24 results (0.008 seconds)

CVSS: 2.1EPSS: 0%CPEs: 1EXPL: 1

The web server for Network Associates ePolicy Orchestrator Agent 3.5.0 (patch 3) uses insecure permissions for the "Common Framework\Db" folder, which allows local users to read arbitrary files by creating a subfolder in the EPO agent web root directory. • http://knowledgemap.nai.com/KanisaSupportSite/search.do?cmd=displayKC&docType=kc&externalId=KBkb42216xml http://lists.virus.org/full-disclosure-0508/msg00376.html http://reedarvin.thearvins.com/20050811-01.html http://secunia.com/advisories/16410 http://www.osvdb.org/18735 http://www.securityfocus.com/bid/14549 http://www.vupen.com/english/advisories/2005/1402 https://exchange.xforce.ibmcloud.com/vulnerabilities/21839 •

CVSS: 5.1EPSS: 2%CPEs: 1EXPL: 0

Buffer overflow in PGPFreeware 7.03 running on Windows NT 4.0 SP6 allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted Internet Key Exchange (IKE) response packets, possibly including (1) a large Security Parameter Index (SPI) field, (2) large number of payloads, or (3) a long payload. • http://www.kb.cert.org/vuls/id/287771 http://www.kb.cert.org/vuls/id/AAMN-5A5RXM http://www.securityfocus.com/bid/5449 https://exchange.xforce.ibmcloud.com/vulnerabilities/9850 •

CVSS: 7.5EPSS: 1%CPEs: 11EXPL: 0

SMTP content filter engines, including (1) GFI MailSecurity for Exchange/SMTP before 7.2, (2) InterScan VirusWall before 3.52 build 1494, (3) the default configuration of MIMEDefang before 2.21, and possibly other products, do not detect fragmented emails as defined in RFC2046 ("Message Fragmentation and Reassembly") and supported in such products as Outlook Express, which allows remote attackers to bypass content filtering, including virus checking, via fragmented emails of the message/partial content type. motores de filtrado de contenido SMTP, incluyendo GFI MailSecurity para Exchange/SMTP anteriores a 7.2 InterScan VirusWall anteriores a 3.52 compilación 1494 la configuración por defecto de MIMEDefang anteriores a 2.21 y posiblemente otros productos, no detectan correos electrónicos fragmentados como se define en la RFC2046 ("Fragmentación y ensamblaje de Mensajes"), y soportado en productos como Outlook Express, lo que permite a atacantes remotos evitar el filtrado de contenido, incluyendo la comprobación de virus, mediante correos fragmentados con el tipo de contenido message/partial. • http://archives.neohapsis.com/archives/bugtraq/2002-09/0134.html http://archives.neohapsis.com/archives/bugtraq/2002-09/0135.html http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0113.html http://marc.info/?l=bugtraq&m=103184267105132&w=2 http://marc.info/?l=bugtraq&m=103184501408453&w=2 http://www.iss.net/security_center/static/10088.php http://www.kb.cert.org/vuls/id/836088 http://www.securiteam.com/securitynews/5YP0A0K8CM.html http://www.securityfocus.com/bid& •

CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0

PGP Security PGPfire 7.1 for Windows alters the system's TCP/IP stack and modifies packets in ICMP error messages in a way that allows remote attackers to determine that the system is running PGPfire. PGP Security PGPfire 7.1 para Windows altera la pila TCP/IP del sistema y modifica paquetes en los mensajes ICMP de error de un modo que permite a atacantes remotos saber que el sistema esta ejecutando PGPfire. • http://online.securityfocus.com/archive/1/252407 http://www.iss.net/security_center/static/8008.php http://www.securityfocus.com/bid/3961 • CWE-203: Observable Discrepancy •

CVSS: 7.5EPSS: 2%CPEs: 2EXPL: 0

NAI WebShield SMTP 4.5 and possibly 4.5 MR1a does not filter improperly MIME encoded email attachments, which could allow remote attackers to bypass filtering and possibly execute arbitrary code in email clients that process the invalid attachments. • http://archives.neohapsis.com/archives/bugtraq/2001-11/0294.html http://www.iss.net/security_center/static/7637.php http://www.securityfocus.com/bid/3601 •