CVSS: 9.3EPSS: 93%CPEs: 3EXPL: 0CVE-2007-0940
https://notcve.org/view.php?id=CVE-2007-0940
Unspecified vulnerability in the Cryptographic API Component Object Model Certificates ActiveX control (CAPICOM.dll) in Microsoft CAPICOM and BizTalk Server 2004 SP1 and SP2 allows remote attackers to execute arbitrary code via unspecified vectors, aka the "CAPICOM.Certificates Vulnerability." Vulnerabilidad no especificada en el control ActiveX Cryptographic API Component Object Model Certificates ActiveX (CAPICOM.dll) en Microsoft CAPICOM y BizTalk Server 2004 SP1 y SP2 permite a atacantes remotos ejecutar código de su elección a través de vectores no especificados, también conocido como "Vulnerabilidad de certificados CAPICOM". • http://secunia.com/advisories/25185 http://www.kb.cert.org/vuls/id/866305 http://www.osvdb.org/34397 http://www.securityfocus.com/archive/1/468871/100/200/threaded http://www.securityfocus.com/bid/23782 http://www.securitytracker.com/id?1018016 http://www.securitytracker.com/id?1018017 http://www.us-cert.gov/cas/techalerts/TA07-128A.html http://www.vupen.com/english/advisories/2007/1713 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-028& •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1CVE-2003-0117 – Microsoft BizTalk Server 2002 - HTTP Receiver Buffer Overflow
https://notcve.org/view.php?id=CVE-2003-0117
Buffer overflow in the HTTP receiver function (BizTalkHTTPReceive.dll ISAPI) of Microsoft BizTalk Server 2002 allows attackers to execute arbitrary code via a certain request to the HTTP receiver. Desbordamiento de búfer en la función receptora de HTTP de Microsoft BizTalk Server 2002 permite a atacantes ejecutar código arbitrario mediante una cierta petición al receptor HTTP. • https://www.exploit-db.com/exploits/22553 http://marc.info/?l=bugtraq&m=105216866132289&w=2 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-016 •
CVSS: 7.5EPSS: 2%CPEs: 11EXPL: 2CVE-2003-0118 – Microsoft BizTalk Server 2000/2002 DTA - 'RawCustomSearchField.asp' SQL Injection
https://notcve.org/view.php?id=CVE-2003-0118
SQL injection vulnerability in the Document Tracking and Administration (DTA) website of Microsoft BizTalk Server 2000 and 2002 allows remote attackers to execute operating system commands via a request to (1) rawdocdata.asp or (2) RawCustomSearchField.asp containing an embedded SQL statement. Vulnerabilidad de inyección de SQL en el sitio web de Administración y Seguimiento de Documentos (DTA) de Microsoft BizTalk Server 2000 y 2002 permite a atacantes remotos ejecutar comandos del sistema operativo mediante una URL conteniendo una sentencia SQL embebida. • https://www.exploit-db.com/exploits/22555 https://www.exploit-db.com/exploits/22554 http://marc.info/?l=bugtraq&m=105216839231951&w=2 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-016 •