New User, Welcome!     Login

Pablo Carballo

CORE-2009-0812-Hyperic HQ Multiple XSS

7. *Credits*

These vulnerabilities were discovered and researched by Gaston Rey and
Pablo Carballo from Core Security Technologies during Bugweek 2009 [2].


8. *Technical Description / Proof of Concept Code*

CVE-2009-2897: Hyperic HQ - Reflected XSS in stack trace

Credit:
This vulnerability was first reported to SpringSource by Eric Searcy
(via the Hyperic Forums).
This vulnerability was independently discovered and researched by Gastn
Rey and Pablo Carballo from Core Security Technologies during Core
Bugweek 2009.

References:
1. http://forums.hyperic.com/jiveforums/thread.jspa?messageID=22156&#22156
2. http://jira.hyperic.com/browse/HHQ-2655

CVE-2009-2898: Hyperic HQ - Stored XSS in alerts list

administrators should ensure untrusted users do not have the necessary
privileges to create alerts.

Credit:
This vulnerability was discovered and researched by Gastn Rey and Pablo
Carballo from Core Security Technologies during Core Bugweek 2009.

References:
1. http://www.coresecurity.com/content/hyperic-hq-vulnerabilities
2. http://jira.hyperic.com/browse/HHQ-3390
3. http://www.springsource.com/security/hyperic-hq


Copyright © 1995-2012 LinuxRocket.net. All rights reserved.

Nearly all of LinuxRocket's features are free. Be kind and donate to the cause!