8491 matches found
CVE-2004-2434
Microsoft Internet Explorer 6.0 SP1 allows remote attackers to cause a denial of service browser crash via a link with "::" colon colon left brace, which triggers a null dereference when the user attempts to save the link using "Save As" and Internet Explorer prepares an error message with an...
CVE-2004-2515
Format string vulnerability in VMware Workstation 4.5.2 build-8848, if running with elevated privileges, might allow local users to execute arbitrary code via format string specifiers in command line arguments. NOTE: it is not clear if there are any default or typical circumstances under which...
CVE-2004-2714
Unspecified vulnerability in Window Maker 0.80.2 and earlier allows attackers to perform unknown actions via format string specifiers in a font specification in WMGLOBAL, probably a format string vulnerability...
CVE-2004-1388
Format string vulnerability in the gpsdreport function for BerliOS GPD daemon gpsd, formerly pygps 1.9.0 through 2.7 allows remote attackers to execute arbitrary code via certain GPS requests containing format string specifiers that are not properly handled in syslog calls...
CVE-2004-1469
Format string vulnerability in the log function in SUS 2.0.2, and other versions before 2.0.6, allows local users to execute arbitrary code via format string specifiers in a command line argument that is passed directly to syslog...
DEBIAN-CVE-2004-2160
Format string vulnerability in xmlelem.c for XMLStarlet Command Line XML Toolkit 0.9.3 may allow attackers to cause a denial of service or execute arbitrary code...
CVE-2004-2714
Unspecified vulnerability in Window Maker 0.80.2 and earlier allows attackers to perform unknown actions via format string specifiers in a font specification in WMGLOBAL, probably a format string vulnerability...
CVE-2004-0998
CVE-2004-0998 is a format-string vulnerability in telnetd-ssl versions up to 0.17.17+0.1-2woody3 (stable) / 0.17.24+0.1-6 (sid) that allows a remote attacker to execute arbitrary code. Debian's DSA-616-1 confirms a remote, format-string flaw in netkit-telnet-ssl with a fixed upgrade path to the c...
CVE-2004-1484
Format string vulnerability in the msg function in error.c in socat 1.4.0.3 and earlier, when used as an HTTP proxy client and run with the -ly option, allows remote attackers or local users to execute arbitrary code via format string specifiers in a syslog message...
CVE-2004-2489
Format string vulnerability in IBM Informix Dynamic Server IDS before 9.40.xC3 allows local users to execute arbitrary code via a modified INFORMIXDIR environment variable that points to a file with format string specifiers in the filename...
CVE-2004-1388
Format string vulnerability in the gpsdreport function for BerliOS GPD daemon gpsd, formerly pygps 1.9.0 through 2.7 allows remote attackers to execute arbitrary code via certain GPS requests containing format string specifiers that are not properly handled in syslog calls...
CVE-2004-2386
Format string vulnerability in the LogMsg function in sercd before 2.3.1 and sredird 2.2.1 and earlier allows remote attackers to execute arbitrary code via format string specifiers passed from the HandleCPCCommand function...
CVE-2004-1500
Format string vulnerability in the Lithtech engine, as used in multiple games, allows remote authenticated users to cause a denial of service application crash via format string specifiers in 1 a nickname or 2 a message...
CVE-2004-2026
Format string vulnerability in the logmsg function in svc.c for Pound 1.5 and earlier allows remote attackers to execute arbitrary code via format string specifiers in syslog messages...
CVE-2004-1805
Format string vulnerability in games using the Epic Games Unreal Engine 436 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via format string specifiers in class names...
CVE-2004-2160
Format string vulnerability in xmlelem.c for XMLStarlet Command Line XML Toolkit 0.9.3 may allow attackers to cause a denial of service or execute arbitrary code...
CVE-2004-2238
Format string vulnerability in vsybase.c in vpopmail 5.4.2 and earlier has unknown impact and attack vectors. NOTE: in a followup post, it was observed that the source code used constants that, when compiled, became static format strings. Thus this is not a vulnerability...
CVE-2004-2074
Format string vulnerability in Dream FTP 1.02 allows local users to cause a denial of service crash via format string specifiers in the 1 PASS or 2 RETR commands...
CVE-2004-2386
Format string vulnerability in the LogMsg function in sercd before 2.3.1 and sredird 2.2.1 and earlier allows remote attackers to execute arbitrary code via format string specifiers passed from the HandleCPCCommand function...
CVE-2004-1484
Format string vulnerability in the msg function in error.c in socat 1.4.0.3 and earlier, when used as an HTTP proxy client and run with the -ly option, allows remote attackers or local users to execute arbitrary code via format string specifiers in a syslog message...