Hp System Management Homepage vulnerabilities

CVE-2016-1995 [CRITICAL] CVE-2016-1995: HPE System Management Homepage before 7.5.4 allows remote attackers to execute arbitrary code via un HPE System Management Homepage before 7.5.4 allows remote attackers to execute arbitrary code via unspecified vectors.

CVE-2016-1993 [HIGH] CVE-2016-1993: HPE System Management Homepage before 7.5.4 allows remote authenticated users to obtain sensitive in HPE System Management Homepage before 7.5.4 allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors.

CVE-2016-1996 [HIGH] CVE-2016-1996: HPE System Management Homepage before 7.5.4 allows local users to obtain sensitive information or mo HPE System Management Homepage before 7.5.4 allows local users to obtain sensitive information or modify data via unspecified vectors.

CVE-2016-1994 [MEDIUM] CWE-200 CVE-2016-1994: HPE System Management Homepage before 7.5.4 allows remote authenticated users to obtain sensitive in HPE System Management Homepage before 7.5.4 allows remote authenticated users to obtain sensitive information via unspecified vectors.

CVE-2015-8651 [HIGH] CWE-190 CVE-2015-8651: Integer overflow in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Wind Integer overflow in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR SDK before 20.0.0.233, and Adobe AIR SDK & Compiler before 20.0.0.233 allows attackers to execute arbitrary code via unspecified vectors.

CVE-2015-2134 [MEDIUM] CWE-352 CVE-2015-2134: Cross-site request forgery (CSRF) vulnerability in HP System Management Homepage (SMH) before 7.5.0 Cross-site request forgery (CSRF) vulnerability in HP System Management Homepage (SMH) before 7.5.0 allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors.

CVE-2015-3113 [CRITICAL] CWE-787 CVE-2015-3113: Heap-based buffer overflow in Adobe Flash Player before 13.0.0.296 and 14.x through 18.x before 18.0 Heap-based buffer overflow in Adobe Flash Player before 13.0.0.296 and 14.x through 18.x before 18.0.0.194 on Windows and OS X and before 11.2.202.468 on Linux allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in June 2015.

CVE-2015-3237 [MEDIUM] CWE-20 CVE-2015-3237: The smb_request_state function in cURL and libcurl 7.40.0 through 7.42.1 allows remote SMB servers t The smb_request_state function in cURL and libcurl 7.40.0 through 7.42.1 allows remote SMB servers to obtain sensitive information from memory or cause a denial of service (out-of-bounds read and crash) via crafted length and offset values.

CVE-2015-4024 [MEDIUM] CWE-399 CVE-2015-4024: Algorithmic complexity vulnerability in the multipart_buffer_headers function in main/rfc1867.c in P Algorithmic complexity vulnerability in the multipart_buffer_headers function in main/rfc1867.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 allows remote attackers to cause a denial of service (CPU consumption) via crafted form data that triggers an improper order-of-growth outcome.

CVE-2015-3145 [HIGH] CWE-119 CVE-2015-3145: The sanitize_cookie_path function in cURL and libcurl 7.31.0 through 7.41.0 does not properly calcul The sanitize_cookie_path function in cURL and libcurl 7.31.0 through 7.41.0 does not properly calculate an index, which allows remote attackers to cause a denial of service (out-of-bounds write and crash) or possibly have other unspecified impact via a cookie path containing only a double-quote character.

CVE-2015-3143 [MEDIUM] CVE-2015-3143: cURL and libcurl 7.10.6 through 7.41.0 does not properly re-use NTLM connections, which allows remot cURL and libcurl 7.10.6 through 7.41.0 does not properly re-use NTLM connections, which allows remote attackers to connect as other users via an unauthenticated request, a similar issue to CVE-2014-0015.

CVE-2015-3148 [MEDIUM] CWE-284 CVE-2015-3148: cURL and libcurl 7.10.6 through 7.41.0 do not properly re-use authenticated Negotiate connections, w cURL and libcurl 7.10.6 through 7.41.0 do not properly re-use authenticated Negotiate connections, which allows remote attackers to connect as other users via a request.

CVE-2014-7874 [MEDIUM] CWE-352 CVE-2014-7874: Cross-site request forgery (CSRF) vulnerability in HP System Management Homepage (SMH) before 3.2.3 Cross-site request forgery (CSRF) vulnerability in HP System Management Homepage (SMH) before 3.2.3 on HP-UX B.11.23, and before 3.2.8 on HP-UX B.11.31, allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.

CVE-2014-2640 [MEDIUM] CWE-79 CVE-2014-2640: Cross-site scripting (XSS) vulnerability in HP System Management Homepage (SMH) before 7.4 allows re Cross-site scripting (XSS) vulnerability in HP System Management Homepage (SMH) before 7.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVE-2014-2641 [MEDIUM] CWE-352 CVE-2014-2641: Cross-site request forgery (CSRF) vulnerability in HP System Management Homepage (SMH) before 7.4 al Cross-site request forgery (CSRF) vulnerability in HP System Management Homepage (SMH) before 7.4 allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors.

CVE-2014-2642 [MEDIUM] CWE-20 CVE-2014-2642: HP System Management Homepage (SMH) before 7.4 allows remote attackers to conduct clickjacking attac HP System Management Homepage (SMH) before 7.4 allows remote attackers to conduct clickjacking attacks via unspecified vectors.

CVE-2013-6188 [MEDIUM] CWE-352 CVE-2013-6188: Cross-site request forgery (CSRF) vulnerability in HP System Management Homepage (SMH) 7.1 through 7 Cross-site request forgery (CSRF) vulnerability in HP System Management Homepage (SMH) 7.1 through 7.2.2 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.

CVE-2013-4846 [MEDIUM] CVE-2013-4846: Unspecified vulnerability in HP System Management Homepage (SMH) before 7.3 allows remote attackers Unspecified vulnerability in HP System Management Homepage (SMH) before 7.3 allows remote attackers to obtain sensitive information via unknown vectors.

CVE-2013-4821 [MEDIUM] CVE-2013-4821: Unspecified vulnerability in HP System Management Homepage (SMH) before 7.2.1 allows remote authenti Unspecified vulnerability in HP System Management Homepage (SMH) before 7.2.1 allows remote authenticated users to cause a denial of service via unknown vectors.

CVE-2013-2361 [MEDIUM] CWE-79 CVE-2013-2361: Cross-site scripting (XSS) vulnerability in HP System Management Homepage (SMH) before 7.2.1 allows Cross-site scripting (XSS) vulnerability in HP System Management Homepage (SMH) before 7.2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.