Vulnerabilities > HP > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2012-01-13 | CVE-2011-4788 | Path Traversal vulnerability in HP products Absolute path traversal vulnerability in the web interface on HP StorageWorks P2000 G3 MSA array systems allows remote attackers to read arbitrary files via a pathname in the URI. | 7.8 |
2012-01-10 | CVE-2011-4785 | Information Exposure vulnerability in HP Hp-Chaisoe 1.0 Directory traversal vulnerability in the HP-ChaiSOE/1.0 web server on the HP LaserJet P3015 printer with firmware before 07.080.3, LaserJet 4650 printer with firmware 07.006.0, and LaserJet 2430 printer with firmware 08.113.0_I35128 allows remote attackers to read arbitrary files via unspecified vectors, a different vulnerability than CVE-2008-4419. | 7.8 |
2011-12-27 | CVE-2011-4169 | Unspecified vulnerability in HP Managed Printing Administration Unspecified vulnerability in HP Managed Printing Administration before 2.6.4 allows remote attackers to obtain sensitive information, modify data, or cause a denial of service via unknown vectors. | 7.5 |
2011-12-27 | CVE-2011-4168 | Path Traversal vulnerability in HP Managed Printing Administration Directory traversal vulnerability in hpmpa/jobDelivery/Default.asp in HP Managed Printing Administration before 2.6.4 allows remote attackers to create arbitrary files via crafted form data. | 7.5 |
2011-12-27 | CVE-2011-4167 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in HP Managed Printing Administration Stack-based buffer overflow in MPAUploader.dll in HP Managed Printing Administration before 2.6.4 allows remote attackers to execute arbitrary code via a long filename parameter in an uploadfile action to Default.asp. | 7.5 |
2011-12-27 | CVE-2011-4166 | Path Traversal vulnerability in HP Managed Printing Administration Directory traversal vulnerability in the MPAUploader.Uploader.1.UploadFiles method in HP Managed Printing Administration before 2.6.4 allows remote attackers to create arbitrary files via crafted form data. | 7.5 |
2011-12-05 | CVE-2011-4162 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in HP Protecttools Device Access Manager 6.0.0.10/6.0.0.9 The (1) AddUser, (2) AddUserEx, (3) RemoveUser, (4) RemoveUserByGuide, (5) RemoveUserEx, and (6) RemoveUserRegardless methods in HP Protect Tools Device Access Manager (PTDAM) before 6.1.0.1 allow remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a long SidString argument. | 7.5 |
2011-09-13 | CVE-2009-5097 | Code Injection vulnerability in HP Palm PRE Webos 1.0.2/1.0.3/1.0.4 Palm Pre WebOS 1.1 and earlier processes JavaScript in email messages, which allows remote attackers to execute arbitrary JavaScript, as demonstrated by reading PalmDatabase.db3. | 7.1 |
2011-08-11 | CVE-2011-2405 | Improper Input Validation vulnerability in HP products The HP ProLiant SL Advanced Power Manager (SL-APM) with firmware before 1.20 does not properly validate users, which allows remote attackers to cause a denial of service via unspecified vectors. | 7.8 |
2011-08-11 | CVE-2011-2404 | Code Injection vulnerability in HP Easy Printer Care Software A certain ActiveX control in HPTicketMgr.dll in HP Easy Printer Care Software 2.5 and earlier allows remote attackers to download an arbitrary program onto a client machine, and execute this program, via unspecified vectors, a different vulnerability than CVE-2011-4786 and CVE-2011-4787. | 7.5 |