CVSS: 7.8EPSS: 76%CPEs: 13EXPL: 0CVE-2011-3414
https://notcve.org/view.php?id=CVE-2011-3414
30 Dec 2011 — The CaseInsensitiveHashProvider.getHashCode function in the HashTable implementation in the ASP.NET subsystem in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters, aka "Collisions in HashTable May Cause DoS Vulnerability." La función CaseInsensitiveHashProvider.getHashC... • http://archives.neohapsis.com/archives/bugtraq/2011-12/0181.html • CWE-399: Resource Management Errors •
CVSS: 6.8EPSS: 48%CPEs: 13EXPL: 0CVE-2011-3415
https://notcve.org/view.php?id=CVE-2011-3415
30 Dec 2011 — Open redirect vulnerability in the Forms Authentication feature in the ASP.NET subsystem in Microsoft .NET Framework 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted return URL, aka "Insecure Redirect in .NET Form Authentication Vulnerability." Abrir redirigir la vulnerabilidad en la función de autenticación de formularios en el subsistema de ASP.NET de Microsoft .NET Framework 2.0 SP2, 3.5 SP1, 3.5.1 y 4.0 permite a... • http://jvn.jp/en/jp/JVN71256611/index.html • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 86%CPEs: 13EXPL: 0CVE-2011-3416
https://notcve.org/view.php?id=CVE-2011-3416
30 Dec 2011 — The Forms Authentication feature in the ASP.NET subsystem in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 allows remote authenticated users to obtain access to arbitrary user accounts via a crafted username, aka "ASP.Net Forms Authentication Bypass Vulnerability." La función de autenticación de formularios en el subsistema de ASP.NET de Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5 SP1, 3.5.1 y 4.0 permite a usuarios remotos autenticados obtener acceso a cuentas de usuario de su elecc... • http://www.us-cert.gov/cas/techalerts/TA11-347A.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.3EPSS: 65%CPEs: 13EXPL: 0CVE-2011-3417
https://notcve.org/view.php?id=CVE-2011-3417
30 Dec 2011 — The Forms Authentication feature in the ASP.NET subsystem in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0, when sliding expiry is enabled, does not properly handle cached content, which allows remote attackers to obtain access to arbitrary user accounts via a crafted URL, aka "ASP.NET Forms Authentication Ticket Caching Vulnerability." La función de autenticación de formularios en el subsistema de ASP.NET de Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5 SP1, 3.5.1 y 4.0, cuando la pér... • http://www.securityfocus.com/bid/51203 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.3EPSS: 58%CPEs: 8EXPL: 2CVE-2010-3227 – PowerZip 7.21 (Build 4010) - Stack Buffer Overflow
https://notcve.org/view.php?id=CVE-2010-3227
26 Oct 2010 — Stack-based buffer overflow in the UpdateFrameTitleForDocument method in the CFrameWnd class in mfc42.dll in the Microsoft Foundation Class (MFC) Library in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows context-dependent attackers to execute arbitrary code via a long window title that this library attempts to create at the request of an application, as demonstrated by the Trident PowerZip 7.2 Build 4010 appli... • https://www.exploit-db.com/exploits/13921 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.5EPSS: 0%CPEs: 55EXPL: 3CVE-2010-1734 – Microsoft Windows XP/2000/2003 - 'win32k.sys' SfnINSTRING Local kernel Denial of Service
https://notcve.org/view.php?id=CVE-2010-1734
05 May 2010 — The SfnINSTRING function in win32k.sys in the kernel in Microsoft Windows 2000, XP, and Server 2003 allows local users to cause a denial of service (system crash) via a 0x18d value in the second argument (aka the Msg argument) of a PostMessage function call for the DDEMLEvent window. La función SfnINSTRING de win32k.sys en el kernel de Microsoft Windows 2000, XP y Server 2003 permite a usuarios locales provocar una denegación de servicio (caída del sistema) mediante un valor 0x18d en el segundo argumento (c... • https://www.exploit-db.com/exploits/12337 • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 55EXPL: 3CVE-2010-1735 – Microsoft Windows XP/2000/2003 - 'win32k.sys' SfnLOGONNOTIFY Local kernel Denial of Service
https://notcve.org/view.php?id=CVE-2010-1735
05 May 2010 — The SfnLOGONNOTIFY function in win32k.sys in the kernel in Microsoft Windows 2000, XP, and Server 2003 allows local users to cause a denial of service (system crash) via a 0x4c value in the second argument (aka the Msg argument) of a PostMessage function call for the DDEMLEvent window. La función SfnLOGONNOTIFY en win32k.sys en el kernel de Microsoft Windows 2000, XP, y Server 2003 permite a usuarios locales causar una denegación de servicio (caída sistema) a través de un valor 0x4c en el segundo argumento ... • https://www.exploit-db.com/exploits/12336 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 13EXPL: 1CVE-2010-0233 – Microsoft Windows XP/Vista/2000/2003 - Double-Free Memory Corruption Privilege Escalation
https://notcve.org/view.php?id=CVE-2010-0233
10 Feb 2010 — Double free vulnerability in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows local users to gain privileges via a crafted application, aka "Windows Kernel Double Free Vulnerability." Vulnerabilidad de doble liberación en el núcleo de Microsoft Windows 2000 SP4, XP SP2 y SP3, Server 2003 SP2, Vista Gold, SP1, y SP2, y Server 2008 Gold y SP2, permite a usuarios locales obtener privilegios a través de una aplicación manipu... • https://www.exploit-db.com/exploits/33593 •
CVSS: 9.3EPSS: 62%CPEs: 7EXPL: 0CVE-2009-2527
https://notcve.org/view.php?id=CVE-2009-2527
14 Oct 2009 — Heap-based buffer overflow in Microsoft Windows Media Player 6.4 allows remote attackers to execute arbitrary code via (1) a crafted ASF file or (2) crafted streaming content, aka "WMP Heap Overflow Vulnerability." Desbordamiento de búfer basado en memoria dinámica (heap) en Microsoft Windows Media Player v6.4, permite a atacantes remotos ejecutar código de su elección a través de un archivo ASF manipulado o (2) a través de un contenido para difusión (streaming) manipulado, también conocida como "Vulnerabil... • http://www.us-cert.gov/cas/techalerts/TA09-286A.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.5EPSS: 2%CPEs: 17EXPL: 1CVE-2009-0229
https://notcve.org/view.php?id=CVE-2009-0229
10 Jun 2009 — The Windows Printing Service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 allows local users to read arbitrary files via a crafted separator page, aka "Print Spooler Read File Vulnerability." Servicio de impresión de Windows en Microsoft Windows 2000 SP4, XP SP2 y SP3, Server 2003 SP2, Vista Gold, SP1 y SP2, y Server 2008 SP2 permite a usuarios locales leer archivos arbitrarios a través de un separador de página elaborado, alias "Vulnerabilida... • https://github.com/zveriu/CVE-2009-0229-PoC • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •