8451 matches found
CVE-2000-1010
The CVE is a format-string vulnerability in talkd reported across multiple UNIX-like systems. Affected: IRIX (talkd in /usr/etc/talkd), UnixWare 7.1.1 and Open UNIX 8.0.0 (in.talkd); OpenBSD and possibly other BSDs per the CVE description. Root cause: untrusted user-supplied fields in talkd allow...
CVE-2000-1000
Summary: CVE-2000-1000 is a format-string vulnerability in AOL Instant Messenger (AIM) 4.1 and earlier. The issue arises when transferring a file whose name contains format specifiers, which can cause a denial of service and may allow arbitrary command execution. Root cause: format-string handlin...
CVE-2000-1040
CVE-2000-1040 concerns a format string vulnerability in the logging function of ypbind 3.3 when run in debug mode. The flaw can leak file descriptors and allow a denial of service. Some sources (Mandrake MDKSA-2000:064) also mention a related buffer overflow in ypserv if the build system lacks vs...
CVE-2000-1043
Format string vulnerability in ypserv in Mandrake Linux 7.1 and earlier, and possibly other Linux operating systems, allows an attacker to gain root privileges when ypserv is built without a vsyslog function...
CVE-2000-1004
CVE-2000-1004 documents a format string vulnerability in OpenBSD photurisd. The issue allows local users to execute arbitrary commands via a configuration-file directory name that contains formatting characters. Affected component: photurisd in OpenBSD (specific version details not provided in th...
CVE-2000-0947
The CVE-2000-0947 issue is a format-string vulnerability in CFEngine’s cfd (CFEngine daemon) that can be triggered via the CAUTH command, allowing an attacker to cause the vulnerable host to run arbitrary commands. OpenVAS/Nessus entries describe that the flaw arises in cfd’s syslog handling and ...
CVE-2000-1043
CVE-2000-1043 describes a format-string vulnerability in the ypserv component (and related ypbind behavior) affecting Mandrake Linux 7.1 and earlier, with potential impact on other Linux systems. The underlying issue is a format-string bug that can allow an attacker to gain root privileges when y...
CVE-2000-0996
CVE-2000-0996: A format-string vulnerability in the OpenBSD su utility (and possibly other BSD-based OSes) allows a local attacker to gain root privileges via a malformed shell. The issue is described in the NVD entry with a CVSS v2 base score of 7.2 (HIGH) and LOCAL, LOW–complexity conditions, e...
CVE-2000-0995
CVE-2000-0995 describes a format-string vulnerability in the OpenBSD yp_passwd utility (and possibly other BSD-based OSes) that can allow an attacker to gain root privileges via a malformed name. The initial description states the vulnerability and impact; a patch is referenced (028_format_string...
CVE-2000-1010
Format string vulnerability in talkd in OpenBSD and possibly other BSD-based OSes allows remote attackers to execute arbitrary commands via a user name that contains format characters...
CVE-2000-0917
Format string vulnerability in usesyslog function in LPRng 3.6.24 allows remote attackers to execute arbitrary commands...
CVE-2000-1004
Format string vulnerability in OpenBSD photurisd allows local users to execute arbitrary commands via a configuration file directory name that contains formatting characters...
CVE-2000-1000
Format string vulnerability in AOL Instant Messenger AIM 4.1.2010 allows remote attackers to cause a denial of service and possibly execute arbitrary commands by transferring a file whose name includes format characters...
CVE-2000-1044
CVE-2000-1044 concerns a format-string vulnerability in ypbind-mt on SuSE Linux (notably SuSE-6.2) that could allow an attacker to gain root privileges. The vulnerability arises in the handling of format strings in the affected component; no exploitation details are provided in the available docu...
CVE-2000-0996
Format string vulnerability in OpenBSD su program and possibly other BSD-based operating systems allows local attackers to gain root privileges via a malformed shell...
CVE-2000-0993
Format string vulnerability in pwerror function in BSD libutil library allows local users to gain root privileges via a malformed password in commands such as chpass or passwd...
CVE-2000-0901
Format string vulnerability in screen 3.9.5 and earlier allows local users to gain root privileges via format characters in the vbellmsg initialization variable...
CVE-2000-0947
Format string vulnerability in cfd daemon in GNU CFEngine before 1.6.0a11 allows attackers to execute arbitrary commands via format characters in the CAUTH command...
CVE-2000-1014
The CVE-2000-1014 entry concerns a format string vulnerability in the search97.cgi CGI script of the SCO help HTTP server for Unixware 7 . The flaw allows remote attackers to execute arbitrary commands through format string characters supplied in the queryText parameter, enabling potential remote...
CVE-2000-0917
CVE-2000-0917 describes a format-string vulnerability in LPRng’s use_syslog() in version 3.6.24 (and earlier), enabling remote attackers to execute arbitrary commands. Multiple sources corroborate: Red Hat RHSA-2000-065 notes vulnerability in 3.6.24 and earlier; CERT advisories document the forma...