CVSS: 6.8EPSS: 40%CPEs: 1EXPL: 0CVE-2008-0712
https://notcve.org/view.php?id=CVE-2008-0712
Unspecified vulnerability in the HP HPeDiag (aka eSupportDiagnostics) ActiveX control in hpediag.dll in HP Software Update 4.000.009.002 and earlier allows remote attackers to execute arbitrary code or obtain sensitive information via unspecified vectors. NOTE: this might overlap CVE-2007-6513. Vulnerabilidad no especificada en el control ActiveX HP HPeDiag (también conocido como eSupportDiagnostics) en hpediag.dll de HP Software Update 4.000.009.002 y versiones anteriores permite a atacantes remotos ejecutar código de su elección u obtener información sensible a través de vectores no especificados. NOTA: esto puede solaparse con CVE-2007-6513. • http://marc.info/?l=bugtraq&m=120907060320901&w=2 http://secunia.com/advisories/29966 http://www.securityfocus.com/bid/28929 http://www.securitytracker.com/id?1019922 http://www.vupen.com/english/advisories/2008/1356/references https://exchange.xforce.ibmcloud.com/vulnerabilities/42003 •
CVSS: 9.3EPSS: 93%CPEs: 2EXPL: 2CVE-2007-6506 – HP Software Update Client 3.0.8.4 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2007-6506
The HPRulesEngine.ContentCollection.1 ActiveX Control in RulesEngine.dll for HP Software Update 4.000.005.007 and earlier, including 3.0.8.4, allows remote attackers to (1) overwrite and corrupt arbitrary files via arguments to the SaveToFile method, and possibly (2) access arbitrary files via the LoadDataFromFile method. El control ActiveX HPRulesEngine.ContentCollection.1 en la biblioteca RulesEngine.dll para HP Software Update versión 4.000.005.007 y anteriores, incluyendo versión 3.0.8.4, permite a los atacantes remotos (1) sobrescribir y corromper archivos arbitrarios por medio de argumentos en el método SaveToFile y, posiblemente , (2) acceder a archivos arbitrarios por medio del método LoadDataFromFile. • https://www.exploit-db.com/exploits/4757 http://blogs.zdnet.com/security/?p=768 http://computerworld.com/action/article.do?command=viewArticleBasic&articleId=9053818 http://it.slashdot.org/it/07/12/20/2327242.shtml http://secunia.com/advisories/28177 http://www.anspi.pl/~porkythepig/hp-issue/wyfukanyszynszyl.txt http://www.securityfocus.com/archive/1/485451/100/0/threaded http://www.securityfocus.com/archive/1/485734/100/0/threaded http://www.securityfocus.com/bid/26950 •
CVSS: 5.0EPSS: 39%CPEs: 1EXPL: 2CVE-2007-0463 – Apple Mac OSX 10.4.x - Software Update Format String
https://notcve.org/view.php?id=CVE-2007-0463
Format string vulnerability in Apple Software Update 2.0.5 on Mac OS X 10.4.8 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via format string specifiers in (1) SWUTMP or (2) SUCATALOG filenames, or using the (3) application/x-apple.sucatalog+xml MIME type. Vulnerabilidad de cadena de formato en Apple Software Update 2.0.5 de Mac OS X 10.4.8 permite a atacantes remotos provocar una denegación de servicio (cierre de aplicación) o ejecutar código de su elección mediante especificadores de cadena de formato en nombres de archivo (1) SWUTMP o (2) SUCATALOG, o utilizando el tipo MIME (3) application/x-apple.sucatalog+xml. • https://www.exploit-db.com/exploits/29523 http://docs.info.apple.com/article.html?artnum=305214 http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html http://projects.info-pull.com/moab/MOAB-24-01-2007.html http://secunia.com/advisories/24479 http://www.osvdb.org/32703 http://www.securityfocus.com/bid/22222 http://www.securitytracker.com/id?1017755 http://www.us-cert.gov/cas/techalerts/TA07-072A.html http://www.vupen.com/english/advisories/2007/03 •