5 results (0.009 seconds)

CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0

Apple Software Update before 2.2 on Windows does not use HTTPS, which makes it easier for man-in-the-middle attackers to spoof updates by modifying the client-server data stream. Apple Software Update en versiones anteriores a 2.2 en Windows no utiliza HTTPS, lo que facilita a atacantes man-in-the-middle suplantar actualizaciones modificando el flujo de datos cliente-servidor. • http://www.securityfocus.com/bid/84283 http://www.securitytracker.com/id/1035256 https://support.apple.com/kb/HT206091 • CWE-310: Cryptographic Issues CWE-345: Insufficient Verification of Data Authenticity •

CVSS: 4.6EPSS: 0%CPEs: 1EXPL: 0

Unspecified vulnerability in HP Software Update before 5.005.002.002 allows local users to gain privileges via unknown vectors. Vulnerabilidad no especificada en HP Software Update en versiones anteriores a 5.005.002.002, permite a usuarios locales obtener privilegios a través de vectores desconocidos. • http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04801217 http://www.securitytracker.com/id/1033616 •

CVSS: 6.8EPSS: 37%CPEs: 1EXPL: 0

Unspecified vulnerability in the HP HPeDiag (aka eSupportDiagnostics) ActiveX control in hpediag.dll in HP Software Update 4.000.009.002 and earlier allows remote attackers to execute arbitrary code or obtain sensitive information via unspecified vectors. NOTE: this might overlap CVE-2007-6513. Vulnerabilidad no especificada en el control ActiveX HP HPeDiag (también conocido como eSupportDiagnostics) en hpediag.dll de HP Software Update 4.000.009.002 y versiones anteriores permite a atacantes remotos ejecutar código de su elección u obtener información sensible a través de vectores no especificados. NOTA: esto puede solaparse con CVE-2007-6513. • http://marc.info/?l=bugtraq&m=120907060320901&w=2 http://secunia.com/advisories/29966 http://www.securityfocus.com/bid/28929 http://www.securitytracker.com/id?1019922 http://www.vupen.com/english/advisories/2008/1356/references https://exchange.xforce.ibmcloud.com/vulnerabilities/42003 •

CVSS: 9.3EPSS: 90%CPEs: 2EXPL: 2

The HPRulesEngine.ContentCollection.1 ActiveX Control in RulesEngine.dll for HP Software Update 4.000.005.007 and earlier, including 3.0.8.4, allows remote attackers to (1) overwrite and corrupt arbitrary files via arguments to the SaveToFile method, and possibly (2) access arbitrary files via the LoadDataFromFile method. El control ActiveX HPRulesEngine.ContentCollection.1 en la biblioteca RulesEngine.dll para HP Software Update versión 4.000.005.007 y anteriores, incluyendo versión 3.0.8.4, permite a los atacantes remotos (1) sobrescribir y corromper archivos arbitrarios por medio de argumentos en el método SaveToFile y, posiblemente , (2) acceder a archivos arbitrarios por medio del método LoadDataFromFile. • https://www.exploit-db.com/exploits/4757 http://blogs.zdnet.com/security/?p=768 http://computerworld.com/action/article.do?command=viewArticleBasic&articleId=9053818 http://it.slashdot.org/it/07/12/20/2327242.shtml http://secunia.com/advisories/28177 http://www.anspi.pl/~porkythepig/hp-issue/wyfukanyszynszyl.txt http://www.securityfocus.com/archive/1/485451/100/0/threaded http://www.securityfocus.com/archive/1/485734/100/0/threaded http://www.securityfocus.com/bid/26950 •

CVSS: 5.0EPSS: 39%CPEs: 1EXPL: 2

Format string vulnerability in Apple Software Update 2.0.5 on Mac OS X 10.4.8 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via format string specifiers in (1) SWUTMP or (2) SUCATALOG filenames, or using the (3) application/x-apple.sucatalog+xml MIME type. Vulnerabilidad de cadena de formato en Apple Software Update 2.0.5 de Mac OS X 10.4.8 permite a atacantes remotos provocar una denegación de servicio (cierre de aplicación) o ejecutar código de su elección mediante especificadores de cadena de formato en nombres de archivo (1) SWUTMP o (2) SUCATALOG, o utilizando el tipo MIME (3) application/x-apple.sucatalog+xml. • https://www.exploit-db.com/exploits/29523 http://docs.info.apple.com/article.html?artnum=305214 http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html http://projects.info-pull.com/moab/MOAB-24-01-2007.html http://secunia.com/advisories/24479 http://www.osvdb.org/32703 http://www.securityfocus.com/bid/22222 http://www.securitytracker.com/id?1017755 http://www.us-cert.gov/cas/techalerts/TA07-072A.html http://www.vupen.com/english/advisories/2007/03 •