PonyOS Local Elevation of Privilege Vulnerability (CNVD-2015-03710)

PonyOS is a new Unix-like operating system. PonyOS suffers from an elevation of privilege vulnerability that allows an attacker to exploit the vulnerability to elevate privileges, bypass security restrictions, and conduct format string attacks...

Peercast 0.1211 - Format String

Peercast 0.1211 - Format String Peercast Format String Vulnerability Vendor: peercast.org Product: Peercast Version: = 0.1211 Website: http://www.peercast.org/ BID: 13808 CVE: CVE-2005-1806 OSVDB: 16906 SECUNIA: 15536 PACKETSTORM: 39355 Description: Peercast is a popular p2p streaming media serve...

Peercast < 0.1211 - Format String

Peercast Format String Vulnerability Vendor: peercast.org Product: Peercast Version: = 0.1211 Website: http://www.peercast.org/ BID: 13808 CVE: CVE-2005-1806 OSVDB: 16906 SECUNIA: 15536 PACKETSTORM: 39355 Description: Peercast is a popular p2p streaming media server similar to shoutcast. There is...

TFTPD32 Request Filename Handling Error Format String Denial of Service - Ver2 (CVE-2006-0328)

A denial of service vulnerability has been reported in TFTPD32. The vulnerability is due to a format string error when processing a specially crafted GET request containing a malformed file-name. A remote attacker could exploit this by crashing a vulnerable application and possibly executing...

VMware OVF Tool Format String - Ver2 (CVE-2012-3569)

A format string vulnerability has been reported in VMware OVF Tool.The vulnerability is caused by insufficient sanitization when processing OVF files.A remote attacker can exploit this vulnerability to execute arbitrary code in the security context of the current user...

[SECURITY] [DSA 3227-1] movabletype-opensource security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3227-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso April 15, 2015 http://www.debian.org/security/faq -...

CVE-2015-0845

Format string vulnerability in Movable Type Pro, Open Source, and Advanced before 5.2.13 and Pro and Advanced 6.0.x before 6.0.8 allows remote attackers to execute arbitrary code via vectors related to localization of templates...

CVE-2015-0845

Format string vulnerability in Movable Type Pro, Open Source, and Advanced before 5.2.13 and Pro and Advanced 6.0.x before 6.0.8 allows remote attackers to execute arbitrary code via vectors related to localization of templates...

CVE-2015-0845

The CVE-2015-0845 vulnerability affects Movable Type family (Pro, Open Source, Advanced) with a format-string injection in the localisation of templates, enabling unauthenticated remote code execution as the web server user. Publicly documented activity indicates exploitation via template localiz...

Debian DSA-3227-1 : movabletype-opensource - security update

John Lightsey discovered a format string injection vulnerability in the localisation of templates in Movable Type, a blogging system. An unauthenticated remote attacker could take advantage of this flaw to execute arbitrary code as the web server user. %NASLMINLEVEL 70300 C Tenable Network...

[SECURITY] [DSA 3227-1] movabletype-opensource security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3227-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso April 15, 2015 http://www.debian.org/security/faq -...

[SECURITY] [DSA 3227-1] movabletype-opensource security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3227-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso April 15, 2015 http://www.debian.org/security/faq -...

Debian Security Advisory DSA 3227-1 (movabletype-opensource - security update)

John Lightsey discovered a format string injection vulnerability in the localisation of templates in Movable Type, a blogging system. An unauthenticated remote attacker could take advantage of this flaw to execute arbitrary code as the web server user. OpenVAS Vulnerability Test $Id: deb3227.nasl...

DSA-3227-1 movabletype-opensource - security update

Bulletin has no description...

Debian: Security Advisory (DSA-3227-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security Audit Notes - OpenSSH 6.8 - Advanced Information Security Corp

-=Advanced Information Security Corp=- Author: Nicholas Lemonias Report Date: 2/4/2015 Email: lem.nikolas at gmail dot com Introduction ========== During a source-code audit of the OpenSSH v6.8 latest release implementation for linux; conducted internally by the Advanced Information Security Grou...

F5 Networks BIG-IP : GNU C Library (glibc) vulnerability (SOL16364)

The vfprintf function in stdio-common/vfprintf.c in GNU C Library aka glibc 2.5, 2.12, and probably other versions does not 'properly restrict the use of' the alloca function when allocating the SPECS array, which allows context-dependent attackers to bypass the FORTIFYSOURCE format-string...

Mandriva Linux Security Advisory : graphviz (MDVSA-2015:187)

Updated graphviz packages fix security vulnerability : Format string vulnerability in the yyerror function in lib/cgraph/scan.l in Graphviz allows remote attackers to have unspecified impact via format string specifiers in unknown vector, which are not properly handled in an error string...

Format string vulnerability lab-vulnerability warning-the black bar safety net

A, experimental description Format string vulnerability is by like printfuserinputof such code is caused, where userinput is the user input data, having a Set-UID root privileges of such programs at run time, the printf statement will become very dangerous, because it may lead to the following...

Colloquy IRC Channel Invite Format String Denial of Service - Ver2 (CVE-2007-0344)

A denial-of-service vulnerability has been reported in Colloquy. Successful exploitation of this vulnerability would allow a remote attacker to create a denial of service condition on the affected system...