Unspecified vulnerability in SharedX in HP-UX B.11.00, B.11.11, and B.11.22 allows local users to access unspecified files or cause a denial of service via unknown vectors related to handling of "files in a potentially insecure manner."
Max CVSS
5.6
EPSS Score
0.04%
Published
2004-12-31
Updated
2017-07-29
HP-UX B.11.00 and B.11.11 with B6848AB GTK+ Support Libraries installed uses insecure directory permissions, which allows local users to gain privileges via files in /opt/gnome/src/GLib/.
Max CVSS
7.2
EPSS Score
0.04%
Published
2004-12-31
Updated
2017-10-11
Unspecified vulnerability in HP Tru64 UNIX 5.1B PK2(BL22) and PK3(BL24), and 5.1A PK6(BL24), when using IPsec/IKE (Internet Key Exchange) with Certificates, allows remote attackers to gain privileges via unknown attack vectors.
Max CVSS
5.1
EPSS Score
1.65%
Published
2004-12-31
Updated
2017-07-29
Unspecified vulnerability in the Address and Routing Parameter Area (ARPA) transport software in HP-UX B.11.00, B.11.04, and B.11.11 before 20040628 allows local users to cause a denial of service via unspecified vectors.
Max CVSS
4.9
EPSS Score
0.04%
Published
2004-12-31
Updated
2017-10-11
The firmware for Intelligent Platform Management Interface (IPMI) 1.5-based Intel Server Boards and Platforms is shipped with an Authentication Type Enables parameter set to an invalid None parameter, which allows remote attackers to obtain sensitive information when LAN management functionality is enabled.
Max CVSS
5.0
EPSS Score
1.05%
Published
2004-12-31
Updated
2017-07-11
The remote upgrade capability in HP LaserJet 4200 and 4300 printers does not require a password, which allows remote attackers to upgrade firmware.
Max CVSS
5.0
EPSS Score
0.72%
Published
2004-12-31
Updated
2017-07-11
Directory traversal vulnerability in setinfo.hts in HP Web Jetadmin 7.5.2546 allows remote authenticated attackers to read arbitrary files via a .. (dot dot) in the setinclude parameter.
Max CVSS
2.1
EPSS Score
92.35%
Published
2004-03-24
Updated
2017-07-11
devices_update_printer_fw_upload.hts in HP Web JetAdmin 7.5.2546, when no password is set, allows remote attackers to upload arbitrary files to the printer directory.
Max CVSS
5.0
EPSS Score
89.80%
Published
2004-03-24
Updated
2017-07-11
The SSL HTTP Server in HP Web-enabled Management Software 5.0 through 5.92, with anonymous access enabled, allows remote attackers to compromise the trusted certificates by uploading their own certificates.
Max CVSS
7.5
EPSS Score
2.76%
Published
2004-12-31
Updated
2017-07-11
Buffer overflow in CDE libDtSvc on HP-UX B.11.00, B.11.04, B.11.11, and B.11.22 allows local users to gain root privileges via unknown vectors.
Max CVSS
7.2
EPSS Score
0.04%
Published
2004-01-14
Updated
2017-10-11
Unknown vulnerability in HP Process Resource Manager (PRM) C.02.01[.01] and earlier, as used by HP-UX Workload Manager (WLM), allows local users to corrupt data files.
Max CVSS
2.1
EPSS Score
0.04%
Published
2004-08-10
Updated
2017-07-11
Unknown vulnerability in the management station in HP StorageWorks Command View XP 1.8B and earlier allows remote attackers to bypass access restrictions.
Max CVSS
7.5
EPSS Score
0.98%
Published
2004-12-31
Updated
2017-07-11
Unknown vulnerability in System Administration Manager (SAM) in HP-UX B.11.00, B.11.11, B.11.22, and B.11.23 allows local users to gain privileges.
Max CVSS
4.6
EPSS Score
0.04%
Published
2004-12-23
Updated
2017-10-11
Stack-based buffer overflow in the FTP daemon in HP-UX 11.11i, with the -v (debug) option enabled, allows remote attackers to execute arbitrary code via a long command request.
Max CVSS
7.5
EPSS Score
25.50%
Published
2004-12-31
Updated
2017-10-11
Unknown vulnerability in newgrp in HP-UX B.11.00, B.11.04, and B.11.11 allows local users to gain elevated privileges.
Max CVSS
7.2
EPSS Score
0.04%
Published
2004-12-31
Updated
2017-10-11
mod_digest_apple for Apache 1.3.31 and 1.3.32 on Mac OS X Server does not properly verify the nonce of a client response, which allows remote attackers to replay credentials.
Max CVSS
7.5
EPSS Score
0.26%
Published
2004-02-03
Updated
2018-10-30
HP-UX B.11.00 through B.11.23, when running Ignite-UX and using the add_new_client command, causes the TFTP server to set world-writable permissions on part of the directory tree, which allows remote attackers to modify data or cause disk consumption.
Max CVSS
6.4
EPSS Score
4.02%
Published
2004-12-31
Updated
2017-10-11
The make_recovery command for the TFTP server in HP Ignite-UX before C.6.2.241 makes a copy of the password file in the TFTP directory tree, which allows remote attackers to obtain sensitive information.
Max CVSS
7.5
EPSS Score
3.66%
Published
2004-12-31
Updated
2018-10-30
Heap-based buffer overflow in Netscape Network Security Services (NSS) library allows remote attackers to execute arbitrary code via a modified record length field in an SSLv2 client hello message.
Max CVSS
7.5
EPSS Score
1.80%
Published
2004-12-31
Updated
2017-07-11
The mod_dav module in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (child process crash) via a certain sequence of LOCK requests for a location that allows WebDAV authoring access.
Max CVSS
5.0
EPSS Score
0.88%
Published
2004-09-16
Updated
2022-09-23
Buffer overflow in the DCE daemon (DCED) for the DCE endpoint mapper (epmap) on HP-UX 11 allows remote attackers to execute arbitrary code via a request with a small fragment length and a large amount of data.
Max CVSS
10.0
EPSS Score
4.30%
Published
2004-08-06
Updated
2008-10-24
HP OpenView Select Access 5.0 through 6.0 does not correctly decode UTF-8 encoded unicode characters in a URL, which could allow remote attackers to bypass access restrictions.
Max CVSS
7.5
EPSS Score
1.10%
Published
2004-07-27
Updated
2017-07-11
Integer overflow in the NTP daemon (NTPd) before 4.0 causes the NTP server to return the wrong date/time offset when a client requests a date/time that is more than 34 years away from the server's time.
Max CVSS
5.0
EPSS Score
0.19%
Published
2004-08-06
Updated
2020-06-18
The memory_limit functionality in PHP 4.x up to 4.3.7, and 5.x up to 5.0.0RC3, under certain conditions such as when register_globals is enabled, allows remote attackers to execute arbitrary code by triggering a memory_limit abort during execution of the zend_hash_init function and overwriting a HashTable destructor pointer before the initialization of key data structures is complete.
Max CVSS
5.1
EPSS Score
61.34%
Published
2004-07-27
Updated
2024-02-15
HP Integrated Lights-Out (iLO) 1.10 and other versions before 1.55 allows remote attackers to cause a denial of service (hang) by accessing iLO using the TCP/IP reserved port zero.
Max CVSS
5.0
EPSS Score
0.90%
Published
2004-08-06
Updated
2018-10-30
29 vulnerabilities found
1 2
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!