4 results (0.006 seconds)

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0

The Pegasus Airlines (aka com.wPegasusAirlines) application 0.84.13503.96707 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. La aplicación para Android Pegasus Airlines (también conocido como com.wPegasusAirlines) 0.84.13503.96707 no verifica los certificados X.509 de los servidores SSL, lo que permite a atacantes man-in-the-middle suplantar servidores y obtener información sensible a través de un certificado manipulado. • http://www.kb.cert.org/vuls/id/582497 http://www.kb.cert.org/vuls/id/948137 https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing • CWE-310: Cryptographic Issues •

CVSS: 4.0EPSS: 68%CPEs: 1EXPL: 4

Multiple absolute path traversal vulnerabilities in Pegasus Imaging ImagXpress 8.0 allow remote attackers to (1) delete arbitrary files via the CacheFile attribute in the ThumbnailXpres.1 ActiveX control (PegasusImaging.ActiveX.ThumnailXpress1.dll) or (2) overwrite arbitrary files via the CompactFile function in the ImagXpress.8 ActiveX control (PegasusImaging.ActiveX.ImagXpress8.dll). Múltiples vulnerabilidades de salto de directorio absoluto en Pegasus Imaging ImagXpress 8.0 permite a atacantes remotos (1) borrar ficheros de su elección mediante el atributo CacheFile en el control ActiveX ThumbnailXpres.1 (PegasusImaging.ActiveX.ThumnailXpress1.dll) o (2) sobrescribir ficheros de su elección mediante la función CompactFile en el control ActiveX ImagXpress.8 (PegasusImaging.ActiveX.ImagXpress8.dll). • https://www.exploit-db.com/exploits/4488 http://osvdb.org/37959 http://osvdb.org/37960 http://secunia.com/advisories/27095 http://shinnai.altervista.org/exploits/txt/TXT_3DQ1nIkI6zmWCek4zP5U.html http://shinnai.altervista.org/exploits/txt/TXT_wfv7ZG0G6KnQlk1SieLd.html http://www.securityfocus.com/bid/25948 http://www.securityfocus.com/bid/25949 http://www.vupen.com/english/advisories/2007/3388 https://exchange.xforce.ibmcloud.com/vulnerabilities/37012 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 7.5EPSS: 17%CPEs: 1EXPL: 2

Multiple stack-based buffer overflows in the Pegasus ImagN' ActiveX control (IMW32O40.OCX) 4.00.041 allow remote attackers to execute arbitrary code via (1) a long FileName parameter, or unspecified vectors involving the (2) BeginReport, (3) CreatePictureExA, (4) DefineImage, (5) DefineImageEx, (6) DefineImageFox, (7) CopyBufToClipExA, (8) LoadEx, (9) LoadFox, and other functions. Múltiples desbordamientos de búfer basado en pila en el control ActiveX Pegasus ImagN' (EMW32O40.OCX) 4.00.041 permite a atacantes remotos ejecutar código de su elección mediante (1) un parámetro FileName largo, o vectores no especificados involucrando las funciones (2) BeginReport, (3) CreatePictureExA, (4) DefineImage, (5) DefineImageEx, (6) DefineImageFox, (7) CopyBufToClipExA, (8) LoadEx, (9) LoadFox, y otras. • https://www.exploit-db.com/exploits/3966 http://osvdb.org/36518 http://retrogod.altervista.org/IE_pegasus_imagn_bof.html http://secunia.com/advisories/25351 http://www.securityfocus.com/bid/24086 http://www.vupen.com/english/advisories/2007/1899 https://exchange.xforce.ibmcloud.com/vulnerabilities/34419 •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 2

Buffer overflow in Mercury Mail Transport System 4.01b for Windows has unknown impact and attack vectors, as originally reported in a GLEG VulnDisco pack. NOTE: the provenance of this information is unknown; the details are obtained from third party information. The original researcher is reliable. Desbordamiento de búfer en Mercury Mail Transport System 4.01b para Windows tiene impacto desconocido y vectores de ataque. NOTA: la procedencia de esta información es desconocida; los detalles han sido obtenidos a partir de la información de terceros. • https://www.exploit-db.com/exploits/1223 http://secunia.com/advisories/22857 http://www.securityfocus.com/bid/21110 •