Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

HP System Management Homepage JustGetSNMPQueue Command Injection

🗓️ 22 Jun 2013 00:00:00Reported by metasploitType 
zdt
 zdt🔗 0day.today👁 95 Views

HP System Management Homepage JustGetSNMPQueue Command Injection, allows arbitrary code executio

Related
Code
ReporterTitlePublishedViews
Family
ATTACKERKB		CVE-2013-3576
14 Jun 201300:00
attackerkb
Check Point Advisories		HP System Management Home Page Command Injection (CVE-2013-3576)
6 Jun 201300:00
checkpoint_advisories
CVE		CVE-2013-3576
14 Jun 201318:00
cve
Cvelist		CVE-2013-3576
14 Jun 201318:00
cvelist
d2		DSquare Exploit Pack: D2SEC_HPSMH
14 Jun 201318:55
d2
Dsquare		HP System Management Homepage RCE
10 Jul 201300:00
dsquare
Exploit DB		HP System Management Homepage - JustGetSNMPQueue Command Injection (Metasploit)
24 Jun 201300:00
exploitdb
Tenable Nessus		HP System Management Homepage ginkgosnmp.inc Command Injection
25 Sep 201300:00
nessus
Metasploit		HP System Management Homepage JustGetSNMPQueue Command Injection
2 Aug 201316:49
metasploit
NVD		CVE-2013-3576
14 Jun 201318:55
nvd
Rows per page
This Metasploit module exploits a vulnerability found in HP System Management Homepage. By supplying a specially crafted HTTP request, it is possible to control the 'tempfilename' variable in function JustGetSNMPQueue (found in ginkgosnmp.inc), which will be used in a exec() function. This results in arbitrary code execution under the context of SYSTEM. Please note: In order for the exploit to work, the victim must enable the 'tftp' command, which is the case by default for systems such as Windows XP, 2003, etc.

#  0day.today [2018-03-12]  #

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
22 Jun 2013 00:00Current
7.2High risk
Vulners AI Score7.2
EPSS0.46318
hp system managementcommand injectionarbitrary code executionhttp requestvulnerabilityexec functionsystem contextwindows xpwindows 2003
95