78 matches found
CVE-2016-5387
CVE-2016-5387 affects Apache httpd prior to 2.4.25, where RFC 3875 compliance allows untrusted HTTP_PROXY data to influence outbound proxy selection via a crafted Proxy header (the httpoxy issue). Public docs indicate the issue arises from the HTTP_PROXY environment variable being exposed to appl...
CVE-2015-8651
CVE-2015-8651 is an Adobe Flash Player vulnerability described as an integer overflow that enables remote code execution. The initial entry lists affected Flash Player versions on Windows, OS X, and Linux, and notes exploitation to run arbitrary code via unspecified vectors. Connected sources con...
CVE-2015-3113
CVE-2015-3113 is a heap-based buffer overflow in Adobe Flash Player affecting Windows/macOS Flash parsing of FLV data, exploited in the wild in June 2015. Affected versions: Flash Player before 13.0.0.296, and 14.x up to 18.x before 18.0.0.194 on Windows/macOS; before 11.2.202.468 on Linux. The f...
CVE-2016-5385
CVE-2016-5385 affects PHP up to 7.0.8, where PHP did not protect against the HTTP_PROXY namespace clash, potentially allowing a remote attacker to redirect a script’s outbound HTTP traffic to an attacker‑controlled proxy via a crafted Proxy header. Public analyses reference CGI/CGI‑like environme...
CVE-2016-5388
The CVE-2016-5388 issue affects Apache Tomcat (CGI Servlet enabled) where Proxy header handling exposes HTTP_PROXY data to CGI scripts, enabling redirection of outbound requests to a attacker-controlled proxy (httpoxy). Public advisories across multiple distributions confirm Tomcat 7.x up to 7.0....
CVE-2016-4543
CVE-2016-4543 affects PHP’s exif.c in the Exif extension: the exif_process_IFD_in_JPEG function does not validate IFD sizes, allowing remote crafted headers to trigger out-of-bounds reads and potential DoS. Affected are PHP releases before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6. Mitiga...
CVE-2015-4024
The CVE-2015-4024 entry describes an algorithmic complexity DoS in PHP’s multipart HTTP POST handling (multipart_buffer_headers in main/rfc1867.c). Attackers can cause high CPU usage with specially crafted form data, affecting PHP versions prior to 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5....
CVE-2011-1541
HP System Management Homepage (SMH) for Linux/Windows is affected by an unspecified vulnerability in SMH before version 6.3 that could allow remote attackers to bypass access restrictions and execute arbitrary code via unknown vectors. This CVE-2011-1541 entry is corroborated by multiple sources ...
CVE-2015-3143
The connected documents provide concrete details for CVE-2015-3143: in curl and libcurl, versions 7.10.6 through 7.41.0 failed to properly re-use NTLM connections, enabling a remote attacker to connect as another user via an unauthenticated request (NTLM/Negotiate authentication interaction). Thi...
CVE-2015-3148
CVE-2015-3148 affects curl and libcurl (versions 7.10.6 through 7.41.0). The issue is improper reuse of authenticated Negotiate connections, which could allow a remote attacker to perform requests as another user by manipulating a connection during a request. The connected sources corroborate the...
CVE-2013-2362
HP System Management Homepage (SMH) CVE-2013-2362 describes a stack buffer overflow in the iprange parameter handling (proxy/DataValidation) that allows a remote, unauthenticated attacker to execute arbitrary code on Windows targets as SYSTEM. The vulnerability is associated with ZDI-1676 and aff...
CVE-2016-1995
HP System Management Homepage (SMH) is affected prior to version 7.5.4. The OpenVAS/Nessus entries indicate an unspecified remote code execution vulnerability that can allow a remote attacker to take control of the system. No detailed exploit vectors or root-cause are provided in the connected do...
CVE-2015-3145
CVE-2015-3145 affects curl/libcurl 7.31.0 through 7.41.0. The sanitize_cookie_path function can miscompute an index, enabling a remote attacker to cause a denial of service via an out-of-bounds write when the cookie path consists only of a double-quote character. Connected sources corroborate the...
CVE-2015-3237
The CVE-2015-3237 issue affects curl/libcurl 7.40.0–7.42.1. In the smb_request_state() handler, two length and offset values parsed from network data are used without proper boundary checks, enabling a remote SMB server to read memory contents or trigger a crash. Impacts include information discl...
CVE-2010-1586
HP System Management Homepage (SMH) 2.x.x.x contains an open redirect in red2301.html that can be exploited via the RedirectUrl parameter to send users to arbitrary sites, enabling phishing. The vulnerability is documented as CVE-2010-1586 with a CVSS 2.0 base score of 4.3 (AV:N/AC:M/Au:N/C:N/I:P...
CVE-2012-2012
HP System Management Homepage (SMH) versions before 7.1.1 are affected by CVE-2012-2012 due to the absence of an off autocomplete attribute for unspecified form fields, enabling remote attackers to gain access by abusing an unattended workstation. The vulnerability is documented across multiple s...
CVE-2013-3576
CVE-2013-3576 affects HP System Management Homepage (SMH); ginkgosnmp.inc uses the last URL path segment in an exec call, enabling remote authenticated users to execute arbitrary commands via PATH_INFO (e.g., snmhutil/snmpchp.php.en). Impact: remote code execution with full privileges on the HP S...
CVE-2006-1774
CVE-2006-1774 affects HP System Management Homepage (SMH) version 2.1.3.132 when run on CompaqHTTPServer/9.9 across Windows, Linux, or Tru64 UNIX. The issue arises if Trust by Certificates is not enabled, allowing remote attackers to bypass authentication via a crafted URL. The NVD entry outlines...
CVE-2012-2013
HP System Management Homepage (SMH) is affected by CVE-2012-2013. The vulnerability affects SMH before version 7.1.1, allowing remote attackers to cause a denial of service or potentially obtain sensitive information or modify data via unknown vectors. No concrete exploit details are provided in ...
CVE-2011-1540
CVE-2011-1540 affects HP System Management Homepage (SMH) prior to version 6.3. The issue allows remote authenticated users to execute arbitrary code via unknown vectors, with CVSS v2 base score 9.0 (high) and full impact to confidentiality, integrity, and availability. HP’s security bulletin not...
CVE-2017-12544
CVE-2017-12544 concerns HPE System Management Homepage (SMH) prior to version 7.6.1, where a cross-site scripting (XSS) vulnerability allows an attacker to execute arbitrary script in a user’s browser (in the context of the affected site) and could enable cookie-based credential theft. The Nuclei...
CVE-2012-2015
Technical details (affected versions, root cause, exploit specifics) are not publicly provided in the supplied documents. Monitor for updates.
CVE-2010-3283
HP System Management Homepage (SMH) is affected by an open redirect vulnerability (CVE-2010-3283) present in SMH versions prior to 6.2. An attacker can redirect users to arbitrary sites, enabling phishing-like scenarios via unspecified vectors. The issue is documented across multiple sources, inc...
CVE-2010-3284
HP System Management Homepage (SMH) before version 6.2 is affected by a remote information-disclosure vulnerability (CVE-2010-3284). HP’s security bulletin HPSBMA02578 and Red Hat advisory confirm the impact and that upgrading to SMH 6.2 or later mitigates/remediates the issue. The CVSS 2.0 base ...
CVE-2017-12548
CVE-2017-12548 affects HPE System Management Homepage (SMH) on Windows and Linux before version 7.6.1. The issue is a local arbitrary command execution vulnerability that can be exploited by an attacker with local access and sufficient privileges to run arbitrary OS commands within SMH. According...
CVE-2017-12553
CVE-2017-12553 is a local authentication bypass vulnerability in the HP System Management Homepage (SMH) for Windows and Linux, affecting versions prior to 7.6.1. The underlying issue allows an attacker with local access to bypass authentication and gain unauthorized access via the SMH web interf...
CVE-2010-3009
HP System Management Homepage (SMH) for Linux 6.0/6.1 contains an unspecified vulnerability that could allow remote authenticated users to disclose sensitive information and potentially gain root privileges via unknown vectors. HP’s security bulletin HPSBMA02566/SSRT100045 rev.1 notes only 6.0/6....
CVE-2014-2641
HP System Management Homepage (SMH) is affected by CVE-2014-2641: a CSRF vulnerability in SMH before version 7.4 allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors. The issue is documented across multiple feeds, with the vulnerability stemmin...
CVE-2014-2642
CVE-2014-2642 applies to HP System Management Homepage (SMH) prior to version 7.4, with a clickjacking vulnerability described in multiple sources (HP Security Bulletin HPSBMU03112 rev.1 and related CVE mappings). The connected documents confirm the affected product and the specific issue (clickj...
CVE-2009-1418
CVE-2009-1418 affects HP System Management Homepage (SMH) prior to version 3.0.1.73. The vulnerability is a remote cross-site scripting (XSS) flaw allowing injection of arbitrary script/HTML via unspecified vectors in SMH’s web interface. Affected platforms include SMH running on Linux and Window...
CVE-2017-12546
HP System Management Homepage (SMH) before version 7.6.1 is affected by a local buffer overflow vulnerability in its web interface. The issue can allow arbitrary code execution or a denial of service when an attacker logs in to the affected system. Remediation: upgrade SMH to version 7.6.1 or new...
CVE-2010-1034
HP System Management Homepage (SMH) vulnerable: Windows versions prior to 6.0.0.96 and Linux x86/AMD64 prior to 6.0.0-95 are affected by CVE-2010-1034. An unspecified remote-authenticated attacker can obtain sensitive data, modify data, or cause a DoS via unknown vectors. Remediation per HP bulle...
CVE-2013-2364
CVE-2013-2364 is an XSS flaw in HP System Management Homepage (SMH) prior to v7.2.1. Remote authenticated users could inject arbitrary web scripts via unspecified vectors, potentially impacting confidentiality and integrity of SMH sessions. Public records consistently cite SMH
CVE-2012-2014
HP System Management Homepage (SMH) before 7.1.1 has an input validation issue that can be exploited by remote authenticated users to impact confidentiality, integrity, and availability via unknown vectors. The vulnerability is documented under CVE-2012-2014 and is referenced in Red Hat and OpenV...
CVE-2013-2357
HP System Management Homepage (SMH) vulnerability CVE-2013-2357 affects SMH prior to version 7.2.1. The issue allows remote authenticated users to cause a Denial of Service via unknown vectors (as part of a set including CVE-2013-2358/2359/2360). HP’s security bulletin notes remediation by upgrad...
CVE-2013-2356
HP System Management Homepage (SMH) before 7.2.1 is vulnerable to remote information disclosure via unspecified vectors. The security bulletin notes SMH v7.2.0 and earlier on Linux/Windows and lists an upgrade to SMH 7.2.1 or later as the fix. Affected component: HP SMH; root cause details are no...
CVE-2017-12551
CVE-2017-12551 affects HPE System Management Homepage (SMH) on Windows and Linux prior to version 7.6.1. The vulnerability allows local arbitrary command execution via a crafted request, enabling an attacker with local access to run OS commands with the impact described in the CVSS data (I and A ...
CVE-2010-3012
HP System Management Homepage (SMH) is affected by multiple vulnerabilities prior to version 6.2, including CVE-2010-3012 (XSS) and related issues. The SMH component’s self-reported pre-6.2 builds are susceptible to remote injection of script/HTML via unspecified vectors, and multiple CVEs are re...
CVE-2016-1996
Product & impact: HP System Management Homepage (SMH) prior to version 7.5.4 is affected by CVE-2016-1996. What’s affected: SMH component prior to 7.5.4 (
CVE-2017-12549
CVE-2017-12549: A local authentication bypass in Hewlett Packard Enterprise System Management Homepage (SMH) for Windows and Linux prior to v7.6.1. The vulnerability could allow an attacker with local access to bypass authentication and obtain full confidentiality and integrity of the SMH interfa...
CVE-2017-12545
HP System Management Homepage (SMH) for Windows and Linux, prior to version 7.6.1, has a remote denial-of-service vulnerability (CVE-2017-12545). The issue is network-exploitable with no authentication and can impact availability (CVSS v3 base 7.5). The root cause and exact exploit details are no...
CVE-2012-1993
HP System Management Homepage (SMH) prior to version 7.0 is affected by an unspecified vulnerability that allows local users to modify data or obtain sensitive information via unknown vectors. The public material provided does not specify the root cause, exact vulnerable components, affected vers...
CVE-2013-2358
HP System Management Homepage (SMH) before 7.2.1 is vulnerable to remote Denial of Service by authenticated users (product: SMH; version
CVE-2016-1994
CVE-2016-1994 affects HP System Management Homepage (SMH) prior to version 7.5.4. The vulnerability enables remote authenticated users to obtain sensitive information via unspecified vectors, with CVSS indicating at least a partial confidentiality impact (NVD: CVSS2/3 base scores: 4.0/6.5). No sp...
CVE-2016-2015
CVE-2016-2015 – HP/HPE System Management Homepage (SMH) affects SMH prior to version 7.5.5. The vulnerability allows a local attacker to obtain sensitive information or modify data via unspecified vectors. Vulnerability details show a local access requirement with medium to high impact on confide...
CVE-2013-4821
CVE-2013-4821 affects HP System Management Homepage (SMH) prior to 7.2.1. It allows remote authenticated users to cause a denial of service via unspecified vectors. Public sources (NVD, Red Hat, CERT) describe a remote DoS impact with the HP Security Bulletin confirming a fix in SMH 7.2.1 (Window...
CVE-2012-0135
HP System Management Homepage (SMH) prior to version 7.0 is affected by an unspecified vulnerability that allows remote authenticated users to cause a denial of service via unknown vectors. The CVE entry is consistently described across sources as affecting SMH before 7.0, with a LOW CVSS v2 base...
CVE-2014-2640
HP System Management Homepage (SMH) is affected by CVE-2014-2640, a cross-site scripting (XSS) vulnerability in SMH before version 7.4. The issue is tied to input handling of the RedirectUrl parameter in red2301.html, enabling remote attackers to inject arbitrary script via specially crafted link...
CVE-2008-1663
HP System Management Homepage (SMH) versions 2.1.10 and 2.1.11 on Linux and Windows are vulnerable to cross-site scripting (XSS) via unspecified vectors, allowing remote attackers to inject arbitrary script/HTML. The underlying issue is an XSS vulnerability in SMH that lacks details about input h...
CVE-2009-4185
HP System Management Homepage (SMH) before version 6.0.0.96/6.0.0-95 is vulnerable to a Cross-site scripting (XSS) flaw in the proxy/smhui/getuiinfo handler via the servercert parameter. The issue is addressed in HP’s security bulletin HPSBMA02504, which lists affected platforms (Windows and Linu...