CVE-2022-4306 – Panda Pods Repeater Field < 1.5.4 - Reflected XSS
https://notcve.org/view.php?id=CVE-2022-4306
The Panda Pods Repeater Field WordPress plugin before 1.5.4 does not sanitize and escapes a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against a user having at least Contributor permission. The Panda Pods Repeater Field for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'podid' parameter in versions up to, and including, 1.5.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. • https://wpscan.com/vulnerability/18d7f9af-7267-4723-9d6f-05b895c94dbe • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2015-1438
https://notcve.org/view.php?id=CVE-2015-1438
Heap-based buffer overflow in Panda Security Kernel Memory Access Driver 1.0.0.13 allows attackers to execute arbitrary code with kernel privileges via a crafted size input for allocated kernel paged pool and allocated non-paged pool buffers. Un desbordamiento de búfer en la región heap de la memoria en Panda Security Kernel Memory Access Driver versión 1.0.0.13, permite a los atacantes ejecutar código arbitrario con privilegios kernel por medio de una entrada de tamaño creado para los búferes de grupo no paginado asignado y de grupo paginado de kernel asignado. • http://packetstormsecurity.com/files/132682/Panda-Security-1.0.0.13-Arbitrary-Code-Execution.html http://seclists.org/fulldisclosure/2015/Jul/42 http://seclists.org/fulldisclosure/2015/Jul/61 http://www.securityfocus.com/bid/75715 https://tools.cisco.com/security/center/viewAlert.x?alertId=39908 https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2015-1438 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2009-3735
https://notcve.org/view.php?id=CVE-2009-3735
The ActiveScan Installer ActiveX control in as2stubie.dll before 1.3.3.0 in PandaActiveScan Installer 2.0 in Panda ActiveScan downloads software in an as2guiie.cab archive located at an arbitrary URL, and does not verify the archive's digital signature before installation, which allows remote attackers to execute arbitrary code via a URL argument to an unspecified method. El control ActiveScan Installer ActiveX en as2stubie.dll anterior a v1.3.3.0 en PandaActiveScan Installer v2.0 y en Panda ActiveScan downloads software en un archivo as2guiie.cab ubicado en una URL cualquiera, y con la firma digital del archivo sin verificar antes de la instalación, permite a atacantes remotos ejecutar código de su elección a través de un argumento en una URL sobre un método sin especificar. • http://secunia.com/advisories/38485 http://www.kb.cert.org/vuls/id/869993 http://www.kb.cert.org/vuls/id/MAPG-7QPKL3 http://www.securityfocus.com/bid/38067 http://www.vupen.com/english/advisories/2010/0354 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-008 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2008-3155 – Panda Security ActiveScan 2.0 (Update) - Remote Buffer Overflow
https://notcve.org/view.php?id=CVE-2008-3155
Stack-based buffer overflow in the ActiveX control (as2guiie.dll) in Panda ActiveScan before 1.02.00 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long argument to the Update method. Desbordamiento de búfer basado en pila en el control ActiveX (as2guiie.dll) de Panda ActiveScan versiones anteriores a 1.02.00 permite a atacantes remotos provocar una denegación de servicio (caída) o ejecutar código de su elección a través de un argumento largo del método Update. • https://www.exploit-db.com/exploits/6004 http://karol.wiesek.pl/files/panda.tgz http://lists.grok.org.uk/pipermail/full-disclosure/2008-July/063061.html http://lists.grok.org.uk/pipermail/full-disclosure/2008-July/063068.html http://secunia.com/advisories/30841 http://www.securityfocus.com/bid/30086 http://www.securitytracker.com/id?1020432 http://www.vupen.com/english/advisories/2008/2008/references https://exchange.xforce.ibmcloud.com/vulnerabilities/43588 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2008-3156 – Panda Security ActiveScan 2.0 (Update) - Remote Buffer Overflow
https://notcve.org/view.php?id=CVE-2008-3156
The ActiveScan ActiveX Control (as2guiie.dll) in Panda ActiveScan before 1.02.00 allows remote attackers to download and execute arbitrary cabinet (CAB) files via unspecified URLs passed to the Update method. El control ActiveX ActiveScan (as2guiie.dll) de Panda ActiveScan versiones anteriores a 1.02.00 permite a atacantes remotos descargar y ejecutar ficheros cabinet (CAB) de su elección a través de URLs no especificadas pasando por el método Update. • https://www.exploit-db.com/exploits/6004 http://karol.wiesek.pl/files/panda.tgz http://lists.grok.org.uk/pipermail/full-disclosure/2008-July/063061.html http://lists.grok.org.uk/pipermail/full-disclosure/2008-July/063068.html http://secunia.com/advisories/30841 http://www.securityfocus.com/bid/30086 http://www.securitytracker.com/id?1020432 http://www.vupen.com/english/advisories/2008/2008/references https://exchange.xforce.ibmcloud.com/vulnerabilities/43587 • CWE-264: Permissions, Privileges, and Access Controls •