CVSS: 9.3EPSS: 6%CPEs: 1EXPL: 0CVE-2007-0322
https://notcve.org/view.php?id=CVE-2007-0322
Multiple stack-based buffer overflows in the Intuit QuickBooks Online Edition ActiveX control before 10 allow remote attackers to execute arbitrary code via unspecified vectors. Múltiples desbordamientos de búfer basados en pila en el control ActiveX Intuit QuickBooks Online Edition anterior a 10 permite a atacantes remotos ejecutar código de su elección mediante vectores no especificados. • http://secunia.com/advisories/26659 http://www.kb.cert.org/vuls/id/907481 http://www.securityfocus.com/bid/25544 https://exchange.xforce.ibmcloud.com/vulnerabilities/36462 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 3%CPEs: 1EXPL: 0CVE-2007-4471
https://notcve.org/view.php?id=CVE-2007-4471
Multiple unspecified vulnerabilities in the Intuit QuickBooks Online Edition ActiveX control before 10 allow remote attackers to create or overwrite arbitrary files via unspecified arguments to the (1) httpGETToFile, (2) httpPOSTFromFile, and possibly other methods, probably involving path traversal vulnerabilities in exposed dangerous methods. NOTE: this can be leveraged for code execution by writing to a Startup folder. Múltiples vulnerabilidades no especificadas en el control ActiveX Intuit QuickBooks Online Edition anterior a 10 permite a atacantes remotos crear o sobrescribir ficheros de su elección mediante argumentos no especificados a (1) httpGETToFile, (2) httpPOSTFromFile, y posiblemente otros métodos, que probablemente involucran vulnerabilidades de salto de ruta en métodos peligros expuestos. NOTA: esto podría ser aprovechado para la ejecución de código escribiendo en la carpeta Startup. • http://osvdb.org/37134 http://secunia.com/advisories/26659 http://www.kb.cert.org/vuls/id/979638 http://www.securityfocus.com/bid/25544 https://exchange.xforce.ibmcloud.com/vulnerabilities/36464 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-264: Permissions, Privileges, and Access Controls •