[Full-Disclosure] Format String Vulnerability in Tripwire

SUMMARY ------- Tripwiretm is a Security, Intrusion Detection, Damage Assessment and Recovery, Forensics software. A vulnerability in the product allows a user on the local machine under certain circumstances to execute arbitrary code with the rights of the user running the program typically root...

[Full-Disclosure] MDKSA-2004:039 - Updated mc packages fix vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandrakelinux Security Update Advisory Package name: mc Advisory ID: MDKSA-2004:039 Date: April 29th, 2004 Affected versions: 10.0, 9.1, 9.2, Corporate Server 2.1 Problem Description: Several vulnerabilities in Midnight Commander were found by Jacub...

Mini SQL 1.0/1.3 - Remote Format String

// source: https://www.securityfocus.com/bid/8295/info Mini SQL mSQL has been reported prone to a remotely exploitable format string vulnerability, when handling user-supplied data. Reportedly a remote attacker may send malicious format specifiers to trigger the issue. This vulnerability could...

Multiple bugs in ICQ 2003

Format string bug in integer overflows in POP3 client, multiple DoS conditions...

Security Update: [CSSA-2003-007.0] Linux: Apache mod_dav module format string vulnerability

To: [email protected] [email protected] [email protected] [email protected] SCO Security Advisory Subject: Linux: Apache moddav module format string vulnerability Advisory number: CSSA-2003-007.0 Issue date: 2003 February 17 Cross reference: 1...

MIT Kerberos V5 KDC logging routines use unsafe format strings

Overview Early releases of the MIT Kerberos V5 KDC contain format string vulnerabilities that can be used by unauthenticated remote attackers to conduct denial of service attacks on KDC servers. Description Logging routines in some unspecified versions of the MIT Kerberos V5 Key Distribution Cent...

Format string vulnerability in KDE talkd

No description provided...

Inso DynaWeb HTTPd 3.14.0.24.1 - Format String

Inso DynaWeb HTTPd 3.14.0.24.1 - Format String // source: https://www.securityfocus.com/bid/5384/info Inso DynaWeb webserver, dwhttpd, is used as a subcomponent in products such as Sun's AnswerBook2, which is shipped as part of the Solaris operating environment. The dwhttpd webserver is prone to ...

CVE-2001-1203

Format string vulnerability in gpm-root in gpm 1.17.8 through 1.17.18 allows local users to gain root privileges...

OpenServer crontab format string bug

Format string bug in command line arguments parsing...

iXsecurity.20020314.csadmin_fmt.a

iXsecurity Security Vulnerability Report No: iXsecurity.20020314.csadminfmt.a ======================================== Vulnerability Summary --------------------- Problem: Cisco Secure ACS webserver has a format string vulnerability. Threat: An attacker could send an "invalid" URL to the webserve...

CVE-2001-1034

Format string vulnerability in Hylafax on FreeBSD allows local users to execute arbitrary code via format specifiers in the -h hostname argument for 1 faxrm or 2 faxalter...

KAV (AVP) for sendmail format string

Topic: Format string vulnerability in AVP for sendmail Author: 3APA3A Affected Software: KAV for sendmail 3.5.135.2 Vendor: Kaspersky Lab Vendor Notified: 30 May 2001 Risk: High/Average Remotely Exploitable: Yes Impact: DoS/Remote root compromise Released: 06 June 2001 Vendor URL:...

Потенциальная дырка в драйверах Windows NT/2000 (DbgPrint format string)

Во многих дрйверах ошибка форматной строки при вызови функции отладки...

[SECURITY] [DSA-009-1] multiple stunnel vulnerabilities

Package : stunnel Problem type : insecure file handling, format string bug Debian-specific: no Lez discovered a format string problem in stunnel a tool to create Universal SSL tunnel for other network daemons. Brian Hatch responded by stating he was already preparing a new release with multiple...

Security Advisory: FreeBSD-SA-00:58.chpass

-----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-00:58 Security Advisory FreeBSD, Inc. Topic: chpass family contains local root vulnerability Category: core Module: chfn/chpass/chsh/ypchfn/ypchpass/ypchsh/passwd Announced:...

CVE-2000-0583

vchkpw program in vpopmail before version 4.8 does not properly cleanse an untrusted format string used in a call to syslog, which allows remote attackers to cause a denial of service via a USER or PASS command that contains arbitrary formatting directives...

LPRng use_syslog() Remote Format String Arbitrary Command Execution

LPRng seems to be running on this port. Versions of LPRng prior to 3.6.24 are missing format string arguments in at least two calls to 'syslog' that handle user-supplied input. Using specially crafted input with format strings, an unauthenticated, remote attacker may be able to leverage these...

CVE-2000-0701

The wrapper program in mailman 2.0beta3 and 2.0beta4 does not properly cleanse untrusted format strings, which allows local users to gain privileges...

Immunix OS 6.2 - LC glibc format string

/ source: https://www.securityfocus.com/bid/1634/info nectiva 4.x/5.x,Debian 2.x,IBM AIX 3.x/4.x,Mandrake 7,RedHat 5.x/6.x,IRIX 6.x, Solaris 2.x/7/8,Turbolinux 6.x,Wirex Immunix OS 6.2 Locale Subsystem Format String Many UNIX operating systems provide internationalization support according to the...