CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

HP : Security Vulnerabilities (CVSS score between 6 and 6.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-1999-0961 +Priv 1996-09-21 2016-10-18
6.2
None Local High Not required Complete Complete Complete
HPUX sysdiag allows local users to gain root privileges via a symlink attack during log file creation.
2 CVE-2001-1040 2001-08-31 2008-09-05
6.4
None Remote Low Not required Partial None Partial
HP LaserJet, and possibly other JetDirect devices, resets the admin password when the device is turned off, which could allow remote attackers to access the device without the password.
3 CVE-2002-0529 +Priv 2002-08-12 2008-09-05
6.2
None Local High Not required Complete Complete Complete
HP Photosmart printer driver for Mac OS X installs the hp_imaging_connectivity program and the hp_imaging_connectivity.app directory with world-writable permissions, which allows local users to gain privileges of other Photosmart users by replacing hp_imaging_connectivity with a Trojan horse.
4 CVE-2002-0638 +Priv 2002-08-12 2016-10-18
6.2
None Local High Not required Complete Complete Complete
setpwnam.c in the util-linux package, as included in Red Hat Linux 7.3 and earlier, and other operating systems, does not properly lock a temporary file when modifying /etc/passwd, which may allow local users to gain privileges via a complex race condition that uses an open file descriptor in utility programs such as chfn and chsh.
5 CVE-2004-0940 119 Exec Code Overflow XSS 2005-02-09 2021-06-06
6.9
None Local Medium Not required Complete Complete Complete
Buffer overflow in the get_tag function in mod_include for Apache 1.3.x to 1.3.32 allows local users who can create SSI documents to execute arbitrary code as the apache user via SSI (XSSI) documents that trigger a length calculation error.
6 CVE-2004-0952 2004-12-31 2017-10-11
6.4
None Remote Low Not required None Partial Partial
HP-UX B.11.00 through B.11.23, when running Ignite-UX and using the add_new_client command, causes the TFTP server to set world-writable permissions on part of the directory tree, which allows remote attackers to modify data or cause disk consumption.
7 CVE-2005-4654 2005-12-31 2011-03-08
6.4
None Remote Low Not required None Partial Partial
Multiple unspecified vulnerabilities in Oracle for OpenView (OfO) 8.1.7, 9.1.01, and 9.2, and OfO for Linux, allow remote attackers to have an unknown impact via unknown attack vectors. NOTE: because of the lack of details in the vendor advisory, it is unclear which set of existing CVEs this advisory might refer to.
8 CVE-2006-5300 +Priv 2006-10-17 2018-10-17
6.5
None Remote Low ??? Partial Partial Partial
Unspecified vulnerability in HP Version Control Agent before 2.1.5 allows remote authenticated users to obtain "unauthorized access" to a remote Repository Manager account and potentially gain privileges via unspecified vectors.
9 CVE-2006-5704 2006-11-04 2017-07-20
6.2
None Local High Not required Complete Complete Complete
HP NonStop Server G06.29, when running Standard Security T6533G06 before T6533G06^ABK, does not properly evaluate access permissions to OSS directories when no optional ACL entry exists, which allows local users to read arbitrary files.
10 CVE-2007-0866 Exec Code 2007-02-09 2018-10-16
6.8
None Local Low ??? Complete Complete Complete
Unspecified vulnerability in HP OpenView Storage Data Protector on HP-UX B.11.00, B.11.11, or B.11.23 allows local users to execute arbitrary code via unknown vectors.
11 CVE-2007-1882 Exec Code 2007-04-06 2017-07-29
6.5
None Remote Low ??? Partial Partial Partial
qcbin/servlet/tdservlet/TDAPI_GeneralWebTreatment in HP Mercury Quality Center 9.0 build 9.1.0.4352 allows remote authenticated users to execute arbitrary SQL commands via the RunQuery method.
12 CVE-2007-3487 22 Dir. Trav. 2007-06-29 2018-10-16
6.4
None Remote Low Not required Partial Partial None
Absolute path traversal in a certain ActiveX control in hpqxml.dll 2.0.0.133 in Hewlett-Packard (HP) Photo Digital Imaging allows remote attackers to create or overwrite arbitrary files via the argument to the saveXMLAsFile method.
13 CVE-2007-3649 2007-07-10 2017-09-29
6.8
None Remote Medium Not required Partial Partial Partial
Absolute path traversal vulnerability in a certain ActiveX control in hpqvwocx.dll 2.1.0.556 in Hewlett-Packard (HP) Digital Imaging allows remote attackers to create or overwrite arbitrary files via the second argument to the SaveToFile method.
14 CVE-2007-3872 Exec Code Overflow 2007-08-09 2017-07-29
6.8
None Remote Medium Not required Partial Partial Partial
Multiple stack-based buffer overflows in the Shared Trace Service (OVTrace) service for HP OpenView Operations A.07.50 for Windows, and possibly earlier versions, allow remote attackers to execute arbitrary code via certain crafted requests.
15 CVE-2008-0712 Exec Code +Info 2008-04-25 2017-08-08
6.8
None Remote Medium Not required Partial Partial Partial
Unspecified vulnerability in the HP HPeDiag (aka eSupportDiagnostics) ActiveX control in hpediag.dll in HP Software Update 4.000.009.002 and earlier allows remote attackers to execute arbitrary code or obtain sensitive information via unspecified vectors. NOTE: this might overlap CVE-2007-6513.
16 CVE-2008-0713 DoS 2008-05-13 2017-09-29
6.8
None Remote Low ??? None None Complete
Unspecified vulnerability in the FTP server for HP-UX B.11.11, B.11.23, and B.11.31 allows remote authenticated users to cause a denial of service (FTP server outage) via unknown attack vectors.
17 CVE-2008-1660 2008-05-21 2017-09-29
6.3
None Local Medium Not required Complete Complete None
Unspecified vulnerability in useradd on HP-UX B.11.11, B.11.23, and B.11.31 allows local users to access arbitrary files and directories via unspecified vectors.
18 CVE-2008-2390 94 Exec Code 2008-05-21 2017-09-29
6.8
None Remote Medium Not required Partial Partial Partial
Hpufunction.dll 4.0.0.1 in HP Software Update exposes the unsafe (1) ExecuteAsync and (2) Execute methods, which allows remote attackers to execute arbitrary code via an absolute pathname in the first argument.
19 CVE-2009-0122 264 2009-01-15 2009-01-31
6.9
None Local Medium Not required Complete Complete Complete
hplip.postinst in HP Linux Imaging and Printing (HPLIP) 2.7.7 and 2.8.2 on Ubuntu allows local users to change the ownership of arbitrary files via unspecified manipulations in advance of an HPLIP installation or upgrade by an administrator, related to the product's attempt to correct the ownership of its configuration files within home directories.
20 CVE-2009-0715 2009-04-21 2009-04-29
6.5
None Remote Low ??? Partial Partial Partial
Unspecified vulnerability in Secure NaviCLI in HP Storage Essentials 6.0.2 through 6.0.4 allows remote authenticated users to obtain "access" or "extended privileges" via unknown vectors.
21 CVE-2009-0719 2009-04-29 2017-09-29
6.0
None Local Medium ??? Complete Complete None
Unspecified vulnerability in useradd in HP HP-UX B.11.11, B.11.23, and B.11.31 allows local users to access arbitrary files and directories via unknown vectors, a different issue than CVE-2008-1660.
22 CVE-2009-2677 352 CSRF 2009-08-14 2017-08-17
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in HP Insight Control Suite For Linux (aka ICE-LX) before 2.11 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
23 CVE-2010-1031 +Priv 2010-04-01 2019-10-09
6.9
None Local Medium Not required Complete Complete Complete
Unspecified vulnerability in HP Insight Control for Linux (aka IC-Linux or ICE-LX) 2.11 and earlier allows local users to gain privileges via unknown vectors.
24 CVE-2010-1037 352 CSRF 2010-04-28 2019-10-09
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in HP System Insight Manager before 6.0 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
25 CVE-2010-1038 +Priv 2010-04-28 2019-10-09
6.5
None Remote Low ??? Partial Partial Partial
Unspecified vulnerability in HP System Insight Manager before 6.0 allows remote authenticated users to gain privileges via unknown vectors.
26 CVE-2010-1973 +Priv +Info 2010-07-22 2019-10-09
6.8
None Local Low ??? Complete Complete Complete
Unspecified vulnerability in the Auditing subsystem in HP OpenVMS 8.3, 8.2, 7.3-2, and earlier on the ALPHA platform, and 8.3-1H1, 8.3, 8.2-1, and earlier on the Itanium platform, allows local users to gain privileges or obtain sensitive information via unknown vectors.
27 CVE-2010-2712 +Priv 2010-08-30 2017-09-19
6.8
None Local Low ??? Complete Complete Complete
Unspecified vulnerability in Software Distributor (sd) in HP HP-UX B.11.11, B.11.23, and B.11.31 allows local users to gain privileges via unknown vectors.
28 CVE-2010-3288 352 CSRF 2010-10-23 2010-11-11
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in HP Systems Insight Manager (SIM) before 6.2 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
29 CVE-2010-3290 +Priv 2010-10-23 2017-08-17
6.5
None Remote Low ??? Partial Partial Partial
Unspecified vulnerability in HP Systems Insight Manager (SIM) before 6.2 allows remote authenticated users to gain privileges via unknown vectors.
30 CVE-2010-3989 352 CSRF 2010-10-28 2010-11-11
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in HP Insight Control Virtual Machine Management before 6.2 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
31 CVE-2010-3993 +Info 2010-10-28 2010-11-11
6.4
None Remote Low Not required Partial Partial None
Unspecified vulnerability in HP Insight Control Server Migration before 6.2 allows remote attackers to obtain sensitive information or modify data via unknown vectors.
32 CVE-2010-4024 352 CSRF 2010-10-28 2010-11-11
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in HP Insight Control Power Management before 6.2 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
33 CVE-2010-4026 +Priv 2010-10-28 2010-11-11
6.2
None Local High Not required Complete Complete Complete
Unspecified vulnerability in the service API in HP Palm webOS 1.4.1 allows local users to gain privileges by leveraging the ability to perform certain service calls.
34 CVE-2010-4032 352 CSRF 2010-11-02 2017-08-17
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in HP Insight Control Performance Management before 6.2 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
35 CVE-2010-4105 Bypass +Info 2010-11-02 2019-10-09
6.4
None Remote Low Not required Partial Partial None
Unspecified vulnerability in HP Insight Orchestration before 6.2 allows remote attackers to bypass intended access restrictions, and obtain sensitive information or modify data, via unknown vectors.
36 CVE-2010-4106 352 CSRF 2010-11-02 2017-08-17
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in HP Insight Control for Linux before 6.2 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
37 CVE-2010-4108 DoS 2010-12-08 2017-09-19
6.8
None Remote Low ??? None None Complete
HP HP-UX B.11.11, B.11.23, and B.11.31 does not properly support threaded processes, which allows remote authenticated users to cause a denial of service via unspecified vectors.
38 CVE-2011-0277 352 CSRF 2011-02-09 2013-08-03
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in HP Power Manager (HPPM) 4.3.2 and earlier allows remote attackers to hijack the authentication of administrators for requests that create new administrative accounts.
39 CVE-2011-1534 2011-04-22 2016-08-23
6.5
None Remote Low ??? Partial Partial Partial
Unspecified vulnerability in HP Network Node Manager i (NNMi) 9.0x allows remote authenticated users to obtain access to processes via unknown vectors.
40 CVE-2011-1535 DoS +Info 2011-04-29 2017-08-17
6.0
None Remote Medium ??? Partial Partial Partial
Unspecified vulnerability in HP Insight Control for Linux (aka IC-Linux) before 6.3 allows remote authenticated users to obtain sensitive information, modify data, or cause a denial of service via unknown vectors.
41 CVE-2011-1544 +Priv 2011-05-03 2011-09-22
6.0
None Remote Medium ??? Partial Partial Partial
Unspecified vulnerability in HP Insight Control Performance Management before 6.3 allows remote authenticated users to gain privileges via unknown vectors.
42 CVE-2011-1545 352 CSRF 2011-05-03 2011-09-22
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in HP Insight Control Performance Management before 6.3 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
43 CVE-2011-1724 +Priv 2011-05-03 2011-09-22
6.0
None Remote Medium ??? Partial Partial Partial
Unspecified vulnerability in HP Virtual Server Environment before 6.3 allows remote authenticated users to gain privileges via unknown vectors.
44 CVE-2011-2328 119 DoS Exec Code Overflow 2011-06-02 2017-08-29
6.8
None Remote Medium Not required Partial Partial Partial
Buffer overflow in HP LoadRunner allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a .usr (aka Virtual User script) file with long directives.
45 CVE-2011-2398 DoS +Priv 2011-07-11 2017-09-19
6.8
None Local Low ??? Complete Complete Complete
Unspecified vulnerability in the dynamic loader in HP HP-UX B.11.11, B.11.23, and B.11.31 allows local users to gain privileges or cause a denial of service via unknown vectors.
46 CVE-2011-2403 89 Exec Code Sql 2011-08-01 2017-08-29
6.5
None Remote Low ??? Partial Partial Partial
SQL injection vulnerability in HP Network Automation 7.2x, 7.5x, 7.6x, 9.0, and 9.10 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
47 CVE-2011-2407 2011-08-11 2019-10-09
6.4
None Remote Low Not required Partial Partial None
Unspecified vulnerability in HP OpenView Performance Insight 5.3, 5.31, 5.4, 5.41, 5.41.001, and 5.41.002 allows remote attackers to obtain access via unknown vectors.
48 CVE-2011-2608 20 2011-07-01 2017-08-29
6.4
None Remote Low Not required None Partial Partial
ovbbccb.exe 6.20.50.0 and other versions in HP OpenView Performance Agent 4.70 and 5.0; and Operations Agent 11.0, 8.60.005, 8.60.006, 8.60.007, 8.60.008, 8.60.501, and 8.53; allows remote attackers to delete arbitrary files via a full pathname in the File field in a Register command.
49 CVE-2011-2697 20 Exec Code 2011-07-29 2017-08-29
6.8
None Remote Medium Not required Partial Partial Partial
foomatic-rip-hplip in HP Linux Imaging and Printing (HPLIP) 3.11.5 allows remote attackers to execute arbitrary code via a crafted *FoomaticRIPCommandLine field in a .ppd file.
50 CVE-2011-3155 Bypass 2011-10-12 2012-02-14
6.4
None Remote Low Not required Partial Partial None
Unspecified vulnerability in HP Onboard Administrator (OA) 3.21 through 3.31 allows remote attackers to bypass intended access restrictions via unknown vectors.
Total number of vulnerabilities : 139   Page : 1 (This Page)2 3
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.