Vulnerabilities > HP
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2013-06-30 | CVE-2013-2339 | Local Unauthorized Access vulnerability in HP Smart Zero Core 4.3/4.3.1 HP Smart Zero Core 4.3 and 4.3.1 on the t410 All-in-One Smart Zero Client, t410 Smart Zero Client, t510 Flexible Thin Client, t5565z Smart Client, t610 Flexible Thin Client, and t610 PLUS Flexible Thin Client allows local users to obtain sensitive information, modify data, or cause a denial of service via unknown vectors. | 4.6 |
2013-06-28 | CVE-2013-2323 | Permissions, Privileges, and Access Controls vulnerability in HP Nonstop Sql/Mx 3.0/3.1/3.2 HP SQL/MX 3.0 through 3.2 on NonStop servers, when SQL/MP Objects are used, allows remote authenticated users to bypass intended access restrictions and modify data via unspecified vectors, aka the "SQL/MP tables" issue. | 6.0 |
2013-06-28 | CVE-2013-2322 | Information Exposure vulnerability in HP Nonstop Sql/Mx HP SQL/MX 3.2 and earlier on NonStop servers, when SQL/MP Objects are used, allows remote authenticated users to obtain sensitive information via unspecified vectors, aka the "SQL/MP index" issue. | 3.5 |
2013-06-14 | CVE-2013-2338 | Remote Unauthorized Access vulnerability in HP products Unspecified vulnerability on HP Integrated Lights-Out 3 (aka iLO3) cards with firmware before 1.57 and 4 (aka iLO4) cards with firmware before 1.22, when Single-Sign-On (SSO) is used, allows remote attackers to execute arbitrary code via unknown vectors. | 10.0 |
2013-06-14 | CVE-2013-3576 | OS Command Injection vulnerability in HP System Management Homepage ginkgosnmp.inc in HP System Management Homepage (SMH) allows remote authenticated users to execute arbitrary commands via shell metacharacters in the PATH_INFO to smhutil/snmpchp.php.en. | 9.0 |
2013-06-14 | CVE-2013-2337 | Cross-Site Scripting vulnerability in HP Service Center and Service Manager Cross-site scripting (XSS) vulnerability in HP Service Manager 7.11, 9.21, 9.30, and 9.31, and ServiceCenter 6.2.8, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2013-06-14 | CVE-2013-2336 | Information Disclosure vulnerability in HP Service Manager and ServiceCenter HP Service Manager 7.11, 9.21, 9.30, and 9.31, and ServiceCenter 6.2.8, allows remote attackers to obtain sensitive information via unspecified vectors. | 5.0 |
2013-06-14 | CVE-2013-3575 | Improper Input Validation vulnerability in HP Insight Diagnostics 9.4.0.4710 hpdiags/frontend2/help/pageview.php in HP Insight Diagnostics 9.4.0.4710 does not properly restrict PHP include or require statements, which allows remote attackers to include arbitrary hpdiags/frontend2/help/ .html files via the path parameter. | 5.0 |
2013-06-14 | CVE-2013-3574 | Improper Input Validation vulnerability in HP Insight Diagnostics 9.4.0.4710 Absolute path traversal vulnerability in hpdiags/frontend2/commands/saveCompareConfig.php in HP Insight Diagnostics 9.4.0.4710 allows remote attackers to write data to arbitrary files via a full pathname in the argument to the devicePath (aka mount) parameter. | 7.8 |
2013-06-14 | CVE-2013-3573 | Improper Input Validation vulnerability in HP Insight Diagnostics 9.4.0.4710 HP Insight Diagnostics 9.4.0.4710 allows remote attackers to conduct unspecified injection attacks via unknown vectors. | 10.0 |