The McAfee parsing engine can be bypassed by a specially crafted and formatted RAR (Headflags and Packsize) or ZIP (Filelenght) archive.
ea6b4633d140cbe430fe0b6edb6bb33bbd4a99f3c81428950542a31c2a9d70f3
The Trendmicro parsing engine can be bypassed by specially crafted and formatted ZIP, RAR, and CAB archives.
abed09554259c2e3388a70a248472bb87093766b256b9972dcf7ee400e610a4b
The ESET Nod32 parsing engine can be bypassed by a specially crafted and formatted CAB archive.
1c69319e78e7b2c5cc45a466ee1778e1e75bb147ad1ae4612f28dc3cc03020ce
The Aladdin eSafe parsing engine can be bypassed by a specially crafted and formatted archive file.
bd8bc62ccc20c7336a31c7fa6429f28146402aba1afd6d44405f7bc420581150
The Comodo Antivirus parsing engine can be bypassed by a specially crafted and formatted RAR archive.
18b393059b9194ffe44de9030e73d9f2b01ee62075973b7408323109bf2feb1f
The Avira Antivirus parsing engine can be bypassed by a specially crafted and formatted CAB archive.
9b038c8e5f10a03ac624831a08698ba08315d147290d5e5bb33799922ee5499f
Sun Java VM versions 6 update 1 and 6 update 2 are susceptible to a remote code execution vulnerability.
cc9f245448e9d2a35b3c826e7f61f75d2e36861758f1b13f2c26789140c20c84
The parsing engine in Fortinet can be bypassed by a specially crafted and formated archive file. The bug results in denying the engine the possibility to inspect code within the archive. There is no inspection of the content at all.
7330e5a1ce82e9df459efa7a72231861338a5a8b8faa3988279a52bfc3e70f47
The parsing engine in Nod32 can be bypassed by a specially crafted and formated RAR archive. The bug results in denying the engine the possibility to inspect code within the RAR archive. There is no inspection of the content at all.
d16a3930303232da6c6000c0a2a401a46a80e757ad3095cd2dae73fd1b647c35
The parsing engine in AVAST can be bypassed by a specially crafted and formated RAR archive. The bug results in denying the engine the possibility to inspect code within the RAR archive. There is no inspection of the content at all.
71d1ca5d2a352a58e67248f0d06a4195472337d5f22e84e988c377d1a10de562
The parsing engine in Bitdefender can be bypassed by a specially crafted and formatted CAB archive. The bug results in denying the engine the possibility to inspect code within the CAB archive. There is no inspection of the content at all.The parsing engine in Bitdefender can be bypassed by a specially crafted and formatted CAB archive. The bug results in denying the engine the possibility to inspect code within the CAB archive. There is no inspection of the content at all.
ddecd2cf5fc9845db8845c9acc356945dc8128e6106ec9e79fbafd2c19b5fdd0
The parsing engine in F-PROT can be bypassed by manipulating the ZIP method field. It is as easy as opening a ZIP file in an editor and typing a number greater than 15 on your keyboard. This is a four year old vulnerability that they still have not patched.
32f11246969d4155068655689ca4f9c6ab515a0c2d759dc6e70b8a523521f060
The parsing engine in IBM ISS Proventia can be bypassed by manipulating RAR archives in a certain way that the IBM engine cannot extract the content but the end user is able to.
886d00514b2f82efe2ac88764af3dbf921d459eedb7677dd4ebbc80781b7f291
The parsing engine in Clam AntiVirus versions below 0.95 can be bypassed by manipulating RAR archives in a certain way that ClamAV cannot extract the content but the end user is able to.
1ad9a4ac9d3a2014ada24abfdc78454052f88645c0a7e7f90b20fe8a14b687f4
Avira Antivirus suffers from a privilege escalation vulnerability that achieves SYSTEM access.
5d9c944c45aa3bc86141cdbb88a4b1912da345c75110c1c830b3814ad67079ca
Avira Antivirus suffers from division by zero / null pointer dereferencing vulnerabilities when handling a malformed RAR archive.
3e074bda1d6c4131f956074250da30e305fd5f819946441e5497bdd2e6b9a43e
A remote code execution vulnerability exists in Internet Explorer due to accesses to uninitialized memory in certain cases of DTML constructs. As a result, memory may be corrupted in such a way that an attacker could execute arbitrary code in the context of the logged-on user.
63f11a575a512f09a4c59bdac83e1c1fd7a29a172f4f6cffa5c7ba94519fb9fd
Jscape Secure FTP Applet does not perform SSH host key verification allowing man in the middle attacks.
faae475df15c9545776b1f8e33f497ed17c8c899a7b8c58535a164d5dafe252d
The Iframe-Cash/Iframe-Dollars Adware company does not only rootkit your machine, it also keystroke logs your banking details. Lovely.
b1813e4a381860177beb2d4841d451719bde3e5627d9a8789ebccc36b67d6ec0
Presentation given at 23C3 called Bluetooth Hacking Revisited.
62cb81e204ee1879c82113f8ffc4c4c8fa9b539abcf6a25d3af5d29d73336577
XAMPP version 1.5.2 is susceptible to multiple privilege escalation flaws and a rogue autostart vulnerability.
7297df138d18e6eb6c7c38264ddf0a821e1cc6c91cdd646bca96f9ef24a832d5
ZangoCash is susceptible to an insecure auto-update and file execution flaw.
f4814f729712c71d4dbcb9c9ef8b53cb1a76f9656a661d5952b8194aa57cc854
TZO-062006-SafenSec - Insecure File execution and Auto-startup
d74e41285a6e36ab1423145edffb11a10cf1d1c911e75311f125375c6e4e6021
TZO-012006 - Checkpoint VPN-1 SecureClient insecure usage of CreateProcess()
ddfa7039151f9be7a466fc3ee6130bce6ca4b3302873a8f391f1cfe7ff9151f2
The F-Prot engine fails to decompress ZIP files that have a version header greater then 15. The consequence is that the F-prot Engine is unable to scan the virus/malware inside and consequently flags it as harmless. If used as an Email Gateway solution the offending Emails will slip through.
84a0def1156ec4829f01d470e51e93f26500ba11e4fc5b0989eaa0d50dedd25a