Page 19 of 95 results (0.006 seconds)

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1

The filecopy function in misc.c in Clam AntiVirus (ClamAV) before 0.85, on Mac OS, allows remote attackers to execute arbitrary code via a virus in a filename that contains shell metacharacters, which are not properly handled when HFS permissions prevent the file from being deleted and ditto is invoked. La función filecopy en misc.c en Clam AntiVirus (ClamAV) en versiones anteriores a 0.85, en Mac OS, permite a atacantes remotos ejecutar código arbitrario a través de un virus en un nombre de archivo que contiene metacaractéres shell, que no son manejados adecuadamente cuando permisos HFS impiden que el archivo sea borrado y el mismo se invoca. • http://securitytracker.com/id?1014070 http://www.sentinelchicken.com/advisories/clamav • CWE-20: Improper Input Validation •

CVSS: 5.0EPSS: 6%CPEs: 10EXPL: 0

ClamAV 0.80 and earlier allows remote attackers to bypass virus scanning via a base64 encoded image in a data: (RFC 2397) URL. • http://seclists.org/lists/fulldisclosure/2005/Jan/0332.html http://seclists.org/lists/fulldisclosure/2005/Jan/0537.html http://secunia.com/advisories/13900 http://sourceforge.net/project/shownotes.php?release_id=300116 http://www.gentoo.org/security/en/glsa/glsa-200501-46.xml http://www.mandriva.com/security/advisories?name=MDKSA-2005:025 •

CVSS: 5.0EPSS: 1%CPEs: 10EXPL: 0

ClamAV 0.80 and earlier allows remote attackers to cause a denial of service (clamd daemon crash) via a ZIP file with malformed headers. • http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000928 http://sourceforge.net/project/shownotes.php?release_id=300116 http://www.gentoo.org/security/en/glsa/glsa-200501-46.xml http://www.mandriva.com/security/advisories?name=MDKSA-2005:025 http://www.trustix.org/errata/2005/0003 •

CVSS: 2.6EPSS: 1%CPEs: 2EXPL: 0

Claim Anti-Virus (ClamAV) 0.68 and earlier allows remote attackers to cause a denial of service (crash) via certain RAR archives, such as those generated by the Beagle/Bagle worm. • http://freshmeat.net/projects/clamav/?branch_id=29355&release_id=154462 http://secunia.com/advisories/11177 http://security.gentoo.org/glsa/glsa-200404-07.xml http://www.securityfocus.com/bid/9897 https://exchange.xforce.ibmcloud.com/vulnerabilities/15553 •

CVSS: 4.6EPSS: 0%CPEs: 9EXPL: 1

The "%f" feature in the VirusEvent directive in Clam AntiVirus daemon (clamd) before 0.70 allows local users to execute arbitrary commands via shell metacharacters in a file name. • http://marc.info/?l=bugtraq&m=108066864608615&w=2 http://secunia.com/advisories/11253 http://security.gentoo.org/glsa/glsa-200405-03.xml http://www.securityfocus.com/bid/10007 https://exchange.xforce.ibmcloud.com/vulnerabilities/15692 •