Page 70 of 366 results (0.058 seconds)

CVSS: 9.3EPSS: 92%CPEs: 14EXPL: 0

CVE-2007-0947

https://notcve.org/view.php?id=CVE-2007-0947

Use-after-free vulnerability in Microsoft Internet Explorer 7 on Windows XP SP2, Windows Server 2003 SP1 or SP2, or Windows Vista allows remote attackers to execute arbitrary code via crafted HTML objects, resulting in accessing deallocated memory of CMarkup objects, aka the second of two "HTML Objects Memory Corruption Vulnerabilities" and a different issue than CVE-2007-0946. Una vulnerabilidad de uso de memoria previamente liberada en Microsoft Internet Explorer 7 en Windows XP SP2, Windows Server 2003 SP1 o SP2, o Windows Vista permite a los atacantes remotos ejecutar código arbitrario por medio de objetos HTML creados, resultando en el acceso a la memoria desasignada de objetos CMarkup, también conocida como el segunda de dos "HTML Objects Memory Corruption Vulnerabilities" y un problema diferente de CVE-2007-0946. • http://secunia.com/advisories/23769 http://secunia.com/secunia_research/2007-36/advisory http://www.osvdb.org/34403 http://www.securityfocus.com/archive/1/468871/100/200/threaded http://www.securityfocus.com/bid/23772 http://www.securitytracker.com/id?1018019 http://www.us-cert.gov/cas/techalerts/TA07-128A.html http://www.vupen.com/english/advisories/2007/1712 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-027 https://exchange.xforce.ibmcloud. • CWE-399: Resource Management Errors •

CVSS: 9.3EPSS: 86%CPEs: 25EXPL: 0

CVE-2007-0942

https://notcve.org/view.php?id=CVE-2007-0942

Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4; 6 SP1 on Windows 2000 SP4; 6 and 7 on Windows XP SP2, or Windows Server 2003 SP1 or SP2; and possibly 7 on Windows Vista does not properly "instantiate certain COM objects as ActiveX controls," which allows remote attackers to execute arbitrary code via a crafted COM object from chtskdic.dll. Microsoft Internet Explorer versión 5.01 SP4 en Windows 2000 SP4; versión 6 SP1 en Windows 2000 SP4; versiones 6 y 7 en Windows XP SP2, o Windows Server 2003 SP1 o SP2; y posiblemente versión 7 en Windows Vista "instantiate certain COM objects as ActiveX controls" inapropiadamente, que permite a los atacantes remotos ejecutar código arbitrario por medio de un objeto COM creado de la biblioteca chtskdic.dll. • http://secunia.com/advisories/23769 http://www.osvdb.org/34399 http://www.securityfocus.com/archive/1/468871/100/200/threaded http://www.securitytracker.com/id?1018019 http://www.us-cert.gov/cas/techalerts/TA07-128A.html http://www.vupen.com/english/advisories/2007/1712 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-027 https://exchange.xforce.ibmcloud.com/vulnerabilities/33252 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval •

CVSS: 9.3EPSS: 93%CPEs: 13EXPL: 1

CVE-2007-2221 – Microsoft Internet Explorer 7 - Arbitrary File Rewrite (MS07-027)

https://notcve.org/view.php?id=CVE-2007-2221

Unspecified vulnerability in the mdsauth.dll COM object in Microsoft Windows Media Server in the Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4; 6 SP1 on Windows 2000 SP4; 6 and 7 on Windows XP SP2, or Windows Server 2003 SP1 or SP2; or 7 on Windows Vista allows remote attackers to overwrite arbitrary files via unspecified vectors, aka the "Arbitrary File Rewrite Vulnerability." Vulnerabilidad no especificada en el objeto COM mdsauth.dll de Microsoft Windows Media Server en Microsoft Internet Explorer 5.01 SP4 de Windows 2000 SP4; 6 SP1 de Windows 2000 SP4; 6 y 7 de Windows XP SP2, ó Windows Server 2003 SP1 ó SP2; ó 7 en Windows Vista permite a atacantes remotos sobre-escribir ficheros de su elección mediante vectores no especificado, también conocido como "Vulnerabilidad de Sobre-Escritura de Ficheros De Su Elección". • https://www.exploit-db.com/exploits/3892 http://secunia.com/advisories/23769 http://www.fortiguardcenter.com/advisory/FGA-2007-07.html http://www.kb.cert.org/vuls/id/500753 http://www.osvdb.org/34404 http://www.securityfocus.com/archive/1/468871/100/200/threaded http://www.securityfocus.com/bid/23827 http://www.securitytracker.com/id?1018019 http://www.us-cert.gov/cas/techalerts/TA07-128A.html http://www.vupen.com/english/advisories/2007/1712 https://docs. •

CVSS: 9.3EPSS: 92%CPEs: 8EXPL: 0

CVE-2007-0946

https://notcve.org/view.php?id=CVE-2007-0946

Unspecified vulnerability in Microsoft Internet Explorer 7 on Windows XP SP2, Windows Server 2003 SP1 or SP2, or Windows Vista allows remote attackers to execute arbitrary code via crafted HTML objects, which results in memory corruption, aka the first of two "HTML Objects Memory Corruption Vulnerabilities" and a different issue than CVE-2007-0947. Vulnerabilidad no especificada en Microsoft Internet Explorer 7 de Windows XP SP2, Windows Server 2003 SP1 ó SP2, ó Windows Vista permite a atacantes remotos ejecutar código de su elección mediante objetos HMTL manipulados, lo que conduce a corrupción de memoria, también conocido como el primero de dos "Vulnerabilidades de Corrupción de Memoria de Objetos HTML", vulnerabilidad distinta a CVE-2007-0947. • http://secunia.com/advisories/23769 http://www.osvdb.org/34402 http://www.securityfocus.com/archive/1/468871/100/200/threaded http://www.securityfocus.com/bid/23770 http://www.securitytracker.com/id?1018019 http://www.us-cert.gov/cas/techalerts/TA07-128A.html http://www.vupen.com/english/advisories/2007/1712 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-027 https://exchange.xforce.ibmcloud.com/vulnerabilities/33255 https://oval.cisecurity.org/re •

CVSS: 4.3EPSS: 8%CPEs: 3EXPL: 0

CVE-2007-2292

https://notcve.org/view.php?id=CVE-2007-2292

CRLF injection vulnerability in the Digest Authentication support for Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 allows remote attackers to conduct HTTP request splitting attacks via LF (%0a) bytes in the username attribute. Una vulnerabilidad de inyección CRLF en el soporte Digest Authentication para Mozilla Firefox anterior a la versión 2.0.0.8 y SeaMonkey anterior a la versión 1.1.5 permite a los atacantes remotos realizar ataques de división de peticiones HTTP por medio de LF (% 0a) bytes en el atributo de nombre de usuario. • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742 http://secunia.com/advisories/27276 http://secunia.com/advisories/27298 http://secunia.com/advisories/27311 http://secunia.com/advisories/27315 http://secunia.com/advisories/27325 http://secunia.com/advisories/27327 http://secunia.com/advisories/27335 http://secunia.com/advisories/27336 http://secunia.com/advisories/27356 http://secunia.com/advisories/27360 http://secunia.com/advisories/27383 http:/ • CWE-20: Improper Input Validation •