CVE-2011-0276 | Vulnerability Database | Aqua Security

HP OpenView Performance Insight Server 5.2, 5.3, 5.31, 5.4, and 5.41 contains a hidden account in the com.trinagy.security.XMLUserManager Java class, which allows remote attackers to execute arbitrary code via the doPost method in the com.trinagy.servlet.HelpManagerServlet class.

Affected Software

Name	Vendor	Start Version	End Version
Openview_performance_insight	Hp	5.2	5.2
Openview_performance_insight	Hp	5.3	5.3
Openview_performance_insight	Hp	5.4	5.4
Openview_performance_insight	Hp	5.31	5.31
Openview_performance_insight	Hp	5.41	5.41

References

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02695453
http://osvdb.org/70754
http://secunia.com/advisories/43145
http://securityreason.com/securityalert/8136
http://www.exploit-db.com/exploits/16984
http://www.securityfocus.com/archive/1/516093/100/0/threaded
http://www.securityfocus.com/bid/46079
http://www.securitytracker.com/id?1025014
http://www.vupen.com/english/advisories/2011/0258
http://www.zerodayinitiative.com/advisories/ZDI-11-034
https://exchange.xforce.ibmcloud.com/vulnerabilities/65038

NVD	https://nvd.nist.gov/vuln/detail/CVE-2011-0276
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html