57 results (0.012 seconds)

CVSS: 5.0EPSS: 0%CPEs: 9EXPL: 0

GoAhead WebServer before 2.1.5 on Windows 95, 98, and ME allows remote attackers to cause a denial of service (daemon crash) via an HTTP request with a (1) con, (2) nul, (3) clock$, or (4) config$ device name in a path component, different vectors than CVE-2001-0385. GoAhead WebServer anterior a v2.1.5 en Windows 95, 98, and ME permite a atacantes remotos provocar una denegación de servicio (caída del demonio) a través de una petición HTTP con un nombre de dispositivo en un componente de ruta 1) con, (2) nul, (3) clock$, o (4) config$, vector diferente que CVE-2001-0385. • http://data.goahead.com/Software/Webserver/2.1.8/release.htm#windows-95-98-me-aux-denial-of-service • CWE-20: Improper Input Validation •

CVSS: 7.6EPSS: 2%CPEs: 3EXPL: 1

Windows Internet Naming Service (WINS) allows remote attackers to cause a denial of service (connectivity loss) or steal credentials via a 1Ch registration that causes WINS to change the domain controller to point to a malicious server. NOTE: this problem may be limited when Windows 95/98 clients are used, or if the primary domain controller becomes unavailable. Windows Internet Naming Service (WINS), permite atacantes remotos provocar una denegación de servicio (pérdida de conexión) o el robo de credenciales a través de una inscripción 1Ch que hace que WINS se cambie de controlador de dominio para apuntar a un servidor malicioso. NOTA: este problema puede estar limitado cuando se usan clientes Windows 95/98, o si el primer controlador de dominio no está disponible. • http://archives.neohapsis.com/archives/ntbugtraq/1998-1999/msg00371.html http://seclists.org/bugtraq/2001/Jan/0264.html http://seclists.org/bugtraq/2001/Jan/0269.html http://seclists.org/bugtraq/2001/Jan/0271.html http://seclists.org/bugtraq/2001/Jan/0274.html http://seclists.org/bugtraq/2001/Jan/0276.html http://seclists.org/bugtraq/2001/Jan/0289.html http://seclists.org/bugtraq/2001/Jan/0298.html http://www.securityfocus.com/bid/2221 https://www2.sans.org/ • CWE-59: Improper Link Resolution Before File Access ('Link Following') •

CVSS: 7.1EPSS: 78%CPEs: 8EXPL: 1

Microsoft Windows Explorer (explorer.exe) allows user-assisted remote attackers to cause a denial of service via a certain GIF file, as demonstrated by Art.gif. Microsoft Windows Explorer (explorer.exe) permite a atacantes remotos con la complicidad del usuario provocar una denegación de servicio mediante un determinado fichero GIF, como se demuestra con Art.gif. • https://www.exploit-db.com/exploits/4215 http://lostmon.blogspot.com/2007/08/windows-extended-file-attributes-buffer.html http://osvdb.org/43773 http://www.securityfocus.com/bid/25013 https://exchange.xforce.ibmcloud.com/vulnerabilities/35538 •

CVSS: 10.0EPSS: 5%CPEs: 18EXPL: 1

PHP remote file inclusion vulnerability in index.php in Achievo 1.1.0 allows remote attackers to execute arbitrary PHP code via a URL in the config_atkroot parameter. Vulnerabilidad de inclusión remota de archivo en PHP en index.php de Achievo 1.1.0 permite a atacantes remotos ejecutar código PHP de su elección mediante una URL en el parámetro config_atkroot. • https://www.exploit-db.com/exploits/3928 http://osvdb.org/37919 http://www.securityfocus.com/bid/23992 https://exchange.xforce.ibmcloud.com/vulnerabilities/34305 •

CVSS: 5.8EPSS: 4%CPEs: 16EXPL: 1

formmail.php in Jetbox CMS 2.1 allows remote attackers to send arbitrary e-mails (spam) via modified recipient, _SETTINGS[allowed_email_hosts][], and subject parameters. formmail.php en Jetbox CMS 2.1 permite a atacantes remotos envíar e-mails de su elección a través de recipientes modificados, a través de los parámetros _SETTINGS[allowed_email_hosts][], y subject. Jetbox CMS version 2.1 suffers from an e-mail injection vulnerability that allows for spamming. • https://www.exploit-db.com/exploits/30040 http://securityreason.com/securityalert/2710 http://www.netvigilance.com/advisory0026 http://www.osvdb.org/34088 http://www.securityfocus.com/archive/1/468644/100/0/threaded http://www.securityfocus.com/bid/23989 http://www.securitytracker.com/id?1018063 http://www.vupen.com/english/advisories/2007/1831 https://exchange.xforce.ibmcloud.com/vulnerabilities/34292 •