8517 matches found
CVE-2005-4846
CVE-2005-4846 concerns Spey 0.3.3. A vulnerability exists in Spey’s Logger.cc where format string usage in a syslog call can allow a remote attacker to trigger a denial of service and, potentially, arbitrary code execution through crafted format specifiers. Affected product: Spey 0.3.3; vulnerabl...
Apple Safari for Windows commands execution
Shell characters problem on protocol handlers invocation. Format string vulnerability...
Mbedthis AppWeb 2.2.2 - URL Protocol Format String
Mbedthis AppWeb 2.2.2 - URL Protocol Format String source: https://www.securityfocus.com/bid/24454/info Mbedthis AppWeb is prone to a format-string vulnerability because the application fails to properly sanitize user-supplied input before passing it as the format specifier to a formatted-printin...
Mbedthis AppWeb 2.2.2 - URL Protocol Format String
source: https://www.securityfocus.com/bid/24454/info Mbedthis AppWeb is prone to a format-string vulnerability because the application fails to properly sanitize user-supplied input before passing it as the format specifier to a formatted-printing function. This issue affects only applications th...
W3M浏览器InputAnswer格式串漏洞
W3M是一款开放源代码的文字式网页浏览器。 W3M不正确过滤用户提交给格式打印函数的输入,远程攻击者可以利用漏洞进行格式串攻击,可能以进程权限执行任意指令。 目前没有详细漏洞细节提供。 W3M W3M 0.5.1 W3M W3M 0.3.2 .2 W3M W3M 0.3.2 .1 W3M W3M 0.3.2 W3M W3M 0.3.1 + RedHat Linux 8.0 i386 + RedHat Linux 8.0 W3M W3M 0.3 + RedHat Linux 7.3 i386 + RedHat Linux 7.3 W3M W3M 0.2.5 .1 W3M W3M 0.2.5...
GLSA-200706-02 : Evolution: User-assisted execution of arbitrary code
The remote host is affected by the vulnerability described in GLSA-200706-02 Evolution: User-assisted execution of arbitrary code Ulf Harnhammar from Secunia Research has discovered a format string error in the writehtml function in the file calendar/gui/e-cal-component-memo-preview.c. Impact : A...
GLSA-200706-03 : ELinks: User-assisted execution of arbitrary code
The remote host is affected by the vulnerability described in GLSA-200706-03 ELinks: User-assisted execution of arbitrary code Arnaud Giersch discovered that the 'addfilenametostring' function in file intl/gettext/loadmsgcat.c uses an untrusted relative path, allowing for a format string attack...
Evolution: User-assisted execution of arbitrary code
Background Evolution is the mail client of the GNOME desktop environment. Description Ulf Harnhammar from Secunia Research has discovered a format string error in the writehtml function in the file calendar/gui/e-cal-component-memo-preview.c. Impact A remote attacker could entice a user to open a...
ELinks: User-assisted execution of arbitrary code
Background ELinks is a text-mode web browser. Description Arnaud Giersch discovered that the "addfilenametostring" function in file intl/gettext/loadmsgcat.c uses an untrusted relative path, allowing for a format string attack with a malicious .po file. Impact A local attacker could entice a user...
vlc -- format string vulnerability and integer overflow
isecpartners reports: VLC is vulnerable to a format string attack in the parsing of Vorbis comments in Ogg Vorbis and Ogg Theora files, CDDA data or SAP/SDP service discovery messages. Additionally, there are two errors in the handling of wav files, one a denial of service due to an uninitialized...
CVE-2007-3009
Format string vulnerability in the MprLogToFile::logEvent function in Mbedthis AppWeb 2.0.5-4, when the build supports logging but the configuration disables logging, allows remote attackers to cause a denial of service daemon crash via format string specifiers in the HTTP scheme, as demonstrated...
Format string
Format string vulnerability in the MprLogToFile::logEvent function in Mbedthis AppWeb 2.0.5-4, when the build supports logging but the configuration disables logging, allows remote attackers to cause a denial of service daemon crash via format string specifiers in the HTTP scheme, as demonstrated...
CVE-2007-3009
Format string vulnerability in the MprLogToFile::logEvent function in Mbedthis AppWeb 2.0.5-4, when the build supports logging but the configuration disables logging, allows remote attackers to cause a denial of service daemon crash via format string specifiers in the HTTP scheme, as demonstrated...
CVE-2007-3009
The CVE-2007-3009 case concerns Mbedthis AppWeb 2.0.5-4, where a Format string vulnerability in MprLogToFile::logEvent can be triggered when logging is supported but disabled in configuration. The issue allows remote attackers to crash the daemon (DoS) by crafting HTTP scheme format specifiers, d...
Apple Mac OSX 10.4.9 - VPND Local Format String
Apple Mac OSX 10.4.9 - VPND Local Format String source: https://www.securityfocus.com/bid/24208/info Apple Mac OS X's VPN service daemon is prone to a format-string vulnerability because it fails to properly sanitize user-supplied input before passing it as the format specifier to a...
Mac OS X vpnd format string security vulnerability
Formats string vulnerability on -i command line argument parsing...
Mac OS X vpnd local format string
======= Summary ======= Name: Mac OS X vpnd local format string Release Date: 29 May 2007 Reference: NGS00496 Discover: Chris Anley [email protected] Vendor: Apple Vendor Reference: 26417237 CVE-ID: CVE-2007-0753 Systems Affected: OS X Server 10.4.9 and prior Risk: High Status: Published...
Apple Mac OSX 10.4.9 - VPND Local Format String
source: https://www.securityfocus.com/bid/24208/info Apple Mac OS X's VPN service daemon is prone to a format-string vulnerability because it fails to properly sanitize user-supplied input before passing it as the format specifier to a formatted-printing function. Attackers may exploit this issue...
RHEL 5 : evolution (RHSA-2007:0158)
Updated evolution packages that fix a format string bug are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Evolution is the GNOME collection of personal information management PIM tools. A format...
Format string
Format string vulnerability in the VPN daemon vpnd in Apple Mac OS X 10.3.9 and 10.4.9 allows local users to execute arbitrary code via the -i parameter...