RHEL 2.1 : mc (RHSA-2005:217)

Updated mc packages that fix multiple security issues are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Midnight Commander mc is a visual shell, much like a file manager. Several format string bugs were found in Midnight...

USN-90-1: Imagemagick vulnerability

Tavis Ormandy discovered a format string vulnerability in ImageMagick's file name handling. Specially crafted file names could cause a program using ImageMagick to crash, or possibly even cause execution of arbitrary code. Since ImageMagick can be used in custom printing systems, this also might...

CVE-2005-0671

Format string vulnerability in Carsten's 3D Engine Ca3DE, March 2004 version and earlier, allows remote attackers to execute arbitrary code via format string specifiers in a command...

foxmail.txt

AUTHOR: Fortinet, inc xouyang PRODUCTS: Foxmail Server. A Mail server for both Windows and linux. AFFECTED VERSION: Foxmail server for windows version 2.0 latest. I've just tested windows server, the linux version may be vulnerable too. Description: Foxmail-the Email client application is the mos...

ca3de - Multiple Vulnerabilities

source: https://www.securityfocus.com/bid/12727/info Ca3DE is reported prone to multiple remote vulnerabilities. An attacker can exploit these issues to carry out format string and denial of service attacks. The following specific issues were identified: It is reported that all commands accepted ...

ca3de - Multiple Vulnerabilities

ca3de - Multiple Vulnerabilities source: https://www.securityfocus.com/bid/12727/info Ca3DE is reported prone to multiple remote vulnerabilities. An attacker can exploit these issues to carry out format string and denial of service attacks. The following specific issues were identified: It is...

BidWatcher: Format string vulnerability

Background BidWatcher is a free auction tool for eBay users to keep track of their auctions. Description Ulf Harnhammar discovered a format string vulnerability in "netstuff.cpp". Impact Remote attackers can potentially exploit this vulnerability by sending specially crafted responses via an eBay...

CVE-2004-1006

Format string vulnerability in the log functions in dhcpd for dhcp 2.x allows remote DNS servers to execute arbitrary code via certain DNS messages, a different vulnerability than CVE-2002-0702...

IBM AIX auditselect contains format string vulnerability

Overview IBM AIX auditselect command contains a format string vulnerability that may allow a local attacker to execute arbitrary code. Description According to IBM's Command Reference, the syntax and description of the auditselect command are as follows:$ auditselect -e "Expression" | -f File -m...

CVE-2005-0577

Format string vulnerability in DNA MKBold-MKItalic 0.061 and earlier allows remote attackers to execute arbitrary code via crafted BDF font files...

CVE-2005-0577

CVE-2005-0577 affects DNA MKBold-MKItalic up to version 0.06_1. The vulnerability is a format string flaw in the BDF font processing that could allow remote code execution. The OpenVAS and NVD records corroborate the issue; they reference the FreeBSD ports mkbold-mkitalic package as affected. The...

ProZilla < 1.3.7.4 Location Header Format String

Binary data 2644.prm...

CVE-2005-0523

ProZilla: format-string vulnerability in Location header affecting 1.3.7.3 and earlier that enables remote code execution. Debian/DSA-719-1 fixes in prozilla available (1.3.7.4-1 and related) and advisories recommend upgrading.

CVE-2005-0523

Format string vulnerability in ProZilla 1.3.7.3 and earlier allows remote attackers to execute arbitrary code via format string specifiers in the Location header...

mkbold-mkitalic -- format string vulnerability

The version 0.061 and prior have a format string vulnerability which can be triggered by using a carefully-crafted BDF font file...

CVE-2004-1682

The CVE-2004-1682 entry concerns the QNX 6.1 FTP client, where a format string vulnerability in the QUOTE command can allow remote authenticated users to obtain group bin privileges. The root cause is improper handling of format specifiers in QUOTE, enabling privilege escalation. The provided doc...

CVE-2004-1628

Format string vulnerability in log.c in rssh before 2.2.2 allows remote authenticated users to execute arbitrary code...

CVE-2004-1576

Format string vulnerability in Judge Dredd: Dredd vs. Death 1.01 and earlier allows remote attackers to cause a denial of service application crash via format string specifiers in a chat message...

CVE-2004-1628

Removed by vendor...

CVE-2004-1576

CVE-2004-1576 affects Judge Dredd: Dredd vs. Death 1.01 and earlier. The vulnerability is a format string flaw in chat messages, leading to a denial of service (application crash). The provided documents do not specify exploit code, affected versions beyond 1.01 and earlier, or a remediation(patc...