CVSS: 9.3EPSS: 5%CPEs: 24EXPL: 0CVE-2008-3635 – Apple QuickTime IV32 Codec Parsing Stack Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2008-3635
09 Sep 2008 — Stack-based buffer overflow in QuickTimeInternetExtras.qtx in an unspecified third-party Indeo v3.2 (aka IV32) codec for QuickTime, when used with Apple QuickTime before 7.5.5 on Windows, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file. Desbordamiento de búfer basado en pila en QuickTimeInternetExtras.qtx en un codec de Indeo v3.2 (también conocido como IV32) de terceros que no se ha especificado y que es para QuickTime, cuando se u... • http://lists.apple.com/archives/security-announce//2008/Sep/msg00000.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.1EPSS: 19%CPEs: 45EXPL: 0CVE-2008-3842
https://notcve.org/view.php?id=CVE-2008-3842
27 Aug 2008 — Request Validation (aka the ValidateRequest filters) in ASP.NET in Microsoft .NET Framework without the MS07-040 update does not properly detect dangerous client input, which allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated by a query string containing a "
CVSS: 6.1EPSS: 20%CPEs: 50EXPL: 0CVE-2008-3843
https://notcve.org/view.php?id=CVE-2008-3843
27 Aug 2008 — Request Validation (aka the ValidateRequest filters) in ASP.NET in Microsoft .NET Framework with the MS07-040 update does not properly detect dangerous client input, which allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated by a query string containing a "<~/" (less-than tilde slash) sequence followed by a crafted STYLE element. Request Validation (tambien conocida como filtros ValidateRequest) en ASP.NET de Microsoft .NET Framework con la actualización MS07-040, no detect... • http://securityreason.com/securityalert/4193 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.0EPSS: 55%CPEs: 8EXPL: 0CVE-2008-1456
https://notcve.org/view.php?id=CVE-2008-1456
13 Aug 2008 — Array index vulnerability in the Event System in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote authenticated users to execute arbitrary code via a crafted event subscription request that is used to access an array of function pointers. Vulnerabilidad de índice de array en el Sistema de Eventos de Microsoft Windows 2000 SP4, XP SP2 y SP3, Server 2003 SP1 y SP2, Vista Gold y SP1 y Server 2008 permite a usuarios autentificados remotamente... • http://marc.info/?l=bugtraq&m=121915960406986&w=2 • CWE-20: Improper Input Validation •
CVSS: 9.0EPSS: 51%CPEs: 8EXPL: 0CVE-2008-1457
https://notcve.org/view.php?id=CVE-2008-1457
13 Aug 2008 — The Event System in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate per-user subscriptions, which allows remote authenticated users to execute arbitrary code via a crafted event subscription request. El Sistema de Eventos en Microsoft Windows 2000 SP4, XP SP2 y SP3, Server 2003 SP1 y SP2, Vista Gold y SP1 y Server 2008 no valida correctamente las subscripciones por usuario, lo que permite a usuarios autentificados remotament... • http://marc.info/?l=bugtraq&m=121915960406986&w=2 • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 50%CPEs: 4EXPL: 0CVE-2008-3018
https://notcve.org/view.php?id=CVE-2008-3018
12 Aug 2008 — Microsoft Office 2000 SP3, XP SP3, and 2003 SP2; Office Converter Pack; and Works 8 do not properly parse the length of a PICT file, which allows remote attackers to execute arbitrary code via a crafted PICT file, aka the "Malformed PICT Filter Vulnerability," a different vulnerability than CVE-2008-3021. Microsoft Office 2000 SP3, XP SP3 y 2003 SP2; Office Converter Pack y Works 8 no analiza sintácticamente correctamente la longitud de un archivo PICT, lo que permite a atacantes remotos ejecutar código de ... • http://marc.info/?l=bugtraq&m=121915960406986&w=2 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.1EPSS: 58%CPEs: 10EXPL: 0CVE-2008-1445
https://notcve.org/view.php?id=CVE-2008-1445
12 Jun 2008 — Active Directory on Microsoft Windows 2000 Server SP4, XP Professional SP2 and SP3, Server 2003 SP1 and SP2, and Server 2008 allows remote authenticated users to cause a denial of service (system hang or reboot) via a crafted LDAP request. Active Directory en Microsoft Windows 2000 Server SP4, XP Professional SP2 y SP3, Server 2003 SP1 y SP2, y Server 2008 permite a usuarios autenticados causar una denegación de servicio (caída del sistema o reinicio) a través de una petición LDAP manipulada. • http://secunia.com/advisories/30586 • CWE-20: Improper Input Validation •
CVSS: 8.3EPSS: 1%CPEs: 5EXPL: 0CVE-2008-1453
https://notcve.org/view.php?id=CVE-2008-1453
12 Jun 2008 — The Bluetooth stack in Microsoft Windows XP SP2 and SP3, and Vista Gold and SP1, allows physically proximate attackers to execute arbitrary code via a large series of Service Discovery Protocol (SDP) packets. La pila Bluetooth en Microsoft Windows XP SP2 y SP3, y Vista Gold y SP1 permite a atacantes fisicamente próximos ejecutar código de su elección a través de una larga serie de paquetes Service Discovery Protocol (SDP). • http://secunia.com/advisories/30051 • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 62%CPEs: 20EXPL: 0CVE-2008-0011
https://notcve.org/view.php?id=CVE-2008-0011
12 Jun 2008 — Microsoft DirectX 8.1 through 9.0c, and DirectX on Microsoft XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008, does not properly perform MJPEG error checking, which allows remote attackers to execute arbitrary code via a crafted MJPEG stream in a (1) AVI or (2) ASF file, aka the "MJPEG Decoder Vulnerability." Microsoft DirectX 8.1 a 9.0c, y DirectX en Microsoft XP SP2 y SP3, Server 2003 SP1 y SP2, Vista Gold y SP1, y Server 2008 no realiza adecuadamente la comprobación de errores... • http://marc.info/?l=bugtraq&m=121380194923597&w=2 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 63%CPEs: 20EXPL: 0CVE-2008-1444 – Microsoft DirectX SAMI File Format Name Parsing Stack Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2008-1444
10 Jun 2008 — Stack-based buffer overflow in Microsoft DirectX 7.0 and 8.1 on Windows 2000 SP4 allows remote attackers to execute arbitrary code via a Synchronized Accessible Media Interchange (SAMI) file with crafted parameters for a Class Name variable, aka the "SAMI Format Parsing Vulnerability." Desbordamiento de búfer basado en pila en Microsoft DirectX 7.0 y 8.1 o en Windows 2000 SP4 permite a atacantes remotos ejecutar código de su elección a través de un archivo Synchronized Accessible Media Interchange (SAMI) co... • http://marc.info/?l=bugtraq&m=121380194923597&w=2 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •