Hp System Management Homepage — known CVE vulnerabilities
Every CVE whose affected-product data names Hp System Management Homepage, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (78)
CVE-2011-1541 — CVSS 10.0 (critical): Unspecified vulnerability in HP System Management Homepage (SMH) before 6.3 allows remote attackers to bypass intended access restrictions…
CVE-2012-2012 — CVSS 10.0 (critical): HP System Management Homepage (SMH) before 7.1.1 does not have an off autocomplete attribute for unspecified form fields, which makes it…
CVE-2016-4543 — CVSS 9.8 (critical): The exif_process_IFD_in_JPEG function in ext/exif/exif.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 does not validate…
CVE-2016-1995 — CVSS 9.8 (critical): HPE System Management Homepage before 7.5.4 allows remote attackers to execute arbitrary code via unspecified vectors.
CVE-2012-2014 — CVSS 9.0 (critical): HP System Management Homepage (SMH) before 7.1.1 does not properly validate input, which allows remote authenticated users to have an…
CVE-2013-3576 — CVSS 9.0 (critical): ginkgosnmp.inc in HP System Management Homepage (SMH) allows remote authenticated users to execute arbitrary commands via shell…
CVE-2011-1540 — CVSS 9.0 (critical): Unspecified vulnerability in HP System Management Homepage (SMH) before 6.3 allows remote authenticated users to execute arbitrary code via…
CVE-2007-3260 — CVSS 9.0 (critical): HP System Management Homepage (SMH) before 2.1.9 for Linux, when used with Novell eDirectory, assigns the eDirectory members to the root…
CVE-2010-3009 — CVSS 9.0 (critical): Unspecified vulnerability in HP System Management Homepage (SMH) for Linux 6.0 and 6.1 allows remote authenticated users to obtain…
CVE-2012-2015 — CVSS 9.0 (critical): Unspecified vulnerability in HP System Management Homepage (SMH) before 7.1.1 allows remote authenticated users to gain privileges and…
CVE-2016-5387 — CVSS 8.1 (high): The Apache HTTP Server through 2.4.23 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of…
CVE-2016-5388 — CVSS 8.1 (high): Apache Tomcat 7.x through 7.0.70 and 8.x through 8.5.4, when the CGI Servlet is enabled, follows RFC 3875 section 4.1.18 and therefore does…
CVE-2016-1993 — CVSS 8.1 (high): HPE System Management Homepage before 7.5.4 allows remote authenticated users to obtain sensitive information or modify data via…
CVE-2016-5385 — CVSS 8.1 (high): PHP through 7.0.8 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect applications from…
CVE-2016-1996 — CVSS 7.7 (high): HPE System Management Homepage before 7.5.4 allows local users to obtain sensitive information or modify data via unspecified vectors.
CVE-2015-3145 — CVSS 7.5 (high): The sanitize_cookie_path function in cURL and libcurl 7.31.0 through 7.41.0 does not properly calculate an index, which allows remote…
CVE-2006-1774 — CVSS 7.5 (high): HP System Management Homepage (SMH) 2.1.3.132, when running on CompaqHTTPServer/9.9 on Windows, Linux, or Tru64 UNIX, and when "Trust by…
CVE-2017-12545 — CVSS 7.5 (high): A remote denial of service vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was found.
CVE-2012-2013 — CVSS 7.5 (high): Unspecified vulnerability in HP System Management Homepage (SMH) before 7.1.1 allows remote attackers to cause a denial of service, or…
CVE-2016-4396 — CVSS 7.5 (high): HPE System Management Homepage before v7.6 allows remote attackers to have an unspecified impact via unknown vectors, related to a "Buffer…
CVE-2016-4395 — CVSS 7.5 (high): HPE System Management Homepage before v7.6 allows remote attackers to have an unspecified impact via unknown vectors, related to a "Buffer…
CVE-2023-50271 — CVSS 7.2 (high): A potential security vulnerability has been identified with HP-UX System Management Homepage (SMH). This vulnerability could be exploited…
CVE-2016-2015 — CVSS 7.1 (high): HPE System Management Homepage before 7.5.5 allows local users to obtain sensitive information or modify data via unspecified vectors.
CVE-2013-6188 — CVSS 6.8 (medium): Cross-site request forgery (CSRF) vulnerability in HP System Management Homepage (SMH) 7.1 through 7.2.2 allows remote attackers to hijack…
CVE-2011-3846 — CVSS 6.8 (medium): Cross-site request forgery (CSRF) vulnerability in HP System Management Homepage (SMH) 6.2.2.7 allows remote attackers to hijack the…
CVE-2014-7874 — CVSS 6.8 (medium): Cross-site request forgery (CSRF) vulnerability in HP System Management Homepage (SMH) before 3.2.3 on HP-UX B.11.23, and before 3.2.8 on…
CVE-2016-4394 — CVSS 6.5 (medium): HPE System Management Homepage before v7.6 allows remote attackers to obtain sensitive information via unspecified vectors, related to an…
CVE-2016-1994 — CVSS 6.5 (medium): HPE System Management Homepage before 7.5.4 allows remote authenticated users to obtain sensitive information via unspecified vectors.
CVE-2015-3237 — CVSS 6.4 (medium): The smb_request_state function in cURL and libcurl 7.40.0 through 7.42.1 allows remote SMB servers to obtain sensitive information from…
CVE-2008-4413 — CVSS 6.2 (medium): Unspecified vulnerability in HP System Management Homepage (SMH) 2.2.6 and earlier on HP-UX B.11.11 and B.11.23, and SMH 2.2.6 and 2.2.8…
CVE-2015-2134 — CVSS 6.0 (medium): Cross-site request forgery (CSRF) vulnerability in HP System Management Homepage (SMH) before 7.5.0 allows remote authenticated users to…
CVE-2014-2641 — CVSS 6.0 (medium): Cross-site request forgery (CSRF) vulnerability in HP System Management Homepage (SMH) before 7.4 allows remote authenticated users to…
CVE-2017-12553 — CVSS 5.6 (medium): A local authentication bypass vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was found.
CVE-2017-12546 — CVSS 5.6 (medium): A local buffer overflow vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was found.
CVE-2017-12549 — CVSS 5.6 (medium): A local authentication bypass vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was found.
CVE-2017-12552 — CVSS 5.6 (medium): A local arbitrary execution of commands vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was…
CVE-2017-12547 — CVSS 5.6 (medium): A local arbitrary command execution vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was found.
CVE-2017-12550 — CVSS 5.6 (medium): A local security misconfiguration vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was found.
CVE-2017-12548 — CVSS 5.6 (medium): A local arbitrary command execution vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was found.
CVE-2017-12551 — CVSS 5.6 (medium): A local arbitrary execution of commands vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was…
CVE-2016-4393 — CVSS 5.4 (medium): HPE System Management Homepage before v7.6 allows "remote authenticated" attackers to obtain sensitive information via unspecified vectors…
CVE-2017-12544 — CVSS 5.4 (medium): A cross-site scripting vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was found.
CVE-2006-1023 — CVSS 5.0 (medium): Directory traversal vulnerability in HP System Management Homepage (SMH) 2.0.0 through 2.1.4 on Windows allows remote attackers to access…
CVE-2010-3011 — CVSS 5.0 (medium): CRLF injection vulnerability in HP System Management Homepage (SMH) before 6.2 allows remote attackers to inject arbitrary HTTP headers and…
CVE-2012-5217 — CVSS 5.0 (medium): HP System Management Homepage (SMH) before 7.2.1 allows remote attackers to bypass intended access restrictions and obtain sensitive…
CVE-2013-2355 — CVSS 5.0 (medium): HP System Management Homepage (SMH) before 7.2.1 allows remote attackers to bypass intended access restrictions and obtain sensitive…
CVE-2013-2356 — CVSS 5.0 (medium): HP System Management Homepage (SMH) before 7.2.1 allows remote attackers to obtain sensitive information via unspecified vectors, a…
CVE-2013-2363 — CVSS 5.0 (medium): HP System Management Homepage (SMH) before 7.2.1 allows remote attackers to obtain sensitive information via unspecified vectors, a…
CVE-2013-4846 — CVSS 5.0 (medium): Unspecified vulnerability in HP System Management Homepage (SMH) before 7.3 allows remote attackers to obtain sensitive information via…
CVE-2015-3143 — CVSS 5.0 (medium): cURL and libcurl 7.10.6 through 7.41.0 does not properly re-use NTLM connections, which allows remote attackers to connect as other users…
CVE-2015-3148 — CVSS 5.0 (medium): cURL and libcurl 7.10.6 through 7.41.0 do not properly re-use authenticated Negotiate connections, which allows remote attackers to connect…
CVE-2015-4024 — CVSS 5.0 (medium): Algorithmic complexity vulnerability in the multipart_buffer_headers function in main/rfc1867.c in PHP before 5.4.41, 5.5.x before 5.5.25…
CVE-2012-2016 — CVSS 4.9 (medium): Unspecified vulnerability in HP System Management Homepage (SMH) before 7.1.1 allows local users to obtain sensitive information via…
CVE-2010-1034 — CVSS 4.6 (medium): Unspecified vulnerability in HP System Management Homepage (SMH) 6.0 before 6.0.0-95 on Linux, and 6.0 before 6.0.0.96 on Windows, allows…
CVE-2014-2642 — CVSS 4.3 (medium): HP System Management Homepage (SMH) before 7.4 allows remote attackers to conduct clickjacking attacks via unspecified vectors.
CVE-2014-2640 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in HP System Management Homepage (SMH) before 7.4 allows remote attackers to inject arbitrary web…
CVE-2013-2361 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in HP System Management Homepage (SMH) before 7.2.1 allows remote attackers to inject arbitrary…
CVE-2010-3284 — CVSS 4.3 (medium): Unspecified vulnerability in HP System Management Homepage (SMH) before 6.2 allows remote attackers to obtain sensitive information via…
CVE-2010-3283 — CVSS 4.3 (medium): Open redirect vulnerability in HP System Management Homepage (SMH) before 6.2 allows remote attackers to redirect users to arbitrary web…
CVE-2010-3012 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in HP System Management Homepage (SMH) before 6.2 allows remote attackers to inject arbitrary web…
CVE-2010-1586 — CVSS 4.3 (medium): Open redirect vulnerability in red2301.html in HP System Management Homepage (SMH) 2.x.x.x allows remote attackers to redirect users to…
CVE-2009-4185 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in proxy/smhui/getuiinfo in HP System Management Homepage (SMH) before 6.0 allows remote attackers…
CVE-2009-1418 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in HP System Management Homepage (SMH) before 3.0.1.73 allows remote attackers to inject arbitrary…
CVE-2008-4411 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in HP System Management Homepage (SMH) before 2.1.15.210 on Linux and Windows allows remote…
CVE-2008-1663 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in HP System Management Homepage (SMH) 2.1.10 and 2.1.11 on Linux and Windows allows remote…
CVE-2007-3062 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in HP System Management Homepage (SMH) before 2.1.2 running on Linux and Windows allows remote…
CVE-2013-4821 — CVSS 4.0 (medium): Unspecified vulnerability in HP System Management Homepage (SMH) before 7.2.1 allows remote authenticated users to cause a denial of…
CVE-2013-2360 — CVSS 4.0 (medium): Unspecified vulnerability in HP System Management Homepage (SMH) before 7.2.1 allows remote authenticated users to cause a denial of…
CVE-2013-2359 — CVSS 4.0 (medium): Unspecified vulnerability in HP System Management Homepage (SMH) before 7.2.1 allows remote authenticated users to cause a denial of…
CVE-2013-2358 — CVSS 4.0 (medium): Unspecified vulnerability in HP System Management Homepage (SMH) before 7.2.1 allows remote authenticated users to cause a denial of…
CVE-2013-2357 — CVSS 4.0 (medium): Unspecified vulnerability in HP System Management Homepage (SMH) before 7.2.1 allows remote authenticated users to cause a denial of…
CVE-2013-2364 — CVSS 3.5 (low): Cross-site scripting (XSS) vulnerability in HP System Management Homepage (SMH) before 7.2.1 allows remote authenticated users to inject…
CVE-2012-0135 — CVSS 3.5 (low): Unspecified vulnerability in HP System Management Homepage (SMH) before 7.0 allows remote authenticated users to cause a denial of service…
CVE-2012-1993 — CVSS 3.2 (low): Unspecified vulnerability in HP System Management Homepage (SMH) before 7.0 allows local users to modify data or obtain sensitive…
CVE-2013-2362 — CVSS 2.1 (low): Unspecified vulnerability in HP System Management Homepage (SMH) before 7.2.1 allows local users to cause a denial of service via unknown…
CVE-2007-4931 — CVSS 2.1 (low): HP System Management Homepage (SMH) for Windows, when used in conjunction with HP Version Control Agent or Version Control Repository…