exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 35 RSS Feed


Avira Cross Site Scripting
Posted Jan 29, 2016
Authored by RootByte

translate.avira.com suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | d71d8ff7e41f6aa75bf4b383a4ad84b35a924e19ee1f73dce983f4e1bc088f07

Related Files

Ubuntu Security Notice USN-4504-1
Posted Sep 16, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4504-1 - Robert Merget, Marcus Brinkmann, Nimrod Aviram, and Juraj Somorovsky discovered that certain Diffie-Hellman ciphersuites in the TLS specification and implemented by OpenSSL contained a flaw. A remote attacker could possibly use this issue to eavesdrop on encrypted communications. This was fixed in this update by removing the insecure ciphersuites from OpenSSL. Cesar Pereida GarcĂ­a, Sohaib ul Hassan, Nicola Tuveri, Iaroslav Gridin, Alejandro Cabrera Aldaya, and Billy Brumley discovered that OpenSSL incorrectly handled ECDSA signatures. An attacker could possibly use this issue to perform a timing side-channel attack and recover private ECDSA keys. This issue only affected Ubuntu 18.04 LTS. Various other issues were also addressed.

tags | advisory, remote
systems | linux, ubuntu
advisories | CVE-2019-1547, CVE-2019-1551, CVE-2019-1563, CVE-2020-1968
SHA-256 | a453c91247c0c8b05f0a70b1a3674ee04e7e21eea70c71f8885d6de34ed4c9a3
AVIRA Generic Malformed Container Bypass
Posted Feb 21, 2020
Authored by Thierry Zoller

The AVIRA parsing engine supports the ISO container format. The parsing engine can be bypassed by specifically manipulating the ISO Archive This leads to the Endpoint ignoring the container and the Gateways to let this file slip through uninspected. Avira does not patch or update their very popular command line scanner that is still available for download on their website. AV Engine versions below are affected.

tags | advisory
advisories | CVE-2020-9320
SHA-256 | e3a1a68dae3a544a78b4225ef81e20a998dd5f42a98b27d7f851c97568992124
AVIRA Generic Malformed Container Bypass
Posted Feb 13, 2020
Authored by Thierry Zoller

The AVIRA parsing engine can be bypassed by specifically manipulating the ZIP Archive (GPFLag) making the Avira parser believes the file to be encrypted although it isn't. This leads to the Endpoint ignoring the archive and the Avira Gateway Solutions to follow the "File is encrypted" logic.

tags | advisory
SHA-256 | ac2daf7bcc95857b4f5049cebd3177cbe3381b4badbb37ff3079ae24ed46821a
AVIRA Generic Antivirus Bypass
Posted Jan 3, 2020
Authored by Thierry Zoller

AVIRA engine versions below suffer from a generic bypass vulnerability. The parsing engine supports the ISO container format. The parsing engine can be bypassed by specifically manipulating an ISO container so that it can be accessed by an end-user but not the Anti-Virus software. The AV engine is unable to scan the container and gives the file a "clean" rating.

tags | advisory, virus, bypass
SHA-256 | 85c4b06afcbbc9a3f987b258ae2ab7050eaf9660ac992ddb9e1593f4bc088632
Avira Free Security Suite 2019 Software Updater Improper Access Control
Posted Aug 4, 2019
Authored by Silton Santos

Avira Free Security Suite 2019 Software Updater version suffers from an improper access control that allows for arbitrary file write that can allow an unprivileged user to obtain SYSTEM privileges.

tags | advisory, arbitrary
advisories | CVE-2019-11396
SHA-256 | 69fdf1c757c972b00a6ac38b381268805e095c1577ed18107e11edadd414cc65
Debian Security Advisory 4400-1
Posted Mar 1, 2019
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4400-1 - Juraj Somorovsky, Robert Merget and Nimrod Aviram discovered a padding oracle attack in OpenSSL.

tags | advisory
systems | linux, debian
advisories | CVE-2019-1559
SHA-256 | 8b3bd6404f65745161cc6a1873fed7ddf1ec54093e6aa6e4528362789df0c5cd
Ubuntu Security Notice USN-3899-1
Posted Feb 27, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3899-1 - Juraj Somorovsky, Robert Merget, and Nimrod Aviram discovered that certain applications incorrectly used OpenSSL and could be exposed to a padding oracle attack. A remote attacker could possibly use this issue to decrypt data.

tags | advisory, remote
systems | linux, ubuntu
advisories | CVE-2019-1559
SHA-256 | 314dd057e4f3b505847675be956a215758d853b3d9060ea0c5c55356b5e867b6
Avira Antivirus Command Execution
Posted Nov 9, 2016
Authored by R-73eN

Avira Antivirus versions and below suffer from a command execution vulnerability.

tags | exploit
SHA-256 | 78a59e0dd369a5bd39deaf1ea862d4e542548155f19cd30868dfaf06d9060e7d
Avira Free Antivirus DLL Hijacking
Posted Aug 30, 2016
Authored by Stefan Kanthak

Avira's free antivirus package installers suffer from a dll hijacking vulnerability.

tags | exploit
systems | windows
SHA-256 | cd4e84ee068f9e9cfe8d95ea64f7b69bb88001d7158979971fe5682f3df4324d
Avira PE Section Header Parsing Heap Underflow
Posted Mar 19, 2016
Authored by Tavis Ormandy, Google Security Research

Avira suffers from a heap underflow vulnerability when parsing PE section headers.

tags | exploit
systems | linux
SHA-256 | ea61070846baddcbb28d0f5d8e2027b479bd9eb7b9a66c93cc181a9f30a48ac3
Avira Registry Cleaner DLL Hijacking
Posted Dec 18, 2015
Authored by Stefan Kanthak

Avira Registry Cleaner suffers from a local DLL hijacking vulnerability.

tags | exploit, local, registry
systems | windows
SHA-256 | 25dbcc7db394b17559de2ca3d0756be3cb74f12b5d2bde975cdaeb1e15c10f9d
Avira Mobile Security Insecure Transit
Posted Sep 5, 2015
Authored by David Coomber

Avira Mobile Security versions 1.5.7 and below send credentials in the clear over HTTP.

tags | advisory, web
SHA-256 | 07268a63a10e9e04ee38ecd991fda216994295c0b1d633261d7e59f97a112f35
Avira License Application Cross Site Request Forgery
Posted Sep 1, 2014
Authored by Mazen Gamal, Vulnerability Laboratory | Site vulnerability-lab.com

An independent Vulnerability Laboratory Researcher discovered a cross site request forgery vulnerability in the official Avira license account system web-application.

tags | exploit, web, csrf
SHA-256 | ab4176d2b30b9e05afdd30da7c3b895224608b39c04f1ce77d350aa5b6774188
Avira Secure Backup Build 3616 Buffer Overflow
Posted Nov 16, 2013
Authored by Julien Ahrens | Site rcesecurity.com

Avira Secure Backup version build 3616 suffers from a buffer overflow vulnerability.

tags | exploit, overflow
advisories | CVE-2013-6356
SHA-256 | 8a2c729190e444854e9eea2ba4a3bf9fc83b7990ca632fb6cff00b8e685190a9
Avira Internet Security Filter Bypass / Privilege Escalation
Posted Oct 24, 2013
Authored by Ahmad Moghimi

Avira Internet Security filter bypass and privilege escalation zero day exploit that leverages avipbb.sys.

tags | exploit
SHA-256 | 702acd4605649bdfd7902b0361aaa3f3d45c394a3a485490013d98e89acbc84f
Avira Analysis Web Service SQL Injection
Posted Jul 8, 2013
Authored by Ebrahim Hegazy, Vulnerability Laboratory | Site vulnerability-lab.com

Avira Analysis Web Service suffers from a remote SQL injection vulnerability.

tags | exploit, remote, web, sql injection
SHA-256 | b3027710b6c99a1596e86ed291f5ab4b8ddd1efb8e6a7331dbc90080704db339
Avira AntiVir Engine Denial Of Service / Filter Evasion
Posted Jun 14, 2013
Authored by Markus Vervier, Eric Sesterhenn | Site lsexperts.de

Avira AntiVir Engine versions prior to suffers from filter evasion and denial of service vulnerabilities.

tags | advisory, denial of service, vulnerability
advisories | CVE-2013-4602
SHA-256 | f5e46b03133d76cb79b53518f4dfe1360eac24c598dd82d32a8f7e0fd3a49db7
Avira License Cross Site Scripting
Posted May 13, 2013
Authored by Ebrahim Hegazy, Vulnerability Laboratory | Site vulnerability-lab.com

The Avira License website suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 8bb687fa151c985c2f05445764729ac43a262520f24363ccb4710dc9701b935f
Avira Personal Privilege Escalation
Posted May 12, 2013
Authored by Akastep

Avira Personal appears to suffer from a privilege escalation vulnerability.

tags | exploit
SHA-256 | eaf724f00a57c953aa68cb8bf5bf660c22076238cbf4e3a71e4f2c63cd81df8a
Avira / Free YouTube Download / HTTrack DLL Hijacking
Posted Jun 24, 2011
Authored by Kalashinkov3

Demonstration DLL hijacking code for Avira AntiVir Personal version 10.00.12, Free YouTube Download version 2.10, HTTrack Website Copier version 3.44, and Remote Desktop Connection.

tags | exploit, remote
systems | windows
SHA-256 | def38d921bc8a88a0559e9f2a9b6862a70f8ccfe01d99bded4e903c9f6bb8987
Old Dogs And New Tricks: Do You Know Where Your Handles Are?
Posted Apr 19, 2011
Authored by Brooke Stephens, Jeffrey Walton

This paper offers incremental research in the area of untrusted program input via synchronization handle manipulations. Unlike the Michal Zalewski paper on Delivering Signals for Fun and Profit, this paper focuses on the source of the Unix signal handlers. Tested were personal computers running Windows XP and Vista. The synchronization objects were mutexes and events, and the security software included products from AVG, Avast, Avira, BitDefender, BullGuard, CheckPoint, Eset, F-Prot, F-Secure, Kaspersky, McAfee, Microsoft (Security Essentials), Nor- man, Norton, Panda, PC Tools, Quick Heal, Symantec, and Trend Micro.

tags | paper
systems | windows, unix
SHA-256 | 18409a8b03683d7197b587b4852f899980f92cd46bb417ee6903700ce8d70d62
Avira AntiVirus QUA File Crash
Posted Feb 19, 2011
Authored by KedAns-Dz

Avira AntiVirus local proof of concept exploit that creates a malicious QUA file.

tags | exploit, local, proof of concept
SHA-256 | e2ef3c0258d84a42617b7cddadf0129c7b654cd36d3ad3612bbf696e8749f11f
Secunia Security Advisory 40927
Posted Nov 4, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been discovered in Avira Premium Security Suite, which can be exploited by malicious, local users to cause a DoS (Denial of Service).

tags | advisory, denial of service, local
SHA-256 | 3d5f54fd3aca842153c7d5121513f037e2f5c99050ad8dc9d1d931efc95f1c95
Avira Premium Security Suite Race Condition
Posted Nov 4, 2010
Authored by Nikita Tarakanov

The avipbb.sys kernel driver distributed with Avira Premium Security Suite contains a race condition vulnerability in the handling parameters of NtCreatekey function. Proof of concept included.

tags | exploit, kernel, proof of concept
SHA-256 | c7a322a2c2f49b80da7890160c04b2a4cf83452613be02530e2c277ec67dba34
Avira Premium DLL Hijacking
Posted Oct 19, 2010
Authored by anT!-Tr0J4n

Avira Premium version DLL hijacking exploit.

tags | exploit
SHA-256 | 107b1d5d2cd123d719f32f834908d80ae41afd12c84b83a5683a34ba50443b50
Page 1 of 2

File Archive:

June 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    18 Files
  • 2
    Jun 2nd
    13 Files
  • 3
    Jun 3rd
    0 Files
  • 4
    Jun 4th
    0 Files
  • 5
    Jun 5th
    32 Files
  • 6
    Jun 6th
    0 Files
  • 7
    Jun 7th
    0 Files
  • 8
    Jun 8th
    0 Files
  • 9
    Jun 9th
    0 Files
  • 10
    Jun 10th
    0 Files
  • 11
    Jun 11th
    0 Files
  • 12
    Jun 12th
    0 Files
  • 13
    Jun 13th
    0 Files
  • 14
    Jun 14th
    0 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    0 Files
  • 18
    Jun 18th
    0 Files
  • 19
    Jun 19th
    0 Files
  • 20
    Jun 20th
    0 Files
  • 21
    Jun 21st
    0 Files
  • 22
    Jun 22nd
    0 Files
  • 23
    Jun 23rd
    0 Files
  • 24
    Jun 24th
    0 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags


packet storm

© 2022 Packet Storm. All rights reserved.

Security Services
Hosting By