Vulnerabilities for Panda platinum internet security (...) - CXSECURITY.COM

Vulnerabilities for
'Panda platinum internet security'

2006-09-08

CVE-2006-4659

CWE-Other

The Panda Platinum Internet Security 2006 10.02.01 and 2007 11.00.00 uses predictable URLs for the spam classification of each message, which allows remote attackers to cause Panda to classify arbitrary messages as spam via a web page that contains IMG tags with the predictable URLs. NOTE: this issue could also be regarded as a cross-site request forgery (CSRF) vulnerability.

CVE-2006-4658

CWE-Other

Panda Platinum Internet Security 2006 10.02.01 and 2007 11.00.00 uses sequential message numbers in generated URLs that are not filtered if the user replies to a message, which might allow remote attackers to determine mail usage patterns.

CVE-2006-4657

CWE-Other

Panda Platinum Internet Security 2006 10.02.01 and 2007 11.00.00 stores service executables under the product's installation directory with weak permissions, which allows local users to obtain LocalSystem privileges by modifying (1) WebProxy.exe or (2) PAVSRV51.EXE.

>>> Vendor: Panda 28 Products

Panda antivirus

Panda antivirus platinum

Panda activescan

Panda businessecure antivirus

Panda clientshield with truprevent technologies

Panda enterprisecure with truprevent technologies

Panda exchangesecure

Panda filesecure

Panda filesecure with truprevent technologies

Panda gatedefender

Panda isa secure

Panda panda enterprisecure antivirus

Panda platinum 2006 internet security

Panda titanium 2005 antivirus

Panda titanium 2006 antivirus + antispyware

Panda truprevent personal

Panda platinum internet security

Panda platinum 2007 internet security

Panda antivirus and firewall

Panda internet security

Panda security url filtering

Panda endpoint administration agent

Copyright 2024, cxsecurity.com