593 matches found
Cross site scripting
Cross-site scripting XSS vulnerability in the import functionality in HP ArcSight Connector appliance 6.2.0.6244.0 and ArcSight Logger appliance 5.2.0.6288.0 allows remote attackers to inject arbitrary web script or HTML via a crafted file...
CVE-2012-2960
CVE-2012-2960 affects HP ArcSight Connector Appliance 6.2.0.6244.0 and ArcSight Logger 5.2.0.6288.0, with a cross-site scripting (XSS) flaw in the file import feature that allows a crafted file to execute arbitrary script in the web GUI. CERT/HP notes remote disclosure of information, and possibl...
CVE-2012-2960
Cross-site scripting XSS vulnerability in the import functionality in HP ArcSight Connector appliance 6.2.0.6244.0 and ArcSight Logger appliance 5.2.0.6288.0 allows remote attackers to inject arbitrary web script or HTML via a crafted file...
HP Arcsight Logger and Connector appliances cross-site scripting vulnerability
Overview HP's Arcsight Connector appliance v6.2.0.6244.0 and Arcsight Logger appliance v5.2.0.6288.0 and possibly other versions contain a file import facility which is vulnerable to cross-site scripting XSS. Description The supplied facility for importing host data from a file System Admin Tab |...
Design/Logic Flaw
Windows Event Log SmartConnector in HP ArcSight Connector Appliance before 6.1 uses world-writable permissions for exported report files, which allows local users to change or delete log data by modifying a file, a different vulnerability than CVE-2011-0770...
CVE-2011-2779
Windows Event Log SmartConnector in HP ArcSight Connector Appliance before 6.1 uses world-writable permissions for exported report files, which allows local users to change or delete log data by modifying a file, a different vulnerability than CVE-2011-0770...
CVE-2011-2779
Windows Event Log SmartConnector in HP ArcSight Connector Appliance before 6.1 uses world-writable permissions for exported report files, which allows local users to change or delete log data by modifying a file, a different vulnerability than CVE-2011-0770...
CVE-2011-2779
The CVE-2011-2779 entry concerns HP ArcSight Connector Appliance (Windows Event Log SmartConnector) prior to v6.1, where exported reports can have world-writable permissions. This allows local users to alter or delete log data by modifying the file. The flaw is due to improper file permissions in...
CVE-2011-0770
Cross-site scripting XSS vulnerability in Windows Event Log SmartConnector in HP ArcSight Connector Appliance before 6.1 allows remote attackers to inject arbitrary web script or HTML via the Windows XP variable in a file...
Cross site scripting
Cross-site scripting XSS vulnerability in Windows Event Log SmartConnector in HP ArcSight Connector Appliance before 6.1 allows remote attackers to inject arbitrary web script or HTML via the Windows XP variable in a file...
CVE-2011-0770
Cross-site scripting XSS vulnerability in Windows Event Log SmartConnector in HP ArcSight Connector Appliance before 6.1 allows remote attackers to inject arbitrary web script or HTML via the Windows XP variable in a file...
CVE-2011-0770
CVE-2011-0770 affects HP ArcSight Connector Appliance's Windows Event Log SmartConnector prior to 6.1. The issue is a cross-site scripting (XSS) vulnerability caused by insufficient sanitization in exported reports, allowing an attacker to inject script via the Windows XP variable in the exported...
HP ArcSight Connector Appliance XSS vulnerability
Overview ArcSight Connector Appliance v6.0.0.60023.2, and possibly previous versions, contains a module which is vulnerable to cross site scripting XSS. Description Windows Event Log SmartConnector, a component of ArcSight Connector Appliance v6.0.0.60023.2 does not sanitize all input fields. As ...