The GetInstalledPackages function in the configuration tool in HP Application Lifestyle Management (ALM) 11 on AIX, HP-UX, and Solaris allows local users to gain privileges via (1) a Trojan horse /tmp/tmp.txt FIFO or (2) a symlink attack on /tmp/tmp.txt.
Max CVSS
4.6
EPSS Score
0.06%
Published
2011-12-15
Updated
2018-10-09
Unspecified vulnerability in HP Managed Printing Administration before 2.6.4 allows remote attackers to obtain sensitive information, modify data, or cause a denial of service via unknown vectors.
Max CVSS
7.5
EPSS Score
0.54%
Published
2011-12-27
Updated
2019-10-09
Directory traversal vulnerability in hpmpa/jobDelivery/Default.asp in HP Managed Printing Administration before 2.6.4 allows remote attackers to create arbitrary files via crafted form data.
Max CVSS
7.5
EPSS Score
10.83%
Published
2011-12-27
Updated
2019-10-09
Stack-based buffer overflow in MPAUploader.dll in HP Managed Printing Administration before 2.6.4 allows remote attackers to execute arbitrary code via a long filename parameter in an uploadfile action to Default.asp.
Max CVSS
7.5
EPSS Score
8.44%
Published
2011-12-27
Updated
2019-10-09

CVE-2011-4166

Public exploit
Directory traversal vulnerability in the MPAUploader.Uploader.1.UploadFiles method in HP Managed Printing Administration before 2.6.4 allows remote attackers to create arbitrary files via crafted form data.
Max CVSS
7.5
EPSS Score
95.57%
Published
2011-12-27
Updated
2019-10-09
Unspecified vulnerability in HP Database Archiving Software 6.31 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1263.
Max CVSS
10.0
EPSS Score
93.16%
Published
2011-12-29
Updated
2012-02-02
Unspecified vulnerability in HP Database Archiving Software 6.31 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1214.
Max CVSS
10.0
EPSS Score
93.16%
Published
2011-12-29
Updated
2012-02-02
Unspecified vulnerability in HP Database Archiving Software 6.31 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1213.
Max CVSS
10.0
EPSS Score
93.16%
Published
2011-12-29
Updated
2012-02-02
The (1) AddUser, (2) AddUserEx, (3) RemoveUser, (4) RemoveUserByGuide, (5) RemoveUserEx, and (6) RemoveUserRegardless methods in HP Protect Tools Device Access Manager (PTDAM) before 6.1.0.1 allow remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a long SidString argument.
Max CVSS
7.5
EPSS Score
27.45%
Published
2011-12-05
Updated
2017-08-29
The default configuration of the HP CM8060 Color MFP with Edgeline; Color LaserJet 3xxx, 4xxx, 5550, 9500, CMxxxx, CPxxxx, and Enterprise CPxxxx; Digital Sender 9200c and 9250c; LaserJet 4xxx, 5200, 90xx, Mxxxx, and Pxxxx; and LaserJet Enterprise 500 color M551, 600, M4555 MFP, and P3015 enables the Remote Firmware Update (RFU) setting, which allows remote attackers to execute arbitrary code by using a session on TCP port 9100 to upload a crafted firmware update.
Max CVSS
10.0
EPSS Score
27.25%
Published
2011-12-01
Updated
2012-09-18
Unspecified vulnerability in HP Operations Agent 11.00 and Performance Agent 4.73 and 5.0 on AIX, HP-UX, Linux, and Solaris allows local users to bypass intended directory-access restrictions via unknown vectors.
Max CVSS
3.2
EPSS Score
0.04%
Published
2011-11-24
Updated
2012-02-17
Unspecified vulnerability in System Administration Manager (SAM) in EMS before A.04.20.11.04_01 on HP HP-UX B.11.11, B.11.23, and B.11.31 allows local users to gain privileges via unknown vectors.
Max CVSS
6.8
EPSS Score
0.04%
Published
2011-11-19
Updated
2017-09-19
Unspecified vulnerability in HP Directories Support for ProLiant Management Processors 3.10 and 3.20 for Integrated Lights-Out iLO2 and iLO3 allows remote authenticated users to obtain sensitive information via unknown vectors.
Max CVSS
4.0
EPSS Score
0.11%
Published
2011-11-16
Updated
2018-10-09
Stack-based buffer overflow in hydra.exe in HP SAN/iQ before 9.5 on the HP StorageWorks P4000 Virtual SAN Appliance allows remote attackers to execute arbitrary code via a crafted login request.
Max CVSS
10.0
EPSS Score
46.64%
Published
2011-11-16
Updated
2017-08-29
Cross-site scripting (XSS) vulnerability in HP Network Node Manager i (NNMi) 9.0x and 9.1x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2011-4155.
Max CVSS
4.3
EPSS Score
1.21%
Published
2011-11-16
Updated
2012-02-14
Cross-site scripting (XSS) vulnerability in HP Network Node Manager i (NNMi) 9.0x and 9.1x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2011-4156.
Max CVSS
4.3
EPSS Score
1.21%
Published
2011-11-16
Updated
2012-02-14
Unspecified vulnerability in the SMTP service implementation in HP TCP/IP Services 5.6 and 5.7 for OpenVMS allows remote attackers to cause a denial of service via unknown vectors.
Max CVSS
5.0
EPSS Score
0.66%
Published
2011-11-07
Updated
2012-02-15
Unspecified vulnerability in the POP and IMAP service implementations in HP TCP/IP Services 5.6 and 5.7 for OpenVMS allows remote attackers to obtain sensitive information via unknown vectors.
Max CVSS
5.0
EPSS Score
0.20%
Published
2011-11-07
Updated
2012-02-17

CVE-2011-3167

Public exploit
Unspecified vulnerability in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1210.
Max CVSS
10.0
EPSS Score
94.39%
Published
2011-11-02
Updated
2012-02-15
Unspecified vulnerability in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1209.
Max CVSS
10.0
EPSS Score
58.22%
Published
2011-11-02
Updated
2012-02-15
Unspecified vulnerability in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1208.
Max CVSS
10.0
EPSS Score
58.22%
Published
2011-11-02
Updated
2012-02-15
Unspecified vulnerability in HP-UX Containers (formerly HP-UX Secure Resource Partitions (SRP)) A.03.00, A.03.00.002, and A.03.01, when running with patch PHKL_42310, allows local users to gain privileges via unknown vectors.
Max CVSS
6.8
EPSS Score
0.04%
Published
2011-11-04
Updated
2017-09-19
HP MFP Digital Sending Software 4.9x through 4.91.21 allows local users to obtain sensitive workflow-metadata information via unspecified vectors.
Max CVSS
1.2
EPSS Score
0.04%
Published
2011-10-23
Updated
2012-02-14
Unspecified vulnerability in HP Data Protector Notebook Extension 6.20 and Data Protector for Personal Computers 7.0 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1296.
Max CVSS
10.0
EPSS Score
93.21%
Published
2011-10-19
Updated
2016-11-22
Unspecified vulnerability in HP Data Protector Notebook Extension 6.20 and Data Protector for Personal Computers 7.0 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1229.
Max CVSS
10.0
EPSS Score
93.21%
Published
2011-10-19
Updated
2016-11-22
143 vulnerabilities found
1 2 3 4 5 6
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!