[security bulletin] HPSBPV02918 rev.2 - HP ProCurve Manager (PCM), HP PCM+ and HP Identity Driven Manager (IDM), SQL Injection, Remote Code Execution, Session Reuse

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c03897409 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03897409 Version: 2 HPSBPV02918 rev....

HP ProCurve Manager SNAC UpdateDomainControllerServlet Code Execution (CVE-2013-4811)

A vulnerability has been reported in HP ProCurve Manager SNAC...

HP ProCurve Manager SNAC UpdateDomainControllerServlet File Upload

This Metasploit module exploits a path traversal flaw in the HP ProCurve Manager SNAC Server. The vulnerability in the UpdateDomainControllerServlet allows an attacker to upload arbitrary files, just having into account binary writes aren't allowed. Additionally, authentication can be bypassed in...

CVE-2013-4811

creationtimestamp| type| source ---|---|--- 2013-09-17 00:00:00+00:00| confirmed| https://www.exploit-db.com/exploits/28336 2018-05-29 15:50:33+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/hppcmsnacupdatedomain.rb 2025-02-06 03:13:41+00:00|...

HP ProCurve Manager - SNAC UpdateDomainControllerServlet Arbitrary File Upload (Metasploit)

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 /Apache-Coyote/ include...

DSquare Exploit Pack: D2SEC_HPPCM2

Name| d2sechppcm2 ---|--- CVE| CVE-2013-4811 Exploit Pack| D2ExploitPack Description| HP PCM+ SNAC Registration Server Remote Code Execution Vulnerability Notes|...

CVE-2013-4811

CVE-2013-4811 : A flaw in the HP ProCurve Manager SNAC UpdateDomainControllerServlet allows remote upload of JSP files and arbitrary code execution by manipulating the adCert parameter, affecting PCM 3.20/4.0, PCM+ 3.20/4.0, and IDM 4.0. Public references document a file-upload/path-traversal vul...

[security bulletin] HPSBPV02918 rev.1 - HP ProCurve Manager (PCM), HP PCM+ and HP Identity Driven Manager (IDM), SQL Injection, Remote Code Execution, Session Reuse

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c03897409 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03897409 Version: 1 HPSBPV02918 rev....