CVE-2006-1615

Multiple format string vulnerabilities in the logging code in Clam AntiVirus ClamAV before 0.88.1 might allow remote attackers to execute arbitrary code. NOTE: as of 20060410, it is unclear whether this is a vulnerability, as there is some evidence that the arguments are actually being sanitized...

CVE-2006-1615

Multiple format string vulnerabilities in the logging code in Clam AntiVirus ClamAV before 0.88.1 might allow remote attackers to execute arbitrary code. NOTE: as of 20060410, it is unclear whether this is a vulnerability, as there is some evidence that the arguments are actually being sanitized...

CVE-2006-1615

CVE-2006-1615 refers to ClamAV (prior to 0.88.1) format-string vulnerabilities in the logging code that may allow remote attackers to execute arbitrary code. Public sources (Debian DSA-1024-1, OpenVAS entries) describe this format-string issue as potentially enabling code execution, with remote i...

[SECURITY] [DSA 1016-1] New evolution packages fix arbitrary code execution

-------------------------------------------------------------------------- Debian Security Advisory DSA 1016-1 [email protected] http://www.debian.org/security/ Martin Schulze March 23rd, 2006 http://www.debian.org/security/faq -...

CVE-2006-0738

Multiple format string vulnerabilities in eStara SIP softphone allow remote attackers to cause a denial of service hang via SIP INVITE requests with format string specifiers in the SDP session description, as demonstrated using 1 the field name, 2 the o field owner/creator and session identifier,...

Mandrake Linux Security Advisory : apache2-mod_auth_pgsql (MDKSA-2006:009)

iDefense discovered several format string vulnerabilities in the way that modauthpgsql logs information which could potentially be used by a remote attacker to execute arbitrary code as the apache user if modauthpgsql is used for user authentication. The provided packages have been patched to...

Mandrake Linux Security Advisory : gda2.0 (MDKSA-2005:203)

Steve Kemp discovered two format string vulnerabilities in libgda2, the GNOME Data Access library for GNOME2, which may lead to the execution of arbitrary code in programs that use this library. The updated packages have been patched to correct this issue. %NASLMINLEVEL 70300 C Tenable Network...

mod_auth_pgsql: Multiple format string vulnerabilities

Background modauthpgsql is an Apache2 module that allows user authentication against a PostgreSQL database. Description The error logging functions of modauthpgsql fail to validate certain strings before passing them to syslog, resulting in format string vulnerabilities. Impact An unauthenticated...

CVE-2006-0150

Multiple format string vulnerabilities in the authldaplogreason function in Apache authldap 1.6.0 and earlier allows remote attackers to execute arbitrary code via various vectors, including the username...

[Full-disclosure] [USN-239-1] libapache2-mod-auth-pgsql vulnerability

=========================================================== Ubuntu Security Notice USN-239-1 January 09, 2006 libapache2-mod-auth-pgsql vulnerability CVE-2005-3656 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 4.10 Warty...

CVE-2005-3656

CVE-2005-3656 describes a format-string vulnerability in mod_auth_pgsql used for authenticating against PostgreSQL. The flaw in logging functions could enable remote, unauthenticated code execution with the httpd user. Affected modules include libapache2-mod-auth-pgsql; multiple advisories (Red H...

CVE-2005-4568

Multiple format string vulnerabilities in FTGate Technology formerly known as Floosietek FTGate 4.4 aka Build 4.4.000 Oct 26 2005 allow remote attackers to execute arbitrary code via format string specifiers in the 1 USER, 2 PASS, and 3 TOP commands to the POP3 server; and the 4 LIST and 5...

CVE-2005-3666

Technical details (affected implementations, exact root cause, impact, and fixes for CVE-2005-3666) are not publicly available in the provided documents. Monitor for updates as new information becomes available.

CVE-2005-3486

Multiple format string vulnerabilities in Scorched 3D 39.1 bf and earlier allow remote attackers to execute arbitrary code via various 1 GLConsole::addLine, 2 ServerCommon::sendString, 3 ServerCommon::serverLog functions, and possibly other unspecified vectors...

Debian DSA-853-1 : ethereal - several vulnerabilities

Several security problems have been discovered in ethereal, a commonly used network traffic analyser. The Common Vulnerabilities and Exposures project identifies the following problems : - CAN-2005-2360 Memory allocation errors in the LDAP dissector can cause a denial of service. - CAN-2005-2361...

Mandrake Linux Security Advisory : proftpd (MDKSA-2005:140)

Two format string vulnerabilities were discovered in ProFTPD. The first exists when displaying a shutdown message containin the name of the current directory. This could be exploited by a user who creates a directory containing format specifiers and sets the directory as the current directory whe...

Mandrake Linux Security Advisory : evolution (MDKSA-2005:141)

Multiple format string vulnerabilities in Evolution 1.5 through 2.3.6.1 allow remote attackers to cause a denial of service crash and possibly execute arbitrary code via 1 full vCard data, 2 contact data from remote LDAP servers, or 3 task list data from remote servers. CVE-2005-2549 A format...

DTSA-13-1 evolution - format string vulnerabilities

Bulletin has no description...

CVE-2005-2763

Multiple format string vulnerabilities in OpenTTD before 0.4.0.1 allow remote attackers to cause a denial of service crash and possibly execute arbitrary code via unspecified vectors...

CVE-2005-2763

Multiple format string vulnerabilities in OpenTTD before 0.4.0.1 allow remote attackers to cause a denial of service crash and possibly execute arbitrary code via unspecified vectors...