8517 matches found
CVE-2006-2409
Format string vulnerability in the raydiumlog function in console.c in Raydium before SVN revision 310 allows local users to execute arbitrary code via format string specifiers in the format parameter, which are not properly handled in a call to raydiumconsolelineadd...
CVE-2006-2409
CVE-2006-2409 affects Raydium prior to SVN revision 310, where a format string vulnerability in the raydium_log function (console.c) can allow local users to execute arbitrary code through format specifiers in the format parameter, not properly handled in a call to raydium_console_line_add. Affec...
Multiple Raydium game engine security vulnerabilities
Buffer overflows, format string vulnerabilities, DoS conditions in both server and client parts...
[Full-disclosure] Multiple vulnerabilities in Raydium rev 309
Luigi Auriemma Application: Raydium http://raydium.org Versions: = SVN revision 309 newer versions can be vulnerable to some of the bugs which are still unfixed Platforms: Windows, nix, BSD and others Bugs: A buffer-overflow in raydiumlog and raydiumconsolelineadd B format string in raydiumlog C...
FreeBSD : gedit -- format string vulnerability (e319da0b-a228-11da-b410-000e0c2e438a)
Yan Feng reports a format string vulnerability in gedit. This vulnerability could cause a denial of service with a binary file that contains format string characters within the filename. It had been reported that web browsers and email clients can be configured to provide a filename as an argumen...
FreeBSD : perl, webmin, usermin -- perl format string integer wrap vulnerability (bb33981a-7ac6-11da-bf72-00123f589060)
The Perl Development page reports : Dyad Security recently released a security advisory explaining how in certain cases, a carefully crafted format string passed to sprintf can cause a buffer overflow. This buffer overflow can then be used by an attacker to execute code on the machine. This was...
FreeBSD : evolution -- remote format string vulnerabilities (e5afdf63-1746-11da-978e-0001020eed82)
A SITIC Vulnerability Advisory reports : Evolution suffers from several format string bugs when handling data from remote sources. These bugs lead to crashes or the execution of arbitrary assembly language code. - The first format string bug occurs when viewing the full vCard data attached to an...
FreeBSD : libxine -- format string vulnerability (3bc5691e-38dd-11da-92f5-020039488e34)
Gentoo Linux Security Advisory reports : Ulf Harnhammar discovered a format string bug in the routines handling CDDB server response contents. An attacker could submit malicious information about an audio CD to a public CDDB server or impersonate a public CDDB server. When the victim plays this C...
FreeBSD : proftpd -- format string vulnerabilities (c28f4705-043f-11da-bc08-0001020eed82)
The ProFTPD release notes states : sean found two format string vulnerabilities, one in modsql's SQLShowInfo directive, and one involving the 'ftpshut' utility. Both can be considered low risk, as they require active involvement on the part of the site administrator in order to be exploited. Thes...
FreeBSD : weex -- remote format string vulnerability (d4c70df5-335d-11da-9c70-0040f42d58c6)
Emanuel Haupt reports : Someone who controls an FTP server that weex will log in to can set up malicious data in the account that weex will use, and that will cause a format string bug that will allow remote code execution. It will only happen when weex is first run or when its cache files are...
FreeBSD : SSH.COM SFTP server -- format string vulnerability (594ad3c5-a39b-11da-926c-0800209adf0e)
SSH Communications Security Corp reports a format string vulnerability in their SFTP server. This vulnerability could cause a user with SCP/SFTP access only to get permission to execute also other commands. It could also allow user A to create a special file that when accessed by user B allows us...
FreeBSD : xine -- multiple remote string vulnerabilities (8d4ae57d-d2ab-11da-a672-000e0c2e438a)
c0ntexb reports : There are 2 format string bugs in the latest version of Xine that could be exploited by a malicious person to execute code on the system of a remote user running the media player against a malicious playlist file. By passing a format specifier in the path of a file that is...
FreeBSD : clamav -- Multiple Vulnerabilities (6a5174bd-c580-11da-9110-00123ffe8333)
Secunia reports : Some vulnerabilities have been reported in ClamAV, which potentially can be exploited by malicious people to cause a DoS Denial of Service and compromise a vulnerable system. An unspecified integer overflow error exists in the PE header parser in 'libclamav/pe.c'. Successful...
FreeBSD : kpopup -- local root exploit and local denial of service (1613db79-8e52-11da-8426-000fea0a9611)
Mitre CVE reports : Format string vulnerability in main.cpp in kpopup 0.9.1-0.9.5pre2 allows local users to cause a denial of service segmentation fault and possibly execute arbitrary code via format string specifiers in command line arguments. misc.cpp in KPopup 0.9.1 trusts the PATH variable wh...
CVE-2006-2230
Multiple format string vulnerabilities in xiTK xitk/main.c in xine 0.99.4 might allow attackers to cause a denial of service via format string specifiers in an MP3 filename specified on the command line. NOTE: this is a different vulnerability than CVE-2006-1905. In addition, if the only attack...
CVE-2006-2230
Multiple format string vulnerabilities in xiTK xitk/main.c in xine 0.99.4 might allow attackers to cause a denial of service via format string specifiers in an MP3 filename specified on the command line. NOTE: this is a different vulnerability than CVE-2006-1905. In addition, if the only attack...
CVE-2006-2230
Multiple format string vulnerabilities in xiTK xitk/main.c in xine 0.99.4 might allow attackers to cause a denial of service via format string specifiers in an MP3 filename specified on the command line. NOTE: this is a different vulnerability than CVE-2006-1905. In addition, if the only attack...
Format string
Multiple format string vulnerabilities in xiTK xitk/main.c in xine 0.99.4 might allow attackers to cause a denial of service via format string specifiers in an MP3 filename specified on the command line. NOTE: this is a different vulnerability than CVE-2006-1905. In addition, if the only attack...
DEBIAN-CVE-2006-2230
Multiple format string vulnerabilities in xiTK xitk/main.c in xine 0.99.4 might allow attackers to cause a denial of service via format string specifiers in an MP3 filename specified on the command line. NOTE: this is a different vulnerability than CVE-2006-1905. In addition, if the only attack...
CVE-2006-2230
Multiple format string vulnerabilities in xiTK xitk/main.c in xine 0.99.4 might allow attackers to cause a denial of service via format string specifiers in an MP3 filename specified on the command line. NOTE: this is a different vulnerability than CVE-2006-1905. In addition, if the only attack...