HPUX sysdiag allows local users to gain root privileges via a symlink attack during log file creation.
Max CVSS
6.2
EPSS Score
0.04%
Published
1996-09-21
Updated
2016-10-18
HP LaserJet, and possibly other JetDirect devices, resets the admin password when the device is turned off, which could allow remote attackers to access the device without the password.
Max CVSS
6.4
EPSS Score
0.27%
Published
2001-08-31
Updated
2008-09-05
HP Photosmart printer driver for Mac OS X installs the hp_imaging_connectivity program and the hp_imaging_connectivity.app directory with world-writable permissions, which allows local users to gain privileges of other Photosmart users by replacing hp_imaging_connectivity with a Trojan horse.
Max CVSS
6.2
EPSS Score
0.04%
Published
2002-08-12
Updated
2008-09-05
setpwnam.c in the util-linux package, as included in Red Hat Linux 7.3 and earlier, and other operating systems, does not properly lock a temporary file when modifying /etc/passwd, which may allow local users to gain privileges via a complex race condition that uses an open file descriptor in utility programs such as chfn and chsh.
Max CVSS
6.2
EPSS Score
0.36%
Published
2002-08-12
Updated
2016-10-18
The installation program for HP-UX Visualize Conference B.11.00.11 running on HP-UX 11.00 and 11.11 installs /etc/dt and its subdirecties with insecure permissions, which allows local users to read or write arbitrary files.
Max CVSS
6.6
EPSS Score
0.04%
Published
2002-12-31
Updated
2017-07-29
HP-UX B.11.00 through B.11.23, when running Ignite-UX and using the add_new_client command, causes the TFTP server to set world-writable permissions on part of the directory tree, which allows remote attackers to modify data or cause disk consumption.
Max CVSS
6.4
EPSS Score
4.02%
Published
2004-12-31
Updated
2017-10-11
Multiple unspecified vulnerabilities in Oracle for OpenView (OfO) 8.1.7, 9.1.01, and 9.2, and OfO for Linux, allow remote attackers to have an unknown impact via unknown attack vectors. NOTE: because of the lack of details in the vendor advisory, it is unclear which set of existing CVEs this advisory might refer to.
Max CVSS
6.4
EPSS Score
1.63%
Published
2005-12-31
Updated
2011-03-08
Unspecified vulnerability in HP Version Control Agent before 2.1.5 allows remote authenticated users to obtain "unauthorized access" to a remote Repository Manager account and potentially gain privileges via unspecified vectors.
Max CVSS
6.5
EPSS Score
0.54%
Published
2006-10-17
Updated
2018-10-17
HP NonStop Server G06.29, when running Standard Security T6533G06 before T6533G06^ABK, does not properly evaluate access permissions to OSS directories when no optional ACL entry exists, which allows local users to read arbitrary files.
Max CVSS
6.2
EPSS Score
0.04%
Published
2006-11-04
Updated
2017-07-20
Unspecified vulnerability in HP OpenView Storage Data Protector on HP-UX B.11.00, B.11.11, or B.11.23 allows local users to execute arbitrary code via unknown vectors.
Max CVSS
6.8
EPSS Score
0.04%
Published
2007-02-09
Updated
2018-10-16
Unspecified vulnerability in HP OpenView Network Node Manager (OV NNM) 6.20, 6.4x, 7.01, 7.50, and 7.51 allows remote authenticated users to access certain privileged "facilities" via unspecified vectors.
Max CVSS
6.5
EPSS Score
0.45%
Published
2007-03-28
Updated
2017-07-29
qcbin/servlet/tdservlet/TDAPI_GeneralWebTreatment in HP Mercury Quality Center 9.0 build 9.1.0.4352 allows remote authenticated users to execute arbitrary SQL commands via the RunQuery method.
Max CVSS
6.5
EPSS Score
3.38%
Published
2007-04-06
Updated
2017-07-29
Absolute path traversal in a certain ActiveX control in hpqxml.dll 2.0.0.133 in Hewlett-Packard (HP) Photo Digital Imaging allows remote attackers to create or overwrite arbitrary files via the argument to the saveXMLAsFile method.
Max CVSS
6.4
EPSS Score
2.50%
Published
2007-06-29
Updated
2018-10-16
Absolute path traversal vulnerability in a certain ActiveX control in hpqvwocx.dll 2.1.0.556 in Hewlett-Packard (HP) Digital Imaging allows remote attackers to create or overwrite arbitrary files via the second argument to the SaveToFile method.
Max CVSS
6.8
EPSS Score
8.57%
Published
2007-07-10
Updated
2017-09-29

CVE-2007-3872

Public exploit
Multiple stack-based buffer overflows in the Shared Trace Service (OVTrace) service for HP OpenView Operations A.07.50 for Windows, and possibly earlier versions, allow remote attackers to execute arbitrary code via certain crafted requests.
Max CVSS
6.8
EPSS Score
92.00%
Published
2007-08-09
Updated
2017-07-29
Unspecified vulnerability in the HP HPeDiag (aka eSupportDiagnostics) ActiveX control in hpediag.dll in HP Software Update 4.000.009.002 and earlier allows remote attackers to execute arbitrary code or obtain sensitive information via unspecified vectors. NOTE: this might overlap CVE-2007-6513.
Max CVSS
6.8
EPSS Score
38.65%
Published
2008-04-25
Updated
2017-08-08
Unspecified vulnerability in the FTP server for HP-UX B.11.11, B.11.23, and B.11.31 allows remote authenticated users to cause a denial of service (FTP server outage) via unknown attack vectors.
Max CVSS
6.8
EPSS Score
1.02%
Published
2008-05-13
Updated
2017-09-29
Unspecified vulnerability in useradd on HP-UX B.11.11, B.11.23, and B.11.31 allows local users to access arbitrary files and directories via unspecified vectors.
Max CVSS
6.3
EPSS Score
0.04%
Published
2008-05-21
Updated
2017-09-29
Hpufunction.dll 4.0.0.1 in HP Software Update exposes the unsafe (1) ExecuteAsync and (2) Execute methods, which allows remote attackers to execute arbitrary code via an absolute pathname in the first argument.
Max CVSS
6.8
EPSS Score
88.85%
Published
2008-05-21
Updated
2017-09-29
Unspecified vulnerability in HP System Management Homepage (SMH) 2.2.6 and earlier on HP-UX B.11.11 and B.11.23, and SMH 2.2.6 and 2.2.8 and earlier on HP-UX B.11.23 and B.11.31, allows local users to gain "unauthorized access" via unknown vectors, possibly related to temporary file permissions.
Max CVSS
6.2
EPSS Score
0.04%
Published
2008-11-04
Updated
2017-08-08
hplip.postinst in HP Linux Imaging and Printing (HPLIP) 2.7.7 and 2.8.2 on Ubuntu allows local users to change the ownership of arbitrary files via unspecified manipulations in advance of an HPLIP installation or upgrade by an administrator, related to the product's attempt to correct the ownership of its configuration files within home directories.
Max CVSS
6.9
EPSS Score
0.04%
Published
2009-01-15
Updated
2009-01-31
Unspecified vulnerability in HP-UX B.11.11 running VERITAS Oracle Disk Manager (VRTSodm) 3.5, B.11.23 running VRTSodm 4.1 or VERITAS File System (VRTSvxfs) 4.1, B.11.23 running VRTSodm 5.0 or VRTSvxfs 5.0, and B.11.31 running VRTSodm 5.0 allows local users to gain root privileges via unknown vectors.
Max CVSS
6.8
EPSS Score
0.04%
Published
2009-03-25
Updated
2017-09-29
Unspecified vulnerability in Secure NaviCLI in HP Storage Essentials 6.0.2 through 6.0.4 allows remote authenticated users to obtain "access" or "extended privileges" via unknown vectors.
Max CVSS
6.5
EPSS Score
0.49%
Published
2009-04-21
Updated
2009-04-29
Unspecified vulnerability in useradd in HP HP-UX B.11.11, B.11.23, and B.11.31 allows local users to access arbitrary files and directories via unknown vectors, a different issue than CVE-2008-1660.
Max CVSS
6.0
EPSS Score
0.04%
Published
2009-04-29
Updated
2017-09-29
Cross-site request forgery (CSRF) vulnerability in HP Insight Control Suite For Linux (aka ICE-LX) before 2.11 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
Max CVSS
6.8
EPSS Score
0.15%
Published
2009-08-14
Updated
2017-08-17
205 vulnerabilities found
1 2 3 4 5 6 7 8 9
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!