Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.902654
Category:Web application abuses
Title:HP Managed Printing Administration Multiple Vulnerabilities
Summary:This host is installed with HP Managed Printing Administration and; is prone to multiple vulnerabilities.
Description:Summary:
This host is installed with HP Managed Printing Administration and
is prone to multiple vulnerabilities.

Vulnerability Insight:
The flaws are due to

- Errors in the MPAUploader.Uploader.1.UploadFiles() and MPAUploader.dll
allows to create arbitrary files via crafted form data.

- An improper validation of user supplied input to
'hpmpa/jobDelivery/Default.asp' script, allows attackers to create or
read arbitrary files via a ../(dot dot) sequences.

Vulnerability Impact:
Successful exploitation will allow attacker to perform directory traversal
attacks, create and read arbitrary files on the affected application.

Affected Software/OS:
HP Managed Printing Administration before 2.6.4.

Solution:
Upgrade to HP Managed Printing Administration version 2.6.4 or later.

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Cross-Ref: BugTraq ID: 51174
Common Vulnerability Exposure (CVE) ID: CVE-2011-4166
HPdes Security Advisory: HPSBPI02732
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03128469
HPdes Security Advisory: SSRT100435
http://www.zerodayinitiative.com/advisories/ZDI-11-352/
Common Vulnerability Exposure (CVE) ID: CVE-2011-4167
http://www.zerodayinitiative.com/advisories/ZDI-11-353/
Common Vulnerability Exposure (CVE) ID: CVE-2011-4168
http://www.zerodayinitiative.com/advisories/ZDI-11-354/
Common Vulnerability Exposure (CVE) ID: CVE-2011-4169
CopyrightCopyright (C) 2011 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2024 E-Soft Inc. All rights reserved.