CVE-2007-3699 – Symantec AntiVirus Engine RAR File Parsing DoS Vulnerability
https://notcve.org/view.php?id=CVE-2007-3699
The Decomposer component in multiple Symantec products allows remote attackers to cause a denial of service (infinite loop) via a certain value in the PACK_SIZE field of a RAR archive file header. El componente Decomposer en múltiples productos Symantec permite a atacantes remotos provocar denegación de servicio (bucles infinitos) a través de ciertos valores en el campo PACK_SIZE de una cabecera de archivo RAR. This vulnerability allows attackers to create a denial of service condition on software with vulnerable installations of the Symantec's AntiVirus engine. Authentication is not required to exploit this vulnerability. The specific flaw resides in a forged PACK_SIZE field of a RAR file header. By setting this field to a specific value an infinite loop denial of service condition will occur when the scanner processes the file. • http://osvdb.org/36119 http://secunia.com/advisories/26053 http://securityresponse.symantec.com/avcenter/security/Content/2007.07.11f.html http://www.securityfocus.com/bid/24282 http://www.vupen.com/english/advisories/2007/2508 http://www.zerodayinitiative.com/advisories/ZDI-07-039.html •
CVE-2007-0564
https://notcve.org/view.php?id=CVE-2007-0564
The license registering interface in Symantec Web Security (SWS) before 3.0.1.85 allows attackers to cause a denial of service (CPU consumption) by submitting a large file. La interfaz de registro de licencia en Symantec Web Security (SWS) versiones anteriores a 3.0.1.85 permite a atacantes remotos provocar una denegación de servicio (agotamiento de CPU) enviando un fichero grande. • http://secunia.com/advisories/23896 http://securityresponse.symantec.com/avcenter/security/Content/2007.01.24c.html http://securitytracker.com/id?1017558 http://www.vupen.com/english/advisories/2007/0330 •
CVE-2004-2755
https://notcve.org/view.php?id=CVE-2004-2755
Cross-site scripting (XSS) vulnerability in Symantec Web Security 2.5, 3.0.0, and 3.0.1 before build 62 allows remote attackers to inject arbitrary web script or HTML via the query string in blocked URLs that are listed in (1) error or (2) block page messages. • http://secunia.com/advisories/10618 http://securityresponse.symantec.com/avcenter/security/Content/2004.01.13.html http://www.osvdb.org/6754 http://www.securityfocus.com/bid/9418 http://www.securitytracker.com/alerts/2004/Jan/1008711.html https://exchange.xforce.ibmcloud.com/vulnerabilities/14825 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •