CVSS: 9.1EPSS: 0%CPEs: 4EXPL: 0CVE-2008-2299
https://notcve.org/view.php?id=CVE-2008-2299
18 May 2008 — Unspecified vulnerability in SecureICA and ICA Basic encryption of Citrix Presentation Server 4.5 and earlier, Access Essentials 2.0 and earlier, and Desktop Server 1.0 can cause clients to use weaker encryption settings than configured by the administrator, which might allow attackers to bypass intended restrictions. Vulnerabilidad no especificada en SecureICA e ICA Basic encryption de Citrix Presentation Server 4.5 y anteriores, Access Essentials 2.0 y anteriores y Desktop Server 1.0 puede provocar que lo... • http://secunia.com/advisories/30271 • CWE-310: Cryptographic Issues •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2008-2143
https://notcve.org/view.php?id=CVE-2008-2143
12 May 2008 — Unspecified versions of Microsoft Outlook Web Access (OWA) use the Cache-Control: no-cache HTTP directive instead of no-store, which might cause web browsers that follow RFC-2616 to cache sensitive information. Versiones sin especificar de Microsoft Outlook Web Access (OWA) utilizan la directiva Cache-Control: no-cache HTTP en vez de no-store, lo que podría provocar que navegadores web que siguen RFC-2616 almacenen en caché información sensible. • http://www.kb.cert.org/vuls/id/829876 •
CVSS: 9.3EPSS: 30%CPEs: 2EXPL: 0CVE-2008-1200
https://notcve.org/view.php?id=CVE-2008-1200
06 Mar 2008 — Unspecified vulnerability in Microsoft Access allows remote user-assisted attackers to execute arbitrary code via a crafted .MDB file, possibly related to Jet Engine (msjet40.dll). NOTE: this is probably a different issue than CVE-2007-6026. Vulnerabilidad sin especificar en Microsoft Access permite a atacantes remotos asistidos por el usuario ejecutar código de su elección a través de un archivo .MDB manipulado, posiblemente relacionado con Jet Engine (msjet40.dll). NOTA: probablemente este sea un problema... • http://pandalabs.pandasecurity.com/archive/New-MS-Access-exploit.aspx •
CVSS: 7.8EPSS: 26%CPEs: 1EXPL: 0CVE-2007-6357
https://notcve.org/view.php?id=CVE-2007-6357
15 Dec 2007 — Stack-based buffer overflow in Microsoft Office Access allows remote, user-assisted attackers to execute arbitrary code via a crafted Microsoft Access Database (.mdb) file. NOTE: due to the lack of details as of 20071210, it is not clear whether this issue is the same as CVE-2007-6026 or CVE-2005-0944. Desbordamiento de búfer basado en pila en Microsoft Office Access permite a atacantes remotos con la intervención del usuario ejecutar código de su elección a través de archivos Microsoft Access Database (.md... • http://osvdb.org/44150 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 62%CPEs: 36EXPL: 0CVE-2007-0671
https://notcve.org/view.php?id=CVE-2007-0671
03 Feb 2007 — Unspecified vulnerability in Microsoft Excel 2000, XP, 2003, and 2004 for Mac, and possibly other Office products, allows remote user-assisted attackers to execute arbitrary code via unknown attack vectors, as demonstrated by Exploit-MSExcel.h in targeted zero-day attacks. Una vulnerabilidad no especificada en Microsoft Excel 2000, XP, 2003 y 2004 para Mac, y posiblemente otros productos de Office, permite a atacantes asistidos por el usuario ejecutar código arbitrario por medio de vectores de ataque descon... • http://osvdb.org/31901 •
CVSS: 9.8EPSS: 72%CPEs: 13EXPL: 3CVE-2006-5559 – Microsoft Internet Explorer - ADODB Execute Denial of Service (PoC)
https://notcve.org/view.php?id=CVE-2006-5559
27 Oct 2006 — The Execute method in the ADODB.Connection 2.7 and 2.8 ActiveX control objects (ADODB.Connection.2.7 and ADODB.Connection.2.8) in the Microsoft Data Access Components (MDAC) 2.5 SP3, 2.7 SP1, 2.8, and 2.8 SP1 does not properly track freed memory when the second argument is a BSTR, which allows remote attackers to cause a denial of service (Internet Explorer crash) and possibly execute arbitrary code via certain strings in the second and third arguments. El objeto de control ActiveX ADODB.Connection 2.7 (ADO... • https://www.exploit-db.com/exploits/2629 • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 36%CPEs: 35EXPL: 0CVE-2006-3877
https://notcve.org/view.php?id=CVE-2006-3877
10 Oct 2006 — Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Office 2002, Office 2003, Office 2004 for Mac, and Office v.X for Mac allows user-assisted attackers to execute arbitrary code via an unspecified "crafted file," a different vulnerability than CVE-2006-3435, CVE-2006-4694, and CVE-2006-3876. Vulnerabilidad no especificada en PowerPoint en Microsoft Office 2000, Office 2002, Office 2003, Office 2004 para Mac, y Office v.X para Mac permite a atacantes con la intervención del usuario ejecutar có... • http://securitytracker.com/id?1017030 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 91%CPEs: 6EXPL: 3CVE-2006-0003 – Microsoft Internet Explorer - 'MDAC' Remote Code Execution (MS06-014)
https://notcve.org/view.php?id=CVE-2006-0003
12 Apr 2006 — Unspecified vulnerability in the RDS.Dataspace ActiveX control, which is contained in ActiveX Data Objects (ADO) and distributed in Microsoft Data Access Components (MDAC) 2.7 and 2.8, allows remote attackers to execute arbitrary code via unknown attack vectors. • https://www.exploit-db.com/exploits/2164 •
CVSS: 7.5EPSS: 79%CPEs: 296EXPL: 2CVE-2005-0356 – TCP TIMESTAMPS - Denial of Service
https://notcve.org/view.php?id=CVE-2005-0356
31 May 2005 — Multiple TCP implementations with Protection Against Wrapped Sequence Numbers (PAWS) with the timestamps option enabled allow remote attackers to cause a denial of service (connection loss) via a spoofed packet with a large timer value, which causes the host to discard later packets because they appear to be too old. • https://www.exploit-db.com/exploits/1008 •
CVSS: 5.3EPSS: 8%CPEs: 2EXPL: 0CVE-2005-1052
https://notcve.org/view.php?id=CVE-2005-1052
12 Apr 2005 — Microsoft Outlook 2003 and Outlook Web Access (OWA) 2003 do not properly display comma separated addresses in the From field in an e-mail message, which could allow remote attackers to spoof e-mail addresses. • http://www.idefense.com/application/poi/display?id=227&type=vulnerabilities •