Hp: Security Vulnerabilities
Multiple buffer overflows in a certain ActiveX control in ActiveDom.ocx in HP OpenView Network Node Manager (OV NNM) 7.53 might allow remote attackers to cause a denial of service (memory corruption) or have unspecified other impact via a long string argument to the (1) DisplayName, (2) AddGroup, (3) InstallComponent, or (4) Subscribe method. NOTE: this issue is not a vulnerability in many environments, because the control is not marked as safe for scripting and would not execute with default Internet Explorer settings.
CVSS Score
5.0
EPSS Score
0.019
Published
2009-11-19
Unspecified vulnerability in HP Discovery & Dependency Mapping Inventory (DDMI) 2.5x, 7.5x, and 7.60 on Windows allows remote authenticated users to execute arbitrary code via unknown vectors.
CVSS Score
9.0
EPSS Score
0.004
Published
2009-11-17
Unspecified vulnerability in Open System Services (OSS) Name Server on HP NonStop G06.27, G06.28, G06.29, G06.30, H06.06, H06.07, H06.08, and J06.03 allows remote attackers to obtain sensitive information via unknown vectors.
CVSS Score
4.0
EPSS Score
0.003
Published
2009-11-13
Stack-based buffer overflow in the login form in the management web server in HP Power Manager allows remote attackers to execute arbitrary code via the Login variable.
CVSS Score
10.0
EPSS Score
0.767
Published
2009-11-06
Multiple cross-site scripting (XSS) vulnerabilities in Jetdirect and the Embedded Web Server (EWS) on certain HP LaserJet and Color LaserJet printers, and HP Digital Senders, allow remote attackers to inject arbitrary web script or HTML via the (1) Product_URL or (2) Tech_URL parameter in an Apply action to the support_param.html/config script.
CVSS Score
4.3
EPSS Score
0.041
Published
2009-10-13
Directory traversal vulnerability in the Persits.XUpload.2 ActiveX control (XUpload.ocx) in HP LoadRunner 9.5 allows remote attackers to create arbitrary files via \.. (backwards slash dot dot) sequences in the third argument to the MakeHttpRequest method.
CVSS Score
9.3
EPSS Score
0.715
Published
2009-10-13
Unspecified vulnerability in bootpd in HP HP-UX B.11.11, B.11.23, and B.11.31 allows remote attackers to cause a denial of service via unknown attack vectors.
CVSS Score
7.8
EPSS Score
0.014
Published
2009-10-05
Unspecified vulnerability in HP ProCurve Identity Driven Manager (IDM) A.02.x through A.02.03 and A.03.x through A.03.00, on Windows Server 2003 with IAS and Windows Server 2008 with NPS, allows local users to gain privileges via unknown vectors.
CVSS Score
6.8
EPSS Score
0.0
Published
2009-09-29
Unspecified vulnerability in the Sender module in HP Remote Graphics Software (RGS) 5.1.3 through 5.2.6 allows remote authenticated users to execute arbitrary code via unknown vectors.
CVSS Score
7.1
EPSS Score
0.003
Published
2009-09-29
Unspecified vulnerability in Role-Based Access Control (RBAC) in HP HP-UX B.11.23 and B.11.31 allows local users to bypass intended access restrictions via unknown vectors.
CVSS Score
7.2
EPSS Score
0.0
Published
2009-09-24