CVE-2015-6021
https://notcve.org/view.php?id=CVE-2015-6021
Spiceworks Desktop before 2015-12-01 has XSS via an SNMP response. Spiceworks Desktop en versiones anteriores a 01-12-2015 tiene un XSS a través de una respuesta SNMP. • https://community.rapid7.com/community/infosec/blog/2015/12/16/multiple-disclosures-for-multiple-network-management-systems • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2014-2544
https://notcve.org/view.php?id=CVE-2014-2544
Unspecified vulnerability in Spotfire Web Player Engine, Spotfire Desktop, and Spotfire Server Authentication Module in TIBCO Spotfire Server 3.3.x before 3.3.4, 4.5.x before 4.5.1, 5.0.x before 5.0.2, 5.5.x before 5.5.1, and 6.x before 6.0.2; Spotfire Professional 4.0.x before 4.0.4, 4.5.x before 4.5.2, 5.0.x before 5.0.2, 5.5.x before 5.5.1, and 6.x before 6.0.1; Spotfire Web Player 4.0.x before 4.0.4, 4.5.x before 4.5.2, 5.0.x before 5.0.2, 5.5.x before 5.5.1, and 6.x before 6.0.1; Spotfire Automation Services 4.0.x before 4.0.4, 4.5.x before 4.5.2, 5.0.x before 5.0.2, 5.5.x before 5.5.1, and 6.x before 6.0.1; Spotfire Deployment Kit 4.0.x before 4.0.4, 4.5.x before 4.5.2, 5.0.x before 5.0.2, 5.5.x before 5.5.1, and 6.x before 6.0.1; Spotfire Desktop 6.x before 6.0.1; and Spotfire Analyst 6.x before 6.0.1 allows remote attackers to execute arbitrary code via unknown vectors. Vulnerabilidad no especificada en Spotfire Web Player Engine, Spotfire Desktop y el módulo de autenticación de servidor de Spotfire en TIBCO Spotfire Server 3.3.x anterior a 3.3.4, 4.5.x anterior a 4.5.1, 5.0.x anterior a 5.0.2, 5.5.x anterior a 5.5.1 y 6.x anterior a 6.0.2; Spotfire Professional 4.0.x anterior a 4.0.4, 4.5.x anterior a 4.5.2, 5.0.x anterior a 5.0.2, 5.5.x anterior a 5.5.1 y 6.x anterior a 6.0.1; Spotfire Web Player 4.0.x anterior a 4.0.4, 4.5.x anterior a 4.5.2, 5.0.x anterior a 5.0.2, 5.5.x anterior a 5.5.1 y 6.x anterior a 6.0.1; Spotfire Automation Services 4.0.x anterior a 4.0.4, 4.5.x anterior a 4.5.2, 5.0.x anterior a 5.0.2, 5.5.x anterior a 5.5.1 y 6.x anterior a 6.0.1; Spotfire Deployment Kit 4.0.x anterior a 4.0.4, 4.5.x anterior a 4.5.2, 5.0.x anterior a 5.0.2, 5.5.x anterior a 5.5.1 y 6.x anterior a 6.0.1; Spotfire Desktop 6.x anterior a 6.0.1 y Spotfire Analyst 6.x anterior a 6.0.1 permite a atacantes remotos ejecutar código arbitrario a través de vectores desconocidos. • http://www.tibco.com/mk/advisory.jsp http://www.tibco.com/multimedia/spotfire_advisory_20140409_tcm8-20764.txt •
CVE-2009-0681
https://notcve.org/view.php?id=CVE-2009-0681
PGP Desktop before 9.10 allows local users to (1) cause a denial of service (crash) via a crafted IOCTL request to pgpdisk.sys, and (2) cause a denial of service (crash) and execute arbitrary code via a crafted IRP in an IOCTL request to pgpwded.sys. PGP Desktop anterior a v9.10 permite a usuarios locales (1) provocar una denegación de servicio (caída) a través de peticiones IOCTL manipuladas en pgpdisk.sys, y (2) provocar una denegación de servicio (caída) y ejecutar código de su elección a través de una petición IOCTL con IRP manipulado en pgpwded.sys. • http://en.securitylab.ru/lab/PT-2009-01 http://www.securityfocus.com/archive/1/502633/100/0/threaded http://www.securitytracker.com/id?1022034 https://pgp.custhelp.com/cgi-bin/pgp.cfg/php/enduser/std_adp.php?p_faqid=1014&p_topview=1 • CWE-20: Improper Input Validation •
CVE-2008-2808 – Firefox file location escaping flaw
https://notcve.org/view.php?id=CVE-2008-2808
Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do not properly escape HTML in file:// URLs in directory listings, which allows remote attackers to conduct cross-site scripting (XSS) attacks or have unspecified other impact via a crafted filename. Mozilla Firefox anterior a 2.0.0.15 y SeaMonkey anterior a 1.1.10 no escapan correctamente el HTML en listados de directorios file:// URLs, lo que permite a atacantes remotos llevar a cabo ataques de secuencias de comandos en sitios cruzados (XSS) o tener otros impactos no especificados mediante un nombre de archivo modificado. • http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00004.html http://rhn.redhat.com/errata/RHSA-2008-0616.html http://secunia.com/advisories/30878 http://secunia.com/advisories/30898 http://secunia.com/advisories/30903 http://secunia.com/advisories/30911 http://secunia.com/advisories/30949 http://secunia.com/advisories/31005 http://secunia.com/advisories/31008 http://secunia.com/advisories/31021 http://secunia.com/advisories/31023 http://secunia.com/advisories/3 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2008-1767 – libxslt XSL 1.1.23 - File Processing Buffer Overflow
https://notcve.org/view.php?id=CVE-2008-1767
Buffer overflow in pattern.c in libxslt before 1.1.24 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via an XSL style sheet file with a long XSLT "transformation match" condition that triggers a large number of steps. Vulnerabilidad de desbordamiento de búfer en pattern.c en libxslt anteriores a 1.1.24, permiten a atacantes, dependiendo del contexto, provocar una denegación de servicio (caída) y posiblemente ejecutar código arbitrario a través de un fichero de hoja de estilo XSL con una condición "transformation match" XSLT larga que dispara un número grande de pasos. • https://www.exploit-db.com/exploits/31815 http://bugzilla.gnome.org/show_bug.cgi?id=527297 http://lists.apple.com/archives/security-announce//2008/Nov/msg00001.html http://lists.apple.com/archives/security-announce/2008//Jul/msg00001.html http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html http://secunia.com/advisories/30315 http://secunia.com/advisories/30323 http://secunia.com/advisories/30393 http://secunia.com/advisories/30521 http://secunia.com/ • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •