CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2013-5222
https://notcve.org/view.php?id=CVE-2013-5222
30 Dec 2013 — Multiple cross-site scripting (XSS) vulnerabilities in ESRI ArcGIS for Server 10.1 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. Multiple cross-site scripting (XSS) en ESRI ArcGIS Server 10.1 permiten a usuarios remotos autenticados inyectar secuencias de comandos web o HTML a través de vectores no especificados. • http://support.esri.com/en/knowledgebase/techarticles/detail/41494 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0CVE-2013-7231
https://notcve.org/view.php?id=CVE-2013-7231
30 Dec 2013 — Cross-site scripting (XSS) vulnerability in the Mobile Content Server in ESRI ArcGIS for Server 10.1 and 10.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2013-5222. Cross-site scripting (XSS) en el servidor de contenido móvil de ESRI ArcGIS Server 10.1 y 10.2 permite a los usuarios remotos autenticados inyectar secuencias de comandos web o HTML a través de vectores no especificados, una vulnerabilidad diferente a CVE-20... • http://support.esri.com/en/downloads/patches-servicepacks/view/productid/66/metaid/2009 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2013-7232
https://notcve.org/view.php?id=CVE-2013-7232
30 Dec 2013 — SQL injection vulnerability in ESRI ArcGIS for Server through 10.2 allows remote attackers to execute arbitrary SQL commands via unspecified input to the map or feature service. Vulnerabilidad de inyección SQL en ESRI ArcGIS Server a hasta 10.2, permite a atacantes remotos ejecutar comandos SQL a través de la entrada no especificada en el mapa o en servicio características • http://support.esri.com/en/downloads/patches-servicepacks/view/productid/66/metaid/2009 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2013-5221
https://notcve.org/view.php?id=CVE-2013-5221
24 Sep 2013 — The mobile-upload feature in Esri ArcGIS for Server 10.1 through 10.2 allows remote authenticated users to upload .exe files by leveraging (1) publisher or (2) administrator privileges. La funcionalidad "mobile-upload" en Esri ArcGIS para Server v10.1 hasta v10.2 permite a los usuarios autenticados remotamente subir ficheros .exe aprovechando privilegios de editor o administrador. • http://support.esri.com/en/downloads/patches-servicepacks/view/productid/66/metaid/2009 • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2012-4949 – ESRI ArcGIS for Server - 'where' SQL Injection
https://notcve.org/view.php?id=CVE-2012-4949
14 Nov 2012 — SQL injection vulnerability in ESRI ArcGIS 10.1 allows remote authenticated users to execute arbitrary SQL commands via the where parameter to a query URI for a REST service. Una vulnerabilidad de inyección SQL en ArcGIS v10.1 permite a usuarios remotos autenticados ejecutar comandos SQL de su elección a través del parámetro 'where' a una URI de consulta de un servicio REST. • https://www.exploit-db.com/exploits/38016 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.3EPSS: 8%CPEs: 3EXPL: 5CVE-2012-1661 – ESRI ArcGIS 10.0.x / ArcMap 9 - Arbitrary Code Execution
https://notcve.org/view.php?id=CVE-2012-1661
12 Jul 2012 — ESRI ArcMap 9 and ArcGIS 10.0.2.3200 and earlier does not properly prompt users before executing embedded VBA macros, which allows user-assisted remote attackers to execute arbitrary VBA code via a crafted map (.mxd) file. ESRI ArcMap v9 y ArcGIS v10.0.2.3200 y anteriores no pregunta a los usuarios antes de antes de ejecutar macros VBA incrustados, lo que permite a usuarios remotos con la ayuda de usuarios locales ejecutar código de su elección a través de código VBA a través de fichero de mapas (.MXD) modi... • https://www.exploit-db.com/exploits/19138 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 5%CPEs: 1EXPL: 0CVE-2007-4278
https://notcve.org/view.php?id=CVE-2007-4278
15 Aug 2007 — Stack-based buffer overflow in the giomgr process in ESRI ArcSDE service 9.2, as used with ArcGIS, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large number that requires more than 8 bytes to represent in ASCII, which triggers the overflow in an sprintf function call. Un desbordamiento de búfer en la región stack de la memoria en el proceso giomgr en servicio ESRI ArcSDE versión 9.2, tal y como es usado con ArcGIS, permite a atacantes remotos causar ... • http://downloads.esri.com/support/downloads/other_/ArcSDE-92sp3-issues.htm • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 31%CPEs: 1EXPL: 1CVE-2007-1770 – ESRI ArcSDE 9.0 < 9.2sp1 - Remote Buffer Overflow
https://notcve.org/view.php?id=CVE-2007-1770
30 Mar 2007 — Buffer overflow in the ArcSDE service (giomgr) in Environmental Systems Research Institute (ESRI) ArcGIS before 9.2 Service Pack 2, when using three tiered ArcSDE configurations, allows remote attackers to cause a denial of service (giomgr crash) and execute arbitrary code via long parameters in crafted requests. Un desbordamiento de búfer en el servicio ArcSDE (giomgr) en Environmental Systems Research Institute (ESRI) ArcGIS versiones anteriores a 9.2 Service Pack 2, cuando se usan tres configuraciones de... • https://www.exploit-db.com/exploits/4146 •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2005-1394 – Solaris 10.x - ESRI Arcgis Format String Privilege Escalation
https://notcve.org/view.php?id=CVE-2005-1394
02 May 2005 — Format string vulnerability in ArcGIS for ESRI ArcInfo Workstation 9.0 allows local users to gain privileges via format string specifiers in the ARCHOME environment variable to (1) wservice or (2) lockmgr. • https://www.exploit-db.com/exploits/972 •