Description: HP has issued an update for System Management Homepage. This fixes some vulnerabilities in PHP and Namazu, which can be exploited by malicious people to cause a DoS (Denial of Service), conduct cross-site scripting attacks, or compromise a vulnerable system.
An unspecified cross-site scripting vulnerability has also been reported.
The vulnerability has been reported in versions 2.0.0 through 2.0.2 on the following platforms:
* Microsoft Windows 2000
* Microsoft Windows 2003
* Microsoft Windows Server 2003 x64 Edition
* Microsoft Windows Server 2003 64-bit
* Linux
Do you have this product installed on your home computer? Scan using the free Personal Software Inspector. Check if a vulnerable version is installed on computers in your corporate network, scan using the Network Software Inspector.
Provided and/or discovered by: The vendor credits Tom Gallagher for reporting the second unspecified cross-site scripting vulnerability.
Changelog: 2005-08-11: Updated "Description" section to include additional affected Windows platforms.
2005-09-23: Vendor issues new fixes. Updated "Description", "Solution" and credit sections.
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com.
Ideas, suggestions, and other feedback are most welcome.
