CVSS: 6.2EPSS: 0%CPEs: 2EXPL: 0CVE-2010-5155
https://notcve.org/view.php?id=CVE-2010-5155
Race condition in Blink Professional 4.6.1 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute ** EN DISPUTA ** Condición de Carrera en Blink Professional v4.6.1 para Windows XP permite a usuarios locales eludir los manejadores de hooks a nivel de kernel, y ejecutar código peligroso que de otra manera sería bloqueada por el manejador y no por una detección basada en firma de malware. Esto se consigue a través de ciertos cambios en la memoria de espacio de usuario durante la ejecución del manejador de hooks. Se trata de un problema también conocido como un ataque argument-switch o un ataque KHOBE. NOTA: este problema es discutido por algunos, ya que es un defecto en un mecanismo de protección para situaciones en las que un programa hecho a mano ya ha comenzado a ejecutarse. • http://archives.neohapsis.com/archives/bugtraq/2010-05/0026.html http://archives.neohapsis.com/archives/fulldisclosure/2010-05/0066.html http://countermeasures.trendmicro.eu/you-just-cant-trust-a-drunk http://matousec.com/info/advisories/khobe-8.0-earthquake-for-windows-desktop-security-software.php http://matousec.com/info/articles/khobe-8.0-earthquake-for-windows-desktop-security-software.php http://www.f-secure.com/weblog/archives/00001949.html http://www.osvdb.org/67660 http://www.securit • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 6.9EPSS: 0%CPEs: 6EXPL: 0CVE-2011-3337
https://notcve.org/view.php?id=CVE-2011-3337
eEye Audit ID 2499 in eEye Digital Security Audits 2406 through 2423 for eEye Retina Network Security Scanner on HP-UX, IRIX, and Solaris allows local users to gain privileges via a Trojan horse gauntlet program in an arbitrary directory under /usr/local/. eEye Audit ID 2499 en eEye Digital Security Audits 2406 hasta 2423 para eEye Retina Network Security Scanner en HP-UX, IRIX, y Solaris, permite a usuarios locales ganar privilegios a través de un caballo de troya en un directorio de su elección bajo /usr/local/. • http://www.eeye.com/Resources/Security-Center/Research/Security-Advisories/AL20111108 http://www.kb.cert.org/vuls/id/448051 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.3EPSS: 13%CPEs: 2EXPL: 2CVE-2009-3859 – eEye Retina WiFi Security Scanner 1.0 - '.rws Parsing' Buffer Overflow (PoC)
https://notcve.org/view.php?id=CVE-2009-3859
Buffer overflow in eEye Retina WiFi Scanner 1.0.8.68, as used in Retina Network Security Scanner 5.10.14, allows user-assisted remote attackers to cause a denial of service (application crash) or execute arbitrary code via a .rws file with a long RWS010 entry. Desbordamiento de búfer en Retina WiFi Scanner v1.0.8.68, usado en Retina Network Security Scanner v5.10.14, permite a atacantes asistidos por el usuario provocar una denegación de servicio (caída de aplicación) o la ejecución de código de su elección a través de un archivo .rws con una entrada RWS010 larga. • https://www.exploit-db.com/exploits/9114 http://osvdb.org/55744 http://research.eeye.com/html/advisories/published/AD20090710.html http://secunia.com/advisories/35786 http://www.exploit-db.com/exploits/9114 http://www.securityfocus.com/bid/35624 http://www.securitytracker.com/id?1022534 http://www.vupen.com/english/advisories/2009/1862 https://exchange.xforce.ibmcloud.com/vulnerabilities/51625 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1CVE-2001-0523
https://notcve.org/view.php?id=CVE-2001-0523
eEye SecureIIS versions 1.0.3 and earlier allows a remote attacker to bypass filtering of requests made to SecureIIS by escaping HTML characters within the request, which could allow a remote attacker to use restricted variables and perform directory traversal attacks on vulnerable programs that would otherwise be protected. • http://archives.neohapsis.com/archives/bugtraq/2001-05/0185.html http://archives.neohapsis.com/archives/bugtraq/2001-05/0197.html https://exchange.xforce.ibmcloud.com/vulnerabilities/6563 https://exchange.xforce.ibmcloud.com/vulnerabilities/6564 •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2001-0524
https://notcve.org/view.php?id=CVE-2001-0524
eEye SecureIIS versions 1.0.3 and earlier does not perform length checking on individual HTTP headers, which allows a remote attacker to send arbitrary length strings to IIS, contrary to an advertised feature of SecureIIS versions 1.0.3 and earlier. • http://archives.neohapsis.com/archives/bugtraq/2001-05/0185.html http://archives.neohapsis.com/archives/bugtraq/2001-05/0197.html https://exchange.xforce.ibmcloud.com/vulnerabilities/6574 •