CVE-2007-2417
https://notcve.org/view.php?id=CVE-2007-2417
Heap-based buffer overflow in _mprosrv.exe in Progress Software Progress 9.1E and OpenEdge 10.1x, as used by the RSA Authentication Manager 6.0 and 6.1, SecurID Appliance 2.0, ACE/Server 5.2, and possibly other products, allows remote attackers to execute arbitrary code via crafted packets. NOTE: this issue might overlap CVE-2007-3491. Desbordamiento de búfer basado en montículo en _mprosrv.exe de Progress Software Progress 9.1E y OpenEdge 10.1.x, como se usan en RSA Authentication Manager 6.0 y 6.1, SecurID Appliance 2.0, ACE/Server 5.2, y posiblemente otros productos, permite a atacantes remotos ejecutar código de su elección mediante paquetes manipulados. NOTA: este problema podría solaparse con CVE-2007-3491. • http://dvlabs.tippingpoint.com/advisory/TPTI-07-12 http://osvdb.org/37934 http://secunia.com/advisories/26058 http://secunia.com/advisories/26067 http://www.securityfocus.com/archive/1/473623/100/0/threaded http://www.securityfocus.com/bid/24675 http://www.securitytracker.com/id?1018389 http://www.vupen.com/english/advisories/2007/2530 http://www.vupen.com/english/advisories/2007/2531 https://exchange.xforce.ibmcloud.com/vulnerabilities/35385 •
CVE-2007-2506 – Progress WebSpeed 3.0/3.1 - Denial of Service
https://notcve.org/view.php?id=CVE-2007-2506
WebSpeed 3.x in OpenEdge 10.x in Progress Software Progress 9.1e, and certain other 9.x versions, allows remote attackers to cause a denial of service (infinite loop and daemon hang) via a messenger URL that invokes _edit.r with no additional parameters, as demonstrated by requests for cgiip.exe or wsisa.dll with WService=wsbroker1/_edit.r in the PATH_INFO. WebSpeed 3.x de OpenEdge 10.x en Progress Software Progress 9.1e, y otras versiones concretas 9.x, permite a atacantes remotos provocar una denegación de servicio (bucle infinito y congelación de demonio) mediante una URL de mensajero que invoca _edit.r sin parámetros adicionales, como demuestra realizando peticiones de cgiip.exe ó wsisa.dll con WService=wsbroker1/_edit.r en PATH_INFO. • https://www.exploit-db.com/exploits/29943 http://osvdb.org/35541 http://progress.atgnow.com/esprogress/resultDisplay.do?gotoLink=115&docType=1006&clusterName=CombinedCluster&contentId=12&groupId=3&answerGroup=1&score=1932&page=http%3A%2F%2Fprogress.atgnow.com%2Fesprogress%2Fdocs%2FSolutions%2FProgress%2FESERVER_P123694.xhtml&result=0&excerpt=P123694 http://secunia.com/advisories/25129 http://www.ishare.nl http://www.securityfocus.com/archive/1/467375/100/0/threaded http://www.securityfocus.com/archive/1/46737 •
CVE-2001-1129
https://notcve.org/view.php?id=CVE-2001-1129
Format string vulnerabilities in (1) _probuild, (2) _dbutil, (3) _mprosrv, (4) _mprshut, (5) _proapsv, (6) _progres, (7) _proutil, (8) _rfutil and (9) prolib in Progress database 9.1C allows a local user to execute arbitrary code via format string specifiers in the file used by the PROMSGS environment variable. • http://www.securityfocus.com/archive/1/224395 http://www.securityfocus.com/bid/3502 https://exchange.xforce.ibmcloud.com/vulnerabilities/7457 •
CVE-2001-1128
https://notcve.org/view.php?id=CVE-2001-1128
Buffer overflow in Progress database 8.3D and 9.1C allows local users to execute arbitrary code via long entries in files that are specified by the (1) PROMSGS or (2) PROTERMCAP environment variables. • http://www.securityfocus.com/archive/1/219174 http://www.securityfocus.com/bid/3414 https://exchange.xforce.ibmcloud.com/vulnerabilities/7264 •
CVE-2001-1127 – Progress Database 8.3/9.1 - Multiple Buffer Overflows
https://notcve.org/view.php?id=CVE-2001-1127
Buffer overflow in Progress database 8.3D and 9.1C could allow a local user to execute arbitrary code via (1) _proapsv, (2) _mprosrv, (3) _mprshut, (4) orarx, (5) sqlcpp, (6) _probrkr, (7) _sqlschema and (8) _sqldump. • https://www.exploit-db.com/exploits/21117 https://www.exploit-db.com/exploits/21359 http://www.securityfocus.com/archive/1/218833 http://www.securityfocus.com/bid/3404 https://exchange.xforce.ibmcloud.com/vulnerabilities/7236 •