CVSS: 9.0EPSS: 0%CPEs: 8EXPL: 0CVE-2012-3324
https://notcve.org/view.php?id=CVE-2012-3324
25 Sep 2012 — Directory traversal vulnerability in the UTL_FILE module in IBM DB2 and DB2 Connect 10.1 before FP1 on Windows allows remote authenticated users to modify, delete, or read arbitrary files via a pathname in the file field. Vulnerabilidad de salto de directorio en el módulo UTL_FILE en IBM DB2 y DB2 Connect v10.1 antes de FP1 en Windows permite a usuarios remotos autenticados modificar, eliminar o leer archivos de su elección a través de una ruta en el campo Archivo ('file'). • http://www-01.ibm.com/support/docview.wss?uid=swg1IC85513 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.3EPSS: 1%CPEs: 5EXPL: 0CVE-2007-6753
https://notcve.org/view.php?id=CVE-2007-6753
28 Mar 2012 — Untrusted search path vulnerability in Shell32.dll in Microsoft Windows 2000, Windows XP, Windows Vista, Windows Server 2008, and Windows 7, when using an environment configured with a string such as %APPDATA% or %PROGRAMFILES% in a certain way, allows local users to gain privileges via a Trojan horse DLL under the current working directory, as demonstrated by iTunes and Safari. Ruta de búsqueda no confiable en Shell32.dll en Microsoft Windows 2000, Windows XP, Windows Vista, Windows Server 2008, and Window... • http://blog.acrossecurity.com/2010/10/breaking-setdlldirectory-protection.html •
CVSS: 7.5EPSS: 17%CPEs: 6EXPL: 0CVE-2010-4562
https://notcve.org/view.php?id=CVE-2010-4562
02 Feb 2012 — Microsoft Windows 2008, 7, Vista, 2003, 2000, and XP, when using IPv6, allows remote attackers to determine whether a host is sniffing the network by sending an ICMPv6 Echo Request to a multicast address and determining whether an Echo Reply is sent, as demonstrated by thcping. NOTE: due to a typo, some sources map CVE-2010-4562 to a ProFTPd mod_sql vulnerability, but that issue is covered by CVE-2010-4652. Microsoft Windows 2008, 7, Vista, 2003, 2000 y XP, cuando se utiliza IPv6, permite a atacantes remoto... • http://seclists.org/dailydave/2011/q2/25 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 0%CPEs: 75EXPL: 0CVE-2010-2594
https://notcve.org/view.php?id=CVE-2010-2594
01 Jul 2010 — Multiple cross-site request forgery (CSRF) vulnerabilities in the web management interface in InterSect Alliance Snare Agent 3.2.3 and earlier on Solaris, Snare Agent 3.1.7 and earlier on Windows, Snare Agent 1.5.0 and earlier on Linux and AIX, Snare Agent 1.4 and earlier on IRIX, Snare Epilog 1.5.3 and earlier on Windows, and Snare Epilog 1.2 and earlier on UNIX allow remote attackers to hijack the authentication of administrators for requests that (1) change the password or (2) change the listening port. ... • http://holisticinfosec.org/content/view/144/45 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.3EPSS: 57%CPEs: 15EXPL: 0CVE-2010-1880
https://notcve.org/view.php?id=CVE-2010-1880
08 Jun 2010 — Unspecified vulnerability in Quartz.dll for DirectShow on Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1, and Server 2008 allows remote attackers to execute arbitrary code via a media file with crafted compression data, aka "MJPEG Media Decompression Vulnerability." Vulnerabilidad no especificada en Quartz.dll para DirectShow en Microsoft Windows 2000 SP4, XP SP2 y SP3, Server 2003 SP2, Vista SP1, y Server 2008. Esta vulnerabilidad permite ejecutar, a atacantes remotos, código de su ... • http://osvdb.org/65222 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 2%CPEs: 17EXPL: 0CVE-2010-0484
https://notcve.org/view.php?id=CVE-2010-0484
08 Jun 2010 — The Windows kernel-mode drivers in win32k.sys in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2 "do not properly validate changes in certain kernel objects," which allows local users to execute arbitrary code via vectors related to Device Contexts (DC) and the GetDCEx function, aka "Win32k Improper Data Validation Vulnerability." Los controladores de modo kernel de Windows en win32k.sys en Windows 2000 SP4, XP SP2 y SP3, Server 2003 SP2, Vista SP... • http://www.opera.com/support/kb/view/954 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 1%CPEs: 20EXPL: 0CVE-2010-0485
https://notcve.org/view.php?id=CVE-2010-0485
08 Jun 2010 — The Windows kernel-mode drivers in win32k.sys in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 Gold and SP2, Windows 7, and Server 2008 R2 "do not properly validate all callback parameters when creating a new window," which allows local users to execute arbitrary code, aka "Win32k Window Creation Vulnerability." Los drivers kernel-mode de Windows en win32k.sys en Microsoft Windows 2000 SP4, XP SP2 y SP3, Server 2003 SP2, Vista SP1 y SP2, Server 2008 Gold y SP2, ... • http://www.opera.com/support/kb/view/954 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 2%CPEs: 20EXPL: 0CVE-2010-1255
https://notcve.org/view.php?id=CVE-2010-1255
08 Jun 2010 — The Windows kernel-mode drivers in win32k.sys in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 Gold and SP2, Windows 7, and Server 2008 R2 allows local users to execute arbitrary code via vectors related to "glyph outline information" and TrueType fonts, aka "Win32k TrueType Font Parsing Vulnerability." El controlador -driver- de Windows kernel-mode en win32k.sys de Microsoft Windows 2000 SP4, XP SP2 y SP3, Server 2003 SP2, Vista SP1 y SP2, Server 2008 Gold y SP... • http://www.opera.com/support/kb/view/954 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 58%CPEs: 43EXPL: 0CVE-2010-1259
https://notcve.org/view.php?id=CVE-2010-1259
08 Jun 2010 — Microsoft Internet Explorer 6 SP1 and SP2, 7, and 8 allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability." Microsoft Internet Explorer v6 SP 1 y SP 2, v7 y v8 permite a atacantes remotos ejecutar código a su elección mediante el acceso a un objeto que (1) no se ha iniciado correctamente o (2) se ha eliminado, lo que lleva a la corrupción de memoria, ta... • http://osvdb.org/65215 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 3%CPEs: 20EXPL: 0CVE-2010-0819
https://notcve.org/view.php?id=CVE-2010-0819
08 Jun 2010 — Unspecified vulnerability in the Windows OpenType Compact Font Format (CFF) driver in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 SP2 and R2, and Windows 7 allows local users to execute arbitrary code via unknown vectors related to improper validation when copying data from user mode to kernel mode, aka "OpenType CFF Font Driver Memory Corruption Vulnerability." Vulnerabilidad sin especificar en el driver Windows OpenType Compact Font Format (CFF) en Microsoft... • http://www.securityfocus.com/bid/40572 • CWE-20: Improper Input Validation •