3118 matches found
CVE-2000-1000
Summary: CVE-2000-1000 is a format-string vulnerability in AOL Instant Messenger (AIM) 4.1 and earlier. The issue arises when transferring a file whose name contains format specifiers, which can cause a denial of service and may allow arbitrary command execution. Root cause: format-string handlin...
CVE-2000-1014
The CVE-2000-1014 entry concerns a format string vulnerability in the search97.cgi CGI script of the SCO help HTTP server for Unixware 7 . The flaw allows remote attackers to execute arbitrary commands through format string characters supplied in the queryText parameter, enabling potential remote...
CVE-2000-0917
CVE-2000-0917 describes a format-string vulnerability in LPRng’s use_syslog() in version 3.6.24 (and earlier), enabling remote attackers to execute arbitrary commands. Multiple sources corroborate: Red Hat RHSA-2000-065 notes vulnerability in 3.6.24 and earlier; CERT advisories document the forma...
CVE-2000-1004
CVE-2000-1004 documents a format string vulnerability in OpenBSD photurisd. The issue allows local users to execute arbitrary commands via a configuration-file directory name that contains formatting characters. Affected component: photurisd in OpenBSD (specific version details not provided in th...
Icecast 1.3.71.3.8 - print_client() Format String
Icecast 1.3.71.3.8 - printclient Format String // source: https://www.securityfocus.com/bid/2264/info Versions of icecast up to and including 1.3.8 beta2 exhibit a format string vulnerability in the printclientfunction of utility.c. A malicious user can cause the printf function to overwrite memo...
Icecast 1.3.7/1.3.8 - 'print_client()' Format String
// source: https://www.securityfocus.com/bid/2264/info Versions of icecast up to and including 1.3.8 beta2 exhibit a format string vulnerability in the printclientfunction of utility.c. A malicious user can cause the printf function to overwrite memory at possibly arbitrary addresses. Exploits...
Debian 2.2 - splitvt Format String
Debian 2.2 - splitvt Format String // source: https://www.securityfocus.com/bid/2210/info splitvt is a VT100 window splitter, designed to allow the user two command line interfaces in one terminal window, originally written by Sam Lantinga. It is freely available, open source, and included with...
CVE-2000-0901
Format string vulnerability in screen 3.9.5 and earlier allows local users to gain root privileges via format characters in the vbellmsg initialization variable...
CVE-2000-0995
Format string vulnerability in OpenBSD yppasswd program and possibly other BSD-based operating systems allows attackers to gain root privileges a malformed name...
CVE-2000-0918
Format string vulnerability in kvt in KDE 1.1.2 may allow local users to execute arbitrary commands via a DISPLAY environmental variable that contains formatting characters...
CVE-2000-0996
Format string vulnerability in OpenBSD su program and possibly other BSD-based operating systems allows local attackers to gain root privileges via a malformed shell...
CVE-2000-0993
Format string vulnerability in pwerror function in BSD libutil library allows local users to gain root privileges via a malformed password in commands such as chpass or passwd...
CVE-2000-0947
Format string vulnerability in cfd daemon in GNU CFEngine before 1.6.0a11 allows attackers to execute arbitrary commands via format characters in the CAUTH command...
CVE-2000-0994
Format string vulnerability in OpenBSD fstat program and possibly other BSD-based operating systems allows local users to gain root privileges via the PWD environmental variable...
CVE-2000-0950
Format string vulnerability in x-gw in TIS Firewall Toolkit FWTK allows local users to execute arbitrary commands via a malformed display name...
CVE-2000-0917
Format string vulnerability in usesyslog function in LPRng 3.6.24 allows remote attackers to execute arbitrary commands...
CVE-2000-1043
Format string vulnerability in ypserv in Mandrake Linux 7.1 and earlier, and possibly other Linux operating systems, allows an attacker to gain root privileges when ypserv is built without a vsyslog function...
CVE-2000-1040
Format string vulnerability in logging function of ypbind 3.3, while running in debug mode, leaks file descriptors and allows an attacker to cause a denial of service...
CVE-2000-1010
Format string vulnerability in talkd in OpenBSD and possibly other BSD-based OSes allows remote attackers to execute arbitrary commands via a user name that contains format characters...
CVE-2000-1000
Format string vulnerability in AOL Instant Messenger AIM 4.1.2010 allows remote attackers to cause a denial of service and possibly execute arbitrary commands by transferring a file whose name includes format characters...