8517 matches found
Debian DSA-1129-1 : osiris - format string
Ulf Harnhammar and Max Vozeler from the Debian Security Audit Project have found several format string security bugs in osiris, a network-wide system integrity monitor control interface. A remote attacker could exploit them and cause a denial of service or execute arbitrary code. %NASLMINLEVEL...
Debian DSA-1127-1 : ethereal - several vulnerabilities
Several remote vulnerabilities have been discovered in the Ethereal network sniffer, which may lead to the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2006-3628 Ilja van Sprundel discovered that the FW-1 and MQ dissectors...
Debian DSA-891-1 : gpsdrive - format string
Kevin Finisterre discovered a format string vulnerability in gpsdrive, a car navigation system, that can lead to the execution of arbitrary code. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security Advisor...
Debian DSA-967-1 : elog - several vulnerabilities
Several security problems have been found in elog, an electronic logbook to manage notes. The Common Vulnerabilities and Exposures Project identifies the following problems : - CVE-2005-4439 'GroundZero Security' discovered that elog insufficiently checks the size of a buffer used for processing...
Debian DSA-930-2 : smstools - format string attack
Ulf Harnhammar from the Debian Security Audit project discovered a format string attack in the logging code of smstools, which may be exploited to execute arbitrary code with root privileges. The original advisory for this issue said that the old stable distribution woody was not affected because...
Debian DSA-935-1 : libapache2-mod-auth-pgsql - format string vulnerability
iDEFENSE reports that a format string vulnerability in modauthpgsql, a library used to authenticate web users against a PostgreSQL database, could be used to execute arbitrary code with the privileges of the httpd user. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and...
Debian DSA-871-2 : libgda2 - format string
Steve Kemp discovered two format string vulnerabilities in libgda2, the GNOME Data Access library for GNOME2, which may lead to the execution of arbitrary code in programs that use this library. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this...
Debian DSA-1188-1 : mailman - format string
Several security related problems have been discovered in mailman, the web-based GNU mailing list manager. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2006-3636 Moritz Naumann discovered several cross-site scripting problems that could allow remote...
Debian DSA-1093-1 : xine - format string
Several format string vulnerabilities have been discovered in xine-ui, the user interface of the xine video player, which may cause a denial of service. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security...
Debian DSA-1016-1 : evolution - format string vulnerabilities
Ulf Harnhammar discovered several format string vulnerabilities in Evolution, a free groupware suite, that could lead to crashes of the application or the execution of arbitrary code. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were...
Debian DSA-952-1 : libapache-auth-ldap - format string
'Seregorn' discovered a format string vulnerability in the logging function of libapache-auth-ldap, an LDAP authentication module for the Apache webserver, that can lead to the execution of arbitrary code. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package check...
Debian DSA-1121-1 : postgrey - format string
Peter Bieringer discovered that postgrey, a greylisting implementation for Postfix, is vulnerable to a format string attack that allows remote attackers to cause a denial of service to the daemon. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this...
Trend Micro OfficeScan Management Console ActiveX control format string vulnerability
Overview The Trend Micro OfficeScan Management Console ActiveX control, AtxConsole, contains a format string vulnerability. This vulnerability may be exploited by an attacker to execute arbitrary code, or create a denial-of-service condition. Description Trend Micro's OfficeScan product includes ...
Zabbix 1.1.2 - Multiple Remote Code Execution Vulnerabilities
Zabbix 1.1.2 - Multiple Remote Code Execution Vulnerabilities source: https://www.securityfocus.com/bid/20416/info ZABBIX is prone to multiple unspecified remote code-execution vulnerabilities. Reports indicate that these issues facilitate format-string and buffer-overflow attacks. A remote...
eXtremail 1.x/2.1 - Remote Format String (3)
source: https://www.securityfocus.com/bid/2908/info eXtremail is a freeware SMTP server available for Linux and AIX. eXtremail contains a format-string vulnerability in its logging mechanism. Attackers can send SMTP commands argumented with maliciously constructed arguments that will exploit this...
eXtremail 1.x2.1 - Remote Format String (3)
eXtremail 1.x2.1 - Remote Format String 3 source: https://www.securityfocus.com/bid/2908/info eXtremail is a freeware SMTP server available for Linux and AIX. eXtremail contains a format-string vulnerability in its logging mechanism. Attackers can send SMTP commands argumented with maliciously...
Skype for Mac contains a format string error in the handling of URI arguments
Overview Skype for Mac contains a format string vulnerability in the handling of URIs, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Skype software provides telephone service over IP networks. There is a format string vulnerabilit...
CVE-2006-5157
Format string vulnerability in the ActiveX control ATXCONSOLE.OCX in TrendMicro OfficeScan Corporate Edition OSCE before 7.3 Patch 1 allows remote attackers to execute arbitrary code via format string identifiers in the "Management Console's Remote Client Install name search"...
[SECURITY] [DSA 1188-1] New mailman packages fix several problems
-------------------------------------------------------------------------- Debian Security Advisory DSA 1188-1 [email protected] http://www.debian.org/security/ Martin Schulze October 4th, 2006 http://www.debian.org/security/faq -...
Skype Technologies < 1.5.0.80 NSRRunAlertPanel Function Format String (Mac OS X) (deprecated)
Binary data 3772.prm...