CVE-2014-4975

Off-by-one error in the encodes function in pack.c in Ruby 1.9.3 and earlier, and 2.x through 2.1.2, when using certain format string specifiers, allows context-dependent attackers to cause a denial of service segmentation fault via vectors that trigger a stack-based buffer overflow...

Scientific Linux Security Update : java-1.7.0-openjdk on SL5.x i386/x86_64 (20140716)

It was discovered that the Hotspot component in OpenJDK did not properly verify bytecode from the class files. An untrusted Java application or applet could possibly use these flaws to bypass Java sandbox restrictions. CVE-2014-4216, CVE-2014-4219 A format string flaw was discovered in the Hotspo...

java security update

CentOS Errata and Security Advisory CESA-2014:0890 Updated java-1.7.0-openjdk packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring...

OpenJDK: Event logger format string vulnerability (Hotspot, 8037076)

Unspecified vulnerability in the Java SE component in Oracle Java SE 7u60 and SE 8u5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot...

Critical: Red Hat Security Advisory: java-1.7.0-openjdk security update

Updated java-1.7.0-openjdk packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 and 7. The Red Hat Security Response Team has rated this update as having Critical security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed...

Important: Red Hat Security Advisory: java-1.7.0-openjdk security update

Updated java-1.7.0-openjdk packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity...

OpenJDK: Event logger format string vulnerability (Hotspot, 8037076)

Unspecified vulnerability in the Java SE component in Oracle Java SE 7u60 and SE 8u5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot...

Rlpr 2.0 msg() Function Multiple Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/10578/info It is reported that rlpr is prone to multiple vulnerabilities. These vulnerabilities can allow a remote attacker to execute arbitrary code in order to gain unauthorized access. The application is affected by a...

Apple Mac OS X 10.4.x Help Viewer .help Filename Format String

No description provided by source. source: http://www.securityfocus.com/bid/22326/info Multiple products for Mac OS X are prone to multiple remote format-string vulnerabilities. The affected applications include Help Viewer, Safari, iPhoto, and iMovie. Exploiting these issues can allow...

zkfingerd SysLog 0.9.1 Format String Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/6402/info zkfingerd is prone to a format string vulnerability. This problem is due to incorrect use of the 'syslog' function to log error messages. It is possible to corrupt memory by passing format strings through the...

Axigen <= 5.0.2 AXIMilter Remote Format String Exploit

No description provided by source. / Axigen 5.0.x AXIMilter Format String Exploit by hempel JAN 16 2008 thx to mu-b digit-labs.org / include stdio.h include netinet/in.h include sys/socket.h include sys/types.h include sys/uio.h include unistd.h include string.h char buf =...

YepYep MTFTPD 0.2/0.3 - Remote CWD Argument Format String Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/12947/info mtftpd is reported prone to a remote format string vulnerability. Reports indicate that this issue may be exploited by a remote authenticated attacker to execute arbitrary code in the context of the vulnerable...

Skype Technologies Skype 1.5 NSRunAlertPanel Remote Format String Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/20218/info Skype is prone to a remote format-string vulnerability because the application fails to properly sanitize user-supplied input before using it in the format-specification argument of a formatted-printing functio...

Hylafax 4.1.x HFaxD Unspecified Format String Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/9005/info Hylafax hfaxd daemon has been reported prone to an unspecified format string vulnerability that may be exploited under non-standard configurations to execute arbitrary instructions remotely as the root user. /...

Ollydbg <= 1.10 Format String Bug

No description provided by source. // Exploit opens a new cmd.exe.Tested on win2ken+sp4en+ollydbg v1.09d // Open exploit with ollydebug and run the exploit from ollydebugF9 key. // Coded by Ahmet Cihana.k.a. hurby // Thanx to r3db4r0n, Murat Erdo??ana.k.a. Stormwr, Onur Cihana.k.a.eurnie and...

Adobe Acrobat/Acrobat Reader 6.0 ETD File Parser Format String Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/11934/info Adobe Acrobat/Acrobat Reader is reported prone to a remote format string vulnerability. The vulnerability is present in the ETD file parser when processing tag values. Reports indicate that the values supplied...

GNU Mailutils imap4d 0.6 - Remote Format String Exploit (exec-shield)

No description provided by source. / Fedora Core 6 exec-shield based GNU imap4d mailutils-0.6 search remote format string exploit by Xpl017Elz Advanced exploitation in exec-shield Fedora Core case study URL: http://x82.inetcop.org/h0me/papers/FCexploit/FCexploit.txt Reference:...

BitchX IRC Client 75p1/75p3/1.0 c16 "/INVITE" Format String Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/1436/info BitchX IRC clients, versions 75 up to and including 1.0c16, are vulnerable to a Denial of Service and possible remote execution of code. By /invite-ing someone to a channel name containing formatting characters...

Ehud Gavron TrACESroute 6.1.1 Terminator Function Format String

No description provided by source. source: http://www.securityfocus.com/bid/4956/info A format string vulnerability exists in TrACESroute. The problem exists in the terminator -T function of the program. Due to improper use of the fprintf function, an attacker may be able to supply a malicious...

ezbounce 1.0/1.5 Format String Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/8071/info It has been reported that ezbounce is affected by a format string vulnerability. The condition is present in the file ezbounce/commands.cpp and can be triggered when session support is enabled. To exploit this...