CVSS: 7.5EPSS: 7%CPEs: 1EXPL: 0CVE-2007-4278
https://notcve.org/view.php?id=CVE-2007-4278
Stack-based buffer overflow in the giomgr process in ESRI ArcSDE service 9.2, as used with ArcGIS, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large number that requires more than 8 bytes to represent in ASCII, which triggers the overflow in an sprintf function call. Un desbordamiento de búfer en la región stack de la memoria en el proceso giomgr en servicio ESRI ArcSDE versión 9.2, tal y como es usado con ArcGIS, permite a atacantes remotos causar una denegación de servicio (bloqueo de aplicación) y posiblemente ejecutar código arbitrario por medio de un número largo que requiere más de 8 bytes para representarlo en ASCII, lo que desencadena un desbordamiento en una llamada de función sprintf. • http://downloads.esri.com/support/downloads/other_/ArcSDE-92sp3-issues.htm http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=577 http://secunia.com/advisories/26452 http://securitytracker.com/id?1018574 http://www.securityfocus.com/bid/25334 http://www.vupen.com/english/advisories/2007/2911 https://exchange.xforce.ibmcloud.com/vulnerabilities/36042 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 30%CPEs: 1EXPL: 1CVE-2007-1770 – ESRI ArcSDE 9.0 < 9.2sp1 - Remote Buffer Overflow
https://notcve.org/view.php?id=CVE-2007-1770
Buffer overflow in the ArcSDE service (giomgr) in Environmental Systems Research Institute (ESRI) ArcGIS before 9.2 Service Pack 2, when using three tiered ArcSDE configurations, allows remote attackers to cause a denial of service (giomgr crash) and execute arbitrary code via long parameters in crafted requests. Un desbordamiento de búfer en el servicio ArcSDE (giomgr) en Environmental Systems Research Institute (ESRI) ArcGIS versiones anteriores a 9.2 Service Pack 2, cuando se usan tres configuraciones de ArcSDE por niveles, permite a atacantes remotos causar una denegación de servicio (bloqueo de giomgr) y ejecutar código arbitrario por medio de parámetros largos en peticiones especialmente diseñadas. • https://www.exploit-db.com/exploits/4146 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=507 http://secunia.com/advisories/24639 http://support.esri.com/index.cfm?fa=downloads.patchesServicePacks.viewPatch&PID=19&MetaID=1260 http://support.esri.com/index.cfm?fa=downloads.patchesServicePacks.viewPatch&PID=19&MetaID=1261 http://support.esri.com/index.cfm?fa=downloads.patchesServicePacks.viewPatch&PID=19&MetaID=1262 http://www.securityfocus.com/bid/23175 http://www.securitytracker.com/id& •
CVSS: 5.0EPSS: 4%CPEs: 1EXPL: 0CVE-2006-0089
https://notcve.org/view.php?id=CVE-2006-0089
Buffer overflow in ESRI ArcPad 7.0.0.156 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a .amp file with a COORDSYS tag with a long string attribute. Desbordamiento de búfer en ESRI ArcPad 7.0.0.156 permite a atacantes remotos causar una denegación de servicio (caída de aplicación) y posiblemente ejecutar código de su elección mediante un fichero .amp con una etiqueta COORDSYS con un atributo de cadena largo. • http://secunia.com/advisories/18294 http://users.pandora.be/bratax/advisories/b007.html http://www.osvdb.org/22208 http://www.securityfocus.com/bid/16136 http://www.vupen.com/english/advisories/2006/0032 •
CVSS: 4.6EPSS: 0%CPEs: 1EXPL: 1CVE-2005-1393
https://notcve.org/view.php?id=CVE-2005-1393
Multiple buffer overflows in ArcGIS for ESRI ArcInfo Workstation 9.0 allow local users to execute arbitrary code via long command line arguments to (1) asmaster, (2) asuser, (3) asutility, (4) se, or (5) asrecovery. • http://marc.info/?l=full-disclosure&m=111489411524630&w=2 http://secunia.com/advisories/15196 http://securitytracker.com/id?1013852 http://support.esri.com/index.cfm?fa=downloads.patchesServicePacks.viewPatch&PID=14&MetaID=1015 http://www.digitalmunition.com/DMA%5B2005-0425a%5D.txt •
CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 1CVE-2005-1394 – Solaris 10.x - ESRI Arcgis Format String Privilege Escalation
https://notcve.org/view.php?id=CVE-2005-1394
Format string vulnerability in ArcGIS for ESRI ArcInfo Workstation 9.0 allows local users to gain privileges via format string specifiers in the ARCHOME environment variable to (1) wservice or (2) lockmgr. • https://www.exploit-db.com/exploits/972 http://marc.info/?l=full-disclosure&m=111489411524630&w=2 http://secunia.com/advisories/15196 http://securitytracker.com/id?1013852 http://support.esri.com/index.cfm?fa=downloads.patchesServicePacks.viewPatch&PID=14&MetaID=1015 http://www.digitalmunition.com/DMA%5B2005-0425a%5D.txt •