HP » Insight Diagnostics : Security Vulnerabilities, CVEs,

CVE-2013-3575

hpdiags/frontend2/help/pageview.php in HP Insight Diagnostics 9.4.0.4710 does not properly restrict PHP include or require statements, which allows remote attackers to include arbitrary hpdiags/frontend2/help/ .html files via the path parameter.
Max CVSS
5.0
EPSS Score
0.53%
Published
2013-06-14
Updated
2013-06-14

CVE-2013-3574

Absolute path traversal vulnerability in hpdiags/frontend2/commands/saveCompareConfig.php in HP Insight Diagnostics 9.4.0.4710 allows remote attackers to write data to arbitrary files via a full pathname in the argument to the devicePath (aka mount) parameter.
Max CVSS
7.8
EPSS Score
0.53%
Published
2013-06-14
Updated
2013-06-14

CVE-2013-3573

HP Insight Diagnostics 9.4.0.4710 allows remote attackers to conduct unspecified injection attacks via unknown vectors.
Max CVSS
10.0
EPSS Score
0.21%
Published
2013-06-14
Updated
2013-06-14

CVE-2010-4111

Cross-site scripting (XSS) vulnerability in HP Insight Diagnostics Online Edition before 8.5.1.3712 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Max CVSS
4.3
EPSS Score
0.28%
Published
2010-12-22
Updated
2011-01-11

CVE-2010-3003

Cross-site scripting (XSS) vulnerability in HP Insight Diagnostics Online Edition before 8.5.0-11 on Linux allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Max CVSS
4.3
EPSS Score
0.16%
Published
2010-09-10
Updated
2019-10-09

CVE-2008-3542

Unspecified vulnerability in HP Insight Diagnostics before 7.9.1.2402 allows remote attackers to read arbitrary files via unknown vectors.
Max CVSS
7.8
EPSS Score
0.33%
Published
2008-10-02
Updated
2019-10-09
6 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close