CVE-2009-3707

CVE-2009-3707 corresponds to a remote denial-of-service in VMware hosted products via a format-string vulnerability in the authentication path. The initial description names VMware Workstation 7.x (before 7.0.1 build 227600) and 6.5.x (before 6.5.4 build 246459), VMware Player 3.x (before 3.0.1 b...

CVE-2009-3663

Format string vulnerability in the hreadrequest function in http.c in httpdx Web Server 1.4 allows remote attackers to cause a denial of service crash or execute arbitrary code via format string specifiers in the Host header...

Format string

Format string vulnerability in the hreadrequest function in http.c in httpdx Web Server 1.4 allows remote attackers to cause a denial of service crash or execute arbitrary code via format string specifiers in the Host header...

CVE-2009-3663

Format string vulnerability in the hreadrequest function in http.c in httpdx Web Server 1.4 allows remote attackers to cause a denial of service crash or execute arbitrary code via format string specifiers in the Host header...

CVE-2009-3663

CVE-2009-3663 affects httpdx Web Server 1.4; a format string vulnerability in h_readrequest() (http.c) can be triggered via the Host header, enabling remote crash or arbitrary code execution. OpenVAS entries corroborate the issue. No remediation details are provided in the supplied documents.

RealNetworks RealPlayer Error Message Format String (CVE-2005-2710)

RealPlayer and Helix Player are media players developed by RealNetworks, Inc. These applications are capable of playing back numerous multimedia file formats. They support a streaming slide show technology called RealPix that allows for the creation of presentations that include image content. Th...

VMware Player和Workstation 'vmware-authd'远程拒绝服务漏洞

Bugraq ID: 36630 VMware Player是一款可以让PC用户在Windows或Linux PC上很容易的运行虚拟机的免费软件。VMWare Workstation是一款流行的虚拟机应用程序。 当处理登录请求时VMware授权服务存在错误，通过提交包含 '\xFF'字符的"USER"或"PASS"字符串给监听在TCP 912端口的"vmware-authd"进程，可导致服务停止响应。 根据报告，确认VMware Workstation 6.5.3 build 185404和VMware Player 2.5.3 build 185404中的vmware-authd.ex...

GNU Mailutils imap4d Format String (CVE-2005-1523)

The Internet Message Access Protocol IMAP specifies a protocol for the access and manipulation of electronic mail. The protocol permits the manipulation of mailboxes on a remote server and allows a remote client, among other operations, to create, delete, or rename mailboxes on the server side. T...

CGI Generic Format String

The remote web server hosts CGI scripts that fail to adequately sanitize request strings. They seem to be vulnerable to a 'format string' attack. By leveraging this issue, an attacker may be able to execute arbitrary code on the remote host subject to the privileges under which the web server...

openSUSE 10 Security Update : silc-toolkit (silc-toolkit-6479)

This update of slic-toolkit fixes stack-based overflow while encoding a ASN.1 OID CVE-2008-7159 and several format string bugs CVE-2009-3051, CVE-2008-7160. The probability to exploit this issues to execute arbitrary code is high. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descripti...

openSUSE 10 Security Update : libmysqlclient-devel (libmysqlclient-devel-6360)

the COMCREATEDB and COMDROPDB suffered from format string vulnerabilities CVE-2009-2446 - the command line client was prone to cross-site scripting XSS attacks CVE-2008-4456 - fix slave reconnect %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this...

Apple Mac OS X iChat AIM URL Format String (CVE-2007-0021)

Apple Computer Mac OS X is the operating system shipped with Apple Macintosh computers. The product bundles numerous Internet applications such as web browser, email client, instant messenger, etc. Apple iChat is a multi-protocol instant messaging application that supports AIM and Jabber services...

Apple Mac OS X Installer Package Filename Format String (CVE-2007-0465)

Apple Computer Mac OS X is the operating system shipped with Apple Macintosh computers. The Installer component is an application included in Mac OS X systems which extracts and installs applications from installation packages. The installer provides features which allow developers to customize...

Ubuntu 6.06 LTS / 8.04 LTS / 8.10 / 9.04 : samba vulnerabilities (USN-839-1)

J. David Hester discovered that Samba incorrectly handled users that lack home directories when the automated homes share is enabled. An authenticated user could connect to that share name and gain access to the whole filesystem. CVE-2009-2813 Tim Prouty discovered that the smbd daemon in Samba...

elinks tries to load .po files from a non-absolute path

Untrusted search path vulnerability in the addfilenametostring function in intl/gettext/loadmsgcat.c for Elinks 0.11.1 allows local users to cause Elinks to use an untrusted gettext message catalog .po file in a "../po" directory, which can be leveraged to conduct format string attacks...

WarFTPD Multiple Format String Vulnerabilities

WarFTPd is prone to multiple remote format-string vulnerabilities because the application fails to sanitize user-supplied input before passing it to a formatted-output function. An attacker can exploit these issues to crash the server and possibly to execute arbitrary code within the context of t...

WarFTPD Multiple Format String Vulnerabilities

WarFTPd is prone to multiple remote format-string vulnerabilities because the application fails to sanitize user-supplied input before passing it to a formatted-output function. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are...

SILC Client Channel Name Format String Vulnerability

This host has SILC Client installed and is prone to Format String vulnerability. OpenVAS Vulnerability Test $Id: secpodsilcprdtschannelnameformatstringvuln.nasl 5122 2017-01-27 12:16:00Z teissa $ SILC Client & Toolkit Channel Name Format String Vulnerability Authors: Nikita MR Copyright: Copyrigh...

SILC Client Nickname Field Format String Vulnerability

This host has SILC Client/Toolkit installed, and is prone to Format String vulnerability. OpenVAS Vulnerability Test $Id: secpodsilcprdtsnicknameformatstringvuln.nasl 5122 2017-01-27 12:16:00Z teissa $ SILC Client Nickname Field Format String Vulnerability Authors: Nikita MR Copyright: Copyright ...

SILC Client Channel Name Format String Vulnerability

SILC Client is prone to a format string vulnerability. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...