Computer Security
[EN] securityvulns.ru no-pyccku


HP System Management Homepage multiple security vulnerabilities
updated since 17.09.2010
Published:27.09.2010
Source:
SecurityVulns ID:11152
Type:remote
Threat Level:
5/10
Description:Crossite scripting, information leak.
Affected:HP : HP System Management Homepage 6.0
 HP : HP System Management Homepage 6.1
CVE:CVE-2010-3284 (Unspecified vulnerability in HP System Management Homepage (SMH) before 6.2 allows remote attackers to obtain sensitive information via unknown vectors.)
 CVE-2010-3283 (Open redirect vulnerability in HP System Management Homepage (SMH) before 6.2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.)
 CVE-2010-3009 (Unspecified vulnerability in HP System Management Homepage (SMH) for Linux 6.0 and 6.1 allows remote authenticated users to obtain sensitive information and gain root privileges via unknown vectors.)
 CVE-2010-1586 (Open redirect vulnerability in red2301.html in HP System Management Homepage (SMH) 2.x.x.x allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the RedirectUrl parameter.)
Original documentdocumentHP, [security bulletin] HPSBMA02583 SSRT100070 rev.1 - HP System Management Homepage (SMH) for Linux and Windows, Remote URL Redirection (27.09.2010)
 documentHP, [security bulletin] HPSBMA02578 SSRT100069 rev.1 - HP System Management Homepage (SMH) for Linux and Windows, Remote Information Disclosure (27.09.2010)
 documentHP, [security bulletin] HPSBMA02584 SSRT100230 rev.1 - HP System Management Homepage (SMH) for Linux and Windows, Remote URL Redirection (27.09.2010)
 documentHP, [security bulletin] HPSBMA02568 SSRT100219 rev.1 - HP System Management Homepage (SMH) for Linux and Windows, Remote Cross Site Scripting (XSS), HTTP Response Splitting, and Other Vulnerabilities (17.09.2010)
 documentHP, [security bulletin] HPSBMA02566 SSRT100045 rev.1 - HP System Management Homepage (SMH) for Linux, Remote Disclosure of Sensitive Information (17.09.2010)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod