6 matches found
HP WebInspect XXE Unauthorized Information Disclosure
The version of HP WebInspect installed on the remote Windows host is affected by an unauthorized information disclosure vulnerability due to an XML external entity injection flaw that is triggered during the parsing of XML data. A remote attacker can exploit this, via a malicious website scanned ...
HP WebInspect 10.4 XML External Entity
Exploit Title: HP WebInspect - XML External Entity Date: 23\04\2015 Exploit Author: Jakub Palaczynski Vendor Homepage: http://www.hp.com/ Version: 10.4, 10.3, 10.2, 10.1, 10.0, 9.x, 8.x, 7.x CVE : CVE-2015-2125 1. Create website that exploits vulnerability. 1.1. Website that steals files using OO...
HP WebInspect 10.4 - XML External Entity Injection
Exploit Title: HP WebInspect - XML External Entity Date: 23\04\2015 Exploit Author: Jakub Palaczynski Vendor Homepage: http://www.hp.com/ Version: 10.4, 10.3, 10.2, 10.1, 10.0, 9.x, 8.x, 7.x CVE : CVE-2015-2125 1. Create website that exploits vulnerability. 1.1. Website that steals files using OO...
HP WebInspect 10.4 - XML External Entity Injection
HP WebInspect 10.4 - XML External Entity Injection Exploit Title: HP WebInspect - XML External Entity Date: 23\04\2015 Exploit Author: Jakub Palaczynski Vendor Homepage: http://www.hp.com/ Version: 10.4, 10.3, 10.2, 10.1, 10.0, 9.x, 8.x, 7.x CVE : CVE-2015-2125 1. Create website that exploits...
[security bulletin] HPSBGN03343 rev.1 - HP WebInspect, Remote Unauthorized Access
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c04695307 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04695307 Version: 1 HPSBGN03343 rev....
CVE-2015-2125
HP WebInspect 7.x–10.4 (before 10.4 update 1) is affected by CVE-2015-2125 via an XML External Entity (XXE) injection in its XML parsing, enabling a remote attacker to cause unauthorized information disclosure (read arbitrary files) when scanning or processing crafted XML. The vulnerability is de...