CVE-2007-1280 – Adobe RoboHelp - Frameset-7.HTML Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2007-1280
Cross-site scripting (XSS) vulnerability in Adobe RoboHelp X5, 6, and Server 6 allows remote attackers to inject arbitrary web script or HTML via a URL after a # (hash) in the URL path, as demonstrated using en/frameset-7.html, and possibly other unspecified vectors involving templates and (1) whstart.js and (2) whcsh_home.htm in WebHelp, (3) wf_startpage.js and (4) wf_startqs.htm in FlashHelp, or (5) WindowManager.dll in RoboHelp Server 6. Una vulnerabilidad de tipo cross-site-scripting (XSS) en Adobe RoboHelp versiones X5, 6 y Server versión 6 permite a los atacantes remotos inyectar scripts web o HTML arbitrarios por medio de una dirección URL después de un valor de dirección URL en la ruta de url, como se ha demostrado utilizando en/frameset-7.html, y posiblemente otros vectores no especificados con plantillas y (1) whstart.js y (2) whcsh_home.htm en WebHelp, (3) wf_startpage.js y (4) wf_startqs.htm en FlashHelp o (5) la biblioteca WindowManager.dll en RoboHelp Server versión 6. • https://www.exploit-db.com/exploits/30016 http://osvdb.org/35867 http://secunia.com/advisories/25211 http://www.adobe.com/support/security/bulletins/apsb07-10.html http://www.devtarget.org/adobe-advisory-05-2007.txt http://www.securityfocus.com/archive/1/468360/100/0/threaded http://www.securityfocus.com/bid/23878 http://www.securitytracker.com/id?1018020 http://www.vupen.com/english/advisories/2007/1714 https://exchange.xforce.ibmcloud.com/vulnerabilities/34181 •
CVE-2007-2414
https://notcve.org/view.php?id=CVE-2007-2414
MyServer before 0.8.8 allows remote attackers to cause a denial of service via unspecified vectors. MyServer anterior a 0.8.8 permite a atacantes remotos provocar una denegación de servicio a través de vectores no identificados. • http://osvdb.org/35469 http://secunia.com/advisories/25026 http://sourceforge.net/project/shownotes.php?release_id=504709&group_id=63119 http://www.myserverproject.net/forum/viewtopic.php?t=1659&sid=ab6d273497a064cd3ed7a83d1c44a70a http://www.securityfocus.com/bid/23716 http://www.vupen.com/english/advisories/2007/1589 https://exchange.xforce.ibmcloud.com/vulnerabilities/33971 •
CVE-2007-1981
https://notcve.org/view.php?id=CVE-2007-1981
The safevoid_vsnprintf function in Metamod-P 1.19p29 and earlier on Windows allows remote attackers to cause a denial of service (daemon crash) via a long meta list command. La función safevoid_vsnprintf de Metamod-P 1.19p29 y anteriores en Windows permite a atacantes remotos provocar una denegación de servicio (caída del demonio) mediante un comando meta list largo. • http://secunia.com/advisories/24738 http://sourceforge.net/forum/forum.php?forum_id=681753 http://sourceforge.net/project/shownotes.php?release_id=498782 http://www.vupen.com/english/advisories/2007/1247 •
CVE-2007-1644 – Microsoft DNS Server - Dynamic DNS Update/Change
https://notcve.org/view.php?id=CVE-2007-1644
The dynamic DNS update mechanism in the DNS Server service on Microsoft Windows does not properly authenticate clients in certain deployments or configurations, which allows remote attackers to change DNS records for a web proxy server and conduct man-in-the-middle (MITM) attacks on web traffic, conduct pharming attacks by poisoning DNS records, and cause a denial of service (erroneous name resolution). El mecanismo de actualización DNS en el servidor DNS de Microsoft Windows no valida adecuadamente a clientes en ciertos despliegues o configuraciones, lo cual permite a atacantes remotos cambiar registros de DNS para un servidor web proxy y conducir ataque de "hombre en medio" (man-in-the-middle) sobre el trafico web, llevando a cabo ataques de pharming a través del envenenamiento de registros DNS, y provocar denegación de servicio (error de resolución de nombre). • https://www.exploit-db.com/exploits/3544 http://osvdb.org/43603 https://exchange.xforce.ibmcloud.com/vulnerabilities/33473 •
CVE-2007-1382 – PHP 'COM' Extensions - inconsistent Win32 'safe_mode' Bypass
https://notcve.org/view.php?id=CVE-2007-1382
The PHP COM extensions for PHP on Windows systems allow context-dependent attackers to execute arbitrary code via a WScript.Shell COM object, as demonstrated by using the Run method of this object to execute cmd.exe, which bypasses PHP's safe mode. La extensión PHP COM para PHP en los sistemas Windows permite a atacantes dependientes del contexto ejecutar código de su elección mediante el objeto COM WScript.Shell, como lo demostrado usando el método Run de dicho objeto para ejecutar cmd.exe, que evita el modo seguro del PHP. • https://www.exploit-db.com/exploits/3429 •