CVSS: 9.8EPSS: 5%CPEs: 3EXPL: 2CVE-2017-5005
https://notcve.org/view.php?id=CVE-2017-5005
Stack-based buffer overflow in Quick Heal Internet Security 10.1.0.316 and earlier, Total Security 10.1.0.316 and earlier, and AntiVirus Pro 10.1.0.316 and earlier on OS X allows remote attackers to execute arbitrary code via a crafted LC_UNIXTHREAD.cmdsize field in a Mach-O file that is mishandled during a Security Scan (aka Custom Scan) operation. Desbordamiento de búfer basado en pila en Quick Heal Internet Security 10.1.0.316 y versiones anteriores, Total Security 10.1.0.316 y versiones anteriores y AntiVirus Pro 10.1.0.316 y versiones anteriores en OS X permite a atacantes remotos ejecutar código arbitrario a través de un campo LC_UNIXTHREAD.cmdsize manipulado en un archivo Mach-O que no es manejado correctamente durante una operación Security Scan (también conocido como Custom Scan). • http://www.securityfocus.com/bid/95194 http://www.securitytracker.com/id/1037547 https://github.com/payatu/QuickHeal https://www.youtube.com/watch?v=h9LOsv4XE00 • CWE-787: Out-of-bounds Write •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2016-10899 – Total Security <= 3.4.0 - Unauthenticated Settings Change
https://notcve.org/view.php?id=CVE-2016-10899
The total-security plugin before 3.4.1 for WordPress has a settings-change vulnerability. El plugin total-security versiones anteriores a 3.4.1 para WordPress, presenta una vulnerabilidad de cambio de configuración. • https://wordpress.org/plugins/total-security/#developers • CWE-20: Improper Input Validation CWE-862: Missing Authorization •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2016-10898 – Total Security <= 3.4 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2016-10898
The total-security plugin before 3.4.1 for WordPress has XSS. El plugin total-security versiones anteriores a 3.4.1 para WordPress, presenta una vulnerabilidad de tipo XSS. The total-security plugin before 3.4.1 for WordPress has XSS via several parameters. • https://wordpress.org/plugins/total-security/#developers • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.2EPSS: 0%CPEs: 4EXPL: 4CVE-2014-9643 – K7 Computing (Multiple Products) - Arbitrary Write Privilege Escalation
https://notcve.org/view.php?id=CVE-2014-9643
K7Sentry.sys in K7 Computing Ultimate Security, Anti-Virus Plus, and Total Security before 14.2.0.253 allows local users to write to arbitrary memory locations, and consequently gain privileges, via a crafted 0x95002570, 0x95002574, 0x95002580, 0x950025a8, 0x950025ac, or 0x950025c8 IOCTL call. K7Sentry.sys en K7 Computing Ultimate Security, Anti-Virus Plus, y Total Security anterior a 14.2.0.253 permite a usuarios locales escribir a localizaciones de memoria arbitrarias, y como consecuencia ganar privilegios, a través de una llamada IOCTL 0x95002570, 0x95002574, 0x95002580, 0x950025a8, 0x950025ac, o 0x950025c8 manipulada. Multiple products from K7 Computing suffer from an arbitrary write privilege escalation vulnerability. • https://www.exploit-db.com/exploits/35992 http://packetstormsecurity.com/files/130246/K7-Computing-14.2.0.240-Privilege-Escalation.html http://www.exploit-db.com/exploits/35992 http://www.greyhathacker.net/?p=818 http://www.osvdb.org/113007 • CWE-264: Permissions, Privileges, and Access Controls •