CVSS: 4.6EPSS: 0%CPEs: 1EXPL: 0CVE-2015-5442
https://notcve.org/view.php?id=CVE-2015-5442
Unspecified vulnerability in HP Software Update before 5.005.002.002 allows local users to gain privileges via unknown vectors. Vulnerabilidad no especificada en HP Software Update en versiones anteriores a 5.005.002.002, permite a usuarios locales obtener privilegios a través de vectores desconocidos. • http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04801217 http://www.securitytracker.com/id/1033616 •
CVSS: 6.8EPSS: 86%CPEs: 1EXPL: 1CVE-2008-2390 – HP Software Update - 'Hpufunction.dll 4.0.0.1' Insecure Method
https://notcve.org/view.php?id=CVE-2008-2390
Hpufunction.dll 4.0.0.1 in HP Software Update exposes the unsafe (1) ExecuteAsync and (2) Execute methods, which allows remote attackers to execute arbitrary code via an absolute pathname in the first argument. Hpufunction.dll 4.0.0.1 de HP Software Update expone los métodos inseguros (1) ExecuteAsync y (2)Execute, lo cual permite a atacantes remotos ejecutar código arbitrariam0<1.2 ente a través de un nombre de ruta absoluto en el primer argumeto. • https://www.exploit-db.com/exploits/5511 https://exchange.xforce.ibmcloud.com/vulnerabilities/42249 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.8EPSS: 40%CPEs: 1EXPL: 0CVE-2008-0712
https://notcve.org/view.php?id=CVE-2008-0712
Unspecified vulnerability in the HP HPeDiag (aka eSupportDiagnostics) ActiveX control in hpediag.dll in HP Software Update 4.000.009.002 and earlier allows remote attackers to execute arbitrary code or obtain sensitive information via unspecified vectors. NOTE: this might overlap CVE-2007-6513. Vulnerabilidad no especificada en el control ActiveX HP HPeDiag (también conocido como eSupportDiagnostics) en hpediag.dll de HP Software Update 4.000.009.002 y versiones anteriores permite a atacantes remotos ejecutar código de su elección u obtener información sensible a través de vectores no especificados. NOTA: esto puede solaparse con CVE-2007-6513. • http://marc.info/?l=bugtraq&m=120907060320901&w=2 http://secunia.com/advisories/29966 http://www.securityfocus.com/bid/28929 http://www.securitytracker.com/id?1019922 http://www.vupen.com/english/advisories/2008/1356/references https://exchange.xforce.ibmcloud.com/vulnerabilities/42003 •
CVSS: 9.3EPSS: 93%CPEs: 2EXPL: 2CVE-2007-6506 – HP Software Update Client 3.0.8.4 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2007-6506
The HPRulesEngine.ContentCollection.1 ActiveX Control in RulesEngine.dll for HP Software Update 4.000.005.007 and earlier, including 3.0.8.4, allows remote attackers to (1) overwrite and corrupt arbitrary files via arguments to the SaveToFile method, and possibly (2) access arbitrary files via the LoadDataFromFile method. El control ActiveX HPRulesEngine.ContentCollection.1 en la biblioteca RulesEngine.dll para HP Software Update versión 4.000.005.007 y anteriores, incluyendo versión 3.0.8.4, permite a los atacantes remotos (1) sobrescribir y corromper archivos arbitrarios por medio de argumentos en el método SaveToFile y, posiblemente , (2) acceder a archivos arbitrarios por medio del método LoadDataFromFile. • https://www.exploit-db.com/exploits/4757 http://blogs.zdnet.com/security/?p=768 http://computerworld.com/action/article.do?command=viewArticleBasic&articleId=9053818 http://it.slashdot.org/it/07/12/20/2327242.shtml http://secunia.com/advisories/28177 http://www.anspi.pl/~porkythepig/hp-issue/wyfukanyszynszyl.txt http://www.securityfocus.com/archive/1/485451/100/0/threaded http://www.securityfocus.com/archive/1/485734/100/0/threaded http://www.securityfocus.com/bid/26950 •