CVSS: 6.1EPSS: 5%CPEs: 3EXPL: 0CVE-2005-0049
https://notcve.org/view.php?id=CVE-2005-0049
08 Feb 2005 — Windows SharePoint Services and SharePoint Team Services for Windows Server 2003 does not properly validate an HTTP redirection query, which allows remote attackers to inject arbitrary HTML and web script via a cross-site scripting (XSS) attack, or to spoof the web cache. • http://www.kb.cert.org/vuls/id/340409 •
CVSS: 10.0EPSS: 93%CPEs: 37EXPL: 0CVE-2005-0050
https://notcve.org/view.php?id=CVE-2005-0050
08 Feb 2005 — The License Logging service for Windows NT Server, Windows 2000 Server, and Windows Server 2003 does not properly validate the length of messages, which leads to an "unchecked buffer" and allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, aka the "License Logging Service Vulnerability." • http://www.kb.cert.org/vuls/id/130433 • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 96%CPEs: 37EXPL: 2CVE-2004-1080 – Microsoft Windows - 'WINS' Remote Buffer Overflow (MS04-045)
https://notcve.org/view.php?id=CVE-2004-1080
01 Dec 2004 — The WINS service (wins.exe) on Microsoft Windows NT Server 4.0, Windows 2000 Server, and Windows Server 2003 allows remote attackers to write to arbitrary memory locations and possibly execute arbitrary code via a modified memory pointer in a WINS replication packet to TCP port 42, aka the "Association Context Vulnerability." El servicio WINS (wins.exe) de Microsoft Windows NT Server 4.0, Windows 2000 Server y Windows Server 2003 permite a atacantes remotos escribir localizaciones de memoria arbitrarias y p... • https://www.exploit-db.com/exploits/909 •
CVSS: 7.5EPSS: 28%CPEs: 7EXPL: 0CVE-2004-0892
https://notcve.org/view.php?id=CVE-2004-0892
16 Nov 2004 — Microsoft Proxy Server 2.0 and Microsoft ISA Server 2000 (which is included in Small Business Server 2000 and Small Business Server 2003 Premium Edition) allows remote attackers to spoof trusted Internet content on a specially crafted webpage via spoofed reverse DNS lookup results. • http://www.securityfocus.com/bid/11605 •
CVSS: 10.0EPSS: 92%CPEs: 5EXPL: 1CVE-2004-0574 – Microsoft Windows NNTP Service (XPAT) - Denial of Service (MS04-036)
https://notcve.org/view.php?id=CVE-2004-0574
16 Oct 2004 — The Network News Transfer Protocol (NNTP) component of Microsoft Windows NT Server 4.0, Windows 2000 Server, Windows Server 2003, Exchange 2000 Server, and Exchange Server 2003 allows remote attackers to execute arbitrary code via XPAT patterns, possibly related to improper length validation and an "unchecked buffer," leading to off-by-one and heap-based buffer overflows. El componente de Protocolo de Transferencia de Noticias de Red (NNTP) de Microsoft Windows NT Server 4.0, Windows 2000 Server, Windows Se... • https://www.exploit-db.com/exploits/578 • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 93%CPEs: 4EXPL: 0CVE-2004-0840
https://notcve.org/view.php?id=CVE-2004-0840
16 Oct 2004 — The SMTP (Simple Mail Transfer Protocol) component of Microsoft Windows XP 64-bit Edition, Windows Server 2003, Windows Server 2003 64-bit Edition, and the Exchange Routing Engine component of Exchange Server 2003, allows remote attackers to execute arbitrary code via a malicious DNS response message containing length values that are not properly validated. El componente SMTP (Simple Mail Transfer Protocol) de Microsoft Windows XP 64-bit Edition, Windows Server 2003, Windows Server 2003 64-bit Edition, y el... • http://www.kb.cert.org/vuls/id/394792 • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 96%CPEs: 43EXPL: 6CVE-2004-0200 – Microsoft Windows - JPEG Processing Buffer Overrun (MS04-028)
https://notcve.org/view.php?id=CVE-2004-0200
17 Sep 2004 — Buffer overflow in the JPEG (JPG) parsing engine in the Microsoft Graphic Device Interface Plus (GDI+) component, GDIPlus.dll, allows remote attackers to execute arbitrary code via a JPEG image with a small JPEG COM field length that is normalized to a large integer length before a memory copy operation. Desbordamiento de búfer en el motor de proceso de JPEG (JPG) en GDIPlus.dll, usado en varios productos de Microsoft, permite a atacantes remotos ejecutar código de su elección mediante un campo de longitud ... • https://www.exploit-db.com/exploits/474 •
CVSS: 9.1EPSS: 95%CPEs: 19EXPL: 2CVE-2004-0204 – Business Objects Crystal Reports 9/10 Web Form Viewer - Directory Traversal
https://notcve.org/view.php?id=CVE-2004-0204
11 Jun 2004 — Directory traversal vulnerability in the web viewers for Business Objects Crystal Reports 9 and 10, and Crystal Enterprise 9 or 10, as used in Visual Studio .NET 2003 and Outlook 2003 with Business Contact Manager, Microsoft Business Solutions CRM 1.2, and other products, allows remote attackers to read and delete arbitrary files via ".." sequences in the dynamicimag argument to crystalimagehandler.aspx. Vulnerabilidad de atravesamiento de directorios en los visores web de Business Objects Crystal Reports 9... • https://www.exploit-db.com/exploits/24077 •
CVSS: 7.5EPSS: 7%CPEs: 7EXPL: 0CVE-2003-0904
https://notcve.org/view.php?id=CVE-2003-0904
08 Jan 2004 — Microsoft Exchange 2003 and Outlook Web Access (OWA), when configured to use NTLM authentication, does not properly reuse HTTP connections, which can cause OWA users to view mailboxes of other users when Kerberos has been disabled as an authentication method for IIS 6.0, e.g. when SharePoint Services 2.0 is installed. Microsoft Exchange 2003 y Outlook Web Access (OWA), cuando usan SharePoint Services 2.0, hace que la autenticación Kerberos se desactive para IIS, lo que puede causar que usuarios de OWA vean ... • http://secunia.com/advisories/10615 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •