CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

HP : Security Vulnerabilities Published In 2008

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2008-5417 264 Bypass 2008-12-10 2011-01-05
2.1
None Local Low Not required None Partial None
HP DECnet-Plus 8.3 before ECO03 for OpenVMS on the Alpha platform uses world-writable permissions for the OSIT$NAMES logical name table, which allows local users to bypass intended access restrictions and modify this table via the (1) SYS$CRELNM and (2) SYS$DELLNM system services.
2 CVE-2008-5120 119 Exec Code Overflow 2008-11-17 2009-01-29
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in the Process Software MultiNet finger service (aka FINGERD) for HP OpenVMS 8.3 allows remote attackers to execute arbitrary code via a long request string.
3 CVE-2008-4418 DoS 2008-12-11 2009-01-29
7.8
None Remote Low Not required None None Complete
Unspecified vulnerability in DCE in HP HP-UX B.11.11, B.11.23, and B.11.31 allows remote attackers to cause a denial of service via unknown vectors.
4 CVE-2008-4416 DoS 2008-12-04 2009-03-04
4.6
None Local Low Single system None None Complete
Unspecified vulnerability in the kernel in HP HP-UX B.11.31 allows local users to cause a denial of service via unknown vectors.
5 CVE-2008-4415 264 Exec Code 2008-11-17 2012-10-30
9.0
None Remote Low Single system Complete Complete Complete
Unspecified vulnerability in HP Service Manager (HPSM) before 7.01.71 allows remote authenticated users to execute arbitrary code via unknown vectors.
6 CVE-2008-4414 264 +Priv 2008-11-07 2009-01-29
7.2
None Local Low Not required Complete Complete Complete
Unspecified vulnerability in the AdvFS showfile command in HP Tru64 UNIX 5.1B-3 and 5.1B-4 allows local users to gain privileges via unspecified vectors.
7 CVE-2008-4413 264 2008-11-04 2009-03-03
6.2
None Local Low Single system Complete Complete None
Unspecified vulnerability in HP System Management Homepage (SMH) 2.2.6 and earlier on HP-UX B.11.11 and B.11.23, and SMH 2.2.6 and 2.2.8 and earlier on HP-UX B.11.23 and B.11.31, allows local users to gain "unauthorized access" via unknown vectors, possibly related to temporary file permissions.
8 CVE-2008-4412 200 +Info 2008-10-17 2009-07-22
5.0
None Remote Low Not required Partial None None
Unspecified vulnerability in HP Systems Insight Manager (SIM) before 5.2 Update 2 (C.05.02.02.00) allows remote attackers to obtain sensitive information via unspecified vectors.
9 CVE-2008-4411 79 XSS 2008-10-13 2009-02-05
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in HP System Management Homepage (SMH) before 2.1.15.210 on Linux and Windows allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2008-1663.
10 CVE-2008-4052 119 DoS Overflow +Priv 2008-09-11 2009-03-18
7.2
Admin Local Low Not required Complete Complete Complete
Stack-based buffer overflow in SMGSHR.EXE in OpenVMS for Integrity Servers 8.2-1, 8.3, and 8.3-1H1 and OpenVMS ALPHA 7.3-2, 8.2, and 8.3 allows local users to cause a denial of service (crash) or gain privileges via unspecified vectors.
11 CVE-2008-3947 20 +Priv 2008-09-05 2008-10-07
7.2
None Local Low Not required Complete Complete Complete
DCL (aka the CLI) in OpenVMS Alpha 8.3 allows local users to gain privileges via a long command line.
12 CVE-2008-3946 59 2008-09-05 2008-09-24
4.9
None Local Low Not required Complete None None
The finger client in HP TCP/IP Services for OpenVMS 5.x allows local users to read arbitrary files via a link corresponding to a (1) .plan or (2) .project file.
13 CVE-2008-3940 134 +Priv 2008-09-05 2009-03-18
4.4
User Local Medium Not required Partial Partial Partial
Format string vulnerability in the finger client in HP TCP/IP Services for OpenVMS 5.x allows local users to gain privileges via format string specifiers in a (1) .plan or (2) .project file.
14 CVE-2008-3902 200 +Info 2008-09-03 2009-01-29
2.1
None Local Low Not required Partial None None
HP firmware 68DTT F.0D stores pre-boot authentication passwords in the BIOS Keyboard buffer and does not clear this buffer after use, which allows local users to obtain sensitive information by reading the physical memory locations associated with this buffer, aka SSRT080104.
15 CVE-2008-3545 DoS 2008-10-13 2009-01-29
7.8
None Remote Low Not required None None Complete
Unspecified vulnerability in ovtopmd in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to cause a denial of service via unknown vectors, a different vulnerability than CVE-2008-3536, CVE-2008-3537, and CVE-2008-3544. NOTE: due to insufficient details from the vendor, it is not clear whether this is the same as CVE-2008-1853.
16 CVE-2008-3544 119 Exec Code Overflow 2008-10-13 2013-08-19
9.0
None Remote Low Not required Partial Partial Complete
Multiple stack-based buffer overflows in ovalarmsrv in HP OpenView Network Node Manager (OV NNM) 7.51, and possibly 7.01, 7.50, and 7.53, allow remote attackers to execute arbitrary code via a long (1) REQUEST_SEV_CHANGE (aka number 47), (2) REQUEST_SAVE_STATE (aka number 61), or (3) REQUEST_RESTORE_STATE (aka number 62) request to TCP port 2954.
17 CVE-2008-3543 DoS 2008-10-07 2008-10-11
7.8
None Remote Low Not required None None Complete
Unspecified vulnerability in NFS / ONCplus B.11.31_04 and earlier on HP-UX B.11.31 allows remote attackers to cause a denial of service via unknown attack vectors.
18 CVE-2008-3542 264 2008-10-02 2009-02-20
7.8
None Remote Low Not required Complete None None
Unspecified vulnerability in HP Insight Diagnostics before 7.9.1.2402 allows remote attackers to read arbitrary files via unknown vectors.
19 CVE-2008-3539 200 +Info 2008-09-10 2009-01-29
2.1
None Local Low Not required Partial None None
Unspecified vulnerability in HP OpenView Select Identity (HPSI) Connectors on Windows, as used in HPSI Active Directory Connector 2.30 and earlier, HPSI SunOne Connector 1.14 and earlier, HPSI eDirectory Connector 1.12 and earlier, HPSI eTrust Connector 1.02 and earlier, HPSI OID Connector 1.02 and earlier, HPSI IBM Tivoli Dir Connector 1.02 and earlier, HPSI TOPSecret Connector 2.22.001 and earlier, HPSI RACF Connector 1.12.001 and earlier, HPSI ACF2 Connector 1.02 and earlier, HPSI OpenLDAP Connector 1.02 and earlier, and HPSI BiDir DirX Connector 1.00.003 and earlier, allows local users to obtain sensitive information via unknown vectors.
20 CVE-2008-3538 Exec Code 2008-09-02 2011-10-11
9.0
None Remote Low Single system Complete Complete Complete
Unspecified vulnerability in HP Enterprise Discovery 2.0 through 2.52 on Windows allows remote authenticated users to execute arbitrary code via unknown vectors. NOTE: the initial description of this CVE was inadvertently associated with libxml2, but it should be for HP Enterprise Discovery.
21 CVE-2008-3537 DoS 2008-09-03 2009-01-29
7.8
None Remote Low Not required None None Complete
Unspecified vulnerability in ovalarmsrv in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to cause a denial of service via unknown vectors, a different vulnerability than CVE-2008-3536.
22 CVE-2008-3536 DoS 2008-09-03 2009-01-29
7.8
None Remote Low Not required None None Complete
Unspecified vulnerability in ovalarmsrv in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to cause a denial of service via unknown vectors, a different vulnerability than CVE-2008-3537.
23 CVE-2008-2941 20 DoS 2008-08-14 2012-10-30
4.9
None Local Low Not required None None Complete
The hpssd message parser in hpssd.py in HP Linux Imaging and Printing (HPLIP) 1.6.7 allows local users to cause a denial of service (process stop) via a crafted packet, as demonstrated by sending "msg=0" to TCP port 2207.
24 CVE-2008-2940 264 +Priv 2008-08-14 2012-10-30
7.2
None Local Low Not required Complete Complete Complete
The alert-mailing implementation in HP Linux Imaging and Printing (HPLIP) 1.6.7 allows local users to gain privileges and send e-mail messages from the root account via vectors related to the setalerts message, and lack of validation of the device URI associated with an event message.
25 CVE-2008-2390 94 1 Exec Code 2008-05-21 2012-10-29
6.8
User Remote Medium Not required Partial Partial Partial
Hpufunction.dll 4.0.0.1 in HP Software Update exposes the unsafe (1) ExecuteAsync and (2) Execute methods, which allows remote attackers to execute arbitrary code via an absolute pathname in the first argument.
26 CVE-2008-1853 399 DoS 2008-04-16 2012-10-29
4.3
None Remote Medium Not required None None Partial
The ovtopmd service in HP OpenView Network Node Manager (OV NNM) 7.51, 7.53, and possibly other versions allows remote attackers to cause a denial of service (exit) by sending a 0x36 packet (exit request).
27 CVE-2008-1852 399 DoS 2008-04-16 2012-10-29
7.8
None Remote Low Not required None None Complete
ovalarmsrv in HP OpenView Network Node Manager (OV NNM) 7.51, 7.53, and possibly other versions allows remote attackers to cause a denial of service (crash) via certain requests that specify a large number of sub-arguments, which triggers a NULL pointer dereference due to memory allocation failure.
28 CVE-2008-1851 399 DoS 2008-04-16 2012-10-29
5.0
None Remote Low Not required None None Partial
ovalarmsrv in HP OpenView Network Node Manager (OV NNM) 7.51, 7.53, and possibly other versions allows remote attackers to cause a denial of service (hang) via certain requests that do not provide all required arguments.
29 CVE-2008-1842 189 DoS Exec Code Overflow 2008-04-16 2011-10-11
10.0
None Remote Low Not required Complete Complete Complete
Integer signedness error in ovspmd.exe in HP OpenView Network Node Manager (OV NNM) 8.01, and 7.53 and earlier, allows remote attackers to cause a denial of service (daemon crash) or execute arbitrary code via a long request to TCP port 8886 that begins with a certain negative integer, which passes a signed comparison and triggers a heap-based buffer overflow.
30 CVE-2008-1697 119 1 Exec Code Overflow 2008-04-08 2011-08-02
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in ovwparser.dll in HP OpenView Network Node Manager (OV NNM) 7.53, 7.51, and earlier allows remote attackers to execute arbitrary code via a long URI in an HTTP request processed by ovas.exe, as demonstrated by a certain topology/homeBaseView request. NOTE: some of these details are obtained from third party information.
31 CVE-2008-1668 264 +Priv 2008-08-13 2013-07-17
10.0
None Remote Low Not required Complete Complete Complete
ftpd.c in (1) wu-ftpd 2.4.2 and (2) ftpd in HP HP-UX B.11.11 assigns uid 0 to the FTP client in certain operating-system misconfigurations in which PAM authentication can succeed even though no passwd entry is available for a user, which allows remote attackers to gain privileges, as demonstrated by a login attempt for an LDAP account when nsswitch.conf does not specify LDAP for passwd information.
32 CVE-2008-1667 189 2008-07-29 2009-01-29
7.8
None Remote Low Not required None None Complete
The Probe Builder Service (aka PBOVISServer.exe) in European Performance Systems (EPS) Probe Builder 2.2 before A.02.20.901, as used in HP OpenView Internet Services (OVIS) on Windows, allows remote attackers to kill arbitrary processes via a process ID number in an unspecified opcode.
33 CVE-2008-1666 2008-07-17 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in HP Oracle for OpenView (OfO) 8.1.7, 9.1.01, 9.2, 9.2.0, 10g, and 10gR2 has unknown impact and attack vectors, possibly related to the July 2008 Oracle Critical Patch Update.
34 CVE-2008-1665 Exec Code 2008-07-17 2008-09-10
9.0
None Remote Low Single system Complete Complete Complete
Multiple unspecified vulnerabilities in HP Select Identity (HPSI) Active Directory Bidirectional LDAP Connector 2.20, 2.20.001, 2.20.002, and 2.30 allow remote attackers to execute arbitrary code via unspecified vectors.
35 CVE-2008-1664 DoS 2008-08-08 2009-03-04
7.8
None Remote Low Not required None None Complete
Unspecified vulnerability in libc on HP HP-UX B.11.23 and B.11.31 allows remote attackers to cause a denial of service via unknown vectors.
36 CVE-2008-1663 79 XSS 2008-07-08 2009-02-21
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in HP System Management Homepage (SMH) 2.1.10 and 2.1.11 on Linux and Windows allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
37 CVE-2008-1662 16 2008-08-01 2009-03-04
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the HP System Administration Manager (SAM) on HP-UX B.11.11 and B.11.23, when used to configure NFS, might allow remote attackers to read or modify arbitrary files, related to an "empty systems list."
38 CVE-2008-1661 119 Exec Code Overflow 2008-06-04 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in DoubleTake.exe in HP StorageWorks Storage Mirroring (SWSM) before 4.5 SP2 allows remote attackers to execute arbitrary code via a crafted encoded authentication request.
39 CVE-2008-1660 2008-05-21 2009-03-04
6.3
None Local Medium Not required Complete Complete None
Unspecified vulnerability in useradd on HP-UX B.11.11, B.11.23, and B.11.31 allows local users to access arbitrary files and directories via unspecified vectors.
40 CVE-2008-1659 +Priv 2008-05-07 2009-03-04
7.2
Admin Local Low Not required Complete Complete Complete
Unspecified vulnerability in HP LDAP-UX vB.04.10 through vB.04.15 allows local users to gain privileges via unknown vectors.
41 CVE-2008-0979 399 DoS 2008-02-25 2008-09-05
5.0
None Remote Low Not required None None Partial
Stack consumption vulnerability in Double-Take 5.0.0.2865 and earlier, distributed under the HP StorageWorks Storage Mirroring name and other names, allows remote attackers to cause a denial of service (daemon crash) via a certain packet that triggers the recursive calling of a function.
42 CVE-2008-0976 399 DoS 2008-02-25 2008-09-05
5.0
None Remote Low Not required None None Partial
Double-Take 5.0.0.2865 and earlier, distributed under the HP StorageWorks Storage Mirroring name and other names, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a malformed packet, as demonstrated by a packet of type (1) 0x2722 or (2) 0x272a.
43 CVE-2008-0974 399 DoS 2008-02-25 2008-09-05
5.0
None Remote Low Not required None None Partial
Double-Take 5.0.0.2865 and earlier, distributed under the HP StorageWorks Storage Mirroring name and other names, allows remote attackers to cause a denial of service (daemon termination) via (1) a large vector<T> value, which raises a "vector<T> too long" exception; or (2) a certain packet that raises an ospace/time/src\date.cpp exception.
44 CVE-2008-0953 2008-06-04 2009-02-10
10.0
Admin Remote Low Not required Complete Complete Complete
The StartApp function in the HPISDataManagerLib.Datamgr ActiveX control in HPISDataManager.dll in HP Instant Support before 1.0.0.24 allows remote attackers to execute arbitrary programs via a .exe filename in the argument, a different vulnerability than CVE-2007-5608 and CVE-2008-0953.
45 CVE-2008-0952 2008-06-04 2009-02-10
9.3
None Remote Medium Not required Complete Complete Complete
The AppendStringToFile function in the HPISDataManagerLib.Datamgr ActiveX control in HPISDataManager.dll in HP Instant Support before 1.0.0.24 allows remote attackers to create files with arbitrary content via a full pathname in the first argument and the content in the second argument, a different vulnerability than CVE-2007-5608 and CVE-2008-0953.
46 CVE-2008-0713 DoS 2008-05-13 2009-03-04
6.8
None Remote Low Single system None None Complete
Unspecified vulnerability in the FTP server for HP-UX B.11.11, B.11.23, and B.11.31 allows remote authenticated users to cause a denial of service (FTP server outage) via unknown attack vectors.
47 CVE-2008-0712 Exec Code +Info 2008-04-25 2008-11-15
6.8
User Remote Medium Not required Partial Partial Partial
Unspecified vulnerability in the HP HPeDiag (aka eSupportDiagnostics) ActiveX control in hpediag.dll in HP Software Update 4.000.009.002 and earlier allows remote attackers to execute arbitrary code or obtain sensitive information via unspecified vectors. NOTE: this might overlap CVE-2007-6513.
48 CVE-2008-0711 DoS 2008-04-08 2012-10-29
7.8
None Remote Low Not required None None Complete
Unspecified vulnerability in the embedded management console in HP iLO-2 Management Processors (iLO-2 MP), as used in Integrity Servers rx2660, rx3600, and rx6600, and Integrity Blade Server model bl860c, allows remote attackers to cause a denial of service via unknown vectors.
49 CVE-2008-0709 264 2008-04-07 2012-10-29
5.5
None Remote Low Single system Partial Partial None
Multiple unspecified vulnerabilities in HP Select Identity 4.00, 4.01, 4.11, 4.12, 4.13, and 4.20 allow remote authenticated users to access other user accounts via unknown vectors, a different issue than CVE-2008-0214.
50 CVE-2008-0708 2008-04-06 2008-09-05
4.6
User Local Low Not required Partial Partial Partial
HP USB 2.0 Floppy Drive Key product options (1) 442084-B21 and (2) 442085-B21 for certain HP ProLiant servers contain the (a) W32.Fakerecy and (b) W32.SillyFDC worms, which might be launched if the server does not have up-to-date detection.
Total number of vulnerabilities : 68   Page : 1 (This Page)2
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.