Page 13 of 69 results (0.013 seconds)

CVSS: 9.0EPSS: 29%CPEs: 8EXPL: 0

CVE-2008-1456

https://notcve.org/view.php?id=CVE-2008-1456

Array index vulnerability in the Event System in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote authenticated users to execute arbitrary code via a crafted event subscription request that is used to access an array of function pointers. Vulnerabilidad de índice de array en el Sistema de Eventos de Microsoft Windows 2000 SP4, XP SP2 y SP3, Server 2003 SP1 y SP2, Vista Gold y SP1 y Server 2008 permite a usuarios autentificados remotamente ejecutar código de su elección mediante una petición de subscripción a un evento manipulada que se utiliza para acceder a un array de punteros de una función. • http://marc.info/?l=bugtraq&m=121915960406986&w=2 http://secunia.com/advisories/31417 http://www.securityfocus.com/bid/30586 http://www.securitytracker.com/id?1020677 http://www.us-cert.gov/cas/techalerts/TA08-225A.html http://www.vupen.com/english/advisories/2008/2353 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-049 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5630 • CWE-20: Improper Input Validation •

CVSS: 9.0EPSS: 29%CPEs: 8EXPL: 0

CVE-2008-1457

https://notcve.org/view.php?id=CVE-2008-1457

The Event System in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate per-user subscriptions, which allows remote authenticated users to execute arbitrary code via a crafted event subscription request. El Sistema de Eventos en Microsoft Windows 2000 SP4, XP SP2 y SP3, Server 2003 SP1 y SP2, Vista Gold y SP1 y Server 2008 no valida correctamente las subscripciones por usuario, lo que permite a usuarios autentificados remotamente ejecutar código de su elección mediante una petición de subscripción a un evento manipulada. • http://marc.info/?l=bugtraq&m=121915960406986&w=2 http://secunia.com/advisories/31417 http://www.securityfocus.com/bid/30584 http://www.securitytracker.com/id?1020677 http://www.us-cert.gov/cas/techalerts/TA08-225A.html http://www.vupen.com/english/advisories/2008/2353 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-049 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6095 • CWE-20: Improper Input Validation •

CVSS: 9.3EPSS: 65%CPEs: 15EXPL: 0

CVE-2008-3006 – Microsoft Excel COUNTRY Record Memory Corruption Vulnerability

https://notcve.org/view.php?id=CVE-2008-3006

Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP2 and SP3, and 2007 Gold and SP1; Office Excel Viewer 2003 Gold and SP3; Office Excel Viewer; Office Compatibility Pack 2007 Gold and SP1; Office SharePoint Server 2007 Gold and SP1; and Office 2004 and 2008 for Mac do not properly parse Country record values when loading Excel files, which allows remote attackers to execute arbitrary code via a crafted Excel file, aka the "Excel Record Parsing Vulnerability." Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP2 y SP3, y 2007 Gold y SP1; Office Excel Viewer 2003 Gold y SP3; Office Excel Viewer; Paquete de compatibilidad de Office 2007 Gold y SP1; Office SharePoint Server 2007 Gold y SP1; y Office 2004 y 2008 para Mac no analizan apropiadamente los valores de registro Country al cargar archivos de Excel, lo que permite a los atacantes remotos ejecutar código arbitrario por medio de un archivo de Excel creado, también se conoce como "Excel Record Parsing Vulnerability." This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office Excel. Exploitation requires that the attacker coerce the target into opening a malicious .XLS file. The specific flaw exists within the parsing of the BIFF file format used by Microsoft Excel. During the processing of a malformed Country (0x8c) record, user-supplied data may be used in a memory copy operation resulting in memory corruption. • http://marc.info/?l=bugtraq&m=121915960406986&w=2 http://secunia.com/advisories/31454 http://secunia.com/advisories/31455 http://www.securityfocus.com/archive/1/495428/100/0/threaded http://www.securityfocus.com/bid/30640 http://www.securitytracker.com/id?1020672 http://www.us-cert.gov/cas/techalerts/TA08-225A.html http://www.vupen.com/english/advisories/2008/2347 http://www.zerodayinitiative.com/advisories/ZDI-08-048 https://docs.microsoft.com/en-us/security-updates • CWE-399: Resource Management Errors •

CVSS: 6.8EPSS: 1%CPEs: 10EXPL: 2

CVE-2008-3365 – PixelPost 1.7.1 - 'language_full' Local File Inclusion

https://notcve.org/view.php?id=CVE-2008-3365

Directory traversal vulnerability in index.php in Pixelpost 1.7.1 on Windows, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language_full parameter. Vulnerabilidad de salto de directorio en index.php en Pixelpost 1.7.1 sobre Windows, cuando "register_globals" está activado, permite a atacantes remotos incluir y ejecutar archivos locales a través de .. (punto punto) en el parámetro "languaje_full". • https://www.exploit-db.com/exploits/6150 http://secunia.com/advisories/31239 http://securityreason.com/securityalert/4062 http://www.pixelpost.org/blog/2008/07/27/pixelpost-171-security-patch http://www.securityfocus.com/archive/1/494817/100/0/threaded http://www.securityfocus.com/bid/30397 http://www.vupen.com/english/advisories/2008/2207/references https://exchange.xforce.ibmcloud.com/vulnerabilities/44031 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 9.3EPSS: 89%CPEs: 20EXPL: 0

CVE-2008-0011

https://notcve.org/view.php?id=CVE-2008-0011

Microsoft DirectX 8.1 through 9.0c, and DirectX on Microsoft XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008, does not properly perform MJPEG error checking, which allows remote attackers to execute arbitrary code via a crafted MJPEG stream in a (1) AVI or (2) ASF file, aka the "MJPEG Decoder Vulnerability." Microsoft DirectX 8.1 a 9.0c, y DirectX en Microsoft XP SP2 y SP3, Server 2003 SP1 y SP2, Vista Gold y SP1, y Server 2008 no realiza adecuadamente la comprobación de errores MJPEG lo cual podría permitir a usuarios remotos ejecutar código de su elección a través de una cadena de datos MJPEG manipulada en un archivo (1) AVI o (2) ASF, también conocida como la "Vulnerabilidad del decodificador MJPEG" • http://marc.info/?l=bugtraq&m=121380194923597&w=2 http://secunia.com/advisories/30579 http://securitytracker.com/id?1020222 http://www.securityfocus.com/bid/29581 http://www.us-cert.gov/cas/techalerts/TA08-162B.html http://www.vupen.com/english/advisories/2008/1780 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-033 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5236 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •