HP Easy Printer Care - XMLCacheMgr Class ActiveX Control Remote Code Execution (Metasploit)

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 'HP Easy Printer...

HP Easy Printer Care Software ActiveX unauthorized access

Files write access is possible...

ZDI-12-014 : HP Easy Printer Care XMLSimpleAccessor Class ActiveX Control Remote Code Execution Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-014 : HP Easy Printer Care XMLSimpleAccessor Class ActiveX Control Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-014 January 12, 2012 - -- CVE ID: CVE-2011-4787 - -- CVSS: 9, AV:N/AC:L/Au:N/C:P/I:P/A:C -...

SuSE 11.1 Security Update : system-config-printer (SAT Patch Number 5607)

The following issues have been fixed : - system-config-printer used an unauthenticated connection when downloading printer drivers from openprinting.org CVE-2011-4405. This update disables the printer driver download feature. - system-config-printer did not properly quote shell meta characters in...

CVE-2011-4787

A certain ActiveX control in HPTicketMgr.dll in HP Easy Printer Care Software 2.5 and earlier allows remote attackers to download an arbitrary program onto a client machine, and execute this program, via unspecified vectors, a different vulnerability than CVE-2011-2404 and CVE-2011-4786...

DSquare Exploit Pack: D2SEC_HPEASY2

Name| d2sechpeasy2 ---|--- CVE| CVE-2011-4786 Exploit Pack| D2ExploitPack Description| HP Easy Printer Care XMLCacheMgr Class ActiveX Control Code Execution Vulnerability Notes|...

Design/Logic Flaw

A certain ActiveX control in HPTicketMgr.dll in HP Easy Printer Care Software 2.5 and earlier allows remote attackers to download an arbitrary program onto a client machine, and execute this program, via unspecified vectors, a different vulnerability than CVE-2011-2404 and CVE-2011-4786...

CVE-2011-4786

A certain ActiveX control in HPTicketMgr.dll in HP Easy Printer Care Software 2.5 and earlier allows remote attackers to download an arbitrary program onto a client machine, and execute this program, via unspecified vectors, a different vulnerability than CVE-2011-2404 and CVE-2011-4787...

CVE-2011-4786

A certain ActiveX control in HPTicketMgr.dll in HP Easy Printer Care Software 2.5 and earlier allows remote attackers to download an arbitrary program onto a client machine, and execute this program, via unspecified vectors, a different vulnerability than CVE-2011-2404 and CVE-2011-4787...

CVE-2011-4787

A certain ActiveX control in HPTicketMgr.dll in HP Easy Printer Care Software 2.5 and earlier allows remote attackers to download an arbitrary program onto a client machine, and execute this program, via unspecified vectors, a different vulnerability than CVE-2011-2404 and CVE-2011-4786...

CVE-2011-4787

CVE-2011-4787 concerns a vulnerability in HP Easy Printer Care Software prior to or including version 2.5, specifically an ActiveX control in HPTicketMgr.dll. The description states that this control allows remote attackers to download an arbitrary program onto a client machine and execute it via...

CVE-2011-4786

HP Easy Printer Care Software 2.5 and earlier contains an ActiveX control (HPTicketMgr.dll) that permits remote code execution. The vulnerability (CVE-2011-4786) arises from the HPTicketMgr.dll ActiveX control and allows an attacker to download and execute an arbitrary program on a client machine...

HP Easy Printer Care XMLCacheMgr Class ActiveX Control Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Easy Printer Care. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

HP Easy Printer Care XMLSimpleAccessor Class ActiveX Control Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Easy Printer Care. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Cisco IOS Line Printer Daemon (LPD) Stack Overflow

On October 10 2007, Cisco released a security response for a vulnerability in the Line Printer Daemon LPD in IOS. Exploitation of this vulnerability could result in arbitrary code execution. This plugin checks if the appropriate fix for the advisory has been installed. TRUSTED...

Print of one malicious document can expose your whole LAN

Print of one malicious document can expose your whole LAN This year at Chaos Communications Congress 28C3 Ang Cui presents Print Me If You Dare, in which he explained how he reverse-engineered the firmware-update process for HPs hundreds of millions of printers and In Andrei Costin's presentation...

OKI Printer Default Login Credential Scanner

This module scans for OKI printers via SNMP, then tries to connect to found devices with vendor default administrator credentials via HTTP authentication. By default, OKI network printers use the last six digits of the MAC as admin password. This module requires Metasploit:...

SuSE 11.1 Security Update : hplip (SAT Patch Number 5307)

This update provides an update of hplip to version 3.11.10 : - Fixed insecure tmp file handling in hpcupsfax.cpp CVE-2011-2722 see https://bugs.launchpad.net/hplip/+bug/809904. bnc704608 - New tech classes for HP OfficeJet Pro 8100, HP Deskjet 3070 B611 series and HP Photosmart 7510 e-All-in-One....

HP Facing Class Action Suit For Not Disclosing Printer Vulnerability

A class action lawsuit filed in U.S. District Court in California against Hewlett-Packard could have wide ranging implications for software makers, should the court agree with the plaintiff’s claim that the company violated the state’s consumer protection laws by failing to disclose a serious...

RHEL 6 : cups (RHSA-2011:1635)

Updated cups packages that fix one security issue and several bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity ratin...