CVE-2011-0276 Information
Description
HP OpenView Performance Insight Server 5.2 5.3 5.31 5.4 and 5.41 contains a \hidden account\ in the com.trinagy.security.XMLUserManager Java class which allows remote attackers to execute arbitrary code via the doPost method in the com.trinagy.servlet.HelpManagerServlet class.
Reference
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02695453 http://osvdb.org/70754 http://secunia.com/advisories/43145 http://securityreason.com/securityalert/8136 http://www.exploit-db.com/exploits/16984 http://www.securityfocus.com/archive/1/516093/100/0/threaded http://www.securityfocus.com/bid/46079 http://www.securitytracker.com/id?1025014 http://www.vupen.com/english/advisories/2011/0258 http://www.zerodayinitiative.com/advisories/ZDI-11-034 https://exchange.xforce.ibmcloud.com/vulnerabilities/65038
Share on: