Jetadmin
by Microfocus
CVEs (11)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2004-1857 | 0.10 | — | 0.87 | Mar 24, 2004 | Directory traversal vulnerability in setinfo.hts in HP Web Jetadmin 7.5.2546 allows remote authenticated attackers to read arbitrary files via a .. (dot dot) in the setinclude parameter. | |||
| CVE-2004-1856 | 0.05 | — | 0.30 | Mar 24, 2004 | devices_update_printer_fw_upload.hts in HP Web JetAdmin 7.5.2546, when no password is set, allows remote attackers to upload arbitrary files to the printer directory. | |||
| CVE-2000-0444 | 0.04 | — | 0.08 | May 24, 2000 | HP Web JetAdmin 6.0 allows remote attackers to cause a denial of service via a malformed URL to port 8000. | |||
| CVE-2000-0443 | 0.04 | — | 0.10 | May 24, 2000 | The web interface server in HP Web JetAdmin 5.6 allows remote attackers to read arbitrary files via a .. (dot dot) attack. | |||
| CVE-1999-1433 | 0.03 | — | 0.01 | Jul 15, 1998 | HP JetAdmin D.01.09 on Solaris allows local users to change the permissions of arbitrary files via a symlink attack on the /tmp/jetadmin.log file. | |||
| CVE-2012-2011 | 0.00 | — | 0.02 | Jun 13, 2012 | Multiple cross-site scripting (XSS) vulnerabilities in HP Web Jetadmin 8.x allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2011-0278 | 0.00 | — | 0.00 | Mar 1, 2011 | Unspecified vulnerability in HP Web Jetadmin 10.2 Service Release 3 and 4 allows local users to bypass intended access restrictions via unknown vectors. | |||
| CVE-2009-4182 | 0.00 | — | 0.02 | Jan 14, 2010 | Multiple unspecified vulnerabilities in HP Web Jetadmin 10.2, when a remote SQL server is used, allow remote attackers to obtain access to data or cause a denial of service, possibly by leveraging authentication and encryption weaknesses on the SQL server. | |||
| CVE-2004-1858 | 0.00 | — | 0.01 | Dec 31, 2004 | HP Web Jetadmin 7.5.2546 allows remote attackers to cause a denial of service (crash) via a malformed request, possibly due to a stricmp() error from an invalid use of the "$" character. | |||
| CVE-2001-1039 | 0.00 | — | 0.02 | Aug 31, 2001 | The JetAdmin web interface for HP JetDirect does not set a password for the telnet interface when the admin password is changed, which allows remote attackers to gain access to the printer. | |||
| CVE-2001-1040 | 0.00 | — | 0.02 | Aug 31, 2001 | HP LaserJet, and possibly other JetDirect devices, resets the admin password when the device is turned off, which could allow remote attackers to access the device without the password. |
- CVE-2004-1857Mar 24, 2004risk 0.10cvss —epss 0.87
Directory traversal vulnerability in setinfo.hts in HP Web Jetadmin 7.5.2546 allows remote authenticated attackers to read arbitrary files via a .. (dot dot) in the setinclude parameter.
- CVE-2004-1856Mar 24, 2004risk 0.05cvss —epss 0.30
devices_update_printer_fw_upload.hts in HP Web JetAdmin 7.5.2546, when no password is set, allows remote attackers to upload arbitrary files to the printer directory.
- CVE-2000-0444May 24, 2000risk 0.04cvss —epss 0.08
HP Web JetAdmin 6.0 allows remote attackers to cause a denial of service via a malformed URL to port 8000.
- CVE-2000-0443May 24, 2000risk 0.04cvss —epss 0.10
The web interface server in HP Web JetAdmin 5.6 allows remote attackers to read arbitrary files via a .. (dot dot) attack.
- CVE-1999-1433Jul 15, 1998risk 0.03cvss —epss 0.01
HP JetAdmin D.01.09 on Solaris allows local users to change the permissions of arbitrary files via a symlink attack on the /tmp/jetadmin.log file.
- CVE-2012-2011Jun 13, 2012risk 0.00cvss —epss 0.02
Multiple cross-site scripting (XSS) vulnerabilities in HP Web Jetadmin 8.x allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
- CVE-2011-0278Mar 1, 2011risk 0.00cvss —epss 0.00
Unspecified vulnerability in HP Web Jetadmin 10.2 Service Release 3 and 4 allows local users to bypass intended access restrictions via unknown vectors.
- CVE-2009-4182Jan 14, 2010risk 0.00cvss —epss 0.02
Multiple unspecified vulnerabilities in HP Web Jetadmin 10.2, when a remote SQL server is used, allow remote attackers to obtain access to data or cause a denial of service, possibly by leveraging authentication and encryption weaknesses on the SQL server.
- CVE-2004-1858Dec 31, 2004risk 0.00cvss —epss 0.01
HP Web Jetadmin 7.5.2546 allows remote attackers to cause a denial of service (crash) via a malformed request, possibly due to a stricmp() error from an invalid use of the "$" character.
- CVE-2001-1039Aug 31, 2001risk 0.00cvss —epss 0.02
The JetAdmin web interface for HP JetDirect does not set a password for the telnet interface when the admin password is changed, which allows remote attackers to gain access to the printer.
- CVE-2001-1040Aug 31, 2001risk 0.00cvss —epss 0.02
HP LaserJet, and possibly other JetDirect devices, resets the admin password when the device is turned off, which could allow remote attackers to access the device without the password.