Page 62 of 431 results (0.016 seconds)

CVSS: 7.5EPSS: 16%CPEs: 10EXPL: 0

Heap-based buffer overflow in URLMON.DLL in Microsoft Internet Explorer 6 SP1 on Windows 2000 and XP SP1, with versions the MS06-042 patch before 20060912, allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long URL in a GZIP-encoded website that was the target of an HTTP redirect, due to an incomplete fix for CVE-2006-3869. Desbordamiento de búfer basado en montón en URLMON.DLL en Microsoft Internet Explorer 6 SP1 sobre Windows 2000 y XP SP1, con versiones del parche MS06-042 anterior a 12/09/2006, permite a un atacante remoto provocar denegación de servicio(caida) o ejecutar código de su elección a través de una URL grande en un sitio web GZIP-codificado que fue el objetivo de una redirección HTTP, debido a un arreglo incompleto del CVE-2006-3869. • http://research.eeye.com/html/advisories/published/AD20060912.html http://securityreason.com/securityalert/1555 http://securitytracker.com/id?1016839 http://weblog.infoworld.com/techwatch/archives/007870.html http://www.osvdb.org/30834 http://www.securityfocus.com/archive/1/445835/100/0/threaded http://www.securityfocus.com/bid/19987 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-042 https://exchange.xforce.ibmcloud.com/vulnerabilities/28893 •

CVSS: 4.3EPSS: 78%CPEs: 36EXPL: 1

Cross-site scripting (XSS) vulnerability in the Indexing Service in Microsoft Windows 2000, XP, and Server 2003, when the Encoding option is set to Auto Select, allows remote attackers to inject arbitrary web script or HTML via a UTF-7 encoded URL, which is injected into an error message whose charset is set to UTF-7. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el Indexing Service dentro de Microsoft Windows 2000, XP, y Server 2003, cuando la opción Encoding está asiganado a Auto Select, permite a un atacante remoto inyectar secuencias de comandos web o HTML a través de una URL codificada UTF-7, el cual es inyectado dentro de un mensaje de error cuyo conjunto de caracteres está asignado a UTF-7. • https://www.exploit-db.com/exploits/28500 http://secunia.com/advisories/21861 http://securitytracker.com/id?1016826 http://www.geocities.jp/ptrs_sec/advisory09e.html http://www.kb.cert.org/vuls/id/108884 http://www.securityfocus.com/archive/1/446630/100/100/threaded http://www.securityfocus.com/archive/1/447509/100/0/threaded http://www.securityfocus.com/archive/1/447511/100/0/threaded http://www.securityfocus.com/bid/19927 http://www.us-cert.gov/cas/techalerts&#x • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 2.6EPSS: 19%CPEs: 5EXPL: 3

Sign extension vulnerability in the createBrushIndirect function in the GDI library (gdi32.dll) in Microsoft Windows XP, Server 2003, and possibly other versions, allows user-assisted attackers to cause a denial of service (application crash) via a crafted WMF file. Vulnerabilidad de extensión de signo en la función createBrushIndirect en la librería GDI (gdi32.dll) en Microsoft Windows XP, Server 2003, y posiblemente otras versiones, permite a atacantes con asistencia del usuario causar una denegación de servicio (caída de aplicación) mediante un fichero WMF artesanal. • https://www.exploit-db.com/exploits/3111 http://determina.blogspot.com/2007/01/whats-wrong-with-wmf.html http://lists.grok.org.uk/pipermail/full-disclosure/2006-August/048530.html http://lists.grok.org.uk/pipermail/full-disclosure/2006-August/048547.html http://secunia.com/advisories/21377 http://securityreason.com/securityalert/1353 http://www.securityfocus.com/archive/1/442420/100/0/threaded http://www.securityfocus.com/archive/1/442426/100/0/threaded http://www.securityfocus •

CVSS: 10.0EPSS: 96%CPEs: 9EXPL: 5

Buffer overflow in the Server Service in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers, including anonymous users, to execute arbitrary code via a crafted RPC message, a different vulnerability than CVE-2006-1314. Desbordamiento de búfer en Server Service en Microsoft Windows 2000 SP4, XP SP1 y SP2, y Server 2003 SP1 permite a un atacante remoto, incluidos usuario anónimos, ejecutar código de su elección a través de mensajes RPC manipulados, una vulnerabilidad diferente que CVE-2006-1314. • https://www.exploit-db.com/exploits/16367 https://www.exploit-db.com/exploits/2223 https://www.exploit-db.com/exploits/2265 https://www.exploit-db.com/exploits/2162 https://www.exploit-db.com/exploits/2355 http://secunia.com/advisories/21388 http://securitytracker.com/id?1016667 http://www.cisco.com/en/US/products/ps6120/tsd_products_security_response09186a008070c75a.html http://www.dhs.gov/dhspublic/display?content=5789 http://www.kb.cert.org/vuls/id/650769 http:/&#x •

CVSS: 7.6EPSS: 10%CPEs: 5EXPL: 0

Unspecified vulnerability in Microsoft Windows 2000 SP4, XP SP1 and SP2, Server 2003 and 2003 SP1, allows remote attackers to execute arbitrary code via unspecified vectors involving unhandled exceptions, memory resident applications, and incorrectly "unloading chained exception." Vulnerabilidad no especificada en Microsoft Windows 2000 SP4, XP SP1 y SP2, Server 2003 y 2003 SP1, permite a atacantes remotos ejecutar código de su elección a través de vectores que afectan a excepciones no controladas, aplicaciones de memoria residente, y incorrectamente "excepción de descarga encadenada". • http://securitytracker.com/id?1016661 http://www.kb.cert.org/vuls/id/411516 http://www.securityfocus.com/bid/19384 http://www.us-cert.gov/cas/techalerts/TA06-220A.html http://www.vupen.com/english/advisories/2006/3216 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-051 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A841 •