CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

HP : Security Vulnerabilities Published In 2012

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2012-4362 255 2 2012-08-20 2012-08-21
4.0
None Remote Low Single system None Partial None
hydra.exe in HP SAN/iQ before 9.5 on the HP Virtual SAN Appliance has a hardcoded password of L0CAlu53R for the global$agent account, which allows remote attackers to obtain access to a management service via a login: request to TCP port 13838.
2 CVE-2012-4361 78 2 Exec Code 2012-08-20 2012-08-21
7.7
None Local Network Low Single system Complete Complete Complete
lhn/public/network/ping in HP SAN/iQ before 9.5 on the HP Virtual SAN Appliance allows remote authenticated users to execute arbitrary commands via shell metacharacters in the second parameter.
3 CVE-2012-3277 DoS 2012-12-13 2012-12-13
5.0
None Remote Low Not required None None Partial
HP OpenVMS 8.3, 8.3-1H1, and 8.4 on the Itanium platform and 7.3-2, 8.2, 8.3, and 8.4 on the Alpha platform does not properly implement the LOGIN and ACME_SERVER ACMELOGIN programs, which allows remote attackers to cause a denial of service via unspecified vectors.
4 CVE-2012-3276 16 DoS 2012-12-13 2012-12-17
2.1
None Local Low Not required None None Partial
HP OpenVMS 8.3, 8.3-1H1, and 8.4 on the Itanium platform and 7.3-2, 8.2, 8.3, and 8.4 on the Alpha platform does not properly implement the LOGIN and ACME_SERVER ACMELOGIN programs, which allows local users to cause a denial of service via unspecified vectors.
5 CVE-2012-3275 Exec Code 2012-12-06 2013-03-13
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in HP Network Node Manager i (NNMi) 9.1x and 9.20 allows remote attackers to execute arbitrary code via unknown vectors.
6 CVE-2012-3274 119 Exec Code Overflow 2012-12-06 2012-12-26
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in uam.exe in the User Access Manager (UAM) component in HP Intelligent Management Center (IMC) before 5.1 E0101P01 allows remote attackers to execute arbitrary code via vectors related to log data.
7 CVE-2012-3273 +Info 2012-12-06 2013-03-13
5.0
None Remote Low Not required Partial None None
Multiple unspecified vulnerabilities on the HP LaserJet Pro 400 MFP M425 with firmware 20120625 and LaserJet 400 M401 with firmware 20120621 allow remote attackers to obtain sensitive information via unknown vectors.
8 CVE-2012-3272 79 XSS 2012-12-06 2013-01-08
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability on the HP Color LaserJet CM3530 with firmware before 53.190.9, Color LaserJet CM60xx with firmware before 52.210.9, Color LaserJet CP3525 with firmware before 06.140.3 18, Color LaserJet CP4xxx with firmware before 07.120.6, Color LaserJet CP6015 with firmware before 04.160.3, LaserJet P3015 with firmware before 07.140.3, and LaserJet P4xxx with firmware before 04.170.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
9 CVE-2012-3271 +Info 2012-11-29 2013-04-18
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability on the HP Integrated Lights-Out 3 (aka iLO3) with firmware before 1.50 and Integrated Lights-Out 4 (aka iLO4) with firmware before 1.13 allows remote attackers to obtain sensitive information via unknown vectors.
10 CVE-2012-3270 DoS +Info 2012-11-07 2013-06-25
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in HP Performance Insight 5.31, 5.40, and 5.41, when Sybase is used, allows remote attackers to obtain sensitive information, modify data, or cause a denial of service via unknown vectors, a different vulnerability than CVE-2012-3269.
11 CVE-2012-3269 DoS +Info 2012-11-07 2013-06-25
7.5
None Remote Low Not required Partial Partial Partial
Unspecified vulnerability in HP Performance Insight 5.31, 5.40, and 5.41, when Sybase is used, allows remote attackers to obtain sensitive information, modify data, or cause a denial of service via unknown vectors, a different vulnerability than CVE-2012-3270.
12 CVE-2012-3267 +Info 2012-10-04 2013-06-04
5.0
None Remote Low Not required Partial None None
Unspecified vulnerability in HP Network Node Manager i (NNMi) 9.20 allows remote attackers to obtain sensitive information via unknown vectors.
13 CVE-2012-3266 +Info 2012-10-02 2012-10-03
5.0
None Remote Low Not required Partial None None
Unspecified vulnerability in IBRIX 6.1.196 through 6.1.251 on HP IBRIX X9000 Storage allows remote attackers to obtain sensitive information via unknown vectors.
14 CVE-2012-3264 Exec Code 2012-09-25 2012-09-25
7.5
None Remote Low Not required Partial Partial Partial
Unspecified vulnerability in a SOAP feature in HP SiteScope 11.10 through 11.12 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1472.
15 CVE-2012-3263 Exec Code 2012-09-25 2012-09-25
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in a SOAP feature in HP SiteScope 11.10 through 11.12 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1465.
16 CVE-2012-3262 Exec Code 2012-09-25 2012-09-25
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in a SOAP feature in HP SiteScope 11.10 through 11.12 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1464.
17 CVE-2012-3261 Exec Code 2012-09-25 2012-09-25
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in a SOAP feature in HP SiteScope 11.10 through 11.12 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1463.
18 CVE-2012-3260 Exec Code 2012-09-25 2012-09-25
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in a SOAP feature in HP SiteScope 11.10 through 11.12 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1462.
19 CVE-2012-3259 Exec Code 2012-09-25 2013-01-24
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in a SOAP feature in HP SiteScope 11.10 through 11.12 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1461.
20 CVE-2012-3258 Exec Code 2012-09-19 2013-03-21
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in HP Operations Orchestration 9.0 before 9.03 allows remote attackers to execute arbitrary code via unknown vectors.
21 CVE-2012-3257 2012-09-08 2013-03-21
4.6
None Remote High Single system Partial Partial Partial
HP Business Availability Center (BAC) 8.07 allows remote authenticated users to hijack web sessions via unspecified vectors.
22 CVE-2012-3256 352 CSRF 2012-09-08 2013-03-21
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in HP Business Availability Center (BAC) 8.07 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
23 CVE-2012-3255 79 XSS 2012-09-08 2013-03-21
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in HP Business Availability Center (BAC) 8.07 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
24 CVE-2012-3254 Exec Code Overflow 2012-08-30 2012-08-31
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in HP iNode Management Center before iNode PC 5.1 E0304 allow remote attackers to execute arbitrary code via crafted input, as demonstrated by a stack-based buffer overflow in iNodeMngChecker.exe for a crafted 0x0A0BF007 packet.
25 CVE-2012-3253 Exec Code Overflow 2012-08-30 2012-08-30
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in HP Intelligent Management Center (IMC) before 5.0 E0101P05 allow remote attackers to execute arbitrary code via crafted input, as demonstrated by an integer overflow and heap-based buffer overflow in img.exe for a crafted message packet.
26 CVE-2012-3252 DoS 2012-08-20 2013-02-02
7.8
None Remote Low Not required None None Complete
Unspecified vulnerability in HP Serviceguard A.11.19 and A.11.20 allows remote attackers to cause a denial of service via unknown vectors.
27 CVE-2012-3251 79 XSS 2012-08-16 2012-08-29
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in HP Service Manager Web Tier 7.11, 9.21, and 9.30, and HP Service Center Web Tier 6.28, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
28 CVE-2012-3250 DoS 2012-08-16 2012-08-29
5.0
None Remote Low Not required None None Partial
Unspecified vulnerability in HP Service Manager Server 7.11, 9.21, and 9.30, and HP Service Center Server 6.28, allows remote attackers to cause a denial of service via unknown vectors.
29 CVE-2012-3249 200 +Info 2012-08-16 2012-08-16
4.0
None Remote Low Single system Partial None None
HP Fortify Software Security Center 3.1, 3.3, 3.4, and 3.5 allows remote authenticated users to obtain sensitive information via unspecified vectors.
30 CVE-2012-3248 200 +Info 2012-08-16 2013-03-21
5.0
None Remote Low Not required Partial None None
HP Fortify Software Security Center 3.1, 3.3, 3.4, and 3.5 allows remote attackers to obtain sensitive information via unspecified vectors.
31 CVE-2012-3247 DoS 2012-08-16 2013-03-21
4.9
None Local Low Not required None None Complete
Unspecified vulnerability on the HP Integrity Server BL860c i2, BL870c i2, and BL890c i2 with firmware before 26.31 and the HP Integrity Server rx2800 i2 with firmware before 26.30 allows local users to cause a denial of service via unknown vectors.
32 CVE-2012-2986 78 Exec Code 2012-08-20 2012-08-21
7.7
None Local Network Low Single system Complete Complete Complete
lhn/public/network/ping in HP SAN/iQ 9.5 on the HP Virtual SAN Appliance allows remote authenticated users to execute arbitrary commands via shell metacharacters in the (1) first, (2) third, or (3) fourth parameter. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-4361.
33 CVE-2012-2960 79 XSS 2012-08-08 2013-02-19
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the import functionality in HP ArcSight Connector appliance 6.2.0.6244.0 and ArcSight Logger appliance 5.2.0.6288.0 allows remote attackers to inject arbitrary web script or HTML via a crafted file.
34 CVE-2012-2561 264 Exec Code 2012-05-21 2013-05-24
10.0
None Remote Low Not required Complete Complete Complete
HP Business Service Management (BSM) 9.12 does not properly restrict the uploading of .war files, which allows remote attackers to execute arbitrary JSP code within the JBOSS Application Server component via a crafted request to TCP port 1098, 1099, or 4444.
35 CVE-2012-2022 79 XSS 2012-08-07 2012-08-08
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in HP Network Node Manager i (NNMi) 8.x, 9.0x, 9.1x, and 9.20 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
36 CVE-2012-2021 79 XSS 2012-07-16 2012-07-26
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in HP AssetManager 5.20, 5.21, 5.22, and 9.30 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
37 CVE-2012-2020 Exec Code 2012-07-11 2012-07-17
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in HP Operations Agent before 11.03.12 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1326.
38 CVE-2012-2019 Exec Code 2012-07-11 2012-07-17
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in HP Operations Agent before 11.03.12 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1325.
39 CVE-2012-2018 79 XSS 2012-07-05 2013-03-21
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in HP Network Node Manager i (NNMi) 8.x, 9.0x, and 9.1x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
40 CVE-2012-2017 DoS 2012-06-30 2013-03-21
7.8
None Remote Low Not required None None Complete
Unspecified vulnerability on HP Photosmart Wireless e-All-in-One B110, e-All-in-One D110, Plus e-All-in-One B210, eStation All-in-One C510, Ink Advantage e-All-in-One K510, and Premium Fax e-All-in-One C410 printers allows remote attackers to cause a denial of service via unknown vectors.
41 CVE-2012-2016 +Info 2012-06-29 2012-07-02
4.9
None Local Low Not required Complete None None
Unspecified vulnerability in HP System Management Homepage (SMH) before 7.1.1 allows local users to obtain sensitive information via unknown vectors.
42 CVE-2012-2015 +Priv +Info 2012-06-29 2012-07-02
9.0
None Remote Low Single system Complete Complete Complete
Unspecified vulnerability in HP System Management Homepage (SMH) before 7.1.1 allows remote authenticated users to gain privileges and obtain sensitive information via unknown vectors.
43 CVE-2012-2014 2012-06-29 2012-07-02
9.0
None Remote Low Single system Complete Complete Complete
HP System Management Homepage (SMH) before 7.1.1 does not properly validate input, which allows remote authenticated users to have an unspecified impact via unknown vectors.
44 CVE-2012-2013 DoS +Info 2012-06-29 2012-07-02
7.5
None Remote Low Not required Partial Partial Partial
Unspecified vulnerability in HP System Management Homepage (SMH) before 7.1.1 allows remote attackers to cause a denial of service, or possibly obtain sensitive information or modify data, via unknown vectors.
45 CVE-2012-2012 2012-06-29 2012-07-02
10.0
None Remote Low Not required Complete Complete Complete
HP System Management Homepage (SMH) before 7.1.1 does not have an off autocomplete attribute for unspecified form fields, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation.
46 CVE-2012-2011 79 XSS 2012-06-13 2013-03-21
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in HP Web Jetadmin 8.x allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
47 CVE-2012-2010 264 +Priv 2012-05-18 2012-10-30
6.9
None Local Medium Not required Complete Complete Complete
The ACMELOGIN implementation in HP OpenVMS 8.3 and 8.4 on the Alpha platform, and 8.3, 8.3-1H1, and 8.4 on the Itanium platform, when the SYS$ACM system service is enabled, allows local users to gain privileges via unspecified vectors.
48 CVE-2012-2009 264 +Priv 2012-05-09 2012-05-16
9.0
None Remote Low Single system Complete Complete Complete
Unspecified vulnerability in HP Performance Insight for Networks 5.3.x, 5.41, 5.41.001, and 5.41.002 allows remote authenticated users to gain privileges via unknown vectors.
49 CVE-2012-2008 79 XSS 2012-05-09 2012-05-10
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in HP Performance Insight for Networks 5.3.x, 5.41, 5.41.001, and 5.41.002 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
50 CVE-2012-2007 89 Exec Code Sql 2012-05-09 2012-05-10
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in HP Performance Insight for Networks 5.3.x, 5.41, 5.41.001, and 5.41.002 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
Total number of vulnerabilities : 84   Page : 1 (This Page)2
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.