Lucene search
K

593 matches found

Prion
Prion
added 2012/08/08 10:26 a.m.14 views

Cross site scripting

Cross-site scripting XSS vulnerability in the import functionality in HP ArcSight Connector appliance 6.2.0.6244.0 and ArcSight Logger appliance 5.2.0.6288.0 allows remote attackers to inject arbitrary web script or HTML via a crafted file...

4.3CVSS6AI score0.02631EPSS
Exploits0References2Affected Software4
CVE
CVE
added 2012/08/08 10:0 a.m.47 views

CVE-2012-2960

CVE-2012-2960 affects HP ArcSight Connector Appliance 6.2.0.6244.0 and ArcSight Logger 5.2.0.6288.0, with a cross-site scripting (XSS) flaw in the file import feature that allows a crafted file to execute arbitrary script in the web GUI. CERT/HP notes remote disclosure of information, and possibl...

4.3CVSS5.7AI score0.02631EPSS
Exploits0References2Affected Software2
Cvelist
Cvelist
added 2012/08/08 10:0 a.m.23 views

CVE-2012-2960

Cross-site scripting XSS vulnerability in the import functionality in HP ArcSight Connector appliance 6.2.0.6244.0 and ArcSight Logger appliance 5.2.0.6288.0 allows remote attackers to inject arbitrary web script or HTML via a crafted file...

5.5AI score0.02631EPSS
Exploits0References2
CERT
CERT
added 2012/08/06 12:0 a.m.28 views

HP Arcsight Logger and Connector appliances cross-site scripting vulnerability

Overview HP's Arcsight Connector appliance v6.2.0.6244.0 and Arcsight Logger appliance v5.2.0.6288.0 and possibly other versions contain a file import facility which is vulnerable to cross-site scripting XSS. Description The supplied facility for importing host data from a file System Admin Tab |...

4.3CVSS6.1AI score0.02631EPSS
Exploits0References3
Prion
Prion
added 2011/07/19 9:55 p.m.13 views

Design/Logic Flaw

Windows Event Log SmartConnector in HP ArcSight Connector Appliance before 6.1 uses world-writable permissions for exported report files, which allows local users to change or delete log data by modifying a file, a different vulnerability than CVE-2011-0770...

3.6CVSS6.8AI score0.03503EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2011/07/19 9:55 p.m.17 views

CVE-2011-2779

Windows Event Log SmartConnector in HP ArcSight Connector Appliance before 6.1 uses world-writable permissions for exported report files, which allows local users to change or delete log data by modifying a file, a different vulnerability than CVE-2011-0770...

3.6CVSS6.2AI score0.00553EPSS
Exploits0References2
Cvelist
Cvelist
added 2011/07/19 9:0 p.m.23 views

CVE-2011-2779

Windows Event Log SmartConnector in HP ArcSight Connector Appliance before 6.1 uses world-writable permissions for exported report files, which allows local users to change or delete log data by modifying a file, a different vulnerability than CVE-2011-0770...

6.2AI score0.00553EPSS
Exploits0References2
CVE
CVE
added 2011/07/19 9:0 p.m.49 views

CVE-2011-2779

The CVE-2011-2779 entry concerns HP ArcSight Connector Appliance (Windows Event Log SmartConnector) prior to v6.1, where exported reports can have world-writable permissions. This allows local users to alter or delete log data by modifying the file. The flaw is due to improper file permissions in...

3.6CVSS6.4AI score0.00553EPSS
Exploits0References2Affected Software7
NVD
NVD
added 2011/07/19 8:55 p.m.16 views

CVE-2011-0770

Cross-site scripting XSS vulnerability in Windows Event Log SmartConnector in HP ArcSight Connector Appliance before 6.1 allows remote attackers to inject arbitrary web script or HTML via the Windows XP variable in a file...

4.3CVSS5.5AI score0.03503EPSS
Exploits0References4
Prion
Prion
added 2011/07/19 8:55 p.m.16 views

Cross site scripting

Cross-site scripting XSS vulnerability in Windows Event Log SmartConnector in HP ArcSight Connector Appliance before 6.1 allows remote attackers to inject arbitrary web script or HTML via the Windows XP variable in a file...

4.3CVSS5.9AI score0.03503EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2011/07/19 8:0 p.m.25 views

CVE-2011-0770

Cross-site scripting XSS vulnerability in Windows Event Log SmartConnector in HP ArcSight Connector Appliance before 6.1 allows remote attackers to inject arbitrary web script or HTML via the Windows XP variable in a file...

5.5AI score0.03503EPSS
Exploits0References4
CVE
CVE
added 2011/07/19 8:0 p.m.61 views

CVE-2011-0770

CVE-2011-0770 affects HP ArcSight Connector Appliance's Windows Event Log SmartConnector prior to 6.1. The issue is a cross-site scripting (XSS) vulnerability caused by insufficient sanitization in exported reports, allowing an attacker to inject script via the Windows XP variable in the exported...

4.3CVSS5.7AI score0.03503EPSS
Exploits0References4Affected Software7
CERT
CERT
added 2011/07/15 12:0 a.m.38 views

HP ArcSight Connector Appliance XSS vulnerability

Overview ArcSight Connector Appliance v6.0.0.60023.2, and possibly previous versions, contains a module which is vulnerable to cross site scripting XSS. Description Windows Event Log SmartConnector, a component of ArcSight Connector Appliance v6.0.0.60023.2 does not sanitize all input fields. As ...

4.3CVSS5.7AI score0.03503EPSS
Exploits0
Rows per page
Query Builder