Hashcash: Format string vulnerability

Background Hashcash is a utility for generating Hashcash tokens, a proof-of-work system to reduce the impact of spam. Description Tavis Ormandy of the Gentoo Linux Security Audit Team identified a flaw in the Hashcash utility that an attacker could expose by specifying a malformed reply address...

Moderate: Red Hat Security Advisory: mc security update

Updated mc packages that fix multiple security issues are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Midnight Commander mc is a visual shell, much like a file manager. Several format string bugs were found in Midnight...

CVE-2005-0636

The CVE-2005-0636 entry describes a format string vulnerability in Foxmail Server 2.0, exploitable via remote USER command input over the network. The underlying flaw is in format string handling, allowing denial of service (crash) and potentially arbitrary code execution. Documents do not specif...

CVE-2005-0636

Format string vulnerability in Foxmail Server 2.0 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via format strings in the USER command...

RHEL 2.1 : mc (RHSA-2005:217)

Updated mc packages that fix multiple security issues are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Midnight Commander mc is a visual shell, much like a file manager. Several format string bugs were found in Midnight...

USN-90-1: Imagemagick vulnerability

Tavis Ormandy discovered a format string vulnerability in ImageMagick's file name handling. Specially crafted file names could cause a program using ImageMagick to crash, or possibly even cause execution of arbitrary code. Since ImageMagick can be used in custom printing systems, this also might...

CVE-2005-0671

Format string vulnerability in Carsten's 3D Engine Ca3DE, March 2004 version and earlier, allows remote attackers to execute arbitrary code via format string specifiers in a command...

ca3de - Multiple Vulnerabilities

ca3de - Multiple Vulnerabilities source: https://www.securityfocus.com/bid/12727/info Ca3DE is reported prone to multiple remote vulnerabilities. An attacker can exploit these issues to carry out format string and denial of service attacks. The following specific issues were identified: It is...

BidWatcher: Format string vulnerability

Background BidWatcher is a free auction tool for eBay users to keep track of their auctions. Description Ulf Harnhammar discovered a format string vulnerability in "netstuff.cpp". Impact Remote attackers can potentially exploit this vulnerability by sending specially crafted responses via an eBay...

foxmail.txt

AUTHOR: Fortinet, inc xouyang PRODUCTS: Foxmail Server. A Mail server for both Windows and linux. AFFECTED VERSION: Foxmail server for windows version 2.0 latest. I've just tested windows server, the linux version may be vulnerable too. Description: Foxmail-the Email client application is the mos...

ca3de - Multiple Vulnerabilities

source: https://www.securityfocus.com/bid/12727/info Ca3DE is reported prone to multiple remote vulnerabilities. An attacker can exploit these issues to carry out format string and denial of service attacks. The following specific issues were identified: It is reported that all commands accepted ...

CVE-2004-1006

Format string vulnerability in the log functions in dhcpd for dhcp 2.x allows remote DNS servers to execute arbitrary code via certain DNS messages, a different vulnerability than CVE-2002-0702...

IBM AIX auditselect contains format string vulnerability

Overview IBM AIX auditselect command contains a format string vulnerability that may allow a local attacker to execute arbitrary code. Description According to IBM's Command Reference, the syntax and description of the auditselect command are as follows:$ auditselect -e "Expression" | -f File -m...

CVE-2005-0577

CVE-2005-0577 affects DNA MKBold-MKItalic up to version 0.06_1. The vulnerability is a format string flaw in the BDF font processing that could allow remote code execution. The OpenVAS and NVD records corroborate the issue; they reference the FreeBSD ports mkbold-mkitalic package as affected. The...

CVE-2005-0577

Format string vulnerability in DNA MKBold-MKItalic 0.061 and earlier allows remote attackers to execute arbitrary code via crafted BDF font files...

ProZilla < 1.3.7.4 Location Header Format String

Binary data 2644.prm...

CVE-2005-0523

Format string vulnerability in ProZilla 1.3.7.3 and earlier allows remote attackers to execute arbitrary code via format string specifiers in the Location header...

CVE-2005-0523

ProZilla: format-string vulnerability in Location header affecting 1.3.7.3 and earlier that enables remote code execution. Debian/DSA-719-1 fixes in prozilla available (1.3.7.4-1 and related) and advisories recommend upgrading.

mkbold-mkitalic -- format string vulnerability

The version 0.061 and prior have a format string vulnerability which can be triggered by using a carefully-crafted BDF font file...

CVE-2004-1628

Format string vulnerability in log.c in rssh before 2.2.2 allows remote authenticated users to execute arbitrary code...