30 matches found
EUVD-2013-4654
Malware in sbrugna...
EUVD-2009-2674
Malware in sbrugna...
EUVD-2013-4658
Malware in sbrugna...
CVE-2009-2681
Unspecified vulnerability in HP ProCurve Identity Driven Manager IDM A.02.x through A.02.03 and A.03.x through A.03.00, on Windows Server 2003 with IAS and Windows Server 2008 with NPS, allows local users to gain privileges via unknown vectors...
HP Multiple Products Remote Code Execution Vulnerability
HP ProCurve Manager PCM, PCM+, Identity Driven Manager IDM, and Application Lifecycle Management allow remote attackers to execute arbitrary code via a marshalled object to 1 EJBInvokerServlet or 2 JMXInvokerServlet...
VulnCheck KEV: CVE-2013-4810
HP ProCurve Manager PCM, PCM+, Identity Driven Manager IDM, and Application Lifecycle Management allow remote attackers to execute arbitrary code via a marshalled object to 1 EJBInvokerServlet or 2 JMXInvokerServlet...
[security bulletin] HPSBPV02918 rev.2 - HP ProCurve Manager (PCM), HP PCM+ and HP Identity Driven Manager (IDM), SQL Injection, Remote Code Execution, Session Reuse
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c03897409 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03897409 Version: 2 HPSBPV02918 rev....
CVE-2013-4810
HP ProCurve Manager PCM 3.20 and 4.0, PCM+ 3.20 and 4.0, Identity Driven Manager IDM 4.0, and Application Lifecycle Management allow remote attackers to execute arbitrary code via a marshalled object to 1 EJBInvokerServlet or 2 JMXInvokerServlet, aka ZDI-CAN-1760. NOTE: this is probably a duplica...
CVE-2013-4813
The Agent aka AgentController servlet in HP ProCurve Manager PCM 3.20 and 4.0, PCM+ 3.20 and 4.0, and Identity Driven Manager IDM 4.0 allows remote attackers to execute arbitrary commands via a HEAD request, aka ZDI-CAN-1745...
Design/Logic Flaw
UpdateCertificatesServlet in the SNAC registration server in HP ProCurve Manager PCM 3.20 and 4.0, PCM+ 3.20 and 4.0, and Identity Driven Manager IDM 4.0 does not properly validate the fileName argument, which allows remote attackers to upload .jsp files and consequently execute arbitrary code vi...
Design/Logic Flaw
UpdateDomainControllerServlet in the SNAC registration server in HP ProCurve Manager PCM 3.20 and 4.0, PCM+ 3.20 and 4.0, and Identity Driven Manager IDM 4.0 does not properly validate the adCert argument, which allows remote attackers to upload .jsp files and consequently execute arbitrary code...
Sql injection
Multiple SQL injection vulnerabilities in GetEventsServlet in HP ProCurve Manager PCM 3.20 and 4.0, PCM+ 3.20 and 4.0, and Identity Driven Manager IDM 4.0 allow remote attackers to execute arbitrary SQL commands via the 1 sort or 2 dir parameter...
CVE-2013-4810
HP ProCurve Manager PCM 3.20 and 4.0, PCM+ 3.20 and 4.0, Identity Driven Manager IDM 4.0, and Application Lifecycle Management allow remote attackers to execute arbitrary code via a marshalled object to 1 EJBInvokerServlet or 2 JMXInvokerServlet, aka ZDI-CAN-1760. NOTE: this is probably a duplica...
CVE-2013-4810
HP ProCurve Manager PCM 3.20 and 4.0, PCM+ 3.20 and 4.0, Identity Driven Manager IDM 4.0, and Application Lifecycle Management allow remote attackers to execute arbitrary code via a marshalled object to 1 EJBInvokerServlet or 2 JMXInvokerServlet, aka ZDI-CAN-1760. NOTE: this is probably a duplica...
CVE-2013-4811
UpdateDomainControllerServlet in the SNAC registration server in HP ProCurve Manager PCM 3.20 and 4.0, PCM+ 3.20 and 4.0, and Identity Driven Manager IDM 4.0 does not properly validate the adCert argument, which allows remote attackers to upload .jsp files and consequently execute arbitrary code...
CVE-2013-4813
The Agent aka AgentController servlet in HP ProCurve Manager PCM 3.20 and 4.0, PCM+ 3.20 and 4.0, and Identity Driven Manager IDM 4.0 allows remote attackers to execute arbitrary commands via a HEAD request, aka ZDI-CAN-1745...
CVE-2013-4809
Multiple SQL injection vulnerabilities in GetEventsServlet in HP ProCurve Manager PCM 3.20 and 4.0, PCM+ 3.20 and 4.0, and Identity Driven Manager IDM 4.0 allow remote attackers to execute arbitrary SQL commands via the 1 sort or 2 dir parameter...
CVE-2013-4809
CVE-2013-4809 is a SQL injection vulnerability in HP ProCurve Manager (PCM) 3.20 and 4.0, HP PCM+ 3.20 and 4.0, and HP Identity Driven Manager (IDM) 4.0. The flaw resides in the GetEventsServlet and is exploitable via the sort or dir parameters, potentially enabling remote code execution (reporte...
CVE-2013-4810
HP ProCurve Manager PCM 3.20 and 4.0, PCM+ 3.20 and 4.0, Identity Driven Manager IDM 4.0, and Application Lifecycle Management allow remote attackers to execute arbitrary code via a marshalled object to 1 EJBInvokerServlet or 2 JMXInvokerServlet, aka ZDI-CAN-1760. NOTE: this is probably a duplica...
CVE-2013-4810
HP ProCurve Manager (PCM) 3.20/4.0, PCM+ 3.20/4.0, Identity Driven Manager (IDM) 4.0, and Application Lifecycle Management are affected. The root cause is a remote code execution vector via a marshalled object to the EJBInvokerServlet or JMXInvokerServlet, enabling an attacker to execute arbitrar...