8516 matches found
BitDefender Antivirus Logging Function Format String - Ver2 (CVE-2005-3154)
The SOFTWIN BitDefender Antivirus AV product is an anti-virus scanner capable of on-demand as well as email scanning operations. The AV scanner logs by default all results of scans that it performs on the host machine. The logs include positive as well negative virus pattern matches. There exists...
BitDefender Antivirus Logging Function Format String - Ver2 (CVE-2005-3154)
The SOFTWIN BitDefender Antivirus AV product is an anti-virus scanner capable of on-demand as well as email scanning operations. The AV scanner logs by default all results of scans that it performs on the host machine. The logs include positive as well negative virus pattern matches. There exists...
Debian DLA-105-1 : graphviz security update
Joshua Rogers discovered a format string vulnerability in the yyerror function in lib/cgraph/scan.l in Graphviz, a rich set of graph drawing tools. An attacker could use this flaw to cause graphviz to crash or possibly execute arbitrary code. NOTE: Tenable Network Security has extracted the...
KLA10502 Multiple vulnerabilities in BACnet OPC Server
Multiple critical vulnerabilities have been found in BACnet OPC Server. Malicious users can exploit these vulnerabilities to execute arbitrary files and read&write local database. Below is a complete list of vulnerabilities 1. An unknwon vulnerabilities can be exploited remotely via unknown vecto...
CVE-2015-0980
Format string vulnerability in BACnOPCServer.exe in the SOAP web interface in SCADA Engine BACnet OPC Server before 2.1.371.24 allows remote attackers to execute arbitrary code via format string specifiers in a request...
Format string
Format string vulnerability in BACnOPCServer.exe in the SOAP web interface in SCADA Engine BACnet OPC Server before 2.1.371.24 allows remote attackers to execute arbitrary code via format string specifiers in a request...
CVE-2015-0980
SCADA Engine BACnet OPC Server (BACnet OPC Server) before version 2.1.371.24 is affected by CVE-2015-0980 via a format-string vulnerability in the SOAP web interface (BACnOPCServer.exe). Exploitation could allow remote attackers to execute arbitrary code. The ICS-CERT advisory notes a fixed versi...
BACnet OPC Server Denial of Service Vulnerability
BACnet OPC Server provides data access, alerts, and access to event and historical data between OPC clients and BACnet-compatible devices. BACnet OPC Server suffers from a format string vulnerability in BACnOPCSever.exe's handling of constructed requests, which can be exploited by an attacker to...
Amazon Linux AMI : graphviz-php (ALAS-2015-488)
Format string vulnerability in the yyerror function in lib/cgraph/scan.l in Graphviz allows remote attackers to have unspecified impact via format string specifiers in unknown vector, which are not properly handled in an error string. C Tenable Network Security, Inc. The descriptive text and...
Medium: graphviz-php
Issue Overview: Format string vulnerability in the yyerror function in lib/cgraph/scan.l in Graphviz allows remote attackers to have unspecified impact via format string specifiers in unknown vector, which are not properly handled in an error string. Affected Packages: graphviz-php Issue...
Medium: graphviz
Issue Overview: Format string vulnerability in the yyerror function in lib/cgraph/scan.l in Graphviz allows remote attackers to have unspecified impact via format string specifiers in unknown vector, which are not properly handled in an error string. Affected Packages: graphviz Issue Correction:...
By the Ghost vulnerability to cause“bloodshed”-vulnerability warning-the black bar safety net
0x00 background Recently a security company found the glibc gethostbyname buffer overflow vulnerability, the vulnerability is named ghost, the reason is glibc's Gethostbyname functions in processing incoming malformations of the domain information for parsing leads to heap overflow, numerous web...
CVE-2014-8625
Multiple format string vulnerabilities in the parseerrormsg function in parsehelp.c in dpkg before 1.17.22 allow remote attackers to cause a denial of service crash and possibly execute arbitrary code via format string specifiers in the 1 package or 2 architecture name...
CVE-2014-8625
Multiple format string vulnerabilities in the parseerrormsg function in parsehelp.c in dpkg before 1.17.22 allow remote attackers to cause a denial of service crash and possibly execute arbitrary code via format string specifiers in the 1 package or 2 architecture name...
DEBIAN-CVE-2014-8625
Multiple format string vulnerabilities in the parseerrormsg function in parsehelp.c in dpkg before 1.17.22 allow remote attackers to cause a denial of service crash and possibly execute arbitrary code via format string specifiers in the 1 package or 2 architecture name...
CVE-2014-8625
Multiple format string vulnerabilities in the parseerrormsg function in parsehelp.c in dpkg before 1.17.22 allow remote attackers to cause a denial of service crash and possibly execute arbitrary code via format string specifiers in the 1 package or 2 architecture name...
Format string
Multiple format string vulnerabilities in the parseerrormsg function in parsehelp.c in dpkg before 1.17.22 allow remote attackers to cause a denial of service crash and possibly execute arbitrary code via format string specifiers in the 1 package or 2 architecture name...
UBUNTU-CVE-2014-8625
Multiple format string vulnerabilities in the parseerrormsg function in parsehelp.c in dpkg before 1.17.22 allow remote attackers to cause a denial of service crash and possibly execute arbitrary code via format string specifiers in the 1 package or 2 architecture name...
CVE-2014-8625
CVE-2014-8625 affects dpkg prior to 1.17.22, where the parse_error_msg function in parsehelp.c is vulnerable to format-string processing via the package or architecture name, enabling a denial of service and potentially arbitrary code execution. Public references in the connected docs consistentl...
CVE-2014-8625
Multiple format string vulnerabilities in the parseerrormsg function in parsehelp.c in dpkg before 1.17.22 allow remote attackers to cause a denial of service crash and possibly execute arbitrary code via format string specifiers in the 1 package or 2 architecture name...