Vulnerabilities > HP > Critical

DATE CVE VULNERABILITY TITLE RISK
2012-05-11 CVE-2012-1823 Command Injection vulnerability in multiple products
sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'd' case.
network
low complexity
php fedoraproject debian hp opensuse suse apple redhat CWE-77
critical
9.8
2005-09-02 CVE-2005-2773 Unspecified vulnerability in HP Openview Network Node Manager
HP OpenView Network Node Manager 6.2 through 7.50 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) node parameter to connectedNodes.ovpl, (2) cdpView.ovpl, (3) freeIPaddrs.ovpl, and (4) ecscmg.ovpl.
network
low complexity
hp
critical
9.8
2001-06-18 CVE-2001-0249 Incorrect Calculation of Buffer Size vulnerability in multiple products
Heap overflow in FTP daemon in Solaris 8 allows remote attackers to execute arbitrary commands by creating a long pathname and calling the LIST command, which uses glob to generate long strings.
network
low complexity
hp oracle sgi CWE-131
critical
9.8
2001-06-18 CVE-2001-0248 Incorrect Calculation of Buffer Size vulnerability in multiple products
Buffer overflow in FTP server in HPUX 11 allows remote attackers to execute arbitrary commands by creating a long pathname and calling the STAT command, which uses glob to generate long strings.
network
low complexity
sgi hp CWE-131
critical
9.8
1999-12-31 CVE-1999-1324 Improper Restriction of Excessive Authentication Attempts vulnerability in HP Openvms VAX 5.3/5.4/5.5
VAXstations running Open VMS 5.3 through 5.5-2 with VMS DECwindows or MOTIF do not properly disable access to user accounts that exceed the break-in limit threshold for failed login attempts, which makes it easier for attackers to conduct brute force password guessing.
network
low complexity
hp CWE-307
critical
9.8