Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: Full Disclosure: Full-Disclosure

Panda ActiveScan 2.0 remote code execution

  

 
Full Disclosure full-disclosure RSS feed   Index | Next | Previous | View Threaded


karol at wiesek

Jul 4, 2008, 4:20 AM

Post #1 of 7 (376 views)
Permalink
Panda ActiveScan 2.0 remote code execution
http://karol.wiesek.pl/files/panda.tgz

K.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


secure at pandasecurity

Jul 4, 2008, 4:02 AM

Post #2 of 7 (356 views)
Permalink
Re: Panda ActiveScan 2.0 remote code execution [In reply to]
Please allow at least one week for us to respond before public disclousure. We only received this information a few days ago.

Regards,

----------------------------------------------
Pedro Bustamante
Senior Research Advisor
Panda Security

email: pedro.bustamante[at]pandasecurity.com <0xC684A6F9>
vulns: secure[at]pandasecurity.com <0x70F3FEA0>
phone: (+34) 91-8063700
blog: http://research.pandasoftware.com
----------------------------------------------




> -----Mensaje original-----
> De: full-disclosure-bounces[at]lists.grok.org.uk
> [mailto:full-disclosure-bounces[at]lists.grok.org.uk] En nombre
> de Karol Wiesek
> Enviado el: Saturday, July 05, 2008 11:59 AM
> Para: full-disclosure[at]lists.grok.org.uk
> Asunto: [Full-disclosure] Panda ActiveScan 2.0 remote code execution
>
> http://karol.wiesek.pl/files/panda.tgz
>
> K.
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


charles.lists at gmail

Jul 4, 2008, 4:41 AM

Post #3 of 7 (352 views)
Permalink
Re: Panda ActiveScan 2.0 remote code execution [In reply to]
Embarassing init?

Panda Security Response wrote:
> Please allow at least one week for us to respond before public disclousure. We only received this information a few days ago.
>
> Regards,
>
> ----------------------------------------------
> Pedro Bustamante
> Senior Research Advisor
> Panda Security
>
> email: pedro.bustamante[at]pandasecurity.com <0xC684A6F9>
> vulns: secure[at]pandasecurity.com <0x70F3FEA0>
> phone: (+34) 91-8063700
> blog: http://research.pandasoftware.com
> ----------------------------------------------
>
>
>
>
>
>> -----Mensaje original-----
>> De: full-disclosure-bounces[at]lists.grok.org.uk
>> [mailto:full-disclosure-bounces[at]lists.grok.org.uk] En nombre
>> de Karol Wiesek
>> Enviado el: Saturday, July 05, 2008 11:59 AM
>> Para: full-disclosure[at]lists.grok.org.uk
>> Asunto: [Full-disclosure] Panda ActiveScan 2.0 remote code execution
>>
>> http://karol.wiesek.pl/files/panda.tgz
>>
>> K.
>>
>> _______________________________________________
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>>
>>
>>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


randy at procyonlabs

Jul 4, 2008, 5:59 AM

Post #4 of 7 (359 views)
Permalink
Re: Panda ActiveScan 2.0 remote code execution [In reply to]
On Fri, July 4, 2008 7:02 am, Panda Security Response wrote:
> Please allow at least one week for us to respond before public
> disclousure. We only received this information a few days ago.
>
> Regards,
>
> ---------------------------------------------- Pedro Bustamante Senior
> Research Advisor Panda Security

It takes a week to hit the "respond" button? At least be polite and read
your mail, perhaps with a quick "stand by, we're looking into it" response
so folks think you care.

We are an impatient lot in this community.



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


rholgstad at gmail

Jul 4, 2008, 7:25 AM

Post #5 of 7 (345 views)
Permalink
Re: Panda ActiveScan 2.0 remote code execution [In reply to]
no one cares about your slow response time or that it takes you a week to
fix a bug that apps have had for 10 years. maybe if your product did not
suck so much you would get more respect.. now get off the list dbag.

On Fri, Jul 4, 2008 at 6:02 AM, Panda Security Response <
secure[at]pandasecurity.com> wrote:

> Please allow at least one week for us to respond before public disclousure.
> We only received this information a few days ago.
>
> Regards,
>
> ----------------------------------------------
> Pedro Bustamante
> Senior Research Advisor
> Panda Security
>
> email: pedro.bustamante[at]pandasecurity.com <0xC684A6F9>
> vulns: secure[at]pandasecurity.com <0x70F3FEA0>
> phone: (+34) 91-8063700
> blog: http://research.pandasoftware.com
> ----------------------------------------------
>
>
>
>
> > -----Mensaje original-----
> > De: full-disclosure-bounces[at]lists.grok.org.uk
> > [mailto:full-disclosure-bounces[at]lists.grok.org.uk] En nombre
> > de Karol Wiesek
> > Enviado el: Saturday, July 05, 2008 11:59 AM
> > Para: full-disclosure[at]lists.grok.org.uk
> > Asunto: [Full-disclosure] Panda ActiveScan 2.0 remote code execution
> >
> > http://karol.wiesek.pl/files/panda.tgz
> >
> > K.
> >
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > Hosted and sponsored by Secunia - http://secunia.com/
> >
> >
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>


secure at pandasecurity

Jul 4, 2008, 2:08 PM

Post #6 of 7 (324 views)
Permalink
Re: Panda ActiveScan 2.0 remote code execution [In reply to]
The fixed version is now in production.

Regards,

----------------------------------------------
Pedro Bustamante
Senior Research Advisor
Panda Security

email: pedro.bustamante[at]pandasecurity.com <0xC684A6F9>
vulns: secure[at]pandasecurity.com <0x70F3FEA0>
phone: (+34) 91-8063700
blog: http://research.pandasoftware.com
----------------------------------------------



> -----Mensaje original-----
> De: full-disclosure-bounces[at]lists.grok.org.uk
> [mailto:full-disclosure-bounces[at]lists.grok.org.uk] En nombre
> de Karol Wiesek
> Enviado el: sábado, 05 de julio de 2008 11:59
> Para: full-disclosure[at]lists.grok.org.uk
> Asunto: [Full-disclosure] Panda ActiveScan 2.0 remote code execution
>
> http://karol.wiesek.pl/files/panda.tgz
>
> K.
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


elazar at hushmail

Jul 4, 2008, 2:39 PM

Post #7 of 7 (323 views)
Permalink
Re: Panda ActiveScan 2.0 remote code execution [In reply to]
"We are an impatient lot in this community." - well said...

On Fri, 04 Jul 2008 08:59:40 -0400 "Randal T. Rioux"
<randy[at]procyonlabs.com> wrote:
>On Fri, July 4, 2008 7:02 am, Panda Security Response wrote:
>> Please allow at least one week for us to respond before public
>> disclousure. We only received this information a few days ago.
>>
>> Regards,
>>
>> ---------------------------------------------- Pedro Bustamante
>Senior
>> Research Advisor Panda Security
>
>It takes a week to hit the "respond" button? At least be polite
>and read
>your mail, perhaps with a quick "stand by, we're looking into it"
>response
>so folks think you care.
>
>We are an impatient lot in this community.
>
>
>
>_______________________________________________
>Full-Disclosure - We believe in it.
>Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>Hosted and sponsored by Secunia - http://secunia.com/

--
Compete with the big boys. Click here to find products to benefit your business.
http://tagline.hushmail.com/fc/Ioyw6h4eDJdoYMf9jwXhRS1vcQ5SY7Clj2fZDwCxnPavpwEfO6QAkA/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Full Disclosure full-disclosure RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact lists@gossamer-threads.com
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.