CVSS: 7.5EPSS: 1%CPEs: 48EXPL: 0CVE-2007-0898
https://notcve.org/view.php?id=CVE-2007-0898
16 Feb 2007 — Directory traversal vulnerability in clamd in Clam AntiVirus ClamAV before 0.90 allows remote attackers to overwrite arbitrary files via a .. (dot dot) in the id MIME header parameter in a multi-part message. Vulnerabilidad de salto de directorio en clamd en Clam AntiVirus ClamAV anterior a 0.90 permite a atacantes remotos sobreescribir ficheros de su elección a través de la secuencia .. (punto punto) en el parámetro de cabecera id MIME en un mensaje multi-parte. • http://docs.info.apple.com/article.html?artnum=307562 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.5EPSS: 3%CPEs: 1EXPL: 0CVE-2006-6481
https://notcve.org/view.php?id=CVE-2006-6481
12 Dec 2006 — Clam AntiVirus (ClamAV) 0.88.6 allows remote attackers to cause a denial of service (stack overflow and application crash) by wrapping many layers of multipart/mixed content around a document, a different vulnerability than CVE-2006-5874 and CVE-2006-6406. Clam AntiVirus (ClamAV) 0.88.6 permite a atacantes remotos provocar una denegación de servicio (desbordamiento de pila y caída de aplicación) encapsulando un documento con muchas capas de contenido multiparte/mezclado (multipart/mixed), una vulnerabilidad... • http://docs.info.apple.com/article.html?artnum=307562 •
CVSS: 6.5EPSS: 2%CPEs: 1EXPL: 1CVE-2006-6406
https://notcve.org/view.php?id=CVE-2006-6406
10 Dec 2006 — Clam AntiVirus (ClamAV) 0.88.6 allows remote attackers to bypass virus detection by inserting invalid characters into base64 encoded content in a multipart/mixed MIME file, as demonstrated with the EICAR test file. Clam AntiVirus (ClamAV) 0.88.6 permite a atacantes remotos evitar una detección de virus, insertando caracteres inválidos en un contenido codificado base64 en un fichero MIME multipart/mixed, como se demuestra con el fichero de testeo EICAR. • http://kolab.org/security/kolab-vendor-notice-14.txt •
CVSS: 7.5EPSS: 1%CPEs: 22EXPL: 0CVE-2006-5874
https://notcve.org/view.php?id=CVE-2006-5874
10 Dec 2006 — Clam AntiVirus (ClamAV) 0.88 and earlier allows remote attackers to cause a denial of service (crash) via a malformed base64-encoded MIME attachment that triggers a null pointer dereference. Clam AntiVirus (ClamAV) 0.88 y versiones anteriores permite a atacantes remotos provocar una denegación de servicio (caída) mediante un adjunto MIME codificado-base64 mal formado que dispara una referencia a puntero null. • http://secunia.com/advisories/23327 •
CVSS: 5.5EPSS: 20%CPEs: 48EXPL: 1CVE-2006-5295 – Clam AntiVirus 0.88.4 - CHM Chunk Name Length Denial of Service (PoC)
https://notcve.org/view.php?id=CVE-2006-5295
16 Oct 2006 — Unspecified vulnerability in ClamAV before 0.88.5 allows remote attackers to cause a denial of service (scanning service crash) via a crafted Compressed HTML Help (CHM) file that causes ClamAV to "read an invalid memory location." Vulnerabilidad no especificada en ClamAV anterior a 0.88.5 permite a atacantes remotos provocar una denegación de servicio (caída del servicio de escaneo) mediante un archivo de Ayuda HTML comprimida (CHM) creado artesanalmente que hace que ClamAV lea una posición de memoria invál... • https://www.exploit-db.com/exploits/2586 •
CVSS: 9.1EPSS: 17%CPEs: 48EXPL: 1CVE-2006-4182 – Clam AntiVirus 0.88.4 - 'rebuildpe' Remote Heap Overflow (PoC)
https://notcve.org/view.php?id=CVE-2006-4182
16 Oct 2006 — Integer overflow in ClamAV 0.88.1 and 0.88.4, and other versions before 0.88.5, allows remote attackers to cause a denial of service (scanning service crash) and execute arbitrary code via a crafted Portable Executable (PE) file that leads to a heap-based buffer overflow when less memory is allocated than expected. Desbordamiento de entero en ClamAV 0.88.1 y 0.88.4, y otras versiones anteriores a 0.88.5, permite a atacantes remotos provocar una denegación de servicio (caída del servicio de escaneo) y ejecut... • https://www.exploit-db.com/exploits/2587 •
CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 1CVE-2006-2427
https://notcve.org/view.php?id=CVE-2006-2427
17 May 2006 — freshclam in (1) Clam Antivirus (ClamAV) 0.88 and (2) ClamXav 1.0.3h and earlier does not drop privileges before processing the config-file command line option, which allows local users to read portions of arbitrary files when an error message displays the first line of the target file. • http://secunia.com/advisories/20085 •
CVSS: 9.8EPSS: 4%CPEs: 2EXPL: 2CVE-2006-1989
https://notcve.org/view.php?id=CVE-2006-1989
01 May 2006 — Buffer overflow in the get_database function in the HTTP client in Freshclam in ClamAV 0.80 to 0.88.1 might allow remote web servers to execute arbitrary code via long HTTP headers. • http://kolab.org/security/kolab-vendor-notice-09.txt •
CVSS: 9.8EPSS: 28%CPEs: 30EXPL: 1CVE-2006-1614
https://notcve.org/view.php?id=CVE-2006-1614
06 Apr 2006 — Integer overflow in the cli_scanpe function in the PE header parser (libclamav/pe.c) in Clam AntiVirus (ClamAV) before 0.88.1, when ArchiveMaxFileSize is disabled, allows remote attackers to cause a denial of service and possibly execute arbitrary code. • http://lists.apple.com/archives/security-announce/2006/May/msg00003.html •
CVSS: 7.5EPSS: 14%CPEs: 30EXPL: 0CVE-2006-1630
https://notcve.org/view.php?id=CVE-2006-1630
06 Apr 2006 — The cli_bitset_set function in libclamav/others.c in Clam AntiVirus (ClamAV) before 0.88.1 allows remote attackers to cause a denial of service via unspecified vectors that trigger an "invalid memory access." • http://lists.apple.com/archives/security-announce/2006/May/msg00003.html •