Vulnerabilities > F Secure

DATE CVE VULNERABILITY TITLE RISK
2006-06-06 CVE-2006-2838 Denial-Of-Service vulnerability in F-Secure Anti-Virus and Internet Gatekeeper
Buffer overflow in the web console in F-Secure Anti-Virus for Microsoft Exchange 6.40, and Internet Gatekeeper 6.40 through 6.42 and 6.50 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown attack vectors.
network
high complexity
f-secure
7.6
2006-02-15 CVE-2006-0705 USE of Externally-Controlled Format String vulnerability in multiple products
Format string vulnerability in a logging function as used by various SFTP servers, including (1) AttachmateWRQ Reflection for Secure IT UNIX Server before 6.0.0.9, (2) Reflection for Secure IT Windows Server before 6.0 build 38, (3) F-Secure SSH Server for Windows before 5.3 build 35, (4) F-Secure SSH Server for UNIX 3.0 through 5.0.8, (5) SSH Tectia Server 4.3.6 and earlier and 4.4.0, and (6) SSH Shell Server 3.2.9 and earlier, allows remote authenticated users to execute arbitrary commands via unspecified vectors, involving crafted filenames and the stat command.
network
low complexity
attachmatewrq f-secure CWE-134
6.5
2006-01-21 CVE-2006-0338 Archive Handling vulnerability in F-Secure
Multiple F-Secure Anti-Virus products and versions for Windows and Linux, including Anti-Virus for Windows Servers 5.52 and earlier, Internet Security 2004, 2005 and 2006, and Anti-Virus for Linux Servers 4.64 and earlier, allow remote attackers to hide arbitrary files and data via malformed (1) RAR and (2) ZIP archives, which are not properly scanned.
network
low complexity
f-secure
5.0
2006-01-21 CVE-2006-0337 Archive Handling vulnerability in F-Secure
Buffer overflow in multiple F-Secure Anti-Virus products and versions for Windows and Linux, including Anti-Virus for Windows Servers 5.52 and earlier, Internet Security 2004, 2005 and 2006, and Anti-Virus for Linux Servers 4.64 and earlier, allows remote attackers to execute arbitrary code via crafted ZIP archives.
network
low complexity
f-secure
7.5
2005-11-18 CVE-2005-3664 Remote Buffer Overflow vulnerability in Kaspersky Anti-Virus Engine CHM File Parser
Heap-based buffer overflow in Kaspersky Anti-Virus Engine, as used in Kaspersky Personal 5.0.227, Anti-Virus On-Demand Scanner for Linux 5.0.5, and F-Secure Anti-Virus for Linux 4.50 allows remote attackers to execute arbitrary code via a crafted CHM file.
network
low complexity
f-secure kaspersky-lab
7.5
2005-11-16 CVE-2005-3546 Local Privilege Escalation vulnerability in F-Secure Anti-Virus and Internet Gatekeeper
suid.cgi scripts in F-Secure (1) Internet Gatekeeper for Linux before 2.15.484 and (2) Anti-Virus Linux Gateway before 2.16 are installed SUID with world-executable permissions, which allows local users to gain privilege.
local
low complexity
f-secure
7.2
2005-11-02 CVE-2005-3468 Directory Traversal vulnerability in F-Secure Anti-Virus and Internet Gatekeeper
Directory traversal vulnerability in F-Secure Anti-Virus for Microsoft Exchange 6.40 and Internet Gatekeeper 6.40 to 6.42 allows limited remote attackers to bypass Web Console authentication and read files.
network
low complexity
f-secure
5.0
2005-09-02 CVE-2005-2771 Security Bypass vulnerability in F-Secure Ssh Server
WRQ Reflection for Secure IT Windows Server 6.0 (formerly known as F-Secure SSH server) processes access and deny lists in a case-sensitive manner, when previous versions were case-insensitive, which might allow remote attackers to bypass intended restrictions and login to accounts that should be denied.
network
low complexity
f-secure wrq
critical
10.0
2005-05-02 CVE-2005-0350 Remote Security vulnerability in F-Secure Anti-Virus
Heap-based buffer overflow in multiple F-Secure Anti-Virus and Internet Security products allows remote attackers to execute arbitrary code via a crafted ARJ archive.
network
low complexity
f-secure
7.5
2005-01-10 CVE-2004-1223 Path Disclosure vulnerability in F-Secure Policy Manager 5.11
The Management Agent in F-Secure Policy Manager 5.11.2810 allows remote attackers to gain sensitive information, such as the absolute path for the web server, via an HTTP request to fsmsh.dll without any parameters.
network
low complexity
f-secure
5.0