CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

HP : Security Vulnerabilities Published In 2013 (Execute Code)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2013-6427 94 Exec Code 2013-12-09 2014-03-05
6.8
None Remote Medium Not required Partial Partial Partial
upgrade.py in the hp-upgrade service in HP Linux Imaging and Printing (HPLIP) 3.x through 3.13.11 launches a program from an http URL, which allows man-in-the-middle attackers to execute arbitrary code by gaining control over the client-server data stream.
2 CVE-2013-6197 Exec Code 2013-12-28 2014-01-07
5.2
None Local Network Low Single system Partial Partial Partial
Unspecified vulnerability in HP Service Manager WebTier and Windows Client 9.20 and 9.21 before 9.21.661 p8 allows remote authenticated users to execute arbitrary code via unknown vectors.
3 CVE-2013-6189 Exec Code 2013-12-28 2014-01-07
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the Archive Query Server in HP Application Information Optimizer (formerly HP Database Archiving) 6.2, 6.3, 6.4, and 7.0 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1666.
4 CVE-2013-4844 Exec Code 2013-11-28 2014-03-03
7.5
None Remote Low Not required Partial Partial Partial
Unspecified vulnerability in HP Service Manager 7.11, 9.21, 9.30, 9.31, and 9.32, and ServiceCenter 6.2.8, allows remote attackers to execute arbitrary code via unknown vectors.
5 CVE-2013-4838 Exec Code 2013-11-04 2013-11-08
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in Virtual User Generator in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1850.
6 CVE-2013-4837 Exec Code 2013-11-04 2013-11-08
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in Virtual User Generator in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1832.
7 CVE-2013-4836 Exec Code 2013-11-04 2013-11-08
7.5
None Remote Low Not required Partial Partial Partial
Unspecified vulnerability in the GossipService SOAP Request implementation in the Synchronizer component before 1.4.2 in HP Application LifeCycle Management (ALM) allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1759.
8 CVE-2013-4835 1 Exec Code Bypass 2013-11-04 2014-01-17
7.5
None Remote Low Not required Partial Partial Partial
The APISiteScopeImpl SOAP service in HP SiteScope 10.1x and 11.x before 11.22 allows remote attackers to bypass authentication and execute arbitrary code via a direct request to the issueSiebelCmd method, aka ZDI-CAN-1765.
9 CVE-2013-4834 Exec Code 2013-11-04 2013-11-08
7.5
None Remote Low Not required Partial Partial Partial
Unspecified vulnerability in the client component in HP Application LifeCycle Management (ALM) before 11 p11 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1327.
10 CVE-2013-4830 94 Exec Code 2013-10-16 2013-10-16
7.5
None Remote Low Not required Partial Partial Partial
HP Service Manager 9.30 through 9.32 allows remote attackers to execute arbitrary code via an unspecified "injection" approach.
11 CVE-2013-4827 89 Exec Code Sql 2013-10-13 2013-10-15
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in HP Intelligent Management Center (iMC) and HP IMC Service Operation Management Software Module allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka ZDI-CAN-1664.
12 CVE-2013-4822 Exec Code 2013-10-13 2013-10-15
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in HP Intelligent Management Center (iMC) and HP IMC Branch Intelligent Management System Software Module (aka BIMS) allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1606.
13 CVE-2013-4813 94 Exec Code 2013-09-16 2013-09-25
10.0
None Remote Low Not required Complete Complete Complete
The Agent (aka AgentController) servlet in HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20 and 4.0, and Identity Driven Manager (IDM) 4.0 allows remote attackers to execute arbitrary commands via a HEAD request, aka ZDI-CAN-1745.
14 CVE-2013-4812 20 Exec Code 2013-09-16 2013-09-25
10.0
None Remote Low Not required Complete Complete Complete
UpdateCertificatesServlet in the SNAC registration server in HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20 and 4.0, and Identity Driven Manager (IDM) 4.0 does not properly validate the fileName argument, which allows remote attackers to upload .jsp files and consequently execute arbitrary code via unspecified vectors, aka ZDI-CAN-1743.
15 CVE-2013-4811 20 Exec Code 2013-09-16 2013-09-25
10.0
None Remote Low Not required Complete Complete Complete
UpdateDomainControllerServlet in the SNAC registration server in HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20 and 4.0, and Identity Driven Manager (IDM) 4.0 does not properly validate the adCert argument, which allows remote attackers to upload .jsp files and consequently execute arbitrary code via unspecified vectors, aka ZDI-CAN-1743.
16 CVE-2013-4810 94 Exec Code 2013-09-16 2014-03-26
10.0
None Remote Low Not required Complete Complete Complete
HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20 and 4.0, Identity Driven Manager (IDM) 4.0, and Application Lifecycle Management allow remote attackers to execute arbitrary code via a marshalled object to (1) EJBInvokerServlet or (2) JMXInvokerServlet, aka ZDI-CAN-1760. NOTE: this is probably a duplicate of CVE-2007-1036, CVE-2010-0738, and/or CVE-2012-0874.
17 CVE-2013-4809 89 Exec Code Sql 2013-09-16 2013-09-25
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in GetEventsServlet in HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20 and 4.0, and Identity Driven Manager (IDM) 4.0 allow remote attackers to execute arbitrary SQL commands via the (1) sort or (2) dir parameter.
18 CVE-2013-4801 Exec Code 2013-07-29 2013-08-22
7.5
None Remote Low Not required Partial Partial Partial
Unspecified vulnerability in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1736.
19 CVE-2013-4800 Exec Code 2013-07-29 2014-01-17
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1735.
20 CVE-2013-4799 Exec Code 2013-07-29 2013-08-22
7.6
None Remote High Not required Complete Complete Complete
Unspecified vulnerability in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1734.
21 CVE-2013-4798 Exec Code 2013-07-29 2013-08-22
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1705.
22 CVE-2013-4797 Exec Code 2013-07-29 2013-08-22
7.5
None Remote Low Not required Partial Partial Partial
Unspecified vulnerability in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1690.
23 CVE-2013-4784 287 1 Exec Code Bypass 2013-07-08 2013-08-13
10.0
None Remote Low Not required Complete Complete Complete
The HP Integrated Lights-Out (iLO) BMC implementation allows remote attackers to bypass authentication and execute arbitrary IPMI commands by using cipher suite 0 (aka cipher zero) and an arbitrary password.
24 CVE-2013-3576 78 Exec Code 2013-06-14 2014-01-07
9.0
None Remote Low Single system Complete Complete Complete
ginkgosnmp.inc in HP System Management Homepage (SMH) allows remote authenticated users to execute arbitrary commands via shell metacharacters in the PATH_INFO to smhutil/snmpchp.php.en.
25 CVE-2013-2370 Exec Code 2013-07-29 2013-07-29
7.5
None Remote Low Not required Partial Partial Partial
Unspecified vulnerability in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1671.
26 CVE-2013-2369 Exec Code 2013-07-29 2013-07-29
7.5
None Remote Low Not required Partial Partial Partial
Unspecified vulnerability in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1670.
27 CVE-2013-2367 Exec Code 2013-07-31 2013-07-31
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in HP SiteScope 11.20 and 11.21, when SOAP is used, allow remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1678.
28 CVE-2013-2343 Exec Code 2013-07-02 2013-07-03
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability on the HP LeftHand Virtual SAN Appliance hydra with software before 10.0 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1510.
29 CVE-2013-2341 Exec Code +Info 2013-07-06 2013-07-08
7.1
None Remote High Single system Complete Complete Complete
Unspecified vulnerability on the HP ProCurve JC###A, JC###B, JD###A, JD###B, JE###A, JF###A, JF###B, JF###C, JG###A, 658250-B21, and 658247-B21; HP 3COM routers and switches; and HP H3C routers and switches allows remote authenticated users to execute arbitrary code or obtain sensitive information via unknown vectors.
30 CVE-2013-2340 Exec Code +Info 2013-07-06 2013-07-08
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability on the HP ProCurve JC###A, JC###B, JD###A, JD###B, JE###A, JF###A, JF###B, JF###C, JG###A, 658250-B21, and 658247-B21; HP 3COM routers and switches; and HP H3C routers and switches allows remote attackers to execute arbitrary code or obtain sensitive information via unknown vectors.
31 CVE-2013-2338 Exec Code 2013-06-14 2013-06-17
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability on HP Integrated Lights-Out 3 (aka iLO3) cards with firmware before 1.57 and 4 (aka iLO4) cards with firmware before 1.22, when Single-Sign-On (SSO) is used, allows remote attackers to execute arbitrary code via unknown vectors.
32 CVE-2013-2335 Exec Code 2013-06-06 2013-06-06
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21, 7.00, and 7.01 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1733.
33 CVE-2013-2334 Exec Code 2013-06-06 2013-06-06
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21, 7.00, and 7.01 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1681.
34 CVE-2013-2333 Exec Code 2013-06-06 2013-06-06
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21, 7.00, and 7.01 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1680.
35 CVE-2013-2332 Exec Code 2013-06-06 2013-06-06
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21, 7.00, and 7.01 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1654.
36 CVE-2013-2331 Exec Code 2013-06-06 2013-06-06
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21, 7.00, and 7.01 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1652.
37 CVE-2013-2330 Exec Code 2013-06-06 2013-06-06
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21, 7.00, and 7.01 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1638.
38 CVE-2013-2329 Exec Code 2013-06-06 2013-06-06
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21, 7.00, and 7.01 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1637.
39 CVE-2013-2328 Exec Code 2013-06-06 2013-06-06
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21, 7.00, and 7.01 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1636.
40 CVE-2013-2327 Exec Code 2013-06-06 2013-06-06
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21, 7.00, and 7.01 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1635.
41 CVE-2013-2326 Exec Code 2013-06-06 2013-06-06
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21, 7.00, and 7.01 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1634.
42 CVE-2013-2325 Exec Code 2013-06-06 2013-06-06
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21, 7.00, and 7.01 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1633.
43 CVE-2013-2324 Exec Code 2013-06-06 2013-06-06
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21, 7.00, and 7.01 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1629.
44 CVE-2012-5209 Exec Code 2013-03-09 2013-03-16
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in HP Intelligent Management Center (iMC) and Intelligent Management Center for Automated Network Manager (ANM) before 5.2 E0401 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1659.
45 CVE-2012-5201 Exec Code 2013-03-09 2013-03-16
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in HP Intelligent Management Center (iMC) and Intelligent Management Center for Automated Network Manager (ANM) before 5.2 E0401 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1611.
46 CVE-2012-5199 Exec Code 2013-02-16 2013-02-18
6.8
None Local Low Single system Complete Complete Complete
Unspecified vulnerability in HP ArcSight Connector Appliance 6.3 and earlier and ArcSight Logger 5.2 and earlier allows remote authenticated users to execute arbitrary code via unknown vectors.
47 CVE-2012-3285 Exec Code 2013-02-06 2013-02-07
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability on the HP LeftHand Virtual SAN Appliance hydra with software before 10.0 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1513.
48 CVE-2012-3284 Exec Code 2013-02-06 2013-02-07
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability on the HP LeftHand Virtual SAN Appliance hydra with software before 10.0 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1512.
49 CVE-2012-3283 Exec Code 2013-02-06 2013-02-06
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability on the HP LeftHand Virtual SAN Appliance hydra with software before 10.0 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1511.
50 CVE-2012-3282 Exec Code 2013-02-06 2013-02-07
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability on the HP LeftHand Virtual SAN Appliance hydra with software before 10.0 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1468.
Total number of vulnerabilities : 51   Page : 1 (This Page)2
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.