Vulnerabilities > HP
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2013-09-16 | CVE-2013-4812 | Improper Input Validation vulnerability in HP Identity Driven Manager and Procurve Manager UpdateCertificatesServlet in the SNAC registration server in HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20 and 4.0, and Identity Driven Manager (IDM) 4.0 does not properly validate the fileName argument, which allows remote attackers to upload .jsp files and consequently execute arbitrary code via unspecified vectors, aka ZDI-CAN-1743. | 10.0 |
| 2013-09-16 | CVE-2013-4811 | Improper Input Validation vulnerability in HP Identity Driven Manager and Procurve Manager UpdateDomainControllerServlet in the SNAC registration server in HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20 and 4.0, and Identity Driven Manager (IDM) 4.0 does not properly validate the adCert argument, which allows remote attackers to upload .jsp files and consequently execute arbitrary code via unspecified vectors, aka ZDI-CAN-1743. | 10.0 |
| 2013-09-16 | CVE-2013-4810 | Code Injection vulnerability in HP products HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20 and 4.0, Identity Driven Manager (IDM) 4.0, and Application Lifecycle Management allow remote attackers to execute arbitrary code via a marshalled object to (1) EJBInvokerServlet or (2) JMXInvokerServlet, aka ZDI-CAN-1760. | 10.0 |
| 2013-09-16 | CVE-2013-4809 | SQL Injection vulnerability in HP Identity Driven Manager and Procurve Manager Multiple SQL injection vulnerabilities in GetEventsServlet in HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20 and 4.0, and Identity Driven Manager (IDM) 4.0 allow remote attackers to execute arbitrary SQL commands via the (1) sort or (2) dir parameter. | 7.5 |
| 2013-08-28 | CVE-2013-2353 | Remote Denial of Service vulnerability in HP StoreOnce D2D Backup System Unspecified vulnerability in HP StoreOnce D2D Backup System 1.x before 1.2.19 and 2.x before 2.3.0 allows remote attackers to cause a denial of service via unknown vectors. | 7.8 |
| 2013-08-18 | CVE-2013-4808 | Authentication Bypass vulnerability in HP Service Manager Unspecified vulnerability in HP Service Manager 7.11, 9.21, 9.30, and 9.31 and Service Center 6.2.8 allows remote attackers to obtain privileged access via unknown vectors. | 10.0 |
| 2013-08-12 | CVE-2013-4806 | Information Disclosure and Denial of Service vulnerability in Multiple HP Products The OSPF implementation on HP JD9##A routers; HP J4###A, J484#B, J8###A, JD3##A, JE###A, and JF55#A switches; HP 3COM routers and switches; and HP H3C routers and switches does not consider the possibility of duplicate Link State ID values in Link State Advertisement (LSA) packets before performing operations on the LSA database, which allows remote authenticated users to cause a denial of service (routing disruption) or obtain sensitive packet information via a crafted LSA packet, a related issue to CVE-2013-0149. network hp | 7.0 |
| 2013-08-05 | CVE-2013-4807 | Information Disclosure vulnerability in Multiple HP LaserJet Pro Printers Unspecified vulnerability on the HP LaserJet Pro P1102w, P1606dn, M1212nf MFP, M1213nf MFP, M1214nfh MFP, M1216nfh MFP, M1217nfw MFP, M1218nfs MFP, and CP1025nw with firmware before 2013-07-26 20130703 allows remote attackers to modify data via unknown vectors. | 7.8 |
| 2013-08-05 | CVE-2013-4805 | Authentication Bypass vulnerability in HP Integrated Lights-Out Unspecified vulnerability in HP Integrated Lights-Out 3 (aka iLO3) firmware before 1.60 and 4 (aka iLO4) firmware before 1.30 allows remote attackers to bypass authentication via unknown vectors. | 9.0 |
| 2013-07-31 | CVE-2013-2367 | Remote Code Execution vulnerability in HP Sitescope 11.20/11.21 Multiple unspecified vulnerabilities in HP SiteScope 11.20 and 11.21, when SOAP is used, allow remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1678. | 10.0 |