Hpux
Sign in to watchby HP
CVEs (285)
| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2012-1823 | Cri | 0.86 | 9.8 | 0.94 | KEV | May 11, 2012 | sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'd' case. |
| CVE-2001-0248 | Cri | 0.64 | 9.8 | 0.05 | Jun 18, 2001 | Buffer overflow in FTP server in HPUX 11 allows remote attackers to execute arbitrary commands by creating a long pathname and calling the STAT command, which uses glob to generate long strings. | |
| CVE-2001-0249 | Cri | 0.64 | 9.8 | 0.05 | Jun 18, 2001 | Heap overflow in FTP daemon in Solaris 8 allows remote attackers to execute arbitrary commands by creating a long pathname and calling the LIST command, which uses glob to generate long strings. | |
| CVE-1999-0038 | Hig | 0.58 | 8.4 | 0.00 | Apr 26, 1997 | Buffer overflow in xlock program allows local users to execute commands as root. | |
| CVE-2004-0940 | Hig | 0.54 | 7.8 | 0.04 | Feb 9, 2005 | Buffer overflow in the get_tag function in mod_include for Apache 1.3.x to 1.3.32 allows local users who can create SSI documents to execute arbitrary code as the apache user via SSI (XSSI) documents that trigger a length calculation error. | |
| CVE-1999-0022 | Hig | 0.51 | 7.8 | 0.00 | Jul 3, 1996 | Local user gains root privileges via buffer overflow in rdist, via expstr() function. | |
| CVE-2004-0079 | Hig | 0.49 | 7.5 | 0.02 | Nov 23, 2004 | The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference. | |
| CVE-2000-0972 | Med | 0.39 | 5.5 | 0.02 | Dec 19, 2000 | HP-UX 11.00 crontab allows local users to read arbitrary files via the -e option by creating a symlink to the target file during the crontab session, quitting the session, and reading the error messages that crontab generates. | |
| CVE-2015-4000 | Low | 0.35 | 3.7 | 0.94 | May 21, 2015 | The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the "Logjam" issue. | |
| CVE-2003-0201 | 0.10 | — | 0.84 | May 5, 2003 | Buffer overflow in the call_trans2open function in trans2.c for Samba 2.2.x before 2.2.8a, 2.0.10 and earlier 2.0.x versions, and Samba-TNG before 0.3.2, allows remote attackers to execute arbitrary code. | ||
| CVE-2001-0797 | 0.10 | — | 0.89 | Dec 12, 2001 | Buffer overflow in login in various System V based operating systems allows remote attackers to execute arbitrary commands via a large number of arguments through services such as telnet and rlogin. | ||
| CVE-2000-0573 | 0.10 | — | 0.91 | Jul 7, 2000 | The lreply function in wu-ftpd 2.6.0 and earlier does not properly cleanse an untrusted format string, which allows remote attackers to execute arbitrary commands via the SITE EXEC command. | ||
| CVE-1999-0003 | 0.10 | — | 0.91 | Apr 1, 1998 | Execute commands as root via buffer overflow in Tooltalk database server (rpc.ttdbserverd). | ||
| CVE-1999-0517 | 0.10 | — | 0.92 | Jan 1, 1997 | An SNMP community name is the default (e.g. public), null, or missing. | ||
| CVE-2004-0594 | 0.09 | — | 0.78 | Jul 27, 2004 | The memory_limit functionality in PHP 4.x up to 4.3.7, and 5.x up to 5.0.0RC3, under certain conditions such as when register_globals is enabled, allows remote attackers to execute arbitrary code by triggering a memory_limit abort during execution of the zend_hash_init function and overwriting a HashTable destructor pointer before the initialization of key data structures is complete. | ||
| CVE-2003-0694 | 0.09 | — | 0.76 | Oct 6, 2003 | The prescan function in Sendmail 8.12.9 allows remote attackers to execute arbitrary code via buffer overflow attacks, as demonstrated using the parseaddr function in parseaddr.c. | ||
| CVE-1999-0016 | 0.09 | — | 0.81 | Dec 1, 1997 | Land IP denial of service. | ||
| CVE-2003-0161 | 0.08 | — | 0.68 | Apr 2, 2003 | The prescan() function in the address parser (parseaddr.c) in Sendmail before 8.12.9 does not properly handle certain conversions from char and int types, which can cause a length check to be disabled when Sendmail misinterprets an input value as a special "NOCHAR" control value, allowing attackers to cause a denial of service and possibly execute arbitrary code via a buffer overflow attack using messages, a different vulnerability than CVE-2002-1337. | ||
| CVE-2002-1337 | 0.07 | — | 0.44 | Mar 7, 2003 | Buffer overflow in Sendmail 5.79 to 8.12.7 allows remote attackers to execute arbitrary code via certain formatted address fields, related to sender and recipient header comments as processed by the crackaddr function of headers.c. | ||
| CVE-2002-1317 | 0.07 | — | 0.50 | Dec 11, 2002 | Buffer overflow in Dispatch() routine for XFS font server (fs.auto) on Solaris 2.5.1 through 9 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a certain XFS query. |