CVE-2002-0246

Format string vulnerability in the message catalog library functions in UnixWare 7.1.1 allows local users to gain privileges by modifying the LCMESSAGE environment variable to read other message catalogs containing format strings from setuid programs such as vxprint...

CVE-2001-0891

Format string vulnerability in NQS daemon nqsdaemon in NQE 3.3.0.16 for CRAY UNICOS and SGI IRIX allows a local user to gain root privileges by using qsub to submit a batch job whose name contains formatting characters...

CVE-2002-0916

Format string vulnerability in the allowuser code for the Stellar-X msntauth authentication module, as distributed in Squid 2.4.STABLE6 and earlier, allows remote attackers to execute arbitrary code via format strings in the user name, which are not properly handled in a syslog call...

CVE-2002-0916

Format string vulnerability in the allowuser code for the Stellar-X msntauth authentication module, as distributed in Squid 2.4.STABLE6 and earlier, allows remote attackers to execute arbitrary code via format strings in the user name, which are not properly handled in a syslog call...

CVE-2002-0412

NTOP is affected by CVE-2002-0412 due to a format string vulnerability in the TraceEvent function prior to version 2.1. The issue allows remote attackers to execute arbitrary code by injecting format strings into syslog calls. Attack vectors include an HTTP GET request, or credentials supplied in...

CVE-2002-0573

Format string vulnerability in RPC wall daemon rpc.rwalld for Solaris 2.5.1 through 8 allows remote attackers to execute arbitrary code via format strings in a message that is not properly provided to the syslog function when the wall command cannot be executed...

DEBIAN-CVE-2003-0165

Format string vulnerability in Eye Of Gnome EOG allows attackers to execute arbitrary code via format string specifiers in a command line argument for the file to display...

CVE-2003-0165

Format string vulnerability in Eye Of Gnome EOG allows attackers to execute arbitrary code via format string specifiers in a command line argument for the file to display...

CVE-2002-0851

Format string vulnerability in ISDN Point to Point Protocol PPP daemon ipppd in the ISDN4Linux i4l package allows local users to gain root privileges via format strings in the device name command line argument, which is not properly handled in a call to syslog...

CVE-2002-0716

CVE-2002-0716 describes a format string vulnerability in the crontab component of SCO OpenServer 5.0.5 and 5.0.6 . The issue arises from format string specifiers in the file name argument , allowing local users to gain privileges . The vulnerability is tied to the crontab handling of a file name ...

CVE-2002-0573

CVE-2002-0573 affects Solaris systems running the rpc.rwalld daemon (Solaris 2.5.1–8). The issue is a format-string vulnerability in the error-handling path of rpc.rwalld, which can allow a remote attacker to execute arbitrary code with the daemon’s privileges (typically root) by sending a specia...

CVE-2002-0716

Format string vulnerability in crontab for SCO OpenServer 5.0.5 and 5.0.6 allows local users to gain privileges via format string specifiers in the file name argument...

CVE-2001-0891

CVE-2001-0891 describes a format string vulnerability in the NQS daemon (nqsdaemon) of NQE 3.3.0.16 on CRAY UNICOS and SGI IRIX. A local user could gain root privileges by submitting a batch job with a name containing formatting characters (via qsub). The connected documents confirm the vulnerabi...

CVE-2002-1049

CVE-2002-1049 is a format string vulnerability in HylaFAX faxgetty prior to 4.1.3. The TSI data element is used in a format string without proper sanitization, allowing remote attackers to crash the faxgetty process (denial of service). Several advisories reference this issue, with Debian noting ...

CVE-2002-0916

This CVE (CVE-2002-0916) affects Squid 2.4.STABLE6 and earlier, in the Stellar-X msntauth authentication module. The issue is a format string vulnerability in the allowuser code that handles the user name, where untrusted input is used in a syslog call, enabling remote code execution. Documents c...

CVE-2002-0851

The CVE-2002-0851 issue affects the ISDN4Linux (i4l) package, specifically the PPP daemon ipppd. A format string vulnerability in the device name command line argument is not properly sanitized in a syslog call, allowing a local user to exploit the flaw and gain root privileges. The connected doc...

CVE-2002-1049

Format string vulnerability in HylaFAX faxgetty before 4.1.3 allows remote attackers to cause a denial of service crash via the TSI data element...

CVE-2002-0851

Removed by vendor...

CVE-2002-0501

The CVE-2002-0501 entry relates to a format-string vulnerability in the Posadis DNS server’s log_print() function, exploitable by local users and possibly remote attackers. Affected software: Posadis DNS server prior to version m5pre2. Root cause: improper handling of format strings in logging, e...

CVE-2002-1051

The CVE-2002-1051 entry concerns NANOG traceroute (traceroute-nanog). A format string vulnerability exists in TrACESroute 6.0 GOLD that allows local users to execute arbitrary code via the -T (terminator) argument. The issue is tied to NANOG traceroute’s handling of input leading to potential cod...