Search
Find a vulnerability
Search criteria
8 vulnerabilities found for software_update by hp
CVE-2015-5442 (GCVE-0-2015-5442)
Vulnerability from nvd – Published: 2015-09-29 18:00 – Updated: 2024-08-06 06:50
VLAI
Summary
Unspecified vulnerability in HP Software Update before 5.005.002.002 allows local users to gain privileges via unknown vectors.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.securitytracker.com/id/1033616 | vdb-entryx_refsource_SECTRACK |
| http://h20564.www2.hpe.com/hpsc/doc/public/displa… | x_refsource_CONFIRM |
Date Public
2015-09-18 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:50:02.258Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1033616",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1033616"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04801217"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-09-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in HP Software Update before 5.005.002.002 allows local users to gain privileges via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-06T18:57:01.000Z",
"orgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
"shortName": "hp"
},
"references": [
{
"name": "1033616",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1033616"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04801217"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "hp-security-alert@hp.com",
"ID": "CVE-2015-5442",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in HP Software Update before 5.005.002.002 allows local users to gain privileges via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1033616",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033616"
},
{
"name": "http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04801217",
"refsource": "CONFIRM",
"url": "http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04801217"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
"assignerShortName": "hp",
"cveId": "CVE-2015-5442",
"datePublished": "2015-09-29T18:00:00.000Z",
"dateReserved": "2015-07-07T00:00:00.000Z",
"dateUpdated": "2024-08-06T06:50:02.258Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-2390 (GCVE-0-2008-2390)
Vulnerability from nvd – Published: 2008-05-21 10:00 – Updated: 2024-08-07 08:58
VLAI
Summary
Hpufunction.dll 4.0.0.1 in HP Software Update exposes the unsafe (1) ExecuteAsync and (2) Execute methods, which allows remote attackers to execute arbitrary code via an absolute pathname in the first argument.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| https://www.exploit-db.com/exploits/5511 | exploitx_refsource_EXPLOIT-DB |
Date Public
2008-04-27 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:58:02.261Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "hp-softwareupdate-hpufunction-code-execution(42249)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42249"
},
{
"name": "5511",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/5511"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-04-27T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Hpufunction.dll 4.0.0.1 in HP Software Update exposes the unsafe (1) ExecuteAsync and (2) Execute methods, which allows remote attackers to execute arbitrary code via an absolute pathname in the first argument."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "hp-softwareupdate-hpufunction-code-execution(42249)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42249"
},
{
"name": "5511",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/5511"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-2390",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Hpufunction.dll 4.0.0.1 in HP Software Update exposes the unsafe (1) ExecuteAsync and (2) Execute methods, which allows remote attackers to execute arbitrary code via an absolute pathname in the first argument."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "hp-softwareupdate-hpufunction-code-execution(42249)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42249"
},
{
"name": "5511",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5511"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-2390",
"datePublished": "2008-05-21T10:00:00.000Z",
"dateReserved": "2008-05-21T00:00:00.000Z",
"dateUpdated": "2024-08-07T08:58:02.261Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-0712 (GCVE-0-2008-0712)
Vulnerability from nvd – Published: 2008-04-25 17:00 – Updated: 2024-08-07 07:54
VLAI
Summary
Unspecified vulnerability in the HP HPeDiag (aka eSupportDiagnostics) ActiveX control in hpediag.dll in HP Software Update 4.000.009.002 and earlier allows remote attackers to execute arbitrary code or obtain sensitive information via unspecified vectors. NOTE: this might overlap CVE-2007-6513.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://marc.info/?l=bugtraq&m=120907060320901&w=2 | vendor-advisoryx_refsource_HP |
| http://www.securityfocus.com/bid/28929 | vdb-entryx_refsource_BID |
| http://www.vupen.com/english/advisories/2008/1356… | vdb-entryx_refsource_VUPEN |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://secunia.com/advisories/29966 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securitytracker.com/id?1019922 | vdb-entryx_refsource_SECTRACK |
Date Public
2008-04-24 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:54:23.005Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "HPSBGN02333",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=120907060320901\u0026w=2"
},
{
"name": "28929",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28929"
},
{
"name": "ADV-2008-1356",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1356/references"
},
{
"name": "SSRT080031",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=120907060320901\u0026w=2"
},
{
"name": "hpsoftware-hpediag-code-execution(42003)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42003"
},
{
"name": "29966",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29966"
},
{
"name": "1019922",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1019922"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-04-24T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the HP HPeDiag (aka eSupportDiagnostics) ActiveX control in hpediag.dll in HP Software Update 4.000.009.002 and earlier allows remote attackers to execute arbitrary code or obtain sensitive information via unspecified vectors. NOTE: this might overlap CVE-2007-6513."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "HPSBGN02333",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=120907060320901\u0026w=2"
},
{
"name": "28929",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28929"
},
{
"name": "ADV-2008-1356",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1356/references"
},
{
"name": "SSRT080031",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=120907060320901\u0026w=2"
},
{
"name": "hpsoftware-hpediag-code-execution(42003)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42003"
},
{
"name": "29966",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29966"
},
{
"name": "1019922",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1019922"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0712",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the HP HPeDiag (aka eSupportDiagnostics) ActiveX control in hpediag.dll in HP Software Update 4.000.009.002 and earlier allows remote attackers to execute arbitrary code or obtain sensitive information via unspecified vectors. NOTE: this might overlap CVE-2007-6513."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "HPSBGN02333",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=120907060320901\u0026w=2"
},
{
"name": "28929",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28929"
},
{
"name": "ADV-2008-1356",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1356/references"
},
{
"name": "SSRT080031",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=120907060320901\u0026w=2"
},
{
"name": "hpsoftware-hpediag-code-execution(42003)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42003"
},
{
"name": "29966",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29966"
},
{
"name": "1019922",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1019922"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-0712",
"datePublished": "2008-04-25T17:00:00.000Z",
"dateReserved": "2008-02-11T00:00:00.000Z",
"dateUpdated": "2024-08-07T07:54:23.005Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-6506 (GCVE-0-2007-6506)
Vulnerability from nvd – Published: 2007-12-20 23:00 – Updated: 2024-08-07 16:11
VLAI
Summary
The HPRulesEngine.ContentCollection.1 ActiveX Control in RulesEngine.dll for HP Software Update 4.000.005.007 and earlier, including 3.0.8.4, allows remote attackers to (1) overwrite and corrupt arbitrary files via arguments to the SaveToFile method, and possibly (2) access arbitrary files via the LoadDataFromFile method.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
12 references
| URL | Tags |
|---|---|
| http://www.securitytracker.com/id?1019133 | vdb-entryx_refsource_SECTRACK |
| http://blogs.zdnet.com/security/?p=768 | x_refsource_MISC |
| http://www.securityfocus.com/archive/1/485451/100… | vendor-advisoryx_refsource_HP |
| http://secunia.com/advisories/28177 | third-party-advisoryx_refsource_SECUNIA |
| http://computerworld.com/action/article.do?comman… | x_refsource_MISC |
| https://www.exploit-db.com/exploits/4757 | exploitx_refsource_EXPLOIT-DB |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.vupen.com/english/advisories/2007/4271 | vdb-entryx_refsource_VUPEN |
| http://www.securityfocus.com/bid/26950 | vdb-entryx_refsource_BID |
| http://www.anspi.pl/~porkythepig/hp-issue/wyfukan… | x_refsource_MISC |
| http://www.securityfocus.com/archive/1/485734/100… | vendor-advisoryx_refsource_HP |
| http://it.slashdot.org/it/07/12/20/2327242.shtml | x_refsource_MISC |
Date Public
2007-12-20 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:11:06.001Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1019133",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1019133"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://blogs.zdnet.com/security/?p=768"
},
{
"name": "HPSBGN2301",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/485451/100/0/threaded"
},
{
"name": "28177",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28177"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://computerworld.com/action/article.do?command=viewArticleBasic\u0026articleId=9053818"
},
{
"name": "4757",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/4757"
},
{
"name": "hpsoftware-rulesengine-file-overwrite(39153)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39153"
},
{
"name": "ADV-2007-4271",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/4271"
},
{
"name": "26950",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/26950"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.anspi.pl/~porkythepig/hp-issue/wyfukanyszynszyl.txt"
},
{
"name": "SSRT071508",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/485451/100/0/threaded"
},
{
"name": "HPSBGN02301",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/485734/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://it.slashdot.org/it/07/12/20/2327242.shtml"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-12-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The HPRulesEngine.ContentCollection.1 ActiveX Control in RulesEngine.dll for HP Software Update 4.000.005.007 and earlier, including 3.0.8.4, allows remote attackers to (1) overwrite and corrupt arbitrary files via arguments to the SaveToFile method, and possibly (2) access arbitrary files via the LoadDataFromFile method."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1019133",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1019133"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://blogs.zdnet.com/security/?p=768"
},
{
"name": "HPSBGN2301",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://www.securityfocus.com/archive/1/485451/100/0/threaded"
},
{
"name": "28177",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28177"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://computerworld.com/action/article.do?command=viewArticleBasic\u0026articleId=9053818"
},
{
"name": "4757",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/4757"
},
{
"name": "hpsoftware-rulesengine-file-overwrite(39153)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39153"
},
{
"name": "ADV-2007-4271",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/4271"
},
{
"name": "26950",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/26950"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.anspi.pl/~porkythepig/hp-issue/wyfukanyszynszyl.txt"
},
{
"name": "SSRT071508",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://www.securityfocus.com/archive/1/485451/100/0/threaded"
},
{
"name": "HPSBGN02301",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://www.securityfocus.com/archive/1/485734/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://it.slashdot.org/it/07/12/20/2327242.shtml"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-6506",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The HPRulesEngine.ContentCollection.1 ActiveX Control in RulesEngine.dll for HP Software Update 4.000.005.007 and earlier, including 3.0.8.4, allows remote attackers to (1) overwrite and corrupt arbitrary files via arguments to the SaveToFile method, and possibly (2) access arbitrary files via the LoadDataFromFile method."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1019133",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1019133"
},
{
"name": "http://blogs.zdnet.com/security/?p=768",
"refsource": "MISC",
"url": "http://blogs.zdnet.com/security/?p=768"
},
{
"name": "HPSBGN2301",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/485451/100/0/threaded"
},
{
"name": "28177",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28177"
},
{
"name": "http://computerworld.com/action/article.do?command=viewArticleBasic\u0026articleId=9053818",
"refsource": "MISC",
"url": "http://computerworld.com/action/article.do?command=viewArticleBasic\u0026articleId=9053818"
},
{
"name": "4757",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/4757"
},
{
"name": "hpsoftware-rulesengine-file-overwrite(39153)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39153"
},
{
"name": "ADV-2007-4271",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/4271"
},
{
"name": "26950",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26950"
},
{
"name": "http://www.anspi.pl/~porkythepig/hp-issue/wyfukanyszynszyl.txt",
"refsource": "MISC",
"url": "http://www.anspi.pl/~porkythepig/hp-issue/wyfukanyszynszyl.txt"
},
{
"name": "SSRT071508",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/485451/100/0/threaded"
},
{
"name": "HPSBGN02301",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/485734/100/0/threaded"
},
{
"name": "http://it.slashdot.org/it/07/12/20/2327242.shtml",
"refsource": "MISC",
"url": "http://it.slashdot.org/it/07/12/20/2327242.shtml"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-6506",
"datePublished": "2007-12-20T23:00:00.000Z",
"dateReserved": "2007-12-20T00:00:00.000Z",
"dateUpdated": "2024-08-07T16:11:06.001Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-5442 (GCVE-0-2015-5442)
Vulnerability from cvelistv5 – Published: 2015-09-29 18:00 – Updated: 2024-08-06 06:50
VLAI
Summary
Unspecified vulnerability in HP Software Update before 5.005.002.002 allows local users to gain privileges via unknown vectors.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.securitytracker.com/id/1033616 | vdb-entryx_refsource_SECTRACK |
| http://h20564.www2.hpe.com/hpsc/doc/public/displa… | x_refsource_CONFIRM |
Date Public
2015-09-18 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:50:02.258Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1033616",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1033616"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04801217"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-09-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in HP Software Update before 5.005.002.002 allows local users to gain privileges via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-06T18:57:01.000Z",
"orgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
"shortName": "hp"
},
"references": [
{
"name": "1033616",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1033616"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04801217"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "hp-security-alert@hp.com",
"ID": "CVE-2015-5442",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in HP Software Update before 5.005.002.002 allows local users to gain privileges via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1033616",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033616"
},
{
"name": "http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04801217",
"refsource": "CONFIRM",
"url": "http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04801217"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
"assignerShortName": "hp",
"cveId": "CVE-2015-5442",
"datePublished": "2015-09-29T18:00:00.000Z",
"dateReserved": "2015-07-07T00:00:00.000Z",
"dateUpdated": "2024-08-06T06:50:02.258Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-2390 (GCVE-0-2008-2390)
Vulnerability from cvelistv5 – Published: 2008-05-21 10:00 – Updated: 2024-08-07 08:58
VLAI
Summary
Hpufunction.dll 4.0.0.1 in HP Software Update exposes the unsafe (1) ExecuteAsync and (2) Execute methods, which allows remote attackers to execute arbitrary code via an absolute pathname in the first argument.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| https://www.exploit-db.com/exploits/5511 | exploitx_refsource_EXPLOIT-DB |
Date Public
2008-04-27 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:58:02.261Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "hp-softwareupdate-hpufunction-code-execution(42249)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42249"
},
{
"name": "5511",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/5511"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-04-27T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Hpufunction.dll 4.0.0.1 in HP Software Update exposes the unsafe (1) ExecuteAsync and (2) Execute methods, which allows remote attackers to execute arbitrary code via an absolute pathname in the first argument."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "hp-softwareupdate-hpufunction-code-execution(42249)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42249"
},
{
"name": "5511",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/5511"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-2390",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Hpufunction.dll 4.0.0.1 in HP Software Update exposes the unsafe (1) ExecuteAsync and (2) Execute methods, which allows remote attackers to execute arbitrary code via an absolute pathname in the first argument."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "hp-softwareupdate-hpufunction-code-execution(42249)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42249"
},
{
"name": "5511",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5511"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-2390",
"datePublished": "2008-05-21T10:00:00.000Z",
"dateReserved": "2008-05-21T00:00:00.000Z",
"dateUpdated": "2024-08-07T08:58:02.261Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-0712 (GCVE-0-2008-0712)
Vulnerability from cvelistv5 – Published: 2008-04-25 17:00 – Updated: 2024-08-07 07:54
VLAI
Summary
Unspecified vulnerability in the HP HPeDiag (aka eSupportDiagnostics) ActiveX control in hpediag.dll in HP Software Update 4.000.009.002 and earlier allows remote attackers to execute arbitrary code or obtain sensitive information via unspecified vectors. NOTE: this might overlap CVE-2007-6513.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://marc.info/?l=bugtraq&m=120907060320901&w=2 | vendor-advisoryx_refsource_HP |
| http://www.securityfocus.com/bid/28929 | vdb-entryx_refsource_BID |
| http://www.vupen.com/english/advisories/2008/1356… | vdb-entryx_refsource_VUPEN |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://secunia.com/advisories/29966 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securitytracker.com/id?1019922 | vdb-entryx_refsource_SECTRACK |
Date Public
2008-04-24 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:54:23.005Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "HPSBGN02333",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=120907060320901\u0026w=2"
},
{
"name": "28929",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28929"
},
{
"name": "ADV-2008-1356",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1356/references"
},
{
"name": "SSRT080031",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=120907060320901\u0026w=2"
},
{
"name": "hpsoftware-hpediag-code-execution(42003)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42003"
},
{
"name": "29966",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29966"
},
{
"name": "1019922",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1019922"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-04-24T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the HP HPeDiag (aka eSupportDiagnostics) ActiveX control in hpediag.dll in HP Software Update 4.000.009.002 and earlier allows remote attackers to execute arbitrary code or obtain sensitive information via unspecified vectors. NOTE: this might overlap CVE-2007-6513."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "HPSBGN02333",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=120907060320901\u0026w=2"
},
{
"name": "28929",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28929"
},
{
"name": "ADV-2008-1356",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1356/references"
},
{
"name": "SSRT080031",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=120907060320901\u0026w=2"
},
{
"name": "hpsoftware-hpediag-code-execution(42003)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42003"
},
{
"name": "29966",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29966"
},
{
"name": "1019922",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1019922"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0712",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the HP HPeDiag (aka eSupportDiagnostics) ActiveX control in hpediag.dll in HP Software Update 4.000.009.002 and earlier allows remote attackers to execute arbitrary code or obtain sensitive information via unspecified vectors. NOTE: this might overlap CVE-2007-6513."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "HPSBGN02333",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=120907060320901\u0026w=2"
},
{
"name": "28929",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28929"
},
{
"name": "ADV-2008-1356",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1356/references"
},
{
"name": "SSRT080031",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=120907060320901\u0026w=2"
},
{
"name": "hpsoftware-hpediag-code-execution(42003)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42003"
},
{
"name": "29966",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29966"
},
{
"name": "1019922",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1019922"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-0712",
"datePublished": "2008-04-25T17:00:00.000Z",
"dateReserved": "2008-02-11T00:00:00.000Z",
"dateUpdated": "2024-08-07T07:54:23.005Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-6506 (GCVE-0-2007-6506)
Vulnerability from cvelistv5 – Published: 2007-12-20 23:00 – Updated: 2024-08-07 16:11
VLAI
Summary
The HPRulesEngine.ContentCollection.1 ActiveX Control in RulesEngine.dll for HP Software Update 4.000.005.007 and earlier, including 3.0.8.4, allows remote attackers to (1) overwrite and corrupt arbitrary files via arguments to the SaveToFile method, and possibly (2) access arbitrary files via the LoadDataFromFile method.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
12 references
| URL | Tags |
|---|---|
| http://www.securitytracker.com/id?1019133 | vdb-entryx_refsource_SECTRACK |
| http://blogs.zdnet.com/security/?p=768 | x_refsource_MISC |
| http://www.securityfocus.com/archive/1/485451/100… | vendor-advisoryx_refsource_HP |
| http://secunia.com/advisories/28177 | third-party-advisoryx_refsource_SECUNIA |
| http://computerworld.com/action/article.do?comman… | x_refsource_MISC |
| https://www.exploit-db.com/exploits/4757 | exploitx_refsource_EXPLOIT-DB |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.vupen.com/english/advisories/2007/4271 | vdb-entryx_refsource_VUPEN |
| http://www.securityfocus.com/bid/26950 | vdb-entryx_refsource_BID |
| http://www.anspi.pl/~porkythepig/hp-issue/wyfukan… | x_refsource_MISC |
| http://www.securityfocus.com/archive/1/485734/100… | vendor-advisoryx_refsource_HP |
| http://it.slashdot.org/it/07/12/20/2327242.shtml | x_refsource_MISC |
Date Public
2007-12-20 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:11:06.001Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1019133",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1019133"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://blogs.zdnet.com/security/?p=768"
},
{
"name": "HPSBGN2301",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/485451/100/0/threaded"
},
{
"name": "28177",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28177"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://computerworld.com/action/article.do?command=viewArticleBasic\u0026articleId=9053818"
},
{
"name": "4757",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/4757"
},
{
"name": "hpsoftware-rulesengine-file-overwrite(39153)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39153"
},
{
"name": "ADV-2007-4271",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/4271"
},
{
"name": "26950",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/26950"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.anspi.pl/~porkythepig/hp-issue/wyfukanyszynszyl.txt"
},
{
"name": "SSRT071508",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/485451/100/0/threaded"
},
{
"name": "HPSBGN02301",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/485734/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://it.slashdot.org/it/07/12/20/2327242.shtml"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-12-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The HPRulesEngine.ContentCollection.1 ActiveX Control in RulesEngine.dll for HP Software Update 4.000.005.007 and earlier, including 3.0.8.4, allows remote attackers to (1) overwrite and corrupt arbitrary files via arguments to the SaveToFile method, and possibly (2) access arbitrary files via the LoadDataFromFile method."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1019133",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1019133"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://blogs.zdnet.com/security/?p=768"
},
{
"name": "HPSBGN2301",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://www.securityfocus.com/archive/1/485451/100/0/threaded"
},
{
"name": "28177",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28177"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://computerworld.com/action/article.do?command=viewArticleBasic\u0026articleId=9053818"
},
{
"name": "4757",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/4757"
},
{
"name": "hpsoftware-rulesengine-file-overwrite(39153)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39153"
},
{
"name": "ADV-2007-4271",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/4271"
},
{
"name": "26950",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/26950"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.anspi.pl/~porkythepig/hp-issue/wyfukanyszynszyl.txt"
},
{
"name": "SSRT071508",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://www.securityfocus.com/archive/1/485451/100/0/threaded"
},
{
"name": "HPSBGN02301",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://www.securityfocus.com/archive/1/485734/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://it.slashdot.org/it/07/12/20/2327242.shtml"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-6506",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The HPRulesEngine.ContentCollection.1 ActiveX Control in RulesEngine.dll for HP Software Update 4.000.005.007 and earlier, including 3.0.8.4, allows remote attackers to (1) overwrite and corrupt arbitrary files via arguments to the SaveToFile method, and possibly (2) access arbitrary files via the LoadDataFromFile method."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1019133",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1019133"
},
{
"name": "http://blogs.zdnet.com/security/?p=768",
"refsource": "MISC",
"url": "http://blogs.zdnet.com/security/?p=768"
},
{
"name": "HPSBGN2301",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/485451/100/0/threaded"
},
{
"name": "28177",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28177"
},
{
"name": "http://computerworld.com/action/article.do?command=viewArticleBasic\u0026articleId=9053818",
"refsource": "MISC",
"url": "http://computerworld.com/action/article.do?command=viewArticleBasic\u0026articleId=9053818"
},
{
"name": "4757",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/4757"
},
{
"name": "hpsoftware-rulesengine-file-overwrite(39153)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39153"
},
{
"name": "ADV-2007-4271",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/4271"
},
{
"name": "26950",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26950"
},
{
"name": "http://www.anspi.pl/~porkythepig/hp-issue/wyfukanyszynszyl.txt",
"refsource": "MISC",
"url": "http://www.anspi.pl/~porkythepig/hp-issue/wyfukanyszynszyl.txt"
},
{
"name": "SSRT071508",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/485451/100/0/threaded"
},
{
"name": "HPSBGN02301",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/485734/100/0/threaded"
},
{
"name": "http://it.slashdot.org/it/07/12/20/2327242.shtml",
"refsource": "MISC",
"url": "http://it.slashdot.org/it/07/12/20/2327242.shtml"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-6506",
"datePublished": "2007-12-20T23:00:00.000Z",
"dateReserved": "2007-12-20T00:00:00.000Z",
"dateUpdated": "2024-08-07T16:11:06.001Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}