Vulnerabilities > HP > System Management Homepage

DATE CVE VULNERABILITY TITLE RISK
2010-09-24 CVE-2010-3283 Improper Input Validation vulnerability in HP System Management Homepage
Open redirect vulnerability in HP System Management Homepage (SMH) before 6.2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
network
hp CWE-20
4.3
4.3
2010-09-17 CVE-2010-3012 Cross-Site Scripting vulnerability in HP System Management Homepage
Cross-site scripting (XSS) vulnerability in HP System Management Homepage (SMH) before 6.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
hp CWE-79
4.3
4.3
2010-09-17 CVE-2010-3011 Improper Input Validation vulnerability in HP System Management Homepage
CRLF injection vulnerability in HP System Management Homepage (SMH) before 6.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.
network
low complexity
hp CWE-20
5.0
5.0
2010-09-15 CVE-2010-3009 Information Disclosure Vulnerability in HP System Management Homepage 6.0/6.1
Unspecified vulnerability in HP System Management Homepage (SMH) for Linux 6.0 and 6.1 allows remote authenticated users to obtain sensitive information and gain root privileges via unknown vectors.
network
low complexity
hp linux
critical
 9.0
9.0
2010-04-28 CVE-2010-1586 Improper Input Validation vulnerability in HP System Management Homepage
Open redirect vulnerability in red2301.html in HP System Management Homepage (SMH) 2.x.x.x allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the RedirectUrl parameter.
network
hp CWE-20
4.3
4.3
2010-04-23 CVE-2010-1034 Remote vulnerability in HP System Management Homepage 6.0
Unspecified vulnerability in HP System Management Homepage (SMH) 6.0 before 6.0.0-95 on Linux, and 6.0 before 6.0.0.96 on Windows, allows remote authenticated users to obtain sensitive information, modify data, and cause a denial of service via unknown vectors.
network
high complexity
hp linux microsoft
4.6
4.6
2010-02-05 CVE-2009-4185 Cross-Site Scripting vulnerability in HP System Management Homepage
Cross-site scripting (XSS) vulnerability in proxy/smhui/getuiinfo in HP System Management Homepage (SMH) before 6.0 allows remote attackers to inject arbitrary web script or HTML via the servercert parameter.
network
hp CWE-79
4.3
4.3
2009-05-19 CVE-2009-1418 Cross-Site Scripting vulnerability in HP System Management Homepage
Cross-site scripting (XSS) vulnerability in HP System Management Homepage (SMH) before 3.0.1.73 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
hp CWE-79
4.3
4.3
2008-11-04 CVE-2008-4413 Permissions, Privileges, and Access Controls vulnerability in HP System Management Homepage
Unspecified vulnerability in HP System Management Homepage (SMH) 2.2.6 and earlier on HP-UX B.11.11 and B.11.23, and SMH 2.2.6 and 2.2.8 and earlier on HP-UX B.11.23 and B.11.31, allows local users to gain "unauthorized access" via unknown vectors, possibly related to temporary file permissions.
local
low complexity
hp CWE-264
6.2
6.2
2008-10-13 CVE-2008-4411 Cross-Site Scripting vulnerability in HP System Management Homepage
Cross-site scripting (XSS) vulnerability in HP System Management Homepage (SMH) before 2.1.15.210 on Linux and Windows allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2008-1663.
network
hp CWE-79
4.3
4.3