[CLOSE] OSVDB ID : 36727 - Disclosed: 2007-05-30

Description:

(Description Provided by CVE) : Unspecified vulnerability in the Real-time Scanning component in multiple F-Secure products, including Internet Security 2005, 2006 and 2007; Anti-Virus 2005, 2006 and 2007; and Solutions based on F-Secure Protection Service for Consumers 6.40 and earlier allows local users to gain privileges via a crafted I/O request packet (IRP), related to IOCTL (Input/Output Control) and "access validation of the address space."

[CLOSE] OSVDB ID : 43222 - Disclosed: 2008-03-17

Description:

(Description Provided by CVE) : Unspecified vulnerability in multiple F-Secure anti-virus products, including Internet Security 2006 through 2008, Anti-Virus 2006 through 2008, and others, allows remote attackers to execute arbitrary code or cause a denial of service (hang or crash) via a malformed archive that triggers an unhandled exception, as demonstrated by the PROTOS GENOME test suite for Archive Formats.

[CLOSE] OSVDB ID : 13704 - Disclosed: 2005-02-10

Description:

(Description Provided by CVE) : Heap-based buffer overflow in multiple F-Secure Anti-Virus and Internet Security products allows remote attackers to execute arbitrary code via a crafted ARJ archive.

[CLOSE] OSVDB ID : 42903 - Disclosed: 2008-02-13

Description:

(Description Provided by CVE) : Multiple F-Secure anti-virus products, including Internet Security 2006 through 2008, Anti-Virus 2006 through 2008, F-Secure Protection Service, and others, allow remote attackers to bypass malware detection via a crafted CAB archive.

[CLOSE] OSVDB ID : 59589 - Disclosed: 2009-10-27

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 42904 - Disclosed: 2008-02-13

Description:

(Description Provided by CVE) : Multiple F-Secure anti-virus products, including Internet Security 2006 through 2008, Anti-Virus 2006 through 2008, F-Secure Protection Service, and others, allow remote attackers to bypass malware detection via a crafted RAR archive. NOTE: this might be related to CVE-2008-0792.

[CLOSE] OSVDB ID : 49189 - Disclosed: 2008-10-21

Description:

(Description Provided by CVE) : Integer overflow in multiple F-Secure anti-virus products, including Internet Security 2006 through 2008, Anti-Virus 2006 through 2008, and others, when configured to scan inside compressed archives, allows remote attackers to execute arbitrary code via a crafted RPM compressed archive file, which triggers a buffer overflow.

[CLOSE] OSVDB ID : 92957 - Disclosed: 2012-12-12

Description:

F-Secure Anti-Virus for Mac, Safe Anywhere for Mac and Protection Service for Business (PSB) Workstation Security for Mac contain an unspecified flaw that may allow an attacker to cause the Mac OS X firewall to be disabled without user interaction or warning.

[CLOSE] OSVDB ID : 63811 - Disclosed: 2010-04-12

Description:

(Description Provided by CVE) : F-Secure Internet Security 2010 and earlier; Anti-Virus for Microsoft Exchange 9 and earlier, and for MIMEsweeper 5.61 and earlier; Internet Gatekeeper for Windows 6.61 and earlier, and for Linux 4.02 and earlier; Anti-Virus 2010 and earlier; Home Server Security 2009; Protection Service for Consumers 9 and earlier, for Business - Workstation security 9 and earlier, for Business - Server Security 8 and earlier, and for E-mail and Server security 9 and earlier; Mac Protection build 8060 and earlier; Client Security 9 and earlier; and various Anti-Virus products for Windows, Linux, and Citrix; does not properly detect malware in crafted (1) 7Z, (2) GZIP, (3) CAB, or (4) RAR archives, which makes it easier for remote attackers to avoid detection.

[CLOSE] OSVDB ID : 54686 - Disclosed: 2009-05-06

Description:

(Description Provided by CVE) : Multiple F-Secure anti-virus products, including Anti-Virus for Microsoft Exchange 7.10 and earlier; Internet Gatekeeper for Windows 6.61 and earlier, Windows 6.61 and earlier, and Linux 2.16 and earlier; Internet Security 2009 and earlier, Anti-Virus 2009 and earlier, Client Security 8.0 and earlier, and others; allow remote attackers to bypass malware detection via a crafted (1) ZIP and (2) RAR archive.

[CLOSE] OSVDB ID : 70179 - Disclosed: 2010-12-15

Description:

Multiple F-Secure products contain an unspecified error. This error may be exploited to cause the target to execute a binary file loaded on a disk resource accessible to the target system.

[CLOSE] OSVDB ID : 92717 - Disclosed: 2013-04-24

Description:

Multiple F-Secure products contain a flaw related to a legacy DLL component in an unspecified ActiveX control which may allow an attacker to connect to the ODBC drivers when using Internet Explorer. This may allow a context-dependent attacker to execute arbitrary SQL statements.

[CLOSE] OSVDB ID : 25937 - Disclosed: 2006-06-01

Description:

(Description Provided by CVE) : Buffer overflow in the web console in F-Secure Anti-Virus for Microsoft Exchange 6.40, and Internet Gatekeeper 6.40 through 6.42 and 6.50 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown attack vectors. NOTE: By default, the connections are only allowed from the local host.

[CLOSE] OSVDB ID : 54685 - Disclosed: 2009-05-06

Description:

(Description Provided by CVE) : Multiple F-Secure anti-virus products, including Anti-Virus for Microsoft Exchange 7.10 and earlier; Internet Gatekeeper for Windows 6.61 and earlier, Windows 6.61 and earlier, and Linux 2.16 and earlier; Internet Security 2009 and earlier, Anti-Virus 2009 and earlier, Client Security 8.0 and earlier, and others; allow remote attackers to bypass malware detection via a crafted (1) ZIP and (2) RAR archive.

[CLOSE] OSVDB ID : 65680 - Disclosed: 2010-06-23

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 12289 - Disclosed: 2004-12-09

Description:

Policy Manager contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when fsmsh.dll is called directly via an HTTP request, which will disclose the actual path information resulting in a loss of confidentiality.

[CLOSE] OSVDB ID : 36723 - Disclosed: 2007-05-29

Description:

(Description Provided by CVE) : The fsmsh.dll host module in F-Secure Policy Manager Server 7.00 and earlier allows remote attackers to cause a denial of service (application crash) via NTFS reserved words in filenames in URLs.

[CLOSE] OSVDB ID : 71118 - Disclosed: 2011-02-24

Description:

The Web Reporting module in F-Secure Policy Manager contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker accesses an invalid report, such as 'via report/infection-table.html' or 'report/productsummary-table.html', which discloses the software's installation path resulting in a loss of confidentiality. While such information is relatively low risk, it is often useful in carrying out additional, more focused attacks.

[CLOSE] OSVDB ID : 71117 - Disclosed: 2011-02-24

Description:

The Web Reporting module in F-Secure Policy Manager contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate certain unspecified input passed via the URL before returning it to the user. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 20453 - Disclosed: 2005-11-02

Description:

(Description Provided by CVE) : Directory traversal vulnerability in F-Secure Anti-Virus for Microsoft Exchange 6.40 and Internet Gatekeeper 6.40 to 6.42 allows limited remote attackers to bypass Web Console authentication and read files.

[CLOSE] OSVDB ID : 75188 - Disclosed: 2010-10-18

Description:

(Description Provided by CVE) : F-Secure Anti-Virus does not properly interact with the processing of hcp:// URLs by the Microsoft Help and Support Center, which makes it easier for remote attackers to execute arbitrary code via malware that is correctly detected by this product, but with a detection approach that occurs too late to stop the code execution. NOTE: the researcher indicates that a vendor response was received, stating that "the inability to catch these files are caused by lacking functionality rather than programming errors."

[CLOSE] OSVDB ID : 2646 - Disclosed: 2003-10-03

Description:

(Description Provided by CVE) : SSH Secure Shell before 3.2.9 allows remote attackers to cause a denial of service via malformed BER/DER packets.

[CLOSE] OSVDB ID : 66589 - Disclosed: 2010-07-20

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 13232 - Disclosed: 2005-01-27

Description:

(Description Provided by CVE) : The f2 shell script in the f2c package 3.1 allows local users to read arbitrary files via a symlink attack on temporary files.

[CLOSE] OSVDB ID : 13231 - Disclosed: 2005-01-27

Description:

(Description Provided by CVE) : The f2c translator in the f2c package 3.1 allows local users to read arbitrary files via a symlink attack on temporary files.

[CLOSE] OSVDB ID : 59168 - Disclosed: 2002-06-26

Description:

(Description Provided by CVE) : SQL injection vulnerability in f2html.pl 0.1 through 0.4 allows remote attackers to execute arbitrary SQL commands via file names.

[CLOSE] OSVDB ID : 61976 - Disclosed: 2010-01-25

Description:

F2L 3000 contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'Login Page' not properly sanitizing user-supplied input to an unspecified parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

[CLOSE] OSVDB ID : 70313 - Disclosed: 2011-01-04

Description:

F3Site contains a flaw that allows a remote Cross-site Request Forgery (CSRF / XSRF) attack. The flaw exists because the 'admin/editAdmin.php' script does not require multiple steps or explicit confirmation for sensitive transactions for the addition of administrator users. By using a crafted URL (e.g., a crafted GET request inside an "img" tag), an attacker may trick the victim into clicking on the image to take advantage of the trust relationship between the authenticated victim and the application. Such an attack could trick the victim into executing arbitrary commands in the context of their session with the application, without further prompting or verification.

[CLOSE] OSVDB ID : 34669 - Disclosed: 2007-02-02

Description:

(Description Provided by CVE) : Unrestricted file upload vulnerability in F3Site 2.1 and earlier allows remote authenticated administrators to upload and execute arbitrary PHP scripts via GIF86 header in a file in the uplf parameter, which can be later accessed via a relative pathname in the dir parameter in adm.php.

[CLOSE] OSVDB ID : 61411 - Disclosed: 2009-12-18

Description:

F3Site contains a flaw that may allow a remote attacker to execute arbitrary commands or code. The issue is due to the mod/new.php script not properly sanitizing user input, specifically directory traversal style attacks (e.g., ../../) supplied to the 'GLOBALS[nlang]' parameter. This may allow an attacker to include a file from the targeted host that contains arbitrary commands or code that will be executed by the vulnerable script. Such attacks are limited due to the script only calling files already on the target host. In addition, this flaw can potentially be used to disclose the contents of any file on the system accessible by the web server.