Ubuntu 6.06 LTS / 6.10 / 7.04 : qt-x11-free vulnerability (USN-495-1)

Several format string vulnerabilities have been discovered in Qt warning messages. By causing an application to process specially crafted input data which triggered Qt warnings, this could be exploited to execute arbitrary code with the privilege of the user running the application. Note that...

texinfo-poc.txt

--==+=============================================+==-- --==+ texinfo = 4.9 format string vuln PoC +==-- --==+=============================================+==-- DISCOVERED BY: Cody Rester WEBSITE: www.codyrester.com --==+=============================================+==-- TIMELINE:...

[UPH-07-03] Firefly Media Server remote format string vulnerability

UPH-07-02 UnprotectedHex.com security advisory 07-02 Discovered by nnp Discovered : 1 August 2007 Reported to the vendor : 13 October 2007 Fixed by vendor : 21 October 2007 Vulnerability class : Remote format string Affected product : mt-dappd/Firefly Media Server Version : = 0.2.4 Product detail...

iDefense Security Advisory 11.02.07: Sun Microsystems Solaris srsexec Format String Vulnerability

iDefense Security Advisory 11.02.07 http://labs.idefense.com/intelligence/vulnerabilities/ Nov 02, 2007 I. BACKGROUND The srsexec utility is part of the SRS Proxy Core package that is available with Solaris 10. This package is used to monitor the performance of clients running Solaris from a...

Fedora 7 : sylpheed-2.3.1-5 (2007-1841)

Ulf Harnhammar Secunia Research has discovered a format string vulnerability in sylpheed and claws-mail in incputerror function in src/inc.c when displaying POP3 error reply. Problem can be exploited by malicious POP3 server via specially crafted POP3 server replies containing format specifiers...

Debian DSA-1398-1 : perdition - format string error

Bernhard Mueller of SEC Consult has discovered a format string vulnerability in perdition, an IMAP proxy. This vulnerability could allow an unauthenticated remote user to run arbitrary code on the perdition server by providing a specially formatted IMAP tag. %NASLMINLEVEL 70300 C Tenable Network...

FreeBSD : perdition -- str_vwrite format string vulnerability (617a4021-8bf0-11dc-bffa-0016179b2dd5)

SEC-Consult reports : Perdition IMAP is affected by a format string bug in one of its IMAP output-string formatting functions. The bug allows the execution of arbitrary code on the affected server. A successful exploit does not require prior authentication. %NASLMINLEVEL 70300 C Tenable Network...

Format string

Format string vulnerability in the wsaddarg function in webserver.c in mt-dappd in Firefly Media Server 0.2.4 and earlier allows remote attackers to execute arbitrary code via a stats method action to /xml-rpc with format string specifiers in the 1 username or 2 password portion of base64-encoded...

CVE-2007-5825

Format string vulnerability in the wsaddarg function in webserver.c in mt-dappd in Firefly Media Server 0.2.4 and earlier allows remote attackers to execute arbitrary code via a stats method action to /xml-rpc with format string specifiers in the 1 username or 2 password portion of base64-encoded...

CVE-2007-5825

Format string vulnerability in the wsaddarg function in webserver.c in mt-dappd in Firefly Media Server 0.2.4 and earlier allows remote attackers to execute arbitrary code via a stats method action to /xml-rpc with format string specifiers in the 1 username or 2 password portion of base64-encoded...

CVE-2007-5825

Format string vulnerability in the wsaddarg function in webserver.c in mt-dappd in Firefly Media Server 0.2.4 and earlier allows remote attackers to execute arbitrary code via a stats method action to /xml-rpc with format string specifiers in the 1 username or 2 password portion of base64-encoded...

CVE-2007-5825

CVE-2007-5825 is a format-string vulnerability in the mt-daapd Firefly Media Server (ws_addarg in webserver.c) that can be triggered via the Authorization: Basic header (base64 username/password) in XML-RPC requests, allowing remote code execution. The issue affects Firefly MT‑DAAPD up to version...

[SECURITY] [DSA 1398-1] New perdition packages fix arbitrary code execution

------------------------------------------------------------------------ Debian Security Advisory DSA-1398-1 [email protected] http://www.debian.org/security/ Noah Meyerhans November 05, 2007 http://www.debian.org/security/faq -...

[SECURITY] [DSA 1398-1] New perdition packages fix arbitrary code execution

------------------------------------------------------------------------ Debian Security Advisory DSA-1398-1 [email protected] http://www.debian.org/security/ Noah Meyerhans November 05, 2007 http://www.debian.org/security/faq -...

DSA-1398-1 perdition - format string vulnerability

Bulletin has no description...

Firefly Media Server webserver.c ws_addarg Function /xml-rpc Authorization Header Remote Format String

The remote host is running Firefly Media Server, also known as mt-daapd, a media streaming server. The version of Firefly Media Server installed on the remote host apparently fails to sanitize user-supplied input before using it as the format string in a call to 'vsnprintf'' in 'src/webserver.c'...

Perdition IMAP代理str_vwrite函数远程格式串处理漏洞

BUGTRAQ ID: 26270 Perdition是一款POP3和IMAP4代理服务器。 Perdition IMAPD的一个IMAP输出字符串格式化函数中存在格式串漏洞，远程攻击者可能利用此漏洞控制服务器。 在某些情况下，未经验证便将IMAP标签（IMAP命令的最初部分）拷贝到了字符缓冲区，然后做为格式串将这个缓冲区传送给了vsnprintf。在调用vsnprintf之前，执行了以下格式串验证以防范注入： str.c： ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 168:...

uph0703.py.txt

!C:\python25\python25.exe """ Advisory : UPH-07-03 mt-dappd/Firefly media server remote format string vulnerability Discovered by nnp http://www.unprotectedhex.com """ import sys import socket import base64 if lensys.argv != 3: sys.exit-1 fmtstr = base64.b64encode"%n"16 + ":" + "password" killmsg...

Perdition IMAPD IMAP Tag Remote Format String Arbitrary Code Execution

The remote IMAP service is actually a Perdition IMAP proxy. The version of Perdition installed on the remote host appears to be affected by a format string vulnerability in which it copies the IMAP tag into a character buffer without first validating it and then passes it to 'vsnprintf' as a form...

CVE-2007-5740

The format string protection mechanism in IMAPD for Perdition Mail Retrieval Proxy 1.17 and earlier allows remote attackers to execute arbitrary code via an IMAP tag with a null byte followed by a format string specifier, which is not counted by the mechanism...