CVE-2009-3731
https://notcve.org/view.php?id=CVE-2009-3731
Multiple cross-site scripting (XSS) vulnerabilities in WebWorks Help 2.0 through 5.0 in VMware vCenter 4.0 before Update 1 Build 208156; VMware Server 2.0.2; VMware ESX 4.0; VMware Lab Manager 2.x; VMware vCenter Lab Manager 3.x and 4.x before 4.0.1; VMware Stage Manager 1.x before 4.0.1; WebWorks Publisher 6.x through 8.x; WebWorks Publisher 2003; and WebWorks ePublisher 9.0.x through 9.3, 2008.1 through 2008.4, and 2009.x before 2009.3 allow remote attackers to inject arbitrary web script or HTML via (1) wwhelp_entry.html, reachable through index.html and wwhsec.htm, (2) wwhelp/wwhimpl/api.htm, (3) wwhelp/wwhimpl/common/html/frameset.htm, (4) wwhelp/wwhimpl/common/scripts/switch.js, or (5) the window.opener component in wwhelp/wwhimpl/common/html/bookmark.htm, related to (a) unspecified parameters and (b) messages used in topic links for the bookmarking functionality. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en WebWorks Help v2.0 a la v5.0 en VMware vCenter v4.0 anterior a Update 1 Build 208156; VMware Server v2.0.2; VMware ESX v4.0; VMware Lab Manager v2.x; VMware vCenter Lab Manager v3.x y v4.x anterior a v4.0.1; VMware Stage Manager v1.x anterior a v4.0.1; WebWorks Publisher v6.x a la v8.x; WebWorks Publisher 2003; y WebWorks ePublisher v9.0.x a la v9.3, 2008.1 a la 2008.4, y 2009.x anterior a 2009.3, permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través de (1) wwhelp_entry.html alcanzable a través d index.html y wwhsec.htm, (2) wwhelp/wwhimpl/api.htm, (3) wwhelp/wwhimpl/common/html/frameset.htm, (4) wwhelp/wwhimpl/common/scripts/switch.js, o (5) el componente window.opener en wwhelp/wwhimpl/common/html/bookmark.htm, relacionado con (a) parámetros desconocidos y (b) mensajes usados en los enlaces de "topic" para la funcionalidad de marcadores. • http://archives.neohapsis.com/archives/bugtraq/2009-12/0229.html http://lists.vmware.com/pipermail/security-announce/2009/000073.html http://secunia.com/advisories/38749 http://secunia.com/advisories/38842 http://securitytracker.com/id?1023683 http://www.osvdb.org/62738 http://www.osvdb.org/62739 http://www.osvdb.org/62740 http://www.osvdb.org/62741 http://www.osvdb.org/62742 http://www.securityfocus.com/archive/1/509883/100/0/threaded http://www.securityfocus. • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2008-0102
https://notcve.org/view.php?id=CVE-2008-0102
Unspecified vulnerability in Microsoft Office Publisher 2000, 2002, and 2003 SP2 allows remote attackers to execute arbitrary code via a crafted .pub file, related to invalid "memory values," aka "Publisher Invalid Memory Reference Vulnerability." Vulnerabilidad no especificada de Microsoft Office Publisher 2000, 2002, y 2003 SP2 permite a atacantes remotos ejecutar código de su elección a través del fichero manipulado .pub, relativo a invalidad "valores de memoria", también conocido como "Publisher Invalid Memory Reference Vulnerability". • http://marc.info/?l=bugtraq&m=120361015026386&w=2 http://secunia.com/advisories/28906 http://www.securityfocus.com/bid/27739 http://www.securitytracker.com/id?1019376 http://www.us-cert.gov/cas/techalerts/TA08-043C.html http://www.vupen.com/english/advisories/2008/0514/references https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-012 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5305 • CWE-399: Resource Management Errors •
CVE-2008-0104
https://notcve.org/view.php?id=CVE-2008-0104
Unspecified vulnerability in Microsoft Office Publisher 2000, 2002, and 2003 SP2 allows remote attackers to execute arbitrary code via a crafted .pub file, aka "Publisher Memory Corruption Vulnerability." Vulnerabilidad sin especificar en Microsoft Office Publisher 2000, 2002 y 2003 SP2. Permite a atacantes remotos ejecutar código de su elección a través de un archivo .pub manipulado, también conocido como "Publisher Memory Corruption Vulnerability." • http://marc.info/?l=bugtraq&m=120361015026386&w=2 http://secunia.com/advisories/28906 http://www.securityfocus.com/bid/27740 http://www.securitytracker.com/id?1019377 http://www.us-cert.gov/cas/techalerts/TA08-043C.html http://www.vupen.com/english/advisories/2008/0514/references https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-012 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4547 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2007-6534
https://notcve.org/view.php?id=CVE-2007-6534
Multiple unspecified vulnerabilities in Microsoft Office Publisher allow user-assisted remote attackers to cause a denial of service (application crash) via a crafted PUB file, possibly involving wordart. Múltiples vulnerabilidades no especificadas en Microsoft Office Publisher permiten a atacantes remotos con la intervención del usuario provocar una denegación de servicio (caída de aplicación) mediante un archivo PUB manipulado, posiblemente involucrando un wordart. • http://securityreason.com/securityalert/3490 http://www.securityfocus.com/archive/1/485456/100/0/threaded http://www.securityfocus.com/bid/26982 • CWE-20: Improper Input Validation •
CVE-2007-0671
https://notcve.org/view.php?id=CVE-2007-0671
Unspecified vulnerability in Microsoft Excel 2000, XP, 2003, and 2004 for Mac, and possibly other Office products, allows remote user-assisted attackers to execute arbitrary code via unknown attack vectors, as demonstrated by Exploit-MSExcel.h in targeted zero-day attacks. Una vulnerabilidad no especificada en Microsoft Excel 2000, XP, 2003 y 2004 para Mac, y posiblemente otros productos de Office, permite a atacantes asistidos por el usuario ejecutar código arbitrario por medio de vectores de ataque desconocidos, como es demostrado por el archivo Exploit-MSExcel.h en ataques de día cero dirigidos. • http://osvdb.org/31901 http://secunia.com/advisories/24008 http://securitytracker.com/id?1017584 http://vil.nai.com/vil/content/v_141393.htm http://www.avertlabs.com/research/blog/?p=191 http://www.kb.cert.org/vuls/id/613740 http://www.microsoft.com/technet/security/advisory/932553.mspx http://www.securityfocus.com/bid/22383 http://www.us-cert.gov/cas/techalerts/TA07-044A.html http://www.vupen.com/english/advisories/2007/0463 https://docs.microsoft.com •