CVSS: 7.1EPSS: 58%CPEs: 10EXPL: 0CVE-2008-1445
https://notcve.org/view.php?id=CVE-2008-1445
12 Jun 2008 — Active Directory on Microsoft Windows 2000 Server SP4, XP Professional SP2 and SP3, Server 2003 SP1 and SP2, and Server 2008 allows remote authenticated users to cause a denial of service (system hang or reboot) via a crafted LDAP request. Active Directory en Microsoft Windows 2000 Server SP4, XP Professional SP2 y SP3, Server 2003 SP1 y SP2, y Server 2008 permite a usuarios autenticados causar una denegación de servicio (caída del sistema o reinicio) a través de una petición LDAP manipulada. • http://secunia.com/advisories/30586 • CWE-20: Improper Input Validation •
CVSS: 8.3EPSS: 1%CPEs: 5EXPL: 0CVE-2008-1453
https://notcve.org/view.php?id=CVE-2008-1453
12 Jun 2008 — The Bluetooth stack in Microsoft Windows XP SP2 and SP3, and Vista Gold and SP1, allows physically proximate attackers to execute arbitrary code via a large series of Service Discovery Protocol (SDP) packets. La pila Bluetooth en Microsoft Windows XP SP2 y SP3, y Vista Gold y SP1 permite a atacantes fisicamente próximos ejecutar código de su elección a través de una larga serie de paquetes Service Discovery Protocol (SDP). • http://secunia.com/advisories/30051 • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 62%CPEs: 20EXPL: 0CVE-2008-0011
https://notcve.org/view.php?id=CVE-2008-0011
12 Jun 2008 — Microsoft DirectX 8.1 through 9.0c, and DirectX on Microsoft XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008, does not properly perform MJPEG error checking, which allows remote attackers to execute arbitrary code via a crafted MJPEG stream in a (1) AVI or (2) ASF file, aka the "MJPEG Decoder Vulnerability." Microsoft DirectX 8.1 a 9.0c, y DirectX en Microsoft XP SP2 y SP3, Server 2003 SP1 y SP2, Vista Gold y SP1, y Server 2008 no realiza adecuadamente la comprobación de errores... • http://marc.info/?l=bugtraq&m=121380194923597&w=2 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 63%CPEs: 20EXPL: 0CVE-2008-1444 – Microsoft DirectX SAMI File Format Name Parsing Stack Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2008-1444
10 Jun 2008 — Stack-based buffer overflow in Microsoft DirectX 7.0 and 8.1 on Windows 2000 SP4 allows remote attackers to execute arbitrary code via a Synchronized Accessible Media Interchange (SAMI) file with crafted parameters for a Class Name variable, aka the "SAMI Format Parsing Vulnerability." Desbordamiento de búfer basado en pila en Microsoft DirectX 7.0 y 8.1 o en Windows 2000 SP4 permite a atacantes remotos ejecutar código de su elección a través de un archivo Synchronized Accessible Media Interchange (SAMI) co... • http://marc.info/?l=bugtraq&m=121380194923597&w=2 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0CVE-2008-2163
https://notcve.org/view.php?id=CVE-2008-2163
13 May 2008 — Cross-site scripting (XSS) vulnerability in IBM Lotus Quickr 8.1 before Hotfix 5 for Windows and AIX, and before Hotfix 3 for i5/OS, allows remote attackers to inject arbitrary web script or HTML via unknown vectors related to "WYSIWYG editors." Vulnerabilidad de Secuencias de comandos en sitios cruzados en IBM Lotus Quickr 8.1 versiones anteriores al Hotfix 5 para Windows y AIX, y anteriores al Hotfix 3 para i5/OS, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores ... • http://secunia.com/advisories/30204 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 1CVE-2008-1931
https://notcve.org/view.php?id=CVE-2008-1931
24 Apr 2008 — Realtek HD Audio Codec Drivers RTKVHDA.sys and RTKVHDA64.sys before 6.0.1.5605 on Windows Vista allow local users to create, write, and read registry keys via a crafted IOCTL request. Los Drivers para los Codec de Audio de Realtek HD, RTKVHDA.sys y RTKVHDA64.sys, versiones anteriores a 6.0.1.5605 en Windows Vista, permite a usuarios locales crear, escribir y registrar claves a través de una petición IOCTL manipulada. • http://secunia.com/advisories/29953 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 1CVE-2008-1932
https://notcve.org/view.php?id=CVE-2008-1932
24 Apr 2008 — Integer overflow in Realtek HD Audio Codec Drivers RTKVHDA.sys and RTKVHDA64.sys before 6.0.1.5605 on Windows Vista allows local users to execute arbitrary code via a crafted IOCTL request. Desbordamiento de entero en los controladores RTKVHDA.sys y RTKVHDA64.sys del Codec de audio Realtek HD anterior a la version 6.0.1.5605 en Windows Vista permite a usuarios locales ejecutar código arbitrario mediante la creación de respuestas IOCTL manipuladas. • http://secunia.com/advisories/29953 • CWE-189: Numeric Errors •
CVSS: 9.0EPSS: 61%CPEs: 13EXPL: 2CVE-2008-1436 – Microsoft Windows - 'SeImpersonatePrivilege' Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2008-1436
21 Apr 2008 — Microsoft Windows XP Professional SP2, Vista, and Server 2003 and 2008 does not properly assign activities to the (1) NetworkService and (2) LocalService accounts, which might allow context-dependent attackers to gain privileges by using one service process to capture a resource from a second service process that has a LocalSystem privilege-escalation ability, related to improper management of the SeImpersonatePrivilege user right, as originally reported for Internet Information Services (IIS), aka Token Ki... • https://www.exploit-db.com/exploits/31667 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 85%CPEs: 4EXPL: 1CVE-2008-0927 – Novell eDirectory < 8.7.3 SP 10 / 8.8.2 - HTTP headers Denial of Service
https://notcve.org/view.php?id=CVE-2008-0927
14 Apr 2008 — dhost.exe in Novell eDirectory 8.7.3 before sp10 and 8.8.2 allows remote attackers to cause a denial of service (CPU consumption) via an HTTP request with (1) multiple Connection headers or (2) a Connection header with multiple comma-separated values. NOTE: this might be similar to CVE-2008-1777. El archivo dhost.exe en Novell eDirectory versión 8.7.3 anterior a las versiones sp10 y 8.8.2 permite a los atacantes remotos provocar una denegación de servicio (consumo de CPU) por medio de una petición HTTP con ... • https://www.exploit-db.com/exploits/5547 • CWE-399: Resource Management Errors •
CVSS: 9.3EPSS: 55%CPEs: 16EXPL: 0CVE-2008-1086
https://notcve.org/view.php?id=CVE-2008-1086
08 Apr 2008 — The HxTocCtrl ActiveX control (hxvz.dll), as used in Microsoft Internet Explorer 5.01 SP4 and 6 SP1, in Windows XP SP2, Server 2003 SP1 and SP2, Vista SP1, and Server 2008, allows remote attackers to execute arbitrary code via malformed arguments, which triggers memory corruption. El HxTocCtrl ActiveX control (hxvz.dll), usado en Microsoft Internet Explorer 5.01 SP4 y 6 SP1, en Windows XP SP2, Server 2003 SP1 y SP2, Vista SP1 y Server 2008, permite a atacantes remotos ejecutar código de su elección a través... • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=680 • CWE-94: Improper Control of Generation of Code ('Code Injection') •