9 results (0.007 seconds)

CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 1

Heap-based buffer overflow in Panda Security Kernel Memory Access Driver 1.0.0.13 allows attackers to execute arbitrary code with kernel privileges via a crafted size input for allocated kernel paged pool and allocated non-paged pool buffers. Un desbordamiento de búfer en la región heap de la memoria en Panda Security Kernel Memory Access Driver versión 1.0.0.13, permite a los atacantes ejecutar código arbitrario con privilegios kernel por medio de una entrada de tamaño creado para los búferes de grupo no paginado asignado y de grupo paginado de kernel asignado. • http://packetstormsecurity.com/files/132682/Panda-Security-1.0.0.13-Arbitrary-Code-Execution.html http://seclists.org/fulldisclosure/2015/Jul/42 http://seclists.org/fulldisclosure/2015/Jul/61 http://www.securityfocus.com/bid/75715 https://tools.cisco.com/security/center/viewAlert.x?alertId=39908 https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2015-1438 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 7.2EPSS: 0%CPEs: 7EXPL: 2

The cpoint.sys driver in Panda Internet Security 2008 and Antivirus+ Firewall 2008 allows local users to cause a denial of service (system crash or kernel panic), overwrite memory, or execute arbitrary code via a crafted IOCTL request that triggers an out-of-bounds write of kernel memory. El dispositivo cpoint.sys driver en Panda Internet Security 2008 y Antivirus+ Firewall 2008 permite a usuarios locales provocar una denegación de servicio (caída del sistema o kernel panic), sobrescribir memoria o ejecutar código de su elección a través de una petición IOCTL manipulada que dispara una escritura en memoria fuera de límite. • https://www.exploit-db.com/exploits/31363 http://secunia.com/advisories/29311 http://www.pandasecurity.com/homeusers/support/card?id=41231&idIdioma=2&ref=ProdExp http://www.pandasecurity.com/homeusers/support/card?id=41337&idIdioma=2&ref=ProdExp http://www.securityfocus.com/archive/1/489292/100/0/threaded http://www.securityfocus.com/bid/28150 http://www.securitytracker.com/id?1019568 http://www.trapkit.de/advisories/TKADV2008-001.txt http://www.vupen.com/english/advisories/2008/0 • CWE-399: Resource Management Errors •

CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 2

Panda Antivirus 2008 stores service executables under the product's installation directory with weak permissions, which allows local users to obtain LocalSystem privileges by modifying PAVSRV51.EXE or other unspecified files, a related issue to CVE-2006-4657. Panda Antivirus 2008 almacena ejecutables de servicio bajo el directorio de instalación del producto con permisos débiles, lo cual permite a usuarios locales obtener privilegios LocalSystem modificando PAVSRV51.EXE u otros ficheros no especificados, un asunto similar a CVE-2006-4657. • https://www.exploit-db.com/exploits/4257 http://secunia.com/advisories/26336 http://securityreason.com/securityalert/2968 http://www.pandasecurity.com/homeusers/support/card?id=41111&idIdioma=2&ref=PAV08Dev http://www.securityfocus.com/archive/1/475373/100/0/threaded http://www.securityfocus.com/archive/1/480022/100/100/threaded http://www.securityfocus.com/archive/1/480443/100/100/threaded http://www.securityfocus.com/bid/25186 http://www.securitytracker.com/id?1018722 http:/&# •

CVSS: 9.3EPSS: 14%CPEs: 1EXPL: 0

Buffer overflow in Panda Antivirus before 20070720 allows remote attackers to execute arbitrary code via a crafted EXE file, resulting from an "Integer Cast Around." Desbordamiento de búfer en el Antivirus Panda anterior al 20070720 permite a atacantes remotos ejecutar código de su elección a través de un fichero EXE modificado, resultado de un "Integer Cast Around". • http://secunia.com/advisories/26171 http://securityreason.com/securityalert/2920 http://www.nruns.com/%5Bn.runs-SA-2007.019%5D%20-%20Panda%20Antivirus%20EXE%20parsing%20Arbitrary%20Code%20Execution%20Advisory.pdf http://www.nruns.com/%5Bn.runs-SA-2007.019%5D%20-%20Panda%20Antivirus%20EXE%20parsing%20Arbitrary%20Code%20Execution%20Advisory.txt http://www.securityfocus.com/archive/1/474247/100/0/threaded http://www.securityfocus.com/bid/24989 http://www.securitytracker.com/id?1018437 •

CVSS: 7.8EPSS: 7%CPEs: 59EXPL: 1

unzoo.c, as used in multiple products including AMaViS 2.4.1 and earlier, allows remote attackers to cause a denial of service (infinite loop) via a ZOO archive with a direntry structure that points to a previous file. El archivo unzoo.c, tal como se utiliza en varios productos, incluyendo AMaViS versión 2.4.1 y anteriores, permite a los atacantes remotos causar una denegación de servicio (bucle infinito) por medio de un archivo ZOO con una estructura direntry que apunta hacia un archivo anterior. • http://osvdb.org/36208 http://secunia.com/advisories/25315 http://securityreason.com/securityalert/2680 http://www.amavis.org/security/asa-2007-2.txt http://www.securityfocus.com/archive/1/467646/100/0/threaded http://www.securityfocus.com/bid/23823 https://exchange.xforce.ibmcloud.com/vulnerabilities/34080 • CWE-399: Resource Management Errors •