CVE-2006-4685
https://notcve.org/view.php?id=CVE-2006-4685
The XMLHTTP ActiveX control in Microsoft XML Parser 2.6 and XML Core Services 3.0 through 6.0 does not properly handle HTTP server-side redirects, which allows remote user-assisted attackers to access content from other domains. El control ActiveX XMLHTTP en Microsoft XML Parser 2.6 y XML Core Services 3.0 hasta 6.0 no maneja adecuadamente redirecciones HTTP del lado del servidor, lo cual permite a atacantes remotos con la complicidad del usuario acceder a contenido desde otros dominios. • http://secunia.com/advisories/22333 http://securitytracker.com/id?1017033 http://www.kb.cert.org/vuls/id/547212 http://www.osvdb.org/29425 http://www.securityfocus.com/archive/1/449179/100/0/threaded http://www.securityfocus.com/bid/20339 http://www.vupen.com/english/advisories/2006/3980 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-061 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A221 •
CVE-2006-4686
https://notcve.org/view.php?id=CVE-2006-4686
Buffer overflow in the Extensible Stylesheet Language Transformations (XSLT) processing in Microsoft XML Parser 2.6 and XML Core Services 3.0 through 6.0 allows remote attackers to execute arbitrary code via a crafted Web page. Desbordamiento de búfer en el procesamiento de las Transformaciones de Lenguaje de Hojas de Estilo Extensibles (XSLT) en Microsoft XML Parser 2.6 y XML Core Services 3.0 hasta 6.0 permite a atacantes remotos ejecutar código de su elección mediante una página Web artesanal. • http://secunia.com/advisories/22333 http://securitytracker.com/id?1017033 http://www.kb.cert.org/vuls/id/562788 http://www.osvdb.org/29426 http://www.securityfocus.com/archive/1/449179/100/0/threaded http://www.securityfocus.com/bid/20338 http://www.vupen.com/english/advisories/2006/3980 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-061 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A285 •
CVE-2005-0356 – TCP TIMESTAMPS - Denial of Service
https://notcve.org/view.php?id=CVE-2005-0356
Multiple TCP implementations with Protection Against Wrapped Sequence Numbers (PAWS) with the timestamps option enabled allow remote attackers to cause a denial of service (connection loss) via a spoofed packet with a large timer value, which causes the host to discard later packets because they appear to be too old. • https://www.exploit-db.com/exploits/1008 ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:15.tcp.asc ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.64/SCOSA-2005.64.txt http://secunia.com/advisories/15393 http://secunia.com/advisories/15417 http://secunia.com/advisories/18222 http://secunia.com/advisories/18662 http://support.avaya.com/elmodocs2/security/ASA-2006-032.htm http://www.cisco.com/warp/public/707/cisco-sn-20050518-tcpts.shtml http:/& •
CVE-2002-1141
https://notcve.org/view.php?id=CVE-2002-1141
An input validation error in the Sun Microsystems RPC library Services for Unix 3.0 Interix SD, as implemented on Microsoft Windows NT4, 2000, and XP, allows remote attackers to cause a denial of service via malformed fragmented RPC client packets, aka "Denial of service by sending an invalid RPC request." Un error en la validación de entrada en la librería de servicos RPC de Sun Microsystems en Unix 3.0 Interix SD, como la implementada en Microsost Windows NT4, 2000 y XP, permite a atacanes remotos causar una denegación de servicio mediante fragmentos malformados de paquetes de clientes RPC, también conocida como "Denegación de servicio mediante envío de peticiones RPC inválidas". • http://www.iss.net/security_center/static/10259.php http://www.securityfocus.com/bid/5880 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-057 •
CVE-2002-1140
https://notcve.org/view.php?id=CVE-2002-1140
The Sun Microsystems RPC library Services for Unix 3.0 Interix SD, as implemented on Microsoft Windows NT4, 2000, and XP, allows remote attackers to cause a denial of service (service hang) via malformed packet fragments, aka "Improper parameter size check leading to denial of service." La librería de Servicios RPC de Sun Microsystems para Unix 3.0 Interix SD, implementada en Microsoft Windows NT4, 2000 y XP, permite a atacantes remotos causar una denegación de servicio (cuelge del servicio) mediante fragmentos de paquetes malformados, también conocida como "Comprobación equivocada de tamaño de parámetro conduciente a denegación de servidio". • http://www.iss.net/security_center/static/10258.php http://www.securityfocus.com/bid/5879 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-057 •