CVSS: 9.8EPSS: 0%CPEs: 155EXPL: 0CVE-2015-3143 – curl: re-using authenticated connection when unauthenticated
https://notcve.org/view.php?id=CVE-2015-3143
22 Apr 2015 — cURL and libcurl 7.10.6 through 7.41.0 does not properly re-use NTLM connections, which allows remote attackers to connect as other users via an unauthenticated request, a similar issue to CVE-2014-0015. cURL y libcurl 7.10.6 hasta 7.41.0 no reutilizan correctamente las conexiones NTLM, lo que permite a atacantes remotos conectar como otros usuarios a través de una solicitud no autenticada, un problema similar a CVE-2014-0015. It was discovered that libcurl could incorrectly reuse NTLM-authenticated connect... • http://advisories.mageia.org/MGASA-2015-0179.html • CWE-264: Permissions, Privileges, and Access Controls CWE-287: Improper Authentication •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2014-7874 – HP Security Bulletin HPSBUX03139 SSRT101608
https://notcve.org/view.php?id=CVE-2014-7874
15 Oct 2014 — Cross-site request forgery (CSRF) vulnerability in HP System Management Homepage (SMH) before 3.2.3 on HP-UX B.11.23, and before 3.2.8 on HP-UX B.11.31, allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. Vulnerabilidad de CSRF en HP System Management Homepage (SMH) anterior a 3.2.3 en HP-UX B.11.23, y anterior a 3.2.8 en HP-UX B.11.31, permite a atacantes remotos secuestrar la autenticación de victimas no especificadas a través de vectores desconocidos. A potent... • http://secunia.com/advisories/60945 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 17%CPEs: 5EXPL: 0CVE-2014-2640 – HP Security Bulletin HPSBMU03112
https://notcve.org/view.php?id=CVE-2014-2640
01 Oct 2014 — Cross-site scripting (XSS) vulnerability in HP System Management Homepage (SMH) before 7.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en HP System Management Homepage (SMH) anterior a 7.4 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados. Potential security vulnerabilities have been identified with HP System Management Homepage (SMH) on Linux and Windows. The vulnerabilit... • http://www.kb.cert.org/vuls/id/125228 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 0CVE-2014-2641 – HP Security Bulletin HPSBMU03112
https://notcve.org/view.php?id=CVE-2014-2641
01 Oct 2014 — Cross-site request forgery (CSRF) vulnerability in HP System Management Homepage (SMH) before 7.4 allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors. Vulnerabilidad de CSRF en HP System Management Homepage (SMH) anterior a 7.4 permite a usuarios remotos autenticados secuestrar la autenticaciíon de victimas no especificadas a través de vectores desconocidos. Potential security vulnerabilities have been identified with HP System Management Homepage (SMH) ... • http://www.securitytracker.com/id/1030960 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.5EPSS: 2%CPEs: 5EXPL: 0CVE-2014-2642 – HP Security Bulletin HPSBMU03112
https://notcve.org/view.php?id=CVE-2014-2642
01 Oct 2014 — HP System Management Homepage (SMH) before 7.4 allows remote attackers to conduct clickjacking attacks via unspecified vectors. HP System Management Homepage (SMH) anterior a 7.4 permite a atacantes remotos realizar ataques de clickjacking a través de vectores no especificados. Potential security vulnerabilities have been identified with HP System Management Homepage (SMH) on Linux and Windows. The vulnerabilities could be exploited remotely resulting in Cross-site Scripting (XSS), Cross-site Request Forger... • http://www.securitytracker.com/id/1030960 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 78EXPL: 0CVE-2013-4846 – HP Security Bulletin HPSBMU02947
https://notcve.org/view.php?id=CVE-2013-4846
11 Mar 2014 — Unspecified vulnerability in HP System Management Homepage (SMH) before 7.3 allows remote attackers to obtain sensitive information via unknown vectors. Vulnerabilidad no especificada en HP System Management Homepage (SMH) anterior a 7.3 permite a atacantes remotos obtener información sensible a través de vectores desconocidos. Potential security vulnerabilities have been identified with HP System Management Homepage (SMH) running on Linux and Windows. The vulnerabilities could be exploited remotely resulti... • https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04039138 •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2013-6188 – HP Security Bulletin HPSBMU02947
https://notcve.org/view.php?id=CVE-2013-6188
11 Mar 2014 — Cross-site request forgery (CSRF) vulnerability in HP System Management Homepage (SMH) 7.1 through 7.2.2 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. Vulnerabilidad de CSRF en HP System Management Homepage (SMH) 7.1 hasta 7.2.2 permite a atacantes remotos secuestrar la autenticación de víctimas no especificadas a través de vectores desconocidos. Potential security vulnerabilities have been identified with HP System Management Homepage (SMH) running on Linu... • https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04039138 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.5EPSS: 0%CPEs: 76EXPL: 0CVE-2013-4821 – HP Security Bulletin HPSBMU02900 3
https://notcve.org/view.php?id=CVE-2013-4821
19 Sep 2013 — Unspecified vulnerability in HP System Management Homepage (SMH) before 7.2.1 allows remote authenticated users to cause a denial of service via unknown vectors. Vulnerabilidad no especificada en HP System Management Homepage (SMH) anteriores a 7.2.1 permite a usuarios autenticados remotamente causar denegación de servicio a través de vectores desconocidos. Potential security vulnerabilities have been identified with HP System Management Homepage (SMH) running on Linux and Windows. The vulnerabilities could... • http://www.kb.cert.org/vuls/id/895524 •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2012-5217 – HP Security Bulletin HPSBMU02900 3
https://notcve.org/view.php?id=CVE-2012-5217
19 Jul 2013 — HP System Management Homepage (SMH) before 7.2.1 allows remote attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2013-2355. HP System Management Homepage (SMH) anterior a 7.2.1, permite a atacantes remotos evitar las restricciones de acceso establecidas y obtener información sensible a través de vectores sin especificar. Vulnerabilidad distinta de CVE-2013-2355. Potential security vulnerabilities have been identified... • https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2013-2360 – HP Security Bulletin HPSBMU02900
https://notcve.org/view.php?id=CVE-2013-2360
18 Jul 2013 — Unspecified vulnerability in HP System Management Homepage (SMH) before 7.2.1 allows remote authenticated users to cause a denial of service via unknown vectors, a different vulnerability than CVE-2013-2357, CVE-2013-2358, and CVE-2013-2359. Vulnerabilidad sin especificar en HP System Management Homepage (SMH) anterior a 7.2.1, permite a usuarios autenticados remotamente provocar una denegación de servicio a través de vectores desconocidos. Vulnerabilidad distinta de CVE-2013-2357, CVE-2013-2358, y CVE-2013... • https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862 •