6 matches found
CVE-2010-4111
CVE-2010-4111 is an XSS vulnerability in HP SMH/Insight Diagnostics (Online Edition) prior to version 8.5.1.3712. The issue allows remote attackers to inject arbitrary web scripts/HTML via crafted requests, with documented risks including cookie theft and phishing-style payloads. OpenVAS entries ...
CVE-2013-3574
CVE-2013-3574 is a path traversal vulnerability in HP Insight Diagnostics (hpdiags/frontend2/commands/saveCompareConfig.php) affecting version 9.4.0.4710. The root cause is improper handling of the devicePath parameter, enabling remote attackers to write data to arbitrary files by supplying a ful...
CVE-2010-3003
CVE-2010-3003 affects HP Insight Diagnostics Online Edition on Linux, with the vulnerable component being the web interface. The issue is a Cross-site Scripting (XSS) vulnerability in versions prior to 8.5.0-11, allowing remote attackers to inject arbitrary web script or HTML via unspecified vect...
CVE-2013-3573
CVE-2013-3573 relates to HP Insight Diagnostics 9.4.0.4710. The connected sources confirm three related issues in the HP Insight Diagnostics web UI: (1) CVE-2013-3573 — Improper Neutralization of Special Elements in Output Used by a Downstream Component, an injection vulnerability in PHP code pat...
CVE-2008-3542
CVE-2008-3542 affects HP Insight Diagnostics prior to version 7.9.1.2402 . The vulnerability allows a remote attacker to read arbitrary files via unknown vectors, with a base CVSS v2 of 7.8 (NETWORK, low attack complexity, no authentication). The HP Security Bulletin confirms the affected product...
CVE-2013-3575
CVE-2013-3575 affects HP Insight Diagnostics 9.4.0.4710; hpdiags/frontend2/help/pageview.php does not properly restrict PHP include/require, enabling an attacker to pull in arbitrary files under hpdiags/frontend2/help/ via the path parameter (remote inclusion). The Red Hat/NVD entries corroborate...