CVE-2015-1438
https://notcve.org/view.php?id=CVE-2015-1438
Heap-based buffer overflow in Panda Security Kernel Memory Access Driver 1.0.0.13 allows attackers to execute arbitrary code with kernel privileges via a crafted size input for allocated kernel paged pool and allocated non-paged pool buffers. Un desbordamiento de búfer en la región heap de la memoria en Panda Security Kernel Memory Access Driver versión 1.0.0.13, permite a los atacantes ejecutar código arbitrario con privilegios kernel por medio de una entrada de tamaño creado para los búferes de grupo no paginado asignado y de grupo paginado de kernel asignado. • http://packetstormsecurity.com/files/132682/Panda-Security-1.0.0.13-Arbitrary-Code-Execution.html http://seclists.org/fulldisclosure/2015/Jul/42 http://seclists.org/fulldisclosure/2015/Jul/61 http://www.securityfocus.com/bid/75715 https://tools.cisco.com/security/center/viewAlert.x?alertId=39908 https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2015-1438 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2008-1471 – Panda Internet Security/AntiVirus+Firewall 2008 - 'CPoint.sys' Memory Corruption
https://notcve.org/view.php?id=CVE-2008-1471
The cpoint.sys driver in Panda Internet Security 2008 and Antivirus+ Firewall 2008 allows local users to cause a denial of service (system crash or kernel panic), overwrite memory, or execute arbitrary code via a crafted IOCTL request that triggers an out-of-bounds write of kernel memory. El dispositivo cpoint.sys driver en Panda Internet Security 2008 y Antivirus+ Firewall 2008 permite a usuarios locales provocar una denegación de servicio (caída del sistema o kernel panic), sobrescribir memoria o ejecutar código de su elección a través de una petición IOCTL manipulada que dispara una escritura en memoria fuera de límite. • https://www.exploit-db.com/exploits/31363 http://secunia.com/advisories/29311 http://www.pandasecurity.com/homeusers/support/card?id=41231&idIdioma=2&ref=ProdExp http://www.pandasecurity.com/homeusers/support/card?id=41337&idIdioma=2&ref=ProdExp http://www.securityfocus.com/archive/1/489292/100/0/threaded http://www.securityfocus.com/bid/28150 http://www.securitytracker.com/id?1019568 http://www.trapkit.de/advisories/TKADV2008-001.txt http://www.vupen.com/english/advisories/2008/0 • CWE-399: Resource Management Errors •
CVE-2007-1670
https://notcve.org/view.php?id=CVE-2007-1670
Panda Software Antivirus before 20070402 allows remote attackers to cause a denial of service (infinite loop) via a ZOO archive with a direntry structure that points to a previous file. Panda Software Antivirus versiones anteriores a 20070402 permite a atacantes remotos provocar una denegación de servicio (bucle infinito) mediante un archivo ZOO con una estructura de entradas de directorio que apuntan a un fichero previo. • http://osvdb.org/35845 http://secunia.com/advisories/25152 http://www.securityfocus.com/archive/1/467646/100/0/threaded http://www.securityfocus.com/bid/23823 http://www.vupen.com/english/advisories/2007/1700 https://exchange.xforce.ibmcloud.com/vulnerabilities/34080 •
CVE-2006-4657
https://notcve.org/view.php?id=CVE-2006-4657
Panda Platinum Internet Security 2006 10.02.01 and 2007 11.00.00 stores service executables under the product's installation directory with weak permissions, which allows local users to obtain LocalSystem privileges by modifying (1) WebProxy.exe or (2) PAVSRV51.EXE. Panda Platinum Internet Security 2006 10.02.01 and 2007 11.00.00 almacena executables del servicio bajo el directorio de instalación del producto con permisos débiles, que permiten a usuarios locales obtener los privilegios de LocalSystem modificando (1) WebProxy.exe o (2) PAVSRV51.EXE. • http://secunia.com/advisories/21769 http://securityreason.com/securityalert/1524 http://www.security.nnov.ru/advisories/pandais.asp http://www.securityfocus.com/archive/1/445479/100/0/threaded http://www.securityfocus.com/archive/1/445889/100/0/threaded http://www.securityfocus.com/bid/19891 http://www.vupen.com/english/advisories/2006/3514 •
CVE-2006-4659
https://notcve.org/view.php?id=CVE-2006-4659
The Panda Platinum Internet Security 2006 10.02.01 and 2007 11.00.00 uses predictable URLs for the spam classification of each message, which allows remote attackers to cause Panda to classify arbitrary messages as spam via a web page that contains IMG tags with the predictable URLs. NOTE: this issue could also be regarded as a cross-site request forgery (CSRF) vulnerability. The Panda Platinum Internet Security 2006 10.02.01 y 2007 11.00.00 utiliza URLs fiables para la clasificación de spam de cada mensaje, lo cual permite que atacantes remotos hagan que el Panda clasificar mensajes de su elección como Spam a través de una página web que contenga etiquetas de IMG con las URLs fiables. NOTA: esta edición se podría también mirarse como una vulnerabilidad de falsificación de petición de un sitio cruzado (CSRF). • http://secunia.com/advisories/21769 http://securityreason.com/securityalert/1524 http://www.security.nnov.ru/advisories/pandais.asp http://www.securityfocus.com/archive/1/445479/100/0/threaded http://www.securityfocus.com/bid/19891 •