CVE-2006-7037
https://notcve.org/view.php?id=CVE-2006-7037
Mathcad 12 through 13.1 allows local users to bypass the security features by directly accessing or editing the XML representation of the worksheet with a text editor or other program, which allows attackers to (1) bypass password protection by replacing the password field with a hash of a known password, (2) modify timestamps to avoid detection of modifications, (3) remove locks by removing the "is-locked" attribute, and (4) view locked data, which is stored in plaintext. Mathcad versiones 12 hasta 13.1, permite a usuarios locales omitir las funcionalidades de seguridad accediendo o editando directamente la representación XML de la hoja de trabajo con un editor de texto u otro programa, que permite a atacantes (1) omitir la protección con contraseña reemplazando el campo password con un hash de una contraseña conocida, (2) modificar las marcas de tiempo para evitar la detección de modificaciones, (3) eliminar bloqueos eliminando el atributo "is-locked", y (4) visualizar datos bloqueados, que se almacenan en texto plano. • http://securityreason.com/securityalert/2305 http://www.securityfocus.com/archive/1/436441/30/4560/threaded https://exchange.xforce.ibmcloud.com/vulnerabilities/27115 https://exchange.xforce.ibmcloud.com/vulnerabilities/27116 https://exchange.xforce.ibmcloud.com/vulnerabilities/27117 https://exchange.xforce.ibmcloud.com/vulnerabilities/27118 •
CVE-2007-1043 – Ezboo Webstats 3.03 - Administrative Authentication Bypass
https://notcve.org/view.php?id=CVE-2007-1043
Ezboo webstats, possibly 3.0.3, allows remote attackers to bypass authentication and gain access via a direct request to (1) update.php and (2) config.php. Ezboo webstats, posiblemente la 3.0.3, permite a atacantes remotos evitar la autenticación y obtener una vía de acceso mediante una petición directa al (1) update.php y (2) config.php. • https://www.exploit-db.com/exploits/29610 http://forums.avenir-geopolitique.net/viewtopic.php?t=2674 http://osvdb.org/34181 http://securityreason.com/securityalert/2275 http://www.securityfocus.com/archive/1/460325/100/0/threaded http://www.securityfocus.com/bid/22590 https://exchange.xforce.ibmcloud.com/vulnerabilities/32563 •
CVE-2006-6261 – Quintessential Player 4.50.1.82 - Playlist Denial of Service (PoC)
https://notcve.org/view.php?id=CVE-2006-6261
Buffer overflow in Quintessential Player 4.50.1.82 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted (1) M3u or (2) M3u-8 file; or a (3) crafted PLS file with a long value in the (a) NumberofEntries, (b) Length (aka Length1), (c) Filename (aka File1), (d) Title (aka Title1) field, or other unspecified fields. Desbordamiento de búfer en Quintessential Player 4.50.1.82 y anteriores permite a atacantes remotos provocar una denegación de servicio (caída) y posiblemente ejecutar código de su elección mediante un fichero (1) M3u o (2) M3u-8 manipulado; o mediante un (3) fichero PLS artesanal con un valor grande en los campos (a) NumberofEntries, (b) Length (también conocido como Length1), (c) Filename (aka File1), (d) Title (también conocido como Title1), u otros campos no especificados. • https://www.exploit-db.com/exploits/2860 http://www.securityfocus.com/bid/21331 https://exchange.xforce.ibmcloud.com/vulnerabilities/30559 •
CVE-2006-2379 – Microsoft Windows - TCP/IP Protocol Driver Remote Buffer Overflow
https://notcve.org/view.php?id=CVE-2006-2379
Buffer overflow in the TCP/IP Protocol driver in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows remote attackers to execute arbitrary code via unknown vectors related to IP source routing. • https://www.exploit-db.com/exploits/1967 http://secunia.com/advisories/20639 http://securitytracker.com/id?1016290 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/46702 http://www.kb.cert.org/vuls/id/722753 http://www.osvdb.org/26433 http://www.securityfocus.com/archive/1/438482/100/0/threaded http://www.securityfocus.com/archive/1/438609/100/0/threaded http://www.securityfocus.com/bid/18374 http://www.us-cert.gov/cas/techalerts/TA06-164A.html htt • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2006-1184
https://notcve.org/view.php?id=CVE-2006-1184
Microsoft Distributed Transaction Coordinator (MSDTC) for Windows NT 4.0, 2000 SP4, XP SP1 and SP2, and Server 2003 allows remote attackers to cause a denial of service (crash) via a BuildContextW request with a large (1) UuidString or (2) GuidIn of a certain length, which causes an out-of-range memory access, aka the MSDTC Denial of Service Vulnerability. NOTE: this is a variant of CVE-2005-2119. • http://secunia.com/advisories/20000 http://securityreason.com/securityalert/864 http://securitytracker.com/id?1016047 http://www.eeye.com/html/research/advisories/AD20060509b.html http://www.osvdb.org/25336 http://www.securityfocus.com/archive/1/433425/100/0/threaded http://www.securityfocus.com/bid/17905 http://www.vupen.com/english/advisories/2006/1742 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-018 https://exchange.xforce.ibmcloud.com/vulnerabilities& •