VYPR

Vendor CVEs

Microfocus

All CVEs

2,276 total · sorted by risk
  • CVE-2008-7126Aug 31, 2009
    risk 0.04cvss epss 0.10

    Integer overflow in osagent.exe in Borland VisiBroker Smart Agent 08.00.00.C1.03 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted packet with a large string length value to UDP port 14000, which triggers a…

  • CVE-2008-5120Nov 18, 2008
    risk 0.04cvss epss 0.10

    Stack-based buffer overflow in the Process Software MultiNet finger service (aka FINGERD) for HP OpenVMS 8.3 allows remote attackers to execute arbitrary code via a long request string.

  • CVE-2008-3544Oct 13, 2008
    risk 0.04cvss epss 0.18

    Multiple stack-based buffer overflows in ovalarmsrv in HP OpenView Network Node Manager (OV NNM) 7.51, and possibly 7.01, 7.50, and 7.53, allow remote attackers to execute arbitrary code via a long (1) REQUEST_SEV_CHANGE (aka number 47), (2) REQUEST_SAVE_STATE (aka number 61),…

  • CVE-2007-5604Jun 4, 2008
    risk 0.04cvss epss 0.12

    Buffer overflow in the ExtractCab function in the HPISDataManagerLib.Datamgr ActiveX control in HPISDataManager.dll in HP Instant Support before 1.0.0.24 allows remote attackers to execute arbitrary code via a long first argument, a different vulnerability than CVE-2007-5605,…

  • CVE-2007-5607Jun 4, 2008
    risk 0.04cvss epss 0.13

    Buffer overflow in the RegistryString function in the HPISDataManagerLib.Datamgr ActiveX control in HPISDataManager.dll in HP Instant Support before 1.0.0.24 allows remote attackers to execute arbitrary code via a long first argument, a different vulnerability than…

  • CVE-2007-5610Jun 4, 2008
    risk 0.04cvss epss 0.09

    The DeleteSingleFile function in the HPISDataManagerLib.Datamgr ActiveX control in HPISDataManager.dll in HP Instant Support before 1.0.0.24 allows remote attackers to delete an arbitrary file via a full pathname in the argument.

  • CVE-2008-0953Jun 4, 2008
    risk 0.04cvss epss 0.09

    The StartApp function in the HPISDataManagerLib.Datamgr ActiveX control in HPISDataManager.dll in HP Instant Support before 1.0.0.24 allows remote attackers to execute arbitrary programs via a .exe filename in the argument, a different vulnerability than CVE-2007-5608 and…

  • CVE-2008-2390May 21, 2008
    risk 0.04cvss epss 0.07

    Hpufunction.dll 4.0.0.1 in HP Software Update exposes the unsafe (1) ExecuteAsync and (2) Execute methods, which allows remote attackers to execute arbitrary code via an absolute pathname in the first argument.

  • CVE-2008-1842Apr 16, 2008
    risk 0.04cvss epss 0.12

    Integer signedness error in ovspmd.exe in HP OpenView Network Node Manager (OV NNM) 8.01, and 7.53 and earlier, allows remote attackers to cause a denial of service (daemon crash) or execute arbitrary code via a long request to TCP port 8886 that begins with a certain negative…

  • CVE-2007-6506Dec 20, 2007
    risk 0.04cvss epss 0.16

    The HPRulesEngine.ContentCollection.1 ActiveX Control in RulesEngine.dll for HP Software Update 4.000.005.007 and earlier, including 3.0.8.4, allows remote attackers to (1) overwrite and corrupt arbitrary files via arguments to the SaveToFile method, and possibly (2) access…

  • CVE-2007-6333Dec 13, 2007
    risk 0.04cvss epss 0.09

    The HPInfoDLL.HPInfo.1 ActiveX control in HPInfoDLL.dll 1.0, as shipped with HP Info Center (hpinfocenter.exe) 1.0.1.1 in HP Quick Launch Button (QLBCTRL.exe, aka QLB) 6.3 and earlier, allows remote attackers to read arbitrary registry values via the arguments to the GetRegValue…

  • CVE-2007-6332Dec 13, 2007
    risk 0.04cvss epss 0.08

    The HPInfoDLL.HPInfo.1 ActiveX control in HPInfoDLL.dll 1.0, as shipped with HP Info Center (hpinfocenter.exe) 1.0.1.1 in HP Quick Launch Button (QLBCTRL.exe, aka QLB) 6.3 and earlier, on Microsoft Windows before Vista allows remote attackers to create or modify arbitrary…

  • CVE-2007-3554Jul 4, 2007
    risk 0.04cvss epss 0.18

    Stack-based buffer overflow in the HPSDDX Class (SDD) ActiveX control in sdd.dll in HP Instant Support - Driver Check before 1.5.0.3 allows remote attackers to execute arbitrary code via a long argument to the queryHub function.

  • CVE-2007-3487Jun 29, 2007
    risk 0.04cvss epss 0.09

    Absolute path traversal in a certain ActiveX control in hpqxml.dll 2.0.0.133 in Hewlett-Packard (HP) Photo Digital Imaging allows remote attackers to create or overwrite arbitrary files via the argument to the saveXMLAsFile method.

  • CVE-2007-2791May 22, 2007
    risk 0.04cvss epss 0.06

    Unspecified vulnerability in the Secure Shell (SSH) in HP Tru64 UNIX 5.1B-4 and 5.1B-3 allows remote attackers to identify valid users via unspecified vectors, probably related to timing attacks and AuthInteractiveFailureRandomTimeout.

  • CVE-2007-0446Feb 8, 2007
    risk 0.04cvss epss 0.44

    Stack-based buffer overflow in magentproc.exe for Hewlett-Packard Mercury LoadRunner Agent 8.0 and 8.1, Performance Center Agent 8.0 and 8.1, and Monitor over Firewall 8.1 allows remote attackers to execute arbitrary code via a packet with a long server_ip_name field to TCP port…

  • CVE-2006-5558Oct 27, 2006
    risk 0.04cvss epss 0.07

    Format string vulnerability in the swask command in HP-UX B.11.11 and possibly other versions allows local users to execute arbitrary code via format string specifiers in the -s argument. NOTE: this might be a duplicate of CVE-2006-2574, but the details relating to…

  • CVE-2005-4316Dec 17, 2005
    risk 0.04cvss epss 0.07

    HP-UX B.11.00, B.11.04, B.11.11, and B.11.23 allows remote attackers to cause a denial of service via a "Rose Attack" that involves sending a subset of small IP fragments that do not form a complete, larger packet.

  • CVE-2004-1029Mar 1, 2005
    risk 0.04cvss epss 0.17

    The Sun Java Plugin capability in Java 2 Runtime Environment (JRE) 1.4.2_01, 1.4.2_04, and possibly earlier versions, does not properly restrict access between Javascript and Java applets during data transfer, which allows remote attackers to load unsafe classes and execute…

  • CVE-2003-0169Apr 11, 2003
    risk 0.04cvss epss 0.10

    hpnst.exe in the GoAhead-Webs webserver for HP Instant TopTools before 5.55 allows remote attackers to cause a denial of service (CPU consumption) via a request to hpnst.exe that calls itself, which causes an infinite loop.

  • CVE-2002-1147Oct 11, 2002
    risk 0.04cvss epss 0.07

    The HTTP administration interface for HP Procurve 4000M Switch firmware before C.09.16, with stacking features and remote administration enabled, does not authenticate requests to reset the device, which allows remote attackers to cause a denial of service via a direct request…

  • CVE-2002-1048Oct 4, 2002
    risk 0.04cvss epss 0.14

    HP JetDirect printers allow remote attackers to obtain the administrative password for the (1) web and (2) telnet services via an SNMP request to the variable (.iso.3.6.1.4.1.11.2.3.9.4.2.1.3.9.1.1.0.

  • CVE-2002-0974Sep 24, 2002
    risk 0.04cvss epss 0.14

    Help and Support Center for Windows XP allows remote attackers to delete arbitrary files via a link to the hcp: protocol that accesses uplddrvinfo.htm.

  • CVE-2002-1605Sep 2, 2002
    risk 0.04cvss epss 0.13

    Buffer overflow in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and 4.0f allows attackers to execute arbitrary code via a long _XKB_CHARSET environment variable to (1) dxpause, (2) dxconsole, or (3) dtsession.

  • CVE-2001-1162Jun 23, 2001
    risk 0.04cvss epss 0.12

    Directory traversal vulnerability in the %m macro in the smb.conf configuration file in Samba before 2.2.0a allows remote attackers to overwrite certain files via a .. in a NETBIOS name, which is used as the name for a .log file.

  • CVE-2001-0311Jun 2, 2001
    risk 0.04cvss epss 0.12

    Vulnerability in OmniBackII A.03.50 in HP 11.x and earlier allows attackers to gain unauthorized access to an OmniBack client.

  • CVE-2000-1058Dec 11, 2000
    risk 0.04cvss epss 0.16

    Buffer overflow in OverView5 CGI program in HP OpenView Network Node Manager (NNM) 6.1 and earlier allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, in the SNMP service (snmp.exe), aka the "Java SNMP MIB Browser Object ID parsing…

  • CVE-2000-0699Oct 20, 2000
    risk 0.04cvss epss 0.14

    Format string vulnerability in ftpd in HP-UX 10.20 allows remote attackers to cause a denial of service or execute arbitrary commands via format strings in the PASS command.

  • CVE-2000-0515Jun 7, 2000
    risk 0.04cvss epss 0.08

    The snmpd.conf configuration file for the SNMP daemon (snmpd) in HP-UX 11.0 is world writable, which allows local users to modify SNMP configuration or gain privileges.

  • CVE-2000-0444May 24, 2000
    risk 0.04cvss epss 0.08

    HP Web JetAdmin 6.0 allows remote attackers to cause a denial of service via a malformed URL to port 8000.

  • CVE-2000-0443May 24, 2000
    risk 0.04cvss epss 0.10

    The web interface server in HP Web JetAdmin 5.6 allows remote attackers to read arbitrary files via a .. (dot dot) attack.

  • CVE-2000-0179Feb 28, 2000
    risk 0.04cvss epss 0.10

    HP OpenView OmniBack 2.55 allows remote attackers to cause a denial of service via a large number of connections to port 5555.

  • CVE-1999-0696Jul 1, 1999
    risk 0.04cvss epss 0.12

    Buffer overflow in CDE Calendar Manager Service Daemon (rpc.cmsd).

  • CVE-2015-3145Apr 24, 2015
    risk 0.03cvss epss 0.38

    The sanitize_cookie_path function in cURL and libcurl 7.31.0 through 7.41.0 does not properly calculate an index, which allows remote attackers to cause a denial of service (out-of-bounds write and crash) or possibly have other unspecified impact via a cookie path containing…

  • CVE-2014-9412Dec 23, 2014
    risk 0.03cvss epss 0.03

    Multiple cross-site scripting (XSS) vulnerabilities in NetIQ Access Manager (NAM) 4.x before 4.1 allow remote attackers to inject arbitrary web script or HTML via (1) an arbitrary parameter to roma/jsp/debug/debug.jsp or (2) an arbitrary parameter in a debug.DumpAll action to…

  • CVE-2014-5216Dec 23, 2014
    risk 0.03cvss epss 0.03

    Multiple cross-site scripting (XSS) vulnerabilities in NetIQ Access Manager (NAM) 4.x before 4.0.1 HF3 allow remote attackers to inject arbitrary web script or HTML via (1) the location parameter in a dev.Empty action to nps/servlet/webacc, (2) the error parameter to…

  • CVE-2014-2647Oct 19, 2014
    risk 0.03cvss epss 0.03

    Cross-site scripting (XSS) vulnerability in HP Operations Agent in HP Operations Manager (formerly OpenView Communications Broker) before 11.14 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2014-5160Aug 1, 2014
    risk 0.03cvss epss 0.35

    Multiple directory traversal vulnerabilities in crs.exe in the Cell Request Service in HP Data Protector allow remote attackers to create arbitrary files via an opcode-1091 request, or create or delete arbitrary files via an opcode-305 request. NOTE: the vendor reportedly…

  • CVE-2013-6852Nov 22, 2013
    risk 0.03cvss epss 0.02

    Cross-site request forgery (CSRF) vulnerability in html/json.html on HP 2620 switches allows remote attackers to hijack the authentication of administrators for requests that change an administrative password via the setPassword method.

  • CVE-2013-4854Jul 29, 2013
    risk 0.03cvss epss 0.34

    The RFC 5011 implementation in rdata.c in ISC BIND 9.7.x and 9.8.x before 9.8.5-P2, 9.8.6b1, 9.9.x before 9.9.3-P2, and 9.9.4b1, and DNSco BIND 9.9.3-S1 before 9.9.3-S1-P1 and 9.9.4-S1b1, allows remote attackers to cause a denial of service (assertion failure and named daemon…

  • CVE-2013-3575Jun 14, 2013
    risk 0.03cvss epss 0.04

    hpdiags/frontend2/help/pageview.php in HP Insight Diagnostics 9.4.0.4710 does not properly restrict PHP include or require statements, which allows remote attackers to include arbitrary hpdiags/frontend2/help/ .html files via the path parameter.

  • CVE-2013-3574Jun 14, 2013
    risk 0.03cvss epss 0.05

    Absolute path traversal vulnerability in hpdiags/frontend2/commands/saveCompareConfig.php in HP Insight Diagnostics 9.4.0.4710 allows remote attackers to write data to arbitrary files via a full pathname in the argument to the devicePath (aka mount) parameter.

  • CVE-2013-2324Jun 6, 2013
    risk 0.03cvss epss 0.39

    Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21, 7.00, and 7.01 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1629.

  • CVE-2011-5184Sep 20, 2012
    risk 0.03cvss epss 0.03

    Multiple cross-site scripting (XSS) vulnerabilities in HP Network Node Manager i 9.10 allow remote attackers to inject arbitrary web script or HTML via the (1) node parameter to nnm/mibdiscover; (2) nodename parameter to nnm/protected/configurationpoll.jsp, (3)…

  • CVE-2012-4362Aug 20, 2012
    risk 0.03cvss epss 0.03

    hydra.exe in HP SAN/iQ before 9.5 on the HP Virtual SAN Appliance has a hardcoded password of L0CAlu53R for the global$agent account, which allows remote attackers to obtain access to a management service via a login: request to TCP port 13838.

  • CVE-2012-2986Aug 20, 2012
    risk 0.03cvss epss 0.04

    lhn/public/network/ping in HP SAN/iQ 9.5 on the HP Virtual SAN Appliance allows remote authenticated users to execute arbitrary commands via shell metacharacters in the (1) first, (2) third, or (3) fourth parameter. NOTE: this vulnerability exists because of an incomplete fix…

  • CVE-2011-4834Dec 15, 2011
    risk 0.03cvss epss 0.01

    The GetInstalledPackages function in the configuration tool in HP Application Lifestyle Management (ALM) 11 on AIX, HP-UX, and Solaris allows local users to gain privileges via (1) a Trojan horse /tmp/tmp.txt FIFO or (2) a symlink attack on /tmp/tmp.txt.

  • CVE-2009-5098Sep 13, 2011
    risk 0.03cvss epss 0.04

    The LunaSysMgr process in Palm Pre WebOS 1.1 and earlier, when not viewing web pages in landscape mode, allows remote attackers to cause a denial of service (crash) via a web page containing a long string following a refresh tag, which triggers a floating point exception.

  • CVE-2011-2403Aug 1, 2011
    risk 0.03cvss epss 0.02

    SQL injection vulnerability in HP Network Automation 7.2x, 7.5x, 7.6x, 9.0, and 9.10 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.

  • CVE-2010-4111Dec 22, 2010
    risk 0.03cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in HP Insight Diagnostics Online Edition before 8.5.1.3712 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Page 21 of 46