CVSS: 7.8EPSS: 0%CPEs: 45EXPL: 0CVE-2020-5674
https://notcve.org/view.php?id=CVE-2020-5674
Untrusted search path vulnerability in the installers of multiple SEIKO EPSON products allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. Una vulnerabilidad de ruta de búsqueda no confiable en los instaladores de múltiples productos SEIKO EPSON, permite a un atacante alcanzar privilegios por medio de una DLL de tipo caballo de Troya en un directorio no especificado • https://jvn.jp/en/jp/JVN26835001/index.html https://www.epson.jp/support/misc_t/201119_oshirase.htm https://www.epson.jp/support/pdf/fy20-001_softwareList_20201106_b.pdf • CWE-427: Uncontrolled Search Path Element •
CVSS: 5.0EPSS: 0%CPEs: 9EXPL: 0CVE-2003-1569
https://notcve.org/view.php?id=CVE-2003-1569
GoAhead WebServer before 2.1.5 on Windows 95, 98, and ME allows remote attackers to cause a denial of service (daemon crash) via an HTTP request with a (1) con, (2) nul, (3) clock$, or (4) config$ device name in a path component, different vectors than CVE-2001-0385. GoAhead WebServer anterior a v2.1.5 en Windows 95, 98, and ME permite a atacantes remotos provocar una denegación de servicio (caída del demonio) a través de una petición HTTP con un nombre de dispositivo en un componente de ruta 1) con, (2) nul, (3) clock$, o (4) config$, vector diferente que CVE-2001-0385. • http://data.goahead.com/Software/Webserver/2.1.8/release.htm#windows-95-98-me-aux-denial-of-service • CWE-20: Improper Input Validation •
CVSS: 7.6EPSS: 2%CPEs: 3EXPL: 1CVE-1999-1593
https://notcve.org/view.php?id=CVE-1999-1593
Windows Internet Naming Service (WINS) allows remote attackers to cause a denial of service (connectivity loss) or steal credentials via a 1Ch registration that causes WINS to change the domain controller to point to a malicious server. NOTE: this problem may be limited when Windows 95/98 clients are used, or if the primary domain controller becomes unavailable. Windows Internet Naming Service (WINS), permite atacantes remotos provocar una denegación de servicio (pérdida de conexión) o el robo de credenciales a través de una inscripción 1Ch que hace que WINS se cambie de controlador de dominio para apuntar a un servidor malicioso. NOTA: este problema puede estar limitado cuando se usan clientes Windows 95/98, o si el primer controlador de dominio no está disponible. • http://archives.neohapsis.com/archives/ntbugtraq/1998-1999/msg00371.html http://seclists.org/bugtraq/2001/Jan/0264.html http://seclists.org/bugtraq/2001/Jan/0269.html http://seclists.org/bugtraq/2001/Jan/0271.html http://seclists.org/bugtraq/2001/Jan/0274.html http://seclists.org/bugtraq/2001/Jan/0276.html http://seclists.org/bugtraq/2001/Jan/0289.html http://seclists.org/bugtraq/2001/Jan/0298.html http://www.securityfocus.com/bid/2221 https://www2.sans.org/ • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.6EPSS: 14%CPEs: 21EXPL: 3CVE-2007-4938 – MPlayer 1.0 - AVIHeader.C Heap Buffer Overflow
https://notcve.org/view.php?id=CVE-2007-4938
Heap-based buffer overflow in libmpdemux/aviheader.c in MPlayer 1.0rc1 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a .avi file with certain large "indx truck size" and nEntriesInuse values, and a certain wLongsPerEntry value. Desbordamiento de búfer basado en pila en libmpdemux/aviheader.c en MPlayer 1.0rc1 y anteriores permite a atacantes remotos provocar denegación de servicio (caida de aplicación) o posiblemente ejecutar código de su elección a través de un archivo .avi con cierto "tamaño indx tratado" y valores nEntriesInuse, y un cierto valor wLongsPerEntry. • https://www.exploit-db.com/exploits/30578 http://osvdb.org/45940 http://secunia.com/advisories/27016 http://securityreason.com/securityalert/3144 http://www.mandriva.com/security/advisories?name=MDKSA-2007:192 http://www.securityfocus.com/archive/1/479222/100/0/threaded http://www.securityfocus.com/bid/25648 http://www.vulnhunt.com/advisories/CAL-20070912-1_Multiple_vendor_produce_handling_AVI_file_vulnerabilities.txt https://exchange.xforce.ibmcloud.com/vulnerabilities/36581 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.1EPSS: 78%CPEs: 8EXPL: 1CVE-2007-3958 – Microsoft Windows Explorer - '.GIF' Image Denial of Service
https://notcve.org/view.php?id=CVE-2007-3958
Microsoft Windows Explorer (explorer.exe) allows user-assisted remote attackers to cause a denial of service via a certain GIF file, as demonstrated by Art.gif. Microsoft Windows Explorer (explorer.exe) permite a atacantes remotos con la complicidad del usuario provocar una denegación de servicio mediante un determinado fichero GIF, como se demuestra con Art.gif. • https://www.exploit-db.com/exploits/4215 http://lostmon.blogspot.com/2007/08/windows-extended-file-attributes-buffer.html http://osvdb.org/43773 http://www.securityfocus.com/bid/25013 https://exchange.xforce.ibmcloud.com/vulnerabilities/35538 •