WebRoot SpySweeper protection bypass

Content is blocked only by filename. Multiple archive formats are not supported...

CVE-2006-6961

WebRoot Spy Sweeper 4.5.9 and earlier does not detect malware based on file contents, which allows remote attackers to bypass malware detection by changing a file's name...

CVE-2006-6959

WebRoot Spy Sweeper 4.5.9 and earlier allows local users to bypass the "Startup-Shield" security restrictions by modifying certain registry keys...

CVE-2006-6960

The Compression Sweep feature in WebRoot Spy Sweeper 4.5.9 and earlier does not handle non-ZIP archives, which allows remote attackers to bypass the malware detection via files with 1 RAR, 2 GZ, 3 TAR, 4 CAB, or 5 ACE compression...

CVE-2006-6961

WebRoot Spy Sweeper 4.5.9 and earlier does not detect malware based on file contents, which allows remote attackers to bypass malware detection by changing a file's name...

CVE-2006-6960

The CVE concerns WebRoot Spy Sweeper (Compression Sweep) prior to version 4.5.9 failing to handle non-ZIP archives. Specifically, the feature does not process archives in RAR, GZ, TAR, CAB, or ACE formats, which can allow remote attackers to bypass malware detection. Affected component: Compressi...

CVE-2004-2676

The Spy Sweeper Enterprise Client SpySweeperTray.exe in WebRoot Spy Sweeper before 2.0 does not drop privileges when using the help functionality, which allows local users to gain privileges...

CVE-2006-6960

The Compression Sweep feature in WebRoot Spy Sweeper 4.5.9 and earlier does not handle non-ZIP archives, which allows remote attackers to bypass the malware detection via files with 1 RAR, 2 GZ, 3 TAR, 4 CAB, or 5 ACE compression...

CVE-2006-6961

WebRoot Spy Sweeper 4.5.9 and earlier fails to detect malware based on file contents, allowing remote attackers to bypass malware detection by renaming a file. Connected documents specify that detection is blocked only by filename and that multiple archive formats are not supported. Affected prod...

CVE-2006-6959

WebRoot Spy Sweeper 4.5.9 and earlier allows local users to bypass the "Startup-Shield" security restrictions by modifying certain registry keys...

CVE-2006-6959

The CVE-2006-6959 entry concerns WebRoot Spy Sweeper (4.5.9 and earlier). The vulnerability allows local users to bypass the Startup-Shield security restrictions by modifying certain registry keys, i.e., a local-privilege impact via registry edits. The available documents specify the affected pro...

Webroot SpySweeper Enterprise Detection

This plugin checks that the remote host has Webroot Spy Sweeper Enterprise installed and properly running, and makes sure that the latest Vdefs are loaded. C Tenable Network Security, Inc. This script has been rewritten by Montgomery County Original script was written by Jeff Adams and Tenable...

Scry Gallery Directory Traversal & Full Path Disclosure Vulnerabilites

Software : Scry Gallery WebSite :http://scry.org/ discovred by :Moroccan Security Team + Directory Traversal : A remote attacker may employ directory traversal strings '../' to access arbitrary files outside of the webroot directory. This flaw is due to an input validation error in the "index.php...

CVE-2005-3197

Stack-based buffer overflow in PWIWrapper.dll for Webroot Desktop Firewall before 1.3.0build52 allows local users to execute arbitrary code as SYSTEM by sending a crafted DeviceIoControl command, then removing an allowed program from the firewall list...

CVE-2005-3198

Webroot Desktop Firewall before 1.3.0build52 allows local users to disable the firewall, even when password protection is enabled, via certain DeviceIoControl commands...

CVE-2005-3197

The CVE-2005-3197 entry describes a stack-based buffer overflow in PWIWrapper.dll used by Webroot Desktop Firewall prior to 1.3.0build52. The vulnerability allows a local user to execute arbitrary code with SYSTEM privileges by sending a crafted DeviceIoControl command and then removing an allowe...

CVE-2005-3198

Webroot Desktop Firewall before 1.3.0build52 allows local users to disable the firewall, even when password protection is enabled, via certain DeviceIoControl commands...

CVE-2005-3198

CVE-2005-3198 concerns Webroot Desktop Firewall prior to 1.3.0build52. The issue allows local users to disable the firewall, even when password protection is enabled, via certain DeviceIoControl commands. The CVSS vector indicates local access, low attack complexity, no authentication, with parti...

CVE-2005-3197

Stack-based buffer overflow in PWIWrapper.dll for Webroot Desktop Firewall before 1.3.0build52 allows local users to execute arbitrary code as SYSTEM by sending a crafted DeviceIoControl command, then removing an allowed program from the firewall list...

Webroot Desktop Firewall buffer overflow

Buffer overflow on deleting application from the list of allowed programs. It's possible for non-privileged users to disable the firewall even when password protection has been enabled, by sending specific DeviceIoControl commands to the firewall driver...