threat
engine
.sh
Back
·
··:··
Home
/
Product
/
hp system management homepage
Product
hp system management homepage
78 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2023-50271
< a.3.2.23.09
A potential security vulnerability has been identified with HP-UX System Management Homepage (SMH). This vulnerability could be ex
7.2
HIGH
CVE-2017-12553
< 7.6.1
A local authentication bypass vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was fo
5.6
MEDIUM
CVE-2017-12552
< 7.6.1
A local arbitrary execution of commands vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.
5.6
MEDIUM
CVE-2017-12551
< 7.6.1
A local arbitrary execution of commands vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.
5.6
MEDIUM
CVE-2017-12550
< 7.6.1
A local security misconfiguration vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 wa
5.6
MEDIUM
CVE-2017-12549
< 7.6.1
A local authentication bypass vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was fo
5.6
MEDIUM
CVE-2017-12548
< 7.6.1
A local arbitrary command execution vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1
5.6
MEDIUM
CVE-2017-12547
< 7.6.1
A local arbitrary command execution vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1
5.6
MEDIUM
CVE-2017-12546
< 7.6.1
A local buffer overflow vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was found.
5.6
MEDIUM
CVE-2017-12545
< 7.6.1
A remote denial of service vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was found
7.5
HIGH
CVE-2017-12544
< 7.6.1
A cross-site scripting vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was found.
5.4
MEDIUM
CVE-2016-4396
<= 7.5.5.0
HPE System Management Homepage before v7.6 allows remote attackers to have an unspecified impact via unknown vectors, related to a
7.5
HIGH
CVE-2016-4395
<= 7.5.5.0
HPE System Management Homepage before v7.6 allows remote attackers to have an unspecified impact via unknown vectors, related to a
7.5
HIGH
CVE-2016-4394
<= 7.5.5.0
HPE System Management Homepage before v7.6 allows remote attackers to obtain sensitive information via unspecified vectors, relate
6.5
MEDIUM
CVE-2016-4393
<= 7.5.5.0
HPE System Management Homepage before v7.6 allows "remote authenticated" attackers to obtain sensitive information via unspecified
5.4
MEDIUM
CVE-2016-5388
<= 7.5.5.0
Apache Tomcat 7.x through 7.0.70 and 8.x through 8.5.4, when the CGI Servlet is enabled, follows RFC 3875 section 4.1.18 and there
8.1
HIGH
CVE-2016-5387
<= 7.5.5.0
The Apache HTTP Server through 2.4.23 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presenc
8.1
HIGH
CVE-2016-5385
<= 7.5.5.0
PHP through 7.0.8 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect applicati
8.1
HIGH
CVE-2016-4543
<= 7.5.5.6
The exif_process_IFD_in_JPEG function in ext/exif/exif.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 does not
9.8
CRITICAL
CVE-2016-2015
<= 7.5.4.3
HPE System Management Homepage before 7.5.5 allows local users to obtain sensitive information or modify data via unspecified vect
7.1
HIGH
CVE-2016-1996
<= 7.5.3.1
HPE System Management Homepage before 7.5.4 allows local users to obtain sensitive information or modify data via unspecified vect
7.7
HIGH
CVE-2016-1995
<= 7.5.3.1
HPE System Management Homepage before 7.5.4 allows remote attackers to execute arbitrary code via unspecified vectors.
9.8
CRITICAL
CVE-2016-1994
<= 7.5.3.1
HPE System Management Homepage before 7.5.4 allows remote authenticated users to obtain sensitive information via unspecified vect
6.5
MEDIUM
CVE-2016-1993
<= 7.5.3.1
HPE System Management Homepage before 7.5.4 allows remote authenticated users to obtain sensitive information or modify data via u
8.1
HIGH
CVE-2015-8651
< 7.6
Integer overflow in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.2
8.8
HIGH
CVE-2015-2134
<= 7.4.0
Cross-site request forgery (CSRF) vulnerability in HP System Management Homepage (SMH) before 7.5.0 allows remote authenticated us
CVE-2015-3113
< 7.5.0
Heap-based buffer overflow in Adobe Flash Player before 13.0.0.296 and 14.x through 18.x before 18.0.0.194 on Windows and OS X and
9.8
CRITICAL
CVE-2015-3237
<= 7.5.3.1
The smb_request_state function in cURL and libcurl 7.40.0 through 7.42.1 allows remote SMB servers to obtain sensitive information
CVE-2015-4024
<= 7.5.3.1
Algorithmic complexity vulnerability in the multipart_buffer_headers function in main/rfc1867.c in PHP before 5.4.41, 5.5.x before
CVE-2015-3148
<= 7.5.3.1
cURL and libcurl 7.10.6 through 7.41.0 do not properly re-use authenticated Negotiate connections, which allows remote attackers t
CVE-2015-3145
<= 7.5.3.1
The sanitize_cookie_path function in cURL and libcurl 7.31.0 through 7.41.0 does not properly calculate an index, which allows rem
CVE-2015-3143
<= 7.5.3.1
cURL and libcurl 7.10.6 through 7.41.0 does not properly re-use NTLM connections, which allows remote attackers to connect as othe
CVE-2014-7874
<= 3.2.2
Cross-site request forgery (CSRF) vulnerability in HP System Management Homepage (SMH) before 3.2.3 on HP-UX B.11.23, and before 3
CVE-2014-2642
<= 7.3
HP System Management Homepage (SMH) before 7.4 allows remote attackers to conduct clickjacking attacks via unspecified vectors.
CVE-2014-2641
<= 7.3
Cross-site request forgery (CSRF) vulnerability in HP System Management Homepage (SMH) before 7.4 allows remote authenticated user
CVE-2014-2640
<= 7.3
Cross-site scripting (XSS) vulnerability in HP System Management Homepage (SMH) before 7.4 allows remote attackers to inject arbit
CVE-2013-6188
all versions
Cross-site request forgery (CSRF) vulnerability in HP System Management Homepage (SMH) 7.1 through 7.2.2 allows remote attackers t
CVE-2013-4846
<= 7.2.2
Unspecified vulnerability in HP System Management Homepage (SMH) before 7.3 allows remote attackers to obtain sensitive informatio
CVE-2013-4821
<= 7.2
Unspecified vulnerability in HP System Management Homepage (SMH) before 7.2.1 allows remote authenticated users to cause a denial
CVE-2013-2364
<= 7.2
Cross-site scripting (XSS) vulnerability in HP System Management Homepage (SMH) before 7.2.1 allows remote authenticated users to
CVE-2013-2363
<= 7.2
HP System Management Homepage (SMH) before 7.2.1 allows remote attackers to obtain sensitive information via unspecified vectors,
CVE-2013-2362
<= 7.2
Unspecified vulnerability in HP System Management Homepage (SMH) before 7.2.1 allows local users to cause a denial of service via
CVE-2013-2361
<= 7.2
Cross-site scripting (XSS) vulnerability in HP System Management Homepage (SMH) before 7.2.1 allows remote attackers to inject arb
CVE-2013-2360
<= 7.2
Unspecified vulnerability in HP System Management Homepage (SMH) before 7.2.1 allows remote authenticated users to cause a denial
CVE-2013-2359
<= 7.2
Unspecified vulnerability in HP System Management Homepage (SMH) before 7.2.1 allows remote authenticated users to cause a denial
CVE-2013-2358
<= 7.2
Unspecified vulnerability in HP System Management Homepage (SMH) before 7.2.1 allows remote authenticated users to cause a denial
CVE-2013-2357
<= 7.2
Unspecified vulnerability in HP System Management Homepage (SMH) before 7.2.1 allows remote authenticated users to cause a denial
CVE-2013-2356
<= 7.2
HP System Management Homepage (SMH) before 7.2.1 allows remote attackers to obtain sensitive information via unspecified vectors,
CVE-2013-2355
<= 7.2
HP System Management Homepage (SMH) before 7.2.1 allows remote attackers to bypass intended access restrictions and obtain sensiti
CVE-2012-5217
<= 7.2
HP System Management Homepage (SMH) before 7.2.1 allows remote attackers to bypass intended access restrictions and obtain sensiti
CVE-2013-3576
all versions
ginkgosnmp.inc in HP System Management Homepage (SMH) allows remote authenticated users to execute arbitrary commands via shell me
CVE-2012-2016
<= 7.1.0-16
Unspecified vulnerability in HP System Management Homepage (SMH) before 7.1.1 allows local users to obtain sensitive information v
CVE-2012-2015
<= 7.1.0-16
Unspecified vulnerability in HP System Management Homepage (SMH) before 7.1.1 allows remote authenticated users to gain privileges
CVE-2012-2014
<= 7.1.0-16
HP System Management Homepage (SMH) before 7.1.1 does not properly validate input, which allows remote authenticated users to have
CVE-2012-2013
<= 7.1.0-16
Unspecified vulnerability in HP System Management Homepage (SMH) before 7.1.1 allows remote attackers to cause a denial of service
CVE-2012-2012
<= 7.1.0-16
HP System Management Homepage (SMH) before 7.1.1 does not have an off autocomplete attribute for unspecified form fields, which ma
CVE-2012-1993
<= 6.1.0-103
Unspecified vulnerability in HP System Management Homepage (SMH) before 7.0 allows local users to modify data or obtain sensitive
CVE-2012-0135
<= 6.1.0-103
Unspecified vulnerability in HP System Management Homepage (SMH) before 7.0 allows remote authenticated users to cause a denial of
CVE-2011-3846
all versions
Cross-site request forgery (CSRF) vulnerability in HP System Management Homepage (SMH) 6.2.2.7 allows remote attackers to hijack t
CVE-2011-1541
<= 6.2.3.8
Unspecified vulnerability in HP System Management Homepage (SMH) before 6.3 allows remote attackers to bypass intended access rest
CVE-2011-1540
<= 6.2.3.8
Unspecified vulnerability in HP System Management Homepage (SMH) before 6.3 allows remote authenticated users to execute arbitrary
CVE-2010-3284
<= 6.1.0.102
Unspecified vulnerability in HP System Management Homepage (SMH) before 6.2 allows remote attackers to obtain sensitive informatio
CVE-2010-3283
<= 6.1.0.102
Open redirect vulnerability in HP System Management Homepage (SMH) before 6.2 allows remote attackers to redirect users to arbitra
CVE-2010-3012
<= 6.1
Cross-site scripting (XSS) vulnerability in HP System Management Homepage (SMH) before 6.2 allows remote attackers to inject arbit
CVE-2010-3011
<= 6.1
CRLF injection vulnerability in HP System Management Homepage (SMH) before 6.2 allows remote attackers to inject arbitrary HTTP he
CVE-2010-3009
all versions
Unspecified vulnerability in HP System Management Homepage (SMH) for Linux 6.0 and 6.1 allows remote authenticated users to obtain
CVE-2010-1586
all versions
Open redirect vulnerability in red2301.html in HP System Management Homepage (SMH) 2.x.x.x allows remote attackers to redirect use
CVE-2010-1034
all versions
Unspecified vulnerability in HP System Management Homepage (SMH) 6.0 before 6.0.0-95 on Linux, and 6.0 before 6.0.0.96 on Windows,
CVE-2009-4185
<= 3.0.2.77
Cross-site scripting (XSS) vulnerability in proxy/smhui/getuiinfo in HP System Management Homepage (SMH) before 6.0 allows remote
CVE-2009-1418
<= 3.0.0-68
Cross-site scripting (XSS) vulnerability in HP System Management Homepage (SMH) before 3.0.1.73 allows remote attackers to inject
CVE-2008-4413
<= 2.2.6
Unspecified vulnerability in HP System Management Homepage (SMH) 2.2.6 and earlier on HP-UX B.11.11 and B.11.23, and SMH 2.2.6 and
CVE-2008-4411
<= 2.1.12-200
Cross-site scripting (XSS) vulnerability in HP System Management Homepage (SMH) before 2.1.15.210 on Linux and Windows allows remo
CVE-2008-1663
all versions
Cross-site scripting (XSS) vulnerability in HP System Management Homepage (SMH) 2.1.10 and 2.1.11 on Linux and Windows allows remo
CVE-2007-4931
all versions
HP System Management Homepage (SMH) for Windows, when used in conjunction with HP Version Control Agent or Version Control Reposit
CVE-2007-3260
<= 2.1.8
HP System Management Homepage (SMH) before 2.1.9 for Linux, when used with Novell eDirectory, assigns the eDirectory members to th
CVE-2007-3062
all versions
Cross-site scripting (XSS) vulnerability in HP System Management Homepage (SMH) before 2.1.2 running on Linux and Windows allows r
CVE-2006-1774
all versions
HP System Management Homepage (SMH) 2.1.3.132, when running on CompaqHTTPServer/9.9 on Windows, Linux, or Tru64 UNIX, and when "Tr
CVE-2006-1023
all versions
Directory traversal vulnerability in HP System Management Homepage (SMH) 2.0.0 through 2.1.4 on Windows allows remote attackers to
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin