Информационная безопасность
[RU] switch to English


Многочисленные уязвимости безопасности в HP System Insight Manager
Опубликовано:30 апреля 2010 г.
Источник:
SecurityVulns ID:10804
Тип:удаленная
Уровень опасности:
5/10
Описание:Межсайтовый скриптинг, межсайтовая подмена форм, повышение привилегий.
CVE:CVE-2010-1038 (Unspecified vulnerability in HP System Insight Manager before 6.0 allows remote authenticated users to gain privileges via unknown vectors.)
 CVE-2010-1037 (Cross-site request forgery (CSRF) vulnerability in HP System Insight Manager before 6.0 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.)
 CVE-2010-1036 (Cross-site scripting (XSS) vulnerability in HP System Insight Manager before 6.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.)
 CVE-2008-1468 (Cross-site scripting (XSS) vulnerability in namazu.cgi in Namazu before 2.0.18 allows remote attackers to inject arbitrary web script or HTML via UTF-7 encoded input, related to failure to set the charset, a different vector than CVE-2004-1318 and CVE-2001-1350. NOTE: some of these details are obtained from third party information.)
Оригинальный текстdocumentHP, [security bulletin] HPSBMA02525 SSRT100083 rev.1 - HP System Insight Manager Running on HP-UX, Linux, and Windows , Remote Cross Site Scripting (XSS), Cross Site Request Forgery (CSRF), Privilege Elevation (30.04.2010)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород