Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
2 vulnerabilities by timedoctor
CVE-2015-4674 (GCVE-0-2015-4674)
Vulnerability from nvd – Published: 2015-08-07 01:00 – Updated: 2024-08-06 06:18
VLAI
EPSS
VEX
Summary
The autoupdate implementation in TimeDoctor Pro 1.4.72.3 on Windows relies on unsigned installer files that are retrieved without use of SSL, which makes it easier for man-in-the-middle attackers to execute arbitrary code via a crafted file.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/archive/1/535881/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.securityfocus.com/bid/75572 | vdb-entryx_refsource_BID |
| http://seclists.org/fulldisclosure/2015/Jun/105 | mailing-listx_refsource_FULLDISC |
Date Public
2015-06-29 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:18:12.242Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20150629 CVE-2015-4674 - TimeDoctor autoupdate over plain-HTTP",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/535881/100/700/threaded"
},
{
"name": "75572",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/75572"
},
{
"name": "20150629 CVE-2015-4674 - TimeDoctor autoupdate over plain-HTTP",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2015/Jun/105"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-06-29T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The autoupdate implementation in TimeDoctor Pro 1.4.72.3 on Windows relies on unsigned installer files that are retrieved without use of SSL, which makes it easier for man-in-the-middle attackers to execute arbitrary code via a crafted file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20150629 CVE-2015-4674 - TimeDoctor autoupdate over plain-HTTP",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/535881/100/700/threaded"
},
{
"name": "75572",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/75572"
},
{
"name": "20150629 CVE-2015-4674 - TimeDoctor autoupdate over plain-HTTP",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2015/Jun/105"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-4674",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The autoupdate implementation in TimeDoctor Pro 1.4.72.3 on Windows relies on unsigned installer files that are retrieved without use of SSL, which makes it easier for man-in-the-middle attackers to execute arbitrary code via a crafted file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20150629 CVE-2015-4674 - TimeDoctor autoupdate over plain-HTTP",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/535881/100/700/threaded"
},
{
"name": "75572",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/75572"
},
{
"name": "20150629 CVE-2015-4674 - TimeDoctor autoupdate over plain-HTTP",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2015/Jun/105"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-4674",
"datePublished": "2015-08-07T01:00:00.000Z",
"dateReserved": "2015-06-19T00:00:00.000Z",
"dateUpdated": "2024-08-06T06:18:12.242Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-4674 (GCVE-0-2015-4674)
Vulnerability from cvelistv5 – Published: 2015-08-07 01:00 – Updated: 2024-08-06 06:18
VLAI
EPSS
VEX
Summary
The autoupdate implementation in TimeDoctor Pro 1.4.72.3 on Windows relies on unsigned installer files that are retrieved without use of SSL, which makes it easier for man-in-the-middle attackers to execute arbitrary code via a crafted file.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/archive/1/535881/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.securityfocus.com/bid/75572 | vdb-entryx_refsource_BID |
| http://seclists.org/fulldisclosure/2015/Jun/105 | mailing-listx_refsource_FULLDISC |
Date Public
2015-06-29 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:18:12.242Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20150629 CVE-2015-4674 - TimeDoctor autoupdate over plain-HTTP",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/535881/100/700/threaded"
},
{
"name": "75572",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/75572"
},
{
"name": "20150629 CVE-2015-4674 - TimeDoctor autoupdate over plain-HTTP",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2015/Jun/105"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-06-29T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The autoupdate implementation in TimeDoctor Pro 1.4.72.3 on Windows relies on unsigned installer files that are retrieved without use of SSL, which makes it easier for man-in-the-middle attackers to execute arbitrary code via a crafted file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20150629 CVE-2015-4674 - TimeDoctor autoupdate over plain-HTTP",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/535881/100/700/threaded"
},
{
"name": "75572",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/75572"
},
{
"name": "20150629 CVE-2015-4674 - TimeDoctor autoupdate over plain-HTTP",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2015/Jun/105"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-4674",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The autoupdate implementation in TimeDoctor Pro 1.4.72.3 on Windows relies on unsigned installer files that are retrieved without use of SSL, which makes it easier for man-in-the-middle attackers to execute arbitrary code via a crafted file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20150629 CVE-2015-4674 - TimeDoctor autoupdate over plain-HTTP",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/535881/100/700/threaded"
},
{
"name": "75572",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/75572"
},
{
"name": "20150629 CVE-2015-4674 - TimeDoctor autoupdate over plain-HTTP",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2015/Jun/105"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-4674",
"datePublished": "2015-08-07T01:00:00.000Z",
"dateReserved": "2015-06-19T00:00:00.000Z",
"dateUpdated": "2024-08-06T06:18:12.242Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}