FreeBSD : neon format string vulnerabilities (84237895-8f39-11d8-8b29-0020ed76ef5a)

Greuff reports that the neon WebDAV client library contains several format string bugs within error reporting code. A malicious server may exploit these bugs by sending specially crafted PROPFIND or PROPPATCH responses. Although several applications include neon, such as cadaver and subversion, t...

FreeBSD : gnats -- format string vulnerability (fc99c736-3499-11d9-98a7-0090962cff2a)

Gnats suffers from a format string bug, which may enable an attacker to execute arbitary code. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from the FreeBSD VuXML database : Copyright 2003-2018 Jacques Vidrine and...

FreeBSD : hsftp format string vulnerabilities (316e1c9b-671c-11d8-9aad-000a95bc6fae)

Ulf Harnhammar discovered a format string bug in hsftp's file listing code may allow a malicious server to cause arbitrary code execution by the client. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from the FreeBSD VuXM...

FreeBSD : GNU Anubis buffer overflows and format string vulnerabilities (8471bb85-6fb0-11d8-873f-0020ed76ef5a)

Ulf Harnhammar discovered several vulnerabilities in GNU Anubis. - Unsafe uses of sscanf'. The %s' format specifier is used, which allows a classical buffer overflow. auth.c - Format string bugs invoking syslog'. log.c, errs.c, ssl.c Ulf notes that these vulnerabilities can be exploited by a...

FreeBSD : ezbounce remote format string vulnerability (c480eb5e-7f00-11d8-868e-000347dd607f)

A security hole exists that can be used to crash the proxy and execute arbitrary code. An exploit is circulating that takes advantage of this, and in some cases succeeds in obtaining a login shell on the machine. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and packag...

FreeBSD : rssh -- format string vulnerability (1f826757-26be-11d9-ad2d-0050fc56d258)

There is a format string bug in rssh that enables an attacker to execute arbitrary code from an account configured to use rssh. On FreeBSD it is only possible to compromise the rssh running account, not root. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package...

Mandriva Linux Security Advisory : wireshark (MDVSA-2009:058)

Buffer overflow in wiretap/netscreen.c in Wireshark 0.99.7 through 1.0.5 allows user-assisted remote attackers to cause a denial of service application crash via a malformed NetScreen snoop file. CVE-2009-0599 Wireshark 0.99.6 through 1.0.5 allows user-assisted remote attackers to cause a denial ...

FreeBSD : Buffer overflows and format string bugs in Emil (ce46b93a-80f2-11d8-9645-0020ed76ef5a)

Ulf Harnhammar reports multiple buffer overflows in Emil, some of which are triggered during the parsing of attachment filenames. In addition, some format string bugs are present in the error reporting code. Depending upon local configuration, these vulnerabilities may be exploited using speciall...

FreeBSD : courier-imap -- format string vulnerability in debug mode (616cf823-f48b-11d8-9837-000c41e2cdad)

An iDEFENSE security advisory describes a format string vulnerability that could be exploited when Courier-IMAP is run in debug mode DEBUGLOGIN set. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from the FreeBSD VuXML...

ZDI-09-017: Oracle Applications Server 10g Format String Vulnerability

ZDI-09-017: Oracle Applications Server 10g Format String Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-09-017 April 14, 2009 -- Affected Vendors: Oracle -- Affected Products: Oracle Application Server -- TippingPointTM IPS Customer Protection: TippingPoint IPS customers have been...

Format string

Unspecified vulnerability in the OPMN component in Oracle Application Server 10.1.2.3 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the April 2009 CPU. Oracle has not commented on reliable...

CVE-2009-0993

Unspecified vulnerability in the OPMN component in Oracle Application Server 10.1.2.3 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the April 2009 CPU. Oracle has not commented on reliable...

CVE-2009-0993

CVE-2009-0993 is a format-string vulnerability in Oracle Application Server 10g’s OPMN daemon (opmn). A remote attacker can trigger arbitrary code execution by sending crafted HTTP POST requests that are logged by opmn.log, exploiting improper handling of format specifiers. Affected product is Or...

CVE-2009-0993

Unspecified vulnerability in the OPMN component in Oracle Application Server 10.1.2.3 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the April 2009 CPU. Oracle has not commented on reliable...

Mandrake Security Advisory MDVSA-2009:088 (wireshark)

The remote host is missing an update to wireshark announced via advisory MDVSA-2009:088. OpenVAS Vulnerability Test $Id: mdksa2009088.nasl 6573 2017-07-06 13:10:50Z cfischer $ Description: Auto-generated from advisory MDVSA-2009:088 wireshark Authors: Thomas Reinke Copyright: Copyright c 2009...

Oracle Applications Server 10g Format String Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Applications Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Oracle Process Manager and Notification opmn daemon which is an HTTP...

Wireshark multiple security vulnerabilities

PROFINET protocol dissector format string vulnerability, Check Point High-Availability Protocol CPHAP dissector DoS, .rf5 file parses DoS...

[ MDVSA-2009:088 ] wireshark

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2009:088 http://www.mandriva.com/security/ Package : wireshark Date : April 9, 2009 Affected: 2008.1, 2009.0, Corporate 4.0 Problem Description: Multiple vulnerabilities has been identified and corrected in...

Wireshark / Ethereal 0.99.2 to 1.0.6 Multiple Vulnerabilities

The installed version of Wireshark or Ethereal is affected by multiple issues : - The PROFINET dissector is affected by a format string vulnerability which an attacker could exploit to execute arbitrary code. Bug 3372 - Wireshark could crash while reading a malformed LDAP capture file. Bug 3262 -...

Mandriva Update for ruby-gnome2 MDVSA-2008:033 (ruby-gnome2)

Check for the Version of ruby-gnome2 OpenVAS Vulnerability Test Mandriva Update for ruby-gnome2 MDVSA-2008:033 ruby-gnome2 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or...