4113 matches found
E-scan antiviral products weak permissions
Weak installation folder permissions...
CVE-2007-4324
ActionScript 3 AS3 in Adobe Flash Player 9.0.47.0, and other versions and other 9.0.124.0 and earlier versions, allows remote attackers to bypass the Security Sandbox Model, obtain sensitive information, and port scan arbitrary hosts via a Flash SWF movie that specifies a connection to make, then...
Design/Logic Flaw
ActionScript 3 AS3 in Adobe Flash Player 9.0.47.0, and other versions and other 9.0.124.0 and earlier versions, allows remote attackers to bypass the Security Sandbox Model, obtain sensitive information, and port scan arbitrary hosts via a Flash SWF movie that specifies a connection to make, then...
CVE-2007-4324
Summary: CVE-2007-4324 affects Adobe Flash Player (and related Flash plugins) where ActionScript/Flash content could be used to determine open ports on a target via timing discrepancies in SecurityErrorEvent handling. Connected advisories (RHSA/RHSA sub-pages) confirm this issue as part of multip...
CVE-2007-4324
ActionScript 3 AS3 in Adobe Flash Player 9.0.47.0, and other versions and other 9.0.124.0 and earlier versions, allows remote attackers to bypass the Security Sandbox Model, obtain sensitive information, and port scan arbitrary hosts via a Flash SWF movie that specifies a connection to make, then...
Buffer overflow
Buffer overflow in a certain ActiveX control in the NixonMyPrograms class in sasatl.dll 1.5.0.531 in Zenturi ProgramChecker allows remote attackers to execute arbitrary code via a long argument to the Scan method. NOTE: this is probably a different issue than CVE-2007-2987...
Symantec AntiVirus Malformed RAR and CAB Compression Type Bypass
SUMMARY Two vulnerabilities have been identified in the Symantec Decomposer component used to decompose some types of archive content while scanning for malicious content. Risk Impact High Remote Access | Yes ---|--- Local Access | No Authentication Required | No Exploit publicly available | No...
DSA-1320-1 clamav
Bulletin has no description...
F-Secure多个杀毒产品LHA及RAR文档绕过安全扫描漏洞
F-Secure Internet Gatekeeper和F-Secure Anti-Virus都是芬兰的一家杀毒软件厂商所发布的杀毒产品。 F-Secure的这些防病病毒工具处理畸形LHA和RAR文档时存在漏洞,远程攻击者可能利用此漏洞绕过扫描检测。 如果LHA和RAR文件设置了畸形的文档文件头的话,这些文件就可能绕过F-Secure产品的杀毒扫描,导致在用户系统上执行非授权操作。 F-Secure Anti-Virus for Workstations 7.00 F-Secure Anti-Virus for Windows Servers 7.00 F-Secure...
security flaw
The FTP protocol implementation in Mozilla Firefox before 1.5.0.11 and 2.x before 2.0.0.3 allows remote attackers to force the client to connect to other servers, perform a proxied port scan, or obtain sensitive information by specifying an alternate server address in an FTP PASV response...
FTP Server Zipped .avi File Detection
Binary data 4046.prm...
Symantec Enterprise Security Manager曲解信息拒绝服务漏洞
Symantec Enterprise Security Manager ESM可以在整个企业范围内为关键性应用程序和服务器自动搜索发现其漏洞隐患和不符合安全策略的设定。 Symantec Enterprise Security Manager在接收到部分网络扫描时存在问题,远程攻击者可以利用漏洞对应用程序进行拒绝服务攻击,导致使用100%CPU利用率。 目前没有详细漏洞细节提供。 Symantec Enterprise Security Manager 6.5.3 厂商解决方案 可参考如下安全公告获得补丁信息:...
BlueArc Titan storage server FTP bounce attack
Bounced port scan is possible...
Mandrake Linux Security Advisory : kdelibs (MDKSA-2007:072)
The FTP protocol implementation in Konqueror 3.5.5 allows remote servers to force the client to connect to other servers, perform a proxied port scan, or obtain sensitive information by specifying an alternate server address in a FTP PASV command. Updated packages have been patched to address thi...
USN-443-1: Firefox vulnerability
A flaw was discovered in how Firefox handled PASV FTP responses. If a user were tricked into visiting a malicious FTP server, a remote attacker could perform a port-scan of machines within the user's network, leading to private information disclosure...
Firefox < 1.5.0.11 / 2.0.0.3 Multiple Vulnerabilities
The FTP client support in the installed version of Firefox has a flaw that could allow a remote attacker with control of an FTP server to perform a rudimentary port scan of, for example, the user's internal network. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid2487...
CVE-2007-1591
VsapiNT.sys in the Scan Engine 8.0 for Trend Micro AntiVirus 14.10.1041, and other products, allows remote attackers to cause a denial of service kernel fault and system crash via a crafted UPX file with a certain field that triggers a divide-by-zero error...
CVE-2007-1591
CVE-2007-1591 affects Trend Micro’s VsapiNT.sys in the Scan Engine 8.0 (Trend Micro Antivirus 14.10.1041 and similar products). A crafted UPX-packed file triggers a divide-by-zero error in VsapiNT.sys, causing a kernel fault and remote denial of service (system crash). Public references describe ...
CVE-2007-1563
The FTP protocol implementation in Opera 9.10 allows remote attackers to allows remote servers to force the client to connect to other servers, perform a proxied port scan, or obtain sensitive information by specifying an alternate server address in an FTP PASV response...
Design/Logic Flaw
The FTP protocol implementation in Opera 9.10 allows remote attackers to allows remote servers to force the client to connect to other servers, perform a proxied port scan, or obtain sensitive information by specifying an alternate server address in an FTP PASV response...