CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

HP : Security Vulnerabilities Published In 2005

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2005-4823 Exec Code Overflow 2005-12-31 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in the HP HTTP Server 5.0 through 5.95 of the HP Web-enabled Management Software allows remote attackers to execute arbitrary code via unknown vectors.
2 CVE-2005-4654 2005-12-31 2008-09-05
6.4
None Remote Low Not required None Partial Partial
Multiple unspecified vulnerabilities in Oracle for OpenView (OfO) 8.1.7, 9.1.01, and 9.2, and OfO for Linux, allow remote attackers to have an unknown impact via unknown attack vectors. NOTE: because of the lack of details in the vendor advisory, it is unclear which set of existing CVEs this advisory might refer to.
3 CVE-2005-4451 2005-12-21 2009-03-04
7.5
None Remote Low Not required Partial Partial Partial
Unspecified vulnerability in Software Distributor in HP-UX B.11.11 allows remote attackers to gain access via unspecified attack vectors.
4 CVE-2005-4316 DoS 2005-12-17 2009-03-04
7.8
None Remote Low Not required None None Complete
HP-UX B.11.00, B.11.04, B.11.11, and B.11.23 allows remote attackers to cause a denial of service via a "Rose Attack" that involves sending a subset of small IP fragments that do not form a complete, larger packet.
5 CVE-2005-4090 2005-12-08 2009-03-04
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in HP-UX B.11.00 to B.11.23, when IPSEC is running, allows remote attackers to have unknown impact.
6 CVE-2005-3983 DoS 2005-12-04 2008-09-05
7.8
None Remote Low Not required None None Complete
Unknown vulnerability in the login page for HP Systems Insight Manager (SIM) 4.0 and 4.1, when accessed by Microsoft Internet Explorer with the MS04-025 patch, leads to a denial of service (browser hang). NOTE: although the advisory is vague, this issue does not appear to involve an attacker at all. If not, then this issue is not a vulnerability.
7 CVE-2005-3779 +Priv 2005-11-22 2011-05-19
7.2
Admin Local Low Not required Complete Complete Complete
Unspecified vulnerability in xterm for HP-UX 11.00, 11.11, and 11.23 allows local users to gain privileges via unknown vectors.
8 CVE-2005-3670 DoS 2005-11-18 2011-09-01
7.8
None Remote Low Not required None None Complete
Multiple unspecified vulnerabilities in the Internet Key Exchange version 1 (IKEv1) implementation in HP HP-UX B.11.00, B.11.11, and B.11.23 running IPSec, HP Jetdirect 635n IPv6/IPsec Print Server, and HP Tru64 UNIX 5.1B-3 and 5.1B-2/PK4, allow remote attackers to cause a denial of service via certain IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. NOTE: due to the lack of details in the HP advisory, it is unclear which of CVE-2005-3666, CVE-2005-3667, and/or CVE-2005-3668 this issue applies to.
9 CVE-2005-3565 2005-11-16 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
Unknown vulnerability in remshd daemon in HP-UX B.11.00, B.11.11, and B.11.23 while running in "Trusted Mode" allows remote attackers to gain unauthorized system access via unknown attack vectors.
10 CVE-2005-3564 2005-11-16 2012-12-12
7.2
Admin Local Low Not required Complete Complete Complete
envd daemon in HP-UX B.11.00 through B.11.11 allows local users to obtain privileges via unknown attack vectors.
11 CVE-2005-3476 DoS 2005-11-02 2008-09-05
2.1
None Local Low Not required None None Partial
Unspecified vulnerability in HP OpenVMS Integrity 8.2-1 and 8.2, and OpenVMS Alpha 7.3-2 and 8.2, allows local users to cause a denial of service.
12 CVE-2005-3296 2005-10-23 2008-09-10
10.0
Admin Remote Low Not required Complete Complete Complete
The FTP server in HP-UX 10.20, B.11.00, and B.11.11, allows remote attackers to list arbitrary directories as root by running the LIST command before logging in.
13 CVE-2005-3295 DoS 2005-10-23 2008-09-05
2.1
None Local Low Not required None None Partial
Unspecified vulnerability in HP-UX B.11.23 on Itanium platforms allows local users to cause a denial of service due to a "specific stack size."
14 CVE-2005-3277 Exec Code 2005-10-21 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
The LPD service in HP-UX 10.20 11.11 (11i) and earlier allows remote attackers to execute arbitrary code via shell metacharacters ("`" or single backquote) in a request that is not properly handled when an error occurs, as demonstrated by killing the connection, a different vulnerability than CVE-2002-1473.
15 CVE-2005-2993 DoS 2005-09-20 2011-04-01
1.7
None Local Low Single system None None Partial
Unspecified vulnerability in the FTP Daemon (ftpd) for HP Tru64 UNIX 4.0F PK8 and other versions up to HP Tru64 UNIX 5.1B-3, and HP-UX B.11.00, B.11.04, B.11.11, and B.11.23, allows remote authenticated users to cause a denial of service (hang).
16 CVE-2005-2988 +Info 2005-09-19 2008-09-05
5.0
None Remote Low Not required Partial None None
HP LaserJet 2430, and possibly other printers that use Jetdirect controls, stores information about recently printed documents without proper protection, which could allow remote attackers to obtain sensitive information via SNMP.
17 CVE-2005-2773 Exec Code 2005-09-02 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
HP OpenView Network Node Manager 6.2 through 7.50 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) node parameter to connectedNodes.ovpl, (2) cdpView.ovpl, (3) freeIPaddrs.ovpl, and (4) ecscmg.ovpl.
18 CVE-2005-2552 2005-08-12 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Unknown vulnerability in HP ProLiant DL585 servers running Integrated Lights Out (ILO) firmware before 1.81 allows attackers to access server controls when the server is "powered down."
19 CVE-2005-2076 2005-06-29 2008-09-05
2.1
None Local Low Not required Partial None None
HP Version Control Repository Manager (VCRM) before 2.1.1.730 does not properly handle the "@" character in a proxy password, which could allow attackers with physical access to obtain portions of the password when it is displayed to the screen.
20 CVE-2005-1826 Exec Code Overflow 2005-05-03 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in HP Radia Notify Daemon 3.1.0.0 (formerly by Novadigm), and other versions including 2.x, 3.x, and 4.x, allows remote attackers to execute arbitrary code via a long file extension.
21 CVE-2005-1825 Exec Code Overflow 2005-05-03 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Multiple stack-based buffer overflows in the nvd_exec function in HP Radia Notify Daemon 3.1.2.0 (formerly by Novadigm), and other versions including 2.x, 3.x, and 4.x, allows remote attackers to execute arbitrary code via a command with crafted parameters to a RADEXECD process.
22 CVE-2005-1771 2005-05-31 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Unknown vulnerability in HP-UX trusted systems B.11.00 through B.11.23 allows remote attackers to gain unauthorized access, possibly involving remshd and/or telnet -t.
23 CVE-2005-1434 DoS Exec Code 2005-05-03 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Multiple unknown vulnerabilities in OpenView Network Node Manager (OV NNM) 6.2, 6.4, 7.01, and 7.50 allow attackers to cause a denial of service or execute arbitrary code.
24 CVE-2005-1433 DoS Exec Code 2005-05-03 2008-09-05
4.6
User Local Low Not required Partial Partial Partial
Multiple unknown vulnjerabilities HP OpenView Event Correlation Services (OV ECS) 3.32 and 3.33 allow attackers to cause a denial of service or execute arbitrary code.
25 CVE-2005-1370 Exec Code 2005-05-03 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Unknown vulnerability in Radia Management Agent (RMA) in HP OpenView Radia Management Portal (RMP) 1.x and 2.x allows remote attackers to execute arbitrary commands via unknown vectors.
26 CVE-2005-1192 DoS 2005-05-02 2008-09-10
5.0
None Remote Low Not required None None Partial
Unknown vulnerability in HP-UX B.11.00, B.11.04, B.11.11, B.11.22, and B.11.23, when running TCP/IP on IPv4, allows remote attackers to cause a denial of service via certain packets, related to the PMTU, a different vulnerability than CVE-2004-1060.
27 CVE-2005-1056 DoS 2005-05-02 2008-09-05
5.0
None Remote Low Not required None None Partial
Unknown vulnerability in HP OpenView Network Node Manager (NMM) 6.2 through 6.4, and 7.01 through 7.50, allows remote attackers to cause a denial of service.
28 CVE-2005-0719 DoS 2005-03-09 2008-09-05
2.1
None Local Low Not required None None Partial
Unknown vulnerability in the systems message queue in HP Tru64 Unix 4.0F PK8 through 5.1B-2/PK4 allows local users to cause a denial of service (process crash) for processes such as nfsstat, pfstat, arp, ogated, rarpd, route, sendmail, srconfig, strsetup, trpt, netstat, and xntpd.
29 CVE-2005-0652 2005-05-02 2008-09-05
2.1
None Local Low Not required Partial None None
Unknown vulnerability in HP OpenVMS VAX 7.x and 6.x and OpenVMS Alpha 7.x or 6.x allows local users to access privileged files.
30 CVE-2005-0547 2005-02-24 2009-03-04
4.6
None Local Low Not required Partial Partial Partial
Unknown vulnerability in ftpd on HP-UX B.11.00, B.11.04, B.11.11, B.11.22, and B.11.23 allows remote authenticated users to gain "unauthorized access to files."
31 CVE-2005-0364 DoS 2005-02-10 2009-03-04
5.0
None Remote Low Not required None None Partial
Unknown vulnerability in BIND 9.2.0 in HP-UX B.11.00, B.11.11, and B.11.23 allows remote attackers to cause a denial of service.
32 CVE-2005-0224 DoS 2005-01-31 2008-09-05
5.0
None Remote Low Not required None None Partial
Unknown vulnerability in HP-UX B.11.04 running Virtualvault 4.5 through 4.7, when running the TGA daemon, allows remote attackers to cause a denial of service via certain network traffic.
33 CVE-2004-1029 264 Exec Code 2005-03-01 2011-06-13
9.3
Admin Remote Medium Not required Complete Complete Complete
The Sun Java Plugin capability in Java 2 Runtime Environment (JRE) 1.4.2_01, 1.4.2_04, and possibly earlier versions, does not properly restrict access between Javascript and Java applets during data transfer, which allows remote attackers to load unsafe classes and execute arbitrary code by using the reflection API to access private Java packages.
34 CVE-2004-0993 DoS Exec Code Overflow 2005-01-10 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in hpsockd before 0.6 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code.
35 CVE-2004-0965 Exec Code 2005-02-09 2009-03-04
7.2
Admin Local Low Not required Complete Complete Complete
stmkfont in HP-UX B.11.00 through B.11.23 relies on the user-specified PATH when executing certain commands, which allows local users to execute arbitrary code by modifying the PATH environment variable to point to malicious programs.
36 CVE-2004-0940 119 Exec Code Overflow XSS 2005-02-09 2008-09-10
6.9
Admin Local Medium Not required Complete Complete Complete
Buffer overflow in the get_tag function in mod_include for Apache 1.3.x to 1.3.32 allows local users who can create SSI documents to execute arbitrary code as the apache user via SSI (XSSI) documents that trigger a length calculation error.
Total number of vulnerabilities : 36   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.