8517 matches found
CVE-2006-4802
Format string vulnerability in the Real Time Virus Scan service in Symantec AntiVirus Corporate Edition 8.1 up to 10.0, and Client Security 1.x up to 3.0, allows local users to execute arbitrary code via an unspecified vector related to alert notification messages, a different vector than...
CVE-2006-4802
CVE-2006-4802 describes a format string vulnerability in the Real Time Virus Scan service of Symantec AntiVirus Corporate Edition (8.1–10.0) and Client Security (1.x–3.0). The flaw allows local users to execute arbitrary code via an unspecified vector related to alert notification messages, noted...
CVE-2006-3454
Multiple format string vulnerabilities in Symantec AntiVirus Corporate Edition 8.1 up to 10.0, and Client Security 1.x up to 3.0, allow local users to execute arbitrary code via format strings in 1 Tamper Protection and 2 Virus Alert Notification messages...
Apple Mac OSX 10.x - KExtLoad Format String
source: https://www.securityfocus.com/bid/20031/info Apple Mac OS X 'kextload' is prone to a format-string vulnerability because it fails to sufficiently sanitize user-supplied input data. This issue is not exploitable by itself, because kextload is not installed as a setuid-superuser application...
Apple Mac OSX 10.x - KExtLoad Format String
Apple Mac OSX 10.x - KExtLoad Format String source: https://www.securityfocus.com/bid/20031/info Apple Mac OS X 'kextload' is prone to a format-string vulnerability because it fails to sufficiently sanitize user-supplied input data. This issue is not exploitable by itself, because kextload is not...
CVE-2006-3454
CVE-2006-4802 details a second format string vulnerability in the Real Time Virus Scan service and alert notification path of Symantec Antivirus Corporate Edition 8.1–10.0 and Symantec Client Security 1.x–3.0 (a vector distinct from CVE-2006-3454). Local users can potentially execute arbitrary co...
CVE-2006-3454
Multiple format string vulnerabilities in Symantec AntiVirus Corporate Edition 8.1 up to 10.0, and Client Security 1.x up to 3.0, allow local users to execute arbitrary code via format strings in 1 Tamper Protection and 2 Virus Alert Notification messages...
[Full-disclosure] Layered Defense Advisory: Symantec AV Corporate Edition Format String Vulnerability
================================================== Layered Defense Advisory 13 September 2006 ================================================== 1 Affected Software Symantec AntiVirus Corporate Edition 10.0 Symantec AntiVirus Corporate Edition 9.0 Symantec AntiVirus Corporate Edition 8.1...
Symantec AntiVirus Corporate Edition Elevation of Privilege
SUMMARY An elevation of privilege vulnerability in Symantec Client Security and Symantec AntiVirus Corporate Edition could potentially allow a local attacker to execute code with elevated privileges on the target machine. Risk Impact Medium Remote Access | No ---|--- Local Access | Yes...
CVE-2006-4654
Format string vulnerability in Easy Address Book Web Server 1.2 allows remote attackers to cause a denial of service crash or "compromise the server" via encoded format string specifiers in the query string...
CVE-2006-4654
Format string vulnerability in Easy Address Book Web Server 1.2 allows remote attackers to cause a denial of service crash or "compromise the server" via encoded format string specifiers in the query string...
CVE-2006-4654
CVE-2006-4654 affects Easy Address Book Web Server 1.2. The issue is a remote format-string vulnerability in the query string, allowing an attacker to cause a crash (DoS) or potentially compromise the server. The vulnerability is documented in multiple sources (NVD/NVD listing, CVE listing); expl...
eabweb.txt
Easy Address Book Web Server Format String Vulnerability Software: Easy Address Book Web Server Version: 1.2 Website: http://www.efssoft.com/ Description: Easy Address Book Web Server is a Web Address Book software that allows users to view, search, add, edit, or administer address books easily...
Easy Address Book Web Server format string vulnerability
Format string vulnerability on URI request parsing...
Easy Address Book Web Server Query Remote Format String
It appears that the remote web server is affected by a remote format string issue. Using a specially crafted URL containing a format string specifier, an unauthenticated, remote attacker can crash the affected application and possibly execute arbitrary code on the remote host. %NASLMINLEVEL 70300...
Easy Address Book Web Server 1.2 - Remote Format String
source: https://www.securityfocus.com/bid/19842/info Easy Address Book Web Server is prone to a remote format-string vulnerability because the application fails to properly sanitize user-supplied data before including it in the format-specifier argument to a formatted-printing function. This issu...
CVE-2006-4346
Asterisk 1.2.10 supports the use of client-controlled variables to determine filenames in the Record function, which allows remote attackers to 1 execute code via format string specifiers or 2 overwrite files via directory traversals involving unspecified vectors, as demonstrated by the...
CVE-2006-4346
Asterisk 1.2.10 supports the use of client-controlled variables to determine filenames in the Record function, which allows remote attackers to 1 execute code via format string specifiers or 2 overwrite files via directory traversals involving unspecified vectors, as demonstrated by the...
CentOS 3 / 4 : wireshark (CESA-2006:0602)
New Wireshark packages that fix various security vulnerabilities in Ethereal are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Ethereal is a program for monitoring network traffic. In May 2006, Ethereal changed its name to...
wireshark security update
CentOS Errata and Security Advisory CESA-2006:0602-01 New Wireshark packages that fix various security vulnerabilities in Ethereal are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Ethereal is a program for monitoring network...