CVSS: 4.0EPSS: 96%CPEs: 4EXPL: 0CVE-2010-1264
https://notcve.org/view.php?id=CVE-2010-1264
Unspecified vulnerability in Microsoft Windows SharePoint Services 3.0 SP1 and SP2 allows remote attackers to cause a denial of service (hang) via crafted requests to the Help page that cause repeated restarts of the application pool, aka "Sharepoint Help Page Denial of Service Vulnerability." Vulnerabilidad no especificada en Microsoft Windows SharePoint Services 3.0 SP1 y SP2 permite a atacantes remotos provocar una denegación de servicio (cuelgue) mediante peticiones manipuladas a la página Help que causan reinicios repetidos de la aplicación, también conocida como "Sharepoint Help Page Denial of Service Vulnerability." • http://www.securityfocus.com/bid/40559 http://www.us-cert.gov/cas/techalerts/TA10-159B.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-039 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7241 •
CVSS: 4.3EPSS: 88%CPEs: 5EXPL: 2CVE-2010-0817 – Microsoft SharePoint Server 2007 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2010-0817
Cross-site scripting (XSS) vulnerability in _layouts/help.aspx in Microsoft SharePoint Server 2007 12.0.0.6421 and possibly earlier, and SharePoint Services 3.0 SP1 and SP2, versions, allows remote attackers to inject arbitrary web script or HTML via the cid0 parameter. Una vulnerabilidad de tipo cross-site scripting (XSS) en el archivo _layouts/help.aspx en SharePoint Server 2007 versión 12.0.0.6421 y posiblemente anterior, y SharePoint Services versión 3.0 SP1 y SP2 de Microsoft, permite a los atacantes remotos inyectar script web o HTML arbitrario por medio del parámetro cid0. • https://www.exploit-db.com/exploits/12450 http://www.htbridge.ch/advisory/xss_in_microsoft_sharepoint_server_2007.html http://www.securityfocus.com/archive/1/511021/100/0/threaded http://www.us-cert.gov/cas/techalerts/TA10-159B.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-039 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7468 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 8%CPEs: 55EXPL: 0CVE-2009-3588
https://notcve.org/view.php?id=CVE-2009-3588
Unspecified vulnerability in the arclib component in the Anti-Virus engine in CA Anti-Virus for the Enterprise (formerly eTrust Antivirus) 7.1 through r8.1; Anti-Virus 2007 (v8) through 2009; eTrust EZ Antivirus r7.1; Internet Security Suite 2007 (v3) through Plus 2009; and other CA products allows remote attackers to cause a denial of service via a crafted RAR archive file that triggers stack corruption, a different vulnerability than CVE-2009-3587. Vulnerabilidad inespecífica en el componente arclib en el motor antivirus en CA Anti-Virus para empresas (anteriormente eTrust Antivirus) desde v7.1 hasta r8.1; Anti-Virus desde 2007 (v8) hasta 2009; eTrust EZ Antivirus r7.1; Internet Security Suite desde 2007 (v3) hasta Plus 2009; y otros productos de CA permite a atacantes remotos producir una denegación de servicio a través de un archivo RAR manipulado que inicia la corrupción de la pila, una vulnerabilidad diferente que CVE-2009-3587. • http://secunia.com/advisories/36976 http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=218878 http://www.securityfocus.com/archive/1/507068/100/0/threaded http://www.securityfocus.com/bid/36653 http://www.securitytracker.com/id?1022999 http://www.vupen.com/english/advisories/2009/2852 https://exchange.xforce.ibmcloud.com/vulnerabilities/53698 •
CVSS: 10.0EPSS: 20%CPEs: 7EXPL: 0CVE-2009-1216
https://notcve.org/view.php?id=CVE-2009-1216
Multiple unspecified vulnerabilities in (1) unlzh.c and (2) unpack.c in the gzip libraries in Microsoft Windows Server 2008, Windows Services for UNIX 3.0 and 3.5, and the Subsystem for UNIX-based Applications (SUA); as used in gunzip, gzip, pack, pcat, and unpack 7.x before 7.0.1701.48, 8.x before 8.0.1969.62, and 9.x before 9.0.3790.2076; allow remote attackers to execute arbitrary code via unknown vectors. Múltiples vulnerabilidades no especificadas en (1) unlzh.c y (2) unpack.c en las librerías gzip en Microsoft Windows Server 2008, Windows Services para UNIX 3.0 y 3.5, y el subsistema para UNIX-based Applications (SUA); como lo utilizado en gunzip, gzip, pack, pcat, y unpack 7.x versiones anteriores a 7.0.1701.48, 8.x versiones anteriores a 8.0.1969.62, y 9.x versiones anteriores a 9.0.3790.2076; permite a atacantes remotos ejecutar código de su elección a través de vectores desconocidos. • http://secunia.com/advisories/34428 http://securitytracker.com/id?1021937 http://support.microsoft.com/kb/953602 http://www.securityfocus.com/bid/34258 http://www.vupen.com/english/advisories/2009/0849 https://exchange.xforce.ibmcloud.com/vulnerabilities/49435 •
CVSS: 4.3EPSS: 94%CPEs: 41EXPL: 1CVE-2008-4033 – Microsoft XML Core Services DTD - Cross-Domain Scripting (MS08-069)
https://notcve.org/view.php?id=CVE-2008-4033
Cross-domain vulnerability in Microsoft XML Core Services 3.0 through 6.0, as used in Microsoft Expression Web, Office, Internet Explorer, and other products, allows remote attackers to obtain sensitive information from another domain and corrupt the session state via HTTP request header fields, as demonstrated by the Transfer-Encoding field, aka "MSXML Header Request Vulnerability." Vulnerabilidad de dominios cruzados en Microsoft XML Core Services v3.0 hasta v6.0, como el que se utiliza en Microsoft Expression Web, Office, Internet Explorer y otros productos; permite a atacantes remotos obtener información sensible de otro dominio y corromper el estado de la sesión a través de solicitudes de campos de cabecera HTTP, como se ha demostrado con el campo Transfer-Encoding. También se conoce como "Vulnerabilidad de la solicitud de la cabecera MSXML". • https://www.exploit-db.com/exploits/7196 http://marc.info/?l=bugtraq&m=122703006921213&w=2 http://securitytracker.com/id?1021164 http://www.securityfocus.com/bid/32204 http://www.us-cert.gov/cas/techalerts/TA08-316A.html http://www.vupen.com/english/advisories/2008/3111 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-069 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5847 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •