JVN#66077895 Virus Security and Virus Security ZERO denial of service (DoS) vulnerability

Virus Security and Virus Security ZERO are anti-virus software provided by SOURCENEXT CORPORATION. Virus Security and Virus Security ZERO contain a denial of service DoS vulnerability as they do not properly handle malicious compressed files when scanning. Impact The software may not function aft...

ClamAV antivirus DoS

Uninitialized memory reference on Petite-copmpressed files parsing...

CVE-2007-6336

Off-by-one error in ClamAV before 0.92 allows remote attackers to execute arbitrary code via a crafted MS-ZIP compressed CAB file...

[SECURITY] Fedora 7 Update: ntfs-3g-1.913-2.fc7

The ntfs-3g driver is an open source, GPL licensed, third generation Linux NTFS driver. It provides full read-write access to NTFS, excluding access to encrypted files, writing compressed files, changing file ownership, access right. Technically it=E2=80=99s based on and a major improvement to th...

Design/Logic Flaw

BES before 3.5.0 in OPeNDAP 4 Hydrax before 1.2.1 does not properly handle compressed files, which allows remote attackers to upload arbitrary files or execute arbitrary commands via a crafted compressed file...

CVE-2007-2769

BES before 3.5.0 in OPeNDAP 4 Hydrax before 1.2.1 does not properly handle compressed files, which allows remote attackers to upload arbitrary files or execute arbitrary commands via a crafted compressed file...

CVE-2007-2769

BES before 3.5.0 in OPeNDAP 4 Hydrax before 1.2.1 does not properly handle compressed files, which allows remote attackers to upload arbitrary files or execute arbitrary commands via a crafted compressed file...

ClamAV antivirus buffer overflow

Buffer overflow on parsing UPX-compressed PE files...

CVE-2006-0642

Technical details about CVE-2006-0642 are not publicly provided in the connected documents. No explicit affected products/versions/exploit info are present. Monitor for updated advisories to obtain concrete risk, impact, and remediation guidance.

Multiple Symantec Antivirus products buffer overflow

Heap memory buffer overflow on UPX compressed files and RAR archives...

FreeBSD : xloadimage -- arbitrary command execution when handling compressed files (310d0087-0fde-4929-a41f-96f17c5adffe)

Tavis Ormandy discovered that xli and xloadimage attempt to decompress images by piping them through gunzip or similar decompression tools. Unfortunately, the unsanitized file name is included as part of the command. This is dangerous, as in some situations, such as mailcap processing, an attacke...

CVE-2004-0935

Eset Anti-Virus before 1.020 16th September 2004 allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system...

CVE-2004-0932

McAfee Anti-Virus Engine DATS drivers before 4398 released on Oct 13th 2004 and DATS Driver before 4397 October 6th 2004 allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from bei...

CVE-2004-0934

Kaspersky 3.x to 4.x allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system...

CVE-2004-1096

Archive::Zip Perl module before 1.14, when used by antivirus programs such as amavisd-new, allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system...

CVE-2004-1096

Archive::Zip Perl module before 1.14, when used by antivirus programs such as amavisd-new, allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system...

CVE-2004-0933

Computer Associates CA InoculateIT 6.0, eTrust Antivirus r6.0 through r7.1, eTrust Antivirus for the Gateway r7.0 and r7.1, eTrust Secure Content Manager, eTrust Intrusion Detection, EZ-Armor 2.0 through 2.4, and EZ-Antivirus 6.1 through 6.3 allow remote attackers to bypass antivirus protection v...

CVE-2004-0936

CVE-2004-0936 refers to a ZIP header manipulation vulnerability affecting anti-virus engines (notably RAV) where both local and global ZIP headers can be set to zero, allowing a compressed file to bypass protection and still be opened. The connected sources describe a proof-of-concept and public ...

CVE-2004-0937

Sophos Anti-Virus before 3.87.0, and Sophos Anti-Virus for Windows 95, 98, and Me before 3.88.0, allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target...

ISC BIND 8.2.2-P5 - Denial of Service

source: https://www.securityfocus.com/bid/1923/info BIND is the Berkeley Internet Name Daemon, a free Name Resolution software package maintained by the Internet Software Consortium. A Denial of Service exists in current implementations. The problem occurs in the Compressed Zone Transfer ZXFR...