CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Panda : Security Vulnerabilities

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2009-3735 94 Exec Code 2010-02-11 2010-11-03
9.3
None Remote Medium Not required Complete Complete Complete
The ActiveScan Installer ActiveX control in as2stubie.dll before 1.3.3.0 in PandaActiveScan Installer 2.0 in Panda ActiveScan downloads software in an as2guiie.cab archive located at an arbitrary URL, and does not verify the archive's digital signature before installation, which allows remote attackers to execute arbitrary code via a URL argument to an unspecified method.
2 CVE-2008-3156 264 1 2008-07-11 2008-09-05
9.3
None Remote Medium Not required Complete Complete Complete
The ActiveScan ActiveX Control (as2guiie.dll) in Panda ActiveScan before 1.02.00 allows remote attackers to download and execute arbitrary cabinet (CAB) files via unspecified URLs passed to the Update method.
3 CVE-2008-3155 119 1 DoS Exec Code Overflow 2008-07-11 2008-09-05
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in the ActiveX control (as2guiie.dll) in Panda ActiveScan before 1.02.00 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long argument to the Update method.
4 CVE-2008-1471 399 DoS Exec Code 2008-03-24 2009-09-01
7.2
Admin Local Low Not required Complete Complete Complete
The cpoint.sys driver in Panda Internet Security 2008 and Antivirus+ Firewall 2008 allows local users to cause a denial of service (system crash or kernel panic), overwrite memory, or execute arbitrary code via a crafted IOCTL request that triggers an out-of-bounds write of kernel memory.
5 CVE-2007-4191 2007-08-07 2008-09-05
6.9
Admin Local Medium Not required Complete Complete Complete
Panda Antivirus 2008 stores service executables under the product's installation directory with weak permissions, which allows local users to obtain LocalSystem privileges by modifying PAVSRV51.EXE or other unspecified files, a related issue to CVE-2006-4657.
6 CVE-2007-3969 Exec Code Overflow 2007-07-25 2008-09-10
9.3
Admin Remote Medium Not required Complete Complete Complete
Buffer overflow in Panda Antivirus before 20070720 allows remote attackers to execute arbitrary code via a crafted EXE file, resulting from an "Integer Cast Around."
7 CVE-2007-3026 Exec Code Overflow 2007-07-25 2008-11-15
9.3
Admin Remote Medium Not required Complete Complete Complete
Integer overflow in Panda Software AdminSecure allows remote attackers to execute arbitrary code via crafted packets with modified length values to TCP ports 19226 or 19227, resulting in a heap-based buffer overflow.
8 CVE-2007-1673 399 DoS 2007-05-08 2008-11-21
7.8
None Remote Low Not required None None Complete
unzoo.c, as used in multiple products including AMaViS 2.4.1 and earlier, allows remote attackers to cause a denial of service (infinite loop) via a ZOO archive with a direntry structure that points to a previous file.
9 CVE-2007-1670 DoS 2007-05-08 2012-11-05
7.8
None Remote Low Not required None None Complete
Panda Software Antivirus before 20070402 allows remote attackers to cause a denial of service (infinite loop) via a ZOO archive with a direntry structure that points to a previous file.
10 CVE-2006-5967 Exec Code Mem. Corr. 2006-11-17 2008-09-05
5.1
User Remote High Not required Partial Partial Partial
Race condition in Panda ActiveScan 5.53.00, and other versions before 5.54.01, allows remote attackers to cause memory corruption and execute arbitrary code via unknown vectors related to multiple invocations of the Analizar method in the ActiveScan.1 ActiveX control, which is not thread safe.
11 CVE-2006-5966 399 2006-11-17 2011-08-23
6.4
None Remote Low Not required Partial None Partial
Panda ActiveScan 5.53.00, and other versions before 5.54.01, allows remote attackers to (1) reboot the system using the Reinicializar method in the ActiveScan.1 ActiveX control, or (2) determine arbitrary file existence and size via the ObtenerTamano method in the PAVPZ.SOS.1 ActiveX control.
12 CVE-2006-4659 CSRF 2006-09-08 2008-09-05
5.0
None Remote Low Not required None Partial None
The Panda Platinum Internet Security 2006 10.02.01 and 2007 11.00.00 uses predictable URLs for the spam classification of each message, which allows remote attackers to cause Panda to classify arbitrary messages as spam via a web page that contains IMG tags with the predictable URLs. NOTE: this issue could also be regarded as a cross-site request forgery (CSRF) vulnerability.
13 CVE-2006-4658 2006-09-08 2008-09-05
5.0
None Remote Low Not required Partial None None
Panda Platinum Internet Security 2006 10.02.01 and 2007 11.00.00 uses sequential message numbers in generated URLs that are not filtered if the user replies to a message, which might allow remote attackers to determine mail usage patterns.
14 CVE-2006-4657 2006-09-08 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
Panda Platinum Internet Security 2006 10.02.01 and 2007 11.00.00 stores service executables under the product's installation directory with weak permissions, which allows local users to obtain LocalSystem privileges by modifying (1) WebProxy.exe or (2) PAVSRV51.EXE.
15 CVE-2006-4295 XSS 2006-08-22 2008-09-05
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in ascan_6.asp in Panda ActiveScan 5.53.00 allows remote attackers to inject arbitrary web script or HTML via the email parameter.
16 CVE-2005-3922 Exec Code Overflow 2005-11-30 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Heap-based buffer overflow in pskcmp.dll in Panda Software Antivirus library allows remote attackers to execute arbitrary code via a crafted ZOO archive.
17 CVE-2005-3380 Bypass 2005-10-30 2008-09-05
5.0
None Remote Low Not required None Partial None
Multiple interpretation error in Panda Titanium 2005 4.02.01 allows remote attackers to bypass virus scanning via a file such as BAT, HTML, and EML with an "MZ" magic byte sequence which is normally associated with EXE, which causes the file to be treated as a safe type that could still be executed as a dangerous file type by applications on the end system, as demonstrated by a "triple headed" program that contains EXE, EML, and HTML content, aka the "magic byte bug."
18 CVE-2005-3230 Bypass 2005-10-14 2008-09-05
5.1
None Remote High Not required Partial Partial Partial
Multiple interpretation error in unspecified versions of Panda Antivirus allows remote attackers to bypass virus detection via a malicious executable in a specially crafted RAR file with malformed central and local headers, which can still be opened by products such as Winrar and PowerZip, even though they are rejected as corrupted by Winzip and BitZipper.
19 CVE-2004-1905 DoS 2004-12-31 2008-09-05
5.0
None Remote Low Not required None None Partial
ascontrol.dll in Panda ActiveScan 5.0 allows remote attackers to cause a denial of service (crash) by calling the SetSitesFile function.
20 CVE-2004-1904 Exec Code Overflow 2004-12-31 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in ascontrol.dll in Panda ActiveScan 5.0 allows remote attackers to execute arbitrary code via the Internacional property followed by a long string.
21 CVE-2001-1149 DoS 2001-08-21 2008-09-05
5.0
None Remote Low Not required None None Partial
Panda Antivirus Platinum before 6.23.00 allows a remore attacker to cause a denial of service (crash) when a user selects an action for a malformed UPX packed executable file.
22 CVE-2000-0541 Exec Code 2000-06-17 2008-09-10
7.2
Admin Local Low Not required Complete Complete Complete
The Panda Antivirus console on port 2001 allows local users to execute arbitrary commands without authentication via the CMD command.
23 CVE-2000-0265 2000-04-17 2008-09-10
4.6
User Local Low Not required Partial Partial Partial
Panda Security 3.0 allows users to uninstall the Panda software via its Add/Remove Programs applet.
24 CVE-2000-0264 +Priv 2000-04-17 2008-09-10
2.1
None Local Low Not required None Partial None
Panda Security 3.0 with registry editing disabled allows users to edit the registry and gain privileges by directly executing a .reg file or using other methods.
Total number of vulnerabilities : 24   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.