8605 matches found
CVE-2000-0818
The CVE-2000-0818 issue affects Oracle Listener (tnslsnr) in default installations of versions 7.3.4, 8.0.6, and 8.1.6, allowing an attacker to log data to arbitrary files and execute commands through SET TRC_FILE or SET LOG_FILE. The provided documents indicate the vulnerability enables modifica...
FreeBSD-SA-01:35.licq
-----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-01:35 Security Advisory FreeBSD, Inc. Topic: licq contains multiple remote vulnerabilities Category: ports Module: licq Announced: 2001-04-23 Credits: Stan Bubrouski Affects...
cfingerd 1.4 - Format String (2)
// source: https://www.securityfocus.com/bid/2576/info A format string bug in the logging facility of the cfingerd "Configurable Finger Daemon" allows remote users to attain root privileges and execute arbitrary code. cfingerd queries and logs the remote username of users of the service. If an...
CVE-2001-0181
The CVE-2001-0181 entry concerns a format-string vulnerability in the error-logging path of the DHCP server and client in Caldera Linux. The underlying flaw is in how logging is performed, allowing a remote attacker to execute arbitrary commands. The available documents confirm the affected compo...
Microsoft Internet Explorer 5.0.15.56.0 - Telnet Client File Overwrite
Microsoft Internet Explorer 5.0.15.56.0 - Telnet Client File Overwrite source: https://www.securityfocus.com/bid/2463/info Services for Unix 2.0 contains a client side logging option which records all information exchanged in a telnet session. A vulnerability exists that could enable a remote use...
Microsoft Internet Explorer 5.0.1/5.5/6.0 - Telnet Client File Overwrite
source: https://www.securityfocus.com/bid/2463/info Services for Unix 2.0 contains a client side logging option which records all information exchanged in a telnet session. A vulnerability exists that could enable a remote user to invoke the telnet client and execute arbitrary commands on a targe...
Sudo 1.51.6 - Heap Corruption
Sudo 1.51.6 - Heap Corruption // source: https://www.securityfocus.com/bid/2829/info Sudo superuser do is a security utility that allows administrator to give 'restricted' superuser privileges to certain users. Sudo contains a locally exploitable buffer overrun vulnerability. The overrun conditio...
Sudo 1.5/1.6 - Heap Corruption
// source: https://www.securityfocus.com/bid/2829/info Sudo superuser do is a security utility that allows administrator to give 'restricted' superuser privileges to certain users. Sudo contains a locally exploitable buffer overrun vulnerability. The overrun condition exists in the logging...
SSHD-1 Logging Vulnerability
Crimelabs, Inc. www.crimelabs.net Security Note Crimelabs Security Note CLABS200101 Title: SSH-1 Brute Force Password Vulnerability Date: 5 February, 2001 Vendors: Any supported by SSH-1 Versions: At least ssh-1.2.27 and 1.2.30 Not Affected: OpenSSH Severity: Medium to High Author: Jose Nazario...
SSH 1.2.30 - Daemon Logging Failure
SSH 1.2.30 - Daemon Logging Failure source: https://www.securityfocus.com/bid/2345/info SSH1 is the implementation of the Secure Shell communication protocol by SSH Communications. SSH1 is version 1 of the protocol specified by IETF draft to protect the integrity of traffic over the network. A...
SSH 1.2.30 - Daemon Logging Failure
source: https://www.securityfocus.com/bid/2345/info SSH1 is the implementation of the Secure Shell communication protocol by SSH Communications. SSH1 is version 1 of the protocol specified by IETF draft to protect the integrity of traffic over the network. A problem with the implementation of the...
CVE-2000-0867
Kernel logging daemon klogd in Linux does not properly cleanse user-injected format strings, which allows local users to gain root privileges by triggering malformed kernel messages...
CVE-2000-0523
The CVE-2000-0523 entry describes a buffer overflow in the logging feature of EServ versions 2.9.2 and earlier. The vulnerability allows an attacker to execute arbitrary commands via a long MKD command. Primary documentation indicates impact as arbitrary command execution with a high-severity sco...
CVE-2000-0867
Kernel logging daemon (klogd) in Linux (sysklogd) is vulnerable due to a 'format bug' that fails to cleanse user-supplied format strings, enabling local users to gain root privileges by triggering malformed kernel messages. Mandrake MDKSA-2000:050-1 describes a patched klogd version; Debian patch...
CVE-2000-1077
CVE-2000-1077 corresponds to a buffer overflow in the SHTML logging functionality of iPlanet Web Server 4.x. The vulnerability arises when processing a filename with a .shtml extension that is excessively long, enabling remote attackers to execute arbitrary commands. Multiple sources corroborate ...
CVE-2000-1040
Format string vulnerability in logging function of ypbind 3.3, while running in debug mode, leaks file descriptors and allows an attacker to cause a denial of service...
Mysql 3.22.x/3.23.x - Local Buffer Overflow
// source: https://www.securityfocus.com/bid/2262/info MySQL is a widely used Open Source database tool. Versions of MySQL up to and including 3.23.30 are vulnerable to a buffer overflow attack. By supplying an excessively long string as an argument for a SELECT statement, it is possible for a...
CVE-2000-0818
The default installation for the Oracle listener program 7.3.4, 8.0.6, and 8.1.6 allows an attacker to cause logging information to be appended to arbitrary files and execute commands via the SET TRCFILE or SET LOGFILE commands...
CVE-2000-0937
Samba Web Administration Tool SWAT in Samba 2.0.7 does not log login attempts in which the username is correct but the password is wrong, which allows remote attackers to conduct brute force password guessing attacks...
CVE-2000-0936
Samba Web Administration Tool SWAT in Samba 2.0.7 installs the cgi.log logging file with world readable permissions, which allows local users to read sensitive information such as user names and passwords...