This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Hp First view 2008-10-02
Product Insight Diagnostics Last view 2010-12-22
Version 7.5.5.1681 Type Application
Update unknown  
Edition online_windows_server_2003_x64  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:hp:insight_diagnostics

Activity : Overall

Related : CVE

  Date Alert Description
4.3 2010-12-22 CVE-2010-4111

Cross-site scripting (XSS) vulnerability in HP Insight Diagnostics Online Edition before 8.5.1.3712 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3 2010-09-10 CVE-2010-3003

Cross-site scripting (XSS) vulnerability in HP Insight Diagnostics Online Edition before 8.5.0-11 on Linux allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

7.8 2008-10-02 CVE-2008-3542

Unspecified vulnerability in HP Insight Diagnostics before 7.9.1.2402 allows remote attackers to read arbitrary files via unknown vectors.

CWE : Common Weakness Enumeration

%idName
66% (2) CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting')
33% (1) CWE-264 Permissions, Privileges, and Access Controls

Open Source Vulnerability Database (OSVDB)

id Description
74993 HP Insight Diagnostics Online Edition on Linux custom.php testmode Parameter XSS
74992 HP Insight Diagnostics Online Edition on Linux globals.php tabpage Parameter XSS
74991 HP Insight Diagnostics Online Edition on Linux survey.php category Parameter XSS
74990 HP Insight Diagnostics Online Edition on Linux idstatusframe.php Multiple Par...
69941 HP Insight Diagnostics Online Edition hpdiags/frontend2/help/search.php query...
67748 HP Insight Diagnostics Online Edition on Linux parameters.php device Paramete...
48641 HP Insight Diagnostics Unspecified Remote File Access

OpenVAS Exploits

id Description
2011-06-01 Name : HP SMH Insight Diagnostics 'help/search.php?' Cross Site Scripting Vulnerability
File : nvt/secpod_hp_smh_insight_diag_help_xss_vuln.nasl
2011-01-18 Name : HP SMH Insight Diagnostics Cross Site Scripting Vulnerability - Linux
File : nvt/gb_hp_smh_insight_diag_xss_vuln_lin.nasl
2011-01-18 Name : HP SMH Insight Diagnostics Cross Site Scripting Vulnerability - Windows
File : nvt/gb_hp_smh_insight_diag_xss_vuln_win.nasl
2010-12-21 Name : HP SMH Insight Diagnostics Multiple Cross Site Scripting Vulnerabilities
File : nvt/gb_hp_smh_insight_diag_mult_xss_vuln.nasl

Snort® IPS/IDS

Date Description
2014-01-10 HP Insight Diagnostics XSS attempt
RuleID : 21314 - Type : SERVER-WEBAPP - Revision : 4