CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

HP : Security Vulnerabilities (Bypass)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2014-2634 DoS Bypass 2014-08-23 2014-09-04
9.4
None Remote Low Not required None Complete Complete
Unspecified vulnerability in the server in HP Service Manager (SM) 7.21 and 9.x before 9.34 allows remote attackers to bypass intended access restrictions, and modify data or cause a denial of service, via unknown vectors.
2 CVE-2014-2629 264 Bypass 2014-08-12 2014-08-14
4.0
None Remote Low Single system Partial None None
HP NonStop Safeguard Security Software G, H06.03 through H06.28.01, and J06.03 through J06.17.01 does not properly evaluate the DISKFILE-PATTERN ACL of a program object file, which allows remote authenticated users to bypass intended restrictions on program access via vectors related to process-creation time.
3 CVE-2014-2614 287 Bypass 2014-07-07 2014-07-07
7.5
None Remote Low Not required Partial Partial Partial
Unspecified vulnerability in HP SiteScope 11.1x through 11.13 and 11.2x through 11.24 allows remote attackers to bypass authentication via unknown vectors, aka ZDI-CAN-2140.
4 CVE-2013-6335 264 Bypass 2014-08-26 2014-09-04
2.6
None Local High Not required Partial Partial None
The Backup-Archive client in IBM Tivoli Storage Manager (TSM) for Space Management 5.x and 6.x before 6.2.5.3, 6.3.x before 6.3.2, 6.4.x before 6.4.2, and 7.1.x before 7.1.0.3 on Linux and AIX, and 5.x and 6.x before 6.1.5.6 on Solaris and HP-UX, does not preserve file permissions across backup and restore operations, which allows local users to bypass intended access restrictions via standard filesystem operations.
5 CVE-2013-6219 Bypass 2014-04-19 2014-04-21
3.8
None Local High Single system None Complete None
Unspecified vulnerability in HP HP-UX Whitelisting (aka WLI) before A.01.02.02 on HP-UX B.11.31 allows local users to bypass intended access restrictions via unknown vectors.
6 CVE-2013-4835 1 Exec Code Bypass 2013-11-04 2014-01-17
7.5
None Remote Low Not required Partial Partial Partial
The APISiteScopeImpl SOAP service in HP SiteScope 10.1x and 11.x before 11.22 allows remote attackers to bypass authentication and execute arbitrary code via a direct request to the issueSiebelCmd method, aka ZDI-CAN-1765.
7 CVE-2013-4825 264 Bypass 2013-10-13 2014-07-11
7.5
None Remote Low Not required Partial Partial Partial
Unspecified vulnerability in HP Intelligent Management Center (iMC) and HP IMC Service Operation Management Software Module allows remote attackers to bypass intended access restrictions via unknown vectors, aka ZDI-CAN-1645.
8 CVE-2013-4824 287 Bypass 2013-10-13 2014-07-11
7.5
None Remote Low Not required Partial Partial Partial
Unspecified vulnerability in HP Intelligent Management Center (iMC) and HP IMC Service Operation Management Software Module allows remote attackers to bypass authentication via unknown vectors, aka ZDI-CAN-1644.
9 CVE-2013-4805 Bypass 2013-08-05 2013-08-22
9.0
None Remote Low Not required Partial Partial Complete
Unspecified vulnerability in HP Integrated Lights-Out 3 (aka iLO3) firmware before 1.60 and 4 (aka iLO4) firmware before 1.30 allows remote attackers to bypass authentication via unknown vectors.
10 CVE-2013-4784 287 1 Exec Code Bypass 2013-07-08 2013-08-13
10.0
None Remote Low Not required Complete Complete Complete
The HP Integrated Lights-Out (iLO) BMC implementation allows remote attackers to bypass authentication and execute arbitrary IPMI commands by using cipher suite 0 (aka cipher zero) and an arbitrary password.
11 CVE-2013-4325 264 Bypass 2013-09-23 2014-01-13
6.9
None Local Medium Not required Complete Complete Complete
The check_permission_v1 function in base/pkit.py in HP Linux Imaging and Printing (HPLIP) through 3.13.9 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process.
12 CVE-2013-2355 264 Bypass +Info 2013-07-22 2013-07-22
5.0
None Remote Low Not required Partial None None
HP System Management Homepage (SMH) before 7.2.1 allows remote attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2012-5217.
13 CVE-2013-2323 264 Bypass 2013-06-28 2013-07-01
6.0
None Remote Medium Single system Partial Partial Partial
HP SQL/MX 3.0 through 3.2 on NonStop servers, when SQL/MP Objects are used, allows remote authenticated users to bypass intended access restrictions and modify data via unspecified vectors, aka the "SQL/MP tables" issue.
14 CVE-2012-5218 264 Bypass 2013-04-24 2013-04-24
7.2
None Local Low Not required Complete Complete Complete
HP ElitePad 900 PCs with BIOS F.0x before F.01 Update 1.0.0.8 do not enable the Secure Boot feature, which allows local users to bypass intended BIOS restrictions and boot unintended operating systems via unspecified vectors.
15 CVE-2012-5217 264 Bypass +Info 2013-07-22 2013-07-26
5.0
None Remote Low Not required Partial None None
HP System Management Homepage (SMH) before 7.2.1 allows remote attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2013-2355.
16 CVE-2012-0129 264 Exec Code Bypass 2012-04-05 2012-12-05
7.6
None Remote High Not required Complete Complete Complete
HP Onboard Administrator (OA) before 3.50 allows remote attackers to bypass intended access restrictions and execute arbitrary code via unspecified vectors.
17 CVE-2011-4160 Bypass 2011-11-23 2012-02-16
3.2
None Local Low Single system Partial Partial None
Unspecified vulnerability in HP Operations Agent 11.00 and Performance Agent 4.73 and 5.0 on AIX, HP-UX, Linux, and Solaris allows local users to bypass intended directory-access restrictions via unknown vectors.
18 CVE-2011-3155 Bypass 2011-10-11 2012-02-13
6.4
None Remote Low Not required Partial Partial None
Unspecified vulnerability in HP Onboard Administrator (OA) 3.21 through 3.31 allows remote attackers to bypass intended access restrictions via unknown vectors.
19 CVE-2011-1858 Bypass 2011-06-14 2011-09-21
4.3
None Local Low Single system Partial Partial Partial
Unspecified vulnerability in HP Service Manager 7.02, 7.11, 9.20, and 9.21 and Service Center 6.2.8 allows local users to bypass intended access restrictions via unknown vectors.
20 CVE-2011-1857 Bypass 2011-06-14 2011-09-21
8.2
None Remote Medium Single system Partial Complete Complete
Unspecified vulnerability in HP Service Manager 7.02, 7.11, 9.20, and 9.21 and Service Center 6.2.8 allows remote authenticated users to bypass intended access restrictions via unknown vectors.
21 CVE-2011-1541 Exec Code Bypass 2011-04-29 2011-09-21
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in HP System Management Homepage (SMH) before 6.3 allows remote attackers to bypass intended access restrictions, and consequently execute arbitrary code, via unknown vectors.
22 CVE-2011-0894 Bypass 2011-04-04 2011-09-21
5.5
None Remote Low Single system Partial Partial None
Unspecified vulnerability in HP Operations 9.10 on UNIX platforms allows remote authenticated users to bypass intended access restrictions via unknown vectors.
23 CVE-2011-0278 Bypass 2011-03-01 2011-03-17
4.3
None Local Low Single system Partial Partial Partial
Unspecified vulnerability in HP Web Jetadmin 10.2 Service Release 3 and 4 allows local users to bypass intended access restrictions via unknown vectors.
24 CVE-2010-4105 Bypass +Info 2010-11-01 2010-11-04
6.4
None Remote Low Not required Partial Partial None
Unspecified vulnerability in HP Insight Orchestration before 6.2 allows remote attackers to bypass intended access restrictions, and obtain sensitive information or modify data, via unknown vectors.
25 CVE-2010-3988 DoS Bypass 2010-10-28 2010-11-11
5.0
None Remote Low Not required None None Partial
Unspecified vulnerability in HP Insight Control Virtual Machine Management before 6.2 allows remote attackers to bypass intended access restrictions and cause a denial of service via unknown vectors.
26 CVE-2010-1558 Bypass +Info 2010-05-14 2010-05-21
4.7
None Local Medium Not required Complete None None
Unspecified vulnerability in HP Multifunction Peripheral (MFP) Digital Sending Software before 4.18.3 allows local users to bypass intended restrictions on the MFP "Send to e-mail" feature, and obtain sensitive information, via unknown vectors.
27 CVE-2009-2682 264 Bypass 2009-09-24 2010-08-21
7.2
None Local Low Not required Complete Complete Complete
Unspecified vulnerability in Role-Based Access Control (RBAC) in HP HP-UX B.11.23 and B.11.31 allows local users to bypass intended access restrictions via unknown vectors.
28 CVE-2008-5417 264 Bypass 2008-12-10 2011-01-05
2.1
None Local Low Not required None Partial None
HP DECnet-Plus 8.3 before ECO03 for OpenVMS on the Alpha platform uses world-writable permissions for the OSIT$NAMES logical name table, which allows local users to bypass intended access restrictions and modify this table via the (1) SYS$CRELNM and (2) SYS$DELLNM system services.
29 CVE-2008-0706 287 Bypass 2008-03-31 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
Unspecified vulnerability in the BIOS F.26 and earlier for the HP Compaq Notebook PC allows physically proximate attackers to obtain privileged access via unspecified vectors, possibly involving an authentication bypass of the power-on password.
30 CVE-2006-1774 Bypass 2006-04-13 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
HP System Management Homepage (SMH) 2.1.3.132, when running on CompaqHTTPServer/9.9 on Windows, Linux, or Tru64 UNIX, and when "Trust by Certificates" is not enabled, allows remote attackers to bypass authentication via a crafted URL.
31 CVE-2004-1480 Bypass 2004-12-31 2008-09-10
7.5
None Remote Low Not required Partial Partial Partial
Unknown vulnerability in the management station in HP StorageWorks Command View XP 1.8B and earlier allows remote attackers to bypass access restrictions.
32 CVE-2004-0709 Bypass 2004-07-27 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
HP OpenView Select Access 5.0 through 6.0 does not correctly decode UTF-8 encoded unicode characters in a URL, which could allow remote attackers to bypass access restrictions.
33 CVE-2002-1618 Bypass 2002-10-16 2009-03-04
7.2
Admin Local Low Not required Complete Complete Complete
JFS (JFS3.1 and OnlineJFS) in HP-UX 10.20, 11.00, and 11.04 does not properly implement the sticky bit functionality, which could allow attackers to bypass intended restrictions on filesystems.
34 CVE-2002-0763 Bypass 2002-08-12 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Vulnerability in administration server for HP VirtualVault 4.5 on HP-UX 11.04 allows remote web servers or privileged external processes to bypass access restrictions and establish connections to the server.
35 CVE-2002-0250 Bypass 2002-05-29 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Web configuration utility in HP AdvanceStack hubs J3200A through J3210A with firmware version A.03.07 and earlier, allows unauthorized users to bypass authentication via a direct HTTP request to the web_access.html file, which allows the user to change the switch's configuration and modify the administrator password.
36 CVE-2001-1182 +Priv Bypass 2001-07-17 2009-03-04
7.2
Admin Local Low Not required Complete Complete Complete
Vulnerability in login in HP-UX 11.00, 11.11, and 10.20 allows restricted shell users to bypass certain security checks and gain privileges.
37 CVE-1999-1311 +Priv Bypass 1997-01-07 2008-09-10
4.6
User Local Low Not required Partial Partial Partial
Vulnerability in dtlogin and dtsession in HP-UX 10.20 and 10.10 allows local users to bypass authentication and gain privileges.
38 CVE-1999-1062 Bypass 1997-10-04 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
HP Laserjet printers with JetDirect cards, when configured with TCP/IP, allow remote attackers to bypass print filters by directly sending PostScript documents to TCP ports 9099 and 9100.
39 CVE-1999-0992 Bypass 2000-01-18 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
HP VirtualVault with the PHSS_17692 patch allows unprivileged processes to bypass access restrictions via the Trusted Gateway Proxy (TGP).
Total number of vulnerabilities : 39   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.