29 matches found
EUVD-2015-2246
Malware in sbrugna...
EUVD-2012-5121
Malware in sbrugna...
EUVD-2015-5397
Malware in sbrugna...
EUVD-2012-2938
Malware in sbrugna...
HP ArcSight Logger < 6.1P1 Multiple Vulnerabilities
The version of HP ArcSight Logger installed on the remote host is prior to 6.1P1. It is, therefore, affected by multiple vulnerabilities in the Intellicus and client-certificate upload components due to improper validation of user-supplied input. A remote attacker can exploit these to bypass...
CVE-2015-5441
Multiple cross-site scripting XSS vulnerabilities in HP ArcSight Management Center before 2.1 and ArcSight Logger before 6.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors...
CVE-2015-6029
HP ArcSight Logger before 6.0 P2 does not limit attempts to authenticate to the SOAP interface, which makes it easier for remote attackers to obtain access via a brute-force approach...
Command injection
HP ArcSight Logger 6.0.0.7307.1, ArcSight Command Center 6.8.0.1896.0, and ArcSight Connector Appliance 6.4.0.6881.3 use the root account to execute files owned by the arcsight user, which might allow local users to gain privileges by leveraging arcsight account access...
Design/Logic Flaw
HP ArcSight Logger before 6.0 P2 does not limit attempts to authenticate to the SOAP interface, which makes it easier for remote attackers to obtain access via a brute-force approach...
CVE-2015-6029
HP ArcSight Logger before 6.0 P2 does not limit attempts to authenticate to the SOAP interface, which makes it easier for remote attackers to obtain access via a brute-force approach...
HP ArcSight Logger security vulnerabilities
Authentication bypass, information disclosure...
HP ArcSight Logger contains multiple vulnerabilities
Overview HP ArcSight Logger contains multiple vulnerabilities, allowing authentication bypass and privilege escalation in certain scenarios. Description CWE-285: Improper Authorization- CVE-2015-2136A remote authenticated user without Logger Search permissions may be able to bypass authorization...
HP ArcSight Logger < 6.1 Management Center XSS
The remote host has a version of HP ArcSight logger installed that is prior to 6.1. It is, therefore, affected by a reflected cross-site scripting vulnerability in the Management Center due to improper validation of user-supplied input. A remote attacker can exploit this, via a specially crafted...
HP ArcSight Logger < 6.0 P2 Multiple Vulnerabilities
According to its self-reported version number, the version of HP ArcSight Logger installed on the remote host is prior to 6.0 P2. It is, therefore, affected by multiple vulnerabilities : - An authorization bypass vulnerability exists that allows an authenticated, remote attacker to bypass...
Authorization
HP ArcSight Logger before 6.0 P2 allows remote authenticated users to bypass the intended authorization policy via unspecified vectors...
CVE-2015-2136
HP ArcSight Logger before 6.0 P2 allows remote authenticated users to bypass the intended authorization policy via unspecified vectors...
CVE-2015-2136
HP ArcSight Logger prior to version 6.0 P2 contains CVE-2015-2136: remote authenticated users can bypass the intended authorization policy (noted via the SOAP interface) and perform unauthorized actions. Affected product/version: HP ArcSight Logger before 6.0 P2. Root cause indicated as improper ...
CVE-2015-2136
HP ArcSight Logger before 6.0 P2 allows remote authenticated users to bypass the intended authorization policy via unspecified vectors...
HP ArcSight Logger Remote Authorized Access Vulnerability
HP ArcSight Logger is a log management software tool. A remote authorized access vulnerability exists in HP ArcSight Logger, which can be exploited by an attacker to bypass certain authorization restrictions and perform unauthorized operations...
[security bulletin] HPSBMU03392 rev.2 - HP ArcSight Logger, Remote Authorization Bypass
Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c04762372 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04762372 Version: 2 HPSBMU03392 rev.2 - HP ArcSight Logger, Remote Authorization...