Panda Security 3.0 with registry editing disabled allows users to edit the registry and gain privileges by directly executing a .reg file or using other methods.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| panda | panda_security | 3.0 |
Panda Security 3.0 allows users to uninstall the Panda software via its Add/Remove Programs applet.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| panda | panda_security | 3.0 |
The Panda Antivirus console on port 2001 allows local users to execute arbitrary commands without authentication via the CMD command.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| panda | panda_antivirus | 2.0 |
Panda Antivirus Platinum before 6.23.00 allows a remore attacker to cause a denial of service (crash) when a user selects an action for a malformed UPX packed executable file.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| panda | panda_antivirus_platinum | * |
Buffer overflow in ascontrol.dll in Panda ActiveScan 5.0 allows remote attackers to execute arbitrary code via the Internacional property followed by a long string.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| panda | activescan | 5.0 |
ascontrol.dll in Panda ActiveScan 5.0 allows remote attackers to cause a denial of service (crash) by calling the SetSitesFile function.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| panda | activescan | 5.0 |
Multiple interpretation error in Panda Titanium 2005 4.02.01 allows remote attackers to bypass virus scanning via a file such as BAT, HTML, and EML with an "MZ" magic byte sequence which is normally associated with EXE, which causes the file to be treated as a safe type that could still be executed as a dangerous file type by applications on the end system, as demonstrated by a "triple headed" program that contains EXE, EML, and HTML content, aka the "magic byte bug."
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| panda | titanium_2005 | 4.02.01 |
Heap-based buffer overflow in pskcmp.dll in Panda Software Antivirus library allows remote attackers to execute arbitrary code via a crafted ZOO archive.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| panda | panda_exchangesecure | * |
| panda | panda_businessecure_antivirus | * |
| panda | panda_antivirus | 2.0 |
| panda | panda_filesecure | * |
| panda | panda_panda_enterprisecure_antivirus | * |
| panda | panda_webadmin | * |
| panda | panda_titanium | * |
| panda | panda_truprevent_personal | 2006 |
| panda | panda_clientshield_with_truprevent_technologies | * |
| panda | panda_titanium_2005_antivirus | * |
| panda | panda_enterprisecure_with_truprevent_technologies | * |
| panda | panda_truprevent_personal | 2005 |
| panda | panda_filesecure_with_truprevent_technologies | * |
| panda | panda_gatedefender | * |
| panda | panda_antivirus_platinum | 2.0 |
| panda | panda_titanium_2006_antivirus_+_antispyware | * |
| panda | panda_isa_secure | * |
| panda | panda_activescan | 5.0 |
| panda | panda_platinum_2006_internet_security | * |
| panda | panda_security | 3.0 |
Buffer overflow in Panda Antivirus before 20070720 allows remote attackers to execute arbitrary code via a crafted EXE file, resulting from an "Integer Cast Around."
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| panda | panda_antivirus | * |
The ActiveScan Installer ActiveX control in as2stubie.dll before 1.3.3.0 in PandaActiveScan Installer 2.0 in Panda ActiveScan downloads software in an as2guiie.cab archive located at an arbitrary URL, and does not verify the archive's digital signature before installation, which allows remote attackers to execute arbitrary code via a URL argument to an unspecified method.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-94,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| panda | panda_activescan | 2.0 |