31 matches found
EUVD-2012-3457
Malware in sbrugna...
EUVD-2012-4592
Malware in sbrugna...
CVE-2012-3501
The squidclamavcheckpreviewhandler function in squidclamav.c in SquidClamav 5.x before 5.8 and 6.x before 6.7 passes an unescaped URL to a system command call, which allows remote attackers to cause a denial of service daemon crash via a URL with certain characters, as demonstrated using %0D or %...
Gentoo Security Advisory GLSA 201209-08 (squidclamav)
The remote host is missing updates announced in advisory GLSA 201209-08. SPDX-FileCopyrightText: 2012 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only OR GPL-3.0-only...
Gentoo Security Advisory GLSA 201209-08 (squidclamav)
The remote host is missing updates announced in advisory GLSA 201209-08. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2012 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...
GLSA-201209-08 : SquidClamav: Denial of Service
The remote host is affected by the vulnerability described in GLSA-201209-08 SquidClamav: Denial of Service SquidClamav does not properly escape URLs before passing them to the system command call. Impact : A remote attacker could send a specially crafted URL to SquidClamav, possibly resulting in...
SquidClamav: Denial of service
Background SquidClamav is a HTTP anti-virus for Squid based on ClamAV and ICAP. Description SquidClamav does not properly escape URLs before passing them to the system command call. Impact A remote attacker could send a specially crafted URL to SquidClamav, possibly resulting in a Denial of Servi...
SquidClamav Multiple XSS Vulnerabilities
SquidClamav is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...
SquidClamAv Detection
Detection of SquidClamAv. The script sends a connection request to the server and attempts to extract the version number from the reply. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right...
SquidClamav URL Parsing DoS Vulnerability
SquidClamav is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:darold:squidclamav...
SquidClamav Specially Crafted Character Parsing Remote DoS
The version of SquidClamav installed on the remote host is affected by a remote denial of service DoS vulnerability because it fails to properly escape URL's in system command calls. Specially crafted URL's with characters such as %0D or %0A can cause the daemon to crash. %NASLMINLEVEL 70300 C...
SquidClamav clwarn.cgi url Parameter XSS
The version of SquidClamav installed on the remote host is affected by a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input to the 'url' parameter of the 'clwarn.cgi' script. An attacker may leverage this issue to execute arbitrary script in the browser o...
SquidClamav Detection
The remote web server hosts SquidClamav, an antivirus for Squid proxy based on the ClamAV antivirus toolkit. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid62029; scriptversion"1.2"; scriptcvsdate"Date: 2019/11/22"; scriptnameenglish:"SquidClamav Detection";...
FreeBSD Ports: squidclamav
The remote host is missing an update to the system as announced in the referenced advisory. VID 8defa0f9-ee8a-11e1-8bd8-0022156e8794 OpenVAS Vulnerability Test $ Description: Auto generated from VID 8defa0f9-ee8a-11e1-8bd8-0022156e8794 Authors: Thomas Reinke Copyright: Copyright c 2012 E-Soft Inc...
FreeBSD Ports: squidclamav
The remote host is missing an update to the system as announced in the referenced advisory. VID ce680f0a-eea6-11e1-8bd8-0022156e8794 OpenVAS Vulnerability Test $ Description: Auto generated from VID ce680f0a-eea6-11e1-8bd8-0022156e8794 Authors: Thomas Reinke Copyright: Copyright c 2012 E-Soft Inc...
FreeBSD Ports: squidclamav
The remote host is missing an update to the system as announced in the referenced advisory. SPDX-FileCopyrightText: 2012 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...
FreeBSD Ports: squidclamav
The remote host is missing an update to the system as announced in the referenced advisory. SPDX-FileCopyrightText: 2012 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...
FreeBSD : squidclamav -- XSS in default virus warning pages (ce680f0a-eea6-11e1-8bd8-0022156e8794)
SquidClamav developers report : This release fix several security issues by escaping CGI parameters. Prior to versions 6.7 and 5.8, CGI script clwarn.cgi was not properly sanitizing input variables, so they could be used to inject arbitrary strings to the generated page, leading to the cross-site...
FreeBSD : squidclamav -- Denial of Service (8defa0f9-ee8a-11e1-8bd8-0022156e8794)
SquidClamav developers report : Add a workaround for a squidGuard bug that unescape the URL and send it back unescaped. This result in garbage staying into pipe of the system command call and could crash squidclamav on next read or return false information. This is specially true with URL...
CVE-2012-4667
Multiple cross-site scripting XSS vulnerabilities in SquidClamav 5.x before 5.8 allow remote attackers to inject arbitrary web script or HTML via the 1 url, 2 virus, 3 source, or 4 user parameter to a clwarn.cgi, b clwarn.cgi.deDE, c clwarn.cgi.enEN, d clwarn.cgi.frFR, e clwarn.cgi.ptBR, or f...