Hp Insight Diagnostics vulnerabilities
6 known vulnerabilities affecting hp/insight_diagnostics.
Total CVEs
6
CISA KEV
0
Public exploits
4
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH2MEDIUM3
Vulnerabilities
Page 1 of 1
CVE-2013-3574P3HIGHCVSS 7.8PoCv9.4.0.47102013-06-14
CVE-2013-3574 [HIGH] CWE-20 CVE-2013-3574: Absolute path traversal vulnerability in hpdiags/frontend2/commands/saveCompareConfig.php in HP Insi
Absolute path traversal vulnerability in hpdiags/frontend2/commands/saveCompareConfig.php in HP Insight Diagnostics 9.4.0.4710 allows remote attackers to write data to arbitrary files via a full pathname in the argument to the devicePath (aka mount) parameter.
nvd
CVE-2013-3575P3MEDIUMCVSS 5.0PoCv9.4.0.47102013-06-14
CVE-2013-3575 [MEDIUM] CWE-20 CVE-2013-3575: hpdiags/frontend2/help/pageview.php in HP Insight Diagnostics 9.4.0.4710 does not properly restrict
hpdiags/frontend2/help/pageview.php in HP Insight Diagnostics 9.4.0.4710 does not properly restrict PHP include or require statements, which allows remote attackers to include arbitrary hpdiags/frontend2/help/ .html files via the path parameter.
nvd
CVE-2013-3573P3CRITICALCVSS 10.0v9.4.0.47102013-06-14
CVE-2013-3573 [CRITICAL] CWE-20 CVE-2013-3573: HP Insight Diagnostics 9.4.0.4710 allows remote attackers to conduct unspecified injection attacks v
HP Insight Diagnostics 9.4.0.4710 allows remote attackers to conduct unspecified injection attacks via unknown vectors.
nvd
CVE-2010-3003P4MEDIUMCVSS 4.3PoC≤ 8.4v6.3.0-15+11 more2010-09-10
CVE-2010-3003 [MEDIUM] CWE-79 CVE-2010-3003: Cross-site scripting (XSS) vulnerability in HP Insight Diagnostics Online Edition before 8.5.0-11 on
Cross-site scripting (XSS) vulnerability in HP Insight Diagnostics Online Edition before 8.5.0-11 on Linux allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
nvd
CVE-2008-3542P3HIGHCVSS 7.8fixed in 7.9.1.24022008-10-02
CVE-2008-3542 [HIGH] CWE-264 CVE-2008-3542: Unspecified vulnerability in HP Insight Diagnostics before 7.9.1.2402 allows remote attackers to rea
Unspecified vulnerability in HP Insight Diagnostics before 7.9.1.2402 allows remote attackers to read arbitrary files via unknown vectors.
nvd
CVE-2010-4111P4MEDIUMCVSS 4.3PoC≤ 8.5.0.3625v6.3.0.878+39 more2010-12-22
CVE-2010-4111 [MEDIUM] CWE-79 CVE-2010-4111: Cross-site scripting (XSS) vulnerability in HP Insight Diagnostics Online Edition before 8.5.1.3712
Cross-site scripting (XSS) vulnerability in HP Insight Diagnostics Online Edition before 8.5.1.3712 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
nvd