Search criteria
18 vulnerabilities found for panda_activescan by panda
FKIE_CVE-2009-3735
Vulnerability from fkie_nvd - Published: 2010-02-11 17:30 - Updated: 2025-04-11 00:51
Severity ?
Summary
The ActiveScan Installer ActiveX control in as2stubie.dll before 1.3.3.0 in PandaActiveScan Installer 2.0 in Panda ActiveScan downloads software in an as2guiie.cab archive located at an arbitrary URL, and does not verify the archive's digital signature before installation, which allows remote attackers to execute arbitrary code via a URL argument to an unspecified method.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| panda | panda_activescan | 2.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:panda:panda_activescan:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7E63FFD6-C269-40BE-AE85-1E3D3E7A2C16",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The ActiveScan Installer ActiveX control in as2stubie.dll before 1.3.3.0 in PandaActiveScan Installer 2.0 in Panda ActiveScan downloads software in an as2guiie.cab archive located at an arbitrary URL, and does not verify the archive\u0027s digital signature before installation, which allows remote attackers to execute arbitrary code via a URL argument to an unspecified method."
},
{
"lang": "es",
"value": "El control ActiveScan Installer ActiveX en as2stubie.dll anterior a v1.3.3.0 en PandaActiveScan Installer v2.0 y en Panda ActiveScan downloads software en un archivo as2guiie.cab ubicado en una URL cualquiera, y con la firma digital del archivo sin verificar antes de la instalaci\u00f3n, permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de un argumento en una URL sobre un m\u00e9todo sin especificar."
}
],
"id": "CVE-2009-3735",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2010-02-11T17:30:00.610",
"references": [
{
"source": "cret@cert.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/38485"
},
{
"source": "cret@cert.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/869993"
},
{
"source": "cret@cert.org",
"url": "http://www.kb.cert.org/vuls/id/MAPG-7QPKL3"
},
{
"source": "cret@cert.org",
"url": "http://www.securityfocus.com/bid/38067"
},
{
"source": "cret@cert.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/0354"
},
{
"source": "cret@cert.org",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-008"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/38485"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/869993"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.kb.cert.org/vuls/id/MAPG-7QPKL3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/38067"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/0354"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-008"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2008-3155
Vulnerability from fkie_nvd - Published: 2008-07-11 22:41 - Updated: 2025-04-09 00:30
Severity ?
Summary
Stack-based buffer overflow in the ActiveX control (as2guiie.dll) in Panda ActiveScan before 1.02.00 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long argument to the Update method.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| panda | panda_activescan | 2.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:panda:panda_activescan:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7E63FFD6-C269-40BE-AE85-1E3D3E7A2C16",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the ActiveX control (as2guiie.dll) in Panda ActiveScan before 1.02.00 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long argument to the Update method."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer basado en pila en el control ActiveX (as2guiie.dll) de Panda ActiveScan versiones anteriores a 1.02.00 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda) o ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de un argumento largo del m\u00e9todo Update."
}
],
"id": "CVE-2008-3155",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2008-07-11T22:41:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://karol.wiesek.pl/files/panda.tgz"
},
{
"source": "cve@mitre.org",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-July/063061.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-July/063068.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30841"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/30086"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1020432"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/2008/references"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43588"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/6004"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://karol.wiesek.pl/files/panda.tgz"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-July/063061.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-July/063068.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30841"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/30086"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1020432"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/2008/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43588"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/6004"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2008-3156
Vulnerability from fkie_nvd - Published: 2008-07-11 22:41 - Updated: 2025-04-09 00:30
Severity ?
Summary
The ActiveScan ActiveX Control (as2guiie.dll) in Panda ActiveScan before 1.02.00 allows remote attackers to download and execute arbitrary cabinet (CAB) files via unspecified URLs passed to the Update method.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| panda | panda_activescan | 2.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:panda:panda_activescan:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7E63FFD6-C269-40BE-AE85-1E3D3E7A2C16",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The ActiveScan ActiveX Control (as2guiie.dll) in Panda ActiveScan before 1.02.00 allows remote attackers to download and execute arbitrary cabinet (CAB) files via unspecified URLs passed to the Update method."
},
{
"lang": "es",
"value": "El control ActiveX ActiveScan (as2guiie.dll) de Panda ActiveScan versiones anteriores a 1.02.00 permite a atacantes remotos descargar y ejecutar ficheros cabinet (CAB) de su elecci\u00f3n a trav\u00e9s de URLs no especificadas pasando por el m\u00e9todo Update."
}
],
"id": "CVE-2008-3156",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2008-07-11T22:41:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://karol.wiesek.pl/files/panda.tgz"
},
{
"source": "cve@mitre.org",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-July/063061.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-July/063068.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30841"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/30086"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1020432"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/2008/references"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43587"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/6004"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://karol.wiesek.pl/files/panda.tgz"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-July/063061.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-July/063068.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30841"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/30086"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1020432"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/2008/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43587"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/6004"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
},
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2007-1670
Vulnerability from fkie_nvd - Published: 2007-05-09 00:19 - Updated: 2025-04-09 00:30
Severity ?
Summary
Panda Software Antivirus before 20070402 allows remote attackers to cause a denial of service (infinite loop) via a ZOO archive with a direntry structure that points to a previous file.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| panda | panda_activescan | 5.0 | |
| panda | panda_activescan | 5.53.00 | |
| panda | panda_activescan | 5.54.1 | |
| panda | panda_antivirus | 2.0 | |
| panda | panda_antivirus | 2.0 | |
| panda | panda_platinum_2006_internet_security | * | |
| panda | panda_platinum_2007_internet_security | * | |
| panda | panda_titanium_2005_antivirus | * | |
| panda | panda_titanium_2006_antivirus_\+_antispyware | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:panda:panda_activescan:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DC104885-D18F-49FC-B625-5AF87037BEF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:panda:panda_activescan:5.53.00:*:*:*:*:*:*:*",
"matchCriteriaId": "E446FF61-F6DA-4AC7-8623-8731A6EFE323",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:panda:panda_activescan:5.54.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9C3D6D08-B0AD-4787-91E5-BD05736B1FE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:panda:panda_antivirus:2.0:*:netware:*:*:*:*:*",
"matchCriteriaId": "60F7F210-A968-4B87-A170-0E18DBC72F4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:panda:panda_antivirus:2.0:*:platinum:*:*:*:*:*",
"matchCriteriaId": "B0D87E60-D09D-4A46-9536-BB7354B543EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:panda:panda_platinum_2006_internet_security:*:*:*:*:*:*:*:*",
"matchCriteriaId": "18154EE6-3BFF-498C-9A6A-77BE75280CB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:panda:panda_platinum_2007_internet_security:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D6A03C13-5A45-4D92-A257-028E7BD1A9C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:panda:panda_titanium_2005_antivirus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DA232ECD-5983-4A7C-AE29-2FF43A8531A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:panda:panda_titanium_2006_antivirus_\\+_antispyware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5C1CBEFF-9EDD-476E-86BE-7EBFAFA86DF8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Panda Software Antivirus before 20070402 allows remote attackers to cause a denial of service (infinite loop) via a ZOO archive with a direntry structure that points to a previous file."
},
{
"lang": "es",
"value": "Panda Software Antivirus versiones anteriores a 20070402 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (bucle infinito) mediante un archivo ZOO con una estructura de entradas de directorio que apuntan a un fichero previo."
}
],
"id": "CVE-2007-1670",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-05-09T00:19:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/35845"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/25152"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/467646/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/23823"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/1700"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34080"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/35845"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/25152"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/467646/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/23823"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/1700"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34080"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2006-4295
Vulnerability from fkie_nvd - Published: 2006-08-23 01:04 - Updated: 2025-04-03 01:03
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in ascan_6.asp in Panda ActiveScan 5.53.00 allows remote attackers to inject arbitrary web script or HTML via the email parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| panda | panda_activescan | 5.53.00 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:panda:panda_activescan:5.53.00:*:*:*:*:*:*:*",
"matchCriteriaId": "E446FF61-F6DA-4AC7-8623-8731A6EFE323",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in ascan_6.asp in Panda ActiveScan 5.53.00 allows remote attackers to inject arbitrary web script or HTML via the email parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad de secuencias de comandos web en sitios cruzados (XSS) en ascan_6.asp en Panda ActiveScan 5.53.00 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elecci\u00f3n a trav\u00e9s del par\u00e1metro email."
}
],
"id": "CVE-2006-4295",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-08-23T01:04:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://lostmon.blogspot.com/2006/08/panda-activescan-xss-vulnerability.html"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1016696"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/29147"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/19471"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://lostmon.blogspot.com/2006/08/panda-activescan-xss-vulnerability.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1016696"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/29147"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/19471"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2005-3922
Vulnerability from fkie_nvd - Published: 2005-11-30 11:03 - Updated: 2025-04-03 01:03
Severity ?
Summary
Heap-based buffer overflow in pskcmp.dll in Panda Software Antivirus library allows remote attackers to execute arbitrary code via a crafted ZOO archive.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:panda:panda_activescan:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DC104885-D18F-49FC-B625-5AF87037BEF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:panda:panda_antivirus:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1C870F9D-2A8E-4BF1-8D61-8583B62325DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:panda:panda_antivirus_platinum:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5C1F7F47-F04D-4D03-9CC3-1F9DE477BD58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:panda:panda_businessecure_antivirus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1A4BFA06-88E1-4450-92D9-37A537406998",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:panda:panda_clientshield_with_truprevent_technologies:*:*:*:*:*:*:*:*",
"matchCriteriaId": "03B46BEE-D9C3-4A3E-8830-B3029D80393C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:panda:panda_enterprisecure_with_truprevent_technologies:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EE9FFCEF-E7E9-4601-ADEA-743FDEAD396C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:panda:panda_exchangesecure:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0B0CA579-31B9-4E21-A12E-11386D9BF328",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:panda:panda_filesecure:*:*:*:*:*:*:*:*",
"matchCriteriaId": "66A78D31-6E6C-447C-AA30-1D3FF2E29E7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:panda:panda_filesecure_with_truprevent_technologies:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B7F9A038-E995-4D69-8713-DCFBB04C9A20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:panda:panda_gatedefender:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1508CC87-5D6C-40E5-852E-AFA2720CA33C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:panda:panda_isa_secure:*:*:*:*:*:*:*:*",
"matchCriteriaId": "556A2E21-0F3B-474D-82F8-E40F546B913A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:panda:panda_panda_enterprisecure_antivirus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2E2EBC7A-E002-4312-B440-04BCA704FD3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:panda:panda_platinum_2006_internet_security:*:*:*:*:*:*:*:*",
"matchCriteriaId": "18154EE6-3BFF-498C-9A6A-77BE75280CB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:panda:panda_security:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "03C5DC7E-F0EA-4C33-BF61-7698FD12F69A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:panda:panda_titanium:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8464DAC4-A199-4D56-A719-8552156E67F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:panda:panda_titanium_2005_antivirus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DA232ECD-5983-4A7C-AE29-2FF43A8531A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:panda:panda_titanium_2006_antivirus_\\+_antispyware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5C1CBEFF-9EDD-476E-86BE-7EBFAFA86DF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:panda:panda_truprevent_personal:2005:*:*:*:*:*:*:*",
"matchCriteriaId": "C201C1B9-40CE-4D32-826D-5A44378F4C80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:panda:panda_truprevent_personal:2006:*:*:*:*:*:*:*",
"matchCriteriaId": "2ABC3E00-E5B7-47BE-87F4-55B004083215",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:panda:panda_webadmin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7366EC43-D75C-468F-8E46-C65AC771183B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in pskcmp.dll in Panda Software Antivirus library allows remote attackers to execute arbitrary code via a crafted ZOO archive."
}
],
"id": "CVE-2005-3922",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-11-30T11:03:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/17765"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/216"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1015295"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/21256"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.rem0te.com/public/images/panda.pdf"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/418096/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/15616"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2005/2666"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23276"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/17765"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/216"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1015295"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/21256"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.rem0te.com/public/images/panda.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/418096/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/15616"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2005/2666"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23276"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2009-3735 (GCVE-0-2009-3735)
Vulnerability from cvelistv5 – Published: 2010-02-11 17:00 – Updated: 2024-08-07 06:38
VLAI?
Summary
The ActiveScan Installer ActiveX control in as2stubie.dll before 1.3.3.0 in PandaActiveScan Installer 2.0 in Panda ActiveScan downloads software in an as2guiie.cab archive located at an arbitrary URL, and does not verify the archive's digital signature before installation, which allows remote attackers to execute arbitrary code via a URL argument to an unspecified method.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:38:30.251Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2010-0354",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/0354"
},
{
"name": "MS10-008",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-008"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/MAPG-7QPKL3"
},
{
"name": "38067",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/38067"
},
{
"name": "VU#869993",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/869993"
},
{
"name": "38485",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38485"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-02-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The ActiveScan Installer ActiveX control in as2stubie.dll before 1.3.3.0 in PandaActiveScan Installer 2.0 in Panda ActiveScan downloads software in an as2guiie.cab archive located at an arbitrary URL, and does not verify the archive\u0027s digital signature before installation, which allows remote attackers to execute arbitrary code via a URL argument to an unspecified method."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "ADV-2010-0354",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/0354"
},
{
"name": "MS10-008",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-008"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.kb.cert.org/vuls/id/MAPG-7QPKL3"
},
{
"name": "38067",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/38067"
},
{
"name": "VU#869993",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/869993"
},
{
"name": "38485",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38485"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2009-3735",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The ActiveScan Installer ActiveX control in as2stubie.dll before 1.3.3.0 in PandaActiveScan Installer 2.0 in Panda ActiveScan downloads software in an as2guiie.cab archive located at an arbitrary URL, and does not verify the archive\u0027s digital signature before installation, which allows remote attackers to execute arbitrary code via a URL argument to an unspecified method."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2010-0354",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/0354"
},
{
"name": "MS10-008",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-008"
},
{
"name": "http://www.kb.cert.org/vuls/id/MAPG-7QPKL3",
"refsource": "MISC",
"url": "http://www.kb.cert.org/vuls/id/MAPG-7QPKL3"
},
{
"name": "38067",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/38067"
},
{
"name": "VU#869993",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/869993"
},
{
"name": "38485",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38485"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2009-3735",
"datePublished": "2010-02-11T17:00:00",
"dateReserved": "2009-10-22T00:00:00",
"dateUpdated": "2024-08-07T06:38:30.251Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-3156 (GCVE-0-2008-3156)
Vulnerability from cvelistv5 – Published: 2008-07-11 22:00 – Updated: 2024-08-07 09:28
VLAI?
Summary
The ActiveScan ActiveX Control (as2guiie.dll) in Panda ActiveScan before 1.02.00 allows remote attackers to download and execute arbitrary cabinet (CAB) files via unspecified URLs passed to the Update method.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:28:41.440Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2008-2008",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2008/references"
},
{
"name": "30086",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30086"
},
{
"name": "6004",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/6004"
},
{
"name": "20080705 Panda ActiveScan 2.0 remote code execution",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-July/063061.html"
},
{
"name": "30841",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30841"
},
{
"name": "20080704 Panda ActiveScan 2.0 remote code execution",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-July/063068.html"
},
{
"name": "1020432",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1020432"
},
{
"name": "panda-activescan-file-download(43587)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43587"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://karol.wiesek.pl/files/panda.tgz"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-07-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The ActiveScan ActiveX Control (as2guiie.dll) in Panda ActiveScan before 1.02.00 allows remote attackers to download and execute arbitrary cabinet (CAB) files via unspecified URLs passed to the Update method."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2008-2008",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2008/references"
},
{
"name": "30086",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30086"
},
{
"name": "6004",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/6004"
},
{
"name": "20080705 Panda ActiveScan 2.0 remote code execution",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-July/063061.html"
},
{
"name": "30841",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30841"
},
{
"name": "20080704 Panda ActiveScan 2.0 remote code execution",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-July/063068.html"
},
{
"name": "1020432",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1020432"
},
{
"name": "panda-activescan-file-download(43587)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43587"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://karol.wiesek.pl/files/panda.tgz"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3156",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The ActiveScan ActiveX Control (as2guiie.dll) in Panda ActiveScan before 1.02.00 allows remote attackers to download and execute arbitrary cabinet (CAB) files via unspecified URLs passed to the Update method."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2008-2008",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2008/references"
},
{
"name": "30086",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30086"
},
{
"name": "6004",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/6004"
},
{
"name": "20080705 Panda ActiveScan 2.0 remote code execution",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-July/063061.html"
},
{
"name": "30841",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30841"
},
{
"name": "20080704 Panda ActiveScan 2.0 remote code execution",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-July/063068.html"
},
{
"name": "1020432",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020432"
},
{
"name": "panda-activescan-file-download(43587)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43587"
},
{
"name": "http://karol.wiesek.pl/files/panda.tgz",
"refsource": "MISC",
"url": "http://karol.wiesek.pl/files/panda.tgz"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-3156",
"datePublished": "2008-07-11T22:00:00",
"dateReserved": "2008-07-11T00:00:00",
"dateUpdated": "2024-08-07T09:28:41.440Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-3155 (GCVE-0-2008-3155)
Vulnerability from cvelistv5 – Published: 2008-07-11 22:00 – Updated: 2024-08-07 09:28
VLAI?
Summary
Stack-based buffer overflow in the ActiveX control (as2guiie.dll) in Panda ActiveScan before 1.02.00 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long argument to the Update method.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:28:41.499Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "panda-activescan-bo(43588)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43588"
},
{
"name": "ADV-2008-2008",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2008/references"
},
{
"name": "30086",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30086"
},
{
"name": "6004",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/6004"
},
{
"name": "20080705 Panda ActiveScan 2.0 remote code execution",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-July/063061.html"
},
{
"name": "30841",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30841"
},
{
"name": "20080704 Panda ActiveScan 2.0 remote code execution",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-July/063068.html"
},
{
"name": "1020432",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1020432"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://karol.wiesek.pl/files/panda.tgz"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-07-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the ActiveX control (as2guiie.dll) in Panda ActiveScan before 1.02.00 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long argument to the Update method."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "panda-activescan-bo(43588)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43588"
},
{
"name": "ADV-2008-2008",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2008/references"
},
{
"name": "30086",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30086"
},
{
"name": "6004",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/6004"
},
{
"name": "20080705 Panda ActiveScan 2.0 remote code execution",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-July/063061.html"
},
{
"name": "30841",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30841"
},
{
"name": "20080704 Panda ActiveScan 2.0 remote code execution",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-July/063068.html"
},
{
"name": "1020432",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1020432"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://karol.wiesek.pl/files/panda.tgz"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3155",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the ActiveX control (as2guiie.dll) in Panda ActiveScan before 1.02.00 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long argument to the Update method."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "panda-activescan-bo(43588)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43588"
},
{
"name": "ADV-2008-2008",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2008/references"
},
{
"name": "30086",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30086"
},
{
"name": "6004",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/6004"
},
{
"name": "20080705 Panda ActiveScan 2.0 remote code execution",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-July/063061.html"
},
{
"name": "30841",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30841"
},
{
"name": "20080704 Panda ActiveScan 2.0 remote code execution",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-July/063068.html"
},
{
"name": "1020432",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020432"
},
{
"name": "http://karol.wiesek.pl/files/panda.tgz",
"refsource": "MISC",
"url": "http://karol.wiesek.pl/files/panda.tgz"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-3155",
"datePublished": "2008-07-11T22:00:00",
"dateReserved": "2008-07-11T00:00:00",
"dateUpdated": "2024-08-07T09:28:41.499Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-1670 (GCVE-0-2007-1670)
Vulnerability from cvelistv5 – Published: 2007-05-09 00:00 – Updated: 2024-08-07 13:06
VLAI?
Summary
Panda Software Antivirus before 20070402 allows remote attackers to cause a denial of service (infinite loop) via a ZOO archive with a direntry structure that points to a previous file.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T13:06:25.990Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "multiple-vendor-zoo-dos(34080)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34080"
},
{
"name": "25152",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25152"
},
{
"name": "23823",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/23823"
},
{
"name": "ADV-2007-1700",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/1700"
},
{
"name": "20070504 Multiple vendors ZOO file decompression infinite loop DoS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/467646/100/0/threaded"
},
{
"name": "35845",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/35845"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-04-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Panda Software Antivirus before 20070402 allows remote attackers to cause a denial of service (infinite loop) via a ZOO archive with a direntry structure that points to a previous file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "multiple-vendor-zoo-dos(34080)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34080"
},
{
"name": "25152",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25152"
},
{
"name": "23823",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/23823"
},
{
"name": "ADV-2007-1700",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/1700"
},
{
"name": "20070504 Multiple vendors ZOO file decompression infinite loop DoS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/467646/100/0/threaded"
},
{
"name": "35845",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/35845"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-1670",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Panda Software Antivirus before 20070402 allows remote attackers to cause a denial of service (infinite loop) via a ZOO archive with a direntry structure that points to a previous file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "multiple-vendor-zoo-dos(34080)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34080"
},
{
"name": "25152",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25152"
},
{
"name": "23823",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23823"
},
{
"name": "ADV-2007-1700",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1700"
},
{
"name": "20070504 Multiple vendors ZOO file decompression infinite loop DoS",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/467646/100/0/threaded"
},
{
"name": "35845",
"refsource": "OSVDB",
"url": "http://osvdb.org/35845"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-1670",
"datePublished": "2007-05-09T00:00:00",
"dateReserved": "2007-03-24T00:00:00",
"dateUpdated": "2024-08-07T13:06:25.990Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-4295 (GCVE-0-2006-4295)
Vulnerability from cvelistv5 – Published: 2006-08-23 01:00 – Updated: 2024-08-07 19:06
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in ascan_6.asp in Panda ActiveScan 5.53.00 allows remote attackers to inject arbitrary web script or HTML via the email parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:06:06.468Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://lostmon.blogspot.com/2006/08/panda-activescan-xss-vulnerability.html"
},
{
"name": "19471",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/19471"
},
{
"name": "29147",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/29147"
},
{
"name": "1016696",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016696"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-08-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in ascan_6.asp in Panda ActiveScan 5.53.00 allows remote attackers to inject arbitrary web script or HTML via the email parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2006-12-16T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://lostmon.blogspot.com/2006/08/panda-activescan-xss-vulnerability.html"
},
{
"name": "19471",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/19471"
},
{
"name": "29147",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/29147"
},
{
"name": "1016696",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1016696"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4295",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in ascan_6.asp in Panda ActiveScan 5.53.00 allows remote attackers to inject arbitrary web script or HTML via the email parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://lostmon.blogspot.com/2006/08/panda-activescan-xss-vulnerability.html",
"refsource": "MISC",
"url": "http://lostmon.blogspot.com/2006/08/panda-activescan-xss-vulnerability.html"
},
{
"name": "19471",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19471"
},
{
"name": "29147",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/29147"
},
{
"name": "1016696",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016696"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-4295",
"datePublished": "2006-08-23T01:00:00",
"dateReserved": "2006-08-22T00:00:00",
"dateUpdated": "2024-08-07T19:06:06.468Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-3922 (GCVE-0-2005-3922)
Vulnerability from cvelistv5 – Published: 2005-11-30 11:00 – Updated: 2024-08-07 23:31
VLAI?
Summary
Heap-based buffer overflow in pskcmp.dll in Panda Software Antivirus library allows remote attackers to execute arbitrary code via a crafted ZOO archive.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:31:48.018Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.rem0te.com/public/images/panda.pdf"
},
{
"name": "ADV-2005-2666",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/2666"
},
{
"name": "15616",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15616"
},
{
"name": "17765",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17765"
},
{
"name": "panda-antivirus-zoo-bo(23276)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23276"
},
{
"name": "20051129 Panda Remote Heap Overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/418096/100/0/threaded"
},
{
"name": "216",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/216"
},
{
"name": "1015295",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015295"
},
{
"name": "21256",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/21256"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-11-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in pskcmp.dll in Panda Software Antivirus library allows remote attackers to execute arbitrary code via a crafted ZOO archive."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-19T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.rem0te.com/public/images/panda.pdf"
},
{
"name": "ADV-2005-2666",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/2666"
},
{
"name": "15616",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15616"
},
{
"name": "17765",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17765"
},
{
"name": "panda-antivirus-zoo-bo(23276)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23276"
},
{
"name": "20051129 Panda Remote Heap Overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/418096/100/0/threaded"
},
{
"name": "216",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/216"
},
{
"name": "1015295",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015295"
},
{
"name": "21256",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/21256"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3922",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in pskcmp.dll in Panda Software Antivirus library allows remote attackers to execute arbitrary code via a crafted ZOO archive."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.rem0te.com/public/images/panda.pdf",
"refsource": "MISC",
"url": "http://www.rem0te.com/public/images/panda.pdf"
},
{
"name": "ADV-2005-2666",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2666"
},
{
"name": "15616",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15616"
},
{
"name": "17765",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17765"
},
{
"name": "panda-antivirus-zoo-bo(23276)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23276"
},
{
"name": "20051129 Panda Remote Heap Overflow",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/418096/100/0/threaded"
},
{
"name": "216",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/216"
},
{
"name": "1015295",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015295"
},
{
"name": "21256",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/21256"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-3922",
"datePublished": "2005-11-30T11:00:00",
"dateReserved": "2005-11-30T00:00:00",
"dateUpdated": "2024-08-07T23:31:48.018Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-3735 (GCVE-0-2009-3735)
Vulnerability from nvd – Published: 2010-02-11 17:00 – Updated: 2024-08-07 06:38
VLAI?
Summary
The ActiveScan Installer ActiveX control in as2stubie.dll before 1.3.3.0 in PandaActiveScan Installer 2.0 in Panda ActiveScan downloads software in an as2guiie.cab archive located at an arbitrary URL, and does not verify the archive's digital signature before installation, which allows remote attackers to execute arbitrary code via a URL argument to an unspecified method.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:38:30.251Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2010-0354",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/0354"
},
{
"name": "MS10-008",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-008"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/MAPG-7QPKL3"
},
{
"name": "38067",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/38067"
},
{
"name": "VU#869993",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/869993"
},
{
"name": "38485",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38485"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-02-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The ActiveScan Installer ActiveX control in as2stubie.dll before 1.3.3.0 in PandaActiveScan Installer 2.0 in Panda ActiveScan downloads software in an as2guiie.cab archive located at an arbitrary URL, and does not verify the archive\u0027s digital signature before installation, which allows remote attackers to execute arbitrary code via a URL argument to an unspecified method."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "ADV-2010-0354",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/0354"
},
{
"name": "MS10-008",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-008"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.kb.cert.org/vuls/id/MAPG-7QPKL3"
},
{
"name": "38067",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/38067"
},
{
"name": "VU#869993",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/869993"
},
{
"name": "38485",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38485"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2009-3735",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The ActiveScan Installer ActiveX control in as2stubie.dll before 1.3.3.0 in PandaActiveScan Installer 2.0 in Panda ActiveScan downloads software in an as2guiie.cab archive located at an arbitrary URL, and does not verify the archive\u0027s digital signature before installation, which allows remote attackers to execute arbitrary code via a URL argument to an unspecified method."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2010-0354",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/0354"
},
{
"name": "MS10-008",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-008"
},
{
"name": "http://www.kb.cert.org/vuls/id/MAPG-7QPKL3",
"refsource": "MISC",
"url": "http://www.kb.cert.org/vuls/id/MAPG-7QPKL3"
},
{
"name": "38067",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/38067"
},
{
"name": "VU#869993",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/869993"
},
{
"name": "38485",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38485"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2009-3735",
"datePublished": "2010-02-11T17:00:00",
"dateReserved": "2009-10-22T00:00:00",
"dateUpdated": "2024-08-07T06:38:30.251Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-3156 (GCVE-0-2008-3156)
Vulnerability from nvd – Published: 2008-07-11 22:00 – Updated: 2024-08-07 09:28
VLAI?
Summary
The ActiveScan ActiveX Control (as2guiie.dll) in Panda ActiveScan before 1.02.00 allows remote attackers to download and execute arbitrary cabinet (CAB) files via unspecified URLs passed to the Update method.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:28:41.440Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2008-2008",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2008/references"
},
{
"name": "30086",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30086"
},
{
"name": "6004",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/6004"
},
{
"name": "20080705 Panda ActiveScan 2.0 remote code execution",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-July/063061.html"
},
{
"name": "30841",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30841"
},
{
"name": "20080704 Panda ActiveScan 2.0 remote code execution",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-July/063068.html"
},
{
"name": "1020432",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1020432"
},
{
"name": "panda-activescan-file-download(43587)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43587"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://karol.wiesek.pl/files/panda.tgz"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-07-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The ActiveScan ActiveX Control (as2guiie.dll) in Panda ActiveScan before 1.02.00 allows remote attackers to download and execute arbitrary cabinet (CAB) files via unspecified URLs passed to the Update method."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2008-2008",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2008/references"
},
{
"name": "30086",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30086"
},
{
"name": "6004",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/6004"
},
{
"name": "20080705 Panda ActiveScan 2.0 remote code execution",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-July/063061.html"
},
{
"name": "30841",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30841"
},
{
"name": "20080704 Panda ActiveScan 2.0 remote code execution",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-July/063068.html"
},
{
"name": "1020432",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1020432"
},
{
"name": "panda-activescan-file-download(43587)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43587"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://karol.wiesek.pl/files/panda.tgz"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3156",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The ActiveScan ActiveX Control (as2guiie.dll) in Panda ActiveScan before 1.02.00 allows remote attackers to download and execute arbitrary cabinet (CAB) files via unspecified URLs passed to the Update method."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2008-2008",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2008/references"
},
{
"name": "30086",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30086"
},
{
"name": "6004",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/6004"
},
{
"name": "20080705 Panda ActiveScan 2.0 remote code execution",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-July/063061.html"
},
{
"name": "30841",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30841"
},
{
"name": "20080704 Panda ActiveScan 2.0 remote code execution",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-July/063068.html"
},
{
"name": "1020432",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020432"
},
{
"name": "panda-activescan-file-download(43587)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43587"
},
{
"name": "http://karol.wiesek.pl/files/panda.tgz",
"refsource": "MISC",
"url": "http://karol.wiesek.pl/files/panda.tgz"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-3156",
"datePublished": "2008-07-11T22:00:00",
"dateReserved": "2008-07-11T00:00:00",
"dateUpdated": "2024-08-07T09:28:41.440Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-3155 (GCVE-0-2008-3155)
Vulnerability from nvd – Published: 2008-07-11 22:00 – Updated: 2024-08-07 09:28
VLAI?
Summary
Stack-based buffer overflow in the ActiveX control (as2guiie.dll) in Panda ActiveScan before 1.02.00 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long argument to the Update method.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:28:41.499Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "panda-activescan-bo(43588)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43588"
},
{
"name": "ADV-2008-2008",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2008/references"
},
{
"name": "30086",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30086"
},
{
"name": "6004",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/6004"
},
{
"name": "20080705 Panda ActiveScan 2.0 remote code execution",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-July/063061.html"
},
{
"name": "30841",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30841"
},
{
"name": "20080704 Panda ActiveScan 2.0 remote code execution",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-July/063068.html"
},
{
"name": "1020432",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1020432"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://karol.wiesek.pl/files/panda.tgz"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-07-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the ActiveX control (as2guiie.dll) in Panda ActiveScan before 1.02.00 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long argument to the Update method."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "panda-activescan-bo(43588)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43588"
},
{
"name": "ADV-2008-2008",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2008/references"
},
{
"name": "30086",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30086"
},
{
"name": "6004",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/6004"
},
{
"name": "20080705 Panda ActiveScan 2.0 remote code execution",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-July/063061.html"
},
{
"name": "30841",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30841"
},
{
"name": "20080704 Panda ActiveScan 2.0 remote code execution",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-July/063068.html"
},
{
"name": "1020432",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1020432"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://karol.wiesek.pl/files/panda.tgz"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3155",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the ActiveX control (as2guiie.dll) in Panda ActiveScan before 1.02.00 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long argument to the Update method."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "panda-activescan-bo(43588)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43588"
},
{
"name": "ADV-2008-2008",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2008/references"
},
{
"name": "30086",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30086"
},
{
"name": "6004",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/6004"
},
{
"name": "20080705 Panda ActiveScan 2.0 remote code execution",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-July/063061.html"
},
{
"name": "30841",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30841"
},
{
"name": "20080704 Panda ActiveScan 2.0 remote code execution",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-July/063068.html"
},
{
"name": "1020432",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020432"
},
{
"name": "http://karol.wiesek.pl/files/panda.tgz",
"refsource": "MISC",
"url": "http://karol.wiesek.pl/files/panda.tgz"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-3155",
"datePublished": "2008-07-11T22:00:00",
"dateReserved": "2008-07-11T00:00:00",
"dateUpdated": "2024-08-07T09:28:41.499Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-1670 (GCVE-0-2007-1670)
Vulnerability from nvd – Published: 2007-05-09 00:00 – Updated: 2024-08-07 13:06
VLAI?
Summary
Panda Software Antivirus before 20070402 allows remote attackers to cause a denial of service (infinite loop) via a ZOO archive with a direntry structure that points to a previous file.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T13:06:25.990Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "multiple-vendor-zoo-dos(34080)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34080"
},
{
"name": "25152",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25152"
},
{
"name": "23823",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/23823"
},
{
"name": "ADV-2007-1700",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/1700"
},
{
"name": "20070504 Multiple vendors ZOO file decompression infinite loop DoS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/467646/100/0/threaded"
},
{
"name": "35845",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/35845"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-04-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Panda Software Antivirus before 20070402 allows remote attackers to cause a denial of service (infinite loop) via a ZOO archive with a direntry structure that points to a previous file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "multiple-vendor-zoo-dos(34080)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34080"
},
{
"name": "25152",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25152"
},
{
"name": "23823",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/23823"
},
{
"name": "ADV-2007-1700",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/1700"
},
{
"name": "20070504 Multiple vendors ZOO file decompression infinite loop DoS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/467646/100/0/threaded"
},
{
"name": "35845",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/35845"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-1670",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Panda Software Antivirus before 20070402 allows remote attackers to cause a denial of service (infinite loop) via a ZOO archive with a direntry structure that points to a previous file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "multiple-vendor-zoo-dos(34080)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34080"
},
{
"name": "25152",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25152"
},
{
"name": "23823",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23823"
},
{
"name": "ADV-2007-1700",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1700"
},
{
"name": "20070504 Multiple vendors ZOO file decompression infinite loop DoS",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/467646/100/0/threaded"
},
{
"name": "35845",
"refsource": "OSVDB",
"url": "http://osvdb.org/35845"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-1670",
"datePublished": "2007-05-09T00:00:00",
"dateReserved": "2007-03-24T00:00:00",
"dateUpdated": "2024-08-07T13:06:25.990Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-4295 (GCVE-0-2006-4295)
Vulnerability from nvd – Published: 2006-08-23 01:00 – Updated: 2024-08-07 19:06
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in ascan_6.asp in Panda ActiveScan 5.53.00 allows remote attackers to inject arbitrary web script or HTML via the email parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:06:06.468Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://lostmon.blogspot.com/2006/08/panda-activescan-xss-vulnerability.html"
},
{
"name": "19471",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/19471"
},
{
"name": "29147",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/29147"
},
{
"name": "1016696",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016696"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-08-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in ascan_6.asp in Panda ActiveScan 5.53.00 allows remote attackers to inject arbitrary web script or HTML via the email parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2006-12-16T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://lostmon.blogspot.com/2006/08/panda-activescan-xss-vulnerability.html"
},
{
"name": "19471",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/19471"
},
{
"name": "29147",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/29147"
},
{
"name": "1016696",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1016696"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4295",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in ascan_6.asp in Panda ActiveScan 5.53.00 allows remote attackers to inject arbitrary web script or HTML via the email parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://lostmon.blogspot.com/2006/08/panda-activescan-xss-vulnerability.html",
"refsource": "MISC",
"url": "http://lostmon.blogspot.com/2006/08/panda-activescan-xss-vulnerability.html"
},
{
"name": "19471",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19471"
},
{
"name": "29147",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/29147"
},
{
"name": "1016696",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016696"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-4295",
"datePublished": "2006-08-23T01:00:00",
"dateReserved": "2006-08-22T00:00:00",
"dateUpdated": "2024-08-07T19:06:06.468Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-3922 (GCVE-0-2005-3922)
Vulnerability from nvd – Published: 2005-11-30 11:00 – Updated: 2024-08-07 23:31
VLAI?
Summary
Heap-based buffer overflow in pskcmp.dll in Panda Software Antivirus library allows remote attackers to execute arbitrary code via a crafted ZOO archive.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:31:48.018Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.rem0te.com/public/images/panda.pdf"
},
{
"name": "ADV-2005-2666",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/2666"
},
{
"name": "15616",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15616"
},
{
"name": "17765",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17765"
},
{
"name": "panda-antivirus-zoo-bo(23276)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23276"
},
{
"name": "20051129 Panda Remote Heap Overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/418096/100/0/threaded"
},
{
"name": "216",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/216"
},
{
"name": "1015295",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015295"
},
{
"name": "21256",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/21256"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-11-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in pskcmp.dll in Panda Software Antivirus library allows remote attackers to execute arbitrary code via a crafted ZOO archive."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-19T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.rem0te.com/public/images/panda.pdf"
},
{
"name": "ADV-2005-2666",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/2666"
},
{
"name": "15616",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15616"
},
{
"name": "17765",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17765"
},
{
"name": "panda-antivirus-zoo-bo(23276)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23276"
},
{
"name": "20051129 Panda Remote Heap Overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/418096/100/0/threaded"
},
{
"name": "216",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/216"
},
{
"name": "1015295",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015295"
},
{
"name": "21256",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/21256"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3922",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in pskcmp.dll in Panda Software Antivirus library allows remote attackers to execute arbitrary code via a crafted ZOO archive."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.rem0te.com/public/images/panda.pdf",
"refsource": "MISC",
"url": "http://www.rem0te.com/public/images/panda.pdf"
},
{
"name": "ADV-2005-2666",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2666"
},
{
"name": "15616",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15616"
},
{
"name": "17765",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17765"
},
{
"name": "panda-antivirus-zoo-bo(23276)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23276"
},
{
"name": "20051129 Panda Remote Heap Overflow",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/418096/100/0/threaded"
},
{
"name": "216",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/216"
},
{
"name": "1015295",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015295"
},
{
"name": "21256",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/21256"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-3922",
"datePublished": "2005-11-30T11:00:00",
"dateReserved": "2005-11-30T00:00:00",
"dateUpdated": "2024-08-07T23:31:48.018Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}