CVSS: 6.7EPSS: 0%CPEs: 14EXPL: 0CVE-2021-29218
https://notcve.org/view.php?id=CVE-2021-29218
04 Feb 2022 — A local unquoted search path security vulnerability has been identified in HPE Agentless Management Service for Windows version(s): Prior to 1.44.0.0, 10.96.0.0. This vulnerability could be exploited locally by a user with high privileges to execute malware that may lead to a loss of confidentiality, integrity, and availability. HPE has provided software updates to resolve the vulnerability in HPE Agentless Management Service for Windows. Se ha identificado una vulnerabilidad de seguridad en la ruta de búsq... • https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn04233en_us • CWE-428: Unquoted Search Path or Element •
CVSS: 8.2EPSS: 8%CPEs: 4EXPL: 5CVE-2011-5279
https://notcve.org/view.php?id=CVE-2011-5279
23 Apr 2014 — CRLF injection vulnerability in the CGI implementation in Microsoft Internet Information Services (IIS) 4.x and 5.x on Windows NT and Windows 2000 allows remote attackers to modify arbitrary uppercase environment variables via a \n (newline) character in an HTTP header. Vulnerabilidad de inyección CRLF en la implementación CGI en Microsoft Internet Information Services (IIS) 4.x y 5.x en Windows NT y Windows 2000 permite a atacantes remotos modificar variables de entorno en mayúsculas a través de una caract... • http://hi.baidu.com/yuange1975/item/b2cc7141c22108e91e19bc2e •
CVSS: 9.0EPSS: 0%CPEs: 8EXPL: 0CVE-2012-3324
https://notcve.org/view.php?id=CVE-2012-3324
25 Sep 2012 — Directory traversal vulnerability in the UTL_FILE module in IBM DB2 and DB2 Connect 10.1 before FP1 on Windows allows remote authenticated users to modify, delete, or read arbitrary files via a pathname in the file field. Vulnerabilidad de salto de directorio en el módulo UTL_FILE en IBM DB2 y DB2 Connect v10.1 antes de FP1 en Windows permite a usuarios remotos autenticados modificar, eliminar o leer archivos de su elección a través de una ruta en el campo Archivo ('file'). • http://www-01.ibm.com/support/docview.wss?uid=swg1IC85513 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.3EPSS: 1%CPEs: 5EXPL: 0CVE-2007-6753
https://notcve.org/view.php?id=CVE-2007-6753
28 Mar 2012 — Untrusted search path vulnerability in Shell32.dll in Microsoft Windows 2000, Windows XP, Windows Vista, Windows Server 2008, and Windows 7, when using an environment configured with a string such as %APPDATA% or %PROGRAMFILES% in a certain way, allows local users to gain privileges via a Trojan horse DLL under the current working directory, as demonstrated by iTunes and Safari. Ruta de búsqueda no confiable en Shell32.dll en Microsoft Windows 2000, Windows XP, Windows Vista, Windows Server 2008, and Window... • http://blog.acrossecurity.com/2010/10/breaking-setdlldirectory-protection.html •
CVSS: 7.5EPSS: 17%CPEs: 6EXPL: 0CVE-2010-4562
https://notcve.org/view.php?id=CVE-2010-4562
02 Feb 2012 — Microsoft Windows 2008, 7, Vista, 2003, 2000, and XP, when using IPv6, allows remote attackers to determine whether a host is sniffing the network by sending an ICMPv6 Echo Request to a multicast address and determining whether an Echo Reply is sent, as demonstrated by thcping. NOTE: due to a typo, some sources map CVE-2010-4562 to a ProFTPd mod_sql vulnerability, but that issue is covered by CVE-2010-4652. Microsoft Windows 2008, 7, Vista, 2003, 2000 y XP, cuando se utiliza IPv6, permite a atacantes remoto... • http://seclists.org/dailydave/2011/q2/25 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.2EPSS: 6%CPEs: 20EXPL: 1CVE-2010-3268
https://notcve.org/view.php?id=CVE-2010-3268
22 Dec 2010 — The GetStringAMSHandler function in prgxhndl.dll in hndlrsvc.exe in the Intel Alert Handler service (aka Symantec Intel Handler service) in Intel Alert Management System (AMS), as used in Symantec Antivirus Corporate Edition 10.1.4.4010 on Windows 2000 SP4 and Symantec Endpoint Protection before 11.x, does not properly validate the CommandLine field of an AMS request, which allows remote attackers to cause a denial of service (application crash) via a crafted request. La función GetStringAMSHandler en prgxh... • http://secunia.com/advisories/42593 • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 0%CPEs: 75EXPL: 0CVE-2010-2594
https://notcve.org/view.php?id=CVE-2010-2594
01 Jul 2010 — Multiple cross-site request forgery (CSRF) vulnerabilities in the web management interface in InterSect Alliance Snare Agent 3.2.3 and earlier on Solaris, Snare Agent 3.1.7 and earlier on Windows, Snare Agent 1.5.0 and earlier on Linux and AIX, Snare Agent 1.4 and earlier on IRIX, Snare Epilog 1.5.3 and earlier on Windows, and Snare Epilog 1.2 and earlier on UNIX allow remote attackers to hijack the authentication of administrators for requests that (1) change the password or (2) change the listening port. ... • http://holisticinfosec.org/content/view/144/45 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.3EPSS: 57%CPEs: 15EXPL: 0CVE-2010-1880
https://notcve.org/view.php?id=CVE-2010-1880
08 Jun 2010 — Unspecified vulnerability in Quartz.dll for DirectShow on Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1, and Server 2008 allows remote attackers to execute arbitrary code via a media file with crafted compression data, aka "MJPEG Media Decompression Vulnerability." Vulnerabilidad no especificada en Quartz.dll para DirectShow en Microsoft Windows 2000 SP4, XP SP2 y SP3, Server 2003 SP2, Vista SP1, y Server 2008. Esta vulnerabilidad permite ejecutar, a atacantes remotos, código de su ... • http://osvdb.org/65222 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 2%CPEs: 17EXPL: 0CVE-2010-0484
https://notcve.org/view.php?id=CVE-2010-0484
08 Jun 2010 — The Windows kernel-mode drivers in win32k.sys in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2 "do not properly validate changes in certain kernel objects," which allows local users to execute arbitrary code via vectors related to Device Contexts (DC) and the GetDCEx function, aka "Win32k Improper Data Validation Vulnerability." Los controladores de modo kernel de Windows en win32k.sys en Windows 2000 SP4, XP SP2 y SP3, Server 2003 SP2, Vista SP... • http://www.opera.com/support/kb/view/954 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 1%CPEs: 20EXPL: 0CVE-2010-0485
https://notcve.org/view.php?id=CVE-2010-0485
08 Jun 2010 — The Windows kernel-mode drivers in win32k.sys in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 Gold and SP2, Windows 7, and Server 2008 R2 "do not properly validate all callback parameters when creating a new window," which allows local users to execute arbitrary code, aka "Win32k Window Creation Vulnerability." Los drivers kernel-mode de Windows en win32k.sys en Microsoft Windows 2000 SP4, XP SP2 y SP3, Server 2003 SP2, Vista SP1 y SP2, Server 2008 Gold y SP2, ... • http://www.opera.com/support/kb/view/954 • CWE-20: Improper Input Validation •