12 matches found
HP ProCurve Manager SNAC UpdateCertificatesServlet File Upload
No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3...
HP PCM+ SNAC Registration Server UpdateCertificatesServlet File Upload
File upload vulnerability in HP PCM+ SNAC Registration Server UpdateCertificatesServlet Vulnerability Type: File Upload For the exploit source code contact DSquare Security sales team...
HP ProCurve Manager SNAC UpdateCertificatesServlet FileName Vulnerability
Added: 10/03/2013 CVE: CVE-2013-4812 BID: 62348 OSVDB: 97155 Background HP ProCurve Manager PCM is a secure, advanced Windows-based network management platform that allows administrators to configure, update, monitor, and troubleshoot ProCurve devices centrally. Problem The SNAC registration serv...
HP ProCurve Manager SNAC UpdateCertificatesServlet FileName Vulnerability
Added: 10/03/2013 CVE: CVE-2013-4812 BID: 62348 OSVDB: 97155 Background HP ProCurve Manager PCM is a secure, advanced Windows-based network management platform that allows administrators to configure, update, monitor, and troubleshoot ProCurve devices centrally. Problem The SNAC registration serv...
HP ProCurve Manager SNAC UpdateCertificatesServlet FileName Vulnerability
Added: 10/03/2013 CVE: CVE-2013-4812 BID: 62348 OSVDB: 97155 Background HP ProCurve Manager PCM is a secure, advanced Windows-based network management platform that allows administrators to configure, update, monitor, and troubleshoot ProCurve devices centrally. Problem The SNAC registration serv...
HP ProCurve Manager SNAC - UpdateCertificatesServlet Arbitrary File Upload (Metasploit)
This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 /Apache-Coyote/ include...
HP ProCurve Manager SNAC UpdateCertificatesServlet File Upload
This Metasploit module exploits a path traversal flaw in the HP ProCurve Manager SNAC Server. The vulnerability in the UpdateCertificatesServlet allows an attacker to upload arbitrary files, just having into account binary writes aren't allowed. Additionally, authentication can be bypassed in ord...
Design/Logic Flaw
UpdateCertificatesServlet in the SNAC registration server in HP ProCurve Manager PCM 3.20 and 4.0, PCM+ 3.20 and 4.0, and Identity Driven Manager IDM 4.0 does not properly validate the fileName argument, which allows remote attackers to upload .jsp files and consequently execute arbitrary code vi...
CVE-2013-4812
UpdateCertificatesServlet in the SNAC registration server in HP ProCurve Manager PCM 3.20 and 4.0, PCM+ 3.20 and 4.0, and Identity Driven Manager IDM 4.0 does not properly validate the fileName argument, which allows remote attackers to upload .jsp files and consequently execute arbitrary code vi...
CVE-2013-4812
CVE-2013-4812 covers a vulnerability in the HP ProCurve Manager SNAC UpdateCertificatesServlet (PCM/PCM+ 3.20/4.0, IDM 4.0) where the fileName argument is not properly validated, enabling remote attackers to upload JSP files and achieve arbitrary code execution via unspecified vectors (ZDI-CAN-17...
HP PCM+ SNAC Registration Server UpdateCertificatesServlet Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP PCM Plus. Authentication is not required to exploit this vulnerability. The specific flaw exists within the UpdateCertificatesServlet. This servlet improperly sanitizes the 'fileName' argument...
PT-2013-5211 · Hewlett Packard · Hp Procurve Manager +2
Name of the Vulnerable Software and Affected Versions: HP ProCurve Manager versions 3.20 through 4.0 HP PCM+ versions 3.20 through 4.0 Identity Driven Manager version 4.0 Description: The issue concerns the UpdateCertificatesServlet in the SNAC registration server, which fails to properly validat...