CVE-2012-2986

lhn/public/network/ping in HP SAN/iQ 9.5 on the HP Virtual SAN Appliance allows remote authenticated users to execute arbitrary commands via shell metacharacters in the 1 first, 2 third, or 3 fourth parameter. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-4361...

CVE-2012-4362

hydra.exe in HP SAN/iQ before 9.5 on the HP Virtual SAN Appliance has a hardcoded password of L0CAlu53R for the global$agent account, which allows remote attackers to obtain access to a management service via a login: request to TCP port 13838...

EUVD-2012-4305

hydra.exe in HP SAN/iQ before 9.5 on the HP Virtual SAN Appliance has a hardcoded password of L0CAlu53R for the global$agent account, which allows remote attackers to obtain access to a management service via a login: request to TCP port 13838...

Design/Logic Flaw

LeftHand OS aka SAN iQ 10.5 and earlier on HP StoreVirtual Storage devices does not provide a mechanism for disabling the HP Support challenge-response root-login feature, which makes it easier for remote attackers to obtain administrative access by leveraging knowledge of an unused one-time...

CVE-2013-2352

CVE-2013-2352 affects LeftHand OS (San iQ) 10.5 and earlier on HP StoreVirtual Storage devices. The vulnerability stems from an HP Support challenge-response root-login mechanism that cannot be disabled, potentially allowing remote attackers to gain administrative access by leveraging knowledge o...

HP LeftHand OS hydra Detection

One of the network services provided by the hydra daemon was detected on the remote host. This daemon runs on the HP LeftHand OS formerly SAN/iQ and is used in products such as the HP Virtual SAN appliance. This service is used for management and control. C Tenable Network Security, Inc...

HP SAN/iQ Virtual SAN Appliance Multiple Parameters Command Execution Vulnerabilities

HP SAN/iQ Virtual SAN Appliance is prone to multiple command execution vulnerabilities. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

HP SAN/iQ Virtual SAN Appliance Second Parameter Command Execution Vulnerability

HP SAN/iQ Virtual SAN Appliance is prone to a remote command execution RCE vulnerability. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

HP SAN/iQ <= 10.0 Root Shell Command Injection

The version of SAN/iQ running on the remote host has a command injection vulnerability. The hydra service, used for remote management and configuration, does not properly sanitize untrusted input. A remote attacker could exploit this to execute arbitrary commands as root. Authentication is...

CVE-2012-4361

lhn/public/network/ping in HP SAN/iQ before 9.5 on the HP Virtual SAN Appliance allows remote authenticated users to execute arbitrary commands via shell metacharacters in the second parameter...

Hardcoded credentials

hydra.exe in HP SAN/iQ before 9.5 on the HP Virtual SAN Appliance has a hardcoded password of L0CAlu53R for the global$agent account, which allows remote attackers to obtain access to a management service via a login: request to TCP port 13838...

CVE-2012-2986

lhn/public/network/ping in HP SAN/iQ 9.5 on the HP Virtual SAN Appliance allows remote authenticated users to execute arbitrary commands via shell metacharacters in the 1 first, 2 third, or 3 fourth parameter. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-4361...

Code injection

lhn/public/network/ping in HP SAN/iQ before 9.5 on the HP Virtual SAN Appliance allows remote authenticated users to execute arbitrary commands via shell metacharacters in the second parameter...

Code injection

lhn/public/network/ping in HP SAN/iQ 9.5 on the HP Virtual SAN Appliance allows remote authenticated users to execute arbitrary commands via shell metacharacters in the 1 first, 2 third, or 3 fourth parameter. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-4361...

CVE-2012-4362

hydra.exe in HP SAN/iQ before 9.5 on the HP Virtual SAN Appliance has a hardcoded password of L0CAlu53R for the global$agent account, which allows remote attackers to obtain access to a management service via a login: request to TCP port 13838...

CVE-2012-4361

lhn/public/network/ping in HP SAN/iQ before 9.5 on the HP Virtual SAN Appliance allows remote authenticated users to execute arbitrary commands via shell metacharacters in the second parameter...

CVE-2012-4362

CVE-2012-4362 : Affects HP SAN/iQ Virtual SAN Appliance (HP SAN/iQ) before version 9.5. The component hydra.exe uses a hardcoded password, L0CAlu53R, for the global$agent account, enabling remote attackers to obtain access to the management service via a login to TCP port 13838. This description ...

CVE-2012-2986

lhn/public/network/ping in HP SAN/iQ 9.5 on the HP Virtual SAN Appliance allows remote authenticated users to execute arbitrary commands via shell metacharacters in the 1 first, 2 third, or 3 fourth parameter. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-4361...

CVE-2012-4361

CVE-2012-4361 concerns HP SAN/iQ’s Virtual SAN Appliance, where the component at lhn/public/network/ping allows remote authenticated users to execute arbitrary shell commands by injecting metacharacters in the second parameter. The vulnerability affects HP SAN/iQ versions up to and including 9.4/...

HP SAN/iQ < 9.5 Root Shell Command Injection

The version of SAN/iQ running on the remote host has a command injection vulnerability. The hydra service, used for remote management and configuration, does not properly sanitize untrusted input. A remote attacker could exploit this to execute arbitrary commands as root. Authentication is...