Page 54 of 1003 results (0.010 seconds)

CVSS: 4.3EPSS: 0%CPEs: 37EXPL: 0

Cross-site scripting (XSS) vulnerability in HP Insight Management Agents before 9.0.0.0 on Windows Server 2003 and 2008 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en HP Insight Management Agents antes de v9.0.0.0 en Windows Server 2003 y 2008 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores desconocidos. • http://osvdb.org/81668 http://secunia.com/advisories/49054 http://www.securityfocus.com/archive/1/522548 http://www.securityfocus.com/bid/53341 http://www.securitytracker.com/id?1027003 https://exchange.xforce.ibmcloud.com/vulnerabilities/75314 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.8EPSS: 0%CPEs: 37EXPL: 0

Cross-site request forgery (CSRF) vulnerability in HP Insight Management Agents before 9.0.0.0 on Windows Server 2003 and 2008 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. Vulnerabilidad de falsificación de peticiones en sitios cruzados (CSRF) en HP Insight Management Agents antes de v9.0.0.0 en Windows Server 2003 y 2008 permite a atacantes remotos secuestrar la autenticación de víctimas no especificadas a través de vectores desconocidos. • http://osvdb.org/81666 http://secunia.com/advisories/49054 http://www.securityfocus.com/archive/1/522548 http://www.securityfocus.com/bid/53341 http://www.securitytracker.com/id?1027003 https://exchange.xforce.ibmcloud.com/vulnerabilities/75312 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 9.3EPSS: 95%CPEs: 27EXPL: 0

Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "SelectAll Remote Code Execution Vulnerability." Microsoft Internet Explorer 6 hasta la versión 9 no maneja apropiadamente objetos en memoria, lo que permite a atacantes remotos ejecutar código arbitrario accediendo a un objeto borrado. También conocida como "vulnerabilidad de ejecución de código remota SelectAll". • http://www.securitytracker.com/id?1026901 http://www.us-cert.gov/cas/techalerts/TA12-101A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-023 https://exchange.xforce.ibmcloud.com/vulnerabilities/74382 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15313 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 9.3EPSS: 88%CPEs: 19EXPL: 0

The Authenticode Signature Verification function in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview does not properly validate the digest of a signed portable executable (PE) file, which allows user-assisted remote attackers to execute arbitrary code via a modified file with additional content, aka "WinVerifyTrust Signature Validation Vulnerability." La función Authenticode Signature Verification en Microsoft Windows XP SP2 y SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, y R2 SP1, Windows 7 Gold y SP1, y Windows 8 Consumer Preview no valida de forma adecuada el resumen de un fichero portable y ejecutable (PE), lo que permite a atacantes remotos asistidos por usuarios ejecutar código a través de un fichero modificado con contenido adicional, también conocido como "WinVerifyTrust Signature Validation Vulnerability". The Authenticode Signature Verification function in Microsoft Windows (WinVerifyTrust) does not properly validate the digest of a signed portable executable (PE) file, which allows user-assisted remote attackers to execute code. • http://osvdb.org/81135 http://secunia.com/advisories/48581 http://www.securitytracker.com/id?1026906 http://www.us-cert.gov/cas/techalerts/TA12-101A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-024 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15594 • CWE-20: Improper Input Validation •

CVSS: 7.6EPSS: 7%CPEs: 27EXPL: 0

Microsoft Internet Explorer 6 through 9 allows user-assisted remote attackers to execute arbitrary code via a crafted HTML document that is not properly handled during a "Print table of links" print operation, aka "Print Feature Remote Code Execution Vulnerability." Microsoft Internet Explorer 6 hasta la versión 9 permite a atacantes remotos asistidos por el usuario ejecutar código arbitrario a través de un documento HTML modificado que no es apropiadamente manejado durante una operación de impresión "Print table of links". También conocida como "vulnerabilidad de ejecución de código remota de la funcionalidad Print". • http://osvdb.org/81126 http://www.securitytracker.com/id?1026901 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-023 https://exchange.xforce.ibmcloud.com/vulnerabilities/74379 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15577 • CWE-94: Improper Control of Generation of Code ('Code Injection') •