ELOG < 2.6.1 Multiple Remote Vulnerabilities (Traversal, FS)

The remote host appears to be using ELOG, a web-based electronic logbook application. The version of ELOG installed on the remote host fails to filter directory traversal strings before processing GET requests. An attacker can exploit this issue to retrieve the contents of arbitrary files from th...

Tftpd32 Error Message Format String

The remote host appears to be running Tftpd32, a tftpd server for Windows. There is a format string vulnerability in versions of Tftpd32 up to and including 2.81 that may allow remote attackers to crash the server or to execute code on the affected host subject to the privileges under which the...

Tftpd32 2.81 (GET Request) Format String Denial of Service PoC

Exploit for unknown platform in category dos / poc ============================================================== Tftpd32 2.81 GET Request Format String Denial of Service PoC ============================================================== !/usr/bin/perl Tftpd32 Format String PoC DoS by Critical...

TFTPD32 2.81 - GET Format String Denial of Service (PoC)

TFTPD32 2.81 - GET Format String Denial of Service PoC !/usr/bin/perl Tftpd32 Format String PoC DoS by Critical Security research http://www.critical.lt use IO::Socket; $port = "69"; $host = "127.0.0.1"; $tftpudp = IO::Socket::INET-newPeerPort = $port,PeerAddr = $host,Proto= 'udp'; $bzz =...

[SA18533] ELOG Format String and Directory Traversal Vulnerabilities

TITLE: ELOG Format String and Directory Traversal Vulnerabilities SECUNIA ADVISORY ID: SA18533 VERIFY ADVISORY: http://secunia.com/advisories/18533/ CRITICAL: Highly critical IMPACT: Security Bypass, DoS, System access WHERE: From remote SOFTWARE: ELOG 2.x http://secunia.com/product/4657/...

TFTPD32 2.81 - GET Format String Denial of Service (PoC)

!/usr/bin/perl Tftpd32 Format String PoC DoS by Critical Security research http://www.critical.lt use IO::Socket; $port = "69"; $host = "127.0.0.1"; $tftpudp = IO::Socket::INET-newPeerPort = $port,PeerAddr = $host,Proto= 'udp'; $bzz = "\x00\x01" ; GET $bzz .= "%.1000x\x00"; $bzz .=...

CVE-2006-0250

Format string vulnerability in the snmpinput function in snmptrapd in CMU SNMP utilities cmu-snmp allows remote attackers to execute arbitrary code by sending crafted SNMP messages to UDP port 162...

CVE-2006-0250

CVE-2006-0250 affects the CMU SNMP utilities (cmu-snmp), specifically the snmptrapd component’s snmp_input function. The root cause is a format string vulnerability that enables remote code execution by sending crafted SNMP messages to UDP port 162. Several connected sources confirm the vulnerabl...

CVE-2006-0250

Format string vulnerability in the snmpinput function in snmptrapd in CMU SNMP utilities cmu-snmp allows remote attackers to execute arbitrary code by sending crafted SNMP messages to UDP port 162...

PT-2006-1325 · Cmu · Cmu-Snmp

Name of the Vulnerable Software and Affected Versions: CMU SNMP utilities cmu-snmp affected versions not specified Description: The issue is related to a format string vulnerability in the snmp input function in snmptrapd. This vulnerability allows remote attackers to execute arbitrary code by...

Digital Armaments Security Advisory 01.16.2006: CMU SNMP utilities snmptrad Format String Vulnerability

CMU SNMP utilities snmptrad Format String Vulnerability Digital Armaments advisory is 01.04.2006 http://www.digitalarmaments.com/2006040164883273.html I. Background The package is CMU-SNMP utilities. In this package snmptrapd is an SNMP application that receives and logs SNMP TRAP and INFORM...

CMU SNMP snmptrapd format string vulnerability

Format string vulnerability in snmpinput function...

Fedora Core 3 : mod_auth_pgsql-2.0.1-6.2 (2006-014)

Several format string flaws were found in the way modauthpgsql logs information. It may be possible for a remote attacker to execute arbitrary code as the 'apache' user if modauthpgsql is used for user authentication. The Common Vulnerabilities and Exposures project assigned the name CVE-2005-365...

Ubuntu 4.10 / 5.04 : apache2, libapache-mod-ssl vulnerabilities (USN-177-1)

Apache did not honour the 'SSLVerifyClient require' directive within a block if the surrounding block contained a directive 'SSLVerifyClient optional'. This allowed clients to bypass client certificate validation on servers with the above configuration. CAN-2005-2700 Filip Sneppe discovered a...

GLSA-200601-05 : mod_auth_pgsql: Multiple format string vulnerabilities

The remote host is affected by the vulnerability described in GLSA-200601-05 modauthpgsql: Multiple format string vulnerabilities The error logging functions of modauthpgsql fail to validate certain strings before passing them to syslog, resulting in format string vulnerabilities. Impact : An...

Ubuntu 4.10 : imagemagick vulnerability (USN-90-1)

Tavis Ormandy discovered a format string vulnerability in ImageMagick's file name handling. Specially crafted file names could cause a program using ImageMagick to crash, or possibly even cause execution of arbitrary code. Since ImageMagick can be used in custom printing systems, this also might...

Ubuntu 4.10 : emacs21 vulnerability (USN-76-1)

Max Vozeler discovered a format string vulnerability in the 'movemail' utility of Emacs. By sending specially crafted packets, a malicious POP3 server could cause a buffer overflow, which could have been exploited to execute arbitrary code with the privileges of the user and the 'mail' group sinc...

Mandrake Linux Security Advisory : apache2-mod_auth_pgsql (MDKSA-2006:009)

iDefense discovered several format string vulnerabilities in the way that modauthpgsql logs information which could potentially be used by a remote attacker to execute arbitrary code as the apache user if modauthpgsql is used for user authentication. The provided packages have been patched to...

Ubuntu 4.10 / 5.04 : xine-lib vulnerability (USN-196-1)

Ulf Harnhammar discovered a format string vulnerability in the CDDB module's cache file handling in the Xine library, which is used by packages such as xine-ui, totem-xine, and gxine. By tricking an user into playing a particular audio CD which has a specially crafted CDDB entry, a remote attacke...

Mandrake Linux Security Advisory : perl (MDKSA-2005:225)

Jack Louis discovered a new way to exploit format string errors in the Perl programming language that could lead to the execution of arbitrary code. The updated packages are patched to close the particular exploit vector in Perl itself, to mitigate the risk of format string programming errors,...