CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2024-2562 – PandaXGO PandaX role_menu.go InsertRole sql injection
https://notcve.org/view.php?id=CVE-2024-2562
17 Mar 2024 — A vulnerability, which was classified as critical, was found in PandaXGO PandaX up to 20240310. This affects the function InsertRole of the file /apps/system/services/role_menu.go. The manipulation of the argument roleKey leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/PandaXGO/PandaX/issues/4 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.5EPSS: 6%CPEs: 1EXPL: 1CVE-2022-4306 – Panda Pods Repeater Field < 1.5.4 - Reflected XSS
https://notcve.org/view.php?id=CVE-2022-4306
07 Dec 2022 — The Panda Pods Repeater Field WordPress plugin before 1.5.4 does not sanitize and escapes a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against a user having at least Contributor permission. The Panda Pods Repeater Field for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'podid' parameter in versions up to, and including, 1.5.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthe... • https://wpscan.com/vulnerability/18d7f9af-7267-4723-9d6f-05b895c94dbe • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 1CVE-2015-1438 – Panda Security 1.0.0.13 Arbitrary Code Execution
https://notcve.org/view.php?id=CVE-2015-1438
11 Jul 2015 — Heap-based buffer overflow in Panda Security Kernel Memory Access Driver 1.0.0.13 allows attackers to execute arbitrary code with kernel privileges via a crafted size input for allocated kernel paged pool and allocated non-paged pool buffers. Un desbordamiento de búfer en la región heap de la memoria en Panda Security Kernel Memory Access Driver versión 1.0.0.13, permite a los atacantes ejecutar código arbitrario con privilegios kernel por medio de una entrada de tamaño creado para los búferes de grupo no p... • http://packetstormsecurity.com/files/132682/Panda-Security-1.0.0.13-Arbitrary-Code-Execution.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 10%CPEs: 1EXPL: 0CVE-2009-3735
https://notcve.org/view.php?id=CVE-2009-3735
11 Feb 2010 — The ActiveScan Installer ActiveX control in as2stubie.dll before 1.3.3.0 in PandaActiveScan Installer 2.0 in Panda ActiveScan downloads software in an as2guiie.cab archive located at an arbitrary URL, and does not verify the archive's digital signature before installation, which allows remote attackers to execute arbitrary code via a URL argument to an unspecified method. El control ActiveScan Installer ActiveX en as2stubie.dll anterior a v1.3.3.0 en PandaActiveScan Installer v2.0 y en Panda ActiveScan down... • http://secunia.com/advisories/38485 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 26%CPEs: 1EXPL: 2CVE-2008-3155 – Panda Security ActiveScan 2.0 (Update) - Remote Buffer Overflow
https://notcve.org/view.php?id=CVE-2008-3155
11 Jul 2008 — Stack-based buffer overflow in the ActiveX control (as2guiie.dll) in Panda ActiveScan before 1.02.00 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long argument to the Update method. Desbordamiento de búfer basado en pila en el control ActiveX (as2guiie.dll) de Panda ActiveScan versiones anteriores a 1.02.00 permite a atacantes remotos provocar una denegación de servicio (caída) o ejecutar código de su elección a través de un argumento largo del método Update. • https://www.exploit-db.com/exploits/6004 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 10%CPEs: 1EXPL: 2CVE-2008-3156 – Panda Security ActiveScan 2.0 (Update) - Remote Buffer Overflow
https://notcve.org/view.php?id=CVE-2008-3156
11 Jul 2008 — The ActiveScan ActiveX Control (as2guiie.dll) in Panda ActiveScan before 1.02.00 allows remote attackers to download and execute arbitrary cabinet (CAB) files via unspecified URLs passed to the Update method. El control ActiveX ActiveScan (as2guiie.dll) de Panda ActiveScan versiones anteriores a 1.02.00 permite a atacantes remotos descargar y ejecutar ficheros cabinet (CAB) de su elección a través de URLs no especificadas pasando por el método Update. • https://www.exploit-db.com/exploits/6004 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 2CVE-2008-1471 – Panda Internet Security/AntiVirus+Firewall 2008 - 'CPoint.sys' Memory Corruption
https://notcve.org/view.php?id=CVE-2008-1471
24 Mar 2008 — The cpoint.sys driver in Panda Internet Security 2008 and Antivirus+ Firewall 2008 allows local users to cause a denial of service (system crash or kernel panic), overwrite memory, or execute arbitrary code via a crafted IOCTL request that triggers an out-of-bounds write of kernel memory. El dispositivo cpoint.sys driver en Panda Internet Security 2008 y Antivirus+ Firewall 2008 permite a usuarios locales provocar una denegación de servicio (caída del sistema o kernel panic), sobrescribir memoria o ejecutar... • https://www.exploit-db.com/exploits/31363 • CWE-399: Resource Management Errors •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 2CVE-2007-4191 – Panda AntiVirus 2008 - Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2007-4191
08 Aug 2007 — Panda Antivirus 2008 stores service executables under the product's installation directory with weak permissions, which allows local users to obtain LocalSystem privileges by modifying PAVSRV51.EXE or other unspecified files, a related issue to CVE-2006-4657. Panda Antivirus 2008 almacena ejecutables de servicio bajo el directorio de instalación del producto con permisos débiles, lo cual permite a usuarios locales obtener privilegios LocalSystem modificando PAVSRV51.EXE u otros ficheros no especificados, un... • https://www.exploit-db.com/exploits/4257 •
CVSS: 9.3EPSS: 7%CPEs: 1EXPL: 0CVE-2007-3969
https://notcve.org/view.php?id=CVE-2007-3969
25 Jul 2007 — Buffer overflow in Panda Antivirus before 20070720 allows remote attackers to execute arbitrary code via a crafted EXE file, resulting from an "Integer Cast Around." Desbordamiento de búfer en el Antivirus Panda anterior al 20070720 permite a atacantes remotos ejecutar código de su elección a través de un fichero EXE modificado, resultado de un "Integer Cast Around". • http://secunia.com/advisories/26171 •
CVSS: 9.8EPSS: 8%CPEs: 1EXPL: 0CVE-2007-3026 – Panda Software AdminSecure Agent Heap Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2007-3026
20 Jul 2007 — Integer overflow in Panda Software AdminSecure allows remote attackers to execute arbitrary code via crafted packets with modified length values to TCP ports 19226 or 19227, resulting in a heap-based buffer overflow. Desbordamiento de enteros en el Panda Software AdminSecure permite a atacantes remotos ejecutar código de su elección mediante paquetes manipulados en los que se han modificado valores de longitud de los puertos TCP 19226 o 19227 dando como resultado un desbordamiento de búfer basado en montícu... • http://osvdb.org/38614 •