Mandrake Linux Security Advisory : xine-lib (MDKSA-2005:180)

When playing an Audio CD, a xine-lib based media application contacts a CDDB server to retrieve metadata like the title and artist's name. During processing of this data, a response from the server, which is located in memory on the stack, is passed to the fprintf function as a format string. An...

Debian DSA-863-1 : xine-lib - format string vulnerability

Ulf Harnhammar from the Debian Security Audit Project discovered a format string vulnerability in the CDDB processing component of xine-lib, the xine video/media player library, that could lead to the execution of arbitrary code caused by a malicious CDDB entry. %NASLMINLEVEL 70300 C Tenable...

CVE-2005-2661

Format string vulnerability in the ParseBannerAndCapability function in main.c for up-imapproxy 1.2.3 and 1.2.4 allows remote IMAP servers to execute arbitrary code via format string specifiers in a banner or capability line...

CVE-2005-2967

Format string vulnerability in inputcdda.c in xine-lib 1-beta through 1-beta 3, 1-rc, 1.0 through 1.0.2, and 1.1.1 allows remote servers to execute arbitrary code via format string specifiers in metadata in CDDB server responses when the victim plays a CD...

CVE-2005-2967

Format string vulnerability in inputcdda.c in xine-lib 1-beta through 1-beta 3, 1-rc, 1.0 through 1.0.2, and 1.1.1 allows remote servers to execute arbitrary code via format string specifiers in metadata in CDDB server responses when the victim plays a CD...

CVE-2005-2661

Format string vulnerability in the ParseBannerAndCapability function in main.c for up-imapproxy 1.2.3 and 1.2.4 allows remote IMAP servers to execute arbitrary code via format string specifiers in a banner or capability line...

CVE-2005-2661

The CVE-2005-2661 issue affects up-imapproxy (IMAP Proxy) versions 1.2.3 and 1.2.4. It is a format string vulnerability in the ParseBannerAndCapability function in main.c, allowing a remote IMAP server to execute arbitrary code via format specifiers in a banner or capability line. Public sources ...

CVE-2005-2967

Format string vulnerability in inputcdda.c in xine-lib 1-beta through 1-beta 3, 1-rc, 1.0 through 1.0.2, and 1.1.1 allows remote servers to execute arbitrary code via format string specifiers in metadata in CDDB server responses when the victim plays a CD...

CVE-2005-2967

CVE-2005-2967 is a format-string vulnerability in xine-lib’s CDDB processing. The flaw exists in xine-lib 1-beta through 1-beta 3, 1-rc, 1.0 through 1.0.2, and 1.1.1, allowing a remote attacker to execute arbitrary code via specially crafted CDDB responses when a CD is played. The issue is tied t...

CVE-2005-2661

Format string vulnerability in the ParseBannerAndCapability function in main.c for up-imapproxy 1.2.3 and 1.2.4 allows remote IMAP servers to execute arbitrary code via format string specifiers in a banner or capability line...

DTSA-20-1 mailutils - Format string vulnerability

Bulletin has no description...

CVE-2005-2715

Format string vulnerability in the Java user interface service bpjava-msvc daemon for VERITAS NetBackup Data and Business Center 4.5FP and 4.5MP, and NetBackup Enterprise/Server/Client 5.0, 5.1, and 6.0, allows remote attackers to execute arbitrary code via the COMMANDLOGONTOMSERVER command...

Immunity Canvas: NETBACKUP_JAVAUI

Name| netbackupjavaui ---|--- CVE| CVE-2005-2715 Exploit Pack| CANVAS Description| VERITAS NetBackup Java User Interface Format String Notes| CVE Name: CVE-2005-2715 VENDOR: Symantec VersionsAffected: Repeatability: References: http://www.zerodayinitiative.com/advisories/ZDI-05-001.html CVE Url:...

CVE-2005-2715

Format string vulnerability in the Java user interface service bpjava-msvc daemon for VERITAS NetBackup Data and Business Center 4.5FP and 4.5MP, and NetBackup Enterprise/Server/Client 5.0, 5.1, and 6.0, allows remote attackers to execute arbitrary code via the COMMANDLOGONTOMSERVER command...

CVE-2005-2715

CVE-2005-2715 involves a format-string vulnerability in VERITAS NetBackup Java Authentication Service (bpjava-msvc) daemon. The flaw affects NetBackup components listed in the description (e.g., 4.5FP/4.5MP and 5.0–6.0 families) and allows remote code execution via the COMMAND_LOGON_TO_MSERVER co...

[SECURITY] [DSA 863-1] New xine-lib packages fix arbitrary code execution

-------------------------------------------------------------------------- Debian Security Advisory DSA 863-1 [email protected] http://www.debian.org/security/ Martin Schulze October 12th, 2005 http://www.debian.org/security/faq -...

[SECURITY] [DSA 863-1] New xine-lib packages fix arbitrary code execution

-------------------------------------------------------------------------- Debian Security Advisory DSA 863-1 [email protected] http://www.debian.org/security/ Martin Schulze October 12th, 2005 http://www.debian.org/security/faq -...

VERITAS NetBackup Remote Code Execution

This vulnerability allows remote attackers to execute arbitrary code on vulnerable NetBackup installations. Authentication is not required to exploit this vulnerability. This specific flaw exists within the bpjava-msvc daemon due to incorrect handling of format string data passed through the...

DSA-863-1 xine-lib - format string vulnerability

Bulletin has no description...

VERITAS NetBackup Java Administration Console contains a format string vulnerability in "bpjava-msvc"

Overview The VERITAS NetBackup Java Administration Console contains a format string vulnerability, which may allow an unauthenticated, remote attacker to execute arbitrary code with root or SYSTEM privileges. Description The Java Administration Console is an alternative administrative interface f...