Emil 2.x - Multiple Buffer Overrun / Format String Vulnerabilities

source: https://www.securityfocus.com/bid/9974/info Multiple locally and remotely exploitable buffer overrun and format strings were reported in emil. This could permit execution of arbitrary code in the context of the software...

[SECURITY] [DSA 468-1] New emil packages fix multiple vulnerabilities

-------------------------------------------------------------------------- Debian Security Advisory DSA 468-1 [email protected] http://www.debian.org/security/ Matt Zimmerman March 24th, 2004 http://www.debian.org/security/faq -...

Buffer overflows and format string bugs in Emil

Ulf Härnhammar reports multiple buffer overflows in Emil, some of which are triggered during the parsing of attachment filenames. In addition, some format string bugs are present in the error reporting code. Depending upon local configuration, these vulnerabilities may be exploited using speciall...

DSA-468 emil - several vulnerabilities

Bulletin has no description...

CVE-2004-0354

Multiple format string vulnerabilities in GNU Anubis 3.6.0 through 3.6.2, 3.9.92 and 3.9.93 allow remote attackers to execute arbitrary code via format string specifiers in strings passed to 1 the info function in log.c, 2 the anubiserror function in errs.c, or 3 the sslerror function in ssl.c...

CVE-2004-0354

CVE-2004-0354 affects GNU Anubis versions 3.6.0–3.6.2 and 3.9.92–3.9.93. The issue is a format string vulnerability in three code paths: the info function in log.c, the anubis_error function in errs.c, and the ssl_error function in ssl.c, which can enable remote code execution. The connected docu...

CVE-2004-0277

CVE-2004-0277 is a format-string vulnerability in Dream FTP 1.02 where the username is unsafely processed, allowing a remote attacker to crash the server and potentially execute arbitrary code. The NVD entry assigns a base score of 10.0 ( HIGH ) with network attack vector and complete impact. A c...

CVE-2003-1037

Format string vulnerability in the WGate component for SAP Internet Transaction Server ITS allows remote attackers to execute arbitrary code via a high "trace level."...

CVE-2003-0257

Format string vulnerability in the printer capability for IBM AIX .3, 5.1, and 5.2 allows local users to gain printq or root privileges...

CVE-2003-0257

Technical details (affected components, root cause, impact specifics, or fixes) are not publicly available in the provided documents. Monitor for updates from reliable sources; current records only reiterate a format-string vulnerability in IBM AIX printer capability.

CVE-2003-1037

The CVE-2003-1037 entry describes a format string vulnerability in the WGate component for SAP Internet Transaction Server (ITS). The issue allows remote attackers to execute arbitrary code by crafting input through a high “trace level.” The description does not provide specific affected versions...

CVE-2004-0159

Format string vulnerability in hsftp 1.11 allows remote authenticated users to cause a denial of service and possibly execute arbitrary code via file names containing format string characters that are not properly handled when executing an "ls" command...

CVE-2003-1018

Format string vulnerability in enq command in AIX 4.3, 5.1, and 5.2 allows local users with rintq group privileges to gain privileges via unknown attack vectors...

Format string bug in EpicGames Unreal engine

Luigi Auriemma Application: Unreal engine http://unreal.epicgames.com Games: - America's Army - DeusEx - Devastation - Magic Battlegrounds - Mobile Forces - Nerf Arena Blast - Postal 2 - Rainbow Six: Raven Shield - Rune - Sephiroth: 3rd episode the Crusade - Star Trek: Klingon Honor Guard -...

Epic Games Unreal Tournament Server 436.0 - Engine Remote Format String

source: https://www.securityfocus.com/bid/9840/info A format string vulnerability has been reported to exists in the Unreal Tournament server engine. This issue is due to a failure of the server application to properly sanitize user supplied network data. Ultimately this vulnerability could allow...

GNU Anubis buffer overflows and format string bugs

GNU Anubis buffer overflows and format string bugs PROGRAM: GNU Anubis VENDOR: Free Software Foundation, Inc. HOMEPAGE: http://www.gnu.org/software/anubis/ VULNERABLE VERSIONS: 3.6.2, 3.9.93, 3.9.92, 3.6.0, 3.6.1, possibly others IMMUNE VERSIONS: 3.6.2 with vendor patch, 3.9.93 with vendor patch,...

GNU Anubis multiple bugs

Buffer overflows, format string bugs...

GNU Anubis buffer overflows and format string vulnerabilities

Ulf Härnhammar discovered several vulnerabilities in GNU Anubis. Unsafe uses of sscanf'. The %s' format specifier is used, which allows a classical buffer overflow. auth.c Format string bugs invoking syslog'. log.c, errs.c, ssl.c Ulf notes that these vulnerabilities can be exploited by a maliciou...

DreamFTP Server username Remote Format String

The remote DreamFTP server is vulnerable to a format string attack when processing the USER command. An attacker may exploit this flaw to gain a shell on this host. C Tenable Network Security, Inc. include"compat.inc"; ifdescription scriptid12086; scriptcveid"CVE-2004-2074"; scriptbugtraqid9800;...

CVE-2004-0039

Multiple format string vulnerabilities in HTTP Application Intelligence AI component in Check Point Firewall-1 NG-AI R55 and R54, and Check Point Firewall-1 HTTP Security Server included with NG FP1, FP2, and FP3 allows remote attackers to execute arbitrary code via HTTP requests that cause forma...