4 matches found
[security bulletin] HPSBST02735 SSRT100516 rev.1 - HP StorageWorks Modular Smart Array P2000 G3, Remote Execution of Arbitrary Code
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03153338 Version: 1 HPSBST02735 SSRT100516 rev.1 - HP StorageWorks Modular Smart Array P2000 G3, Remote Execution of Arbitrary Code NOTICE: The information in this Security Bulletin should be act...
ZDI-12-015 : (0Day) HP StorageWorks P2000 G3 Directory Traversal and Default Account Vulnerabilities
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-015 : 0Day HP StorageWorks P2000 G3 Directory Traversal and Default Account Vulnerabilities http://www.zerodayinitiative.com/advisories/ZDI-12-015 January 12, 2012 - -- CVE ID: CVE-2011-4788 - -- CVSS: 9, AV:N/AC:L/Au:N/C:C/I:P/A:P - -- Affecte...
Design/Logic Flaw
HP StorageWorks P2000 G3 MSA array systems have a default account, which makes it easier for remote attackers to perform administrative tasks via unspecified vectors, a different vulnerability than CVE-2011-4788...
CVE-2011-4788
CVE-2011-4788 is an absolute path traversal vulnerability in the web interface of HP StorageWorks P2000 G3 MSA array systems. The issue allows a remote attacker to read arbitrary files by supplying a pathname in the URI. Connected sources confirm impact on HP P2000 G3 MSA devices and identify the...