471 matches found
Debian DSA-639-1 : mc - several vulnerabilities
Andrew V. Samoilov has noticed that several bugfixes which were applied to the source by upstream developers of mc, the midnight commander, a file browser and manager, were not backported to the current version of mc that Debian ships in their stable release. The Common Vulnerabilities and...
CVE-2004-0451
Multiple format string vulnerabilities in the 1 logquit, 2 logerr, or 3 loginfo functions in Software Upgrade Protocol SUP allows remote attackers to execute arbitrary code via format string specifiers in messages that are logged by syslog...
isc-dhcpd -- format string vulnerabilities
The ISC DHCP programs are vulnerable to several format string vulnerabilities which may allow a remote attacker to execute arbitrary code with the permissions of the DHCP programs, typically root for the DHCP server...
Monolith Lithtech Game Engine - Multiple Remote Format String Vulnerabilities
// source: https://www.securityfocus.com/bid/11610/info Lithtech game engine is prone to multiple remote format-string vulnerabilities because of incorrect usage of 'printf'-type functions. Format specifiers can be supplied directly to vulnerable functions from external data. A denial-of-service...
Speedtouch USB driver: Privilege escalation vulnerability
Background The speedtouch package contains a driver for the ADSL SpeedTouch USB modem. Description The Speedtouch USB driver contains multiple format string vulnerabilities in modemrun, pppoa2 and pppoa3. This flaw is due to an improperly made syslog system call. Impact A malicious local user cou...
GLSA-200411-04 : Speedtouch USB driver: Privilege escalation vulnerability
The remote host is affected by the vulnerability described in GLSA-200411-04 Speedtouch USB driver: Privilege escalation vulnerability The Speedtouch USB driver contains multiple format string vulnerabilities in modemrun, pppoa2 and pppoa3. This flaw is due to an improperly made syslog system cal...
Debian DSA-449-1 : metamail - buffer overflow, format string bugs
Ulf Harnhammar discovered two format string bugs CAN-2004-0104 and two buffer overflow bugs CAN-2004-0105 in metamail, an implementation of MIME. An attacker could create a carefully-crafted mail message which will execute arbitrary code as the victim when it is opened and parsed through metamail...
Debian DSA-401-1 : hylafax - format strings
The SuSE Security Team discovered several exploitable formats string vulnerabilities in hylafax, a flexible client/server fax system, which could lead to executing arbitrary code as root on the fax server. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package check...
CVE-2001-1081
Format string vulnerabilities in Livingston/Lucent RADIUS before 2.1.va.1 may allow local or remote attackers to cause a denial of service and possibly execute arbitrary code via format specifiers that are injected into log messages...
GLSA-200405-21 : Midnight Commander: Multiple vulnerabilities
The remote host is affected by the vulnerability described in GLSA-200405-21 Midnight Commander: Multiple vulnerabilities Numerous security issues have been discovered in Midnight Commander, including several buffer overflow vulnerabilities, multiple vulnerabilities in the handling of temporary...
CVE-2003-1051
CVE-2003-1051 affects IBM DB2 Universal Database 8.1. It describes multiple format-string vulnerabilities that could allow local users to execute arbitrary code via certain command-line arguments to db2start, db2stop, or db2govd. Root cause: format string handling issues in the involved binaries....
CVE-2004-0232
Multiple format string vulnerabilities in Midnight Commander mc before 4.6.0 may allow attackers to cause a denial of service or execute arbitrary code...
CVE-2004-0232
Multiple format string vulnerabilities in Midnight Commander mc before 4.6.0 may allow attackers to cause a denial of service or execute arbitrary code...
CVE-2004-0232
Multiple format string vulnerabilities in Midnight Commander mc before 4.6.0 may allow attackers to cause a denial of service or execute arbitrary code...
FreeBSD : GNU Anubis buffer overflows and format string vulnerabilities (6)
The following package needs to be updated: anubis %NASLMINLEVEL 999999 @DEPRECATED@ This script has been deprecated by freebsdpkg8471bb856fb011d8873f0020ed76ef5a.nasl. Disabled on 2011/10/02. C Tenable Network Security, Inc. This script contains information extracted from VuXML : Copyright...
CVE-2004-0451
Multiple format string vulnerabilities in the 1 logquit, 2 logerr, or 3 loginfo functions in Software Upgrade Protocol SUP allows remote attackers to execute arbitrary code via format string specifiers in messages that are logged by syslog...
CVE-2004-0451
CVE-2004-0451 describes multiple format-string vulnerabilities in the Software Upgrade Protocol (SUP) affecting the internal logging functions logquit, logerr, and loginfo. The underlying issue allows a remote attacker to cause arbitrary code execution via format specifiers contained in syslog me...
CVS 1.11.x - Multiple Vulnerabilities
CVS 1.11.x - Multiple Vulnerabilities // source: https://www.securityfocus.com/bid/10499/info CVS is prone to multiple vulnerabilities. The issues include a double free vulnerability, format string vulnerabilities, and integer overflows. There is also a null termination issue in the security patc...
CVS 1.11.x - Multiple Vulnerabilities
// source: https://www.securityfocus.com/bid/10499/info CVS is prone to multiple vulnerabilities. The issues include a double free vulnerability, format string vulnerabilities, and integer overflows. There is also a null termination issue in the security patch for BID 10384, potentially leading t...
CVE-2004-0179
Multiple format string vulnerabilities in 1 neon 0.24.4 and earlier, and other products that use neon including 2 Cadaver, 3 Subversion, and 4 OpenOffice, allow remote malicious WebDAV servers to execute arbitrary code...