8515 matches found
[Full-Disclosure] [VSA0402] OpenFTPD format string vulnerability
VSA0402 - openftpd - void.at security notice Overview ======== We have discovered a format string vulnerability in openftpd http://www.openftpd.org:9673/openftpd. OpenFTPD is a free, open source FTP server implementation for the UNIX platform. FTP4ALL is not vulnerable it doesnt use that message...
[SECURITY] [DSA 532-2] New libapache-mod-ssl packages fix multiple vulnerabilities
-------------------------------------------------------------------------- Debian Security Advisory DSA 532-2 [email protected] http://www.debian.org/security/ Matt Zimmerman July 27th, 2004 http://www.debian.org/security/faq -...
CVE-2004-0700
Format string vulnerability in the modproxy hook functions function in sslenginelog.c in modssl before 2.8.19 for Apache before 1.3.31 may allow remote attackers to execute arbitrary messages via format string specifiers in certain log messages for HTTPS that are handled by the ssllog function...
CVE-2004-0700
Format string vulnerability in the modproxy hook functions function in sslenginelog.c in modssl before 2.8.19 for Apache before 1.3.31 may allow remote attackers to execute arbitrary messages via format string specifiers in certain log messages for HTTPS that are handled by the ssllog function...
CVE-2004-0733
Format string vulnerability in OllyDbg 1.10 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via format string specifiers that are directly provided to the OutputDebugString function call...
new mod_ssl packages
New modssl packages are available for Slackware 8.1, 9.0, 9.1, 10.0 and -current to fix a security issue. A format string vulnerability in modproxy hook functions could allow an attacker to run code as the modssl user. Sites using modssl should upgrade be sure to back up your existing key files...
SuSE-SA:2003:048: gpg
The remote host is missing the patch for the advisory SuSE-SA:2003:048 gpg. The gnupg the SUSE package is named gpg package is the most widely used software for cryptographic encryption/decryption of data. Two independent errors have been found in gpg GnuPG packages as shipped with SUSE products:...
SUSE-SA:2002:035: hylafax
The remote host is missing the patch for the advisory SUSE-SA:2002:035 hylafax. HylaFAX is a client-server architecture for receiving and sending facsimiles. The logging function of faxgetty prior version 4.1.3 was vulnerable to a format string bug when handling the TSI value of a received...
SUSE-SA:2003:019: ethereal
The remote host is missing the patch for the advisory SUSE-SA:2003:019 ethereal. Ethereal is a GUI for analyzing and displaying network traffic. Ethereal is vulnerable to a format string bug in it's SOCKS code and to a heap buffer overflow in it's NTLMSSP code. These bugs can be abused to crash...
SUSE-SA:2002:037: heartbeat
The remote host is missing the patch for the advisory SUSE-SA:2002:037 heartbeat. Heartbeat is a monitoring service that is used to implement failover in high-availablity environments. It can be configured to monitor other systems via serial connections, or via UDP/IP. Several format string bugs...
mod_proxy hook format string
Format string vulnerability in the modproxy hook functions function in sslenginelog.c in modssl before 2.8.19 for Apache before 1.3.31 may allow remote attackers to execute arbitrary messages via format string specifiers in certain log messages for HTTPS that are handled by the ssllog function...
CVE-2004-0733
The CVE-2004-0733 issue affects OllyDbg 1.10, with a format string vulnerability in calls to OutputDebugString. The underlying flaw allows remote attackers to trigger a crash (DoS) and potentially execute arbitrary code via untrusted format specifiers. Documentation notes the impact as Denial of ...
[SECURITY] [DSA 532-1] New libapache-mod-ssl packages fix multiple vulnerabilities
-------------------------------------------------------------------------- Debian Security Advisory DSA 532-1 [email protected] http://www.debian.org/security/ Matt Zimmerman July 22nd, 2004 http://www.debian.org/security/faq -...
Fedora Core 1 : mc-4.6.0-14.10 (2004-112)
Several buffer overflows, several temporary file creation vulnerabilities, and one format string vulnerability have been discovered in Midnight Commander. These vulnerabilities were discovered mostly by Andrew V. Samoilov and Pavel Roskin. The Common Vulnerabilities and Exposures project...
mod_ssl: Format string vulnerability
Background modssl provides Secure Sockets Layer encryption and authentication to Apache 1.3. Description A bug in sslengineext.c makes modssl vulnerable to a ssllog related format string vulnerability in the modproxy hook functions. Impact Given the right server configuration, an attacker could...
CVE-2004-0700
CVE-2004-0700 describes a format-string vulnerability in the mod_ssl component (ssl_engine_log.c) of Apache’s mod_ssl. Affects Apache before 1.3.31 with mod_ssl up to version 2.8.19; remote attackers could use format specifiers in HTTPS log messages processed by ssl_log to potentially execute arb...
[FMADV] Format String Bug in OllyDbg 1.10
FMADV - OllyDbg Format String Bug Introduction: There exists a format string bug in the code that handles Debugger Messages in OllyDbg. This means any traced application can crash OllyDbg and execute machine code. About From the Webpage: OllyDbg is a 32-bit assembler level analysing debugger for...
mod_ssl contains a format string vulnerability in the ssl_log() function
Overview There is a format string vulnerability in the ssllog function of the modssl module that could allow an attacker to potentially execute arbitrary code. Description modssl is an Apache module that provides Secure Sockets Layer SSL v2/v3 and Transport Layer Security TLS v1 protocol support...
[SECURITY] [DSA 529-1] New netkit-telnet-ssl package fixes format string vulnerability
-------------------------------------------------------------------------- Debian Security Advisory DSA 529-1 [email protected] http://www.debian.org/security/ Matt Zimmerman July 17th, 2004 http://www.debian.org/security/faq -...
[SECURITY] [DSA 529-1] New netkit-telnet-ssl package fixes format string vulnerability
-------------------------------------------------------------------------- Debian Security Advisory DSA 529-1 [email protected] http://www.debian.org/security/ Matt Zimmerman July 17th, 2004 http://www.debian.org/security/faq -...