Lucene search
K
HpSystem Management Homepage

78 matches found

CVE
CVE
added 2016/07/19 1:0 a.m.1521 views

CVE-2016-5387

CVE-2016-5387 affects Apache httpd prior to 2.4.25, where RFC 3875 compliance allows untrusted HTTP_PROXY data to influence outbound proxy selection via a crafted Proxy header (the httpoxy issue). Public docs indicate the issue arises from the HTTP_PROXY environment variable being exposed to appl...

8.1CVSS8AI score0.55724EPSS
CVE
CVE
added 2015/12/28 11:0 p.m.1027 views

CVE-2015-8651

CVE-2015-8651 is an Adobe Flash Player vulnerability described as an integer overflow that enables remote code execution. The initial entry lists affected Flash Player versions on Windows, OS X, and Linux, and notes exploitation to run arbitrary code via unspecified vectors. Connected sources con...

9.3CVSS9.6AI score0.67922EPSS
In wild
CVE
CVE
added 2015/06/23 9:0 p.m.982 views

CVE-2015-3113

CVE-2015-3113 is a heap-based buffer overflow in Adobe Flash Player affecting Windows/macOS Flash parsing of FLV data, exploited in the wild in June 2015. Affected versions: Flash Player before 13.0.0.296, and 14.x up to 18.x before 18.0.0.194 on Windows/macOS; before 11.2.202.468 on Linux. The f...

10CVSS8.2AI score0.9994EPSS
In wild
CVE
CVE
added 2016/07/19 1:0 a.m.452 views

CVE-2016-5385

CVE-2016-5385 affects PHP up to 7.0.8, where PHP did not protect against the HTTP_PROXY namespace clash, potentially allowing a remote attacker to redirect a script’s outbound HTTP traffic to an attacker‑controlled proxy via a crafted Proxy header. Public analyses reference CGI/CGI‑like environme...

8.1CVSS8AI score0.50427EPSS
CVE
CVE
added 2016/07/19 1:0 a.m.321 views

CVE-2016-5388

The CVE-2016-5388 issue affects Apache Tomcat (CGI Servlet enabled) where Proxy header handling exposes HTTP_PROXY data to CGI scripts, enabling redirection of outbound requests to a attacker-controlled proxy (httpoxy). Public advisories across multiple distributions confirm Tomcat 7.x up to 7.0....

8.1CVSS6.8AI score0.50896EPSS
CVE
CVE
added 2016/05/22 1:0 a.m.301 views

CVE-2016-4543

CVE-2016-4543 affects PHP’s exif.c in the Exif extension: the exif_process_IFD_in_JPEG function does not validate IFD sizes, allowing remote crafted headers to trigger out-of-bounds reads and potential DoS. Affected are PHP releases before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6. Mitiga...

9.8CVSS7.8AI score0.12179EPSS
CVE
CVE
added 2015/06/09 6:0 p.m.270 views

CVE-2015-4024

The CVE-2015-4024 entry describes an algorithmic complexity DoS in PHP’s multipart HTTP POST handling (multipart_buffer_headers in main/rfc1867.c). Attackers can cause high CPU usage with specially crafted form data, affecting PHP versions prior to 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5....

5CVSS7.3AI score0.50129EPSS
CVE
CVE
added 2011/04/29 10:0 p.m.168 views

CVE-2011-1541

HP System Management Homepage (SMH) for Linux/Windows is affected by an unspecified vulnerability in SMH before version 6.3 that could allow remote attackers to bypass access restrictions and execute arbitrary code via unknown vectors. This CVE-2011-1541 entry is corroborated by multiple sources ...

10CVSS7.4AI score0.12111EPSS
CVE
CVE
added 2015/04/24 2:0 p.m.162 views

CVE-2015-3143

The connected documents provide concrete details for CVE-2015-3143: in curl and libcurl, versions 7.10.6 through 7.41.0 failed to properly re-use NTLM connections, enabling a remote attacker to connect as another user via an unauthenticated request (NTLM/Negotiate authentication interaction). Thi...

5CVSS7.3AI score0.16222EPSS
CVE
CVE
added 2015/04/24 2:0 p.m.153 views

CVE-2015-3148

CVE-2015-3148 affects curl and libcurl (versions 7.10.6 through 7.41.0). The issue is improper reuse of authenticated Negotiate connections, which could allow a remote attacker to perform requests as another user by manipulating a connection during a request. The connected sources corroborate the...

5CVSS9.1AI score0.17942EPSS
CVE
CVE
added 2013/07/19 6:0 p.m.148 views

CVE-2013-2362

HP System Management Homepage (SMH) CVE-2013-2362 describes a stack buffer overflow in the iprange parameter handling (proxy/DataValidation) that allows a remote, unauthenticated attacker to execute arbitrary code on Windows targets as SYSTEM. The vulnerability is associated with ZDI-1676 and aff...

2.1CVSS6AI score0.00527EPSS
CVE
CVE
added 2016/03/18 10:0 a.m.141 views

CVE-2016-1995

HP System Management Homepage (SMH) is affected prior to version 7.5.4. The OpenVAS/Nessus entries indicate an unspecified remote code execution vulnerability that can allow a remote attacker to take control of the system. No detailed exploit vectors or root-cause are provided in the connected do...

10CVSS9.7AI score0.10238EPSS
CVE
CVE
added 2015/04/24 2:0 p.m.134 views

CVE-2015-3145

CVE-2015-3145 affects curl/libcurl 7.31.0 through 7.41.0. The sanitize_cookie_path function can miscompute an index, enabling a remote attacker to cause a denial of service via an out-of-bounds write when the cookie path consists only of a double-quote character. Connected sources corroborate the...

7.5CVSS9.4AI score0.3763EPSS
CVE
CVE
added 2015/06/22 7:0 p.m.128 views

CVE-2015-3237

The CVE-2015-3237 issue affects curl/libcurl 7.40.0–7.42.1. In the smb_request_state() handler, two length and offset values parsed from network data are used without proper boundary checks, enabling a remote SMB server to read memory contents or trigger a crash. Impacts include information discl...

6.4CVSS8.1AI score0.09334EPSS
CVE
CVE
added 2010/04/28 10:0 p.m.119 views

CVE-2010-1586

HP System Management Homepage (SMH) 2.x.x.x contains an open redirect in red2301.html that can be exploited via the RedirectUrl parameter to send users to arbitrary sites, enabling phishing. The vulnerability is documented as CVE-2010-1586 with a CVSS 2.0 base score of 4.3 (AV:N/AC:M/Au:N/C:N/I:P...

4.3CVSS6.8AI score0.09659EPSS
CVE
CVE
added 2012/06/29 10:0 p.m.119 views

CVE-2012-2012

HP System Management Homepage (SMH) versions before 7.1.1 are affected by CVE-2012-2012 due to the absence of an off autocomplete attribute for unspecified form fields, enabling remote attackers to gain access by abusing an unattended workstation. The vulnerability is documented across multiple s...

10CVSS6.8AI score0.05364EPSS
CVE
CVE
added 2013/06/14 6:0 p.m.113 views

CVE-2013-3576

CVE-2013-3576 affects HP System Management Homepage (SMH); ginkgosnmp.inc uses the last URL path segment in an exec call, enabling remote authenticated users to execute arbitrary commands via PATH_INFO (e.g., snmhutil/snmpchp.php.en). Impact: remote code execution with full privileges on the HP S...

9CVSS7.1AI score0.66592EPSS
Web
CVE
CVE
added 2006/04/13 10:0 a.m.112 views

CVE-2006-1774

CVE-2006-1774 affects HP System Management Homepage (SMH) version 2.1.3.132 when run on CompaqHTTPServer/9.9 across Windows, Linux, or Tru64 UNIX. The issue arises if Trust by Certificates is not enabled, allowing remote attackers to bypass authentication via a crafted URL. The NVD entry outlines...

7.5CVSS6.9AI score0.02921EPSS
CVE
CVE
added 2012/06/29 10:0 p.m.107 views

CVE-2012-2013

HP System Management Homepage (SMH) is affected by CVE-2012-2013. The vulnerability affects SMH before version 7.1.1, allowing remote attackers to cause a denial of service or potentially obtain sensitive information or modify data via unknown vectors. No concrete exploit details are provided in ...

7.5CVSS7.2AI score0.03894EPSS
CVE
CVE
added 2011/04/29 10:0 p.m.94 views

CVE-2011-1540

CVE-2011-1540 affects HP System Management Homepage (SMH) prior to version 6.3. The issue allows remote authenticated users to execute arbitrary code via unknown vectors, with CVSS v2 base score 9.0 (high) and full impact to confidentiality, integrity, and availability. HP’s security bulletin not...

9CVSS7.4AI score0.04744EPSS
CVE
CVE
added 2018/02/15 10:0 p.m.91 views

CVE-2017-12544

CVE-2017-12544 concerns HPE System Management Homepage (SMH) prior to version 7.6.1, where a cross-site scripting (XSS) vulnerability allows an attacker to execute arbitrary script in a user’s browser (in the context of the affected site) and could enable cookie-based credential theft. The Nuclei...

5.4CVSS5.3AI score0.04601EPSS
CVE
CVE
added 2012/06/29 10:0 p.m.85 views

CVE-2012-2015

Technical details (affected versions, root cause, exploit specifics) are not publicly provided in the supplied documents. Monitor for updates.

9CVSS6.2AI score0.03049EPSS
CVE
CVE
added 2010/09/24 6:0 p.m.80 views

CVE-2010-3283

HP System Management Homepage (SMH) is affected by an open redirect vulnerability (CVE-2010-3283) present in SMH versions prior to 6.2. An attacker can redirect users to arbitrary sites, enabling phishing-like scenarios via unspecified vectors. The issue is documented across multiple sources, inc...

4.3CVSS6.7AI score0.01431EPSS
CVE
CVE
added 2010/09/24 6:0 p.m.80 views

CVE-2010-3284

HP System Management Homepage (SMH) before version 6.2 is affected by a remote information-disclosure vulnerability (CVE-2010-3284). HP’s security bulletin HPSBMA02578 and Red Hat advisory confirm the impact and that upgrading to SMH 6.2 or later mitigates/remediates the issue. The CVSS 2.0 base ...

4.3CVSS6.2AI score0.01611EPSS
CVE
CVE
added 2018/02/15 10:0 p.m.80 views

CVE-2017-12548

CVE-2017-12548 affects HPE System Management Homepage (SMH) on Windows and Linux before version 7.6.1. The issue is a local arbitrary command execution vulnerability that can be exploited by an attacker with local access and sufficient privileges to run arbitrary OS commands within SMH. According...

5.6CVSS6.5AI score0.00416EPSS
CVE
CVE
added 2018/02/15 10:0 p.m.78 views

CVE-2017-12553

CVE-2017-12553 is a local authentication bypass vulnerability in the HP System Management Homepage (SMH) for Windows and Linux, affecting versions prior to 7.6.1. The underlying issue allows an attacker with local access to bypass authentication and gain unauthorized access via the SMH web interf...

5.6CVSS6.4AI score0.00316EPSS
CVE
CVE
added 2010/09/15 5:26 p.m.76 views

CVE-2010-3009

HP System Management Homepage (SMH) for Linux 6.0/6.1 contains an unspecified vulnerability that could allow remote authenticated users to disclose sensitive information and potentially gain root privileges via unknown vectors. HP’s security bulletin HPSBMA02566/SSRT100045 rev.1 notes only 6.0/6....

9CVSS6AI score0.03379EPSS
CVE
CVE
added 2014/10/02 12:0 a.m.75 views

CVE-2014-2641

HP System Management Homepage (SMH) is affected by CVE-2014-2641: a CSRF vulnerability in SMH before version 7.4 allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors. The issue is documented across multiple feeds, with the vulnerability stemmin...

6CVSS6.7AI score0.0086EPSS
CVE
CVE
added 2014/10/02 12:0 a.m.74 views

CVE-2014-2642

CVE-2014-2642 applies to HP System Management Homepage (SMH) prior to version 7.4, with a clickjacking vulnerability described in multiple sources (HP Security Bulletin HPSBMU03112 rev.1 and related CVE mappings). The connected documents confirm the affected product and the specific issue (clickj...

4.3CVSS6.7AI score0.02411EPSS
CVE
CVE
added 2009/05/19 7:0 p.m.71 views

CVE-2009-1418

CVE-2009-1418 affects HP System Management Homepage (SMH) prior to version 3.0.1.73. The vulnerability is a remote cross-site scripting (XSS) flaw allowing injection of arbitrary script/HTML via unspecified vectors in SMH’s web interface. Affected platforms include SMH running on Linux and Window...

4.3CVSS5.7AI score0.02855EPSS
CVE
CVE
added 2018/02/15 10:0 p.m.71 views

CVE-2017-12546

HP System Management Homepage (SMH) before version 7.6.1 is affected by a local buffer overflow vulnerability in its web interface. The issue can allow arbitrary code execution or a denial of service when an attacker logs in to the affected system. Remediation: upgrade SMH to version 7.6.1 or new...

5.6CVSS6.5AI score0.00352EPSS
CVE
CVE
added 2010/04/23 2:0 p.m.70 views

CVE-2010-1034

HP System Management Homepage (SMH) vulnerable: Windows versions prior to 6.0.0.96 and Linux x86/AMD64 prior to 6.0.0-95 are affected by CVE-2010-1034. An unspecified remote-authenticated attacker can obtain sensitive data, modify data, or cause a DoS via unknown vectors. Remediation per HP bulle...

4.6CVSS6.3AI score0.01797EPSS
CVE
CVE
added 2013/07/19 6:0 p.m.70 views

CVE-2013-2364

CVE-2013-2364 is an XSS flaw in HP System Management Homepage (SMH) prior to v7.2.1. Remote authenticated users could inject arbitrary web scripts via unspecified vectors, potentially impacting confidentiality and integrity of SMH sessions. Public records consistently cite SMH

3.5CVSS5.2AI score0.01348EPSS
CVE
CVE
added 2012/06/29 10:0 p.m.69 views

CVE-2012-2014

HP System Management Homepage (SMH) before 7.1.1 has an input validation issue that can be exploited by remote authenticated users to impact confidentiality, integrity, and availability via unknown vectors. The vulnerability is documented under CVE-2012-2014 and is referenced in Red Hat and OpenV...

9CVSS6.5AI score0.03049EPSS
CVE
CVE
added 2013/07/19 6:0 p.m.69 views

CVE-2013-2357

HP System Management Homepage (SMH) vulnerability CVE-2013-2357 affects SMH prior to version 7.2.1. The issue allows remote authenticated users to cause a Denial of Service via unknown vectors (as part of a set including CVE-2013-2358/2359/2360). HP’s security bulletin notes remediation by upgrad...

4CVSS6.1AI score0.0185EPSS
CVE
CVE
added 2013/07/19 6:0 p.m.68 views

CVE-2013-2356

HP System Management Homepage (SMH) before 7.2.1 is vulnerable to remote information disclosure via unspecified vectors. The security bulletin notes SMH v7.2.0 and earlier on Linux/Windows and lists an upgrade to SMH 7.2.1 or later as the fix. Affected component: HP SMH; root cause details are no...

5CVSS6.1AI score0.03334EPSS
CVE
CVE
added 2018/02/15 10:0 p.m.68 views

CVE-2017-12551

CVE-2017-12551 affects HPE System Management Homepage (SMH) on Windows and Linux prior to version 7.6.1. The vulnerability allows local arbitrary command execution via a crafted request, enabling an attacker with local access to run OS commands with the impact described in the CVSS data (I and A ...

5.6CVSS6.5AI score0.00455EPSS
CVE
CVE
added 2010/09/17 7:0 p.m.67 views

CVE-2010-3012

HP System Management Homepage (SMH) is affected by multiple vulnerabilities prior to version 6.2, including CVE-2010-3012 (XSS) and related issues. The SMH component’s self-reported pre-6.2 builds are susceptible to remote injection of script/HTML via unspecified vectors, and multiple CVEs are re...

4.3CVSS5.6AI score0.01728EPSS
CVE
CVE
added 2016/03/18 10:0 a.m.67 views

CVE-2016-1996

Product & impact: HP System Management Homepage (SMH) prior to version 7.5.4 is affected by CVE-2016-1996. What’s affected: SMH component prior to 7.5.4 (

7.7CVSS7.5AI score0.00542EPSS
CVE
CVE
added 2018/02/15 10:0 p.m.67 views

CVE-2017-12549

CVE-2017-12549: A local authentication bypass in Hewlett Packard Enterprise System Management Homepage (SMH) for Windows and Linux prior to v7.6.1. The vulnerability could allow an attacker with local access to bypass authentication and obtain full confidentiality and integrity of the SMH interfa...

5.6CVSS6.4AI score0.00316EPSS
CVE
CVE
added 2018/02/15 10:0 p.m.65 views

CVE-2017-12545

HP System Management Homepage (SMH) for Windows and Linux, prior to version 7.6.1, has a remote denial-of-service vulnerability (CVE-2017-12545). The issue is network-exploitable with no authentication and can impact availability (CVSS v3 base 7.5). The root cause and exact exploit details are no...

7.8CVSS7.4AI score0.06693EPSS
CVE
CVE
added 2012/04/18 10:0 a.m.64 views

CVE-2012-1993

HP System Management Homepage (SMH) prior to version 7.0 is affected by an unspecified vulnerability that allows local users to modify data or obtain sensitive information via unknown vectors. The public material provided does not specify the root cause, exact vulnerable components, affected vers...

3.2CVSS5.9AI score0.00335EPSS
CVE
CVE
added 2013/07/19 6:0 p.m.64 views

CVE-2013-2358

HP System Management Homepage (SMH) before 7.2.1 is vulnerable to remote Denial of Service by authenticated users (product: SMH; version

4CVSS6.1AI score0.0185EPSS
CVE
CVE
added 2016/03/18 10:0 a.m.64 views

CVE-2016-1994

CVE-2016-1994 affects HP System Management Homepage (SMH) prior to version 7.5.4. The vulnerability enables remote authenticated users to obtain sensitive information via unspecified vectors, with CVSS indicating at least a partial confidentiality impact (NVD: CVSS2/3 base scores: 4.0/6.5). No sp...

6.5CVSS6.4AI score0.01917EPSS
CVE
CVE
added 2016/05/14 3:0 p.m.64 views

CVE-2016-2015

CVE-2016-2015 – HP/HPE System Management Homepage (SMH) affects SMH prior to version 7.5.5. The vulnerability allows a local attacker to obtain sensitive information or modify data via unspecified vectors. Vulnerability details show a local access requirement with medium to high impact on confide...

7.1CVSS6.7AI score0.00486EPSS
CVE
CVE
added 2013/09/23 10:0 a.m.63 views

CVE-2013-4821

CVE-2013-4821 affects HP System Management Homepage (SMH) prior to 7.2.1. It allows remote authenticated users to cause a denial of service via unspecified vectors. Public sources (NVD, Red Hat, CERT) describe a remote DoS impact with the HP Security Bulletin confirming a fix in SMH 7.2.1 (Window...

4CVSS6.2AI score0.01946EPSS
CVE
CVE
added 2012/04/18 10:0 a.m.62 views

CVE-2012-0135

HP System Management Homepage (SMH) prior to version 7.0 is affected by an unspecified vulnerability that allows remote authenticated users to cause a denial of service via unknown vectors. The CVE entry is consistently described across sources as affecting SMH before 7.0, with a LOW CVSS v2 base...

3.5CVSS6.3AI score0.01908EPSS
CVE
CVE
added 2014/10/02 12:0 a.m.62 views

CVE-2014-2640

HP System Management Homepage (SMH) is affected by CVE-2014-2640, a cross-site scripting (XSS) vulnerability in SMH before version 7.4. The issue is tied to input handling of the RedirectUrl parameter in red2301.html, enabling remote attackers to inject arbitrary script via specially crafted link...

4.3CVSS5.6AI score0.03884EPSS
CVE
CVE
added 2008/07/09 12:0 a.m.61 views

CVE-2008-1663

HP System Management Homepage (SMH) versions 2.1.10 and 2.1.11 on Linux and Windows are vulnerable to cross-site scripting (XSS) via unspecified vectors, allowing remote attackers to inject arbitrary script/HTML. The underlying issue is an XSS vulnerability in SMH that lacks details about input h...

4.3CVSS5.5AI score0.02778EPSS
CVE
CVE
added 2010/02/05 10:13 p.m.61 views

CVE-2009-4185

HP System Management Homepage (SMH) before version 6.0.0.96/6.0.0-95 is vulnerable to a Cross-site scripting (XSS) flaw in the proxy/smhui/getuiinfo handler via the servercert parameter. The issue is addressed in HP’s security bulletin HPSBMA02504, which lists affected platforms (Windows and Linu...

4.3CVSS5.8AI score0.03002EPSS
Web
Total number of security vulnerabilities78