lil' exim format bug

Hi BugTrackers Just a little bug to tell: THE BUG ------- accept.c, line 2506: else if smtpreply != NULL moansmtpbatchNULL, smtpreply; while moansmtpbatch is like this: moansmtpbatchchar cmdbuffer, char format, ... So when smtpreply contains format strings, it get transformed by moansmtpbatch. Wh...

Buffer Overflows in Netscape6

iXsecurity, Stockholm, january 2001 Summary There are at least three buffer overflow vulnerabilities in Netscape6 verified with version 6.0 on Win2k and Win98. We cannot currently use any of them to execute code on the system. But if someone finds a way to do that, they are really dangerous! The...

Conserver Overflow

This overflow is trivial to fix and I've already emailed the developer, but I'm curious to know if it would be at all possible to exploit this overflow. In conserver-GNAC-6.15 in the source for the conserver daemon: group.c line 376: ------------------------- int CheckPasswdpCLServing, pwstring...

unixware.chown.txt

Greetings, OVERVIEW Any user can change the owner of any file he or she owns. BACKGROUND All my testing was done on UnixWare 7.1, however chances are excellent that this problem exists for all versions of UnixWare. DETAILS This hole is, erm, different. Apparently any user can change the ownership...

netscapemail.txt

Date: Wed, 29 Jul 1998 10:04:05 +0200 From: Paul Boehm Subject: Re: netscape mail overflowanother one On Tue, Jul 28, 1998 at 08:21:41PM +0200, Paul Boehm wrote: Hi, netscape mail crashes when trying to the attachment ^- save from the following pseudo mime mail: sorry for posting twice, but this ...

CVE-2018-4596

...

CVE-2018-4528

...

CVE-2011-3470

...