Vulnerabilities > HP
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2013-12-14 | CVE-2013-4845 | Cross-Site Scripting vulnerability in HP Officejet PRO 8500 and Officejet PRO 8500 Firmware Cross-site scripting (XSS) vulnerability on HP Officejet Pro 8500 (aka A909) All-in-One printers allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2013-12-09 | CVE-2013-6427 | Code Injection vulnerability in HP Linux Imaging and Printing Project upgrade.py in the hp-upgrade service in HP Linux Imaging and Printing (HPLIP) 3.x through 3.13.11 launches a program from an http URL, which allows man-in-the-middle attackers to execute arbitrary code by gaining control over the client-server data stream. | 6.8 |
| 2013-11-29 | CVE-2013-4844 | Remote Code Execution vulnerability in HP Service Manager and ServiceCenter Unspecified vulnerability in HP Service Manager 7.11, 9.21, 9.30, 9.31, and 9.32, and ServiceCenter 6.2.8, allows remote attackers to execute arbitrary code via unknown vectors. | 7.5 |
| 2013-11-22 | CVE-2013-6852 | Cross-Site Request Forgery (CSRF) vulnerability in HP 2620-24-Poe+ Switch Cross-site request forgery (CSRF) vulnerability in html/json.html on HP 2620 switches allows remote attackers to hijack the authentication of administrators for requests that change an administrative password via the setPassword method. | 6.8 |
| 2013-11-04 | CVE-2013-4839 | Remote Code Execution vulnerability in HP LoadRunner Virtual User Generator Unspecified vulnerability in Virtual User Generator in HP LoadRunner before 11.52 allows remote attackers to obtain sensitive information, modify data, or cause a denial of service via unknown vectors, aka ZDI-CAN-1851. | 7.5 |
| 2013-11-04 | CVE-2013-4838 | Remote Code Execution vulnerability in HP LoadRunner Virtual User Generator Unspecified vulnerability in Virtual User Generator in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1850. | 10.0 |
| 2013-11-04 | CVE-2013-4837 | Remote Code Execution vulnerability in HP LoadRunner Virtual User Generator Unspecified vulnerability in Virtual User Generator in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1832. | 10.0 |
| 2013-11-04 | CVE-2013-4836 | Remote Code Execution vulnerability in Application Lifecycle Management Synchronizer Unspecified vulnerability in the GossipService SOAP Request implementation in the Synchronizer component before 1.4.2 in HP Application LifeCycle Management (ALM) allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1759. | 7.5 |
| 2013-11-04 | CVE-2013-4835 | Unspecified vulnerability in HP Sitescope The APISiteScopeImpl SOAP service in HP SiteScope 10.1x and 11.x before 11.22 allows remote attackers to bypass authentication and execute arbitrary code via a direct request to the issueSiebelCmd method, aka ZDI-CAN-1765. | 7.5 |
| 2013-11-04 | CVE-2013-4834 | Remote Code Execution vulnerability in HP Application Lifecycle Management 11.00 Unspecified vulnerability in the client component in HP Application LifeCycle Management (ALM) before 11 p11 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1327. | 7.5 |