CVE-2011-4168

Related Files

HP Security Bulletin HPSBPI02732 SSRT100435

Posted Dec 29, 2011

Authored by HP | Site hp.com

HP Security Bulletin HPSBPI02732 SSRT100435 - Potential security vulnerabilities have been identified with HP Managed Printing Administration. These vulnerabilities could be exploited remotely for execution of arbitrary code, directory traversal, creation and deletion of arbitrary files, and unauthorized access to the application database. Revision 1 of this advisory.

tags | advisory, arbitrary, vulnerability

advisories | CVE-2011-4166, CVE-2011-4167, CVE-2011-4168, CVE-2011-4169

SHA-256 | a49ce43d61ed9a2b50fc8032fe132797b1be9ec0a71f4e8cc8cb8d94a3664f15

Download | Favorite | View

Zero Day Initiative Advisory 11-354

Posted Dec 22, 2011

Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-354 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Managed Printing Administration. Authentication is not required to exploit this vulnerability. There multiple classes of flaws within this product including arbitrary file creation, null char truncation and directory traversal. Null injection and directory traversal can be used in the form data passed to \Inetpub\wwwroot\hpmpa\jobDelivery\Default.asp to remotely create arbitrary files.

tags | advisory, remote, arbitrary, asp

advisories | CVE-2011-4168

SHA-256 | f0495e468274c9e38b074f2dfd175ca4189b4a874d12ce564e49d2ef2f0d5c5d

Download | Favorite | View