CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2020-26168
https://notcve.org/view.php?id=CVE-2020-26168
The LDAP authentication method in LdapLoginModule in Hazelcast IMDG Enterprise 4.x before 4.0.3, and Jet Enterprise 4.x through 4.2, doesn't verify properly the password in some system-user-dn scenarios. As a result, users (clients/members) can be authenticated even if they provide invalid passwords. El método de autenticación LDAP en LdapLoginModule en Hazelcast IMDG Enterprise versiones 4.x anteriores a 4.0.3, y Jet Enterprise versiones 4.x anteriores a 4.2, no comprueba apropiadamente la contraseña en algunos escenarios de system-user-dn. Como resultado, los usuarios (clients/members) pueden ser autenticados incluso si proporcionan contraseñas no válidas • https://docs.hazelcast.org/docs/ern/index.html#4-0-3 https://hazelcast.zendesk.com/hc/en-us/articles/360050161951--IMDG-Enterprise-4-0-4-0-1-4-0-2-LDAP-Authentication-Bypass https://hazelcast.zendesk.com/hc/en-us/articles/360051384932--JET-Enterprise-4-0-4-1-4-1-1-4-2-LDAP-Authentication-Bypass https://jet-start.sh/blog/2020/10/23/jet-43-is-released • CWE-287: Improper Authentication •
CVSS: 9.3EPSS: 82%CPEs: 6EXPL: 1CVE-2007-6026 – Microsoft Jet Engine - '.MDB' File Parsing Stack Overflow
https://notcve.org/view.php?id=CVE-2007-6026
Stack-based buffer overflow in Microsoft msjet40.dll 4.0.8618.0 (aka Microsoft Jet Engine), as used by Access 2003 in Microsoft Office 2003 SP3, allows user-assisted attackers to execute arbitrary code via a crafted MDB file database file containing a column structure with a modified column count. NOTE: this might be the same issue as CVE-2005-0944. Un desbordamiento del búfer en la región stack de la memoria en Microsoft msjet40.dll versión 4.0.8618.0 (también se conoce como Microsoft Jet Engine), como es usado por Access 2003 en Microsoft Office 2003 SP3, permite a atacantes asistidos por el usuario ejecutar código arbitrario por medio de un archivo de base de datos de archivos MDB que contiene una estructura de columnas con un conteo de columnas modificado. NOTA: este podría ser el mismo problema que CVE-2005-0944. • https://www.exploit-db.com/exploits/4625 http://dvlabs.tippingpoint.com/advisory/TPTI-08-04 http://lists.grok.org.uk/pipermail/full-disclosure/2007-November/058531.html http://marc.info/?l=bugtraq&m=121129490723574&w=2 http://ruder.cdut.net/blogview.asp?logID=227 http://securityreason.com/securityalert/3376 http://www.kb.cert.org/vuls/id/936529 http://www.securityfocus.com/archive/1/483797/100/0/threaded http://www.securityfocus.com/archive/1/483858/100/100/threaded • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 15%CPEs: 1EXPL: 3CVE-2005-0944 – Microsoft Jet Database - 'msjet40.dll' Code Execution (Reverse Shell)
https://notcve.org/view.php?id=CVE-2005-0944
Unknown vulnerability in Microsoft Jet DB engine (msjet40.dll) 4.00.8618.0, related to insufficient data validation, allows remote attackers to execute arbitrary code via a crafted mdb file. • https://www.exploit-db.com/exploits/951 https://www.exploit-db.com/exploits/927 https://www.exploit-db.com/exploits/929 http://blogs.securiteam.com/?p=535 http://marc.info/?l=bugtraq&m=111231465920199&w=2 http://www.hexview.com/docs/20050331-1.txt http://www.kb.cert.org/vuls/id/176380 http://www.securityfocus.com/archive/1/442446/100/100/threaded http://www.securityfocus.com/archive/1/442610/100/100/threaded •