Providing Free and Editor Tested Software Downloads

MajorGeeks.com - Talk nerdy to me.

All In One Tweaks

Antivirus & Malware

Drives (SSD, HDD, USB)

Graphics & Photos

MajorGeeks Windows Tweaks

Office & Productivity

· How To and Tutorials
· Life Hacks and Reviews
· Way Off Base
· MajorGeeks Deals
· News
· Off Base
· Reviews

· YouTube
· Facebook
· Instagram
· Twitter
· Pintrest
· RSS/XML Feeds

· News Blur
· Yahoo
· Symbaloo

· Top Freeware Picks
· Malware Removal
· Geektionary
· Useful Links
· About Us

· Copyright
· Privacy
· Terms of Service
· How to Uninstall

1. GS Auto Clicker

2. Macrium Reflect FREE Edition

3. Smart Defrag

4. Visual C++ Redistributable Runtimes AIO Repack

5. Visual C++ Runtime Installer (All-In-One)

6. McAfee Removal Tool (MCPR)

9. K-Lite Mega Codec Pack

10. Sergei Strelec's WinPE

How to Disable 1-Click Ordering on Amazon (and Avoid Surprise Charges)

How to Fix Shallow Paint Layer Depth in Bambu Studio

Aviator Betting Game Secrets: Unlock 97% RTP & Triple Your Wins

Windows Recall: What It Is, Why Hackers Will Love It, and How to Stay Safe

Star Trek Fleet Command Promo Codes: Redeem Codes for Free Shards, Blueprints And Resources

How To Use VLC Media Player to Trim Video Clips

What Is the $WinREAgent Folder and Can I Delete It?

Swear Your Way to Better Search Results

How to Get a Dark Start Menu and Taskbar in Windows 10 & 11

Enable, Disable, Manage, Delete or Create a System Restore Point

HP Insight Diagnostics flaws discovered

Posted by: TimW on 06/11/2013 03:37 PM [ Comments ]

HP's server management software, HP Insight Diagnostics, has multiple vulnerabilities lurking in the application. Each of the flaws, combined, allow an attacker to execute arbitrary PHP code with administrative rights on the server. So far, there is no patch.

Identified as CVE-2013-3573, CVE-2013-3574 and CVE-2013-3575, the vulnerabilities exist in version 9.4.0.4710 and possibly earlier versions. The holes were found by Markus Wulftange from Daimler TSS who recorded and reported the flaws to the vendor. A remote attacker needs only to be authenticated for the combined vulnerabilities to be exploitable.

With no fix available, the US-CERT advises users to follow good security practice and to restrict network access and only allow connections from trusted hosts and networks.

Comments

comments powered by Disqus

© 2000-2025 MajorGeeks.com

Powered by Contentteller® Business Edition