Page 27 of 317 results (0.005 seconds)

CVSS: 7.5EPSS: 10%CPEs: 46EXPL: 0

Integer overflow in JsArrayFunctionHeapSort function used by Windows Script Engine for JScript (JScript.dll) on various Windows operating system allows remote attackers to execute arbitrary code via a malicious web page or HTML e-mail that uses a large array index value that enables a heap-based buffer overflow attack. Desbordamiento de enteros en JsArrayFunctionHeapSort usado en el Motor de script Windows de JScript (JScript.dll) en varios sistemas operativos Windows permite a atacantes remotos ejecutar código arbitrario mediante una página web maliciosao un correo electrónico HTML que usa un valor de índice de array largo que permite un ataque de desbordamiento de búfer basado en el montón (heap). • http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0139.html http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=26 http://marc.info/?l=bugtraq&m=104812108307645&w=2 http://www.securityfocus.com/bid/7146 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-008 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A134 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A200 https:/ •

CVSS: 7.5EPSS: 2%CPEs: 45EXPL: 2

Buffer overflow in the RPC Locator service for Microsoft Windows NT 4.0, Windows NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows local users to execute arbitrary code via an RPC call to the service containing certain parameter information. Desbordamiento de búfer en el servicio Localizador de Windows NT 4.0, Windows NT 4.0 Terminal server Edition, Windows 2000, y Windows XP permite a usuarios locales ejecutar código arbitrario mediante una llamada RPC al servicio conteniendo cierta información de parámetros. • https://www.exploit-db.com/exploits/5 https://www.exploit-db.com/exploits/22194 http://marc.info/?l=bugtraq&m=104394414713415&w=2 http://marc.info/?l=ntbugtraq&m=104393588232166&w=2 http://www.cert.org/advisories/CA-2003-03.html http://www.kb.cert.org/vuls/id/610986 http://www.securityfocus.com/bid/6666 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-001 https://exchange.xforce.ibmcloud.com/vulnerabilities/11132 https://oval.cisecurit •

CVSS: 3.6EPSS: 0%CPEs: 37EXPL: 0

NT Virtual DOS Machine (NTVDM.EXE) in Windows 2000, NT and XP does not verify user execution permissions for 16-bit executable files, which allows local users to bypass the loader and execute arbitrary programs. NT Virtual DOS Machine (NTVDM.EXE) en Windows 2000, NT y XP no verifica los permisos de ejecución del usuario para archivos ejecutables de 16 bits, lo que permite a los usuarios locales pasar por alto el cargador y ejecutar programas arbitrarios. • http://archives.neohapsis.com/archives/bugtraq/2002-09/0211.html http://support.microsoft.com/default.aspx?scid=kb%3B%5BLN%5D%3B319458 http://www.abtrusion.com/msexe16.asp http://www.iss.net/security_center/static/10132.php http://www.securityfocus.com/bid/5740 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 5.0EPSS: 0%CPEs: 3EXPL: 0

WebSite Pro 3.1.11.0 on Windows allows remote attackers to read script source code for files with extensions greater than 3 characters via a URL request that uses the equivalent 8.3 file name. • http://archives.neohapsis.com/archives/bugtraq/2002-05/0178.html http://www.iss.net/security_center/static/9147.php http://www.securityfocus.com/bid/4783 •

CVSS: 5.0EPSS: 7%CPEs: 26EXPL: 3

Microsoft Windows 2000 allows remote attackers to cause a denial of service (memory consumption) by sending a flood of empty TCP/IP packets with the ACK and FIN bits set to the NetBIOS port (TCP/139), as demonstrated by stream3. • https://www.exploit-db.com/exploits/21246 https://www.exploit-db.com/exploits/21245 http://online.securityfocus.com/archive/1/252616 http://support.microsoft.com/default.aspx?scid=kb%3BEN-US%3Bq280446 http://www.securityfocus.com/bid/3967 https://exchange.xforce.ibmcloud.com/vulnerabilities/8037 •