CVSS: 9.3EPSS: 0%CPEs: 3EXPL: 0CVE-2008-5535
https://notcve.org/view.php?id=CVE-2008-5535
12 Dec 2008 — Norman Antivirus 5.80.02, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit. Norman Antivirus v5.80.02, cuando se utiliza Internet Explorer 6 o 7, permite a atacantes remotos eludir la detección de malware en un documento HT... • http://securityreason.com/securityalert/4723 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 2CVE-2007-4648 – Norman Virus Control - 'nvcoaft51.sys' ioctl BF672028
https://notcve.org/view.php?id=CVE-2007-4648
31 Aug 2007 — The nvcoaft51 driver in Norman Virus Control (NVC) 5.82 uses weak permissions (unrestricted write access) for the NvcOa device, which allows local users to gain privileges by (1) triggering a buffer overflow in a kernel pool via a string argument to ioctl 0xBF67201C; or by (2) sending a crafted KEVENT structure through ioctl 0xBF672028 to overwrite arbitrary memory locations. El controlador de dispositivo nvcoaft51 de Norman Virus Control (NVC) 5.82 utiliza permisos débiles (acceso de escritura no restringi... • https://www.exploit-db.com/exploits/4345 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 11%CPEs: 1EXPL: 0CVE-2007-3951
https://notcve.org/view.php?id=CVE-2007-3951
24 Jul 2007 — Multiple buffer overflows in Norman Antivirus 5.90 allow remote attackers to execute arbitrary code via a crafted (1) ACE or (2) LZH file, resulting from an "integer cast around." Múltiples desbordamientos de búfer en Norman Antivirus 5.90 permite a atacantes remotos ejecutar código de su elección a través de archivos (1) ACE o (2) LZH manipulados, como resultado de un "redondedo del enterio lanzado". • http://osvdb.org/37982 •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2007-3952
https://notcve.org/view.php?id=CVE-2007-3952
24 Jul 2007 — The OLE2 parsing in Norman Antivirus before 5.91.02 allows remote attackers to bypass the malware detection via a crafted DOC file, resulting from an "integer cast around". La validación OLE2 en Norman Antivirus anterior a 5.91.02 permite a atacantes remotos evitar la detección de código malicioso a través de archivos DOC manipulados resulta de un "redondeo de entero lanzado" • http://osvdb.org/37981 •
CVSS: 5.5EPSS: 1%CPEs: 1EXPL: 0CVE-2007-3953
https://notcve.org/view.php?id=CVE-2007-3953
24 Jul 2007 — The OLE2 parsing in Norman Antivirus before 5.91.02 allows remote attackers to cause a denial of service via a crafted DOC file that triggers a divide-by-zero error. La validación OLE2 en Norman Antivirus anterior a 5.91.02 permite a atacantes remotos provocar denegación de servicio a través de archivos DOC manipulado que disparan un erro de división por cero. • http://osvdb.org/37980 •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2007-1194
https://notcve.org/view.php?id=CVE-2007-1194
02 Mar 2007 — Norman SandBox Analyzer does not use the proper range for Interrupt Descriptor Table (IDT) entries, which allows local users to determine that the local machine is an emulator, or a similar environment not based on a physical Intel processor, which allows attackers to produce malware that is more difficult to analyze. Norman SandBox Analyzer no utiliza el rango adecuado para las entradas de Interrupt Descriptor Table (IDT), lo cual permite a un usuario local determinar que la máquina local es un emulador, o... • http://osvdb.org/34955 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 2%CPEs: 1EXPL: 1CVE-2006-4213 – Thatware 0.4.6 - 'ROOT_PATH' Remote File Inclusion
https://notcve.org/view.php?id=CVE-2006-4213
17 Aug 2006 — PHP remote file inclusion vulnerability in config.php in David Kent Norman Thatware 0.4.6 and possibly earlier allows remote attackers to execute arbitrary PHP code via a URL in the root_path parameter. Vulnerabilidad de inclusión remota de archivo en PHP en config.php en David Kent Norman Thatware 0.4.6 y posiblemente anetriores permite a atacantes remotos ejecutar código PHP de su elección mediante una URL en el parámetro root_path. • https://www.exploit-db.com/exploits/2166 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2005-3342
https://notcve.org/view.php?id=CVE-2005-3342
31 Dec 2005 — noweb 2.10c and earlier allows local users to overwrite arbitrary files via symlink attacks on temporary files in (1) lib/toascii.nw and (2) shell/roff.mm. • http://secunia.com/advisories/18809 •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2005-3378
https://notcve.org/view.php?id=CVE-2005-3378
29 Oct 2005 — Multiple interpretation error in Norman 5.81 with the 5.83.02 engine allows remote attackers to bypass virus scanning via a file such as BAT, HTML, and EML with an "MZ" magic byte sequence which is normally associated with EXE, which causes the file to be treated as a safe type that could still be executed as a dangerous file type by applications on the end system, as demonstrated by a "triple headed" program that contains EXE, EML, and HTML content, aka the "magic byte bug." • http://marc.info/?l=bugtraq&m=113026417802703&w=2 •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2005-3220
https://notcve.org/view.php?id=CVE-2005-3220
14 Oct 2005 — Multiple interpretation error in unspecified versions of Norman Virus Control Antivirus allows remote attackers to bypass virus detection via a malicious executable in a specially crafted RAR file with malformed central and local headers, which can still be opened by products such as Winrar and PowerZip, even though they are rejected as corrupted by Winzip and BitZipper. • http://marc.info/?l=bugtraq&m=112879611919750&w=2 •