Computer Security
[EN] securityvulns.ru no-pyccku


HP Insight multiple security vulnerabilities
Published:02.11.2010
Source:
SecurityVulns ID:11228
Type:remote
Threat Level:
7/10
Description:Directory traversal, code execution in different applications.
Affected:HP : Insight Control performance management 6.1
 HP : Insight Recovery 6.1
 HP : Insight Control virtual machine management 6.1
 HP : Insight Control 6.1
 HP : Insight Managed System Setup Wizard 6.1
 HP : Insight Orchestration 6.1
CVE:CVE-2010-4106 (Cross-site request forgery (CSRF) vulnerability in HP Insight Control for Linux before 6.2 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.)
 CVE-2010-4105 (Unspecified vulnerability in HP Insight Orchestration before 6.2 allows remote attackers to bypass intended access restrictions, and obtain sensitive information or modify data, via unknown vectors.)
 CVE-2010-4104 (Unspecified vulnerability in HP Insight Orchestration before 6.2 allows remote attackers to read arbitrary files via unknown vectors.)
 CVE-2010-4103 (Unspecified vulnerability in HP Insight Managed System Setup Wizard before 6.2 allows remote attackers to read arbitrary files via unknown vectors.)
 CVE-2010-4102 (Unspecified vulnerability in HP Insight Recovery before 6.2 allows remote attackers to read arbitrary files via unknown vectors.)
 CVE-2010-4101 (Cross-site scripting (XSS) vulnerability in HP Insight Recovery before 6.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.)
 CVE-2010-4100 (Unspecified vulnerability in HP Insight Control Performance Management before 6.1 update 2 allows remote attackers to read arbitrary files via unknown vectors.)
 CVE-2010-4032 (Cross-site request forgery (CSRF) vulnerability in HP Insight Control Performance Management before 6.2 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.)
 CVE-2010-4031 (Unspecified vulnerability in HP Insight Control Performance Management before 6.2 allows remote authenticated users to gain privileges via unknown vectors.)
 CVE-2010-4030 (Cross-site scripting (XSS) vulnerability in HP Insight Control Performance Management before 6.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.)
 CVE-2010-4024 (Cross-site request forgery (CSRF) vulnerability in HP Insight Control Power Management before 6.2 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.)
 CVE-2010-4023 (Cross-site scripting (XSS) vulnerability in HP Insight Control Power Management before 6.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.)
 CVE-2010-3993 (Unspecified vulnerability in HP Insight Control Server Migration before 6.2 allows remote attackers to obtain sensitive information or modify data via unknown vectors.)
 CVE-2010-3992 (Unspecified vulnerability in HP Insight Control Server Migration before 6.2 allows remote authenticated users to gain privileges via unknown vectors.)
 CVE-2010-3991 (Cross-site scripting (XSS) vulnerability in HP Insight Control Server Migration before 6.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.)
 CVE-2010-3989 (Cross-site request forgery (CSRF) vulnerability in HP Insight Control Virtual Machine Management before 6.2 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.)
 CVE-2010-3988 (Unspecified vulnerability in HP Insight Control Virtual Machine Management before 6.2 allows remote attackers to bypass intended access restrictions and cause a denial of service via unknown vectors.)
 CVE-2010-3987 (Cross-site scripting (XSS) vulnerability in HP Insight Control Virtual Machine Management before 6.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.)
Original documentdocumentHP, [security bulletin] HPSBMA02603 SSRT100319 rev.1 - HP Insight Control Power Management for Windows, Remote Cross Site Scripting (XSS), Cross Site Request Forgery (CSRF) (02.11.2010)
 documentHP, [security bulletin] HPSBMA02601 SSRT100316 rev.1 - HP Insight Control Server Migration for Windows, Remote Cross Site Scripting (XSS), Privilege Escalation, Unauthorized Access (02.11.2010)
 documentHP, [security bulletin] HPSBMA02601 SSRT100316 rev.1 - HP Insight Control Server Migration for Windows, Remote Cross Site Scripting (XSS), Privilege Escalation, Unauthorized Access (02.11.2010)
 documentHP, [security bulletin] HPSBMA02605 SSRT100238 rev.1 - HP Insight Managed System Setup Wizard for Windows, Remote Arbitrary File Download (02.11.2010)
 documentHP, [security bulletin] HPSBMA02606 SSRT100321 rev.1 - HP Insight Orchestration Software for Windows, Remote Arbitrary File Download, Unauthorized Access (02.11.2010)
 documentHP, [security bulletin] HPSBMA02606 SSRT100321 rev.1 - HP Insight Orchestration Software for Windows, Remote Arbitrary File Download, Unauthorized Access (02.11.2010)
 documentHP, [security bulletin] HPSBMA02607 SSRT100214 rev.1 - HP Insight Control for Linux, Remote Cross Site Request Forgery (CSRF) (02.11.2010)
 documentHP, [security bulletin] HPSBMA02602 SSRT100317 rev.1 - HP Insight Control Performance Management for Windows, Remote Cross Site Scripting (XSS), Privilege Escalation, Cross Site Request Forgery (CSRF) (02.11.2010)
 documentHP, [security bulletin] HPSBMA02598 SSRT100314 rev.2 - HP Insight Control Virtual Machine Management for Windows, Remote Cross Site Scripting (XSS), Denial of Service (DoS), Cross Site Request Forgery (CSRF) (02.11.2010)
 documentHP, [security bulletin] HPSBMA02604 SSRT100320 rev.1 - HP Insight Recovery for Windows, Remote Cross Site Scripting (XSS), Arbitrary File Download (02.11.2010)
 documentHP, [security bulletin] HPSBMA02600 SSRT100239 rev.1 - HP Insight Control Performance Management for Windows, Remote Arbitrary File Download (02.11.2010)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod