GLSA-200601-05 : mod_auth_pgsql: Multiple format string vulnerabilities

The remote host is affected by the vulnerability described in GLSA-200601-05 modauthpgsql: Multiple format string vulnerabilities The error logging functions of modauthpgsql fail to validate certain strings before passing them to syslog, resulting in format string vulnerabilities. Impact : An...

Mandrake Linux Security Advisory : gda2.0 (MDKSA-2005:203)

Steve Kemp discovered two format string vulnerabilities in libgda2, the GNOME Data Access library for GNOME2, which may lead to the execution of arbitrary code in programs that use this library. The updated packages have been patched to correct this issue. %NASLMINLEVEL 70300 C Tenable Network...

Mandrake Linux Security Advisory : webmin (MDKSA-2005:223)

Jack Louis discovered a format string vulnerability in miniserv.pl Perl web server in Webmin before 1.250 and Usermin before 1.180, with syslog logging enabled. This can allow remote attackers to cause a denial of service crash or memory consumption and possibly execute arbitrary code via format...

Fedora Core 3 : mod_auth_pgsql-2.0.1-6.2 (2006-014)

Several format string flaws were found in the way modauthpgsql logs information. It may be possible for a remote attacker to execute arbitrary code as the 'apache' user if modauthpgsql is used for user authentication. The Common Vulnerabilities and Exposures project assigned the name CVE-2005-365...

Mandrake Linux Security Advisory : perl (MDKSA-2005:225)

Jack Louis discovered a new way to exploit format string errors in the Perl programming language that could lead to the execution of arbitrary code. The updated packages are patched to close the particular exploit vector in Perl itself, to mitigate the risk of format string programming errors,...

CVE-2006-0200

Format string vulnerability in the error-reporting feature in the mysqli extension in PHP 5.1.0 and 5.1.1 might allow remote attackers to execute arbitrary code via format string specifiers in MySQL error messages...

Format string

Format string vulnerability in the error-reporting feature in the mysqli extension in PHP 5.1.0 and 5.1.1 might allow remote attackers to execute arbitrary code via format string specifiers in MySQL error messages...

CVE-2006-0200

Format string vulnerability in the error-reporting feature in the mysqli extension in PHP 5.1.0 and 5.1.1 might allow remote attackers to execute arbitrary code via format string specifiers in MySQL error messages...

CVE-2006-0200

The CVE-2006-0200 issue is a format-string vulnerability in PHP’s mysqli extension error-reporting for PHP versions 5.1.0 and 5.1.1, potentially leading to remote code execution via crafted MySQL error messages. Public references (NVD, SUSE, OpenVAS, Tenable/Nessus) confirm the affected component...

CVE-2006-0200

Format string vulnerability in the error-reporting feature in the mysqli extension in PHP 5.1.0 and 5.1.1 might allow remote attackers to execute arbitrary code via format string specifiers in MySQL error messages...

Advisory 02/2006: PHP ext/mysqli Format String Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hardened-PHP Project www.hardened-php.net -= Security Advisory =- Advisory: PHP ext/mysqli Format String Vulnerability Release Date: 2006/01/12 Last Modified: 2006/01/12 Author: Stefan Esser [email protected] Application: PHP5.1 = 5.1.1 Not...

Multiple PHP extensions vulnerabilities

mysqli extension format string vulnerability, session extension session id HTTP response splitting...

Format string

Format string vulnerability in /bin/ftp in UNICOS 9.0.2.2 allows local users to have an unknown impact via format string specifiers in the quote command. NOTE: because the program is not setuid and not normally called from remote programs, there may not be a typical attack vector for the issue th...

CVE-2006-0178

Format string vulnerability in /bin/ftp in UNICOS 9.0.2.2 allows local users to have an unknown impact via format string specifiers in the quote command. NOTE: because the program is not setuid and not normally called from remote programs, there may not be a typical attack vector for the issue th...

CVE-2006-0178

Format string vulnerability in /bin/ftp in UNICOS 9.0.2.2 allows local users to have an unknown impact via format string specifiers in the quote command. NOTE: because the program is not setuid and not normally called from remote programs, there may not be a typical attack vector for the issue th...

CVE-2006-0178

Technical details (affected product versions, root cause, exploitability, and remediation) are not publicly provided in the supplied documents. Monitor for updates from official advisories and vendor notices.

RHEL 2.1 : auth_ldap (RHSA-2006:0179)

An updated authldap packages that fixes a format string security issue is now available for Red Hat Enterprise Linux 2.1. This update has been rated as having critical security impact by the Red Hat Security Response Team. The authldap package is an httpd module that allows user authentication...

Critical: Red Hat Security Advisory: auth_ldap security update

An updated authldap packages that fixes a format string security issue is now available for Red Hat Enterprise Linux 2.1. This update has been rated as having critical security impact by the Red Hat Security Response Team. The authldap package is an httpd module that allows user authentication...

[SECURITY] [DSA 935-1] New libapache2-mod-auth-pgsql packages fix arbitrary code execution

-------------------------------------------------------------------------- Debian Security Advisory DSA 935-1 [email protected] http://www.debian.org/security/ Michael Stone January 10, 2006 http://www.debian.org/security/faq -...

[SECURITY] [DSA 935-1] New libapache2-mod-auth-pgsql packages fix arbitrary code execution

-------------------------------------------------------------------------- Debian Security Advisory DSA 935-1 [email protected] http://www.debian.org/security/ Michael Stone January 10, 2006 http://www.debian.org/security/faq -...