Unspecified vulnerability in the WebTier component in HP Service Manager (SM) 7.21 and 9.x before 9.34 allows remote attackers to execute arbitrary code via unknown vectors. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 37.0% and no vendor patch available.
Integer overflow in the cdf_read_property_info function in cdf.c in file through 5.19, as used in the Fileinfo component in PHP before 5.4.32 and 5.5.x before 5.5.16, allows remote attackers to cause. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 19.1%.
Unspecified vulnerability in the server in HP Service Manager (SM) 7.21 and 9.x before 9.34 allows remote attackers to bypass intended access restrictions, and modify data or cause a denial of. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
gd_ctx.c in the GD component in PHP 5.4.x before 5.4.32 and 5.5.x before 5.5.16 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to overwrite arbitrary files via. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Multiple buffer overflows in the php_parserr function in ext/standard/dns.c in PHP before 5.4.32 and 5.5.x before 5.5.16 allow remote DNS servers to cause a denial of service (application crash) or. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.
Cross-site request forgery (CSRF) vulnerability in the server in HP Service Manager (SM) 7.21 and 9.x before 9.34 allows remote attackers to hijack the authentication of unspecified victims via. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.
Cross-site scripting (XSS) vulnerability in the Mobility Web Client and Service Request Catalog (SRC) components in HP Service Manager (SM) 7.21 and 9.x before 9.34 allows remote attackers to inject. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.