[CLOSE] OSVDB ID : 79420 - Disclosed: 2012-02-21

Description:

F*EX (Frams' Fast File EXchange) contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the 'id' and 'from' parameters upon submission to the '/fup' script. This may allow a user to create a specially crafted request that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 73448 - Disclosed: 2011-06-13

Description:

(Description Provided by CVE) : Frams's Fast File EXchange (F*EX, aka fex) 20100208, and possibly other versions before 20110610, allows remote attackers to bypass authentication and upload arbitrary files via a request that lacks an authentication ID.

[CLOSE] OSVDB ID : 84085 - Disclosed: 2011-08-08

Description:

F*EX (Frams' Fast File EXchange) contains a flaw in 'dop' that is triggered when an error occurs during the handling of the lib or spool directories. No further details have been provided.

[CLOSE] OSVDB ID : 84082 - Disclosed: 2009-02-15

Description:

F*EX (Frams' Fast File EXchange) contains a flaw that may allow a local denial of service. The issue is triggered when handling loops created by a symlink in the dop subsystem. This may allow a local attacker to cause a loss of availability for the program.

[CLOSE] OSVDB ID : 84084 - Disclosed: 2011-06-05

Description:

F*EX (Frams' Fast File EXchange) contains a flaw that is triggered during the handling of a forwarded fup file. No further details have been provided.

[CLOSE] OSVDB ID : 84056 - Disclosed: 2012-02-15

Description:

F*EX (Frams' Fast File EXchange) contains an unspecified flaw that is triggered when an error occurs in MIME-type during the handling of text and html. No further details have been provided.

[CLOSE] OSVDB ID : 83897 - Disclosed: 2012-07-15

Description:

F*EX (Frams' Fast File EXchange) contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate certain unspecified input before returning it to the user. This may allow a user to create a specially crafted request that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 80421 - Disclosed: 2012-03-19

Description:

F-Prot Antivirus contains a flaw related to the anti-virus / anti-malware scanning functionality. This may allow a context-dependent attacker to use a specially crafted ELF file in order to bypass the scanning functionality, allowing for the delivery of malware.

[CLOSE] OSVDB ID : 80451 - Disclosed: 2012-03-19

Description:

F-Prot Antivirus contains a flaw related to the anti-virus / anti-malware scanning functionality. The issue is triggered when a context-dependent attacker sends a malformed RAR file with an initial MZ sequence. This type of file will not be handled properly by the software and may allow an attacker to bypass the scanning allowing for the delivery of malware.

[CLOSE] OSVDB ID : 80406 - Disclosed: 2012-03-19

Description:

F-Prot Antivirus contains a flaw related to the anti-virus / anti-malware scanning functionality. This may allow a context-dependent attacker to use a specially crafted TAR file in order to bypass the scanning functionality, allowing for the delivery of malware.

[CLOSE] OSVDB ID : 80494 - Disclosed: 2012-03-19

Description:

F-Prot Antivirus contains a flaw related to the anti-virus / anti-malware scanning functionality. The issue is triggered when a context-dependent attacker sends a malformed TGZ (.tar.gz) file with stray bytes at the end. This type of file will not be handled properly by the software and may allow an attacker to bypass the scanning allowing for the delivery of malware.

[CLOSE] OSVDB ID : 4183 - Disclosed: 2004-03-10

Description:

(Description Provided by CVE) : Unknown vulnerability in F-Secure Anti-Virus (FSAV) 4.52 for Linux before Hotfix 3 allows the Sober.D worm to bypass FASV.

[CLOSE] OSVDB ID : 36725 - Disclosed: 2007-05-30

Description:

(Description Provided by CVE) : Multiple F-Secure anti-virus products for Microsoft Windows and Linux before 20070522 allow remote attackers to cause a denial of service (file scanning infinite loop) via certain crafted (1) ARJ archives or (2) FSG packed files.

[CLOSE] OSVDB ID : 34764 - Disclosed: 2007-03-18

Description:

(Description Provided by CVE) : Format string vulnerability in F-Secure Anti-Virus Client Security 6.02 allows local users to cause a denial of service and possibly gain privileges via format string specifiers in the Management Server name field on the Communication settings page.

[CLOSE] OSVDB ID : 36728 - Disclosed: 2007-06-19

Description:

(Description Provided by CVE) : Multiple F-Secure anti-virus products for Microsoft Windows and Linux before 20070619 allow remote attackers to bypass scanning via a crafted header in a (1) LHA or (2) RAR archive.

[CLOSE] OSVDB ID : 36729 - Disclosed: 2007-06-19

Description:

(Description Provided by CVE) : Multiple F-Secure anti-virus products for Microsoft Windows and Linux before 20070619 allow remote attackers to bypass scanning via a crafted header in a (1) LHA or (2) RAR archive.

[CLOSE] OSVDB ID : 22633 - Disclosed: 2006-01-19

Description:

F-Secure Anti Virus products contain a flaw that may allow malicious code to bypass the scanning engine. The issue is triggered when specially crafted RAR or ZIP archives are processed by the scanning engine, resulting in a loss of integrity.

[CLOSE] OSVDB ID : 19913 - Disclosed: 2005-10-10

Description:

A remote overflow exists in F-Secure Anti-Virus for Linux. The Anti-Virus engine fails to perform proper bounds checking resulting in a heap-based buffer overflow. With a specially crafted CHM file, a remote attacker can cause arbitrary code execution resulting in a loss of integrity.

[CLOSE] OSVDB ID : 9818 - Disclosed: 2004-09-09

Description:

F-Secure Anti-Virus for Microsoft Exchange contains a flaw that may allow a remote denial of service. The issue is triggered due to the parsing of malformed packets on port 18,971, which causes the application to crash with an access violation error and will result in loss of availability for the server.

[CLOSE] OSVDB ID : 11395 - Disclosed: 2004-11-03

Description:

F-Secure Anti-Virus for Microsoft Exchange contains a flaw that may allow a malicious user to bypass anti-virus protection. The issue may be triggered by nesting a malicious password-protected file inside a ZIP archive. The flaw is not directly exploitable but may lead to a more serious impact.

[CLOSE] OSVDB ID : 4962 - Disclosed: 2004-04-06

Description:

F-Secure for MIMEsweeper contains a flaw that may allow a malicious worm to avoid detection. The issue is triggered when a Sober.D worm propagates itself in a zip file. It is possible that the flaw may allow malicious code to pass resulting in a loss of confidentiality, integrity, and/or availability.

[CLOSE] OSVDB ID : 41377 - Disclosed: 2007-09-27

Description:

(Description Provided by CVE) : F-Secure Anti-Virus for Windows Servers 7.0 64-bit edition allows local users to bypass virus scanning by using the system32 directory to store a crafted (1) archive or (2) packed executable. NOTE: in many environments, this does not cross privilege boundaries because any process able to write to system32 could also shut off F-Secure Anti-Virus.

[CLOSE] OSVDB ID : 36726 - Disclosed: 2007-05-30

Description:

(Description Provided by CVE) : Multiple F-Secure anti-virus products for Microsoft Windows and Linux before 20070522 allow remote attackers to cause a denial of service (file scanning infinite loop) via certain crafted (1) ARJ archives or (2) FSG packed files.

[CLOSE] OSVDB ID : 20552 - Disclosed: 2005-11-07

Description:

F-Secure Anti-Virus Internet Gatekeeper for Linux and F-Secure Anti-Virus Linux Gateway contain a flaw that may allow a malicious local user to elevate privileges to root. The issue is triggered when a user creates a malicious script named diag.cgi in the current working directory, and executes the SUID script diag_suid.cgi using its full path. The SUID script will execute the malicious script because it looks for it in the working directory. This flaw may lead to a loss of integrity.

[CLOSE] OSVDB ID : 20549 - Disclosed: 2005-11-07

Description:

F-Secure Anti-Virus Internet Gatekeeper for Linux and F-Secure Anti-Virus Linux Gateway contain a flaw that may allow a malicious local user to elevate privileges to root. The issue is triggered when a user creates a malicious script named dns.cgi in the current working directory, and executes the SUID script dns_suid.cgi using its full path. The SUID script will execute the malicious script because it looks for it in the working directory. This flaw may lead to a loss of integrity.

[CLOSE] OSVDB ID : 20539 - Disclosed: 2005-11-07

Description:

F-Secure Anti-Virus Internet Gatekeeper for Linux and F-Secure Anti-Virus Linux Gateway contain a flaw that may allow a malicious local user to elevate privileges to root. The issue is triggered when a user creates a malicious script named edittmpl.cgi in the current working directory, and executes the SUID script edittmpl_suid.cgi using its full path. The SUID script will execute the malicious script because it looks for it in the working directory. This flaw may lead to a loss of integrity.

[CLOSE] OSVDB ID : 20544 - Disclosed: 2005-11-07

Description:

F-Secure Anti-Virus Internet Gatekeeper for Linux and F-Secure Anti-Virus Linux Gateway contain a flaw that may allow a malicious local user to elevate privileges to root. The issue is triggered when a user creates a malicious script named edituserdb.cgi in the current working directory, and executes the SUID script edituserdb_suid.cgi using its full path. The SUID script will execute the malicious script because it looks for it in the working directory. This flaw may lead to a loss of integrity.

[CLOSE] OSVDB ID : 20542 - Disclosed: 2005-11-07

Description:

F-Secure Anti-Virus Internet Gatekeeper for Linux and F-Secure Anti-Virus Linux Gateway contain a flaw that may allow a malicious local user to elevate privileges to root. The issue is triggered when a user creates a malicious script named gateway.cgi in the current working directory, and executes the SUID script gateway_suid.cgi using its full path. The SUID script will execute the malicious script because it looks for it in the working directory. This flaw may lead to a loss of integrity.

[CLOSE] OSVDB ID : 20543 - Disclosed: 2005-11-07

Description:

F-Secure Anti-Virus Internet Gatekeeper for Linux and F-Secure Anti-Virus Linux Gateway contain a flaw that may allow a malicious local user to elevate privileges to root. The issue is triggered when a user creates a malicious script named halt.cgi in the current working directory, and executes the SUID script halt_suid.cgi using its full path. The SUID script will execute the malicious script because it looks for it in the working directory. This flaw may lead to a loss of integrity.

[CLOSE] OSVDB ID : 20541 - Disclosed: 2005-11-07

Description:

F-Secure Anti-Virus Internet Gatekeeper for Linux and F-Secure Anti-Virus Linux Gateway contain a flaw that may allow a malicious local user to elevate privileges to root. The issue is triggered when a user creates a malicious script named hostname.cgi in the current working directory, and executes the SUID script hostname_suid.cgi using its full path. The SUID script will execute the malicious script because it looks for it in the working directory. This flaw may lead to a loss of integrity.