NotCVE - vendor:"Microsoft" product:"Windows 2000"

Page 58 of 637 results (0.010 seconds)

CVSS: 4.6EPSS: 0%CPEs: 15EXPL: 2

CVE-2007-0843 – Microsoft Windows XP/2003 - ReadDirectoryChangesW Information Disclosure

https://notcve.org/view.php?id=CVE-2007-0843

The ReadDirectoryChangesW API function on Microsoft Windows 2000, XP, Server 2003, and Vista does not check permissions for child objects, which allows local users to bypass permissions by opening a directory with LIST (READ) access and using ReadDirectoryChangesW to monitor changes of files that do not have LIST permissions, which can be leveraged to determine filenames, access times, and other sensitive information. La función de la API ReadDirectoryChangesW en Microsoft Windows 2000, XP, Server 2003 y Vista no comprueba los permisos para los objetos secundarios, lo que permite a los usuarios locales omitir los permisos mediante la apertura de un directorio con acceso LIST (READ) y utilizando ReadDirectoryChangesW para monitorizar los cambios de los archivos, que no tiene permisos de LISTA, lo que puede explotarse para determinar los nombres de archivos, tiempos de acceso y otra información confidencial. • https://www.exploit-db.com/exploits/29630 http://lists.grok.org.uk/pipermail/full-disclosure/2007-February/052613.html http://osvdb.org/33474 http://packetstormsecurity.com/files/163755/Microsoft-Windows-Malicious-Software-Removal-Tool-Privilege-Escalation.html http://secunia.com/advisories/24245 http://securityreason.com/securityalert/2282 http://securityvulns.com/advisories/readdirectorychanges.asp http://www.securityfocus.com/archive/1/460887/100/0/threaded http://www.securityfocus.com/archive/1/46089 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 7.5EPSS: 4%CPEs: 18EXPL: 2

CVE-2007-1043 – Ezboo Webstats 3.03 - Administrative Authentication Bypass

https://notcve.org/view.php?id=CVE-2007-1043

Ezboo webstats, possibly 3.0.3, allows remote attackers to bypass authentication and gain access via a direct request to (1) update.php and (2) config.php. Ezboo webstats, posiblemente la 3.0.3, permite a atacantes remotos evitar la autenticación y obtener una vía de acceso mediante una petición directa al (1) update.php y (2) config.php. • https://www.exploit-db.com/exploits/29610 http://forums.avenir-geopolitique.net/viewtopic.php?t=2674 http://osvdb.org/34181 http://securityreason.com/securityalert/2275 http://www.securityfocus.com/archive/1/460325/100/0/threaded http://www.securityfocus.com/bid/22590 https://exchange.xforce.ibmcloud.com/vulnerabilities/32563 •

CVSS: 10.0EPSS: 95%CPEs: 10EXPL: 2

CVE-2007-1070 – Trend Micro ServerProtect - 'eng50.dll' Remote Stack Overflow

https://notcve.org/view.php?id=CVE-2007-1070

Multiple stack-based buffer overflows in Trend Micro ServerProtect for Windows and EMC 5.58, and for Network Appliance Filer 5.61 and 5.62, allow remote attackers to execute arbitrary code via crafted RPC requests to TmRpcSrv.dll that trigger overflows when calling the (1) CMON_NetTestConnection, (2) CMON_ActiveUpdate, and (3) CMON_ActiveRollback functions in (a) StCommon.dll, and (4) ENG_SetRealTimeScanConfigInfo and (5) ENG_SendEMail functions in (b) eng50.dll. Múltiples desbordamientos de búfer basado en pila en Trend Micro ServerProtect para Windows y EMC 5.58, y para Network Appliance Filer 5.61 y 5.62, permite a atacantes remotos ejecutar código de su elección a través respuestas RPC manipuladas en TmRpcSrv.dll que disparan un desbordamiento de búfer cuando se llama a las funciones (1) CMON_NetTestConnection, (2) CMON_ActiveUpdate, y (3) CMON_ActiveRollbackn en (a) StCommon.dll, y (4) ENG_SetRealTimeScanConfigInfo y (5) las funciones ENG_SendEMail en (b) eng50.dll. • https://www.exploit-db.com/exploits/4367 https://www.exploit-db.com/exploits/16827 http://esupport.trendmicro.com/support/viewxml.do?ContentID=EN-1034290 http://osvdb.org/33042 http://secunia.com/advisories/24243 http://www.kb.cert.org/vuls/id/349393 http://www.kb.cert.org/vuls/id/466609 http://www.kb.cert.org/vuls/id/630025 http://www.kb.cert.org/vuls/id/730433 http://www.securityfocus.com/archive/1/460686/100/0/threaded http://www.securityfocus. •

CVSS: 10.0EPSS: 89%CPEs: 18EXPL: 0

CVE-2007-0219

https://notcve.org/view.php?id=CVE-2007-0219

Microsoft Internet Explorer 5.01, 6, and 7 uses certain COM objects from (1) Msb1fren.dll, (2) Htmlmm.ocx, and (3) Blnmgrps.dll as ActiveX controls, which allows remote attackers to execute arbitrary code via unspecified vectors, a different issue than CVE-2006-4697. Microsoft Internet Explorer 5.01, 6, y 7 utiliza ciertos objetos COM de (1) Msb1fren.dll, (2) Htmlmm.ocx, y (3) Blnmgrps.dll como controles ActiveX, lo cual permite a atacantes remotos ejecutar código de su elección mediante vectores no especificados, un vector diferente que CVE-2006-4697. • http://secunia.com/advisories/24156 http://www.kb.cert.org/vuls/id/771788 http://www.osvdb.org/31893 http://www.osvdb.org/31894 http://www.osvdb.org/31895 http://www.securityfocus.com/bid/22504 http://www.securitytracker.com/id?1017643 http://www.us-cert.gov/cas/techalerts/TA07-044A.html http://www.vupen.com/english/advisories/2007/0584 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-016 https://exchange.xforce.ibmcloud.com/vulnerab •

CVSS: 9.3EPSS: 72%CPEs: 18EXPL: 0

CVE-2006-4697

https://notcve.org/view.php?id=CVE-2006-4697

Microsoft Internet Explorer 5.01, 6, and 7 uses certain COM objects from Imjpcksid.dll as ActiveX controls, which allows remote attackers to execute arbitrary code via unspecified vectors. NOTE: this issue might be related to CVE-2006-4193. Microsoft Internet Explorer 5.01, 6, y 7 utiliza ciertos objetos COM de Imjpcksid.dll como controles ActiveX, lo cual permite a atacantes remotos ejecutar código de su elección mediante vectores no especificados. NOTA: este asunto podría estar relacionado con CVE-2006-4193. • http://secunia.com/advisories/24156 http://www.kb.cert.org/vuls/id/753924 http://www.osvdb.org/31891 http://www.securityfocus.com/bid/22486 http://www.us-cert.gov/cas/techalerts/TA07-044A.html http://www.vupen.com/english/advisories/2007/0584 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-016 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1120 •

1...56 57 58 59 60