[CLOSE] OSVDB ID : 80454 - Disclosed: 2012-03-19

Description:

G Data AntiVirus contains a flaw related to the anti-virus / anti-malware scanning functionality. The issue is triggered when a context-dependent attacker sends a malformed RAR file with an initial MZ sequence. This type of file will not be handled properly by the software and may allow an attacker to bypass the scanning allowing for the delivery of malware.

[CLOSE] OSVDB ID : 80382 - Disclosed: 2012-03-19

Description:

G Data AntiVirus contains a flaw related to the anti-virus / anti-malware scanning functionality. This may allow a context-dependent attacker to use a specially crafted TAR file in order to bypass the scanning functionality, allowing for the delivery of malware.

[CLOSE] OSVDB ID : 42476 - Disclosed: 2007-10-10

Description:

(Description Provided by CVE) : Buffer overflow in a certain ActiveX control in ScanObjectBrowser.DLL in G DATA Antivirus 2007 might allow remote attackers to execute arbitrary code via unspecified parameters to the SelectPath function. NOTE: this issue might not cross privilege boundaries in most environments, since it is not marked as safe for scripting.

[CLOSE] OSVDB ID : 45896 - Disclosed: 2007-09-18

Description:

(Description Provided by CVE) : G DATA InternetSecurity 2007 does not properly validate certain parameters to System Service Descriptor Table (SSDT) function handlers, which allows local users to cause a denial of service (crash) and possibly gain privileges via the (1) NtCreateKey and (2) NtOpenProcess kernel SSDT hooks.

[CLOSE] OSVDB ID : 48257 - Disclosed: 2008-09-17

Description:

(Description Provided by CVE) : The GDTdiIcpt.sys driver in G DATA AntiVirus 2008, InternetSecurity 2008, and TotalCare 2008 populates kernel registers with IOCTL 0x8317001c input values, which allows local users to cause a denial of service (system crash) or gain privileges via a crafted IOCTL request, as demonstrated by execution of the KeSetEvent function with modified register contents.

[CLOSE] OSVDB ID : 69154 - Disclosed: 2010-11-08

Description:

G DATA TotalCare contains a flaw that may allow a local denial of service. The issue is triggered when a race condition vulnerability in the 'HookCentre.sys' kernel driver's handling arguments of the 'NtOpenkey' function is exploited to dereference invalid memory. This may result in loss of availability.

[CLOSE] OSVDB ID : 69153 - Disclosed: 2010-11-06

Description:

G DATA TotalCare contains a flaw related to the handling of IOCTLs. The issue is triggered when a local attacker sends a maliciously crafted 0x83170180 IOCTL to the 'MiniIcptControlDevice0' device file . This may allow an attacker to execute arbitrary code with elevated privileges.

[CLOSE] OSVDB ID : 43215 - Disclosed: 2008-03-07

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 24141 - Disclosed: 2006-03-27

Description:

G-Book contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'g_message' variable upon submission to the 'guestbook.php' script. This could allow a user to create a specially crafted guestbook posting that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 84434 - Disclosed: 2012-08-01

Description:

G-Lock Double Opt-in Manager plugin for WordPress contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the wp-content/plugins/g-lock-double-opt-in-manager/ajaxbackend.php script not properly sanitizing user-supplied input to the 'json' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

[CLOSE] OSVDB ID : 27465 - Disclosed: 2006-06-13

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 76411 - Disclosed: 2011-10-13

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 76412 - Disclosed: 2011-10-13

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 65790 - Disclosed: 2010-06-21

Description:

G.CMS generator contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'index.php' script not properly sanitizing user-supplied input to the 'lang' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

[CLOSE] OSVDB ID : 40528 - Disclosed: 2008-01-12

Description:

(Description Provided by CVE) : Multiple unspecified vulnerabilities in G15Daemon before 1.9.4 have unknown impact and attack vectors.

[CLOSE] OSVDB ID : 64157 - Disclosed: 2010-04-24

Description:

G5-Scripts Auto-Img-Gallery contains a flaw that allows a remote cross site scripting (XSS) attack. This flaw exists because the application does not validate the 'user' parameter upon submission to the 'upload.cgi' script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 64156 - Disclosed: 2010-04-24

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 92237 - Disclosed: 2013-04-10

Description:

GA Universal Plugin for WordPress contains a flaw that allows a remote Cross-site Request Forgery (CSRF / XSRF) attack. The flaw exists because the application does not require multiple steps or explicit confirmation for sensitive transactions. By using a crafted URL (e.g., a crafted GET request inside an "img" tag), an attacker may trick the victim into clicking on the image to take advantage of the trust relationship between the authenticated victim and the application. Such an attack could trick the victim into changing plugin settings in the context of their session with the application, without further prompting or verification.

[CLOSE] OSVDB ID : 23509 - Disclosed: 2006-02-07

Description:

GA's Forum Light has been reported to contain an SQL injection issue in the archive.asp script. Subsequent testing by SecurityTracker after the vendor disputed the issue indicates the software uses flat files to store data, not a back-end database. Therefore, the SQL injection report is incorrect and was likely diagnosed due to a vbscript parsing error.

[CLOSE] OSVDB ID : 56291 - Disclosed: 2003-01-15

Description:

(Description Provided by CVE) : Gabber 0.8.7 sends an email to a specific address during user login and logout, which allows remote attackers to obtain user session activity and Gabber version number by sniffing.

[CLOSE] OSVDB ID : 63917 - Disclosed: 2010-04-18

Description:

Gadget Factory Component for Joomla! contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered by insufficient validation of the 'controller' parameter by index.php, which will disclose the contents of arbitrary files to a remote attacker.

[CLOSE] OSVDB ID : 9162 - Disclosed: 2004-08-24

Description:

Gadu-Gadu chat client contains a flaw that may allow a malicious user to spoof the file extension. The issue is triggered when a remote authenticated user appends a large number of space characters followed by the actual file extension to the spoofed filename. This will cause the recipient's Gadu-Gadu client to display a filename with a spoofed file extension when the recipient attempts to download the file. This flaw leads to a loss of integrity.

[CLOSE] OSVDB ID : 21017 - Disclosed: 2005-11-21

Description:

Gadu-Gadu contains a flaw that may allow a remote denial of service. The issue is triggered when specially crafted CTCP packets are processed, and will result in loss of availability for the service.

[CLOSE] OSVDB ID : 12518 - Disclosed: 2004-12-13

Description:

(Description Provided by CVE) : Gadu-Gadu allows remote attackers to gain sensitive information and read files from the _cache directory of other users via a DCC connection and a CTCP packet that contains a 1 as the type and a 4 as the subtype.

[CLOSE] OSVDB ID : 12522 - Disclosed: 2004-12-13

Description:

(Description Provided by CVE) : Integer overflow in Gadu-Gadu allows remote attackers to cause a denial of service (disk consumption) via a user packet to the DCC file transfer capability with an invalid file length.

[CLOSE] OSVDB ID : 21018 - Disclosed: 2005-11-21

Description:

Gadu-Gadu contains a flaw that may allow a remote denial of service. The issue is triggered when multiple crafted DCC packets process and consume a large amount of resources, and will result in loss of availability for the service.

[CLOSE] OSVDB ID : 21020 - Disclosed: 2005-11-21

Description:

Gadu-Gadu contains a flaw that may allow malicious sites to eavesdrop on the audio devices. The issue is triggered when the "EasycallLite.oce" ActiveX object exposes sensitive features. It is possible that the flaw may allow audio device monitoring, resulting in a loss of confidentiality.

[CLOSE] OSVDB ID : 12523 - Disclosed: 2004-12-13

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 12521 - Disclosed: 2004-12-13

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 40162 - Disclosed: 2007-11-22

Description:

(Description Provided by CVE) : Multiple buffer overflows in the HandleEmotsConfig function in the GG Client in Gadu-Gadu 7.7 Build 3669 allow user-assisted remote attackers to execute arbitrary code or cause a denial of service (gg.exe process crash) via a long string in an emots.txt file.