CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2022-38922
https://notcve.org/view.php?id=CVE-2022-38922
03 Apr 2023 — BluePage CMS thru 3.9 processes an insufficiently sanitized HTTP Header Cookie value allowing MySQL Injection in the 'users-cookie-settings' token using a Time-based blind SLEEP payload. • https://github.com/dtssec/CVE-Disclosures/blob/main/CVE-2022-38922_CVE-2022-38923_Bluepage_CMS_SQLi/CVE-2022-38922-BluePage_CMS_3.9.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2022-38923
https://notcve.org/view.php?id=CVE-2022-38923
03 Apr 2023 — BluePage CMS thru v3.9 processes an insufficiently sanitized HTTP Header allowing MySQL Injection in the 'User-Agent' field using a Time-based blind SLEEP payload. • https://github.com/dtssec/CVE-Disclosures/blob/main/CVE-2022-38922_CVE-2022-38923_Bluepage_CMS_SQLi/CVE-2022-38922-BluePage_CMS_3.9.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2014-7725
https://notcve.org/view.php?id=CVE-2014-7725
21 Oct 2014 — The Rally Albania Live 2014 (aka com.wRallyAlbaniaLIVE2014) application 0.11 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. La aplicación para Android Rally Albania Live 2014 (también conocido como com.wRallyAlbaniaLIVE2014) 0.11 no verifica los certificados X.509 de los servidores SSL, lo que permite a atacantes man-in-the-middle suplantar servidores y obtener información ... • http://www.kb.cert.org/vuls/id/399017 • CWE-310: Cryptographic Issues •
CVSS: 9.1EPSS: 1%CPEs: 28EXPL: 0CVE-2007-2690
https://notcve.org/view.php?id=CVE-2007-2690
16 May 2007 — Multiple IBM ISS Proventia Series products, including the A, G, and M series, do not properly handle certain full-width and half-width Unicode character encodings, which might allow remote attackers to evade detection of HTTP traffic. Múltiples productos de la serie IBM ISS Proventia, incluyendo las series A, G, y M, no manejan adecuadamente determinadas codificaciones de caracteres Unicode de ancho completo y medio, lo cual podría permitir a atacantes remotos evadir la detección de tráfico HTTP. • http://www.gamasec.net/english/gs07-01.html •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 1CVE-2006-7129 – Internet Security Systems 3.6 - 'ZWDeleteFile()' Arbitrary File Deletion
https://notcve.org/view.php?id=CVE-2006-7129
06 Mar 2007 — ISS BlackICE PC Protection 3.6 cpj and cpu, and possibly earlier versions, allows local users to bypass the protection scheme by using the ZwDeleteFile API function to delete the critical filelock.txt file, which stores information about protected files. ISS BlackICEPC Protection 3.6 cpj y cpu, y posiblemente versiones anteriores, permite a usuarios locales evitar el esquema de protección utilizando la función ZwDeleteFile del API para borrar el archivo crítico filelock.txt, el cual almacena información sob... • https://www.exploit-db.com/exploits/28817 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 1CVE-2006-4541 – Internet Security Systems 3.6 BlackICE - Local Denial of Service
https://notcve.org/view.php?id=CVE-2006-4541
05 Sep 2006 — RapDrv.sys in BlackICE PC Protection 3.6.cpn, cpj, cpiE, and possibly 3.6 and earlier, allows local users to cause a denial of service (crash) via a NULL third argument to the NtOpenSection API function. NOTE: it was later reported that 3.6.cqn is also affected. RapDrv.sys en BlackICE PC Protection 3.6.cpn, cpj, cpiE, y posiblemente 3.6 y anteriores, permite a usuarios locales provocar denegación de servicio (caida) a través de un tercer argumento NULL a la función NtOpenSection API. NOTA: Posteriormente fu... • https://www.exploit-db.com/exploits/28469 • CWE-20: Improper Input Validation •
CVSS: 7.3EPSS: 0%CPEs: 2EXPL: 0CVE-2006-3999
https://notcve.org/view.php?id=CVE-2006-3999
05 Aug 2006 — ISS BlackICE PC Protection 3.6.cpj, 3.6.cpiE, and possibly earlier versions do not properly monitor the integrity of the pamversion.dll BlackICE library, which allows local users to subvert BlackICE by replacing pamversion.dll. NOTE: in most cases, the attack would not cross privilege boundaries because replacing pamversion.dll requires administrative privileges. However, this issue is a vulnerability because BlackICE is intended to protect against certain rogue privileged actions. ISS BlackICE PC Protectio... • http://securityreason.com/securityalert/1338 •
CVSS: 7.5EPSS: 2%CPEs: 11EXPL: 0CVE-2006-3840
https://notcve.org/view.php?id=CVE-2006-3840
27 Jul 2006 — The SMB Mailslot parsing functionality in PAM in multiple ISS products with XPU (24.39/1.78/epj/x.x.x.1780), including Proventia A, G, M, Server, and Desktop, BlackICE PC and Server Protection 3.6, and RealSecure 7.0, allows remote attackers to cause a denial of service (infinite loop) via a crafted SMB packet that is not properly handled by the SMB_Mailslot_Heap_Overflow decode. La funcionalidad SMB Mailslot en PAM en múltiples productos ISS con XPU (24.39/1.78/epj/x.x.x.1780), incluyendo Proventia A, G, M... • http://secunia.com/advisories/21219 • CWE-399: Resource Management Errors •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2005-2711
https://notcve.org/view.php?id=CVE-2005-2711
31 Dec 2005 — ISS BlackIce 3.6, as used in multiple products including BlackICE PC Protection, Server Protection, Agent for Server, and RealSecure Desktop 3.6 and 7.0, does not drop privileges before launching help from the "More Info" button in the "Application Protection" dialog, which allows local users to execute arbitrary programs as SYSTEM. • http://secunia.com/advisories/19327 •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2004-2125
https://notcve.org/view.php?id=CVE-2004-2125
31 Dec 2004 — Buffer overflow in blackd.exe for BlackICE PC Protection 3.6 and other versions before 3.6.ccb, with application protection off, allows local users to gain system privileges by modifying the .INI file to contain a long packetLog.fileprefix value. • http://archives.neohapsis.com/archives/iss/2004-q1/0157.html •