CVE-2007-5946
https://notcve.org/view.php?id=CVE-2007-5946
Unspecified vulnerability in the Aries PA-RISC emulator on HP-UX B.11.23 and B.11.31 on the IA-64 platform allows local users to obtain unspecified access. Vulnerabilidad no especificada en el emulador Aries PA-RISC sobre HP-UX B.11.23 y B.11.31 sobre la plataforma IA-64 permite a usuarios locales obtener accesos no especificados. • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01241483 http://secunia.com/advisories/27606 http://securitytracker.com/id?1018925 http://www.securityfocus.com/bid/26383 http://www.vupen.com/english/advisories/2007/3820 https://exchange.xforce.ibmcloud.com/vulnerabilities/38361 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5548 •
CVE-2007-5536
https://notcve.org/view.php?id=CVE-2007-5536
Unspecified vulnerability in OpenSSL before A.00.09.07l on HP-UX B.11.11, B.11.23, and B.11.31 allows local users to cause a denial of service via unspecified vectors. Vulnerabilidad sin especificar en el OpenSSL anterior al A.00.09.07l en el HP-UX B.11.11, B.11.23 y B.11.31 permite a usuarios locales provocar una denegación de servicio a través de vectores sin especificar. • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01203958 http://osvdb.org/37894 http://secunia.com/advisories/27265 http://www.securityfocus.com/bid/26093 http://www.vupen.com/english/advisories/2007/3526 https://exchange.xforce.ibmcloud.com/vulnerabilities/37231 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5871 •
CVE-2007-5302
https://notcve.org/view.php?id=CVE-2007-5302
Multiple cross-site scripting (XSS) vulnerabilities in HP System Management Homepage (SMH) in HP-UX B.11.11, B.11.23, and B.11.31, and SMH before 2.1.10 for Linux and Windows, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. Múltiples vulnerabilidades de tipo cross-site scripting (XSS) en HP System Management Homepage (SMH) en HP-UX versiones B.11.11, B.11.23 y B.11.31, y SMH versiones anteriores a 2.1.10 para Linux y Windows, permiten a atacantes remotos inyectar script web o HTML arbitrario por medio de vectores no especificados. • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01183265 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01183597 http://osvdb.org/37603 http://secunia.com/advisories/27067 http://www.securityfocus.com/bid/25953 http://www.securitytracker.com/id?1018775 http://www.vupen.com/english/advisories/2007/3387 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5773 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2007-5008
https://notcve.org/view.php?id=CVE-2007-5008
The logins command in HP-UX B.11.31, B.11.23, and B.11.11 does not correctly report password status, which allows remote attackers to obtain privileges when certain "password issues" are not detected. El comando logins en HP-UX versiones B.11.31, B.11.23 y B.11.11, no reporta correctamente el estado de la contraseña, lo que permite a atacantes remotos alcanzar privilegios cuando no son detectados ciertos "password issues". • http://secunia.com/advisories/26873 http://www.securityfocus.com/bid/25740 http://www.securitytracker.com/id?1018709 http://www.vupen.com/english/advisories/2007/3230 https://exchange.xforce.ibmcloud.com/vulnerabilities/36702 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5779 https://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c01167886 • CWE-287: Improper Authentication •
CVE-2007-4590
https://notcve.org/view.php?id=CVE-2007-4590
The get_system_info command in Ignite-UX C.7.0 through C.7.3, and DynRootDisk (DRD) A.1.0.16.417 through A.2.0.0.592, on HP-UX B.11.11, B.11.23, and B.11.31 does not inform local users of networking changes made by the command, which has unknown impact and attack vectors. El comando get_system_info de Ignite-UX C.7.0 hasta C.7.3, y DynRootDisk (DRD) A.1.0.16.417 hasta A.2.0.0.5.92, en HP-UX B.11.11, B.11.23, y B.11.31 no informa a los usuarios locales de cambios de red realizados por el comando, lo cual tiene impacto y vectores de ataque desconocidos. • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01118367 http://osvdb.org/37563 http://secunia.com/advisories/26599 http://securitytracker.com/id?1018607 http://www.securityfocus.com/bid/25469 http://www.vupen.com/english/advisories/2007/2985 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5515 •