Panda Activescan vulnerabilities

6 known vulnerabilities affecting panda/panda_activescan.

Total CVEs
6
CISA KEV
0
Public exploits
3
Exploited in wild
0
Severity breakdown
CRITICAL3HIGH2MEDIUM1

Vulnerabilities

Page 1 of 1
CVE-2009-3735CRITICALCVSS 9.3v2.02010-02-11
CVE-2009-3735 [CRITICAL] CWE-94 CVE-2009-3735: The ActiveScan Installer ActiveX control in as2stubie.dll before 1.3.3.0 in PandaActiveScan Installe The ActiveScan Installer ActiveX control in as2stubie.dll before 1.3.3.0 in PandaActiveScan Installer 2.0 in Panda ActiveScan downloads software in an as2guiie.cab archive located at an arbitrary URL, and does not verify the archive's digital signature before installation, which allows remote attackers to execute arbitrary code via a URL argument to
nvd
CVE-2008-3155CRITICALCVSS 9.3PoCv2.02008-07-11
CVE-2008-3155 [CRITICAL] CWE-119 CVE-2008-3155: Stack-based buffer overflow in the ActiveX control (as2guiie.dll) in Panda ActiveScan before 1.02.00 Stack-based buffer overflow in the ActiveX control (as2guiie.dll) in Panda ActiveScan before 1.02.00 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long argument to the Update method.
nvd
CVE-2008-3156CRITICALCVSS 9.3PoCv2.02008-07-11
CVE-2008-3156 [CRITICAL] CWE-264 CVE-2008-3156: The ActiveScan ActiveX Control (as2guiie.dll) in Panda ActiveScan before 1.02.00 allows remote attac The ActiveScan ActiveX Control (as2guiie.dll) in Panda ActiveScan before 1.02.00 allows remote attackers to download and execute arbitrary cabinet (CAB) files via unspecified URLs passed to the Update method.
nvd
CVE-2007-1670HIGHCVSS 7.8v5.0v5.53.00+1 more2007-05-09
CVE-2007-1670 [HIGH] CVE-2007-1670: Panda Software Antivirus before 20070402 allows remote attackers to cause a denial of service (infin Panda Software Antivirus before 20070402 allows remote attackers to cause a denial of service (infinite loop) via a ZOO archive with a direntry structure that points to a previous file.
nvd
CVE-2006-4295MEDIUMCVSS 4.3PoCv5.53.002006-08-23
CVE-2006-4295 [MEDIUM] CVE-2006-4295: Cross-site scripting (XSS) vulnerability in ascan_6.asp in Panda ActiveScan 5.53.00 allows remote at Cross-site scripting (XSS) vulnerability in ascan_6.asp in Panda ActiveScan 5.53.00 allows remote attackers to inject arbitrary web script or HTML via the email parameter.
nvd
CVE-2005-3922HIGHCVSS 7.5v5.02005-11-30
CVE-2005-3922 [HIGH] CVE-2005-3922: Heap-based buffer overflow in pskcmp.dll in Panda Software Antivirus library allows remote attackers Heap-based buffer overflow in pskcmp.dll in Panda Software Antivirus library allows remote attackers to execute arbitrary code via a crafted ZOO archive.
nvd