CVE-2007-1770 – ESRI ArcSDE 9.0 < 9.2sp1 - Remote Buffer Overflow
https://notcve.org/view.php?id=CVE-2007-1770
Buffer overflow in the ArcSDE service (giomgr) in Environmental Systems Research Institute (ESRI) ArcGIS before 9.2 Service Pack 2, when using three tiered ArcSDE configurations, allows remote attackers to cause a denial of service (giomgr crash) and execute arbitrary code via long parameters in crafted requests. Un desbordamiento de búfer en el servicio ArcSDE (giomgr) en Environmental Systems Research Institute (ESRI) ArcGIS versiones anteriores a 9.2 Service Pack 2, cuando se usan tres configuraciones de ArcSDE por niveles, permite a atacantes remotos causar una denegación de servicio (bloqueo de giomgr) y ejecutar código arbitrario por medio de parámetros largos en peticiones especialmente diseñadas. • https://www.exploit-db.com/exploits/4146 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=507 http://secunia.com/advisories/24639 http://support.esri.com/index.cfm?fa=downloads.patchesServicePacks.viewPatch&PID=19&MetaID=1260 http://support.esri.com/index.cfm?fa=downloads.patchesServicePacks.viewPatch&PID=19&MetaID=1261 http://support.esri.com/index.cfm?fa=downloads.patchesServicePacks.viewPatch&PID=19&MetaID=1262 http://www.securityfocus.com/bid/23175 http://www.securitytracker.com/id& •
CVE-2005-1394 – Solaris 10.x - ESRI Arcgis Format String Privilege Escalation
https://notcve.org/view.php?id=CVE-2005-1394
Format string vulnerability in ArcGIS for ESRI ArcInfo Workstation 9.0 allows local users to gain privileges via format string specifiers in the ARCHOME environment variable to (1) wservice or (2) lockmgr. • https://www.exploit-db.com/exploits/972 http://marc.info/?l=full-disclosure&m=111489411524630&w=2 http://secunia.com/advisories/15196 http://securitytracker.com/id?1013852 http://support.esri.com/index.cfm?fa=downloads.patchesServicePacks.viewPatch&PID=14&MetaID=1015 http://www.digitalmunition.com/DMA%5B2005-0425a%5D.txt •