6 results (0.005 seconds)

CVSS: 2.1EPSS: 0%CPEs: 2EXPL: 0

HP Asset Manager 9.40 and 9.41 before 9.41.11103 P4-rev1 and 9.50 before 9.50.11925 P3 allows local users to obtain sensitive information via unspecified vectors. HP Asset Manager 9.40 y 9.41 en versiones anteriores a 9.41.11103 P4-rev1 y 9.50 en versiones anteriores a 9.50.11925 P3 permite a usuarios locales obtener información sensible a través de vectores no especificados. • http://www.securityfocus.com/bid/77303 http://www.securitytracker.com/id/1033957 https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04863562 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0

Cross-site scripting (XSS) vulnerability in Numara FootPrints for Linux 8.1 allows remote attackers to inject arbitrary web script or HTML via the Title form field when setting an appointment. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Numara FootPrints para Linux 8.1 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través del campo Title form (forma del título) cuando se fija una cita. NOTA: el origen de esta información es desconocido; los detalles se han obtenido únicamente de información de terceros. • http://secunia.com/advisories/28659 http://www.securityfocus.com/bid/28103 https://exchange.xforce.ibmcloud.com/vulnerabilities/41003 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.5EPSS: 1%CPEs: 2EXPL: 0

MRcgi/MRProcessIncomingForms.pl in Numara FootPrints 8.1 on Linux allows remote attackers to execute arbitrary code via shell metacharacters in the PROJECTNUM parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. MRcgi/MRProcessIncomingForms.pl en Numara FootPrints 8.1 para Linux permite a atacantes remotos ejecutar código de su elección a través de metacaracteres de consola en el parámetro PROJECTNUM. NOTA: el origen de esta información es desconocido; los detalles se han obtenido únicamente de información de terceros. • http://secunia.com/advisories/28659 https://exchange.xforce.ibmcloud.com/vulnerabilities/41005 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 7.2EPSS: 0%CPEs: 4EXPL: 0

Centennial Discovery 2006 Feature Pack 1, which is used by (1) Numara Asset Manager 8.0 and (2) Symantec Discovery 6.5, uses insecure permissions on certain directories, which allows local users to gain privileges. Centennial Discovery 2006 Feature Pack 1, el cual es usado por (1) Numara Asset Manager 8.0 y (2) Symantec Discovery 6.5, utiliza permisos no seguros sobre ciertos directorios, el cual permite a usuarios locales ganar privilegios. • http://secunia.com/advisories/25354 http://secunia.com/advisories/25374 http://secunia.com/advisories/25379 http://secunia.com/secunia_research/2007-58/advisory http://secunia.com/secunia_research/2007-59/advisory http://secunia.com/secunia_research/2007-60/advisory http://www.securityfocus.com/bid/25000 http://www.vupen.com/english/advisories/2007/2599 http://www.vupen.com/english/advisories/2007/2600 http://www.vupen.com/english/advisories/2007/2603 https://exchange.xfor •

CVSS: 9.3EPSS: 1%CPEs: 3EXPL: 0

Stack-based buffer overflow in XferWan.exe as used in multiple products including (1) Symantec Discovery 6.5, (2) Numara Asset Manager 8.0, and (3) Centennial UK Ltd Discovery 2006 Feature Pack, allows remote attackers to execute arbitrary code via a long request. NOTE: this might be a reservation duplicate of CVE-2007-1173. Desbordamiento de búfer basado en pila en el XferWan.exe como el utilizado en múltiples productos incluidos (1) Symantec Discovery 6.5, (2) Numara Asset Manager 8.0 y (3) Centennial UK Ltd Discovery 2006 Feature Pack, permite a atacantes remotos ejecutar código de su elección a través de una petición larga. NOTA: esta vulnerabilidad puede ser una réplica de la CVE-2007-1173. • http://dvlabs.tippingpoint.com/advisory/TPTI-07-10 http://osvdb.org/42059 http://securityreason.com/securityalert/2785 http://www.securityfocus.com/archive/1/470563/100/0/threaded http://www.securityfocus.com/bid/24317 http://www.securitytracker.com/id?1018191 https://exchange.xforce.ibmcloud.com/vulnerabilities/34723 •