8517 matches found
CVE-2007-0338
Heap-based buffer overflow in Dream FTP Server allows remote attackers to execute arbitrary code via a USER command with a large number of format string specifiers, which triggers the overflow during processing of the Server Log...
CVE-2007-0344
CVE-2007-0344 affects Colloquy 2.1 and earlier, with multiple format-string vulnerabilities in the internal methods _invitedToRoom and _invitedToDirectChat. The format specifiers in the channel name of an INVITE request can trigger denial of service (application crash) and potentially arbitrary c...
CVE-2007-0344
Multiple format string vulnerabilities in 1 invitedToRoom: and 2 invitedToDirectChat: in Colloquy 2.1 and earlier allow remote attackers to cause a denial of service application crash and possibly execute arbitrary code via format string specifiers in the channel name of an INVITE request, relate...
CVE-2007-0338
Heap-based buffer overflow in Dream FTP Server allows remote attackers to execute arbitrary code via a USER command with a large number of format string specifiers, which triggers the overflow during processing of the Server Log...
CVE-2007-0338
Dream FTP Server is affected by a heap-based buffer overflow triggered by a USER command with a large number of format string specifiers, causing overflow during Server Log processing and allowing remote arbitrary code execution. The issue is documented across multiple sources in the Connected do...
CVE-2007-0317
Format string vulnerability in the LogMessage function in FileZilla before 3.0.0-beta5 allows remote attackers to cause a denial of service application crash and possibly execute arbitrary code via crafted arguments. NOTE: some of these details are obtained from third party information...
DEBIAN-CVE-2007-0317
Format string vulnerability in the LogMessage function in FileZilla before 3.0.0-beta5 allows remote attackers to cause a denial of service application crash and possibly execute arbitrary code via crafted arguments. NOTE: some of these details are obtained from third party information...
CVE-2007-0317
The provided data describes a format string vulnerability in the FileZilla project (before version 3.0.0-beta5) affecting the LogMessage function. The issue allows a remote attacker to trigger a denial of service (application crash) and potentially execute arbitrary code through crafted arguments...
FileZilla多个格式串漏洞
FileZilla是一款免费的FTP客户端软件。 FileZilla处理用户名数据存在问题,远程攻击者可以利用漏洞进行格式串攻击,可能以进程权限执行任意指令。 如果用户名包含%字符,连接将会提示错误,而造成格式串攻击,可能以进程权限执行任意指令。 FileZilla 3.0 -beta4 FileZilla 3.0 -beta3 FileZilla 3.0 -beta2 FileZilla 3.0 -beta1 升级程序: FileZilla FileZilla 3.0 -beta1 FileZilla FileZilla3.0.0-beta5src.tar.bz2...
Colloquy 2.1.3545 - INVITE Format String Denial of Service
Colloquy 2.1.3545 - INVITE Format String Denial of Service !/usr/bin/ruby c Copyright 2006 Lance M. Havok Makes use of the Colloquy INVITE format string vulnerability. require 'socket' targetchannel = ARGV0 || "whatever" targetserver = ARGV1 || "irc.server.org" targetport = ARGV2 || 6667 randnick...
Colloquy <= 2.1.3545 (INVITE) Format String Denial of Service Exploit
Exploit for macOS platform in category dos / poc ===================================================================== Colloquy Makes use of the Colloquy INVITE format string vulnerability. require 'socket' targetchannel = ARGV0 || "whatever" targetserver = ARGV1 || "irc.server.org" targetport =...
Xine errors.c远程格式串处理漏洞
xine是一款免费的媒体播放器,支持多种格式。 xine-ui的errors.c文件中errorscreatewindow函数存在格式串处理漏洞,如果用户受骗打开了恶意的播放列表文件的话就可能触发这个漏洞,导致执行任意代码。 xine xine-ui 0.99.4 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://xine.cvs.sourceforge.net/xine/xine-ui/...
Fedora Core 4 : dia-0.94-16.fc4 (2006-580)
CVE-2006-2480/CVE-2006-2453 Dia format string issues Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues...
GLSA-200701-06 : w3m: Format string vulnerability
The remote host is affected by the vulnerability described in GLSA-200701-06 w3m: Format string vulnerability w3m in -dump or -backend mode does not correctly handle printf format string specifiers in the Common Name CN field of an X.509 SSL certificate. Impact : An attacker could entice a user t...
Colloquy 2.1.3545 - 'INVITE' Format String Denial of Service
!/usr/bin/ruby c Copyright 2006 Lance M. Havok Makes use of the Colloquy INVITE format string vulnerability. require 'socket' targetchannel = ARGV0 || "whatever" targetserver = ARGV1 || "irc.server.org" targetport = ARGV2 || 6667 randnick = "spongebo" channeljoined = false readytogo = false...
CVE-2007-0254
Format string vulnerability in the errorscreatewindow function in errors.c in xine-ui allows attackers to execute arbitrary code via unknown vectors...
CVE-2007-0255
XINE 0.99.4 allows user-assisted remote attackers to cause a denial of service application crash and possibly execute arbitrary code via a certain M3U file that contains a long EXTINF line and contains format string specifiers in an invalid udp:// URI, possibly a variant of CVE-2007-0017...
Format string
Format string vulnerability in the errorscreatewindow function in errors.c in xine-ui allows attackers to execute arbitrary code via unknown vectors...
CVE-2007-0254
Format string vulnerability in the errorscreatewindow function in errors.c in xine-ui allows attackers to execute arbitrary code via unknown vectors...
Format string
XINE 0.99.4 allows user-assisted remote attackers to cause a denial of service application crash and possibly execute arbitrary code via a certain M3U file that contains a long EXTINF line and contains format string specifiers in an invalid udp:// URI, possibly a variant of CVE-2007-0017...