CVSS: 10.0EPSS: 62%CPEs: 4EXPL: 0CVE-2013-0137
https://notcve.org/view.php?id=CVE-2013-0137
29 Jun 2013 — The default configuration of the Digital Alert Systems DASDEC EAS device before 2.0-2 and the Monroe Electronics R189 One-Net EAS device before 2.0-2 contains a known SSH private key, which makes it easier for remote attackers to obtain root access, and spoof alerts, via an SSH session. La configuración por defecto del dispositivo Digital Alert Systems DASDEC EAS hasta v2.0-2 y el dispositivo Monroe Electronics R189 One-Net hasta v2.0-2 contiene un clave SSH privada conocida, lo que hace que sea más fácil p... • http://www.digitalalertsystems.com/pdf/130604-Monroe-Security-PR.pdf • CWE-310: Cryptographic Issues •
CVSS: 10.0EPSS: 1%CPEs: 4EXPL: 0CVE-2013-4735
https://notcve.org/view.php?id=CVE-2013-4735
29 Jun 2013 — The Digital Alert Systems DASDEC EAS device before 2.0-2 and the Monroe Electronics R189 One-Net EAS device before 2.0-2 have a default password for an administrative account, which makes it easier for remote attackers to obtain access via an IP network. El dispositivo Digital Alert Systems DASDEC EAS anterior a v2.0-2 y el dispositivo Monroe Electronics R189 One-Net EAS anterior a v2.0-2 tener una contraseña por defecto para una cuenta administrativa, lo que hace que sea más fácil para un atacante remoto p... • http://www.digitalalertsystems.com/pdf/130604-Monroe-Security-PR.pdf • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 10.0EPSS: 1%CPEs: 6EXPL: 0CVE-2013-4732
https://notcve.org/view.php?id=CVE-2013-4732
29 Jun 2013 — The administrative web server on the Digital Alert Systems DASDEC EAS device through 2.0-2 and the Monroe Electronics R189 One-Net EAS device through 2.0-2 uses predictable session ID values, which makes it easier for remote attackers to hijack sessions by sniffing the network. NOTE: VU#662676 states "Monroe Electronics could not reproduce this finding. ** EN DISPUTA ** El servidor Web de administración del dispositivo Digital Alert Systems DASDEC EAS hasta v2.0-2 y el dispositivo Monroe Electronics R189 On... • http://www.digitalalertsystems.com/pdf/130604-Monroe-Security-PR.pdf • CWE-255: Credentials Management Errors •
CVSS: 6.1EPSS: 0%CPEs: 24EXPL: 0CVE-2010-4405
https://notcve.org/view.php?id=CVE-2010-4405
04 Dec 2010 — Cross-site scripting (XSS) vulnerability in the Yannick Gaultier sh404SEF component before 2.1.8.777 for Joomla! allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en el componente Yannick Gaultier sh404SEF en versiones anteriores a la 2.1.8.777 de Joomla!. Permite a usuarios remotos inyectar codigo de script web o código HTML de su elección a través de vectores sin especificar. • http://dev.anything-digital.com/Forum/Announcements/9100-Urgent-sh404SEF-security-release-Joomla-1.5 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 24EXPL: 0CVE-2010-4404
https://notcve.org/view.php?id=CVE-2010-4404
04 Dec 2010 — SQL injection vulnerability in the Yannick Gaultier sh404SEF component before 2.1.8.777 for Joomla! allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Vulnerabilidad de inyección SQL en el componente de Joomla! Yannick Gaultier sh404SEF en versiones anteriores 2.1.8.777. Permite a usuarios remotos inyectar codigo de script web o código HTML de su elección a través de vectores sin especificar. • http://dev.anything-digital.com/Forum/Announcements/9100-Urgent-sh404SEF-security-release-Joomla-1.5 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 3CVE-2009-4431 – Joomla! Component com_jcalpro 1.5.3.6 - Remote File Inclusion
https://notcve.org/view.php?id=CVE-2009-4431
28 Dec 2009 — PHP remote file inclusion vulnerability in cal_popup.php in the Anything Digital Development JCal Pro (aka com_jcalpro or JCP) component 1.5.3.6 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. Vulnerabilidad de inclusión remota de archivo en PHP en cal_popup.php en el componente Anything Digital Development JCal Pro (también conocido como com_jcalpro o JCP) v1.5.3.6 para Joomla! permite a atacantes remotos ejecutar código PHP de su elecci... • https://www.exploit-db.com/exploits/10587 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.5EPSS: 2%CPEs: 8EXPL: 3CVE-2008-7011 – Unreal Engine - 'UnChan.cpp' Failed Assertion Remote Denial of Service
https://notcve.org/view.php?id=CVE-2008-7011
19 Aug 2009 — The Unreal engine, as used in Unreal Tournament 3 1.3, Unreal Tournament 2003 and 2004, Dead Man's Hand, Pariah, WarPath, Postal2, and Shadow Ops, allows remote authenticated users to cause a denial of service (server exit) via multiple file downloads from the server, which triggers an assertion failure when the Closing flag in UnChan.cpp is set. El motor de Unreal, el utilizado en Unreal Tournament v3 1.3, Unreal Tournament 2003 y 2004, Dead Man's Hand, Pariah, WarPath, Postal2, y Shadow Ops, permite a usu... • https://www.exploit-db.com/exploits/32386 • CWE-399: Resource Management Errors •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 4CVE-2008-1985 – Digital Hive - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2008-1985
27 Apr 2008 — Cross-site scripting (XSS) vulnerability in base.php in DigitalHive 2.0 RC2 allows remote attackers to inject arbitrary web script or HTML via the mt parameter, possibly related to membres.php. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en base.php en DigitalHive 2.0 RC2 permite a atacantes remotos inyectar 'script' web arbitrario o HTML mediante el parámetro mt, posiblemente relacionada con "membres.php". • https://www.exploit-db.com/exploits/10427 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 7%CPEs: 1EXPL: 2CVE-2008-0380 – Digital Data Communications - 'RtspVaPgCtrl' Class Remote Buffer Overflow
https://notcve.org/view.php?id=CVE-2008-0380
22 Jan 2008 — Buffer overflow in the Digital Data Communications RtspVaPgCtrl ActiveX control (RtspVapgDecoder.dll 1.1.0.29) allows remote attackers to execute arbitrary code via a long MP4Prefix property. Desbordamiento de búfer en el controlador ActiveX Digital Data Communications RtspVaPgCtrl (RtspVapgDecoder.dll 1.1.0.29) permite a atacantes remotos ejecutar código de su elección a través de una propiedad MP4Prefix . • https://www.exploit-db.com/exploits/4932 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 6%CPEs: 1EXPL: 4CVE-2007-3071 – Tango DropBox 3.1.5 + PRO - Activex HeapSpray
https://notcve.org/view.php?id=CVE-2007-3071
06 Jun 2007 — Buffer overflow in the GetWebStoreURL function in a certain ActiveX control in eSellerateControl365.dll 3.6.5.0 in eSellerate SDK allows user-assisted remote attackers to execute arbitrary code via a long first argument. Desbordamiento de búfer en la función GetWebStoreURL en un control ActiveX determinado en eSellerateControl365.dll 3.6.5.0 de eSellerate SDK permite a atacantes remotos con la complicidad del usuario ejecutar código de su elección mediante un primer argumento largo. • https://www.exploit-db.com/exploits/37319 •