CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

HP : Security Vulnerabilities (CVSS score >= 9)

CVSS Scores Greater Than: 0   1   2   3   4   5   6   7   8   9  
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complex ity Authen tication Confiden tiality Integrity Availa bility
1 CVE-2012-2561 264 Exec Code 2012-05-21 2012-05-22
10.0
 None Remote Low Not required Complete Complete Complete
HP Business Service Management (BSM) 9.12 does not properly restrict the uploading of .war files, which allows remote attackers to execute arbitrary JSP code within the JBOSS Application Server component via a crafted request to TCP port 1098, 1099, or 4444.
2 CVE-2012-2009 264 +Priv 2012-05-09 2012-05-16
9.0
 None Remote Low Single system Complete Complete Complete
Unspecified vulnerability in HP Performance Insight for Networks 5.3.x, 5.41, 5.41.001, and 5.41.002 allows remote authenticated users to gain privileges via unknown vectors.
3 CVE-2012-0697 22 Dir. Trav. 2012-01-12 2012-01-23
10.0
 Admin Remote Low Not required Complete Complete Complete
HP StorageWorks P2000 G3 MSA array systems have a default account, which makes it easier for remote attackers to perform administrative tasks via unspecified vectors, a different vulnerability than CVE-2011-4788.
4 CVE-2012-0131 DoS 2012-04-05 2012-04-12
10.0
 None Remote Low Not required Complete Complete Complete
Distributed Computing Environment (DCE) 1.8 and 1.9 on HP HP-UX B.11.11 and B.11.23 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
5 CVE-2012-0127 Exec Code 2012-03-31 2012-04-02
10.0
 None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in HP Performance Manager 9.00 allows remote attackers to execute arbitrary code via unknown vectors.
6 CVE-2012-0124 DoS Exec Code 2012-03-13 2012-04-24
10.0
 None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in HP Data Protector Express (aka DPX) 5.0.00 before build 59287 and 6.0.00 before build 11974 allows remote attackers to execute arbitrary code or cause a denial of service via unknown vectors.
7 CVE-2012-0123 DoS Exec Code 2012-03-13 2012-03-14
10.0
 None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in HP Data Protector Express (aka DPX) 5.0.00 before build 59287 and 6.0.00 before build 11974 allows remote attackers to execute arbitrary code or cause a denial of service via unknown vectors, aka ZDI-CAN-1498.
8 CVE-2012-0122 DoS Exec Code 2012-03-13 2012-03-14
10.0
 None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in HP Data Protector Express (aka DPX) 5.0.00 before build 59287 and 6.0.00 before build 11974 allows remote attackers to execute arbitrary code or cause a denial of service via unknown vectors, aka ZDI-CAN-1393.
9 CVE-2012-0121 DoS Exec Code 2012-03-13 2012-03-14
10.0
 None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in HP Data Protector Express (aka DPX) 5.0.00 before build 59287 and 6.0.00 before build 11974 allows remote attackers to execute arbitrary code or cause a denial of service via unknown vectors, aka ZDI-CAN-1392.
10 CVE-2011-4791 94 Exec Code 2012-02-02 2012-02-16
10.0
 None Remote Low Not required Complete Complete Complete
DBServer.exe in HP Data Protector Media Operations 6.11 and earlier allows remote attackers to execute arbitrary code via a crafted request containing a large value in a length field.
11 CVE-2011-4790 Exec Code 2012-02-01 2012-02-02
9.3
 None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in HP Network Automation 7.5x, 7.6x, 9.0, and 9.10 allows remote attackers to execute arbitrary code via unknown vectors.
12 CVE-2011-4789 119 Exec Code Overflow 2012-01-12 2012-01-23
10.0
 None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in magentservice.exe in the server in HP Diagnostics allows remote attackers to execute arbitrary code via a crafted size value in a packet.
13 CVE-2011-4787 94 2012-01-12 2012-02-09
9.3
 None Remote Medium Not required Complete Complete Complete
A certain ActiveX control in HPTicketMgr.dll in HP Easy Printer Care Software 2.5 and earlier allows remote attackers to download an arbitrary program onto a client machine, and execute this program, via unspecified vectors, a different vulnerability than CVE-2011-2404 and CVE-2011-4786.
14 CVE-2011-4786 94 2012-01-12 2012-02-09
9.3
 None Remote Medium Not required Complete Complete Complete
A certain ActiveX control in HPTicketMgr.dll in HP Easy Printer Care Software 2.5 and earlier allows remote attackers to download an arbitrary program onto a client machine, and execute this program, via unspecified vectors, a different vulnerability than CVE-2011-2404 and CVE-2011-4787.
15 CVE-2011-4165 Exec Code 2011-12-29 2012-02-01
10.0
 None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in HP Database Archiving Software 6.31 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1263.
16 CVE-2011-4164 Exec Code 2011-12-29 2012-02-01
10.0
 None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in HP Database Archiving Software 6.31 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1214.
17 CVE-2011-4163 Exec Code 2011-12-29 2012-02-01
10.0
 None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in HP Database Archiving Software 6.31 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1213.
18 CVE-2011-4161 264 Exec Code 2011-12-01 2012-02-01
10.0
 None Remote Low Not required Complete Complete Complete
The default configuration of the HP CM8060 Color MFP with Edgeline; Color LaserJet 3xxx, 4xxx, 5550, 9500, CMxxxx, CPxxxx, and Enterprise CPxxxx; Digital Sender 9200c and 9250c; LaserJet 4xxx, 5200, 90xx, Mxxxx, and Pxxxx; and LaserJet Enterprise 500 color M551, 600, M4555 MFP, and P3015 enables the Remote Firmware Update (RFU) setting, which allows remote attackers to execute arbitrary code by using a session on TCP port 9100 to upload a crafted firmware update.
19 CVE-2011-4157 119 Exec Code Overflow 2011-11-16 2011-12-28
10.0
 None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in hydra.exe in HP SAN/iQ before 9.5 on the HP StorageWorks P4000 Virtual SAN Appliance allows remote attackers to execute arbitrary code via a crafted login request.
20 CVE-2011-3167 Exec Code 2011-11-02 2012-02-14
10.0
 None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1210.
21 CVE-2011-3166 Exec Code 2011-11-02 2012-02-14
10.0
 None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1209.
22 CVE-2011-3165 Exec Code 2011-11-02 2012-02-14
10.0
 None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1208.
23 CVE-2011-3162 Exec Code 2011-10-19 2012-05-14
10.0
 None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in HP Data Protector Notebook Extension 6.20 and Data Protector for Personal Computers 7.0 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1296.
24 CVE-2011-3161 Exec Code 2011-10-19 2012-05-14
10.0
 None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in HP Data Protector Notebook Extension 6.20 and Data Protector for Personal Computers 7.0 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1229.
25 CVE-2011-3160 Exec Code 2011-10-19 2012-05-14
10.0
 None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in HP Data Protector Notebook Extension 6.20 and Data Protector for Personal Computers 7.0 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1228.
26 CVE-2011-3159 Exec Code 2011-10-19 2012-05-14
10.0
 None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in HP Data Protector Notebook Extension 6.20 and Data Protector for Personal Computers 7.0 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1227.
27 CVE-2011-3158 Exec Code 2011-10-19 2012-05-14
10.0
 None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in HP Data Protector Notebook Extension 6.20 and Data Protector for Personal Computers 7.0 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1226.
28 CVE-2011-3157 Exec Code 2011-10-19 2012-05-14
10.0
 None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in HP Data Protector Notebook Extension 6.20 and Data Protector for Personal Computers 7.0 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1225.
29 CVE-2011-3156 Exec Code 2011-10-19 2012-05-14
10.0
 None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in HP Data Protector Notebook Extension 6.20 and Data Protector for Personal Computers 7.0 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1222.
30 CVE-2011-2412 Exec Code 2011-09-21 2012-02-13
10.0
 None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in HP Business Service Automation (BSA) Essentials 2.01 allows remote attackers to execute arbitrary code via unknown vectors.
31 CVE-2011-2411 Exec Code 2011-10-02 2012-05-18
9.0
 None Remote Low Single system Complete Complete Complete
Unspecified vulnerability on HP NonStop Servers with software H06.x through H06.23.00 and J06.x through J06.12.00, when Samba is used, allows remote authenticated users to execute arbitrary code via unknown vectors.
32 CVE-2011-2331 189 Exec Code Overflow 2011-06-02 2011-09-06
10.0
 None Remote Low Not required Complete Complete Complete
Integer overflow in img.exe in HP Intelligent Management Center (IMC) allows remote attackers to execute arbitrary code via a crafted length value in an a packet that triggers a heap-based buffer overflow, possibly related to an "recv" field.
33 CVE-2011-1867 119 Exec Code Overflow 2011-07-11 2011-09-21
10.0
 None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in iNodeMngChecker.exe in the User Access Manager (UAM) 5.0 before SP1 E0101P03 and Endpoint Admission Defense (EAD) 5.0 before SP1 E0101P03 components in HP Intelligent Management Center (aka iNode Management Center) allows remote attackers to execute arbitrary code via a 0x0A0BF007 packet.
34 CVE-2011-1866 119 1 Exec Code Overflow 2011-07-01 2011-09-21
10.0
 None Remote Low Not required Complete Complete Complete
Buffer overflow in omniinet.exe in the inet service in HP OpenView Storage Data Protector 6.00 through 6.20 allows remote attackers to execute arbitrary code via a crafted request, related to the EXEC_CMD functionality.
35 CVE-2011-1865 119 4 Exec Code Overflow 2011-07-01 2011-09-21
10.0
 None Remote Low Not required Complete Complete Complete
Multiple stack-based buffer overflows in the inet service in HP OpenView Storage Data Protector 6.00 through 6.20 allow remote attackers to execute arbitrary code via a request containing crafted parameters.
36 CVE-2011-1864 Exec Code 2011-06-14 2011-09-06
9.3
 None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in HP OpenView Storage Data Protector 6.0, 6.10, and 6.11 allows remote attackers to execute arbitrary code via unknown vectors.
37 CVE-2011-1854 399 Exec Code 2011-05-13 2011-07-13
10.0
 None Remote Low Not required Complete Complete Complete
Use-after-free vulnerability in HP Intelligent Management Center (IMC) 5.0 before E0101L02 allows remote attackers to execute arbitrary code via a long syslog packet, related to an exception handler.
38 CVE-2011-1853 20 Exec Code 2011-05-13 2011-05-26
10.0
 None Remote Low Not required Complete Complete Complete
tftpserver.exe in HP Intelligent Management Center (IMC) 5.0 before E0101L02 allows remote attackers to execute arbitrary code via a (1) large or (2) invalid opcode field, related to a function pointer table.
39 CVE-2011-1852 119 Exec Code Overflow 2011-05-13 2011-05-26
10.0
 None Remote Low Not required Complete Complete Complete
Multiple stack-based buffer overflows in tftpserver.exe in HP Intelligent Management Center (IMC) 5.0 before E0101L02 allow remote attackers to execute arbitrary code via crafted packet content accompanying a (1) DATA or (2) ERROR opcode.
40 CVE-2011-1851 119 Exec Code Overflow 2011-05-13 2011-05-26
10.0
 None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in tftpserver.exe in HP Intelligent Management Center (IMC) 5.0 before E0101L02 allows remote attackers to execute arbitrary code via a long mode field.
41 CVE-2011-1850 119 Exec Code Overflow 2011-05-13 2011-05-26
10.0
 None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in the logging functionality in dbman.exe in HP Intelligent Management Center (IMC) 5.0 before E0101L02 allows remote attackers to execute arbitrary code via vectors related to a received action.
42 CVE-2011-1849 20 Exec Code 2011-05-13 2011-05-26
10.0
 None Remote Low Not required Complete Complete Complete
tftpserver.exe in HP Intelligent Management Center (IMC) 5.0 before E0101L02 allows remote attackers to create or overwrite files, and subsequently execute arbitrary code, via a crafted WRQ request.
43 CVE-2011-1848 119 Exec Code Overflow 2011-05-13 2011-05-26
10.0
 None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in img.exe in HP Intelligent Management Center (IMC) 5.0 before E0101L02 allows remote attackers to execute arbitrary code via a crafted length field in a packet.
44 CVE-2011-1735 119 Exec Code Overflow 2011-05-07 2011-09-06
10.0
 None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in OmniInet.exe in the Backup Client Service in HP OpenView Storage Data Protector 6.00, 6.10, and 6.11 allows remote attackers to execute arbitrary code via a malformed bm message.
45 CVE-2011-1734 119 Exec Code Overflow 2011-05-07 2011-09-06
10.0
 None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in OmniInet.exe in the Backup Client Service in HP OpenView Storage Data Protector 6.00, 6.10, and 6.11 allows remote attackers to execute arbitrary code via a malformed omniiaputil message.
46 CVE-2011-1733 119 Exec Code Overflow 2011-05-07 2011-09-06
10.0
 None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in OmniInet.exe in the Backup Client Service in HP OpenView Storage Data Protector 6.00, 6.10, and 6.11 allows remote attackers to execute arbitrary code via a malformed HPFGConfig message.
47 CVE-2011-1732 119 Exec Code Overflow 2011-05-07 2011-09-06
10.0
 None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in OmniInet.exe in the Backup Client Service in HP OpenView Storage Data Protector 6.00, 6.10, and 6.11 allows remote attackers to execute arbitrary code via a malformed stutil message.
48 CVE-2011-1731 119 Exec Code Overflow 2011-05-07 2011-09-06
10.0
 None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in OmniInet.exe in the Backup Client Service in HP OpenView Storage Data Protector 6.00, 6.10, and 6.11 allows remote attackers to execute arbitrary code via a malformed EXEC_INTEGUTIL message.
49 CVE-2011-1730 119 Exec Code Overflow 2011-05-07 2011-09-06
10.0
 None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in OmniInet.exe in the Backup Client Service in HP OpenView Storage Data Protector 6.00, 6.10, and 6.11 allows remote attackers to execute arbitrary code via a malformed EXEC_SCRIPT message.
50 CVE-2011-1729 119 Exec Code Overflow 2011-05-07 2011-09-06
10.0
 None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in OmniInet.exe in the Backup Client Service in HP OpenView Storage Data Protector 6.00, 6.10, and 6.11 allows remote attackers to execute arbitrary code via a malformed GET_FILE message.
Total number of vulnerabilities : 230   Page : 1 (This Page)2 3 4 5
CVE is a registred trademark of the MITRE Corporation and the authoritive source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritive source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritive source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.