CVSS: 6.1EPSS: 62%CPEs: 36EXPL: 1CVE-2006-0032 – Microsoft Indexing Service - Query Validation Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2006-0032
12 Sep 2006 — Cross-site scripting (XSS) vulnerability in the Indexing Service in Microsoft Windows 2000, XP, and Server 2003, when the Encoding option is set to Auto Select, allows remote attackers to inject arbitrary web script or HTML via a UTF-7 encoded URL, which is injected into an error message whose charset is set to UTF-7. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el Indexing Service dentro de Microsoft Windows 2000, XP, y Server 2003, cuando la opción Encoding está asiganado a Auto Se... • https://www.exploit-db.com/exploits/28500 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 25%CPEs: 55EXPL: 1CVE-2006-3351
https://notcve.org/view.php?id=CVE-2006-3351
06 Jul 2006 — Buffer overflow in Windows Explorer (explorer.exe) on Windows XP and 2003 allows user-assisted attackers to cause a denial of service (repeated crash) and possibly execute arbitrary code via a .url file with an InternetShortcut tag containing a long URL and a large number of "file:" specifiers. Desbordamiento de buffer en el Explorador de Windows (explorer.exe) de Windows XP y 2003. Permite a usuarios remotos con ayuda del usuario causar una denegación de servicio (indisponibilidad repetida de la aplicación... • http://securityreason.com/securityalert/1186 •