CVSS: 9.8EPSS: 1%CPEs: 8EXPL: 0CVE-2007-4042
https://notcve.org/view.php?id=CVE-2007-4042
27 Jul 2007 — Multiple argument injection vulnerabilities in Netscape Navigator 9 allow remote attackers to execute arbitrary commands via a NULL byte (%00) and shell metacharacters in a (1) mailto, (2) nntp, (3) news, (4) snews, or (5) telnet URI, a similar issue to CVE-2007-3670. Múltiples vulnerabilidades de inyección de argumento en Netscape Navigator 9 permite a atacantes remotos ejecutar comandos de su elección mediante un byte NULL (%00) y metacaracteres de consola de comandos en URIs (1) mailto, (2) nntp, (3) new... • http://osvdb.org/46832 •
CVSS: 9.8EPSS: 1%CPEs: 9EXPL: 0CVE-2007-4041
https://notcve.org/view.php?id=CVE-2007-4041
27 Jul 2007 — Multiple argument injection vulnerabilities in Mozilla Firefox 2.0.0.5 and 3.0alpha allow remote attackers to execute arbitrary commands via a NULL byte (%00) and shell metacharacters in a (1) mailto, (2) nntp, (3) news, (4) snews, or (5) telnet URI, a similar issue to CVE-2007-3670. Múltiples vulnerabilidades de inyección de argumento en Mozilla Firefox 2.0.0.5 y 3.0alpha permite a atacantes remotos ejecutar comandos de su elección mediante un byte NULL (%00) y metacaracteres de consola de comandos en URIs... • http://www.kb.cert.org/vuls/id/783400 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.3EPSS: 90%CPEs: 2EXPL: 1CVE-2007-3826
https://notcve.org/view.php?id=CVE-2007-3826
17 Jul 2007 — Microsoft Internet Explorer 7 on Windows XP SP2 allows remote attackers to prevent users from leaving a site, spoof the address bar, and conduct phishing and other attacks via repeated document.open function calls after a user requests a new page, but before the onBeforeUnload function is called. Microsoft Internet Explorer 7 en Windows XP SP2 permite a atacantes remotos evitar que los usuarios abandonen un sitio, falsificar la barra de direcciones, y conducir phising y otros ataques mediante llamadas repet... • http://lcamtuf.coredump.cx/ietrap3 •
CVSS: 8.8EPSS: 71%CPEs: 7EXPL: 1CVE-2007-3670 – Microsoft Internet Explorer and Mozilla Firefox - URI Handler Command Injection
https://notcve.org/view.php?id=CVE-2007-3670
10 Jul 2007 — Argument injection vulnerability in Microsoft Internet Explorer, when running on systems with Firefox installed and certain URIs registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in a (1) FirefoxURL or (2) FirefoxHTML URI, which are inserted into the command line that is created when invoking firefox.exe. NOTE: it has been debated as to whether the issue is in Internet Explorer or Firefox. As of 20070711, it is CVE's opinio... • https://www.exploit-db.com/exploits/30285 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 91%CPEs: 1EXPL: 3CVE-2007-3576
https://notcve.org/view.php?id=CVE-2007-3576
05 Jul 2007 — Microsoft Internet Explorer 6 executes web script from URIs of arbitrary scheme names ending with the "script" character sequence, using the (1) vbscript: handler for scheme names with 7 through 9 characters, and the (2) javascript: handler for scheme names with 10 or more characters, which might allow remote attackers to bypass certain XSS protection schemes. NOTE: other researchers dispute the significance of this issue, stating "this only works when typed in the address bar. ** IMPUGNADA ** Microsoft Int... • http://groups.google.com/group/php-ids/browse_thread/thread/3ec15f69d6b3dba0 •
CVSS: 7.8EPSS: 16%CPEs: 7EXPL: 0CVE-2007-3550
https://notcve.org/view.php?id=CVE-2007-3550
03 Jul 2007 — Microsoft Internet Explorer 6.0 and 7.0 allows remote attackers to fill Zones with arbitrary domains using certain metacharacters such as wildcards via JavaScript, which results in a denial of service (website suppression and resource consumption), aka "Internet Explorer Zone Domain Specification Dos and Page Suppressing". NOTE: this issue has been disputed by a third party, who states that the zone settings cannot be manipulated ** EN DISPUTA ** Microsoft Internet Explorer versión 6.0 y versión 7.0 permite... • http://lists.grok.org.uk/pipermail/full-disclosure/2007-July/064326.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.5EPSS: 4%CPEs: 4EXPL: 1CVE-2007-3493 – NCTAudioStudio2 - ActiveX DLL 2.6.1.148 'CreateFile()'/ Insecure Method
https://notcve.org/view.php?id=CVE-2007-3493
29 Jun 2007 — A certain ActiveX control in NCTWavChunksEditor2.dll 2.6.1.148 in NCTAudioStudio (NCTAudioStudio2) 2.7, as used by Sienzo DMM and probably other products, allows remote attackers to create or overwrite arbitrary files via a full pathname in the argument to the CreateFile method, a different product than CVE-2007-3400. Cierto control ActiveX en NCTWavChunksEditor2.dll 2.6.1.148 de NCTAudioStudio (NCTAudioStudio2) 2.7, como el utilizado por Sienzo DMM y probablemente otros productos, permite a atacantes remot... • https://www.exploit-db.com/exploits/4109 •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2007-3497
https://notcve.org/view.php?id=CVE-2007-3497
29 Jun 2007 — Microsoft Internet Explorer 7 allows remote attackers to determine the existence of page history via the history.length JavaScript variable. Microsoft Internet Explorer 7 permite a atacantes remotos determinar la existencia de historia de una página mediante la variable Javascript history.length. • http://osvdb.org/38955 •
CVSS: 5.0EPSS: 1%CPEs: 2EXPL: 0CVE-2007-3481
https://notcve.org/view.php?id=CVE-2007-3481
28 Jun 2007 — Cross-domain vulnerability in Microsoft Internet Explorer 6 and 7 allows remote attackers to bypass the Same Origin Policy and access restricted information from other domains via JavaScript that overwrites the document variable and statically sets the document.domain attribute. NOTE: this issue has been disputed by other researchers, citing a variable scoping issue and information about the semantics of document.domain ** EN DISPUTA ** Vulnerabilidad entre dominios en Microsoft Internet Explorer 6 y 7 perm... • http://osvdb.org/38953 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.5EPSS: 36%CPEs: 2EXPL: 3CVE-2007-3406 – Microsoft Internet Explorer 6 - Local File Access
https://notcve.org/view.php?id=CVE-2007-3406
26 Jun 2007 — Multiple absolute path traversal vulnerabilities in Microsoft Internet Explorer 6 on Windows XP SP2 allow remote attackers to access arbitrary local files via the file: URI in the (1) src attribute of a (a) bgsound, (b) input, (c) EMBED, (d) img, or (e) script tag; (2) data attribute of an object tag; (3) value attribute of a param tag; (4) background attribute of a body tag; or (5) the background:url attribute declared in the BODY parameter of a STYLE tag. Múltiples vulnerabilidades de salto de directorio ... • https://www.exploit-db.com/exploits/29619 •