CVE-2004-1469

The CVE-2004-1469 entry covers a format-string vulnerability in SUS (SUS 2.0.2, and other versions before 2.0.6) where a log() call passing a command line argument to syslog can be exploited by a local user to execute arbitrary code. Affected software is SUS; the underlying issue is a faulty form...

CVE-2004-1484

The CVE-2004-1484 issue affects socat (1.4.0.3 and earlier). It is a format string vulnerability in the _msg function in error.c that can be triggered when socat is used as an HTTP proxy client with the -ly option, enabling remote attackers (or local users) to execute arbitrary code via format st...

CVE-2004-1471

Format string vulnerability in wrapper.c in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16 allows remote attackers with CVSROOT commit access to cause a denial of service application crash and possibly execute arbitrary code via format string specifiers in a wrapper line...

CVE-2004-1484

Format string vulnerability in the msg function in error.c in socat 1.4.0.3 and earlier, when used as an HTTP proxy client and run with the -ly option, allows remote attackers or local users to execute arbitrary code via format string specifiers in a syslog message...

CVE-2004-1471

CVE-2004-1471 affects CVS: formats-string vulnerability in wrapper.c remote-code path exploited by wrappers, with CVSROOT commit access allowing DoS (crash) and potential code execution. Affected ranges are CVS 1.12.x up to 1.12.8 and 1.11.x up to 1.11.16. OpenVAS/Nessus entries corroborate multi...

CVE-2004-1471

Format string vulnerability in wrapper.c in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16 allows remote attackers with CVSROOT commit access to cause a denial of service application crash and possibly execute arbitrary code via format string specifiers in a wrapper line...

CVE-2004-1484

Format string vulnerability in the msg function in error.c in socat 1.4.0.3 and earlier, when used as an HTTP proxy client and run with the -ly option, allows remote attackers or local users to execute arbitrary code via format string specifiers in a syslog message...

CVE-2004-1398

CVE-2004-1398 describes a format string vulnerability in prelink.c within kextload on Apple OS X, used by TDIXSupport in Roxio Toast Titanium and possibly other products. The underlying issue arises from format string specifiers in the extension argument, enabling local users to execute arbitrary...

CVE-2004-1398

Format string vulnerability in prelink.c in kextload in Apple OS X, as used by TDIXSupport in Roxio Toast Titanium and possibly other products, allows local users to execute arbitrary code via format string specifiers in the extension argument...

Important: Red Hat Security Advisory: xemacs security update

Updated XEmacs packages that fix a string format issue are now available. XEmacs is a powerful, customizable, self-documenting, modeless text editor. Max Vozeler discovered several format string vulnerabilities in the movemail utility of XEmacs. If a user connects to a malicious POP server, an...

security flaw

Format string vulnerability in the movemail utility in 1 Emacs 20.x, 21.3, and possibly other versions, and 2 XEmacs 21.4 and earlier, allows remote malicious POP3 servers to execute arbitrary code via crafted packets...

Important: Red Hat Security Advisory: emacs security update

Updated Emacs packages that fix a string format issue are now available. Emacs is a powerful, customizable, self-documenting, modeless text editor. Max Vozeler discovered several format string vulnerabilities in the movemail utility of Emacs. If a user connects to a malicious POP server, an...

security flaw

Format string vulnerability in the movemail utility in 1 Emacs 20.x, 21.3, and possibly other versions, and 2 XEmacs 21.4 and earlier, allows remote malicious POP3 servers to execute arbitrary code via crafted packets...

CVE-2005-0276

CVE-2005-0276 : The 3Com 3CDaemon 2.0 revision 10 FTP service is affected by multiple format string vulnerabilities in commands (username, cd, delete, rename, rmdir, literal, stat, CWD) that can cause a remote denial of service (application crash). This assessment is based on the NVD description;...

CVE-2005-0312

WarFTPD 1.82 RC9, when running as an NT service, allows remote authenticated users to cause a denial of service access violation via a CWD command with a crafted pathname, as demonstrated using a large string of "%s" sequences, possibly indicating a format string vulnerability...

CVE-2005-0276

Multiple format string vulnerabilities in the FTP service in 3Com 3CDaemon 2.0 revision 10 allow remote attackers to cause a denial of service application crash via format string specifiers in 1 the username, 2 cd, 3 delete, 4 rename, 5 rmdir, 6 literal, 7 stat, or 8 CWD commands...

CVE-2005-0280

CVE-2005-0280: A format-string vulnerability in Soldner Secret Wars (version 30830 and earlier) affects the server’s message handling. The flaw allows remote attackers to trigger a denial of service (server crash) and potentially execute arbitrary code via format string specifiers in a message. T...

CVE-2005-0312

WarFTPd (WarFTPD) 1.82 RC9/RC11 contains a denial-of-service vulnerability exploitable by a crafted CWD path consisting of a long string of "%s" sequences, potentially indicating a format-string issue. The flaw affects remote authenticated users (NT service context noted for RC9). Public referenc...

Debian DSA-670-1 : emacs20 - format string

Max Vozeler discovered several format string vulnerabilities in the movemail utility of Emacs, the well-known editor. Via connecting to a malicious POP server an attacker can execute arbitrary code under the privileges of group mail. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The...

RHEL 2.1 / 3 : emacs (RHSA-2005:112)

Updated Emacs packages that fix a string format issue are now available. Emacs is a powerful, customizable, self-documenting, modeless text editor. Max Vozeler discovered several format string vulnerabilities in the movemail utility of Emacs. If a user connects to a malicious POP server, an...