VYPR

Vendor CVEs

Microfocus

All CVEs

2,285 total · sorted by risk
  • CVE-2013-3574Jun 14, 2013
    risk 0.03cvss epss 0.05

    Absolute path traversal vulnerability in hpdiags/frontend2/commands/saveCompareConfig.php in HP Insight Diagnostics 9.4.0.4710 allows remote attackers to write data to arbitrary files via a full pathname in the argument to the devicePath (aka mount) parameter.

  • CVE-2013-2324Jun 6, 2013
    risk 0.03cvss epss 0.39

    Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21, 7.00, and 7.01 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1629.

  • CVE-2011-5184Sep 20, 2012
    risk 0.03cvss epss 0.03

    Multiple cross-site scripting (XSS) vulnerabilities in HP Network Node Manager i 9.10 allow remote attackers to inject arbitrary web script or HTML via the (1) node parameter to nnm/mibdiscover; (2) nodename parameter to nnm/protected/configurationpoll.jsp, (3)…

  • CVE-2012-4362Aug 20, 2012
    risk 0.03cvss epss 0.03

    hydra.exe in HP SAN/iQ before 9.5 on the HP Virtual SAN Appliance has a hardcoded password of L0CAlu53R for the global$agent account, which allows remote attackers to obtain access to a management service via a login: request to TCP port 13838.

  • CVE-2012-2986Aug 20, 2012
    risk 0.03cvss epss 0.04

    lhn/public/network/ping in HP SAN/iQ 9.5 on the HP Virtual SAN Appliance allows remote authenticated users to execute arbitrary commands via shell metacharacters in the (1) first, (2) third, or (3) fourth parameter. NOTE: this vulnerability exists because of an incomplete fix…

  • CVE-2011-4834Dec 15, 2011
    risk 0.03cvss epss 0.01

    The GetInstalledPackages function in the configuration tool in HP Application Lifestyle Management (ALM) 11 on AIX, HP-UX, and Solaris allows local users to gain privileges via (1) a Trojan horse /tmp/tmp.txt FIFO or (2) a symlink attack on /tmp/tmp.txt.

  • CVE-2009-5098Sep 13, 2011
    risk 0.03cvss epss 0.04

    The LunaSysMgr process in Palm Pre WebOS 1.1 and earlier, when not viewing web pages in landscape mode, allows remote attackers to cause a denial of service (crash) via a web page containing a long string following a refresh tag, which triggers a floating point exception.

  • CVE-2011-2403Aug 1, 2011
    risk 0.03cvss epss 0.02

    SQL injection vulnerability in HP Network Automation 7.2x, 7.5x, 7.6x, 9.0, and 9.10 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.

  • CVE-2010-4111Dec 22, 2010
    risk 0.03cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in HP Insight Diagnostics Online Edition before 8.5.1.3712 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2010-3003Sep 10, 2010
    risk 0.03cvss epss 0.04

    Cross-site scripting (XSS) vulnerability in HP Insight Diagnostics Online Edition before 8.5.0-11 on Linux allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2010-3007Sep 9, 2010
    risk 0.03cvss epss 0.05

    Unspecified vulnerability in HP Data Protector Express, and Data Protector Express Single Server Edition (SSE), 3.x before build 56936 and 4.x before build 56906 allows local users to gain privileges or cause a denial of service via unknown vectors.

  • CVE-2009-2684Oct 13, 2009
    risk 0.03cvss epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in Jetdirect and the Embedded Web Server (EWS) on certain HP LaserJet and Color LaserJet printers, and HP Digital Senders, allow remote attackers to inject arbitrary web script or HTML via the (1) Product_URL or (2) Tech_URL…

  • CVE-2009-1422Jul 14, 2009
    risk 0.03cvss epss 0.05

    Unspecified vulnerability in HP ProCurve Threat Management Services zl Module (J9155A) ST.1.0.090213 and earlier allows remote attackers to gain privileges via unknown vectors, aka PR_41209.

  • CVE-2008-0952Jun 4, 2008
    risk 0.03cvss epss 0.06

    The AppendStringToFile function in the HPISDataManagerLib.Datamgr ActiveX control in HPISDataManager.dll in HP Instant Support before 1.0.0.24 allows remote attackers to create files with arbitrary content via a full pathname in the first argument and the content in the second…

  • CVE-2008-0068Apr 16, 2008
    risk 0.03cvss epss 0.05

    Directory traversal vulnerability in OpenView5.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to read arbitrary files via directory traversal sequences in the Action parameter.

  • CVE-2007-6513Dec 21, 2007
    risk 0.03cvss epss 0.02

    HP eSupportDiagnostics ActiveX control (hpediag.dll) 1.0.11.0 exports dangerous methods, which allows remote attackers to (1) read arbitrary files via the ReadTextFile method, or (2) read arbitrary registry values via the ReadValue method.

  • CVE-2007-3649Jul 10, 2007
    risk 0.03cvss epss 0.05

    Absolute path traversal vulnerability in a certain ActiveX control in hpqvwocx.dll 2.1.0.556 in Hewlett-Packard (HP) Digital Imaging allows remote attackers to create or overwrite arbitrary files via the second argument to the SaveToFile method.

  • CVE-2007-2656May 14, 2007
    risk 0.03cvss epss 0.04

    Stack-based buffer overflow in the Hewlett-Packard (HP) Magview ActiveX control in hpqvwocx.dll 1.0.0.309 allows remote attackers to cause a denial of service (application crash) and possibly have other impact via a long argument to the DeleteProfile method.

  • CVE-2007-2553May 9, 2007
    risk 0.03cvss epss 0.01

    Unspecified vulnerability in dop in HP Tru64 UNIX 5.1B-4, 5.1B-3, and 5.1A PK6 allows local users to gain privileges via a large amount of data in the environment, as demonstrated by a long environment variable.

  • CVE-2007-1882Apr 6, 2007
    risk 0.03cvss epss 0.06

    qcbin/servlet/tdservlet/TDAPI_GeneralWebTreatment in HP Mercury Quality Center 9.0 build 9.1.0.4352 allows remote authenticated users to execute arbitrary SQL commands via the RunQuery method.

  • CVE-2007-1772Mar 30, 2007
    risk 0.03cvss epss 0.03

    The FTP service in HP JetDirect print servers allows remote attackers to cause a denial of service (engine crash) via a RETR command with a long pathname.

  • CVE-2007-0805Feb 7, 2007
    risk 0.03cvss epss 0.01

    The ps (/usr/ucb/ps) command on HP Tru64 UNIX 5.1 1885 allows local users to obtain sensitive information, including environment variables of arbitrary processes, via the "auxewww" argument, a similar issue to CVE-1999-1587.

  • CVE-2007-0161Jan 10, 2007
    risk 0.03cvss epss 0.01

    The PML Driver HPZ12 (HPZipm12.exe) in the HP all-in-one drivers, as used by multiple HP products, uses insecure SERVICE_CHANGE_CONFIG DACL permissions, which allows local users to gain privileges and execute arbitrary programs, as demonstrated by modifying the binpath argument,…

  • CVE-2006-5557Oct 27, 2006
    risk 0.03cvss epss 0.01

    Stack-based buffer overflow in the (1) swpackage and (2) swmodify commands in HP-UX B.11.11 and possibly other versions allows local users to execute arbitrary code via a long -S argument. NOTE: this might be a duplicate of CVE-2006-2574, but the details relating to…

  • CVE-2006-5556Oct 27, 2006
    risk 0.03cvss epss 0.01

    Buffer overflow in the localtime_r function, and certain other functions, in libc in HP-UX B.11.11 and possibly other versions allows local users to execute arbitrary code via a long TZ environment variable.

  • CVE-2006-1654Apr 6, 2006
    risk 0.03cvss epss 0.05

    Directory traversal vulnerability in the HP Color LaserJet 2500 Toolbox and Color LaserJet 4600 Toolbox on Microsoft Windows before 20060402 allows remote attackers to read arbitrary files via a .. (dot dot) in an HTTP GET request to TCP port 5225.

  • CVE-2005-1370May 3, 2005
    risk 0.03cvss epss 0.06

    Unknown vulnerability in Radia Management Agent (RMA) in HP OpenView Radia Management Portal (RMP) 1.x and 2.x allows remote attackers to execute arbitrary commands via unknown vectors.

  • CVE-2004-2748Dec 31, 2004
    risk 0.03cvss epss 0.05

    viewreport.pl in NetIQ WebTrends Reporting Center Enterprise Edition 6.1a allows remote attackers to determine the installation path via an invalid profileid parameter, which leaks the pathname in an error message.

  • CVE-2004-0492Aug 6, 2004
    risk 0.03cvss epss 0.34

    Heap-based buffer overflow in proxy_util.c for mod_proxy in Apache 1.3.25 to 1.3.31 allows remote attackers to cause a denial of service (process crash) and possibly execute arbitrary code via a negative Content-Length HTTP header field, which causes a large amount of data to be…

  • CVE-2003-1358Dec 31, 2003
    risk 0.03cvss epss 0.01

    rs.F300 for HP-UX 10.0 through 11.22 uses the PATH environment variable to find and execute programs such as rm while operating at raised privileges, which allows local users to gain privileges by modifying the path to point to a malicious rm program.

  • CVE-2003-1097Dec 31, 2003
    risk 0.03cvss epss 0.04

    Buffer overflow in rexec on HP-UX B.10.20, B.11.00, and B.11.04, when setuid root, may allow local users to gain privileges via a long -l option.

  • CVE-2003-1375Dec 31, 2003
    risk 0.03cvss epss 0.02

    Buffer overflow in wall for HP-UX 10.20 through 11.11 may allow local users to execute arbitrary code by calling wall with a large file as an argument.

  • CVE-2003-1359Dec 31, 2003
    risk 0.03cvss epss 0.01

    Buffer overflow in stmkfont utility of HP-UX 10.0 through 11.22 allows local users to gain privileges via a long command line argument.

  • CVE-2003-1461Dec 31, 2003
    risk 0.03cvss epss 0.02

    Buffer overflow in rwrite for HP-UX 11.0 could allow local users to execute arbitrary code via a long argument. NOTE: the vendor was unable to reproduce the problem on a system that had been patched for an lp vulnerability (CVE-2002-1473).

  • CVE-2003-0089Dec 15, 2003
    risk 0.03cvss epss 0.01

    Buffer overflow in the Software Distributor utilities for HP-UX B.11.00 and B.11.11 allows local users to execute arbitrary code via a long LANG environment variable to setuid programs such as (1) swinstall and (2) swmodify.

  • CVE-2003-0840Nov 17, 2003
    risk 0.03cvss epss 0.01

    Buffer overflow in dtprintinfo on HP-UX 11.00, and possibly other operating systems, allows local users to gain root privileges via a long DISPLAY environment variable.

  • CVE-2002-1473Apr 22, 2003
    risk 0.03cvss epss 0.04

    Multiple buffer overflows in lp subsystem for HP-UX 10.20 through 11.11 (11i) allow local users to cause a denial of service and possibly execute arbitrary code.

  • CVE-2002-1513Apr 2, 2003
    risk 0.03cvss epss 0.01

    The UCX POP server in HP TCP/IP services for OpenVMS 4.2 through 5.3 allows local users to truncate arbitrary files via the -logfile command line option, which overrides file system permissions because the server runs with the SYSPRV and BYPASS privileges.

  • CVE-2002-0370Oct 10, 2002
    risk 0.03cvss epss 0.43

    Buffer overflow in the ZIP capability for multiple products allows remote attackers to cause a denial of service or execute arbitrary code via ZIP files containing entries with long filenames, including (1) Microsoft Windows 98 with Plus! Pack, (2) Windows XP, (3) Windows ME,…

  • CVE-2002-0991Oct 4, 2002
    risk 0.03cvss epss 0.02

    Buffer overflows in the cifslogin command for HP CIFS/9000 Client A.01.06 and earlier, based on the Sharity package, allows local users to gain root privileges via long (1) -U, (2) -D, (3) -P, (4) -S, (5) -N, or (6) -u parameters.

  • CVE-2002-1614Sep 9, 2002
    risk 0.03cvss epss 0.02

    Buffer overflow in HP Tru64 UNIX allows local users to execute arbitrary code via a long argument to /usr/bin/at.

  • CVE-2002-1616Aug 1, 2002
    risk 0.03cvss epss 0.04

    Multiple buffer overflows in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and 4.0f allow local users to gain root privileges via (1) su, (2) chsh, (3) passwd, (4) chfn, (5) dxchpwd, and (6) libc.

  • CVE-2002-0250May 29, 2002
    risk 0.03cvss epss 0.04

    Web configuration utility in HP AdvanceStack hubs J3200A through J3210A with firmware version A.03.07 and earlier, allows unauthorized users to bypass authentication via a direct HTTP request to the web_access.html file, which allows the user to change the switch's configuration…

  • CVE-2001-0979Sep 3, 2001
    risk 0.03cvss epss 0.02

    Buffer overflow in swverify in HP-UX 11.0, and possibly other programs, allows local users to gain privileges via a long command line argument.

  • CVE-2001-0208Jun 2, 2001
    risk 0.03cvss epss 0.01

    MicroFocus Cobol 4.1, with the AppTrack feature enabled, installs the mfaslmf directory and the nolicense file with insecure permissions, which allows local users to gain privileges by modifying files.

  • CVE-2000-1134Jan 9, 2001
    risk 0.03cvss epss 0.01

    Multiple shell programs on various Unix systems, including (1) tcsh, (2) csh, (3) sh, and (4) bash, follow symlinks when processing << redirects (aka here-documents or in-here documents), which allows local users to overwrite files of other users via a symlink attack.

  • CVE-2000-1127Jan 9, 2001
    risk 0.03cvss epss 0.01

    registrar in the HP resource monitor service allows local users to read and modify arbitrary files by renaming the original registrar.log log file and creating a symbolic link to the target file, to which registrar appends log information and sets the permissions to be world…

  • CVE-2000-1028Dec 11, 2000
    risk 0.03cvss epss 0.01

    Buffer overflow in cu program in HP-UX 11.0 may allow local users to gain privileges via a long -l command line argument.

  • CVE-2000-0702Oct 20, 2000
    risk 0.03cvss epss 0.01

    The net.init rc script in HP-UX 11.00 (S008net.init) allows local users to overwrite arbitrary files via a symlink attack that points from /tmp/stcp.conf to the targeted file.

  • CVE-2000-0636Jul 19, 2000
    risk 0.03cvss epss 0.04

    HP JetDirect printers versions G.08.20 and H.08.20 and earlier allow remote attackers to cause a denial of service via a malformed FTP quote command.

Page 22 of 46