SonicWALL Global VPN Client 4.0 - Log File Remote Format String

source: https://www.securityfocus.com/bid/35093/info SonicWALL Global VPN Client is prone to a remote format-string vulnerability because it fails to properly sanitize user-supplied input before passing it as the format specifier to a formatted-printing function. Successfully exploiting this issu...

Xitami Multiple Format String Vulnerabilities

This host has Xitami web server installed and is prone to Multiple Format String Vulnerabilities. OpenVAS Vulnerability Test $Id: secpodxitamimultformatstringvuln.nasl 5148 2017-01-31 13:16:55Z teissa $ Xitami Multiple Format String Vulnerabilities Authors: Nikita MR Copyright c 2009 SecPod,...

Xitami Multiple Format String Vulnerabilities

Xitami web server is prone to multiple format string vulnerabilities. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

DSA-1785-1 wireshark - several vulnerabilities

Bulletin has no description...

Mandriva Linux Security Advisory : yelp (MDVSA-2008:175)

A format string vulnerability was discovered in yelp after version 2.19.90 and before 2.24 that could allow remote attackers to execute arbitrary code via format string specifiers in an invalid URI on the command-line or via URI helpers in Firefox, Evolution, or possibly other programs...

CentOS 3 / 4 / 5 : qt (CESA-2007:0721)

Updated qt packages that correct an integer overflow flaw are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Qt is a software toolkit that simplifies the task of writing and maintaining GUI Graphical User Interface applications...

FreeBSD : metamail format string bugs and buffer overflows (a20082c3-6255-11d8-80e3-0020ed76ef5a)

Ulf Harnhammar reported four bugs in metamail: two are format string bugs and two are buffer overflows. The bugs are in SaveSquirrelFile, PrintHeader, and ShareThisHeader. These vulnerabilities could be triggered by a maliciously formatted email message if metamail' or splitmail' is used to proce...

Mandriva Linux Security Advisory : policykit (MDVSA-2008:087)

A format string vulnerability in the grant helper, in PolicyKit 0.7 and earlier, allows attackers to cause a denial of service crash and possibly execute arbitrary code via format strings in a password. The updated package has been patched to correct this issue. %NASLMINLEVEL 70300 C Tenable...

FreeBSD : qpopper format string vulnerability (ebdf65c7-2ca6-11d8-9355-0020ed76ef5a)

An authenticated user may trigger a format string vulnerability present in qpopper's UIDL code, resulting in arbitrary code execution with group ID mail' privileges. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from the...

Mandriva Linux Security Advisory : wireshark (MDVSA-2009:088)

Multiple vulnerabilities has been identified and corrected in wireshark : o The PROFINET dissector was vulnerable to a format string overflow CVE-2009-1210. o The Check Point High-Availability Protocol CPHAP dissecto could crash CVE-2009-1268. o Wireshark could crash while loading a Tektronix .rf...

FreeBSD : apache13-modssl -- format string vulnerability in proxy support (18974c8a-1fbd-11d9-814e-0001020eed82)

A OpenPKG Security Advisory reports : Triggered by a report to Packet Storm from Virulent, a format string vulnerability was found in modssl, the Apache SSL/TLS interface to OpenSSL, version up to and including 2.8.18 for Apache 1.3. The modssl in Apache 2.x is not affected. The vulnerability cou...

FreeBSD : socat -- format string vulnerability (f3017ce1-32a4-11d9-a9e7-0001020eed82)

Socat Security Advisory 1 states : socat up to version 1.4.0.2 contains a syslog based format string vulnerability. This issue was originally reported by CoKi on 19 Oct.2004 http://www.nosystem.com.ar/advisories/advisory-07.txt. Further investigation showed that this vulnerability could under som...

FreeBSD : ez-ipupdate -- format string vulnerability (e69ba632-326f-11d9-b5b7-000854d03344)

Data supplied by a remote server is used as the format string instead of as parameters in a syslog call. This may lead to crashes or potential running of arbitrary code. It is only a problem when running in daemon mode very common and when using some service types. %NASLMINLEVEL 70300 C Tenable...

Mandrake Linux Security Advisory : xine-ui (MDKSA-2007:154)

Format string vulnerability in the errorscreatewindow function in errors.c in xine-ui allows attackers to execute arbitrary code via unknown vectors. CVE-2007-0254 XINE 0.99.4 allows user-assisted remote attackers to cause a denial of service application crash and possibly execute arbitrary code...

FreeBSD : neon format string vulnerabilities (84237895-8f39-11d8-8b29-0020ed76ef5a)

Greuff reports that the neon WebDAV client library contains several format string bugs within error reporting code. A malicious server may exploit these bugs by sending specially crafted PROPFIND or PROPPATCH responses. Although several applications include neon, such as cadaver and subversion, t...

FreeBSD : gnats -- format string vulnerability (fc99c736-3499-11d9-98a7-0090962cff2a)

Gnats suffers from a format string bug, which may enable an attacker to execute arbitary code. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from the FreeBSD VuXML database : Copyright 2003-2018 Jacques Vidrine and...

FreeBSD : hsftp format string vulnerabilities (316e1c9b-671c-11d8-9aad-000a95bc6fae)

Ulf Harnhammar discovered a format string bug in hsftp's file listing code may allow a malicious server to cause arbitrary code execution by the client. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from the FreeBSD VuXM...

FreeBSD : GNU Anubis buffer overflows and format string vulnerabilities (8471bb85-6fb0-11d8-873f-0020ed76ef5a)

Ulf Harnhammar discovered several vulnerabilities in GNU Anubis. - Unsafe uses of sscanf'. The %s' format specifier is used, which allows a classical buffer overflow. auth.c - Format string bugs invoking syslog'. log.c, errs.c, ssl.c Ulf notes that these vulnerabilities can be exploited by a...

FreeBSD : ezbounce remote format string vulnerability (c480eb5e-7f00-11d8-868e-000347dd607f)

A security hole exists that can be used to crash the proxy and execute arbitrary code. An exploit is circulating that takes advantage of this, and in some cases succeeds in obtaining a login shell on the machine. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and packag...

FreeBSD : rssh -- format string vulnerability (1f826757-26be-11d9-ad2d-0050fc56d258)

There is a format string bug in rssh that enables an attacker to execute arbitrary code from an account configured to use rssh. On FreeBSD it is only possible to compromise the rssh running account, not root. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package...