CVSS: 6.8EPSS: 17%CPEs: 6EXPL: 2CVE-2008-4729 – Hummingbird 13.0 - ActiveX Remote Buffer Overflow (PoC)
https://notcve.org/view.php?id=CVE-2008-4729
Stack-based buffer overflow in Hummingbird.XWebHostCtrl.1 ActiveX control (hclxweb.dll) in Hummingbird Xweb ActiveX Control 13.0 and earlier allows remote attackers to execute arbitrary code via a long PlainTextPassword property. NOTE: code execution might not be possible in 13.0. Desbordamiento de búfer basado en la pila en el control ActiveX de Hummingbird.XWebHostCtrl.1(hclxweb.dll) en Hummingbird Xweb ActiveX Control v13.0 y anteriores que permite a atacantes remotos ejecutar código de su elección a traves de la propiedad PlanTextPassword. NOTA: La ejecución de código podria no ser posible en la v13.0. • https://www.exploit-db.com/exploits/6761 http://secunia.com/advisories/32319 http://securityreason.com/securityalert/4505 http://www.securityfocus.com/bid/31783 https://exchange.xforce.ibmcloud.com/vulnerabilities/45941 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 2.1EPSS: 0%CPEs: 1EXPL: 0CVE-2004-2258
https://notcve.org/view.php?id=CVE-2004-2258
Xconfig in Hummingbird Exceed before 9.0.0.1, when the Screen Definition is password-protected, allows local users to access certain options by switching to another tab, then switching back to the original tab. • http://secunia.com/advisories/11678 http://support.hummingbird.com/customer/download.asp?r2=/exceed/900/xconfig_9002.zip http://www.osvdb.org/6304 http://www.securityfocus.com/bid/10393 https://exchange.xforce.ibmcloud.com/vulnerabilities/16221 •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 2CVE-1999-1196
https://notcve.org/view.php?id=CVE-1999-1196
Hummingbird Exceed X version 5 allows remote attackers to cause a denial of service via malformed data to port 6000. • http://www.securityfocus.com/archive/1/13451 http://www.securityfocus.com/bid/158 •
CVSS: 7.5EPSS: 3%CPEs: 1EXPL: 0CVE-1999-1280
https://notcve.org/view.php?id=CVE-1999-1280
Hummingbird Exceed 6.0.1.0 inadvertently includes a DLL that was meant for development and testing, which logs user names and passwords in cleartext in the test.log file. • http://www.securityfocus.com/archive/1/11512 https://exchange.xforce.ibmcloud.com/vulnerabilities/1547 •