FreeBSD TOP Format String Vulnerability

Exploit for bsd platform in category local exploits ======================================= FreeBSD TOP Format String Vulnerability ======================================= / freebsd x86 top exploit affected under top-3.5beta9 including this version 1. get the address of .dtors from /usr/bin/top...

FreeBSD - usrbintop Format String

FreeBSD - usrbintop Format String / freebsd x86 top exploit affected under top-3.5beta9 including this version 1. get the address of .dtors from /usr/bin/top using objdump , 'objdump -s -j .dtors /usr/bin/top' 2. divide it into four parts, and set it up into an environment variable like "XSEO=" 3...

FreeBSD - '/usr/bin/top' Format String

/ freebsd x86 top exploit affected under top-3.5beta9 including this version 1. get the address of .dtors from /usr/bin/top using objdump , 'objdump -s -j .dtors /usr/bin/top' 2. divide it into four parts, and set it up into an environment variable like "XSEO=" 3. run top, then find "your parted...

CVE-2001-0974

Format string vulnerabilities in Oracle Internet Directory Server LDAP 2.1.1.x and 3.0.1 allow remote attackers to execute arbitrary code, as demonstrated by the PROTOS LDAPv3 test suite...

Non-preformatted document test

The Oracle 8i Enterprise Edition server contains multiple vulnerabilities in the code used to process LDAP requests. In the encoding section of the test suite, this product failed an indeterminate number of test cases in the group that tests a server's response to invalid encodings of BER...

Oracle 8i Enterprise Edition vulnerabilities

The Oracle 8i Enterprise Edition server contains multiple vulnerabilities in the code used to process LDAP requests. In the encoding section of the test suite, this product failed an indeterminate number of test cases in the group that tests a server's response to invalid encodings of BER...

Oracle Internet Directory contains multiple vulnerabilities in LDAP handling code

Overview The Oracle Internet Directory server contains vulnerabilities that may allow denial-of-service attacks, unauthorized privileged access, or both. These vulnerabilities were revealed using the PROTOS LDAPv3 test suite and are documented in CERT Advisory CA-2001-18. If your site uses this...

CVE-2001-1312

Format string vulnerabilities in Lotus Domino R5 before R5.0.7a allow remote attackers to cause a denial of service crash and possibly execute arbitrary code, as demonstrated by the PROTOS LDAPv3 test suite...

CVE-2001-1308

Format string vulnerabilities in iPlanet Directory Server 4.1.4 and earlier LDAP allow remote attackers to cause a denial of service crash and possibly execute arbitrary code, as demonstrated by the PROTOS LDAPv3 test suite...

CVE-2001-1176

Format string vulnerability in Check Point VPN-1/FireWall-1 4.1 allows a remote authenticated firewall administrator to execute arbitrary code via format strings in the control connection...

FreeBSD-SA-01:44.gnupg

-----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-01:44 Security Advisory FreeBSD, Inc. Topic: gnupg contains format string vulnerability Category: ports Module: gnupg Announced: 2001-07-10 Credits: fish stiqz Affects: Port...

CVE-2001-1081

Format string vulnerabilities in Livingston/Lucent RADIUS before 2.1.va.1 may allow local or remote attackers to cause a denial of service and possibly execute arbitrary code via format specifiers that are injected into log messages...

Удаленный root через rpc.statd

Ошибка форматной строки приводит к возможности выплонения кода с привилегиями root...

CVE-2001-0387

Format string vulnerability in hfaxd in HylaFAX before 4.1.b22 allows local users to gain privileges via the -q command line argument...

CVE-2001-0359

Format string vulnerability in Sierra Half-Life build 1573 and earlier allows a remote attacker to execute arbitrary code via the map command...

CVE-2001-0489

Format string vulnerability in gftp prior to 2.0.8 allows remote malicious FTP servers to execute arbitrary commands...

eXtremail Remote Format String ('s)

Bugtraq readers, eXtremail is a free integrated pop3/smtpd mail daemon for Linux x86, although it is free it is closed sourced software. It has been found that the majority of the newer versions are vulnerable to a remotely exploitable format string condition. The following versions are confirmed...

CVE-2001-1078

Format string vulnerability in flog function of eXtremail 1.1.9 and earlier allows remote attackers to gain root privileges via format specifiers in the SMTP commands 1 HELO, 2 EHLO, 3 MAIL FROM, or 4 RCPT TO, and the POP3 commands 5 USER and 6 other commands that can be executed after POP3...

eXtremail 1.x2.1 - Remote Format String (2)

eXtremail 1.x2.1 - Remote Format String 2 // source: https://www.securityfocus.com/bid/2908/info eXtremail is a freeware SMTP server available for Linux and AIX. eXtremail contains a format-string vulnerability in its logging mechanism. Attackers can send SMTP commands argumented with maliciously...

eXtremail 1.x2.1 - Remote Format String (1)

eXtremail 1.x2.1 - Remote Format String 1 // source: https://www.securityfocus.com/bid/2908/info eXtremail is a freeware SMTP server available for Linux and AIX. eXtremail contains a format-string vulnerability in its logging mechanism. Attackers can send SMTP commands argumented with maliciously...