8517 matches found
CVE-2007-0753
Format string vulnerability in the VPN daemon vpnd in Apple Mac OS X 10.3.9 and 10.4.9 allows local users to execute arbitrary code via the -i parameter...
CVE-2007-0753
Format string vulnerability in the VPN daemon vpnd in Apple Mac OS X 10.3.9 and 10.4.9 allows local users to execute arbitrary code via the -i parameter...
CVE-2007-0753
CVE-2007-0753 affects Apple Mac OS X VPND (VPN daemon) on affected platforms (OS X Server 10.4.9 and earlier; 10.3.9 referenced). The vulnerability is a local format-string flaw in vpnd triggered by the -i parameter, where untrusted input is passed into a format function, and vpnd runs with setui...
SOL5534 - Apache mod_proxy message format vulnerability - CAN-2004-0700
Vulnerability description Format string vulnerability in the modproxy hook functions function in sslenginelog.c in modssl before 2.8.19 for Apache before 1.3.31 may allow remote attackers to execute arbitrary messages via format string specifiers in certain log messages for HTTPS that are handled...
Format string
Unspecified vulnerability in NetWin Webmail 3.1s-1 in SurgeMail before 3.8i2 has unknown impact and remote attack vectors, possibly a format string vulnerability that allows remote code execution...
CVE-2007-2655
CVE-2007-2655 affects NetWin Webmail 3.1s-1 used in SurgeMail prior to version 3.8i2. The vulnerability is described as a potential format string issue that could enable remote code execution. Details are limited in the provided sources; no concrete exploit method, affected module/file, or patch/...
Moderate: Red Hat Security Advisory: evolution security update
Updated evolution packages that fix a format string bug are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Evolution is the GNOME collection of personal information management PIM tools. A format...
evolution format string flaw
Format string vulnerability in the writehtml function in calendar/gui/e-cal-component-memo-preview.c in Evolution Shared Memo 2.8.2.1, and possibly earlier versions, allows user-assisted remote attackers to execute arbitrary code via format specifiers in the categories of a crafted shared memo...
Format string
Multiple format string vulnerabilities in AFFLIB before 2.2.6 allow remote attackers to execute arbitrary code via certain command line parameters, which are used in 1 warn and 2 err calls in a lib/s3.cpp, b tools/afconvert.cpp, c tools/afcopy.cpp, d tools/afinfo.cpp, e aimage/aimage.cpp, f...
CVE-2007-2054
Multiple format string vulnerabilities in AFFLIB before 2.2.6 allow remote attackers to execute arbitrary code via certain command line parameters, which are used in 1 warn and 2 err calls in a lib/s3.cpp, b tools/afconvert.cpp, c tools/afcopy.cpp, d tools/afinfo.cpp, e aimage/aimage.cpp, f...
CVE-2007-2054
Multiple format string vulnerabilities in AFFLIB before 2.2.6 allow remote attackers to execute arbitrary code via certain command line parameters, which are used in 1 warn and 2 err calls in a lib/s3.cpp, b tools/afconvert.cpp, c tools/afcopy.cpp, d tools/afinfo.cpp, e aimage/aimage.cpp, f...
CVE-2007-2352
Multiple format string vulnerabilities in AFFLIB 2.2.6 allow remote attackers to execute arbitrary code via certain command line parameters, which are used in 1 warn and 2 err calls, possibly involving a lib/s3.cpp, b tools/afconvert.cpp, c tools/afcopy.cpp, d tools/afinfo.cpp, e aimage/imager.cp...
CVE-2007-2054
Multiple format string vulnerabilities in AFFLIB before 2.2.6 allow remote attackers to execute arbitrary code via certain command line parameters, which are used in 1 warn and 2 err calls in a lib/s3.cpp, b tools/afconvert.cpp, c tools/afcopy.cpp, d tools/afinfo.cpp, e aimage/aimage.cpp, f...
CVE-2007-2054
AFFLIB 2.2.6 and earlier contains multiple format-string vulnerabilities exposing several command-line utilities (lib/s3.cpp, tools/afconvert.cpp, tools/afcopy.cpp, tools/afinfo.cpp, aimage/aimage.cpp, aimage/imager.cpp, tools/afxml.cpp) to remote code execution via parameters used as format stri...
CVE-2007-2352
Multiple format string vulnerabilities in AFFLIB 2.2.6 allow remote attackers to execute arbitrary code via certain command line parameters, which are used in 1 warn and 2 err calls, possibly involving a lib/s3.cpp, b tools/afconvert.cpp, c tools/afcopy.cpp, d tools/afinfo.cpp, e aimage/imager.cp...
CVE-2007-2352
Summary (CVE-2007-2352): AFFLIB before 2.2.6 contains multiple format-string vulnerabilities exploitable via command-line inputs that are used as format strings in warn/err calls. Affected components include lib/s3.cpp, tools/afconvert.cpp, tools/afcopy.cpp, tools/afinfo.cpp, aimage/imager.cpp, a...
AFFLIB多个格式串处理漏洞
AFFLIB是用于操作高级取证格式(AFF)文件的开源函数库。 AFFLIB的一些命令行工具实现上存在格式串处理漏洞,本地攻击者可能利用此漏洞提升自己的权限。 这些工具以格式串参数向warn和err调用传输一些命令行参数。如果攻击者能够影响这些命令行参数的话,就可能导致执行任意指令。 s3格式串注入 文件:lib/s3.cpp 行数:207 err调用中的一个命令行参数用作了格式串,如果攻击者能够影响名称的话就可以导致格式串注入漏洞。192-207行说明了这个问题: void s3cpconst char fname,string key struct s3headers meta2 =...
AFFLIB library multiple security vulnerabilities
Shell characters injections, buffer overflows, format string vulnerabilities, race conditions, etc...
AFFLIB(TM): Multiple Format String Injections
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Virtual Security Research, LLC. http://www.vsecurity.com/ Security Advisory - -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Advisory Name: Multiple Format String Injections in AFFLIB Release Date: 2007-04-27 Application...
CVE-2007-2318
Multiple format string vulnerabilities in FileZilla before 2.2.32 allow remote attackers to execute arbitrary code via format string specifiers in 1 FTP server responses or 2 data sent by an FTP server. NOTE: some of these details are obtained from third party information...