CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

HP : Security Vulnerabilities Published In 2011

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2011-4834 264 +Priv 2011-12-14 2011-12-15
4.6
None Local Low Not required Partial Partial Partial
The GetInstalledPackages function in the configuration tool in HP Application Lifestyle Management (ALM) 11 on AIX, HP-UX, and Solaris allows local users to gain privileges via (1) a Trojan horse /tmp/tmp.txt FIFO or (2) a symlink attack on /tmp/tmp.txt.
2 CVE-2011-4169 DoS +Info 2011-12-26 2011-12-27
7.5
None Remote Low Not required Partial Partial Partial
Unspecified vulnerability in HP Managed Printing Administration before 2.6.4 allows remote attackers to obtain sensitive information, modify data, or cause a denial of service via unknown vectors.
3 CVE-2011-4168 22 Dir. Trav. 2011-12-26 2011-12-27
7.5
None Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in hpmpa/jobDelivery/Default.asp in HP Managed Printing Administration before 2.6.4 allows remote attackers to create arbitrary files via crafted form data.
4 CVE-2011-4167 119 Exec Code Overflow 2011-12-26 2011-12-27
7.5
None Remote Low Not required Partial Partial Partial
Stack-based buffer overflow in MPAUploader.dll in HP Managed Printing Administration before 2.6.4 allows remote attackers to execute arbitrary code via a long filename parameter in an uploadfile action to Default.asp.
5 CVE-2011-4166 22 Dir. Trav. 2011-12-26 2011-12-27
7.5
None Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in the MPAUploader.Uploader.1.UploadFiles method in HP Managed Printing Administration before 2.6.4 allows remote attackers to create arbitrary files via crafted form data.
6 CVE-2011-4165 Exec Code 2011-12-29 2012-02-01
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in HP Database Archiving Software 6.31 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1263.
7 CVE-2011-4164 Exec Code 2011-12-29 2012-02-01
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in HP Database Archiving Software 6.31 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1214.
8 CVE-2011-4163 Exec Code 2011-12-29 2012-02-01
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in HP Database Archiving Software 6.31 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1213.
9 CVE-2011-4162 119 DoS Exec Code Overflow Mem. Corr. 2011-12-05 2012-07-21
7.5
None Remote Low Not required Partial Partial Partial
The (1) AddUser, (2) AddUserEx, (3) RemoveUser, (4) RemoveUserByGuide, (5) RemoveUserEx, and (6) RemoveUserRegardless methods in HP Protect Tools Device Access Manager (PTDAM) before 6.1.0.1 allow remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a long SidString argument.
10 CVE-2011-4161 264 Exec Code 2011-12-01 2012-09-17
10.0
None Remote Low Not required Complete Complete Complete
The default configuration of the HP CM8060 Color MFP with Edgeline; Color LaserJet 3xxx, 4xxx, 5550, 9500, CMxxxx, CPxxxx, and Enterprise CPxxxx; Digital Sender 9200c and 9250c; LaserJet 4xxx, 5200, 90xx, Mxxxx, and Pxxxx; and LaserJet Enterprise 500 color M551, 600, M4555 MFP, and P3015 enables the Remote Firmware Update (RFU) setting, which allows remote attackers to execute arbitrary code by using a session on TCP port 9100 to upload a crafted firmware update.
11 CVE-2011-4160 Bypass 2011-11-23 2012-02-16
3.2
None Local Low Single system Partial Partial None
Unspecified vulnerability in HP Operations Agent 11.00 and Performance Agent 4.73 and 5.0 on AIX, HP-UX, Linux, and Solaris allows local users to bypass intended directory-access restrictions via unknown vectors.
12 CVE-2011-4159 +Priv 2011-11-18 2013-11-15
6.8
None Local Low Single system Complete Complete Complete
Unspecified vulnerability in System Administration Manager (SAM) in EMS before A.04.20.11.04_01 on HP HP-UX B.11.11, B.11.23, and B.11.31 allows local users to gain privileges via unknown vectors.
13 CVE-2011-4158 +Info 2011-11-16 2012-02-13
4.0
None Remote Low Single system Partial None None
Unspecified vulnerability in HP Directories Support for ProLiant Management Processors 3.10 and 3.20 for Integrated Lights-Out iLO2 and iLO3 allows remote authenticated users to obtain sensitive information via unknown vectors.
14 CVE-2011-4157 119 Exec Code Overflow 2011-11-16 2011-12-28
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in hydra.exe in HP SAN/iQ before 9.5 on the HP StorageWorks P4000 Virtual SAN Appliance allows remote attackers to execute arbitrary code via a crafted login request.
15 CVE-2011-4156 79 XSS 2011-11-16 2012-02-13
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in HP Network Node Manager i (NNMi) 9.0x and 9.1x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2011-4155.
16 CVE-2011-4155 79 XSS 2011-11-16 2012-02-13
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in HP Network Node Manager i (NNMi) 9.0x and 9.1x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2011-4156.
17 CVE-2011-3169 DoS 2011-11-07 2012-02-14
5.0
None Remote Low Not required None None Partial
Unspecified vulnerability in the SMTP service implementation in HP TCP/IP Services 5.6 and 5.7 for OpenVMS allows remote attackers to cause a denial of service via unknown vectors.
18 CVE-2011-3168 +Info 2011-11-07 2012-02-16
5.0
None Remote Low Not required Partial None None
Unspecified vulnerability in the POP and IMAP service implementations in HP TCP/IP Services 5.6 and 5.7 for OpenVMS allows remote attackers to obtain sensitive information via unknown vectors.
19 CVE-2011-3167 Exec Code 2011-11-02 2012-02-14
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1210.
20 CVE-2011-3166 Exec Code 2011-11-02 2012-02-14
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1209.
21 CVE-2011-3165 Exec Code 2011-11-02 2012-02-14
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1208.
22 CVE-2011-3164 +Priv 2011-11-04 2013-11-15
6.8
None Local Low Single system Complete Complete Complete
Unspecified vulnerability in HP-UX Containers (formerly HP-UX Secure Resource Partitions (SRP)) A.03.00, A.03.00.002, and A.03.01, when running with patch PHKL_42310, allows local users to gain privileges via unknown vectors.
23 CVE-2011-3163 200 +Info 2011-10-23 2012-02-13
1.2
None Local High Not required Partial None None
HP MFP Digital Sending Software 4.9x through 4.91.21 allows local users to obtain sensitive workflow-metadata information via unspecified vectors.
24 CVE-2011-3162 Exec Code 2011-10-19 2012-05-14
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in HP Data Protector Notebook Extension 6.20 and Data Protector for Personal Computers 7.0 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1296.
25 CVE-2011-3161 Exec Code 2011-10-19 2012-05-14
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in HP Data Protector Notebook Extension 6.20 and Data Protector for Personal Computers 7.0 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1229.
26 CVE-2011-3160 Exec Code 2011-10-19 2012-05-14
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in HP Data Protector Notebook Extension 6.20 and Data Protector for Personal Computers 7.0 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1228.
27 CVE-2011-3159 Exec Code 2011-10-19 2012-05-14
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in HP Data Protector Notebook Extension 6.20 and Data Protector for Personal Computers 7.0 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1227.
28 CVE-2011-3158 Exec Code 2011-10-19 2012-05-14
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in HP Data Protector Notebook Extension 6.20 and Data Protector for Personal Computers 7.0 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1226.
29 CVE-2011-3157 Exec Code 2011-10-19 2012-05-14
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in HP Data Protector Notebook Extension 6.20 and Data Protector for Personal Computers 7.0 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1225.
30 CVE-2011-3156 Exec Code 2011-10-19 2012-05-14
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in HP Data Protector Notebook Extension 6.20 and Data Protector for Personal Computers 7.0 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1222.
31 CVE-2011-3155 Bypass 2011-10-11 2012-02-13
6.4
None Remote Low Not required Partial Partial None
Unspecified vulnerability in HP Onboard Administrator (OA) 3.21 through 3.31 allows remote attackers to bypass intended access restrictions via unknown vectors.
32 CVE-2011-2779 264 2011-07-19 2011-08-10
3.6
None Local Low Not required None Partial Partial
Windows Event Log SmartConnector in HP ArcSight Connector Appliance before 6.1 uses world-writable permissions for exported report files, which allows local users to change or delete log data by modifying a file, a different vulnerability than CVE-2011-0770.
33 CVE-2011-2697 20 Exec Code 2011-07-29 2013-05-29
6.8
None Remote Medium Not required Partial Partial Partial
foomatic-rip-hplip in HP Linux Imaging and Printing (HPLIP) 3.11.5 allows remote attackers to execute arbitrary code via a crafted *FoomaticRIPCommandLine field in a .ppd file.
34 CVE-2011-2608 20 2011-07-01 2011-08-25
6.4
None Remote Low Not required None Partial Partial
ovbbccb.exe 6.20.50.0 and other versions in HP OpenView Performance Agent 4.70 and 5.0; and Operations Agent 11.0, 8.60.005, 8.60.006, 8.60.007, 8.60.008, 8.60.501, and 8.53; allows remote attackers to delete arbitrary files via a full pathname in the File field in a Register command.
35 CVE-2011-2412 Exec Code 2011-09-21 2012-02-13
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in HP Business Service Automation (BSA) Essentials 2.01 allows remote attackers to execute arbitrary code via unknown vectors.
36 CVE-2011-2411 Exec Code 2011-10-02 2012-05-18
9.0
None Remote Low Single system Complete Complete Complete
Unspecified vulnerability on HP NonStop Servers with software H06.x through H06.23.00 and J06.x through J06.12.00, when Samba is used, allows remote authenticated users to execute arbitrary code via unknown vectors.
37 CVE-2011-2410 79 XSS 2011-08-19 2011-08-29
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in HP OpenView Performance Insight 5.3, 5.31, 5.4, 5.41, 5.41.001, and 5.41.002 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
38 CVE-2011-2409 79 XSS 2011-08-11 2011-08-29
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the Calendar application in HP Palm webOS 3.x before 3.0.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
39 CVE-2011-2408 79 XSS 2011-08-11 2011-08-29
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the Contacts application in HP Palm webOS 3.x before 3.0.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
40 CVE-2011-2407 2011-08-11 2011-09-21
6.4
None Remote Low Not required Partial Partial None
Unspecified vulnerability in HP OpenView Performance Insight 5.3, 5.31, 5.4, 5.41, 5.41.001, and 5.41.002 allows remote attackers to obtain access via unknown vectors.
41 CVE-2011-2406 79 XSS 2011-08-11 2011-09-21
3.5
None Remote Medium Single system None Partial None
Cross-site scripting (XSS) vulnerability in HP OpenView Performance Insight 5.3, 5.31, 5.4, 5.41, 5.41.001, and 5.41.002 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
42 CVE-2011-2405 20 DoS 2011-08-11 2011-08-29
7.8
None Remote Low Not required None None Complete
The HP ProLiant SL Advanced Power Manager (SL-APM) with firmware before 1.20 does not properly validate users, which allows remote attackers to cause a denial of service via unspecified vectors.
43 CVE-2011-2404 94 2011-08-11 2012-01-13
7.5
None Remote Low Not required Partial Partial Partial
A certain ActiveX control in HPTicketMgr.dll in HP Easy Printer Care Software 2.5 and earlier allows remote attackers to download an arbitrary program onto a client machine, and execute this program, via unspecified vectors, a different vulnerability than CVE-2011-4786 and CVE-2011-4787.
44 CVE-2011-2403 89 Exec Code Sql 2011-08-01 2011-09-21
6.5
None Remote Low Single system Partial Partial Partial
SQL injection vulnerability in HP Network Automation 7.2x, 7.5x, 7.6x, 9.0, and 9.10 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
45 CVE-2011-2402 79 XSS 2011-08-01 2011-09-21
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in HP Network Automation 7.2x, 7.5x, 7.6x, 9.0, and 9.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
46 CVE-2011-2401 2011-07-29 2011-09-06
8.3
None Remote Medium Not required Complete Partial Partial
Session fixation vulnerability in HP SiteScope 9.x, 10.x, and 11.x allows remote attackers to hijack web sessions via unspecified vectors.
47 CVE-2011-2400 79 XSS 2011-07-29 2011-09-06
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in HP SiteScope 9.x, 10.x, and 11.x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
48 CVE-2011-2399 DoS 2011-08-01 2011-09-21
7.8
None Remote Low Not required None None Complete
Unspecified vulnerability in the Media Management Daemon (mmd) in HP Data Protector 6.11 and earlier allows remote attackers to cause a denial of service via unknown vectors.
49 CVE-2011-2398 DoS +Priv 2011-07-11 2011-09-21
6.8
None Local Low Single system Complete Complete Complete
Unspecified vulnerability in the dynamic loader in HP HP-UX B.11.11, B.11.23, and B.11.31 allows local users to gain privileges or cause a denial of service via unknown vectors.
50 CVE-2011-2331 189 Exec Code Overflow 2011-06-02 2011-09-06
10.0
None Remote Low Not required Complete Complete Complete
Integer overflow in img.exe in HP Intelligent Management Center (IMC) allows remote attackers to execute arbitrary code via a crafted length value in an a packet that triggers a heap-based buffer overflow, possibly related to an "recv" field.
Total number of vulnerabilities : 143   Page : 1 (This Page)2 3
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.