Lucene search
K

79 matches found

OSV
OSV
added 2020/03/30 10:15 p.m.3 views

CVE-2019-19913

In Intland codeBeamer ALM 9.5 and earlier, there is stored XSS via the Trackers Title parameter...

4.8CVSS5.8AI score0.00704EPSS
Exploits2References2
CNVD
CNVD
added 2019/10/23 12:0 a.m.0 views

CloudBees Jenkins Bumblebee HP ALM Plugin Trust Management Issues Vulnerability

CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software version of the release/testing project and some timed tasks . Bumblebee HP ALM Plugin is used in one ...

6.5CVSS6.9AI score0.00799EPSS
Exploits0References1
0day.today
0day.today
added 2018/03/10 12:0 a.m.57 views

Tuleap 9.17.99.189 SQL Injection Vulnerability

Exploit for php platform in category web applications =============================================================================== title: Tuleap SQL Injection case id: CM-2018-01 product: Tuleap version 9.17.99.189 vulnerability type: Blind SQL injection - time based severity: High found:...

7.1AI score0.04462EPSS
Exploits6
Hacker One
Hacker One
added 2016/12/11 8:58 p.m.19 views

LocalTapiola: SQL Injection in sijoitustalous_peruutus (viestinta.lahitapiola.fi)

Issue The reporter found a time-based blind SQL Injection attack in an application in viestinta.lahitapiola.fi. Fix The issue was investigated and found to be valid. The fix was to remove the application as it was not needed. Reasoning The reported case was valid and within the scope of the bug...

1.5AI score
Exploits0
Prion
Prion
added 2014/11/14 12:59 a.m.17 views

Code injection

The Application Lifecycle Service ALS in HP Helion Cloud Development Platform 1.0, when a virtual machine is derived from the Seed Node image, uses the same security keys across different customers' installations, which allows remote attackers to execute arbitrary code by leveraging these keys fo...

10CVSS8.3AI score0.10349EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2014/11/14 12:0 a.m.34 views

CVE-2014-7878

The CVE-2014-7878 issue affects HP Helion Cloud Development Platform 1.0: the Application Lifecycle Service (ALS) Seed Node image contains identical security keys across different customer installations, enabling a remote attacker with a VM derived from the Seed Node image to connect to other VMs...

10CVSS7.9AI score0.10349EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2014/11/14 12:0 a.m.30 views

CVE-2014-7878

The Application Lifecycle Service ALS in HP Helion Cloud Development Platform 1.0, when a virtual machine is derived from the Seed Node image, uses the same security keys across different customers' installations, which allows remote attackers to execute arbitrary code by leveraging these keys fo...

7.6AI score0.10349EPSS
Exploits0References2
Zero Day Initiative
Zero Day Initiative
added 2014/08/12 12:0 a.m.31 views

Hewlett-Packard Application Lifecycle Manager DLL Planting Elevation of Privilege Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard's Application Lifecycle Management. This vulnerability requires the attacker to have an unprivileged account on the Application Lifecycle Management System. The specific flaw exists...

6.8CVSS7AI score0.00554EPSS
Exploits0References1
CVE
CVE
added 2014/08/12 12:0 a.m.44 views

CVE-2014-2631

CVE-2014-2631 affects HP Application Lifecycle Management / Quality Center 11.5x and 12.0x. The root cause is a DLL planting elevation-of-privilege flaw in ACLs on a specific installed directory, enabling a remote attacker with an unprivileged account to place a malicious DLL and trigger code exe...

4.6CVSS6.7AI score0.00554EPSS
Exploits0References2Affected Software1
securityvulns
securityvulns
added 2014/08/11 12:0 a.m.74 views

[security bulletin] HPSBMU03085 rev.1 - HP Application Lifecycle Management / Quality Center, Elevation of Privilege

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c04394553 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04394553 Version: 1 HPSBMU03085 rev....

4.6CVSS0.1AI score0.00554EPSS
Exploits0
securityvulns
securityvulns
added 2014/08/11 12:0 a.m.35 views

HP Application Lifecycle Management / Quality Center privilege escalation

No description provided...

4.6CVSS1.7AI score0.00554EPSS
Exploits0References1Affected Software1
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.15 views

HP Application Lifecycle Management XGO.ocx ActiveX SetShapeNodeType() Remote Code Execution

No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core'...

6.7AI score
Exploits0
Zero Day Initiative
Zero Day Initiative
added 2013/11/24 12:0 a.m.25 views

HP Application Lifecycle Management GossipService SOAP Request Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Application Lifecycle Management. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web service named GossipServiceSoapBinding. This web service i...

7.5CVSS3.3AI score0.05536EPSS
Exploits0References1
securityvulns
securityvulns
added 2013/11/05 12:0 a.m.64 views

[security bulletin] HPSBMU02932 rev.1 - HP Application LifeCycle Management, ALM client component, Remote Execution of Arbitrary Code

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c03969433 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03969433 Version: 1 HPSBMU02932 rev....

7.5CVSS0.5AI score0.05536EPSS
Exploits0
securityvulns
securityvulns
added 2013/11/05 12:0 a.m.66 views

[security bulletin] HPSBMU02934 rev.1 - HP Application LifeCycle Management, GossipService SOAP Request, Remote Code Execution

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c03969436 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03969436 Version: 1 HPSBMU02934 rev....

7.5CVSS0.3AI score0.05536EPSS
Exploits0
Prion
Prion
added 2013/11/04 4:55 p.m.12 views

Design/Logic Flaw

Unspecified vulnerability in the client component in HP Application LifeCycle Management ALM before 11 p11 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1327...

7.5CVSS8.2AI score0.05536EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2013/11/04 3:0 p.m.28 views

CVE-2013-4836

Unspecified vulnerability in the GossipService SOAP Request implementation in the Synchronizer component before 1.4.2 in HP Application LifeCycle Management ALM allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1759...

7.6AI score0.05536EPSS
Exploits0References1
NVD
NVD
added 2013/09/16 1:1 p.m.40 views

CVE-2013-4810

HP ProCurve Manager PCM 3.20 and 4.0, PCM+ 3.20 and 4.0, Identity Driven Manager IDM 4.0, and Application Lifecycle Management allow remote attackers to execute arbitrary code via a marshalled object to 1 EJBInvokerServlet or 2 JMXInvokerServlet, aka ZDI-CAN-1760. NOTE: this is probably a duplica...

10CVSS7.5AI score0.79003EPSS
Exploits5References8
Prion
Prion
added 2013/09/16 1:1 p.m.39 views

Design/Logic Flaw

HP ProCurve Manager PCM 3.20 and 4.0, PCM+ 3.20 and 4.0, Identity Driven Manager IDM 4.0, and Application Lifecycle Management allow remote attackers to execute arbitrary code via a marshalled object to 1 EJBInvokerServlet or 2 JMXInvokerServlet, aka ZDI-CAN-1760. NOTE: this is probably a duplica...

10CVSS7.8AI score0.81832EPSS
Exploits38References7Affected Software2
Vulnrichment
Vulnrichment
added 2013/09/13 6:0 p.m.11 views

CVE-2013-4810

HP ProCurve Manager PCM 3.20 and 4.0, PCM+ 3.20 and 4.0, Identity Driven Manager IDM 4.0, and Application Lifecycle Management allow remote attackers to execute arbitrary code via a marshalled object to 1 EJBInvokerServlet or 2 JMXInvokerServlet, aka ZDI-CAN-1760. NOTE: this is probably a duplica...

7.8AI score0.79003EPSS
Exploits5References7
Rows per page
Query Builder