CVE
Vendors
Products
Updated
CVSS v2
CVSS v3
Antivirus_and_antispyware, Compusec, Cyber_security, Deslock+_pro, Endpoint_antivirus, Endpoint_encryption, File_security, Full_disk_encryption, Mail_security, Nod32
2017-09-29
N/A
N/A
easdrv.sys in ESET Smart Security 3.0.667.0 allows local users to cause a denial of service (crash) via a crafted IOCTL 0x222003 request to the .easdrv device interface.
Cyberoamos, Cyberoam, Anti-virus7.6.3, Anti-virus_for_sophos_central, Anti-virus_for_sophos_home, Astaro_security_gateway, Astaro_security_gateway_firmware, Cloud_optix, Cyberoam_cr100ing_utm, Cyberoam_cr100ing_utm_firmware
2017-08-17
N/A
N/A
The installation of Sophos PureMessage for Microsoft Exchange 3.0 before 3.0.2, when both anti-virus and anti-spam are supported, does not create or launch the associated scan engines when the system is under heavy load, which has unspecified impact, probably remote bypass of scanner protection or a denial of service (message loss or delay).
Cyberoamos, Cyberoam, Anti-virus7.6.3, Anti-virus_for_sophos_central, Anti-virus_for_sophos_home, Astaro_security_gateway, Astaro_security_gateway_firmware, Cloud_optix, Cyberoam_cr100ing_utm, Cyberoam_cr100ing_utm_firmware
2017-08-17
N/A
N/A
Sophos PureMessage for Microsoft Exchange 3.0 before 3.0.2 allows remote attackers to cause a denial of service (EdgeTransport.exe termination) via a TNEF-encoded message with a crafted rich text body that is not properly handled during conversion to plain text. NOTE: this might be related to CVE-2008-7104.
Cyberoamos, Cyberoam, Anti-virus7.6.3, Anti-virus_for_sophos_central, Anti-virus_for_sophos_home, Astaro_security_gateway, Astaro_security_gateway_firmware, Cloud_optix, Cyberoam_cr100ing_utm, Cyberoam_cr100ing_utm_firmware
2017-08-17
N/A
N/A
Sophos PureMessage Scanner service (PMScanner.exe) in PureMessage for Microsoft Exchange 3.0 before 3.0.2 allows remote attackers to cause a denial of service (message queue delay and incomplete spam rule update) via a crafted (1) RTF or (2) PDF file.
Stack-based buffer overflow in an ActiveX control in najdisitoolbar.dll in Najdi.si Toolbar 2.0.4.1 allows remote attackers to cause a denial of service (browser crash) or execute arbitrary code via a long Document.Location property value.
DotNetNuke 2.0 through 4.8.4 allows remote attackers to load .ascx files instead of skin files, and possibly access privileged functionality, via unknown vectors related to parameter validation.
Unspecified vulnerability in DotNetNuke 4.0 through 4.8.4 and 5.0 allows remote attackers to obtain sensitive information (portal number) by accessing the install wizard page via unknown vectors.
Unspecified vulnerability in DotNetNuke 4.4.1 through 4.8.4 allows remote authenticated users to bypass authentication and gain privileges via unknown vectors related to a "unique id" for user actions and improper validation of a "user identity."
Unspecified vulnerability in the Manage Templates feature in Qsoft K-Rate Premium allows remote attackers to execute arbitrary PHP code via unknown vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Multiple cross-site scripting (XSS) vulnerabilities in Qsoft K-Rate Premium allow remote attackers to inject arbitrary web script or HTML via the blog, possibly the (1) Title and (2) Text fields; (3) the gallery, possibly the Description field in Your Pictures; (4) the forum, possibly the Your Message field when posting a new thread; or (5) the vote parameter in a view action to index.php. NOTE: some of these details are obtained from third party information.