CVSS: 6.1EPSS: 2%CPEs: 30EXPL: 0CVE-2009-3731
https://notcve.org/view.php?id=CVE-2009-3731
16 Dec 2009 — Multiple cross-site scripting (XSS) vulnerabilities in WebWorks Help 2.0 through 5.0 in VMware vCenter 4.0 before Update 1 Build 208156; VMware Server 2.0.2; VMware ESX 4.0; VMware Lab Manager 2.x; VMware vCenter Lab Manager 3.x and 4.x before 4.0.1; VMware Stage Manager 1.x before 4.0.1; WebWorks Publisher 6.x through 8.x; WebWorks Publisher 2003; and WebWorks ePublisher 9.0.x through 9.3, 2008.1 through 2008.4, and 2009.x before 2009.3 allow remote attackers to inject arbitrary web script or HTML via (1) ... • http://archives.neohapsis.com/archives/bugtraq/2009-12/0229.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 59%CPEs: 3EXPL: 0CVE-2008-0102
https://notcve.org/view.php?id=CVE-2008-0102
12 Feb 2008 — Unspecified vulnerability in Microsoft Office Publisher 2000, 2002, and 2003 SP2 allows remote attackers to execute arbitrary code via a crafted .pub file, related to invalid "memory values," aka "Publisher Invalid Memory Reference Vulnerability." Vulnerabilidad no especificada de Microsoft Office Publisher 2000, 2002, y 2003 SP2 permite a atacantes remotos ejecutar código de su elección a través del fichero manipulado .pub, relativo a invalidad "valores de memoria", también conocido como "Publisher Invalid... • http://marc.info/?l=bugtraq&m=120361015026386&w=2 • CWE-399: Resource Management Errors •
CVSS: 9.3EPSS: 48%CPEs: 4EXPL: 0CVE-2008-0104
https://notcve.org/view.php?id=CVE-2008-0104
12 Feb 2008 — Unspecified vulnerability in Microsoft Office Publisher 2000, 2002, and 2003 SP2 allows remote attackers to execute arbitrary code via a crafted .pub file, aka "Publisher Memory Corruption Vulnerability." Vulnerabilidad sin especificar en Microsoft Office Publisher 2000, 2002 y 2003 SP2. Permite a atacantes remotos ejecutar código de su elección a través de un archivo .pub manipulado, también conocido como "Publisher Memory Corruption Vulnerability." • http://marc.info/?l=bugtraq&m=120361015026386&w=2 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.1EPSS: 20%CPEs: 5EXPL: 0CVE-2007-6534
https://notcve.org/view.php?id=CVE-2007-6534
27 Dec 2007 — Multiple unspecified vulnerabilities in Microsoft Office Publisher allow user-assisted remote attackers to cause a denial of service (application crash) via a crafted PUB file, possibly involving wordart. Múltiples vulnerabilidades no especificadas en Microsoft Office Publisher permiten a atacantes remotos con la intervención del usuario provocar una denegación de servicio (caída de aplicación) mediante un archivo PUB manipulado, posiblemente involucrando un wordart. • http://securityreason.com/securityalert/3490 • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 62%CPEs: 36EXPL: 0CVE-2007-0671
https://notcve.org/view.php?id=CVE-2007-0671
03 Feb 2007 — Unspecified vulnerability in Microsoft Excel 2000, XP, 2003, and 2004 for Mac, and possibly other Office products, allows remote user-assisted attackers to execute arbitrary code via unknown attack vectors, as demonstrated by Exploit-MSExcel.h in targeted zero-day attacks. Una vulnerabilidad no especificada en Microsoft Excel 2000, XP, 2003 y 2004 para Mac, y posiblemente otros productos de Office, permite a atacantes asistidos por el usuario ejecutar código arbitrario por medio de vectores de ataque descon... • http://osvdb.org/31901 •
CVSS: 9.3EPSS: 36%CPEs: 35EXPL: 0CVE-2006-3877
https://notcve.org/view.php?id=CVE-2006-3877
10 Oct 2006 — Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Office 2002, Office 2003, Office 2004 for Mac, and Office v.X for Mac allows user-assisted attackers to execute arbitrary code via an unspecified "crafted file," a different vulnerability than CVE-2006-3435, CVE-2006-4694, and CVE-2006-3876. Vulnerabilidad no especificada en PowerPoint en Microsoft Office 2000, Office 2002, Office 2003, Office 2004 para Mac, y Office v.X para Mac permite a atacantes con la intervención del usuario ejecutar có... • http://securitytracker.com/id?1017030 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 72%CPEs: 7EXPL: 1CVE-2006-0001
https://notcve.org/view.php?id=CVE-2006-0001
12 Sep 2006 — Stack-based buffer overflow in Microsoft Publisher 2000 through 2003 allows user-assisted remote attackers to execute arbitrary code via a crafted PUB file, which causes an overflow when parsing fonts. Desbordamiento de búfer basado en montón en Microsoft Publisher 2000 hasta 2003, permite a los atacantes con la complicidad del usuario ejecutar código de su elección a través de un fichero PUB artesanal, el cual provoca un desbordamiento cuando analiza sintacticamente las fuentes. • http://secunia.com/advisories/21863 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 45%CPEs: 16EXPL: 0CVE-2004-0573
https://notcve.org/view.php?id=CVE-2004-0573
17 Sep 2004 — Buffer overflow in the converter for Microsoft WordPerfect 5.x on Office 2000, Office XP, Office 2003, and Works Suites 2001 through 2004 allows remote attackers to execute arbitrary code via a malicious document or website. Desbordamiento de búfer en el convertidor de Microsoft WordPerfect 5.x en Office 2000, Office XP, Offiece 2003 y las suites Works 2001 a 2004 permite a atacantes remotos ejecutar código de su elección mediante un documento o un sitio web malicioso. • http://marc.info/?l=bugtraq&m=109519646030906&w=2 •