CVSS: 9.0EPSS: 29%CPEs: 8EXPL: 0CVE-2008-1457
https://notcve.org/view.php?id=CVE-2008-1457
The Event System in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate per-user subscriptions, which allows remote authenticated users to execute arbitrary code via a crafted event subscription request. El Sistema de Eventos en Microsoft Windows 2000 SP4, XP SP2 y SP3, Server 2003 SP1 y SP2, Vista Gold y SP1 y Server 2008 no valida correctamente las subscripciones por usuario, lo que permite a usuarios autentificados remotamente ejecutar código de su elección mediante una petición de subscripción a un evento manipulada. • http://marc.info/?l=bugtraq&m=121915960406986&w=2 http://secunia.com/advisories/31417 http://www.securityfocus.com/bid/30584 http://www.securitytracker.com/id?1020677 http://www.us-cert.gov/cas/techalerts/TA08-225A.html http://www.vupen.com/english/advisories/2008/2353 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-049 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6095 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 6%CPEs: 3EXPL: 0CVE-2008-2246
https://notcve.org/view.php?id=CVE-2008-2246
Microsoft Windows Vista through SP1 and Server 2008 do not properly import the default IPsec policy from a Windows Server 2003 domain to a Windows Server 2008 domain, which prevents IPsec rules from being enforced and allows remote attackers to bypass intended access restrictions. Microsoft Windows Vista SP1 y Server 2008 no importan de forma apropiada la política IPsec por defecto de un dominio Windows 2003 Server, lo que evita que las reglas de IPsec puedan ser reforzadas y permite a los atacantes que eviten las restricciones pretendidas. • http://marc.info/?l=bugtraq&m=121915960406986&w=2 http://secunia.com/advisories/31411 http://www.securityfocus.com/bid/30634 http://www.securitytracker.com/id?1020678 http://www.us-cert.gov/cas/techalerts/TA08-225A.html http://www.vupen.com/english/advisories/2008/2351 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-047 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6060 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.3EPSS: 50%CPEs: 4EXPL: 0CVE-2008-3018
https://notcve.org/view.php?id=CVE-2008-3018
Microsoft Office 2000 SP3, XP SP3, and 2003 SP2; Office Converter Pack; and Works 8 do not properly parse the length of a PICT file, which allows remote attackers to execute arbitrary code via a crafted PICT file, aka the "Malformed PICT Filter Vulnerability," a different vulnerability than CVE-2008-3021. Microsoft Office 2000 SP3, XP SP3 y 2003 SP2; Office Converter Pack y Works 8 no analiza sintácticamente correctamente la longitud de un archivo PICT, lo que permite a atacantes remotos ejecutar código de su elección mediante un archivo PICT manipulado, también conocido como "Vulnerabilidad de Filtro de PICTs Malformados (Malformed PICT Filter Vulnerability)", una vulnerabilidad distinta a CVE-2008-3021. • http://marc.info/?l=bugtraq&m=121915960406986&w=2 http://secunia.com/advisories/31336 http://www.securityfocus.com/bid/30597 http://www.securitytracker.com/id?1020673 http://www.us-cert.gov/cas/techalerts/TA08-225A.html http://www.vupen.com/english/advisories/2008/2348 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-044 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5879 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.8EPSS: 1%CPEs: 10EXPL: 2CVE-2008-3365 – PixelPost 1.7.1 - 'language_full' Local File Inclusion
https://notcve.org/view.php?id=CVE-2008-3365
Directory traversal vulnerability in index.php in Pixelpost 1.7.1 on Windows, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language_full parameter. Vulnerabilidad de salto de directorio en index.php en Pixelpost 1.7.1 sobre Windows, cuando "register_globals" está activado, permite a atacantes remotos incluir y ejecutar archivos locales a través de .. (punto punto) en el parámetro "languaje_full". • https://www.exploit-db.com/exploits/6150 http://secunia.com/advisories/31239 http://securityreason.com/securityalert/4062 http://www.pixelpost.org/blog/2008/07/27/pixelpost-171-security-patch http://www.securityfocus.com/archive/1/494817/100/0/threaded http://www.securityfocus.com/bid/30397 http://www.vupen.com/english/advisories/2008/2207/references https://exchange.xforce.ibmcloud.com/vulnerabilities/44031 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.3EPSS: 27%CPEs: 2EXPL: 0CVE-2008-1435
https://notcve.org/view.php?id=CVE-2008-1435
Windows Explorer in Microsoft Windows Vista up to SP1, and Server 2008, allows user-assisted remote attackers to execute arbitrary code via crafted saved-search (.search-ms) files that are not properly handled when saving, aka "Windows Saved Search Vulnerability." El Explorador de Windows en Microsoft Windows Vista hasta SP1 y Server 2008, permite a atacantes remotos con la ayuda del usuario ejecutar código de su elección mediante ficheros manipulados de guardar-búsqueda (.search-ms) que no se han manejado adecuadamente cuando se guardaban. También se conoce como "Vulnerabilidad de Guardar Búsqueda de Windows" • http://secunia.com/advisories/30953 http://www.securityfocus.com/bid/30109 http://www.securitytracker.com/id?1020436 http://www.us-cert.gov/cas/techalerts/TA08-190A.html http://www.vupen.com/english/advisories/2008/2020/references https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-038 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5600 • CWE-94: Improper Control of Generation of Code ('Code Injection') •