8491 matches found
[UNIX] William LeFebvre "top" Format String Vulnerability
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion The SecuriTeam alerts list - Free, Accurate, Independent. Get your security news from a reliable source...
dillo -- format string vulnerability
dillo contains a format string vulnerability which could lead to execution of arbitrary code simply by viewing a web page or opening a HTML file...
CVE-2004-1388
Format string vulnerability in the gpsdreport function for BerliOS GPD daemon gpsd, formerly pygps 1.9.0 through 2.7 allows remote attackers to execute arbitrary code via certain GPS requests containing format string specifiers that are not properly handled in syslog calls...
CVE-2004-2523
Format string vulnerability in the msg command catmessage function in msg.c in OpenFTPD 0.30.2 and earlier allows remote authenticated users to execute arbitrary code via format string specifiers in the message argument...
CVE-2004-2677
Format string vulnerability in qwik-smtpd.c in QwikMail SMTP qwik-smtpd 0.3 and earlier allows remote attackers to execute arbitrary code via format specifiers in the 1 clientRcptTo array, and the 2 Received and 3 messageID variables, possibly involving HELO and hostname arguments...
DEBIAN-CVE-2004-2386
Format string vulnerability in the LogMsg function in sercd before 2.3.1 and sredird 2.2.1 and earlier allows remote attackers to execute arbitrary code via format string specifiers passed from the HandleCPCCommand function...
DEBIAN-CVE-2004-2026
Format string vulnerability in the logmsg function in svc.c for Pound 1.5 and earlier allows remote attackers to execute arbitrary code via format string specifiers in syslog messages...
DEBIAN-CVE-2004-0561
Format string vulnerability in the log routine for gopher daemon gopherd 3.0.3 allows remote attackers to cause a denial of service and possibly execute arbitrary code...
DEBIAN-CVE-2004-1471
Format string vulnerability in wrapper.c in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16 allows remote attackers with CVSROOT commit access to cause a denial of service application crash and possibly execute arbitrary code via format string specifiers in a wrapper line...
DEBIAN-CVE-2004-1484
Format string vulnerability in the msg function in error.c in socat 1.4.0.3 and earlier, when used as an HTTP proxy client and run with the -ly option, allows remote attackers or local users to execute arbitrary code via format string specifiers in a syslog message...
CVE-2004-1398
Format string vulnerability in prelink.c in kextload in Apple OS X, as used by TDIXSupport in Roxio Toast Titanium and possibly other products, allows local users to execute arbitrary code via format string specifiers in the extension argument...
CVE-2004-1522
Format string vulnerability in Army Men RTS 1.0 allows remote attackers to cause a denial of service application crash via a nickname that contains format strings...
CVE-2004-1471
Format string vulnerability in wrapper.c in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16 allows remote attackers with CVSROOT commit access to cause a denial of service application crash and possibly execute arbitrary code via format string specifiers in a wrapper line...
CVE-2004-2417
Format string vulnerability in smtp.c for smtp.proxy 1.1.3 and earlier allows remote attackers to execute arbitrary code via format string specifiers in the 1 client hostname or 2 message-id, which are injected into a syslog message...
CVE-2004-2026
Format string vulnerability in the logmsg function in svc.c for Pound 1.5 and earlier allows remote attackers to execute arbitrary code via format string specifiers in syslog messages...
DEBIAN-CVE-2004-2714
Unspecified vulnerability in Window Maker 0.80.2 and earlier allows attackers to perform unknown actions via format string specifiers in a font specification in WMGLOBAL, probably a format string vulnerability...
DEBIAN-CVE-2004-1388
Format string vulnerability in the gpsdreport function for BerliOS GPD daemon gpsd, formerly pygps 1.9.0 through 2.7 allows remote attackers to execute arbitrary code via certain GPS requests containing format string specifiers that are not properly handled in syslog calls...
CVE-2004-2264
Format string bug in the openaltfile function in filename.c for GNU less 382, 381, and 358 might allow local users to cause a denial of service or possibly execute arbitrary code via format strings in the LESSOPEN environment variable. NOTE: since less is not setuid or setgid, then this is not a...
CVE-2004-0998
Format string vulnerability in telnetd-ssl 0.17 and earlier allows remote attackers to execute arbitrary code...
CVE-2004-1471
Format string vulnerability in wrapper.c in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16 allows remote attackers with CVSROOT commit access to cause a denial of service application crash and possibly execute arbitrary code via format string specifiers in a wrapper line...