System Management Homepage
by Microfocus
CVEs (69)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2015-3148 | 0.01 | — | 0.18 | Apr 24, 2015 | cURL and libcurl 7.10.6 through 7.41.0 do not properly re-use authenticated Negotiate connections, which allows remote attackers to connect as other users via a request. | |||
| CVE-2015-3143 | 0.01 | — | 0.16 | Apr 24, 2015 | cURL and libcurl 7.10.6 through 7.41.0 does not properly re-use NTLM connections, which allows remote attackers to connect as other users via an unauthenticated request, a similar issue to CVE-2014-0015. | |||
| CVE-2011-1541 | 0.01 | — | 0.12 | Apr 29, 2011 | Unspecified vulnerability in HP System Management Homepage (SMH) before 6.3 allows remote attackers to bypass intended access restrictions, and consequently execute arbitrary code, via unknown vectors. | |||
| CVE-2006-1023 | 0.01 | — | 0.07 | Mar 7, 2006 | Directory traversal vulnerability in HP System Management Homepage (SMH) 2.0.0 through 2.1.4 on Windows allows remote attackers to access certain files via unspecified vectors. | |||
| CVE-2023-50271 | 0.00 | — | 0.01 | Dec 17, 2023 | A potential security vulnerability has been identified with HP-UX System Management Homepage (SMH). This vulnerability could be exploited locally or remotely to disclose information. | |||
| CVE-2015-2134 | 0.00 | — | 0.01 | Jul 21, 2015 | Cross-site request forgery (CSRF) vulnerability in HP System Management Homepage (SMH) before 7.5.0 allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors. | |||
| CVE-2014-7874 | 0.00 | — | 0.02 | Oct 19, 2014 | Cross-site request forgery (CSRF) vulnerability in HP System Management Homepage (SMH) before 3.2.3 on HP-UX B.11.23, and before 3.2.8 on HP-UX B.11.31, allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | |||
| CVE-2014-2642 | 0.00 | — | 0.02 | Oct 2, 2014 | HP System Management Homepage (SMH) before 7.4 allows remote attackers to conduct clickjacking attacks via unspecified vectors. | |||
| CVE-2014-2641 | 0.00 | — | 0.01 | Oct 2, 2014 | Cross-site request forgery (CSRF) vulnerability in HP System Management Homepage (SMH) before 7.4 allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors. | |||
| CVE-2014-2640 | 0.00 | — | 0.04 | Oct 2, 2014 | Cross-site scripting (XSS) vulnerability in HP System Management Homepage (SMH) before 7.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2013-6188 | 0.00 | — | 0.01 | Mar 14, 2014 | Cross-site request forgery (CSRF) vulnerability in HP System Management Homepage (SMH) 7.1 through 7.2.2 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | |||
| CVE-2013-4846 | 0.00 | — | 0.02 | Mar 14, 2014 | Unspecified vulnerability in HP System Management Homepage (SMH) before 7.3 allows remote attackers to obtain sensitive information via unknown vectors. | |||
| CVE-2013-4821 | 0.00 | — | 0.02 | Sep 23, 2013 | Unspecified vulnerability in HP System Management Homepage (SMH) before 7.2.1 allows remote authenticated users to cause a denial of service via unknown vectors. | |||
| CVE-2013-2364 | 0.00 | — | 0.01 | Jul 22, 2013 | Cross-site scripting (XSS) vulnerability in HP System Management Homepage (SMH) before 7.2.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2013-2363 | 0.00 | — | 0.03 | Jul 22, 2013 | HP System Management Homepage (SMH) before 7.2.1 allows remote attackers to obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2013-2356. | |||
| CVE-2013-2362 | 0.00 | — | 0.01 | Jul 22, 2013 | Unspecified vulnerability in HP System Management Homepage (SMH) before 7.2.1 allows local users to cause a denial of service via unknown vectors, aka ZDI-CAN-1676. | |||
| CVE-2013-2361 | 0.00 | — | 0.03 | Jul 22, 2013 | Cross-site scripting (XSS) vulnerability in HP System Management Homepage (SMH) before 7.2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2013-2360 | 0.00 | — | 0.02 | Jul 22, 2013 | Unspecified vulnerability in HP System Management Homepage (SMH) before 7.2.1 allows remote authenticated users to cause a denial of service via unknown vectors, a different vulnerability than CVE-2013-2357, CVE-2013-2358, and CVE-2013-2359. | |||
| CVE-2013-2359 | 0.00 | — | 0.02 | Jul 22, 2013 | Unspecified vulnerability in HP System Management Homepage (SMH) before 7.2.1 allows remote authenticated users to cause a denial of service via unknown vectors, a different vulnerability than CVE-2013-2357, CVE-2013-2358, and CVE-2013-2360. | |||
| CVE-2013-2358 | 0.00 | — | 0.02 | Jul 22, 2013 | Unspecified vulnerability in HP System Management Homepage (SMH) before 7.2.1 allows remote authenticated users to cause a denial of service via unknown vectors, a different vulnerability than CVE-2013-2357, CVE-2013-2359, and CVE-2013-2360. |
- CVE-2015-3148Apr 24, 2015risk 0.01cvss —epss 0.18
cURL and libcurl 7.10.6 through 7.41.0 do not properly re-use authenticated Negotiate connections, which allows remote attackers to connect as other users via a request.
- CVE-2015-3143Apr 24, 2015risk 0.01cvss —epss 0.16
cURL and libcurl 7.10.6 through 7.41.0 does not properly re-use NTLM connections, which allows remote attackers to connect as other users via an unauthenticated request, a similar issue to CVE-2014-0015.
- CVE-2011-1541Apr 29, 2011risk 0.01cvss —epss 0.12
Unspecified vulnerability in HP System Management Homepage (SMH) before 6.3 allows remote attackers to bypass intended access restrictions, and consequently execute arbitrary code, via unknown vectors.
- CVE-2006-1023Mar 7, 2006risk 0.01cvss —epss 0.07
Directory traversal vulnerability in HP System Management Homepage (SMH) 2.0.0 through 2.1.4 on Windows allows remote attackers to access certain files via unspecified vectors.
- CVE-2023-50271Dec 17, 2023risk 0.00cvss —epss 0.01
A potential security vulnerability has been identified with HP-UX System Management Homepage (SMH). This vulnerability could be exploited locally or remotely to disclose information.
- CVE-2015-2134Jul 21, 2015risk 0.00cvss —epss 0.01
Cross-site request forgery (CSRF) vulnerability in HP System Management Homepage (SMH) before 7.5.0 allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors.
- CVE-2014-7874Oct 19, 2014risk 0.00cvss —epss 0.02
Cross-site request forgery (CSRF) vulnerability in HP System Management Homepage (SMH) before 3.2.3 on HP-UX B.11.23, and before 3.2.8 on HP-UX B.11.31, allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
- CVE-2014-2642Oct 2, 2014risk 0.00cvss —epss 0.02
HP System Management Homepage (SMH) before 7.4 allows remote attackers to conduct clickjacking attacks via unspecified vectors.
- CVE-2014-2641Oct 2, 2014risk 0.00cvss —epss 0.01
Cross-site request forgery (CSRF) vulnerability in HP System Management Homepage (SMH) before 7.4 allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors.
- CVE-2014-2640Oct 2, 2014risk 0.00cvss —epss 0.04
Cross-site scripting (XSS) vulnerability in HP System Management Homepage (SMH) before 7.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
- CVE-2013-6188Mar 14, 2014risk 0.00cvss —epss 0.01
Cross-site request forgery (CSRF) vulnerability in HP System Management Homepage (SMH) 7.1 through 7.2.2 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
- CVE-2013-4846Mar 14, 2014risk 0.00cvss —epss 0.02
Unspecified vulnerability in HP System Management Homepage (SMH) before 7.3 allows remote attackers to obtain sensitive information via unknown vectors.
- CVE-2013-4821Sep 23, 2013risk 0.00cvss —epss 0.02
Unspecified vulnerability in HP System Management Homepage (SMH) before 7.2.1 allows remote authenticated users to cause a denial of service via unknown vectors.
- CVE-2013-2364Jul 22, 2013risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in HP System Management Homepage (SMH) before 7.2.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
- CVE-2013-2363Jul 22, 2013risk 0.00cvss —epss 0.03
HP System Management Homepage (SMH) before 7.2.1 allows remote attackers to obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2013-2356.
- CVE-2013-2362Jul 22, 2013risk 0.00cvss —epss 0.01
Unspecified vulnerability in HP System Management Homepage (SMH) before 7.2.1 allows local users to cause a denial of service via unknown vectors, aka ZDI-CAN-1676.
- CVE-2013-2361Jul 22, 2013risk 0.00cvss —epss 0.03
Cross-site scripting (XSS) vulnerability in HP System Management Homepage (SMH) before 7.2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
- CVE-2013-2360Jul 22, 2013risk 0.00cvss —epss 0.02
Unspecified vulnerability in HP System Management Homepage (SMH) before 7.2.1 allows remote authenticated users to cause a denial of service via unknown vectors, a different vulnerability than CVE-2013-2357, CVE-2013-2358, and CVE-2013-2359.
- CVE-2013-2359Jul 22, 2013risk 0.00cvss —epss 0.02
Unspecified vulnerability in HP System Management Homepage (SMH) before 7.2.1 allows remote authenticated users to cause a denial of service via unknown vectors, a different vulnerability than CVE-2013-2357, CVE-2013-2358, and CVE-2013-2360.
- CVE-2013-2358Jul 22, 2013risk 0.00cvss —epss 0.02
Unspecified vulnerability in HP System Management Homepage (SMH) before 7.2.1 allows remote authenticated users to cause a denial of service via unknown vectors, a different vulnerability than CVE-2013-2357, CVE-2013-2359, and CVE-2013-2360.
Page 2 of 4