Hewlett-Packard Web Jetadmin <= 6.5 Multiple Vulnerabilities

The remote Hewlett-Packard Web Jetadmin is vulnerable to multiple exploits. This includes, but is not limited to, full remote administrative access. SPDX-FileCopyrightText: 2004 facq Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right...

CVE-2004-1857

HP Web Jetadmin 7.x (tested on v7.5.2546) is affected by a directory traversal vulnerability in the setinfo.hts script, exploitable via the setinclude parameter to read arbitrary files outside the web root. This requires a remote authenticated attacker to trigger the flaw. No explicit fix/version...

CVE-2004-1858

HP Web Jetadmin 7.5.2546 is affected by CVE-2004-1858, where remote attackers can cause a denial of service (crash) through a malformed request, attributed to a likely stricmp() misuse involving the "$" character. The available documents identify the affected product and the general impact but do...

CVE-2004-1856

CVE-2004-1856 affects HP Web JetAdmin 7.5.2546; the vulnerability is in devices_update_printer_fw_upload.hts, where, with no password configured, an attacker can remotely upload arbitrary files to the printer directory. This is a remote code/file upload issue that could lead to unauthorized modif...

CVE-2004-1856

devicesupdateprinterfwupload.hts in HP Web JetAdmin 7.5.2546, when no password is set, allows remote attackers to upload arbitrary files to the printer directory...

CVE-2004-1857

Directory traversal vulnerability in setinfo.hts in HP Web Jetadmin 7.5.2546 allows remote authenticated attackers to read arbitrary files via a .. dot dot in the setinclude parameter...

CVE-2004-1858

HP Web Jetadmin 7.5.2546 allows remote attackers to cause a denial of service crash via a malformed request, possibly due to a stricmp error from an invalid use of the "$" character...

CVE-2004-1858

HP Web Jetadmin 7.5.2546 allows remote attackers to cause a denial of service crash via a malformed request, possibly due to a stricmp error from an invalid use of the "$" character...

[security bulletin] SSRT4739 rev.0 HP WebJetadmin arbitrary command execution

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 HP SECURITY BULLETIN HPSBPI01078 REVISION: 0 SSRT4739 rev.0 HP Web Jetadmin arbitrary command execution ----------------------------------------------------------------- NOTICE: There are no restrictions for distribution of this Bulletin provided that...

HP Web JetAdmin <=7.0 Multiple Vulnerabilities (XSS, Code Exe, DoS, more)

The remote HP Web Jetadmin is vulnerable to multiple exploits. This includes, but is not limited to, full remote administrative access. An attacker can execute code remotely with SYSTEM level or root privileges by invoking the ExecuteFile function. To further exacerbate this issue, there is worki...

HP Web JetAdmin 6.5 (connectedNodes.ovpl) Remote Root Exploit

Exploit for hardware platform in category remote exploits ============================================================= HP Web JetAdmin 6.5 connectedNodes.ovpl Remote Root Exploit ============================================================= !/usr/bin/perl use IO::Socket; This is an exploit for H...

JetRoot_pl.txt

!/usr/bin/perl use IO::Socket; This is an exploit for HP Web JetAdmin, the printer management server from HP. It is NOT about printers! The service usually runs on port 8000 on Windows, Solaris or Linux boxes. Greetz: The Phenoelit People, c-base crew, EEyE rock!, Halvar on the other side of the...

HP Web JetAdmin 6.5 - connectedNodes.ovpl Remote Code Execution

HP Web JetAdmin 6.5 - connectedNodes.ovpl Remote Code Execution !/usr/bin/perl use IO::Socket; This is an exploit for HP Web JetAdmin, the printer management server from HP. It is NOT about printers! The service usually runs on port 8000 on Windows, Solaris or Linux boxes. Greetz: The Phenoelit...

HP Web JetAdmin 6.5 - &#039;connectedNodes.ovpl&#039; Remote Code Execution

!/usr/bin/perl use IO::Socket; This is an exploit for HP Web JetAdmin, the printer management server from HP. It is NOT about printers! The service usually runs on port 8000 on Windows, Solaris or Linux boxes. Greetz: The Phenoelit People, c-base crew, EEyE rock!, Halvar on the other side of the...

Re: HP Web JetAdmin vulnerabilities.

Just a few more for HP Web JetAdmin 6.5 - I'm tired of waiting for HP and since the current version is way past 6.5, there is no point in hiding it any more : ---SNIP--- Phenoelit Advisory wir-haben-auch-mal-was-gefunden 0815 ++-+ Title Multiple vulnerabilities in HP Web JetAdmin Authors FX...

Multiple vulnerabilities and Easter Eggs in HP Web JetAdmin

Unauthorized access, weak encryption, priviledge escalation...

HP Web JetAdmin setinfo.hts setinclude Parameter Traversal Arbitrary File Access

The remote HP Web JetAdmin suffers from a number of vulnerabilities. The current running version is vulnerable to a directory traversal attack via the setinfo.hts script. A remote attacker could exploit this flaw to access arbitrary files on the host. %NASLMINLEVEL 70300 This script was written b...

HP Web JetAdmin vulnerabilities.

lo all: http://sh0dan.org/files/hpjadmadv.txt Fear the vi formatting. Product: HP Web JetAdmin Version 7.5.2546 Others that use this codebase assumed vulnerable Note: Only tested on the Windows Platform. Vulnerability: Denial of Service, Upload Any file to the filesystem to a known location, Writ...

CVE-2004-1856

devicesupdateprinterfwupload.hts in HP Web JetAdmin 7.5.2546, when no password is set, allows remote attackers to upload arbitrary files to the printer directory...

CVE-2004-1857

Directory traversal vulnerability in setinfo.hts in HP Web Jetadmin 7.5.2546 allows remote authenticated attackers to read arbitrary files via a .. dot dot in the setinclude parameter...