3 results (0.006 seconds)

CVSS: 6.8EPSS: 0%CPEs: 4EXPL: 0

An attacker may be able to bypass the OS application filter meant to restrict applications that can be executed by changing browser preferences to launch a separate process that in turn can execute arbitrary commands. Un atacante puede ser capaz de omitir el filtro de aplicación del sistema operativo destinado a restringir las aplicaciones que pueden ser ejecutadas mediante el cambio de las preferencias del navegador para iniciar un proceso separado que a su vez puede ejecutar comandos arbitrarios. HP ThinPro versions 7.1, 7.0, 6.2.1, and 6.2 suffer from an application filter bypass vulnerability. • http://packetstormsecurity.com/files/156898/HP-ThinPro-6.x-7.x-Filter-Bypass.html http://seclists.org/fulldisclosure/2020/Mar/37 https://support.hp.com/us-en/document/c06509350 • CWE-287: Improper Authentication •

CVSS: 4.6EPSS: 0%CPEs: 4EXPL: 0

If a local user has been configured and logged in, an unauthenticated attacker with physical access may be able to extract sensitive information onto a local drive. Si un usuario local se configuró e inició sesión, un atacante no autenticado con acceso físico puede extraer información confidencial en una unidad local. HP ThinPro versions 7.1, 7.0, 6.2.1, and 6.2 suffer from a local physical access information disclosure vulnerability. • http://packetstormsecurity.com/files/156895/HP-ThinPro-6.x-7.x-Information-Disclosure.html http://seclists.org/fulldisclosure/2020/Mar/30 https://support.hp.com/us-en/document/c06509350 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 8.0EPSS: 0%CPEs: 5EXPL: 1

The VPN software within HP ThinPro does not safely handle user supplied input, which may be leveraged by an attacker to inject commands that will execute with root privileges. El software VPN dentro de HP ThinPro no maneja de forma segura la entrada suministrada por parte el usuario, lo que puede ser aprovechado por un atacante para inyectar comandos que se ejecutarán con privilegios de root. HP ThinPro versions 7.1, 7.0, 6.2.1, and 6.2 suffer from a Citrix receiver connection wrapper command injection vulnerability. • http://packetstormsecurity.com/files/156907/HP-ThinPro-6.x-7.x-Citrix-Command-Injection.html http://seclists.org/fulldisclosure/2020/Mar/39 https://support.hp.com/us-en/document/c06509350 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •