[security bulletin] HPSBMA02534 SSRT090180 rev.1 - HP System Management Homepage (SMH) for Linux and Windows, Remote Unauthorized Information Disclosure, Unauthorized Data Modification, Denial of Service (DoS)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c02171256 Version: 1 HPSBMA02534 SSRT090180 rev.1 - HP System Management Homepage SMH for Linux and Windows, Remote Unauthorized Information Disclosure, Unauthorized Data Modification, Denial of...

CVE-2010-1556

CVE-2010-1556 affects HP Systems Insight Manager (SIM) versions 5.3, 5.3 Update 1, and 6.0. The vulnerability allows remote attackers to obtain sensitive information and modify data via unknown vectors (CVSS 2.0 base score 6.4, vector AV:N/AC:L/Au:N/C:P/I:P/A:N). HP’s Security Bulletin HPSBMA0252...

PT-2010-3229 · Hewlett Packard · Hp Systems Insight Manager

Name of the Vulnerable Software and Affected Versions: HP Systems Insight Manager SIM versions 5.3 through 6.0 Description: The issue allows remote attackers to obtain sensitive information and modify data via unknown vectors. Recommendations: For HP Systems Insight Manager SIM versions 5.3 throu...

Affiliate Store Builder - 'edit_cms.php' Multiple SQL Injections

source: https://www.securityfocus.com/bid/40058/info Affiliate Store Builder is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting these issues could allow an attacker to compromise the...

DeluxeBB 1.x - newpost.php SQL Injection

DeluxeBB 1.x - newpost.php SQL Injection source: https://www.securityfocus.com/bid/39962/info DeluxeBB is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromi...

HP-UX Update for OpenSSL HPSBUX02517

Check for the Version of OpenSSL OpenVAS Vulnerability Test HP-UX Update for OpenSSL HPSBUX02517 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms of...

Campsite 3.x - article_id SQL Injection

Campsite 3.x - articleid SQL Injection source: https://www.securityfocus.com/bid/39862/info Campsite is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise...

HP-UX Update for OpenSSL HPSBUX02517

Check for the Version of OpenSSL OpenVAS Vulnerability Test HP-UX Update for OpenSSL HPSBUX02517 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms of...

Your Articles Directory - Login Option SQL Injection

source: https://www.securityfocus.com/bid/39796/info Article Directory Script is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, acces...

SmartBlog 1.3 - SQL Injection Cross-Site Scripting

SmartBlog 1.3 - SQL Injection Cross-Site Scripting source: https://www.securityfocus.com/bid/39756/info SmartBlog is prone to an SQL-injection vulnerability and a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. Exploiting these vulnerabilities coul...

SmartBlog 1.3 - SQL Injection / Cross-Site Scripting

source: https://www.securityfocus.com/bid/39756/info SmartBlog is prone to an SQL-injection vulnerability and a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. Exploiting these vulnerabilities could allow an attacker to steal cookie-based...

CVE-2010-1034

HP System Management Homepage (SMH) vulnerable: Windows versions prior to 6.0.0.96 and Linux x86/AMD64 prior to 6.0.0-95 are affected by CVE-2010-1034. An unspecified remote-authenticated attacker can obtain sensitive data, modify data, or cause a DoS via unknown vectors. Remediation per HP bulle...

CVE-2010-1151

Race condition in the modauthshadow module for the Apache HTTP Server allows remote attackers to bypass authentication, and read and possibly modify data, via vectors related to improper interaction with an external helper application for validation of credentials...

Race condition

Race condition in the modauthshadow module for the Apache HTTP Server allows remote attackers to bypass authentication, and read and possibly modify data, via vectors related to improper interaction with an external helper application for validation of credentials...

CVE-2010-1151

Race condition in the modauthshadow module for the Apache HTTP Server allows remote attackers to bypass authentication, and read and possibly modify data, via vectors related to improper interaction with an external helper application for validation of credentials...

CVE-2010-1151

Race condition in the modauthshadow module for the Apache HTTP Server allows remote attackers to bypass authentication, and read and possibly modify data, via vectors related to improper interaction with an external helper application for validation of credentials...

Zabbix < 1.8.2 SQLi Vulnerability

Zabbix is prone to an SQL injection SQLi vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Copyright C 2010 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective...

Kasseler CMS News Module - id SQL Injection

Kasseler CMS News Module - id SQL Injection source: https://www.securityfocus.com/bid/38909/info Kasseler CMS is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to...

RepairShop2 - &#039;index.php?Prod&#039; Cross-Site Scripting

source: https://www.securityfocus.com/bid/38907/info RepairShop 2 is prone to an SQL-injection vulnerability and a cross-site scripting vulnerability. Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, control how the site is rendered to the user,...

Joomla! Component com_cb - cat SQL Injection

Joomla! Component comcb - cat SQL Injection source: https://www.securityfocus.com/bid/38916/info The 'comcb' component for Joomla! is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could...