CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 2CVE-2008-1800 – DivXDB 2002 0.94b - Multiple Cross-Site Scripting Vulnerabilities
https://notcve.org/view.php?id=CVE-2008-1800
Multiple cross-site scripting (XSS) vulnerabilities in index.php in DivXDB 2002 0.94b allow remote attackers to inject arbitrary web script or HTML via the (1) choice, (2) _page_, (3) zone_admin, (4) general_search, and (5) import parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en index.php de DivXDB 2002 0.94b permite a atacantes remotos inyectar web script o HTML de su elección a través de los parámetros (1) choice, (2) _page_, (3) zone_admin, (4) general_search, y (5) import. NOTA: la procedencia de esta información es desconocida; los detalles han sido obtenidos sólamente a partir de la información de terceros. • https://www.exploit-db.com/exploits/31590 http://www.securityfocus.com/bid/28566 https://exchange.xforce.ibmcloud.com/vulnerabilities/41634 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.0EPSS: 3%CPEs: 2EXPL: 2CVE-2008-0090 – DivX Player 6.6.0 - ActiveX 'SetPassword()' Denial of Service (PoC)
https://notcve.org/view.php?id=CVE-2008-0090
A certain ActiveX control in npUpload.dll in DivX Player 6.6.0 allows remote attackers to cause a denial of service (Internet Explorer 7 crash) via a long argument to the SetPassword method. Un determinado control ActiveX de npUpload.dll de DivX Player 6.6.0 permite a atacantes remotos provocar una denegación de servicio (Caída de Internet Explorer 7) mediante un argumento largo en el método SetPassword. • https://www.exploit-db.com/exploits/4829 http://www.securityfocus.com/bid/27106 https://exchange.xforce.ibmcloud.com/vulnerabilities/39386 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 9%CPEs: 2EXPL: 1CVE-2007-2601
https://notcve.org/view.php?id=CVE-2007-2601
Buffer overflow in a certain ActiveX control in the GDivX Zenith Player AviFixer class in fix.dll 1.0.0.1 allows remote attackers to execute arbitrary code via a long SetInputFile property value. Desbordamiento de búfer en un control ActiveX concreto en la clase GDivX Zenith Player AviFixer en fix.dll 1.0.0.1 permite a atacantes remotos ejecutar código de su elección mediante un valor de propiedad SetInputFile largo. • http://moaxb.blogspot.com/2007/05/moaxb-11-bonus-gdivx-zenith-player.html. http://osvdb.org/36021 http://www.securityfocus.com/bid/23907 https://exchange.xforce.ibmcloud.com/vulnerabilities/34246 https://www.exploit-db.com/exploits/3889 •
CVSS: 7.8EPSS: 3%CPEs: 1EXPL: 2CVE-2007-1294 – DivX Web Player 1.3.0 - 'npdivx32.dll' Remote Denial of Service
https://notcve.org/view.php?id=CVE-2007-1294
A certain ActiveX control in the DivXBrowserPlugin (npdivx32.dll) in DivX Web Player, as distributed with DivX Player 1.3.0, allows remote attackers to cause a denial of service (Internet Explorer 7 crash) via large values to DivxWP.Resize, related to resizing images. Cierto control ActiveX en DivXBrowserPlugin (npdivx32.dll) de DivX Web Player, como el distribuido con DivX Player 1.3.0, permite a atacantes remotos provocar una denegación de servicio (caída de Internet Explorer 7) pasando valores grandes a DivxWP.Resize, relacionado con la redimensión de imágenes. • https://www.exploit-db.com/exploits/3392 http://osvdb.org/35377 http://www.securityfocus.com/bid/22776 https://exchange.xforce.ibmcloud.com/vulnerabilities/32759 •
CVSS: 5.0EPSS: 5%CPEs: 1EXPL: 1CVE-2007-0429 – DivX Player 6.4.1 - DivXBrowserPlugin 'npdivx32.dll' IE Denial of Service
https://notcve.org/view.php?id=CVE-2007-0429
DivXBrowserPlugin (aka DivX Web Player) npdivx32.dll, as distributed with DivX Player 6.4.1, allows remote attackers to cause a denial of service (Internet Explorer 7 crash) by invoking the GoWindowed method for a certain instance of the ActiveX object. DivXBrowerPlugin (también conocido como DivX Web Player) npdivx32.dll, como se distribuye con DivX Player 6.4.1, permite a atacantes remotos provocar una denegación de servicio (cierre de Internet Explorer 7) invocando el método GoWindowed para una determinada instancia del objeto ActiveX. • https://www.exploit-db.com/exploits/3157 http://osvdb.org/37693 http://www.securityfocus.com/bid/22133 https://exchange.xforce.ibmcloud.com/vulnerabilities/31601 •