what you don't know can hurt you
Showing 1 - 3 of 3 RSS Feed

CVE-2013-4812

Status Candidate

Overview

UpdateCertificatesServlet in the SNAC registration server in HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20 and 4.0, and Identity Driven Manager (IDM) 4.0 does not properly validate the fileName argument, which allows remote attackers to upload .jsp files and consequently execute arbitrary code via unspecified vectors, aka ZDI-CAN-1743.

Related Files

HP Security Bulletin HPSBPV02918 2
Posted Oct 18, 2013
Authored by HP | Site hp.com

HP Security Bulletin HPSBPV02918 2 - Potential security vulnerabilities have been identified with HP ProCurve Manager (PCM), HP PCM+ and HP Identity Driven Manager (IDM). These vulnerabilities could be exploited remotely to allow SQL injection, remote code execution and session reuse. Revision 2 of this advisory.

tags | advisory, remote, vulnerability, code execution, sql injection
advisories | CVE-2005-2572, CVE-2013-4809, CVE-2013-4810, CVE-2013-4811, CVE-2013-4812, CVE-2013-4813
MD5 | 69eea8c03b85cb71b78f204d9f8ca9b4
HP ProCurve Manager SNAC UpdateCertificatesServlet File Upload
Posted Sep 17, 2013
Authored by rgod, juan vazquez | Site metasploit.com

This Metasploit module exploits a path traversal flaw in the HP ProCurve Manager SNAC Server. The vulnerability in the UpdateCertificatesServlet allows an attacker to upload arbitrary files, just having into account binary writes aren't allowed. Additionally, authentication can be bypassed in order to upload the file. This Metasploit module has been tested successfully on the SNAC server installed with HP ProCurve Manager 4.0.

tags | exploit, arbitrary
advisories | CVE-2013-4812, OSVDB-97155
MD5 | 655ea7e5a3301cf06fe81698db51eafa
HP Security Bulletin HPSBPV02918
Posted Sep 10, 2013
Authored by HP | Site hp.com

HP Security Bulletin HPSBPV02918 - Potential security vulnerabilities have been identified with HP ProCurve Manager (PCM), HP PCM+ and HP Identity Driven Manager (IDM). These vulnerabilities could be exploited remotely to allow SQL injection, remote code execution and session reuse. Revision 1 of this advisory.

tags | advisory, remote, vulnerability, code execution, sql injection
advisories | CVE-2005-2572, CVE-2013-4809, CVE-2013-4810, CVE-2013-4811, CVE-2013-4812, CVE-2013-4813
MD5 | 99f02f2c8afa60f003cbe57d23383f59
Page 1 of 1
Back1Next

File Archive:

July 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    15 Files
  • 2
    Jul 2nd
    19 Files
  • 3
    Jul 3rd
    11 Files
  • 4
    Jul 4th
    0 Files
  • 5
    Jul 5th
    0 Files
  • 6
    Jul 6th
    0 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    0 Files
  • 9
    Jul 9th
    0 Files
  • 10
    Jul 10th
    0 Files
  • 11
    Jul 11th
    0 Files
  • 12
    Jul 12th
    0 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    0 Files
  • 16
    Jul 16th
    0 Files
  • 17
    Jul 17th
    0 Files
  • 18
    Jul 18th
    0 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close