CVSS: 9.3EPSS: 41%CPEs: 5EXPL: 0CVE-2009-2519
https://notcve.org/view.php?id=CVE-2009-2519
The DHTML Editing Component ActiveX control in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not properly format HTML markup, which allows remote attackers to execute arbitrary code via a crafted web site that triggers "system state" corruption, aka "DHTML Editing Component ActiveX Control Vulnerability." El control ActiveX "DHTML Editing Component" en Microsoft Windows 2000 SP4, XP SP2 y SP3, y Server 2003 SP2 no da formato adecuado a las marcas HTML, permitiendo a atacantes remotos ejecutar código de su elección mediante un sitio web manipulado que provoca una corrupción "system state", también conocido como "DHTML Editing Component ActiveX Control Vulnerability". • http://secunia.com/advisories/36592 http://www.securityfocus.com/bid/36280 http://www.securitytracker.com/id?1022843 http://www.us-cert.gov/cas/techalerts/TA09-251A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-046 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6271 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 83%CPEs: 17EXPL: 0CVE-2009-1926
https://notcve.org/view.php?id=CVE-2009-1926
Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allow remote attackers to cause a denial of service (TCP outage) via a series of TCP sessions that have pending data and a (1) small or (2) zero receive window size, and remain in the FIN-WAIT-1 or FIN-WAIT-2 state indefinitely, aka "TCP/IP Orphaned Connections Vulnerability." Microsoft Windows 2000 SP4, XP SP2 y SP3, Server 2003 SP2, Vista Gold, SP1 y SP2, y Server 2008 Gold y SP2 permiten a los atacantes remotos provocar una denegación de servicio (interrupción de TCP) por medio de una serie de sesiones TCP que tienen datos pendientes y un tamaño de ventana de recepción (1) pequeña o (2) cero y permanecen en el estado FIN-WAIT-1 o FIN-WAIT-2 indefinidamente, también se conoce como "TCP/IP Orphaned Connections Vulnerability". • http://osvdb.org/57797 http://www.recurity-labs.com/content/pub/Microsoft_Windows_CVE-2009-1926 http://www.securityfocus.com/archive/1/506331/100/0/threaded http://www.securityfocus.com/bid/36269 http://www.us-cert.gov/cas/techalerts/TA09-251A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-048 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5965 •
CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0CVE-2009-3087
https://notcve.org/view.php?id=CVE-2009-3087
Unspecified vulnerability in nserver.exe in the server in IBM Lotus Domino 8.0 on Windows Server 2003 allows remote attackers to cause a denial of service (daemon crash) via unknown vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.11. NOTE: as of 20090903, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. Vulnerabilidad no especificada en nserver.exe en el servidor de IBM Lotus Domino v8.0 para Windows Server 2003, permite a atacantes remotos provocar una denegación de servicio (caída del demonio) a través de vectores desconocidos, como se ha demostrado en cierto módulo de VulnDisco Pack Professional 8.11. NOTA: a fecha de 03/09/2009, este aviso no cuenta con más información. • http://intevydis.com/vd-list.shtml http://secunia.com/advisories/36556 •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2009-3098
https://notcve.org/view.php?id=CVE-2009-3098
Unspecified vulnerability in the Portal in HP Operations Dashboard 2.1 on Windows Server 2003 SP2 allows remote attackers to have an unknown impact, related to a "Remote exploit," as demonstrated by a certain module in VulnDisco Pack Professional 8.11. NOTE: as of 20090903, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. Vulnerabilidad no especificada en el portal en HP Operations Dashboard v2.1 para Windows Server 2003 SP2 permite a atacantes remotos provocar un impacto desconocido, relacionado con un exploit remoto, como se ha demostrado por cierto módulo en VulnDisco Pack Professional v8.11. NOTA: hasta el 3-3-2009, esta divulgación no tenía información para su puesta en práctica. • http://intevydis.com/vd-list.shtml http://secunia.com/advisories/36535 •
CVSS: 10.0EPSS: 1%CPEs: 2EXPL: 1CVE-2009-3099 – HP Operations Manager - Default Manager 8.1 Account Remote Security
https://notcve.org/view.php?id=CVE-2009-3099
Unspecified vulnerability in HP OpenView Operations Manager 8.1 on Windows Server 2003 SP2 allows remote attackers to have an unknown impact, related to a "Remote exploit," as demonstrated by a certain module in VulnDisco Pack Professional 8.11, a different vulnerability than CVE-2007-3872. NOTE: as of 20090903, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. Vulnerabilidad no especificada en HP OpenView Operations Manager v8.1 en Windows Server 2003 SP2 permite a atacantes remotos tener un impacto no determinado, relativo a "Remote exploit," como se demostró por un módulo concreto en VulnDisco Pack Professional v8.11, es una vulnerabilidad distinta a CVE-2007-3872. NOTA: como en 20090903, de esto no se tiene información de la acción. • https://www.exploit-db.com/exploits/33210 http://intevydis.com/vd-list.shtml http://secunia.com/advisories/36541 •