CVE-2006-4659
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The Panda Platinum Internet Security 2006 10.02.01 and 2007 11.00.00 uses predictable URLs for the spam classification of each message, which allows remote attackers to cause Panda to classify arbitrary messages as spam via a web page that contains IMG tags with the predictable URLs. NOTE: this issue could also be regarded as a cross-site request forgery (CSRF) vulnerability.
The Panda Platinum Internet Security 2006 10.02.01 y 2007 11.00.00 utiliza URLs fiables para la clasificación de spam de cada mensaje, lo cual permite que atacantes remotos hagan que el Panda clasificar mensajes de su elección como Spam a través de una página web que contenga etiquetas de IMG con las URLs fiables. NOTA: esta edición se podría también mirarse como una vulnerabilidad de falsificación de petición de un sitio cruzado (CSRF).
CVSS Scores
SSVC
- Decision:-
Timeline
- 2006-09-08 CVE Reserved
- 2006-09-09 CVE Published
- 2023-07-13 EPSS Updated
- 2024-08-07 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (5)
| URL | Tag | Source |
|---|---|---|
| http://secunia.com/advisories/21769 | Third Party Advisory | |
| http://securityreason.com/securityalert/1524 | Third Party Advisory | |
| http://www.securityfocus.com/archive/1/445479/100/0/threaded | Mailing List | |
| http://www.securityfocus.com/bid/19891 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://www.security.nnov.ru/advisories/pandais.asp | 2018-10-17 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Panda Search vendor "Panda" | Panda Platinum Internet Security Search vendor "Panda" for product "Panda Platinum Internet Security" | 2006_10.02.01 Search vendor "Panda" for product "Panda Platinum Internet Security" and version "2006_10.02.01" | - |
Affected
| ||||||
| Panda Search vendor "Panda" | Panda Platinum Internet Security Search vendor "Panda" for product "Panda Platinum Internet Security" | 2007_11.00.00 Search vendor "Panda" for product "Panda Platinum Internet Security" and version "2007_11.00.00" | - |
Affected
| ||||||