CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2013-7369
https://notcve.org/view.php?id=CVE-2013-7369
SQL injection vulnerability in an unspecified DLL in the FSDBCom ActiveX control in F-Secure Anti-Virus for Microsoft Exchange Server before HF02, Anti-Virus for Windows Servers 9.00 before HF09, Anti-Virus for Citrix Servers 9.00 before HF09, and F-Secure Email and Server Security and F-Secure Server Security 9.20 before HF01 allows remote attackers to execute arbitrary SQL commands via unknown vectors, related to GetCommand. Vulnerabilidad de inyección SQL en una DLL no especificada en el control FSDBCom ActiveX en F-Secure Anti-Virus para Microsoft Exchange Server anterior a HF02, Anti-Virus para Windows Servers 9.00 anterior a HF09, Anti-Virus para Citrix Servers 9.00 anterior a HF09, y F-Secure Email y Server Security y F-Secure Server Security 9.20 anterior a HF01 permite a atacantes remotos ejecutar comandos SQL arbitrarios a través de vectores desconocidos, relacionado con GetCommand. • http://www.f-secure.com/en/web/labs_global/fsc-2013-1 http://www.zerodayinitiative.com/advisories/ZDI-13-095 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 4.3EPSS: 97%CPEs: 9EXPL: 0CVE-2012-1430
https://notcve.org/view.php?id=CVE-2012-1430
The ELF file parser in Bitdefender 7.2, Comodo Antivirus 7424, eSafe 7.0.17.0, F-Secure Anti-Virus 9.0.16160.0, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, nProtect Anti-Virus 2011-01-17.01, Sophos Anti-Virus 4.61.0, and Rising Antivirus 22.83.00.03 allows remote attackers to bypass malware detection via an ELF file with a \19\04\00\10 character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different ELF parser implementations. El analizador de archivos ELF en BitDefender 7.2, Comodo Antivirus 7424, eSafe 7.0.17.0, F-Secure Anti-Virus 9.0.16160.0, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (anteriormente Webwasher) 2010.1C, nProtect Anti-Virus 2011-01-17.01, Sophos Anti-Virus 4.61.0, y Rising Antivirus 22.83.00.03 permite a atacantes remotos evitar la detección de malware a través de un archivo ELF con una secuencia de caracteres \19\04\00\10 en un lugar determinado. NOTA: esto más adelante se puede dividir en varios CVEs si la información adicional que se publica muestra que el error se produjo de forma independiente en diferentes implementaciones del analizador ELF. • http://www.ieee-security.org/TC/SP2012/program.html http://www.securityfocus.com/archive/1/522005 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.2EPSS: 0%CPEs: 43EXPL: 0CVE-2010-2308
https://notcve.org/view.php?id=CVE-2010-2308
Unspecified vulnerability in the filter driver (savonaccessfilter.sys) in Sophos Anti-Virus before 7.6.20 allows local users to gain privileges via crafted arguments to the NtQueryAttributesFile function. Vulnerabilidad no especificada en el controlador de filtrado (savonaccessfilter.sys) en Sophos Anti-Virus anterior a v7.6.20, permite a usuarios locales elevar sus privilegios a través de argumentos manipulados en la función NtQueryAttributesFile. • http://dvlabs.tippingpoint.com/advisory/TPTI-10-03 http://secunia.com/advisories/40085 http://www.securityfocus.com/archive/1/511773/100/0/threaded http://www.securitytracker.com/id?1024089 http://www.sophos.com/support/knowledgebase/article/111126.html http://www.vupen.com/english/advisories/2010/1412 •
CVSS: 5.0EPSS: 0%CPEs: 168EXPL: 0CVE-2010-1425
https://notcve.org/view.php?id=CVE-2010-1425
F-Secure Internet Security 2010 and earlier; Anti-Virus for Microsoft Exchange 9 and earlier, and for MIMEsweeper 5.61 and earlier; Internet Gatekeeper for Windows 6.61 and earlier, and for Linux 4.02 and earlier; Anti-Virus 2010 and earlier; Home Server Security 2009; Protection Service for Consumers 9 and earlier, for Business - Workstation security 9 and earlier, for Business - Server Security 8 and earlier, and for E-mail and Server security 9 and earlier; Mac Protection build 8060 and earlier; Client Security 9 and earlier; and various Anti-Virus products for Windows, Linux, and Citrix; does not properly detect malware in crafted (1) 7Z, (2) GZIP, (3) CAB, or (4) RAR archives, which makes it easier for remote attackers to avoid detection. F-Secure Internet Security 2010 y anteriores; Anti-Virus para Microsoft Exchange 9 y anteriores, y para MIMEsweeper v5.61 y anteriores; Internet Gatekeeper para Windows v6.61 y anteriores, y para Linux v4.02 y anteriores; Anti-Virus 2010 y anteriores; Home Server Security 2009; Protection Service para Consumers 9 y anteriores, para Business - Workstation security 9 y anteriores, para Business - Server Security 8 y anteriores, y para E-mail y Server security 9 y anteriores; Mac Protection build 8060 y anteriores; Client Security 9 y anteriores; y varios productos Anti-Virus para Windows, Linux, y Citrix no detectan adecuadamente malware en archivos (1) 7Z, (2) GZIP, (3) CAB, o (4) RAR manipulados, lo que facilita a atacantes evitar la detección. • http://secunia.com/advisories/39396 http://www.f-secure.com/en_EMEA/support/security-advisory/fsc-2010-1.html http://www.securitytracker.com/id?1023841 http://www.securitytracker.com/id?1023842 http://www.securitytracker.com/id?1023843 http://www.vupen.com/english/advisories/2010/0855 •
CVSS: 10.0EPSS: 6%CPEs: 7EXPL: 0CVE-2008-6904
https://notcve.org/view.php?id=CVE-2008-6904
Multiple unspecified vulnerabilities in Sophos SAVScan 4.33.0 for Linux, and possibly other products and versions, allow remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via crafted files that have been packed with (1) armadillo, (2) asprotect, or (3) asprotectSKE. Vulnerabilidad sin especificar en Sophos SAVScan v4.33.0 de Linux, y probablemente otros productos y versiones, permiten a atacantes remotos causar una denegación de servicio (falta de segmentación) y probablemente ejecutar código a su elección a través de archivos manipulados que han sido empaquetados con (1)armadillo, (2) asprotect, o (3) asprotectSKE. • http://marc.info/?l=bugtraq&m=122893252316489&w=2 http://www.ivizsecurity.com/security-advisory-iviz-sr-08015.html http://www.securityfocus.com/bid/32748 http://www.sophos.com/support/knowledgebase/article/50611.html https://exchange.xforce.ibmcloud.com/vulnerabilities/52443 •