Hp System Management Homepage vulnerabilities

CVE-2010-3284 [MEDIUM] CWE-200 CVE-2010-3284: Unspecified vulnerability in HP System Management Homepage (SMH) before 6.2 allows remote attackers Unspecified vulnerability in HP System Management Homepage (SMH) before 6.2 allows remote attackers to obtain sensitive information via unknown vectors.

CVE-2010-3283 [MEDIUM] CWE-20 CVE-2010-3283: Open redirect vulnerability in HP System Management Homepage (SMH) before 6.2 allows remote attacker Open redirect vulnerability in HP System Management Homepage (SMH) before 6.2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.

CVE-2010-3012 [MEDIUM] CVE-2010-3012: Cross-site scripting (XSS) vulnerability in HP System Management Homepage (SMH) before 6.2 allows re Cross-site scripting (XSS) vulnerability in HP System Management Homepage (SMH) before 6.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: this issue was originally assigned CVE-2010-3010 due to a CNA error.

CVE-2010-3011 [MEDIUM] CWE-20 CVE-2010-3011: CRLF injection vulnerability in HP System Management Homepage (SMH) before 6.2 allows remote attacke CRLF injection vulnerability in HP System Management Homepage (SMH) before 6.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.

CVE-2010-3009 [CRITICAL] CVE-2010-3009: Unspecified vulnerability in HP System Management Homepage (SMH) for Linux 6.0 and 6.1 allows remote Unspecified vulnerability in HP System Management Homepage (SMH) for Linux 6.0 and 6.1 allows remote authenticated users to obtain sensitive information and gain root privileges via unknown vectors.

CVE-2010-1586 [MEDIUM] CWE-20 CVE-2010-1586: Open redirect vulnerability in red2301.html in HP System Management Homepage (SMH) 2.x.x.x allows re Open redirect vulnerability in red2301.html in HP System Management Homepage (SMH) 2.x.x.x allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the RedirectUrl parameter.

CVE-2010-1034 [MEDIUM] CVE-2010-1034: Unspecified vulnerability in HP System Management Homepage (SMH) 6.0 before 6.0.0-95 on Linux, and 6 Unspecified vulnerability in HP System Management Homepage (SMH) 6.0 before 6.0.0-95 on Linux, and 6.0 before 6.0.0.96 on Windows, allows remote authenticated users to obtain sensitive information, modify data, and cause a denial of service via unknown vectors.

CVE-2009-4185 [MEDIUM] CWE-79 CVE-2009-4185: Cross-site scripting (XSS) vulnerability in proxy/smhui/getuiinfo in HP System Management Homepage ( Cross-site scripting (XSS) vulnerability in proxy/smhui/getuiinfo in HP System Management Homepage (SMH) before 6.0 allows remote attackers to inject arbitrary web script or HTML via the servercert parameter.

CVE-2009-1418 [MEDIUM] CWE-79 CVE-2009-1418: Cross-site scripting (XSS) vulnerability in HP System Management Homepage (SMH) before 3.0.1.73 allo Cross-site scripting (XSS) vulnerability in HP System Management Homepage (SMH) before 3.0.1.73 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVE-2008-4413 [MEDIUM] CWE-264 CVE-2008-4413: Unspecified vulnerability in HP System Management Homepage (SMH) 2.2.6 and earlier on HP-UX B.11.11 Unspecified vulnerability in HP System Management Homepage (SMH) 2.2.6 and earlier on HP-UX B.11.11 and B.11.23, and SMH 2.2.6 and 2.2.8 and earlier on HP-UX B.11.23 and B.11.31, allows local users to gain "unauthorized access" via unknown vectors, possibly related to temporary file permissions.

CVE-2008-4411 [MEDIUM] CVE-2008-4411: Cross-site scripting (XSS) vulnerability in HP System Management Homepage (SMH) before 2.1.15.210 on Cross-site scripting (XSS) vulnerability in HP System Management Homepage (SMH) before 2.1.15.210 on Linux and Windows allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2008-1663.

CVE-2008-1663 [MEDIUM] CWE-79 CVE-2008-1663: Cross-site scripting (XSS) vulnerability in HP System Management Homepage (SMH) 2.1.10 and 2.1.11 on Cross-site scripting (XSS) vulnerability in HP System Management Homepage (SMH) 2.1.10 and 2.1.11 on Linux and Windows allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVE-2007-4931 [LOW] CVE-2007-4931: HP System Management Homepage (SMH) for Windows, when used in conjunction with HP Version Control Ag HP System Management Homepage (SMH) for Windows, when used in conjunction with HP Version Control Agent or Version Control Repository Manager, leaves old OpenSSL software active after an OpenSSL update, which has unknown impact and attack vectors, probably related to previous vulnerabilities for OpenSSL.

CVE-2007-3260 [CRITICAL] CVE-2007-3260: HP System Management Homepage (SMH) before 2.1.9 for Linux, when used with Novell eDirectory, assign HP System Management Homepage (SMH) before 2.1.9 for Linux, when used with Novell eDirectory, assigns the eDirectory members to the root group, which allows remote authenticated eDirectory users to gain privileges.

CVE-2007-3062 [MEDIUM] CVE-2007-3062: Cross-site scripting (XSS) vulnerability in HP System Management Homepage (SMH) before 2.1.2 running Cross-site scripting (XSS) vulnerability in HP System Management Homepage (SMH) before 2.1.2 running on Linux and Windows allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVE-2006-1774 [HIGH] CVE-2006-1774: HP System Management Homepage (SMH) 2.1.3.132, when running on CompaqHTTPServer/9.9 on Windows, Linu HP System Management Homepage (SMH) 2.1.3.132, when running on CompaqHTTPServer/9.9 on Windows, Linux, or Tru64 UNIX, and when "Trust by Certificates" is not enabled, allows remote attackers to bypass authentication via a crafted URL.

CVE-2006-1023 [MEDIUM] CVE-2006-1023: Directory traversal vulnerability in HP System Management Homepage (SMH) 2.0.0 through 2.1.4 on Wind Directory traversal vulnerability in HP System Management Homepage (SMH) 2.0.0 through 2.1.4 on Windows allows remote attackers to access certain files via unspecified vectors.