3118 matches found
CVE-2000-0733
Telnetd telnet server in IRIX 5.2 through 6.1 does not properly cleans user-injected format strings, which allows remote attackers to execute arbitrary commands via a long RLD variable in the IAC-SB-TELOPTENVIRON request...
ntop 1.x - i Local Format String
source: https://www.securityfocus.com/bid/1840/info ntop network top is a unix program used for displaying network usage statistics. It is often installed setuid root because it uses privileged ports. ntop is vulnerable to a format string vulnerability that can compromise root access locally. If...
CVE-2000-0594
BitchX IRC client does not properly cleanse an untrusted format string, which allows remote attackers to cause a denial of service via an invite to a channel whose name includes special formatting characters...
PHP 3.04.0 - Error Logging Format String
PHP 3.04.0 - Error Logging Format String // source: https://www.securityfocus.com/bid/1786/info PHP is a scripting language designed for CGI applications that is used on many websites. There exists a remotely exploitable format string vulnerability in all versions of PHP below PHP 4.0.3. The...
Unixware SCOhelp http server format string vulnerability
CORE SDI Inc. http://www.core-sdi.com Unixware SCOhelp http server format string vulnerability Date Published: 09/27/00 Advisory ID: CORE-092700 Bugtraq ID: 1717 CVE CAN: None currently assigned. Title: Unixware SCOhelp http server format string vulnerability Class: Input validation error Remotel...
Дырка в kvt
Ошибка форматной строки при разборе имени дисплея...
Juergen Weigert screen 3.9 - User Supplied Format String
Juergen Weigert screen 3.9 - User Supplied Format String // source: https://www.securityfocus.com/bid/1641/info Various format string vulnerabilities exist in versions 3.9.5 and prior of 'screen' that may allow local users to elevate their privileges. If screen is setuid root, it is possible to...
UNIX locale format string vulnerability
CORE SDI http://www.core-sdi.com UNIX locale format string vulnerability Date Published: September 4th, 2000 early release Advisory ID: CORE-090400 Bugtraq ID: 1634 CVE CAN: None currently assigned. Title: UNIX locale format string vulnerability Class: Input Validation Error Remotely Exploitable:...
Immunix OS 6.2 - LC glibc format string
Immunix OS 6.2 - LC glibc format string / source: https://www.securityfocus.com/bid/1634/info nectiva 4.x/5.x,Debian 2.x,IBM AIX 3.x/4.x,Mandrake 7,RedHat 5.x/6.x,IRIX 6.x, Solaris 2.x/7/8,Turbolinux 6.x,Wirex Immunix OS 6.2 Locale Subsystem Format String Many UNIX operating systems provide...
Libc locale - Local Privilege Escalation (1)
Libc locale - Local Privilege Escalation 1 / source: https://www.securityfocus.com/bid/1634/info ectiva 4.x/5.x,Debian 2.x,IBM AIX 3.x/4.x,Mandrake 7,RedHat 5.x/6.x,IRIX 6.x, Solaris 2.x/7/8,Turbolinux 6.x,Wirex Immunix OS 6.2 Locale Subsystem Format String Many UNIX operating systems provide...
Redhat Linux 6.x remote root exploit
Hi, Included below is an exploit for the recently exposed linux rpc.statd format string vulnerability0. I have tailored it towards current Redhat Linux 6.x installations. It can easily be incorporated into attacks against the other vulnerable Linux distributions. I am not a security expert, but...
HP-UX FTP Daemon PASS Command Remote Format String
The remote ftp server does not sanitize properly the argument of the PASS command it receives for anonymous accesses. It may be possible for a remote attacker to gain shell access. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if...
BitchX IRC Client 75p175p31.0 c16 - INVITE Format String
BitchX IRC Client 75p175p31.0 c16 - INVITE Format String // source: https://www.securityfocus.com/bid/1436/info BitchX IRC clients, versions 75 up to and including 1.0c16, are vulnerable to a Denial of Service and possible remote execution of code. By /invite-ing someone to a channel name...
BitchX IRC Client 75p1/75p3/1.0 c16 - '/INVITE' Format String
// source: https://www.securityfocus.com/bid/1436/info BitchX IRC clients, versions 75 up to and including 1.0c16, are vulnerable to a Denial of Service and possible remote execution of code. By /invite-ing someone to a channel name containing formatting characters %s, %n, etc an IRC user can cau...
CVE-2000-0594
BitchX IRC client does not properly cleanse an untrusted format string, which allows remote attackers to cause a denial of service via an invite to a channel whose name includes special formatting characters...
qpopper format string vulnerability
An authenticated user may trigger a format string vulnerability present in qpopper's UIDL code, resulting in arbitrary code execution with group ID mail' privileges...
CVE-1999-1417
Format string vulnerability in AnswerBook2 AB2 web server dwhttpd 3.1a4 allows remote attackers to cause a denial of service and possibly execute arbitrary commands via encoded % characters in an HTTP request, which is improperly logged...
GNOME's Eye Of Gnome incorrect file name handling
Advisory ID Internal CORE-2003-0304-03 Bugtraq ID: 7121 CVE Name: CAN-2003-0165 CERT: VU363001 Title: GNOME's Eye Of Gnome incorrect file name handling Class: Input validation error Remotely Exploitable: No Locally Exploitable: Yes Vendors contacted: Eye Of Gnome . CORE Notification: 2003-03-14...