CVSS: 7.2EPSS: 0%CPEs: 7EXPL: 2CVE-2008-1471 – Panda Internet Security/AntiVirus+Firewall 2008 - 'CPoint.sys' Memory Corruption
https://notcve.org/view.php?id=CVE-2008-1471
The cpoint.sys driver in Panda Internet Security 2008 and Antivirus+ Firewall 2008 allows local users to cause a denial of service (system crash or kernel panic), overwrite memory, or execute arbitrary code via a crafted IOCTL request that triggers an out-of-bounds write of kernel memory. El dispositivo cpoint.sys driver en Panda Internet Security 2008 y Antivirus+ Firewall 2008 permite a usuarios locales provocar una denegación de servicio (caída del sistema o kernel panic), sobrescribir memoria o ejecutar código de su elección a través de una petición IOCTL manipulada que dispara una escritura en memoria fuera de límite. • https://www.exploit-db.com/exploits/31363 http://secunia.com/advisories/29311 http://www.pandasecurity.com/homeusers/support/card?id=41231&idIdioma=2&ref=ProdExp http://www.pandasecurity.com/homeusers/support/card?id=41337&idIdioma=2&ref=ProdExp http://www.securityfocus.com/archive/1/489292/100/0/threaded http://www.securityfocus.com/bid/28150 http://www.securitytracker.com/id?1019568 http://www.trapkit.de/advisories/TKADV2008-001.txt http://www.vupen.com/english/advisories/2008/0 • CWE-399: Resource Management Errors •
CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 2CVE-2007-4191 – Panda AntiVirus 2008 - Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2007-4191
Panda Antivirus 2008 stores service executables under the product's installation directory with weak permissions, which allows local users to obtain LocalSystem privileges by modifying PAVSRV51.EXE or other unspecified files, a related issue to CVE-2006-4657. Panda Antivirus 2008 almacena ejecutables de servicio bajo el directorio de instalación del producto con permisos débiles, lo cual permite a usuarios locales obtener privilegios LocalSystem modificando PAVSRV51.EXE u otros ficheros no especificados, un asunto similar a CVE-2006-4657. • https://www.exploit-db.com/exploits/4257 http://secunia.com/advisories/26336 http://securityreason.com/securityalert/2968 http://www.pandasecurity.com/homeusers/support/card?id=41111&idIdioma=2&ref=PAV08Dev http://www.securityfocus.com/archive/1/475373/100/0/threaded http://www.securityfocus.com/archive/1/480022/100/100/threaded http://www.securityfocus.com/archive/1/480443/100/100/threaded http://www.securityfocus.com/bid/25186 http://www.securitytracker.com/id?1018722 http:/&# •
CVSS: 9.3EPSS: 14%CPEs: 1EXPL: 0CVE-2007-3969
https://notcve.org/view.php?id=CVE-2007-3969
Buffer overflow in Panda Antivirus before 20070720 allows remote attackers to execute arbitrary code via a crafted EXE file, resulting from an "Integer Cast Around." Desbordamiento de búfer en el Antivirus Panda anterior al 20070720 permite a atacantes remotos ejecutar código de su elección a través de un fichero EXE modificado, resultado de un "Integer Cast Around". • http://secunia.com/advisories/26171 http://securityreason.com/securityalert/2920 http://www.nruns.com/%5Bn.runs-SA-2007.019%5D%20-%20Panda%20Antivirus%20EXE%20parsing%20Arbitrary%20Code%20Execution%20Advisory.pdf http://www.nruns.com/%5Bn.runs-SA-2007.019%5D%20-%20Panda%20Antivirus%20EXE%20parsing%20Arbitrary%20Code%20Execution%20Advisory.txt http://www.securityfocus.com/archive/1/474247/100/0/threaded http://www.securityfocus.com/bid/24989 http://www.securitytracker.com/id?1018437 •
CVSS: 9.3EPSS: 10%CPEs: 1EXPL: 0CVE-2007-3026 – Panda Software AdminSecure Agent Heap Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2007-3026
Integer overflow in Panda Software AdminSecure allows remote attackers to execute arbitrary code via crafted packets with modified length values to TCP ports 19226 or 19227, resulting in a heap-based buffer overflow. Desbordamiento de enteros en el Panda Software AdminSecure permite a atacantes remotos ejecutar código de su elección mediante paquetes manipulados en los que se han modificado valores de longitud de los puertos TCP 19226 o 19227 dando como resultado un desbordamiento de búfer basado en montículo. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Panda AdminSecure. Authentication is not required to exploit this vulnerability. The specific flaw exists within the AdminSecure agent which binds by default to TCP port 19226 or 19227. When processing traffic on the listening port, the agent trusts a user-supplied length value for a memory allocation. • http://osvdb.org/38614 http://secunia.com/advisories/26157 http://securityreason.com/securityalert/2917 http://www.securityfocus.com/archive/1/474551/100/0/threaded http://www.securityfocus.com/bid/25046 http://www.securitytracker.com/id?1018446 http://www.vupen.com/english/advisories/2007/2641 http://www.zerodayinitiative.com/advisories/ZDI-07-041.html https://exchange.xforce.ibmcloud.com/vulnerabilities/35600 •
CVSS: 7.8EPSS: 7%CPEs: 59EXPL: 1CVE-2007-1673
https://notcve.org/view.php?id=CVE-2007-1673
unzoo.c, as used in multiple products including AMaViS 2.4.1 and earlier, allows remote attackers to cause a denial of service (infinite loop) via a ZOO archive with a direntry structure that points to a previous file. El archivo unzoo.c, tal como se utiliza en varios productos, incluyendo AMaViS versión 2.4.1 y anteriores, permite a los atacantes remotos causar una denegación de servicio (bucle infinito) por medio de un archivo ZOO con una estructura direntry que apunta hacia un archivo anterior. • http://osvdb.org/36208 http://secunia.com/advisories/25315 http://securityreason.com/securityalert/2680 http://www.amavis.org/security/asa-2007-2.txt http://www.securityfocus.com/archive/1/467646/100/0/threaded http://www.securityfocus.com/bid/23823 https://exchange.xforce.ibmcloud.com/vulnerabilities/34080 • CWE-399: Resource Management Errors •