Page 7 of 61 results (0.006 seconds)

CVSS: 6.4EPSS: 1%CPEs: 48EXPL: 0

Directory traversal vulnerability in clamd in Clam AntiVirus ClamAV before 0.90 allows remote attackers to overwrite arbitrary files via a .. (dot dot) in the id MIME header parameter in a multi-part message. Vulnerabilidad de salto de directorio en clamd en Clam AntiVirus ClamAV anterior a 0.90 permite a atacantes remotos sobreescribir ficheros de su elección a través de la secuencia .. (punto punto) en el parámetro de cabecera id MIME en un mensaje multi-parte. • http://docs.info.apple.com/article.html?artnum=307562 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=476 http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html http://lists.suse.com/archive/suse-security-announce/2007-Feb/0004.html http://osvdb.org/32282 http://secunia.com/advisories/24183 http://secunia.com/advisories/24187 http://secunia.com/advisories/24192 http://secunia.com/advisories/24319 http://secunia.com/advisories/24332 http:/&# • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 5.0EPSS: 9%CPEs: 1EXPL: 0

Clam AntiVirus (ClamAV) 0.88.6 allows remote attackers to cause a denial of service (stack overflow and application crash) by wrapping many layers of multipart/mixed content around a document, a different vulnerability than CVE-2006-5874 and CVE-2006-6406. Clam AntiVirus (ClamAV) 0.88.6 permite a atacantes remotos provocar una denegación de servicio (desbordamiento de pila y caída de aplicación) encapsulando un documento con muchas capas de contenido multiparte/mezclado (multipart/mixed), una vulnerabilidad distinta de CVE-2006-5874 y CVE-2006-6406. • http://docs.info.apple.com/article.html?artnum=307562 http://kolab.org/security/kolab-vendor-notice-14.txt http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html http://osvdb.org/31283 http://secunia.com/advisories/23347 http://secunia.com/advisories/23362 http://secunia.com/advisories/23379 http://secunia.com/advisories/23404 http://secunia.com/advisories/23411 http://secunia.com/advisories/23417 http://secunia.com/advisories/23460 http://secunia.com •

CVSS: 5.0EPSS: 20%CPEs: 1EXPL: 1

Clam AntiVirus (ClamAV) 0.88.6 allows remote attackers to bypass virus detection by inserting invalid characters into base64 encoded content in a multipart/mixed MIME file, as demonstrated with the EICAR test file. Clam AntiVirus (ClamAV) 0.88.6 permite a atacantes remotos evitar una detección de virus, insertando caracteres inválidos en un contenido codificado base64 en un fichero MIME multipart/mixed, como se demuestra con el fichero de testeo EICAR. • http://kolab.org/security/kolab-vendor-notice-14.txt http://secunia.com/advisories/23362 http://secunia.com/advisories/23379 http://secunia.com/advisories/23411 http://secunia.com/advisories/23460 http://www.debian.org/security/2006/dsa-1238 http://www.mandriva.com/security/advisories?name=MDKSA-2006:230 http://www.novell.com/linux/security/advisories/2006_78_clamav.html http://www.quantenblog.net/security/virus-scanner-bypass http://www.securityfocus.com/archive/1/453654/100&#x •

CVSS: 5.0EPSS: 8%CPEs: 22EXPL: 0

Clam AntiVirus (ClamAV) 0.88 and earlier allows remote attackers to cause a denial of service (crash) via a malformed base64-encoded MIME attachment that triggers a null pointer dereference. Clam AntiVirus (ClamAV) 0.88 y versiones anteriores permite a atacantes remotos provocar una denegación de servicio (caída) mediante un adjunto MIME codificado-base64 mal formado que dispara una referencia a puntero null. • http://secunia.com/advisories/23327 http://secunia.com/advisories/23362 http://secunia.com/advisories/23411 http://www.debian.org/security/2006/dsa-1232 http://www.mandriva.com/security/advisories?name=MDKSA-2006:230 http://www.novell.com/linux/security/advisories/2006_78_clamav.html http://www.securityfocus.com/bid/21510 •

CVSS: 5.0EPSS: 47%CPEs: 48EXPL: 1

Unspecified vulnerability in ClamAV before 0.88.5 allows remote attackers to cause a denial of service (scanning service crash) via a crafted Compressed HTML Help (CHM) file that causes ClamAV to "read an invalid memory location." Vulnerabilidad no especificada en ClamAV anterior a 0.88.5 permite a atacantes remotos provocar una denegación de servicio (caída del servicio de escaneo) mediante un archivo de Ayuda HTML comprimida (CHM) creado artesanalmente que hace que ClamAV lea una posición de memoria inválida. • https://www.exploit-db.com/exploits/2586 http://kolab.org/security/kolab-vendor-notice-13.txt http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=423 http://secunia.com/advisories/22370 http://secunia.com/advisories/22421 http://secunia.com/advisories/22488 http://secunia.com/advisories/22498 http://secunia.com/advisories/22537 http://secunia.com/advisories/22551 http://secunia.com/advisories/22626 http://security.gentoo.org/glsa/glsa-200610-10.xml http:/&# •