Vulnerabilities > F Secure > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2006-07-10 | CVE-2006-3490 | Products Scan Evasion vulnerability in F-Secure products F-Secure Anti-Virus 2003 through 2006 and other versions, Internet Security 2003 through 2006, and Service Platform for Service Providers 6.x and earlier does not scan files contained on removable media when "Scan network drives" is disabled, which allows remote attackers to bypass anti-virus controls. | 5.0 |
2006-07-10 | CVE-2006-3489 | Products Scan Evasion vulnerability in F-Secure products F-Secure Anti-Virus 2003 through 2006 and other versions, Internet Security 2003 through 2006, and Service Platform for Service Providers 6.x and earlier allows remote attackers to bypass anti-virus scanning via a crafted filename. | 5.0 |
2006-02-15 | CVE-2006-0705 | USE of Externally-Controlled Format String vulnerability in multiple products Format string vulnerability in a logging function as used by various SFTP servers, including (1) AttachmateWRQ Reflection for Secure IT UNIX Server before 6.0.0.9, (2) Reflection for Secure IT Windows Server before 6.0 build 38, (3) F-Secure SSH Server for Windows before 5.3 build 35, (4) F-Secure SSH Server for UNIX 3.0 through 5.0.8, (5) SSH Tectia Server 4.3.6 and earlier and 4.4.0, and (6) SSH Shell Server 3.2.9 and earlier, allows remote authenticated users to execute arbitrary commands via unspecified vectors, involving crafted filenames and the stat command. | 6.5 |
2006-01-21 | CVE-2006-0338 | Archive Handling vulnerability in F-Secure Multiple F-Secure Anti-Virus products and versions for Windows and Linux, including Anti-Virus for Windows Servers 5.52 and earlier, Internet Security 2004, 2005 and 2006, and Anti-Virus for Linux Servers 4.64 and earlier, allow remote attackers to hide arbitrary files and data via malformed (1) RAR and (2) ZIP archives, which are not properly scanned. | 5.0 |
2005-11-02 | CVE-2005-3468 | Directory Traversal vulnerability in F-Secure Anti-Virus and Internet Gatekeeper Directory traversal vulnerability in F-Secure Anti-Virus for Microsoft Exchange 6.40 and Internet Gatekeeper 6.40 to 6.42 allows limited remote attackers to bypass Web Console authentication and read files. | 5.0 |
2005-01-10 | CVE-2004-1223 | Path Disclosure vulnerability in F-Secure Policy Manager 5.11 The Management Agent in F-Secure Policy Manager 5.11.2810 allows remote attackers to gain sensitive information, such as the absolute path for the web server, via an HTTP request to fsmsh.dll without any parameters. | 5.0 |
2004-12-31 | CVE-2004-2442 | Unspecified vulnerability in F-Secure products Multiple interpretation error in various F-Secure Anti-Virus products, including Workstation 5.43 and earlier, Windows Servers 5.50 and earlier, MIMEsweeper 5.50 and earlier, Anti-Virus for Linux Servers and Gateways 4.61 and earlier, and other products, allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on the target system. | 5.0 |
2004-12-31 | CVE-2004-2405 | Denial-Of-Service vulnerability in F-Secure Anti-Virus Buffer overflow in multiple F-Secure Anti-Virus products, including F-Secure Anti-Virus 5.42 and earlier, allows remote attackers to bypass scanning or cause a denial of service (crash or module restart), depending on the product, via a malformed LHA archive. | 6.4 |
2004-12-31 | CVE-2004-2220 | Unspecified vulnerability in F-Secure Anti-Virus 6.30/6.30Sr1/6.31 F-Secure Anti-Virus for Microsoft Exchange 6.30 and 6.31 does not properly detect certain password-protected files in a ZIP file, which allows remote attackers to bypass anti-virus protection. | 5.0 |
2004-09-09 | CVE-2004-0830 | Remote Denial of Service vulnerability in F-Secure products The Content Scanner Server in F-Secure Anti-Virus for Microsoft Exchange 6.21 and earlier, F-Secure Anti-Virus for Microsoft Exchange 6.01 and earlier, and F-Secure Internet Gatekeeper 6.32 and earlier allow remote attackers to cause a denial of service (service crash due to unhandled exception) via a certain malformed packet. | 5.0 |