U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:a:hp:system_management_homepage:2.1.4:*:*:*:*:*:*:*
  • CPE Name Search: true
There are 69 matching records.
Displaying matches 61 through 69.
Vuln ID Summary CVSS Severity
CVE-2010-3011

CRLF injection vulnerability in HP System Management Homepage (SMH) before 6.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.

Published: September 17, 2010; 2:00:02 PM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2010-1586

Open redirect vulnerability in red2301.html in HP System Management Homepage (SMH) 2.x.x.x allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the RedirectUrl parameter.

Published: April 28, 2010; 6:30:00 PM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2009-4185

Cross-site scripting (XSS) vulnerability in proxy/smhui/getuiinfo in HP System Management Homepage (SMH) before 6.0 allows remote attackers to inject arbitrary web script or HTML via the servercert parameter.

Published: February 05, 2010; 5:30:02 PM -0500
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2009-1418

Cross-site scripting (XSS) vulnerability in HP System Management Homepage (SMH) before 3.0.1.73 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Published: May 19, 2009; 3:30:00 PM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2008-4413

Unspecified vulnerability in HP System Management Homepage (SMH) 2.2.6 and earlier on HP-UX B.11.11 and B.11.23, and SMH 2.2.6 and 2.2.8 and earlier on HP-UX B.11.23 and B.11.31, allows local users to gain "unauthorized access" via unknown vectors, possibly related to temporary file permissions.

Published: November 04, 2008; 1:29:47 PM -0500
V3.x:(not available)
V2.0: 6.2 MEDIUM
CVE-2008-4411

Cross-site scripting (XSS) vulnerability in HP System Management Homepage (SMH) before 2.1.15.210 on Linux and Windows allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2008-1663.

Published: October 13, 2008; 4:00:02 PM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2007-4931

HP System Management Homepage (SMH) for Windows, when used in conjunction with HP Version Control Agent or Version Control Repository Manager, leaves old OpenSSL software active after an OpenSSL update, which has unknown impact and attack vectors, probably related to previous vulnerabilities for OpenSSL.

Published: September 18, 2007; 2:17:00 PM -0400
V3.x:(not available)
V2.0: 2.1 LOW
CVE-2007-3260

HP System Management Homepage (SMH) before 2.1.9 for Linux, when used with Novell eDirectory, assigns the eDirectory members to the root group, which allows remote authenticated eDirectory users to gain privileges.

Published: June 19, 2007; 2:30:00 PM -0400
V3.x:(not available)
V2.0: 9.0 HIGH
CVE-2006-1023

Directory traversal vulnerability in HP System Management Homepage (SMH) 2.0.0 through 2.1.4 on Windows allows remote attackers to access certain files via unspecified vectors.

Published: March 06, 2006; 7:02:00 PM -0500
V3.x:(not available)
V2.0: 5.0 MEDIUM