr10-05"
},
{
"name": "SSRT100034",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02492472"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "hp-security-alert@hp.com",
"ID": "CVE-2010-3003",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in HP Insight Diagnostics Online Edition before 8.5.0-11 on Linux allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "HPSBMA02571",
"refsource": "HP",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02492472"
},
{
"name": "ADV-2010-2245",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/2245"
},
{
"name": "http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr10-05",
"refsource": "MISC",
"url": "http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr10-05"
},
{
"name": "SSRT100034",
"refsource": "HP",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02492472"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
"assignerShortName": "hp",
"cveId": "CVE-2010-3003",
"datePublished": "2010-09-10T17:00:00Z",
"dateReserved": "2010-08-13T00:00:00Z",
"dateUpdated": "2024-09-17T01:36:12.358Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-4111
Vulnerability from cvelistv5
Published
2010-12-22 20:00
Modified
2024-08-07 03:34
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in HP Insight Diagnostics Online Edition before 8.5.1.3712 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://marc.info/?l=bugtraq&m=129245189832672&w=2 | vendor-advisory, x_refsource_HP | |
| http://www.securitytracker.com/id?1024897 | vdb-entry, x_refsource_SECTRACK | |
| http://marc.info/?l=bugtraq&m=129245189832672&w=2 | vendor-advisory, x_refsource_HP |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:34:37.147Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "HPSBMA02615",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=129245189832672\u0026w=2"
},
{
"name": "1024897",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1024897"
},
{
"name": "SSRT100228",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=129245189832672\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-12-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in HP Insight Diagnostics Online Edition before 8.5.1.3712 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-01-11T10:00:00",
"orgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
"shortName": "hp"
},
"references": [
{
"name": "HPSBMA02615",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=129245189832672\u0026w=2"
},
{
"name": "1024897",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1024897"
},
{
"name": "SSRT100228",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=129245189832672\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "hp-security-alert@hp.com",
"ID": "CVE-2010-4111",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in HP Insight Diagnostics Online Edition before 8.5.1.3712 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "HPSBMA02615",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=129245189832672\u0026w=2"
},
{
"name": "1024897",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1024897"
},
{
"name": "SSRT100228",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=129245189832672\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
"assignerShortName": "hp",
"cveId": "CVE-2010-4111",
"datePublished": "2010-12-22T20:00:00",
"dateReserved": "2010-10-27T00:00:00",
"dateUpdated": "2024-08-07T03:34:37.147Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-3574
Vulnerability from cvelistv5
Published
2013-06-14 10:00
Modified
2024-09-17 02:32
Severity ?
EPSS score ?
Summary
Absolute path traversal vulnerability in hpdiags/frontend2/commands/saveCompareConfig.php in HP Insight Diagnostics 9.4.0.4710 allows remote attackers to write data to arbitrary files via a full pathname in the argument to the devicePath (aka mount) parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.kb.cert.org/vuls/id/324668 | third-party-advisory, x_refsource_CERT-VN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:14:56.129Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#324668",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/324668"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Absolute path traversal vulnerability in hpdiags/frontend2/commands/saveCompareConfig.php in HP Insight Diagnostics 9.4.0.4710 allows remote attackers to write data to arbitrary files via a full pathname in the argument to the devicePath (aka mount) parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-06-14T10:00:00Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "VU#324668",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/324668"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2013-3574",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Absolute path traversal vulnerability in hpdiags/frontend2/commands/saveCompareConfig.php in HP Insight Diagnostics 9.4.0.4710 allows remote attackers to write data to arbitrary files via a full pathname in the argument to the devicePath (aka mount) parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#324668",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/324668"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2013-3574",
"datePublished": "2013-06-14T10:00:00Z",
"dateReserved": "2013-05-21T00:00:00Z",
"dateUpdated": "2024-09-17T02:32:20.835Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-3575
Vulnerability from cvelistv5
Published
2013-06-14 10:00
Modified
2024-09-16 20:28
Severity ?
EPSS score ?
Summary
hpdiags/frontend2/help/pageview.php in HP Insight Diagnostics 9.4.0.4710 does not properly restrict PHP include or require statements, which allows remote attackers to include arbitrary hpdiags/frontend2/help/ .html files via the path parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.kb.cert.org/vuls/id/324668 | third-party-advisory, x_refsource_CERT-VN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:14:56.238Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#324668",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/324668"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "hpdiags/frontend2/help/pageview.php in HP Insight Diagnostics 9.4.0.4710 does not properly restrict PHP include or require statements, which allows remote attackers to include arbitrary hpdiags/frontend2/help/ .html files via the path parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-06-14T10:00:00Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "VU#324668",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/324668"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2013-3575",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "hpdiags/frontend2/help/pageview.php in HP Insight Diagnostics 9.4.0.4710 does not properly restrict PHP include or require statements, which allows remote attackers to include arbitrary hpdiags/frontend2/help/ .html files via the path parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#324668",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/324668"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2013-3575",
"datePublished": "2013-06-14T10:00:00Z",
"dateReserved": "2013-05-21T00:00:00Z",
"dateUpdated": "2024-09-16T20:28:08.358Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-3573
Vulnerability from cvelistv5
Published
2013-06-14 10:00
Modified
2024-09-17 01:55
Severity ?
EPSS score ?
Summary
HP Insight Diagnostics 9.4.0.4710 allows remote attackers to conduct unspecified injection attacks via unknown vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.kb.cert.org/vuls/id/324668 | third-party-advisory, x_refsource_CERT-VN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:14:56.217Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#324668",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/324668"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "HP Insight Diagnostics 9.4.0.4710 allows remote attackers to conduct unspecified injection attacks via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-06-14T10:00:00Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "VU#324668",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/324668"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2013-3573",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HP Insight Diagnostics 9.4.0.4710 allows remote attackers to conduct unspecified injection attacks via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#324668",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/324668"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2013-3573",
"datePublished": "2013-06-14T10:00:00Z",
"dateReserved": "2013-05-21T00:00:00Z",
"dateUpdated": "2024-09-17T01:55:34.096Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-3542
Vulnerability from cvelistv5
Published
2008-10-02 18:00
Modified
2024-08-07 09:45
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in HP Insight Diagnostics before 7.9.1.2402 allows remote attackers to read arbitrary files via unknown vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/32061 | third-party-advisory, x_refsource_SECUNIA | |
| http://marc.info/?l=bugtraq&m=122271894520640&w=2 | vendor-advisory, x_refsource_HP | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/45506 | vdb-entry, x_refsource_XF | |
| http://marc.info/?l=bugtraq&m=122271894520640&w=2 | vendor-advisory, x_refsource_HP | |
| http://www.securityfocus.com/bid/31479 | vdb-entry, x_refsource_BID | |
| http://www.vupen.com/english/advisories/2008/2695 | vdb-entry, x_refsource_VUPEN | |
| http://www.securitytracker.com/id?1020953 | vdb-entry, x_refsource_SECTRACK | |
| http://securityreason.com/securityalert/4346 | third-party-advisory, x_refsource_SREASON |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:45:18.580Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "32061",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32061"
},
{
"name": "SSRT071467",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=122271894520640\u0026w=2"
},
{
"name": "hp-insight-unspecified-info-disclosure(45506)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45506"
},
{
"name": "HPSBMA02373",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=122271894520640\u0026w=2"
},
{
"name": "31479",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/31479"
},
{
"name": "ADV-2008-2695",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2695"
},
{
"name": "1020953",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1020953"
},
{
"name": "4346",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/4346"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-09-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in HP Insight Diagnostics before 7.9.1.2402 allows remote attackers to read arbitrary files via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "32061",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32061"
},
{
"name": "SSRT071467",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=122271894520640\u0026w=2"
},
{
"name": "hp-insight-unspecified-info-disclosure(45506)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45506"
},
{
"name": "HPSBMA02373",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=122271894520640\u0026w=2"
},
{
"name": "31479",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/31479"
},
{
"name": "ADV-2008-2695",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2695"
},
{
"name": "1020953",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1020953"
},
{
"name": "4346",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/4346"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3542",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in HP Insight Diagnostics before 7.9.1.2402 allows remote attackers to read arbitrary files via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "32061",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32061"
},
{
"name": "SSRT071467",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=122271894520640\u0026w=2"
},
{
"name": "hp-insight-unspecified-info-disclosure(45506)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45506"
},
{
"name": "HPSBMA02373",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=122271894520640\u0026w=2"
},
{
"name": "31479",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31479"
},
{
"name": "ADV-2008-2695",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2695"
},
{
"name": "1020953",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020953"
},
{
"name": "4346",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4346"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-3542",
"datePublished": "2008-10-02T18:00:00",
"dateReserved": "2008-08-07T00:00:00",
"dateUpdated": "2024-08-07T09:45:18.580Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}