CVSS: 9.3EPSS: 1%CPEs: 3EXPL: 0CVE-2007-2514
https://notcve.org/view.php?id=CVE-2007-2514
Stack-based buffer overflow in XferWan.exe as used in multiple products including (1) Symantec Discovery 6.5, (2) Numara Asset Manager 8.0, and (3) Centennial UK Ltd Discovery 2006 Feature Pack, allows remote attackers to execute arbitrary code via a long request. NOTE: this might be a reservation duplicate of CVE-2007-1173. Desbordamiento de búfer basado en pila en el XferWan.exe como el utilizado en múltiples productos incluidos (1) Symantec Discovery 6.5, (2) Numara Asset Manager 8.0 y (3) Centennial UK Ltd Discovery 2006 Feature Pack, permite a atacantes remotos ejecutar código de su elección a través de una petición larga. NOTA: esta vulnerabilidad puede ser una réplica de la CVE-2007-1173. • http://dvlabs.tippingpoint.com/advisory/TPTI-07-10 http://osvdb.org/42059 http://securityreason.com/securityalert/2785 http://www.securityfocus.com/archive/1/470563/100/0/threaded http://www.securityfocus.com/bid/24317 http://www.securitytracker.com/id?1018191 https://exchange.xforce.ibmcloud.com/vulnerabilities/34723 •
CVSS: 10.0EPSS: 82%CPEs: 3EXPL: 0CVE-2007-1173
https://notcve.org/view.php?id=CVE-2007-1173
Multiple buffer overflows in the CentennialIPTransferServer service (XFERWAN.EXE), as used by (1) Centennial Discovery 2006 Feature Pack 1, (2) Numara Asset Manager 8.0, and (3) Symantec Discovery 6.5, allow remote attackers to execute arbitrary code via long strings in a crafted TCP packet. Múltiples desbordamientos de búfer en el servicio CentennialIPTransferServer (XFERWAN.EXE), como el usado por (1) Centennial Discovery 2006 Feature Pack 1, (2) Numara Asset Manager 8.0, y (3) Symantec Discovery 6.5, permite a atacantes remotos ejecutar código de su elección mediante cadenas largas a paquetes TCP manipulados artesanalmente. • http://osvdb.org/35076 http://secunia.com/advisories/24090 http://secunia.com/advisories/24281 http://secunia.com/advisories/24329 http://secunia.com/secunia_research/2007-41/advisory http://secunia.com/secunia_research/2007-42/advisory http://secunia.com/secunia_research/2007-43/advisory http://www.securityfocus.com/bid/24002 http://www.securitytracker.com/id?1018072 http://www.vupen.com/english/advisories/2007/1832 http://www.vupen.com/english/advisories/2007/1833 http: •
CVSS: 5.8EPSS: 0%CPEs: 1EXPL: 0CVE-2006-2641
https://notcve.org/view.php?id=CVE-2006-2641
** UNVERIFIABLE ** NOTE: this issue does not contain any verifiable or actionable details. Cross-site scripting (XSS) vulnerability in John Frank Asset Manager (AssetMan) 2.4a and earlier allows remote attackers to inject arbitrary web script or HTML via "any of its input." NOTE: the original disclosure is based on vague researcher claims without vendor acknowledgement; therefore this identifier cannot be linked with any future identifier that identifies more specific vectors. Perhaps this should not be included in CVE. • http://secunia.com/advisories/20285 http://securityreason.com/securityalert/979 http://www.securityfocus.com/archive/1/435139/100/0/threaded http://www.securityfocus.com/bid/18131 http://www.vupen.com/english/advisories/2006/2023 https://exchange.xforce.ibmcloud.com/vulnerabilities/26702 •