CVSS: 9.3EPSS: 41%CPEs: 2EXPL: 2CVE-2008-0551 – Sejoong Namo ActiveSquare 6 - 'NamoInstaller.dll' install Method
https://notcve.org/view.php?id=CVE-2008-0551
The NamoInstaller.NamoInstall.1 ActiveX control in NamoInstaller.dll 3.0.0.1 and earlier in Namo Web Editor in Sejoong Namo ActiveSquare 6 allows remote attackers to execute arbitrary code via a URL in the argument to the Install method. NOTE: some of these details are obtained from third party information. El control ActiveX NamoInstaller.NamoInstall.1 de NamoInstaller.dll 3.0.0.1 y anteriores en Namo Web Editor en Sejoong Namo ActiveSquare 6 permite a atacantes remotos ejecutar código de su elección a través de un URL en el argumento del método Install. NOTA: algunos de estos detalles han sido obtenidos a partir de la información de terceros. • https://www.exploit-db.com/exploits/4986 http://secunia.com/advisories/28649 http://www.securityfocus.com/bid/27453 http://www.securityfocus.com/bid/27580 http://www.vupen.com/english/advisories/2008/0299 https://exchange.xforce.ibmcloud.com/vulnerabilities/39943 https://exchange.xforce.ibmcloud.com/vulnerabilities/39974 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 8%CPEs: 2EXPL: 2CVE-2008-0470 – Comodo AntiVirus 2.0 - 'ExecuteStr()' Remote Command Execution
https://notcve.org/view.php?id=CVE-2008-0470
A certain ActiveX control in Comodo AntiVirus 2.0 allows remote attackers to execute arbitrary commands via the ExecuteStr method. Un ciertolador ActiveX en Comodo AntiVirus 2.0 permite a atacantes remotos ejecutar comandos de su elección a través del método ExecuteStr. • https://www.exploit-db.com/exploits/4974 http://www.securityfocus.com/bid/27424 https://exchange.xforce.ibmcloud.com/vulnerabilities/39904 •
CVSS: 10.0EPSS: 36%CPEs: 2EXPL: 1CVE-2008-0437 – HP Virtual Rooms WebHPVCInstall Control - Remote Buffer Overflow
https://notcve.org/view.php?id=CVE-2008-0437
Multiple buffer overflows in the WebHPVCInstall.HPVirtualRooms14 ActiveX control in HPVirtualRooms14.dll 1.0.0.100, as used in the installation process for HP Virtual Rooms, allow remote attackers to execute arbitrary code via a long (1) AuthenticationURL, (2) PortalAPIURL, or (3) cabroot property value. NOTE: some of these details are obtained from third party information. Múltiples desbordamientos de búfer en el control ActiveX WebHPVCInstall.HPVirtualRooms14.dll 1.0.0.100, usado en el proceso de instalación de HP Virtual Rooms, permiten a atacantes remotos ejecutar código de su elección mediante un valor largo para las propiedades (1) AuthenticationURL, (2) PortalAPIURL, o (3) cabroot. NOTA: algunos de estos detalles se han obtenido de información de terceros. • https://www.exploit-db.com/exploits/4959 http://marc.info/?l=full-disclosure&m=120098751528333&w=2 http://secunia.com/advisories/28595 http://www.securityfocus.com/bid/27384 http://www.vupen.com/english/advisories/2008/0236 https://exchange.xforce.ibmcloud.com/vulnerabilities/39836 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 22%CPEs: 1EXPL: 2CVE-2008-0235
https://notcve.org/view.php?id=CVE-2008-0235
The Microsoft VFP_OLE_Server ActiveX control allows remote attackers to execute arbitrary code by invoking the foxcommand method. El control ActiveX Microsoft VFP_OLE_Server permite a atacantes remotos ejecutar código de su elección invocando el método foxcommand. • http://packetstormsecurity.org/0801-exploits/msvfpole-exec.txt http://secunia.com/advisories/28417 http://shinnai.altervista.org/exploits/txt/TXT_rNowA1916DKFNUF48NyS.html http://www.securityfocus.com/bid/27199 https://exchange.xforce.ibmcloud.com/vulnerabilities/39559 https://www.exploit-db.com/exploits/4875 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 59%CPEs: 8EXPL: 1CVE-2007-6387 – Vantage Linguistics AnswerWorks 4 - API ActiveX Control Buffer Overflow
https://notcve.org/view.php?id=CVE-2007-6387
Multiple stack-based buffer overflows in the awApi4.AnswerWorks.1 ActiveX control in awApi4.dll 4.0.0.42, as used by Vantage Linguistics AnswerWorks, and Intuit Clearly Bookkeeping, ProSeries, QuickBooks, Quicken, QuickTax, and TurboTax, allow remote attackers to execute arbitrary code via long arguments to the (1) GetHistory, (2) GetSeedQuery, (3) SetSeedQuery, and possibly other methods. NOTE: some of these details are obtained from third party information. Múltiples desbordamientos de búfer basados en pila en el control ActiveX awApi4.AnswerWorks.1 en awApi4.dll 4.0.0.42, como el utilizado por Vantage Linguistics AnswerWorks, y Intuit Clearly Bookkeeping, ProSeries, QuickBooks, Quicken, QuickTax, y TurboTax, permite a atacantes remotos ejecutar código de su elección mediante argumentos largos a (1) GetHistory, (2) GetSeedQuery, (3) SetSeedQuery, y posiblemente otros métodos. NOTA: algunos de estos detalles se han obtenido de información de terceros. • https://www.exploit-db.com/exploits/4825 http://secunia.com/advisories/26566 http://secunia.com/advisories/26670 http://support.quickbooks.intuit.com/support/qbupdate2007/Default.aspx http://www.intuit.com/support/security http://www.securityfocus.com/bid/26815 http://www.vantagelinguistics.com/answerworks/release http://www.vupen.com/english/advisories/2007/4194 http://www.vupen.com/english/advisories/2007/4195 https://exchange.xforce.ibmcloud.com/vulnerabilities/39004 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •