CVE-2006-6617
https://notcve.org/view.php?id=CVE-2006-6617
projectserver/logon/pdsrequest.asp in Microsoft Project Server 2003 allows remote authenticated users to obtain the MSProjectUser password for a SQL database via a GetInitializationData request, which includes the information in the UserName and Password tags of the response. projectserver/logon/pdsrequest.asp en Microsoft Project Server 2003 permite a atacantes remotos autenticados la obtención de la contraseña de MSProjectUser para una base de datos SQL a través de una petición GetInitializationData, que incluye la información en las etiquetas del nombre de usuario y de la contraseña de la respuesta. • http://lists.grok.org.uk/pipermail/full-disclosure/2006-December/051316.html http://secunia.com/advisories/23391 http://securityreason.com/securityalert/2047 http://securitytracker.com/id?1017388 http://www.securityfocus.com/archive/1/454497/100/0/threaded http://www.securityfocus.com/bid/21611 http://www.vupen.com/english/advisories/2006/5038 https://exchange.xforce.ibmcloud.com/vulnerabilities/30905 •
CVE-2004-0200 – Microsoft Windows - JPEG Processing Buffer Overrun (MS04-028)
https://notcve.org/view.php?id=CVE-2004-0200
Buffer overflow in the JPEG (JPG) parsing engine in the Microsoft Graphic Device Interface Plus (GDI+) component, GDIPlus.dll, allows remote attackers to execute arbitrary code via a JPEG image with a small JPEG COM field length that is normalized to a large integer length before a memory copy operation. Desbordamiento de búfer en el motor de proceso de JPEG (JPG) en GDIPlus.dll, usado en varios productos de Microsoft, permite a atacantes remotos ejecutar código de su elección mediante un campo de longitud JPEG COM pequeño que es normalizado a una longitud de entero grande antes de una operación de copia de memoria. • https://www.exploit-db.com/exploits/474 https://www.exploit-db.com/exploits/556 https://www.exploit-db.com/exploits/475 https://www.exploit-db.com/exploits/478 https://www.exploit-db.com/exploits/472 https://www.exploit-db.com/exploits/480 http://marc.info/?l=bugtraq&m=109524346729948&w=2 http://www.kb.cert.org/vuls/id/297462 http://www.us-cert.gov/cas/techalerts/TA04-260A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms •