8488 matches found
SUSE-SA:2002:037: heartbeat
The remote host is missing the patch for the advisory SUSE-SA:2002:037 heartbeat. Heartbeat is a monitoring service that is used to implement failover in high-availablity environments. It can be configured to monitor other systems via serial connections, or via UDP/IP. Several format string bugs...
SuSE-SA:2003:048: gpg
The remote host is missing the patch for the advisory SuSE-SA:2003:048 gpg. The gnupg the SUSE package is named gpg package is the most widely used software for cryptographic encryption/decryption of data. Two independent errors have been found in gpg GnuPG packages as shipped with SUSE products:...
SUSE-SA:2003:019: ethereal
The remote host is missing the patch for the advisory SUSE-SA:2003:019 ethereal. Ethereal is a GUI for analyzing and displaying network traffic. Ethereal is vulnerable to a format string bug in it's SOCKS code and to a heap buffer overflow in it's NTLMSSP code. These bugs can be abused to crash...
mod_proxy hook format string
Format string vulnerability in the modproxy hook functions function in sslenginelog.c in modssl before 2.8.19 for Apache before 1.3.31 may allow remote attackers to execute arbitrary messages via format string specifiers in certain log messages for HTTPS that are handled by the ssllog function...
CVE-2004-0733
The CVE-2004-0733 issue affects OllyDbg 1.10, with a format string vulnerability in calls to OutputDebugString. The underlying flaw allows remote attackers to trigger a crash (DoS) and potentially execute arbitrary code via untrusted format specifiers. Documentation notes the impact as Denial of ...
[SECURITY] [DSA 532-1] New libapache-mod-ssl packages fix multiple vulnerabilities
-------------------------------------------------------------------------- Debian Security Advisory DSA 532-1 [email protected] http://www.debian.org/security/ Matt Zimmerman July 22nd, 2004 http://www.debian.org/security/faq -...
Fedora Core 1 : mc-4.6.0-14.10 (2004-112)
Several buffer overflows, several temporary file creation vulnerabilities, and one format string vulnerability have been discovered in Midnight Commander. These vulnerabilities were discovered mostly by Andrew V. Samoilov and Pavel Roskin. The Common Vulnerabilities and Exposures project...
mod_ssl: Format string vulnerability
Background modssl provides Secure Sockets Layer encryption and authentication to Apache 1.3. Description A bug in sslengineext.c makes modssl vulnerable to a ssllog related format string vulnerability in the modproxy hook functions. Impact Given the right server configuration, an attacker could...
CVE-2004-0700
CVE-2004-0700 describes a format-string vulnerability in the mod_ssl component (ssl_engine_log.c) of Apache’s mod_ssl. Affects Apache before 1.3.31 with mod_ssl up to version 2.8.19; remote attackers could use format specifiers in HTTPS log messages processed by ssl_log to potentially execute arb...
[FMADV] Format String Bug in OllyDbg 1.10
FMADV - OllyDbg Format String Bug Introduction: There exists a format string bug in the code that handles Debugger Messages in OllyDbg. This means any traced application can crash OllyDbg and execute machine code. About From the Webpage: OllyDbg is a 32-bit assembler level analysing debugger for...
mod_ssl contains a format string vulnerability in the ssl_log() function
Overview There is a format string vulnerability in the ssllog function of the modssl module that could allow an attacker to potentially execute arbitrary code. Description modssl is an Apache module that provides Secure Sockets Layer SSL v2/v3 and Transport Layer Security TLS v1 protocol support...
[SECURITY] [DSA 529-1] New netkit-telnet-ssl package fixes format string vulnerability
-------------------------------------------------------------------------- Debian Security Advisory DSA 529-1 [email protected] http://www.debian.org/security/ Matt Zimmerman July 17th, 2004 http://www.debian.org/security/faq -...
[SECURITY] [DSA 529-1] New netkit-telnet-ssl package fixes format string vulnerability
-------------------------------------------------------------------------- Debian Security Advisory DSA 529-1 [email protected] http://www.debian.org/security/ Matt Zimmerman July 17th, 2004 http://www.debian.org/security/faq -...
DSA-529 netkit-telnet-ssl - format string
Bulletin has no description...
Re: mod_ssl-2.8.18-1.3.31 Format string vulnerability
On Fri, Jul 16, 2004, [email protected] wrote: Thought you might like to look at this if you haven't seen it already. Any feedback on it is appreciated. -Packet Storm ----- Forwarded message from Virulent [email protected] ----- Delivered-To: [email protected]...
apache13-modssl -- format string vulnerability in proxy support
A OpenPKG Security Advisory reports: Triggered by a report to Packet Storm from Virulent, a format string vulnerability was found in modssl, the Apache SSL/TLS interface to OpenSSL, version up to and including 2.8.18 for Apache 1.3. The modssl in Apache 2.x is not affected. The vulnerability coul...
Solaris 2.5.1 (sparc) : 112891-01
SunOS 5.5.1: rpc.rwalld has format string problem. Date this patch was last updated by Sun : Jun/14/02 %NASLMINLEVEL 999999 @DEPRECATED@ This script has been deprecated as the associated patch is not currently a recommended security fix. Disabled on 2011/09/17. C Tenable Network Security, Inc. if...
Solaris 2.5.1 (x86) : 112892-01
SunOS 5.5.1x86: rpc.rwalld has format string problem. Date this patch was last updated by Sun : Jun/14/02 %NASLMINLEVEL 999999 @DEPRECATED@ This script has been deprecated as the associated patch is not currently a recommended security fix. Disabled on 2011/09/17. C Tenable Network Security, Inc...
Solaris 2.6 (x86) : 112894-01
SunOS 5.6x86: rpc.rwalld has format string problem. Date this patch was last updated by Sun : Jun/17/02 %NASLMINLEVEL 999999 @DEPRECATED@ This script has been deprecated as the associated patch is not currently a recommended security fix. Disabled on 2011/09/17. C Tenable Network Security, Inc. i...
CVE-2004-0640
CVE-2004-0640 is a format string vulnerability in the SSL_set_verify function of telnetd.c for the SSLtelnet daemon (SSLtelnetd) v0.13 that allows remote code execution. Connected records tie this to netkit-telnet-ssl and related packages (e.g., Debian netkit-telnet-ssl) with advisories noting a ...