HP eSupportDiagnostics 1.0.11 'hpediag.dll' ActiveX Control Multiple Information Disclosure Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/26967/info The HP eSupportDiagnostics ActiveX control is prone to multiple information-disclosure vulnerabilities. An attacker can exploit these issues by enticing an unsuspecting victim to visit a malicious HTML page...

HP eSupportDiagnostics ActiveX unauthorized access

Unsafe ReadTextFile / ReadValue methods allow file system / registry access...

CVE-2008-0712

Unspecified vulnerability in the HP HPeDiag aka eSupportDiagnostics ActiveX control in hpediag.dll in HP Software Update 4.000.009.002 and earlier allows remote attackers to execute arbitrary code or obtain sensitive information via unspecified vectors. NOTE: this might overlap CVE-2007-6513...

CVE-2007-6513

HP eSupportDiagnostics ActiveX control hpediag.dll 1.0.11.0 exports dangerous methods, which allows remote attackers to 1 read arbitrary files via the ReadTextFile method, or 2 read arbitrary registry values via the ReadValue method...

CVE-2007-6513

HP eSupportDiagnostics ActiveX control hpediag.dll 1.0.11.0 exports dangerous methods, which allows remote attackers to 1 read arbitrary files via the ReadTextFile method, or 2 read arbitrary registry values via the ReadValue method...

CVE-2007-6513

HP eSupportDiagnostics ActiveX control (hpediag.dll) version 1.0.11.0 contains exported methods ReadTextFile and ReadValue that allow a remote attacker to read arbitrary files and read arbitrary registry values. This constitutes an information disclosure vulnerability in the HP eSupportDiagnostic...

HP eSupportDiagnostics 1.0.11 - hpediag.dll ActiveX Control Multiple Information Disclosure Vulnerabilities

HP eSupportDiagnostics 1.0.11 - hpediag.dll ActiveX Control Multiple Information Disclosure Vulnerabilities source: https://www.securityfocus.com/bid/26967/info The HP eSupportDiagnostics ActiveX control is prone to multiple information-disclosure vulnerabilities. An attacker can exploit these...

hpreg-read.txt

The HP eSupportDiagnostics hpediag.dll exposes some methods that allow the reading of arbitrary files and registry values. hpediag.dll, version 1.0.11.0 PoC as follows: --------------------- function Check var out = fileUtil.ReadTextFilesomePath; var out = regUtil.ReadValuesomePath;...

[Full-disclosure] HP eSupportDiagnostics hpediags.dll Information Disclosure

The HP eSupportDiagnostics hpediag.dll exposes some methods that allow the reading of arbitrary files and registry values. hpediag.dll, version 1.0.11.0 PoC as follows: --------------------- html head script language="JavaScript" DEFER function Check var out = fileUtil.ReadTextFilesomePath; var o...

HP eSupportDiagnostics 1.0.11 - 'hpediag.dll' ActiveX Control Multiple Information Disclosure Vulnerabilities

source: https://www.securityfocus.com/bid/26967/info The HP eSupportDiagnostics ActiveX control is prone to multiple information-disclosure vulnerabilities. An attacker can exploit these issues by enticing an unsuspecting victim to visit a malicious HTML page. Successfully exploiting these issues...