CVSS: 9.3EPSS: 48%CPEs: 14EXPL: 2CVE-2008-1087 – Microsoft Windows - GDI Image Parsing Stack Overflow (MS08-021)
https://notcve.org/view.php?id=CVE-2008-1087
08 Apr 2008 — Stack-based buffer overflow in GDI in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Vista, and Server 2008 allows remote attackers to execute arbitrary code via an EMF image file with crafted filename parameters, aka "GDI Stack Overflow Vulnerability." Desbordamiento de búfer basado en pila en GDI de Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 y SP2, Vista, y Server 2008, permite a atacantes remotos ejecutar código de su elección a través de un fichero de imagen EMF con los parámetros... • https://www.exploit-db.com/exploits/5442 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 2CVE-2008-1471 – Panda Internet Security/AntiVirus+Firewall 2008 - 'CPoint.sys' Memory Corruption
https://notcve.org/view.php?id=CVE-2008-1471
24 Mar 2008 — The cpoint.sys driver in Panda Internet Security 2008 and Antivirus+ Firewall 2008 allows local users to cause a denial of service (system crash or kernel panic), overwrite memory, or execute arbitrary code via a crafted IOCTL request that triggers an out-of-bounds write of kernel memory. El dispositivo cpoint.sys driver en Panda Internet Security 2008 y Antivirus+ Firewall 2008 permite a usuarios locales provocar una denegación de servicio (caída del sistema o kernel panic), sobrescribir memoria o ejecutar... • https://www.exploit-db.com/exploits/31363 • CWE-399: Resource Management Errors •
CVSS: 9.8EPSS: 4%CPEs: 6EXPL: 0CVE-2007-6423
https://notcve.org/view.php?id=CVE-2007-6423
12 Jan 2008 — Unspecified vulnerability in mod_proxy_balancer for Apache HTTP Server 2.2.x before 2.2.7-dev, when running on Windows, allows remote attackers to trigger memory corruption via a long URL. NOTE: the vendor could not reproduce this issue ** CUESTIONABLE ** Vulnerabilidad no especificada en mod_proxy_balancer para Apache HTTP Server 2.2.x, en versiones anteriores a la 2.2.7-dev, cuando se ejecuta en Windows, permite que atacantes remotos provoquen una corrupción de memoria usando una URL larga. NOTA: el vende... • http://securityreason.com/securityalert/3523 • CWE-399: Resource Management Errors •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2007-6334
https://notcve.org/view.php?id=CVE-2007-6334
20 Dec 2007 — Ingres 2.5 and 2.6 on Windows, as used in multiple CA products and possibly other products, assigns the privileges and identity of users to be the same as the first user, which allows remote attackers to gain privileges. Ingres 2.5 y 2.6 para Windows, usados en múltiples productos CA y posiblemente otros, asigna los privilegios y la identidad de los usuarios para que sean la misma que el primer usuario, lo cual permite a atacantes remotos obtener privilegios. • http://secunia.com/advisories/28183 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.3EPSS: 69%CPEs: 6EXPL: 1CVE-2007-6026 – Microsoft Jet Engine - '.MDB' File Parsing Stack Overflow
https://notcve.org/view.php?id=CVE-2007-6026
20 Nov 2007 — Stack-based buffer overflow in Microsoft msjet40.dll 4.0.8618.0 (aka Microsoft Jet Engine), as used by Access 2003 in Microsoft Office 2003 SP3, allows user-assisted attackers to execute arbitrary code via a crafted MDB file database file containing a column structure with a modified column count. NOTE: this might be the same issue as CVE-2005-0944. Un desbordamiento del búfer en la región stack de la memoria en Microsoft msjet40.dll versión 4.0.8618.0 (también se conoce como Microsoft Jet Engine), como es ... • https://www.exploit-db.com/exploits/4625 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 9%CPEs: 21EXPL: 3CVE-2007-4938 – MPlayer 1.0 - AVIHeader.C Heap Buffer Overflow
https://notcve.org/view.php?id=CVE-2007-4938
18 Sep 2007 — Heap-based buffer overflow in libmpdemux/aviheader.c in MPlayer 1.0rc1 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a .avi file with certain large "indx truck size" and nEntriesInuse values, and a certain wLongsPerEntry value. Desbordamiento de búfer basado en pila en libmpdemux/aviheader.c en MPlayer 1.0rc1 y anteriores permite a atacantes remotos provocar denegación de servicio (caida de aplicación) o posiblemente ejecutar códi... • https://www.exploit-db.com/exploits/30578 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.1EPSS: 59%CPEs: 8EXPL: 1CVE-2007-3958 – Microsoft Windows Explorer - '.GIF' Image Denial of Service
https://notcve.org/view.php?id=CVE-2007-3958
24 Jul 2007 — Microsoft Windows Explorer (explorer.exe) allows user-assisted remote attackers to cause a denial of service via a certain GIF file, as demonstrated by Art.gif. Microsoft Windows Explorer (explorer.exe) permite a atacantes remotos con la complicidad del usuario provocar una denegación de servicio mediante un determinado fichero GIF, como se demuestra con Art.gif. • https://www.exploit-db.com/exploits/4215 •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2007-3482
https://notcve.org/view.php?id=CVE-2007-3482
28 Jun 2007 — Cross-domain vulnerability in Apple Safari for Windows 3.0.1 allows remote attackers to bypass the "same origin policy" and access restricted information from other domains via JavaScript that overwrites the document variable and statically sets the document.domain attribute. Una vulnerabilidad de tipo cross-domain en Apple Safari para Windows versión 3.0.1, permite a atacantes remotos omitir la "same origin policy" y acceder a información restringida de otros dominios por medio de JavaScript que sobrescrib... • http://osvdb.org/38860 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 1%CPEs: 18EXPL: 1CVE-2007-2736 – Achievo 1.1.0 - 'config_atkroot' Remote File Inclusion
https://notcve.org/view.php?id=CVE-2007-2736
17 May 2007 — PHP remote file inclusion vulnerability in index.php in Achievo 1.1.0 allows remote attackers to execute arbitrary PHP code via a URL in the config_atkroot parameter. Vulnerabilidad de inclusión remota de archivo en PHP en index.php de Achievo 1.1.0 permite a atacantes remotos ejecutar código PHP de su elección mediante una URL en el parámetro config_atkroot. • https://www.exploit-db.com/exploits/3928 •
CVSS: 7.5EPSS: 11%CPEs: 16EXPL: 1CVE-2007-1898 – Jetbox CMS 2.1 Email - 'FormMail.php' Input Validation
https://notcve.org/view.php?id=CVE-2007-1898
16 May 2007 — formmail.php in Jetbox CMS 2.1 allows remote attackers to send arbitrary e-mails (spam) via modified recipient, _SETTINGS[allowed_email_hosts][], and subject parameters. formmail.php en Jetbox CMS 2.1 permite a atacantes remotos envíar e-mails de su elección a través de recipientes modificados, a través de los parámetros _SETTINGS[allowed_email_hosts][], y subject. • https://www.exploit-db.com/exploits/30040 •