CVE-2019-13163
https://notcve.org/view.php?id=CVE-2019-13163
The Fujitsu TLS library allows a man-in-the-middle attack. This affects Interstage Application Development Cycle Manager V10 and other versions, Interstage Application Server V12 and other versions, Interstage Business Application Manager V2 and other versions, Interstage Information Integrator V11 and other versions, Interstage Job Workload Server V8, Interstage List Works V10 and other versions, Interstage Studio V12 and other versions, Interstage Web Server Express V11, Linkexpress V5, Safeauthor V3, ServerView Resource Orchestrator V3, Systemwalker Cloud Business Service Management V1, Systemwalker Desktop Keeper V15, Systemwalker Desktop Patrol V15, Systemwalker IT Change Manager V14, Systemwalker Operation Manager V16 and other versions, Systemwalker Runbook Automation V15 and other versions, Systemwalker Security Control V1, and Systemwalker Software Configuration Manager V15. La biblioteca Fujitsu TLS permite un ataque de tipo man-in-the-middle. Esto afecta a Interstage Application Development Cycle Manager versión V10 y otras versiones, Interstage Application Server versión V12 y otras versiones, Interstage Business Application Manager versión V2 y otras versiones, Interstage Information Integrator versión V11 y otras versiones, Interstage Job Workload Server versión V8, Interstage List Works versión V10 y otras versiones , Interstage Studio versión V12 y otras versiones, Interstage Web Server Express versión V11, Linkexpress versión V5, Safeauthor versión V3, ServerView Resource Orchestrator versión V3, Systemwalker Cloud Business Service Management versión V1, Systemwalker Desktop Keeper versión V15, Systemwalker Desktop Patrol versión V15, Systemwalker IT Change Manager versión V14, Systemwalker Operation Manager versión V16 y otras versiones, Systemwalker Runbook Automation versión V15 y otras versiones, Systemwalker Security Control versión V1 y Systemwalker Software Configuration Manager versión V15. • https://www.fujitsu.com/jp/products/software/resources/condition/security/products-fujitsu/solution/interstage-systemwalker-tls-202001.html • CWE-326: Inadequate Encryption Strength •
CVE-2008-1898 – Microsoft Works 7 - 'WkImgSrv.dll' ActiveX Denial of Service (PoC)
https://notcve.org/view.php?id=CVE-2008-1898
A certain ActiveX control in WkImgSrv.dll 7.03.0616.0, as distributed in Microsoft Works 7 and Microsoft Office 2003 and 2007, allows remote attackers to execute arbitrary code or cause a denial of service (browser crash) via an invalid WksPictureInterface property value, which triggers an improper function call. Un cierto control ActiveX en la biblioteca WkImgSrv.dll versión 7.03.0616.0, tal como se distribuye en Microsoft Works 7 y Microsoft Office 2003 y 2007, permite a los atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (bloqueo del navegador) por medio de un valor de propiedad WksPictureInterface no válido, que desencadena una llamada de función inapropiada. The Microsoft Works ActiveX control (WkImgSrv.dll) could allow a remote attacker to execute arbitrary code on a system. By passing a negative integer to the WksPictureInterface method, an attacker could execute arbitrary code on the system with privileges of the victim. Change 168430090 /0X0A0A0A0A to 202116108 / 0x0C0C0C0C FOR IE6. • https://www.exploit-db.com/exploits/5460 https://www.exploit-db.com/exploits/5530 https://www.exploit-db.com/exploits/16649 http://archives.neohapsis.com/archives/fulldisclosure/2008-05/0029.html http://blogs.technet.com/swi/archive/2008/06/05/why-there-wont-be-a-security-update-for-wkimgsrv-dll.aspx http://www.securityfocus.com/archive/1/491027/100/0/threaded http://www.securityfocus.com/bid/28820 https://exchange.xforce.ibmcloud.com/vulnerabilities/41876 • CWE-20: Improper Input Validation •