CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

HP : Security Vulnerabilities

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2014-2647 79 1 XSS 2014-10-18 2015-10-08
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in HP Operations Agent in HP Operations Manager (formerly OpenView Communications Broker) before 11.14 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
2 CVE-2014-2623 3 Exec Code 2014-07-17 2017-01-06
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in HP Storage Data Protector 8.x allows remote attackers to execute arbitrary code via unknown vectors.
3 CVE-2013-6852 352 1 CSRF 2013-11-21 2013-11-22
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in html/json.html on HP 2620 switches allows remote attackers to hijack the authentication of administrators for requests that change an administrative password via the setPassword method.
4 CVE-2013-6221 22 1 Exec Code Dir. Trav. 2014-06-18 2014-07-18
10.0
None Remote Low Not required Complete Complete Complete
Directory traversal vulnerability in CommunicationServlet in HP Service Virtualization 3.x before 3.50.1, when the AutoPass license server is enabled, allows remote attackers to create arbitrary files and consequently execute arbitrary code via unspecified vectors, aka ZDI-CAN-2031.
5 CVE-2013-6194 1 DoS Exec Code 2014-01-03 2016-04-06
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in HP Storage Data Protector 6.2X allows remote attackers to execute arbitrary code or cause a denial of service via unknown vectors, aka ZDI-CAN-1905.
6 CVE-2013-4835 1 Exec Code Bypass 2013-11-04 2017-06-30
7.5
None Remote Low Not required Partial Partial Partial
The APISiteScopeImpl SOAP service in HP SiteScope 10.1x and 11.x before 11.22 allows remote attackers to bypass authentication and execute arbitrary code via a direct request to the issueSiebelCmd method, aka ZDI-CAN-1765.
7 CVE-2013-4784 287 1 Exec Code Bypass 2013-07-08 2017-08-28
10.0
None Remote Low Not required Complete Complete Complete
The HP Integrated Lights-Out (iLO) BMC implementation allows remote attackers to bypass authentication and execute arbitrary IPMI commands by using cipher suite 0 (aka cipher zero) and an arbitrary password.
8 CVE-2012-4362 255 2 2012-08-20 2012-08-21
4.0
None Remote Low Single system None Partial None
hydra.exe in HP SAN/iQ before 9.5 on the HP Virtual SAN Appliance has a hardcoded password of L0CAlu53R for the global$agent account, which allows remote attackers to obtain access to a management service via a login: request to TCP port 13838.
9 CVE-2012-4361 78 2 Exec Code 2012-08-20 2012-08-21
7.7
None Local Network Low Single system Complete Complete Complete
lhn/public/network/ping in HP SAN/iQ before 9.5 on the HP Virtual SAN Appliance allows remote authenticated users to execute arbitrary commands via shell metacharacters in the second parameter.
10 CVE-2011-1866 119 1 Exec Code Overflow 2011-07-01 2017-08-16
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in omniinet.exe in the inet service in HP OpenView Storage Data Protector 6.00 through 6.20 allows remote attackers to execute arbitrary code via a crafted request, related to the EXEC_CMD functionality.
11 CVE-2011-1865 119 4 Exec Code Overflow 2011-07-01 2017-08-16
10.0
None Remote Low Not required Complete Complete Complete
Multiple stack-based buffer overflows in the inet service in HP OpenView Storage Data Protector 6.00 through 6.20 allow remote attackers to execute arbitrary code via a request containing crafted parameters.
12 CVE-2011-0514 119 1 DoS Overflow 2011-01-20 2011-01-24
5.0
None Remote Low Not required None None Partial
The RDS service (rds.exe) in HP Data Protector Manager 6.11 allows remote attackers to cause a denial of service (crash) via a packet with a large data size to TCP port 1530.
13 CVE-2011-0276 1 Exec Code 2011-02-01 2017-08-16
10.0
None Remote Low Not required Complete Complete Complete
HP OpenView Performance Insight Server 5.2, 5.3, 5.31, 5.4, and 5.41 contains a "hidden account" in the com.trinagy.security.XMLUserManager Java class, which allows remote attackers to execute arbitrary code via the doPost method in the com.trinagy.servlet.HelpManagerServlet class.
14 CVE-2011-0267 119 1 Exec Code Overflow 2011-01-13 2017-08-16
10.0
None Remote Low Not required Complete Complete Complete
Multiple buffer overflows in nnmRptConfig.exe in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allow remote attackers to execute arbitrary code via a long (1) schdParams or (2) nameParams parameter, a different vulnerability than CVE-2011-0266.
15 CVE-2010-4107 22 1 Dir. Trav. 2010-11-17 2017-08-16
7.8
None Remote Low Not required Complete None None
The default configuration of the PJL Access value in the File System External Access settings on HP LaserJet MFP printers, Color LaserJet MFP printers, and LaserJet 4100, 4200, 4300, 5100, 8150, and 9000 printers enables PJL commands that use the device's filesystem, which allows remote attackers to read arbitrary files via a command inside a print job, as demonstrated by a directory traversal attack.
16 CVE-2010-2709 119 1 Exec Code Overflow 2010-08-05 2017-08-16
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in webappmon.exe in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via a long OvJavaLocale value in a cookie.
17 CVE-2010-2703 119 1 Exec Code Overflow 2010-07-28 2013-08-21
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in the execvp_nc function in the ov.dll module in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53, when running on Windows, allows remote attackers to execute arbitrary code via a long HTTP request to webappmon.exe.
18 CVE-2010-1554 119 1 Exec Code Overflow 2010-05-13 2011-09-21
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in getnnmdata.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via an invalid iCount parameter.
19 CVE-1999-1251 1 DoS 1996-12-24 2008-09-05
2.1
None Local Low Not required None None Partial
Vulnerability in direct audio user space code on HP-UX 10.20 and 10.10 allows local users to cause a denial of service.
20 CVE-1999-1248 1 +Priv 1994-11-30 2008-09-05
4.6
User Local Low Not required Partial Partial Partial
Vulnerability in Support Watch (aka SupportWatch) in HP-UX 8.0 through 9.0 allows local users to gain privileges.
21 CVE-1999-1247 1 +Priv 1999-02-24 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
Vulnerability in HP Camera component of HP DCE/9000 in HP-UX 9.x allows attackers to gain root privileges.
22 CVE-1999-1242 1 +Priv 1994-02-07 2008-09-05
4.6
User Local Low Not required Partial Partial Partial
Vulnerability in subnetconfig in HP-UX 9.01 and 9.0 allows local users to gain privileges.
23 CVE-1999-1205 1 DoS 1996-06-07 2016-10-17
2.1
None Local Low Not required None None Partial
nettune in HP-UX 10.01 and 10.00 is installed setuid root, which allows local users to cause a denial of service by modifying critical networking configuration information.
Total number of vulnerabilities : 23   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.