Vulnerabilities > HP > System Management Homepage
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2008-07-09 | CVE-2008-1663 | Cross-Site Scripting vulnerability in HP System Management Homepage 2.1.10/2.1.11 Cross-site scripting (XSS) vulnerability in HP System Management Homepage (SMH) 2.1.10 and 2.1.11 on Linux and Windows allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2007-09-18 | CVE-2007-4931 | Unspecified vulnerability in HP System Management Homepage HP System Management Homepage (SMH) for Windows, when used in conjunction with HP Version Control Agent or Version Control Repository Manager, leaves old OpenSSL software active after an OpenSSL update, which has unknown impact and attack vectors, probably related to previous vulnerabilities for OpenSSL. | 2.1 |
| 2007-06-19 | CVE-2007-3260 | Remote Privilege Escalation vulnerability in HP System Management Homepage HP System Management Homepage (SMH) before 2.1.9 for Linux, when used with Novell eDirectory, assigns the eDirectory members to the root group, which allows remote authenticated eDirectory users to gain privileges. | 9.0 |
| 2007-06-06 | CVE-2007-3062 | Cross Site Scripting vulnerability in HP System Management Homepage (SMH) Cross-site scripting (XSS) vulnerability in HP System Management Homepage (SMH) before 2.1.2 running on Linux and Windows allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. network hp | 4.3 |
| 2006-04-13 | CVE-2006-1774 | Security Bypass vulnerability in HP Compaqhttpserver and System Management Homepage HP System Management Homepage (SMH) 2.1.3.132, when running on CompaqHTTPServer/9.9 on Windows, Linux, or Tru64 UNIX, and when "Trust by Certificates" is not enabled, allows remote attackers to bypass authentication via a crafted URL. | 7.5 |
| 2006-03-07 | CVE-2006-1023 | Directory Traversal vulnerability in HP System Management Homepage 2.0.0/2.1.4 Directory traversal vulnerability in HP System Management Homepage (SMH) 2.0.0 through 2.1.4 on Windows allows remote attackers to access certain files via unspecified vectors. | 5.0 |