Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2012-2019 — Cross-site Scripting in HP Operations Agent

CWE-79 — Cross-site Scripting26 documents13 sources

Severity

10.0CRITICALNVD

EPSS

75.6%

top 1.10%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

HP Operations Agent

Timeline

PublishedJul 11

Latest updateMay 13

Description

Unspecified vulnerability in HP Operations Agent before 11.03.12 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1325.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages1 packages

▶NVDhp/operations_agent11.0+12

🔴Vulnerability Details

GHSA

GHSA-957p-2mjm-5jhf: Unspecified vulnerability in HP Operations Agent before 11↗2022-05-13

▶

💥Exploits & PoCs

Exploit-DB

Microsoft Windows 10 - Theme API 'ThemePack' File Parsing↗2020-01-29

▶

Exploit-DB

Microsoft Windows Server 2012 - 'Group Policy' Security Feature Bypass (MS15-014)↗2019-10-29

▶

Exploit-DB

Microsoft Windows Server 2012 - 'Group Policy' Remote Code Execution (MS15-011)↗2019-10-29

▶

Exploit-DB

Microsoft Windows MSHTML Engine - 'Edit' Remote Code Execution↗2019-03-13

▶

Exploit-DB

HP Operations Agent - Opcode 'coda.exe' 0x34 Buffer Overflow (Metasploit)↗2012-10-29

▶

📋Vendor Advisories

Red Hat

struts2: multiple XSS flaws↗2012-02-01

▶

Red Hat

struts: remote creation or overwrite of arbitrary files due ParamterInterceptor not preventing access to public constructors↗2011-12-25

▶

Red Hat

struts2: remote execution of arbitrary commands when developer mode is used↗2011-12-25

▶

Red Hat

Struts2: Certain strings evaluated as OGNL expressions, leading to run-time data modification or arbitrary code execution↗2011-08-05

▶

🕵️Threat Intelligence

Unit42

Threat Brief: Microsoft DNS Server Wormable Vulnerability CVE-2020-1350↗2020-07-21

▶

Trendmicro

Backdoor-Variante infiziert Word-Dokumente und PDFs↗2019-08-26

▶

Trendmicro

Asruex Backdoor Infects Files Via Old Vulnerabilities↗2019-08-22

▶

Trendmicro

Asruex Backdoor Infects Files Via Old Vulnerabilities↗2019-08-22

▶

Trendmicro

Asruex Backdoor Infects Files Via Old Vulnerabilities↗2019-08-22

▶

💬Community

Bugzilla

CVE-2012-1006 struts2: multiple XSS flaws↗2012-02-07

▶