Anfälligkeitssuche        Suche in 219043 CVE Beschreibungen
und 99761 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.902654
Kategorie:Web application abuses
Titel:HP Managed Printing Administration Multiple Vulnerabilities
Zusammenfassung:This host is installed with HP Managed Printing Administration and; is prone to multiple vulnerabilities.
Beschreibung:Summary:
This host is installed with HP Managed Printing Administration and
is prone to multiple vulnerabilities.

Vulnerability Insight:
The flaws are due to

- Errors in the MPAUploader.Uploader.1.UploadFiles() and MPAUploader.dll
allows to create arbitrary files via crafted form data.

- An improper validation of user supplied input to
'hpmpa/jobDelivery/Default.asp' script, allows attackers to create or
read arbitrary files via a ../(dot dot) sequences.

Vulnerability Impact:
Successful exploitation will allow attacker to perform directory traversal
attacks, create and read arbitrary files on the affected application.

Affected Software/OS:
HP Managed Printing Administration before 2.6.4.

Solution:
Upgrade to HP Managed Printing Administration version 2.6.4 or later.

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Querverweis: BugTraq ID: 51174
Common Vulnerability Exposure (CVE) ID: CVE-2011-4166
HPdes Security Advisory: HPSBPI02732
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03128469
HPdes Security Advisory: SSRT100435
http://www.zerodayinitiative.com/advisories/ZDI-11-352/
Common Vulnerability Exposure (CVE) ID: CVE-2011-4167
http://www.zerodayinitiative.com/advisories/ZDI-11-353/
Common Vulnerability Exposure (CVE) ID: CVE-2011-4168
http://www.zerodayinitiative.com/advisories/ZDI-11-354/
Common Vulnerability Exposure (CVE) ID: CVE-2011-4169
CopyrightCopyright (C) 2011 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.




© 1998-2024 E-Soft Inc. Alle Rechte vorbehalten.