emacs -- movemail format string vulnerability

Max Vozeler discovered several format string vulnerabilities in the movemail utility of Emacs. They can be exploited when connecting to a malicious POP server and can allow an attacker can execute arbitrary code under the privileges of the user running Emacs...

War FTPD FTP server format string bug

CWD command format string bug...

CVE-2005-0312

WarFTPD 1.82 RC9, when running as an NT service, allows remote authenticated users to cause a denial of service access violation via a CWD command with a crafted pathname, as demonstrated using a large string of "%s" sequences, possibly indicating a format string vulnerability...

gpsd < 2.8 gpsd_report() Function Remote Format String

Binary data 2559.prm...

Berlios gpsd gpsd_report() Function Format String

The remote host is running GPSD, a daemon which monitors a GPS device and publishes its data over the network. The remote version of this software is vulnerable to format string attack due to the way it uses the syslog call. An attacker may exploit this flaw to execute arbitrary code on the remot...

Berlios gpsd &#40;GPS/GIS daemon&#41; format string bug

Format string bug on syslog call...

Berlios GPSD 2.7.x - Remote Format String

Berlios GPSD 2.7.x - Remote Format String / Added , on line 75 /str0ke / / Copyright Johnh and KF 2005 Gpsd remote format string exploit By: Johnhatdigitalmunitiondotcom Bug Found By: kfatdigitalmunitiondotcom http://www.digitalmunition.com/DMA2005-0125a.txt Features: Version ident Debian machine...

Berlios GPSD 2.7.x - Remote Format String

/ Added , on line 75 /str0ke / / Copyright Johnh and KF 2005 Gpsd remote format string exploit By: Johnhatdigitalmunitiondotcom Bug Found By: kfatdigitalmunitiondotcom http://www.digitalmunition.com/DMA2005-0125a.txt Features: Version ident Debian machines provide uid=gpsd Redhat machines provide...

Berlios gpsd <= 2.7.x Remote Format String Vulnerability

Exploit for linux platform in category remote exploits ======================================================== Berlios gpsd include include include include include include include include include include include include include define GPSDPORT 2947 void shint stsockva; int newtcpConnect char hos...

[Full-Disclosure] DMA[2005-0125a] - &#39;berlios gpsd format string vulnerability&#39;

DMA2005-0125a - 'berlios gpsd remake of pygps format string vulnerability' Author: Kevin Finisterre Vendor: http://gpsd.berlios.de, http://www.pygps.org Product: 'gpsd' References: http://www.digitalmunition.com/DMA2005-0125a.txt Description: gpsd is a service daemon that monitors a GPS attached ...

CVE-2004-1004

CVE-2004-1004 affects Midnight Commander (mc) up to version 4.5.55 with multiple format string vulnerabilities. The provided connected advisories confirm that various distros release patches (e.g., SUSE SLES9 patch 5011441, Gentoo GLSA 200502-24, Debian DSA 639-1) to fix these issues. The CVE ent...

CVE-2004-1004

Multiple format string vulnerabilities in Midnight Commander mc 4.5.55 and earlier allow remote attackers to have an unknown impact...

CVE-2004-1004

Multiple format string vulnerabilities in Midnight Commander mc 4.5.55 and earlier allow remote attackers to have an unknown impact...

Multiple AtHoc toolbar bugs

Buffer overflows, format string bugs in ActiveX components...

CVE-2004-0561

CVE-2004-0561 refers to a format-string vulnerability in the log routine of gopherd (Debian gopher package). Affected software is the gopher server (gopherd) in Debian, with the issue fixed in the 3.0.3woody2 update for Woody; other references note the same vulnerability across Debian advisories....

CVE-2004-0561

Format string vulnerability in the log routine for gopher daemon gopherd 3.0.3 allows remote attackers to cause a denial of service and possibly execute arbitrary code...

CVE-2004-1373

CVE-2004-1373 describes a format-string vulnerability in SHOUTcast 1.9.4 where a specially crafted filename in a URL can cause a crash or remote code execution. Multiple public sources (Metasploit module, Exploit-DB, and vendor/OpenVAS advisories) corroborate remote code execution and denial of s...

CVE-2005-0012

CVE-2005-0012 affects Dillo before 0.8.3-r4, where a format string vulnerability in the a_Interface_msg() function can allow remote code execution via crafted web pages. The issue is documented across multiple feeds (NVD entry and OpenVAS/Gentoo GLSA references) with a base CVSS v2 score of 7.5 (...

CVE-2005-0012

Format string vulnerability in the aInterfacemsg function in Dillo before 0.8.3-r4 allows remote attackers to execute arbitrary code via format string specifiers in a web page...

CVE-2005-0012

Format string vulnerability in the aInterfacemsg function in Dillo before 0.8.3-r4 allows remote attackers to execute arbitrary code via format string specifiers in a web page...