CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2007-3319
https://notcve.org/view.php?id=CVE-2007-3319
The Avaya 4602SW IP Phone (Model 4602D02A) with 2.2.2 and earlier SIP firmware does not use the cnonce parameter in the Authorization header of SIP requests during MD5 digest authentication, which allows remote attackers to conduct man-in-the-middle attacks and hijack or intercept communications. El Avaya 4602SW IP Phone (Model 4602D02A) con software empotrado (firmware) 2.2.2 y versiones anteriores no utiliza el parámetro cnonce en la cabecera de autorización de las peticiones SIP durante la autenticación resumida MD5, lo que permite a atacantes remotos llevar a cabo ataques de "hombre en medio" (man-in-the-middle) y secuestrar o interceptar comunicaciones. • http://osvdb.org/38115 http://secunia.com/advisories/25747 http://support.avaya.com/elmodocs2/security/ASA-2007-263.htm http://www.securityfocus.com/bid/24539 http://www.sipera.com/index.php?action=resources%2Cthreat_advisory&tid=299& https://exchange.xforce.ibmcloud.com/vulnerabilities/34972 •
CVSS: 7.8EPSS: 2%CPEs: 1EXPL: 0CVE-2007-3317
https://notcve.org/view.php?id=CVE-2007-3317
The Session Initiation Protocol (SIP) User Access Client (UAC) message parsing module in Avaya one-X Desktop Edition 2.1.0.70 and earlier allows remote attackers to cause a denial of service (device crash) via a malformed SIP message. El módulo de análisis sintáctico de mensajes Session Initiation Protocol (SIP) User Access Client (UAC) en el Avaya one-X Desktop Edition 2.1.0.70 y versiones anteriores, permite a atacantes remotos provocar una denegación de servicio (caída del dispositivo) a través de un mensaje SIP mal formado. • http://osvdb.org/38113 http://secunia.com/advisories/25727 http://support.avaya.com/elmodocs2/security/ASA-2007-241.htm http://www.securityfocus.com/bid/24541 http://www.sipera.com/index.php?action=resources%2Cthreat_advisory&tid=296& https://exchange.xforce.ibmcloud.com/vulnerabilities/34952 •
CVSS: 5.0EPSS: 1%CPEs: 1EXPL: 0CVE-2007-3321
https://notcve.org/view.php?id=CVE-2007-3321
The Avaya 4602 SW IP Phone (Model 4602D02A) with 2.2.2 and earlier SIP firmware allows remote attackers to cause a denial of service (device reboot) via a flood of packets to the BOOTP port (68/udp). El Avaya 4602SW IP Phone (Model 4602D02A) con software empotrado (firmware) SIP 2.2.2 y versiones anteriores permite a atacantes remotos provocar una denegación de servicio (reinicio de los dispositivos) a través de una inundación de paquetes al puerto BOOTP (68/udp). • http://osvdb.org/38117 http://secunia.com/advisories/25747 http://support.avaya.com/elmodocs2/security/ASA-2007-263.htm http://www.sipera.com/index.php?action=resources%2Cthreat_advisory&tid=301& https://exchange.xforce.ibmcloud.com/vulnerabilities/34970 •
CVSS: 9.3EPSS: 60%CPEs: 37EXPL: 0CVE-2007-2374
https://notcve.org/view.php?id=CVE-2007-2374
Unspecified vulnerability in Microsoft Windows 2000, XP, and Server 2003 allows user-assisted remote attackers to execute arbitrary code via unspecified vectors. NOTE: this information is based upon a vague pre-advisory with no actionable information. However, the advisory is from a reliable source. Vulnerabilidad no especificada en Microsoft Windows 2000, XP, y Server 2003 permite a atacantes remotos con la complicidad del usuario ejecutar código de su elección mediante vectores no especificados. NOTA: esta información está basada en un preaviso impreciso sin información accionable. • http://osvdb.org/35637 http://research.eeye.com/html/advisories/upcoming/20070327.html http://www.securityfocus.com/bid/23332 https://exchange.xforce.ibmcloud.com/vulnerabilities/34444 •
CVSS: 9.3EPSS: 5%CPEs: 43EXPL: 11CVE-2007-1765 – Microsoft Windows Explorer - '.ANI' File Denial of Service
https://notcve.org/view.php?id=CVE-2007-1765
Unspecified vulnerability in Microsoft Windows 2000 SP4 through Vista allows remote attackers to execute arbitrary code or cause a denial of service (persistent reboot) via a malformed ANI file, which results in memory corruption when processing cursors, animated cursors, and icons, a similar issue to CVE-2005-0416, as originally demonstrated using Internet Explorer 6 and 7. NOTE: this issue might be a duplicate of CVE-2007-0038; if so, then use CVE-2007-0038 instead of this identifier. Una vulnerabilidad no especificada en Microsoft Windows 2000 SP4 hasta Windows Vista permite a los atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (reinicio persistente) por medio de un archivo ANI malformado, lo que resulta en una corrupción de memoria durante el procesamiento de cursores, cursores animados e iconos, un problema similar al CVE-2005-0416, como se demostró originalmente usando Internet Explorer versiones 6 y 7. NOTA: este problema podría ser un duplicado del CVE-2007-0038; si es así, utilizar el CVE-2007-0038 en lugar de este identificador. • https://www.exploit-db.com/exploits/3684 https://www.exploit-db.com/exploits/3647 https://www.exploit-db.com/exploits/3695 https://www.exploit-db.com/exploits/3652 https://www.exploit-db.com/exploits/3617 https://www.exploit-db.com/exploits/3636 https://www.exploit-db.com/exploits/3651 https://www.exploit-db.com/exploits/4045 https://www.exploit-db.com/exploits/16698 https://www.exploit-db.com/exploits/3635 https://www.exploit-db.com/exploits/3634 http: •