Page 25 of 131 results (0.007 seconds)

CVSS: 2.6EPSS: 0%CPEs: 5EXPL: 0

The ENSURE_BITS macro in mszipd.c for Clam AntiVirus (ClamAV) 0.83, and other versions vefore 0.86, allows remote attackers to cause a denial of service (CPU consumption by infinite loop) via a cabinet (CAB) file with the cffile_FolderOffset field set to 0xff, which causes a zero-length read. • http://www.debian.org/security/2005/dsa-737 http://www.idefense.com/application/poi/display?id=275&type=vulnerabilities •

CVSS: 2.6EPSS: 2%CPEs: 3EXPL: 0

The Quantum archive decompressor in Clam AntiVirus (ClamAV) before 0.86.1 allows remote attackers to cause a denial of service (application crash) via a crafted Quantum archive. • http://secunia.com/advisories/15811 http://sourceforge.net/project/shownotes.php?release_id=337279 http://www.debian.org/security/2005/dsa-737 http://www.gentoo.org/security/en/glsa/glsa-200506-23.xml http://www.novell.com/linux/security/advisories/2005_38_clamav.html http://www.securityfocus.com/bid/14058 •

CVSS: 4.3EPSS: 0%CPEs: 5EXPL: 1

Cross-site scripting (XSS) vulnerability in Jaws Glossary gadget 0.4 to 0.5.1 allows remote attackers to inject arbitrary web script or HTML via the term parameter in a view or ViewTerm action to index.php. • https://www.exploit-db.com/exploits/25740 http://lists.grok.org.uk/pipermail/full-disclosure/2005-May/034354.html http://www.securityfocus.com/bid/13796 •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1

The filecopy function in misc.c in Clam AntiVirus (ClamAV) before 0.85, on Mac OS, allows remote attackers to execute arbitrary code via a virus in a filename that contains shell metacharacters, which are not properly handled when HFS permissions prevent the file from being deleted and ditto is invoked. La función filecopy en misc.c en Clam AntiVirus (ClamAV) en versiones anteriores a 0.85, en Mac OS, permite a atacantes remotos ejecutar código arbitrario a través de un virus en un nombre de archivo que contiene metacaractéres shell, que no son manejados adecuadamente cuando permisos HFS impiden que el archivo sea borrado y el mismo se invoca. • http://securitytracker.com/id?1014070 http://www.sentinelchicken.com/advisories/clamav • CWE-20: Improper Input Validation •

CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0

Gibraltar Firewall 2.2 and earlier, when using the ClamAV update to 0.81 for Squid, uses a defunct ClamAV method to scan memory for viruses, which does not return an error code and prevents viruses from being detected. • http://securitytracker.com/id?1014030 •