CVE-2004-1006

Format string vulnerability in the log functions in dhcpd for dhcp 2.x allows remote DNS servers to execute arbitrary code via certain DNS messages, a different vulnerability than CVE-2002-0702...

CVE-2004-1006

CVE-2004-1006 affects ISC DHCP’s dhcpd (dhcp 2.x). A format-string vulnerability in the logging code (errwarn/calls in log paths) could allow a remote DNS server to trigger arbitrary code execution with the dhcpd’s privileges. Public references (RHSA-2005:212, Debian DSA-584-1, CERT/US-CERT entri...

CVE-2004-0980

Format string vulnerability in ez-ipupdate.c for ez-ipupdate 3.0.10 through 3.0.11b8, when running in daemon mode with certain service types in use, allows remote servers to execute arbitrary code...

CVE-2004-0992

The CVE-2004-0992 issue affects Proxytunnel prior to 1.2.3. In daemon mode (-a), it formats log messages for invalid proxy answers, creating a format string vulnerability that could allow remote code execution on the tunneling host. Affected product: Proxytunnel; root cause: unsafe format string ...

CVE-2004-0980

The CVE-2004-0980 entry concerns a format string vulnerability in ez-ipupdate.c affecting ez-ipupdate 3.0.10 through 3.0.11b8. When running in daemon mode with certain service types, a remote attacker could cause arbitrary code execution. The provided documents consistently reference vulnerable v...

CVE-2004-0992

Format string vulnerability in the -a option daemon mode in Proxytunnel before 1.2.3 allows remote attackers to execute arbitrary code via format string specifiers in an invalid proxy answer...

CVE-2004-0980

Format string vulnerability in ez-ipupdate.c for ez-ipupdate 3.0.10 through 3.0.11b8, when running in daemon mode with certain service types in use, allows remote servers to execute arbitrary code...

Debian DSA-592-1 : ez-ipupdate - format string

Ulf Harnhammar from the Debian Security Audit Project discovered a format string vulnerability in ez-ipupdate, a client for many dynamic DNS services. This problem can only be exploited if ez-ipupdate is running in daemon mode most likely with many but not all service types. %NASLMINLEVEL 70300 C...

Multiple vulnerabilities in Hired Team: Trial (Shine engine)

Luigi Auriemma Application: Hired Team: Trial http://eng.nmg.ru/rubrs.asp?rubrid=165 and probably also the Shine engine on which it is based http://www.3dengine.ru/index.asp?id=4 Versions: Hired Team = 2.0 / 2.200 since this is the only game based on the Shine engine and I have received no reply...

[Full-Disclosure] Format string bug in Army Men RTS

Luigi Auriemma Application: Army Men RTS http://www.3do.com/armymen/armymen/ Versions: 1.0 Platforms: Windows Bug: format string Exploitation: remote, versus server Date: 14 November 2004 Author: Luigi Auriemma e-mail: [email protected] web: http://aluigi.altervista.org 1 Introduction 2 Bug 3...

Mandrake Linux Security Advisory : ez-ipupdate (MDKSA-2004:129)

Ulf Harnhammar discovered a format string vulnerability in ez-ipupdate, a client for many dynamic DNS services. The updated packages are patched to protect against this problem. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were...

[SECURITY] [DSA 592-1] New ez-ipupdate packages fix format string vulnerability

-------------------------------------------------------------------------- Debian Security Advisory DSA 592-1 [email protected] http://www.debian.org/security/ Martin Schulze November 12th, 2004 http://www.debian.org/security/faq -...

[SECURITY] [DSA 592-1] New ez-ipupdate packages fix format string vulnerability

-------------------------------------------------------------------------- Debian Security Advisory DSA 592-1 [email protected] http://www.debian.org/security/ Martin Schulze November 12th, 2004 http://www.debian.org/security/faq -...

DSA-592-1 ez-ipupdate - format string

Bulletin has no description...

ez-ipupdate format string bug

No description provided...

EZ-IPupdate show_message() Remote Format String

Binary data 2399.prm...

ez-ipupdate: Format string vulnerability

Background ez-ipupdate is a utility for updating host name information for a large number of dynamic DNS services. Description Ulf Harnhammar from the Debian Security Audit Project discovered a format string vulnerability in ez-ipupdate. Impact An attacker could exploit this to execute arbitrary...

ez-ipupdate -- format string vulnerability

Data supplied by a remote server is used as the format string instead of as parameters in a syslog call. This may lead to crashes or potential running of arbitrary code. It is only a problem when running in daemon mode very common and when using some service types...

[Full-Disclosure] ez-ipupdate format string bug

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandrakelinux Security Update Advisory Package name: ez-ipupdate Advisory ID: MDKSA-2004:129 Date: November 10th, 2004 Affected versions: 10.0, 10.1, 9.2, Corporate Server 2.1, Multi Network Firewall 8.2 Problem Description: Ulf Harnhammar discovered ...

Debian DSA-590-1 : gnats - format string vulnerability

Khan Shirani discovered a format string vulnerability in gnats, the GNU problem report management system. This problem may be exploited to execute arbitrary code. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian...