Homepage Security Vulnerabilities

CVE-2024-24889

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Geek Code Lab All 404 Pages Redirect to Homepage allows Stored XSS.This issue affects All 404 Pages Redirect to Homepage: from n/a through...

CVE-2023-47530

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPVibes Redirect 404 Error Page to Homepage or Custom Page with Logs allows SQL Injection.This issue affects Redirect 404 Error Page to Homepage or Custom Page with Logs: from n/a through...

CVE-2023-50271

A potential security vulnerability has been identified with HP-UX System Management Homepage (SMH). This vulnerability could be exploited locally or remotely to disclose...

CVE-2022-43480

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Magneticlab Sàrl Homepage Pop-up plugin <= 1.2.5...

CVE-2022-44585

Cross-Site Request Forgery (CSRF) vulnerability in Magneticlab Sàrl Homepage Pop-up plugin <= 1.2.5...

CVE-2010-3284

Unspecified vulnerability in HP System Management Homepage (SMH) before 6.2 allows remote attackers to obtain sensitive information via unknown...

CVE-2010-3283

Open redirect vulnerability in HP System Management Homepage (SMH) before 6.2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified...

CVE-2010-3009

Unspecified vulnerability in HP System Management Homepage (SMH) for Linux 6.0 and 6.1 allows remote authenticated users to obtain sensitive information and gain root privileges via unknown...

CVE-2010-3011

CRLF injection vulnerability in HP System Management Homepage (SMH) before 6.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified...

CVE-2010-3012

Cross-site scripting (XSS) vulnerability in HP System Management Homepage (SMH) before 6.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: this issue was originally assigned CVE-2010-3010 due to a CNA...

CVE-2012-2014

HP System Management Homepage (SMH) before 7.1.1 does not properly validate input, which allows remote authenticated users to have an unspecified impact via unknown...

CVE-2012-2016

Unspecified vulnerability in HP System Management Homepage (SMH) before 7.1.1 allows local users to obtain sensitive information via unknown...

CVE-2012-2012

HP System Management Homepage (SMH) before 7.1.1 does not have an off autocomplete attribute for unspecified form fields, which makes it easier for remote attackers to obtain access by leveraging an unattended...

CVE-2012-2013

Unspecified vulnerability in HP System Management Homepage (SMH) before 7.1.1 allows remote attackers to cause a denial of service, or possibly obtain sensitive information or modify data, via unknown...

CVE-2012-2015

Unspecified vulnerability in HP System Management Homepage (SMH) before 7.1.1 allows remote authenticated users to gain privileges and obtain sensitive information via unknown...

CVE-2012-5217

HP System Management Homepage (SMH) before 7.2.1 allows remote attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors, a different vulnerability than...

CVE-2011-3846

Cross-site request forgery (CSRF) vulnerability in HP System Management Homepage (SMH) 6.2.2.7 allows remote attackers to hijack the authentication of administrators for requests that create administrative...

CVE-2013-2360

Unspecified vulnerability in HP System Management Homepage (SMH) before 7.2.1 allows remote authenticated users to cause a denial of service via unknown vectors, a different vulnerability than CVE-2013-2357, CVE-2013-2358, and...

CVE-2013-2361

Cross-site scripting (XSS) vulnerability in HP System Management Homepage (SMH) before 7.2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified...

CVE-2013-2355

HP System Management Homepage (SMH) before 7.2.1 allows remote attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors, a different vulnerability than...

CVE-2013-2359

Unspecified vulnerability in HP System Management Homepage (SMH) before 7.2.1 allows remote authenticated users to cause a denial of service via unknown vectors, a different vulnerability than CVE-2013-2357, CVE-2013-2358, and...

CVE-2013-2358

Unspecified vulnerability in HP System Management Homepage (SMH) before 7.2.1 allows remote authenticated users to cause a denial of service via unknown vectors, a different vulnerability than CVE-2013-2357, CVE-2013-2359, and...

CVE-2013-2362

Unspecified vulnerability in HP System Management Homepage (SMH) before 7.2.1 allows local users to cause a denial of service via unknown vectors, aka...

CVE-2013-2363

HP System Management Homepage (SMH) before 7.2.1 allows remote attackers to obtain sensitive information via unspecified vectors, a different vulnerability than...

CVE-2013-2364

Cross-site scripting (XSS) vulnerability in HP System Management Homepage (SMH) before 7.2.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified...

CVE-2013-4821

Unspecified vulnerability in HP System Management Homepage (SMH) before 7.2.1 allows remote authenticated users to cause a denial of service via unknown...

CVE-2013-2357

Unspecified vulnerability in HP System Management Homepage (SMH) before 7.2.1 allows remote authenticated users to cause a denial of service via unknown vectors, a different vulnerability than CVE-2013-2358, CVE-2013-2359, and...

CVE-2013-2356

HP System Management Homepage (SMH) before 7.2.1 allows remote attackers to obtain sensitive information via unspecified vectors, a different vulnerability than...

CVE-2022-36344

An unquoted search path vulnerability exists in 'JustSystems JUST Online Update for J-License' bundled with multiple products for corporate users as in Ichitaro through Pro5 and others. Since the affected product starts another program with an unquoted file path, a malicious file may be executed...

CVE-2022-30998

Multiple Authenticated (subscriber or higher user role) SQL Injection (SQLi) vulnerabilities in WooPlugins.co's Homepage Product Organizer for WooCommerce plugin <= 1.1 at...

CVE-2022-31548

The nrlakin/homepage repository through 2017-03-06 on GitHub allows absolute path traversal because the Flask send_file function is used...

CVE-2021-24767

The Redirect 404 Error Page to Homepage or Custom Page with Logs WordPress plugin before 1.7.9 does not check for CSRF when deleting logs, which could allow attacker to make a logged in admin delete them via a CSRF...

CVE-2021-24326

The tab parameter of the settings page of the All 404 Redirect to Homepage WordPress plugin before 1.21 was vulnerable to an authenticated reflected Cross-Site Scripting (XSS) issue as user input was not properly sanitised before being output in an...

CVE-2021-24324

The 404 SEO Redirection WordPress plugin through 1.3 is lacking CSRF checks in all its settings, allowing attackers to make a logged in user change the plugin's settings. Due to the lack of sanitisation and escaping in some fields, it could also lead to Stored Cross-Site Scripting...

CVE-2017-12551

A local arbitrary execution of commands vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was...

CVE-2017-12544

A cross-site scripting vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was...

CVE-2017-12546

A local buffer overflow vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was...

CVE-2017-12549

A local authentication bypass vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was...

CVE-2017-12550

A local security misconfiguration vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was...

CVE-2017-12552

A local arbitrary execution of commands vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was...

CVE-2017-12547

A local arbitrary command execution vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was...

CVE-2017-12545

A remote denial of service vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was...

CVE-2017-12548

A local arbitrary command execution vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was...

CVE-2017-12553

A local authentication bypass vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was...

CVE-2016-4396

HPE System Management Homepage before v7.6 allows remote attackers to have an unspecified impact via unknown vectors, related to a "Buffer Overflow"...

CVE-2016-4395

HPE System Management Homepage before v7.6 allows remote attackers to have an unspecified impact via unknown vectors, related to a "Buffer Overflow"...

CVE-2016-4394

HPE System Management Homepage before v7.6 allows remote attackers to obtain sensitive information via unspecified vectors, related to an "HSTS"...

CVE-2016-4393

HPE System Management Homepage before v7.6 allows "remote authenticated" attackers to obtain sensitive information via unspecified vectors, related to an "XSS"...

CVE-2016-5388

Apache Tomcat 7.x through 7.0.70 and 8.x through 8.5.4, when the CGI Servlet is enabled, follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an.....

CVE-2016-5387

The Apache HTTP Server through 2.4.23 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary....