CVSS: 7.6EPSS: 95%CPEs: 7EXPL: 1CVE-2006-6133 – Business Objects Crystal Reports XI Professional - File Handling Buffer Overflow
https://notcve.org/view.php?id=CVE-2006-6133
Stack-based buffer overflow in Visual Studio Crystal Reports for Microsoft Visual Studio .NET 2002 and 2002 SP1, .NET 2003 and 2003 SP1, and 2005 and 2005 SP1 (formerly Business Objects Crystal Reports XI Professional) allows user-assisted remote attackers to execute arbitrary code via a crafted RPT file. Desbordamiento de búfer basado en pila en Visual Studio Crystal Reports para Microsoft Visual Studio .NET 2002 y 2002 SP1; .NET 2003 y 2003 SP1; y 2005 y 2005 SP1 (anteriormente Business Objects Crystal Reports XI Professional) permite a atacantes remotos con la ayuda del usuario, ejecutar código de su elección mediante un fichero RPT manipulado. • https://www.exploit-db.com/exploits/29171 http://secunia.com/advisories/23091 http://secunia.com/advisories/26754 http://securitytracker.com/id?1017279 http://www.lssec.com/advisories/LS-20061102.pdf http://www.securityfocus.com/archive/1/452464/100/0/threaded http://www.securityfocus.com/bid/21261 http://www.us-cert.gov/cas/techalerts/TA07-254A.html http://www.vupen.com/english/advisories/2006/4691 http://www.vupen.com/english/advisories/2007/3114 https://docs. • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.8EPSS: 96%CPEs: 1EXPL: 2CVE-2006-4704 – Microsoft Visual Studio WmiScriptUtils.dll Cross-Zone Scripting Vulnerability
https://notcve.org/view.php?id=CVE-2006-4704
Cross-zone scripting vulnerability in the WMI Object Broker (WMIScriptUtils.WMIObjectBroker2) ActiveX control (WmiScriptUtils.dll) in Microsoft Visual Studio 2005 allows remote attackers to bypass Internet zone restrictions and execute arbitrary code by instantiating dangerous objects, aka "WMI Object Broker Vulnerability." Vulnerabilidad de secuencias de comandos en zonas cruzadas en el Control ActiveX (WmiScriptUtils.dll) del WMI Object Broker (WMIScriptUtils.WMIObjectBroker2) en el Microsoft Visual Studio 2005 permite atacantes remotos evitar las restricciones de la zona de Internet y ejecutar código de su elección instanciando objetos peligrosos, también conocido como "Vulnerabilidad WMI Object Broker". This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. Successful exploitation requires that the target user browse to a malicious web page. The specific flaw exists in the Microsoft WMIScriptUtils.WMIObjectBroker2 ActiveX control which is bundled with Visual Studio 2005. An attacker can utilize this control to bypass Internet zone security restrictions and instantiate other dangerous objects that can be leveraged to result in arbitrary code execution. • https://www.exploit-db.com/exploits/16561 http://blogs.technet.com/msrc/archive/2006/11/01/microsoft-security-advisory-927709-posted.aspx http://research.eeye.com/html/alerts/zeroday/20061031.html http://secunia.com/advisories/22603 http://securitytracker.com/id?1017142 http://www.kb.cert.org/vuls/id/854856 http://www.microsoft.com/technet/security/advisory/927709.mspx http://www.securityfocus.com/archive/1/454201/100/0/threaded http://www.securityfocus.com/archive/1/454969/ •
CVSS: 4.3EPSS: 85%CPEs: 1EXPL: 0CVE-2006-3436
https://notcve.org/view.php?id=CVE-2006-3436
Cross-site scripting (XSS) vulnerability in Microsoft .NET Framework 2.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving "ASP.NET controls that set the AutoPostBack property to true". Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Microsoft .NET Framework 2.0 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección mediante vectores no especificados implicando "controles ASP.NET que establecen la propiedad AutoPostBack a true". • http://secunia.com/advisories/22307 http://securitytracker.com/id?1017029 http://www.kb.cert.org/vuls/id/455604 http://www.securityfocus.com/archive/1/449179/100/0/threaded http://www.securityfocus.com/bid/20337 http://www.vupen.com/english/advisories/2006/3976 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-056 https://exchange.xforce.ibmcloud.com/vulnerabilities/28658 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3 •
CVSS: 5.0EPSS: 79%CPEs: 1EXPL: 0CVE-2006-1300
https://notcve.org/view.php?id=CVE-2006-1300
Microsoft .NET framework 2.0 (ASP.NET) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 up to SP1 allows remote attackers to bypass access restrictions via unspecified "URL paths" that can access Application Folder objects "explicitly by name." Microsoft .NET framework 2.0 (ASP.NET) en Microsoft Windows 2000 SP4, XP SP1 y SP2, y Server 2003 hasta SP1, permite a atacantes remotos evitar las restricciones de acceso a través de "URL paths" no especificadas que pueden acceder a objetos Application Folder "explícitamente por nombre". • http://secunia.com/advisories/20999 http://securitytracker.com/id?1016465 http://www.osvdb.org/27153 http://www.securityfocus.com/bid/18920 http://www.vupen.com/english/advisories/2006/2751 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-033 https://exchange.xforce.ibmcloud.com/vulnerabilities/26802 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A419 •
CVSS: 4.0EPSS: 0%CPEs: 5EXPL: 6CVE-2006-1510 – Microsoft .NET Framework SDK 1.0/1.1 - MSIL Tools Buffer Overflow
https://notcve.org/view.php?id=CVE-2006-1510
Buffer overflow in calloc.c in the Microsoft Windows XP SP2 ntdll.dll system library, when used by the ILDASM disassembler in the Microsoft .NET 1.0 and 1.1 SDK, might allow user-assisted attackers to execute arbitrary code via a crafted .dll file with a large static method. • https://www.exploit-db.com/exploits/27476 http://lists.grok.org.uk/pipermail/full-disclosure/2006-March/044482.html http://owasp.net/forums/234/showpost.aspx http://owasp.net/forums/257/showpost.aspx http://secunia.com/advisories/19406 http://www.securityfocus.com/bid/17243 http://www.vupen.com/english/advisories/2006/1113 https://exchange.xforce.ibmcloud.com/vulnerabilities/25439 •