Lucene search
K

8517 matches found

Exploit DB
Exploit DB
added 2007/04/17 12:0 a.m.31 views

OllyDbg 1.10 - Local Format String

/ ..:: jamikazu presents ::.. OllyDbg v110 Local Format String Exploit 0day Author: jamikazu Mail: [email protected] web: http://jamikazu.110mb.com/ Bug discovered by Ned from http://felinemenace.org/ Credit: ap0x,milw0rm Greets: All turkish security researchers ... invokes calc.exe if successfu...

7.4AI score
Exploits0
Gentoo Linux
Gentoo Linux
added 2007/04/16 12:0 a.m.41 views

Inkscape: Two format string vulnerabilities

Background Inkscape is a vector graphics editor, using Scalable Vector Graphics SVG Format. Description Kees Cook has discovered two vulnerabilities in Inkscape. The application does not properly handle format string specifiers in some dialog boxes. Inkscape is also vulnerable to another format...

6.8CVSS7.1AI score0.03364EPSS
Exploits0
securityvulns
securityvulns
added 2007/04/16 12:0 a.m.24 views

elinks format string vulnerability

Relative path is used to search text strings .po file. It makes it possible to spoof the file and to conduct format string attack...

4.4CVSS2.1AI score0.00841EPSS
Exploits1Affected Software1
Check Point Advisories
Check Point Advisories
added 2007/04/15 12:0 a.m.1 views

Security Best Practice: Protect Yourself against FTP Format Strings Attacks

The File Transfer Protocol FTP is used to connect computers over the Internet enabling file transferring between their users. FTP format string attacks are a common threat on vulnerable systems. Format string attacks can be used to crash a program or to execute malicious code. Successful format...

7.2AI score
Exploits0
ATTACKERKB
ATTACKERKB
added 2007/04/13 6:19 p.m.4 views

CVE-2007-2027

Untrusted search path vulnerability in the addfilenametostring function in intl/gettext/loadmsgcat.c for Elinks 0.11.1 allows local users to cause Elinks to use an untrusted gettext message catalog .po file in a "../po" directory, which can be leveraged to conduct format string attacks...

4.4CVSS5.5AI score0.00841EPSS
Exploits1References15
UbuntuCve
UbuntuCve
added 2007/04/13 6:19 p.m.17 views

CVE-2007-2027

Untrusted search path vulnerability in the addfilenametostring function in intl/gettext/loadmsgcat.c for Elinks 0.11.1 allows local users to cause Elinks to use an untrusted gettext message catalog .po file in a "../po" directory, which can be leveraged to conduct format string attacks...

4.4CVSS5.9AI score0.00841EPSS
Exploits1References2
NVD
NVD
added 2007/04/13 6:19 p.m.6 views

CVE-2007-2027

Untrusted search path vulnerability in the addfilenametostring function in intl/gettext/loadmsgcat.c for Elinks 0.11.1 allows local users to cause Elinks to use an untrusted gettext message catalog .po file in a "../po" directory, which can be leveraged to conduct format string attacks...

4.4CVSS6AI score0.00841EPSS
Exploits1References13
OSV
OSV
added 2007/04/13 6:19 p.m.4 views

CVE-2007-2027

Untrusted search path vulnerability in the addfilenametostring function in intl/gettext/loadmsgcat.c for Elinks 0.11.1 allows local users to cause Elinks to use an untrusted gettext message catalog .po file in a "../po" directory, which can be leveraged to conduct format string attacks...

6AI score
Exploits0References14
CVE
CVE
added 2007/04/13 6:0 p.m.98 views

CVE-2007-2027

CVE-2007-2027 affects Elinks 0.11.1 (ELinks) via the function add_filename_to_string in intl/gettext/loadmsgcat.c, allowing a local attacker to cause Elinks to load an untrusted gettext catalog (.po) from a ../po directory and potentially perform format-string attacks. Multiple connected sources ...

4.4CVSS5.8AI score0.00841EPSS
Exploits1References13Affected Software1
NVD
NVD
added 2007/04/06 1:19 a.m.20 views

CVE-2007-0957

Stack-based buffer overflow in the krb5klogsyslog function in the kadm5 library, as used by the Kerberos administration daemon kadmind and Key Distribution Center KDC, in MIT krb5 before 1.6.1 allows remote authenticated users to execute arbitrary code and modify the Kerberos key database via...

9CVSS7.6AI score0.10327EPSS
Exploits1References37
Debian CVE
Debian CVE
added 2007/04/06 1:0 a.m.32 views

CVE-2007-0957

Stack-based buffer overflow in the krb5klogsyslog function in the kadm5 library, as used by the Kerberos administration daemon kadmind and Key Distribution Center KDC, in MIT krb5 before 1.6.1 allows remote authenticated users to execute arbitrary code and modify the Kerberos key database via...

9CVSS7.6AI score0.10327EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2007/04/05 12:0 a.m.27 views

GLSA-200703-25 : Ekiga: Format string vulnerability

The remote host is affected by the vulnerability described in GLSA-200703-25 Ekiga: Format string vulnerability Mu Security has discovered that Ekiga fails to implement formatted printing correctly. Impact : An attacker could exploit this vulnerability to crash Ekiga and potentially execute...

10CVSS6.1AI score0.0364EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2007/04/05 12:0 a.m.15 views

Mandrake Linux Security Advisory : evolution (MDKSA-2007:070)

A format string error in the 'writehtml' function in calendar/gui/ e-cal-component-memo-preview.c when displaying a memo's categories can potentially be exploited to execute arbitrary code via a specially crafted shared memo containing format specifiers. Updated packages have been patched to...

6.8CVSS5.9AI score0.03364EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2007/04/02 12:0 a.m.460 views

PHP < 4.4.5 Multiple Vulnerabilities

According to its banner, the version of PHP installed on the remote host is older than 4.4.5. Such versions may be affected by several issues, including buffer overflows, format string vulnerabilities, arbitrary code execution, 'safemode' and 'openbasedir' bypasses, and clobbering of super-global...

10CVSS5.8AI score0.40435EPSS
Exploits16References24
Tenable Nessus
Tenable Nessus
added 2007/04/02 12:0 a.m.87 views

PHP < 5.2.1 Multiple Vulnerabilities

According to its banner, the version of PHP installed on the remote host is older than 5.2.1. Such versions may be affected by several issues, including buffer overflows, format string vulnerabilities, arbitrary code execution, 'safemode' and 'openbasedir' bypasses, and clobbering of super-global...

10CVSS5.8AI score0.15195EPSS
Exploits10References28
securityvulns
securityvulns
added 2007/03/29 12:0 a.m.27 views

Inkscape multiple security vulnerabilities

Format string vulnerability in URIs displaying, security problems with Jabber protocol...

6.8CVSS1.4AI score0.03364EPSS
Exploits0Affected Software1
Gentoo Linux
Gentoo Linux
added 2007/03/29 12:0 a.m.18 views

Ekiga: Format string vulnerability

Background Ekiga is an open source VoIP and video conferencing application. Description Mu Security has discovered that Ekiga fails to implement formatted printing correctly. Impact An attacker could exploit this vulnerability to crash Ekiga and potentially execute arbitrary code by sending a...

10CVSS7.1AI score0.0364EPSS
Exploits0
Ubuntu
Ubuntu
added 2007/03/26 7:31 p.m.43 views

USN-442-1: Evolution vulnerability

Ulf Harnhammar of Secunia Research discovered that Evolution did not correctly handle format strings when displaying shared memos. If a remote attacker tricked a user into viewing a specially crafted shared memo, they could execute arbitrary code with user privileges...

6.8CVSS5.8AI score0.03364EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2007/03/26 12:0 a.m.45 views

GLSA-200703-21 : PHP: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-200703-21 PHP: Multiple vulnerabilities Several vulnerabilities were found in PHP by the Hardened-PHP Project and other researchers. These vulnerabilities include a heap-based buffer overflow in htmlentities and htmlspecialchars i...

10CVSS6.4AI score0.40435EPSS
Exploits13References16
Tenable Nessus
Tenable Nessus
added 2007/03/26 12:0 a.m.16 views

Mandrake Linux Security Advisory : inkscape (MDKSA-2007:069)

Format string vulnerability in Inkscape before 0.45.1 allows user-assisted remote attackers to execute arbitrary code via format string specifiers in a URI, which is not properly handled by certain dialogs. Updated packages have been patched to address this issue. %NASLMINLEVEL 70300 C Tenable...

6.8CVSS6AI score0.03364EPSS
Exploits0References2
Rows per page
Query Builder