Page 23 of 317 results (0.009 seconds)

CVSS: 7.5EPSS: 97%CPEs: 38EXPL: 3

Multiple integer overflows in Microsoft ASN.1 library (MSASN1.DLL), as used in LSASS.EXE, CRYPT32.DLL, and other Microsoft executables and libraries on Windows NT 4.0, 2000, and XP, allow remote attackers to execute arbitrary code via ASN.1 BER encodings with (1) very large length fields that cause arbitrary heap data to be overwritten, or (2) modified bit strings. Múltiples desbordamientos de enteros en la librería ASN.1 de Microsoft (MSASN1.DLL), usada en LSASS.EXE, CRYPT32.DLL, y otros ejecutables de Microsoft y librerías en Windows NT/2000/XP, permite a atacantes remotos ejecutar código arbitrario mediante codificaciones ASN.1 BER con campos de longitud muy largos que hace que se sobreescriban datos arbitrarios del montón. • https://www.exploit-db.com/exploits/153 https://www.exploit-db.com/exploits/16377 https://www.exploit-db.com/exploits/3022 http://marc.info/?l=bugtraq&m=107643836125615&w=2 http://marc.info/?l=bugtraq&m=107643892224825&w=2 http://marc.info/?l=ntbugtraq&m=107650972617367&w=2 http://marc.info/?l=ntbugtraq&m=107650972723080&w=2 http://www.kb.cert.org/vuls/id/216324 http://www.kb.cert.org/vuls/id/583108 http://www.us-cert.gov/cas/techalerts/TA04 •

CVSS: 10.0EPSS: 1%CPEs: 2EXPL: 0

ProxyView has a default administrator password of Administrator for Embedded Windows NT, which allows remote attackers to gain access. • http://securityreason.com/securityalert/3228 http://www.securityfocus.com/archive/1/308733 http://www.securityfocus.com/bid/6708 https://exchange.xforce.ibmcloud.com/vulnerabilities/11185 • CWE-16: Configuration •

CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 2

Buffer overflow in cmd.exe in Windows NT 4.0 may allow local users to execute arbitrary code via a long pathname argument to the cd command. • https://www.exploit-db.com/exploits/22245 http://securityreason.com/securityalert/3251 http://www.securityfocus.com/archive/1/311359 http://www.securityfocus.com/bid/6829 https://exchange.xforce.ibmcloud.com/vulnerabilities/11329 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 2.1EPSS: 0%CPEs: 34EXPL: 0

BEA WebLogic Express and WebLogic Server 7.0 and 7.0.0.1, stores passwords in plaintext when a keystore is used to store a private key or trust certificate authorities, which allows local users to gain access. • http://dev.bea.com/resourcelibrary/advisoriesnotifications/BEA03-25.jsp http://www.securityfocus.com/bid/6719 https://exchange.xforce.ibmcloud.com/vulnerabilities/11220 •

CVSS: 5.0EPSS: 2%CPEs: 7EXPL: 2

The default configuration of ColdFusion MX has the "Enable Robust Exception Information" option selected, which allows remote attackers to obtain the full path of the web server via a direct request to CFIDE/probe.cfm, which leaks the path in an error message. • https://www.exploit-db.com/exploits/22544 http://securityreason.com/securityalert/3307 http://www.nii.co.in/vuln/pdmac.html http://www.securityfocus.com/archive/1/319867 http://www.securityfocus.com/bid/7443 https://exchange.xforce.ibmcloud.com/vulnerabilities/11879 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •