Vulnerability Solutions
 |
added scans last 7 days |
| The Nimsoft Cloud Monitor Periodic Vulnerability Scan checks for the vulnerability below. To see the most recently added vulnerability solutions that are scanned by WatchMouse, go to the Vulnerability Solutions overview |
| Category: CGI abuses | Risk factor: High | Added: 28 Jan 2012 |
| Synopsis: The remote web server hosts an ASP application that is affected by multiple vulnerabilities. Description: The remote web server is hosting a version of HP Managed Printing Administration earlier than 2.6.4. As such, it is potentially affected by the following vulnerabilities : - Multiple directory traversal, arbitrary file-deletion, and file-creation vulnerabilities affect the 'MPAUploader.Uploader.1.UploadFiles()' function. (CVE-2011-4166) - A remote-code execution vulnerability affects the 'MPAUploader.dll' file which can be exploited via the 'filename' parameter of the 'Default.asp' script. (CVE-2011-4167) - Multiple directory traversal, arbitrary file-deletion, and file-creation vulnerabilities affect the '/hpmpa/jobDelivery/Default.asp' script. (CVE-2011-4168) - Input via the 'img_id' parameter of the 'imglist\\imgselect\\Default.asp', 'imgmap\\bgselect\\Default.asp', and 'imgmpa\\imgselect\\Default.asp' scripts can be manipulated to perform SQL injection. (CVE-2011-4169) See also: http://www.zerodayinitiative.com/advisories/ZDI-11-352/ http://www.zerodayinitiative.com/advisories/ZDI-11-353/ http://www.zerodayinitiative.com/advisories/ZDI-11-354/ http://www.zerodayinitiative.com/advisories/ZDI-12-001/ http://www.nessus.org/u?336f98c9 Solution: Upgrade to HP Managed Printing Administration 2.6.4 or later. Risk factor: High / CVSS Base Score : 9.0 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:C) CVSS Temporal Score : 7.4 (CVSS2#E:F/RL:OF/RC:C) Public Exploit Available : true |
||
