CVE-2000-0917

CVE-2000-0917 describes a format-string vulnerability in LPRng’s use_syslog() in version 3.6.24 (and earlier), enabling remote attackers to execute arbitrary commands. Multiple sources corroborate: Red Hat RHSA-2000-065 notes vulnerability in 3.6.24 and earlier; CERT advisories document the forma...

CVE-2000-0947

Format string vulnerability in cfd daemon in GNU CFEngine before 1.6.0a11 allows attackers to execute arbitrary commands via format characters in the CAUTH command...

CVE-2000-0901

The vulnerability CVE-2000-0901 affects the screen program (versions 3.9.5 and earlier). It stems from a format string vulnerability in the vbell_msg initialization, enabling local users to gain root privileges. Exploitation details are not provided in the supplied documents, and a remediation/pa...

CVE-2000-0901

Format string vulnerability in screen 3.9.5 and earlier allows local users to gain root privileges via format characters in the vbellmsg initialization variable...

CVE-2000-0996

Format string vulnerability in OpenBSD su program and possibly other BSD-based operating systems allows local attackers to gain root privileges via a malformed shell...

CVE-2000-0993

Format string vulnerability in pwerror function in BSD libutil library allows local users to gain root privileges via a malformed password in commands such as chpass or passwd...

Icecast 1.3.7/1.3.8 - 'print_client()' Format String

// source: https://www.securityfocus.com/bid/2264/info Versions of icecast up to and including 1.3.8 beta2 exhibit a format string vulnerability in the printclientfunction of utility.c. A malicious user can cause the printf function to overwrite memory at possibly arbitrary addresses. Exploits...

Icecast 1.3.71.3.8 - print_client() Format String

Icecast 1.3.71.3.8 - printclient Format String // source: https://www.securityfocus.com/bid/2264/info Versions of icecast up to and including 1.3.8 beta2 exhibit a format string vulnerability in the printclientfunction of utility.c. A malicious user can cause the printf function to overwrite memo...

Debian 2.2 - splitvt Format String

Debian 2.2 - splitvt Format String // source: https://www.securityfocus.com/bid/2210/info splitvt is a VT100 window splitter, designed to allow the user two command line interfaces in one terminal window, originally written by Sam Lantinga. It is freely available, open source, and included with...

DoS против IIS (format string)

Запрос типа GET /00 HTTP/1.0 приводит к краху сервера...

WU-FTPD 2.6.0 - Remote Format Strings

/ 12:40 11/10/00: Tool for either attack or defense within an information warfare setting. Rather, it is a small program demonstrating proof of concept. Default values for solaris 2.8 and inetd. If you are not the intended recipient, or a person responsible for delivering it to the intended...

WU-FTPD 2.6.0 - Remote Format Strings

WU-FTPD 2.6.0 - Remote Format Strings / 12:40 11/10/00: Tool for either attack or defense within an information warfare setting. Rather, it is a small program demonstrating proof of concept. Default values for solaris 2.8 and inetd. If you are not the intended recipient, or a person responsible f...

wu-ftpd 2.6.0 Remote Format Strings Exploit

Exploit for solaris platform in category remote exploits =========================================== wu-ftpd 2.6.0 Remote Format Strings Exploit =========================================== / 12:40 11/10/00: Tool for either attack or defense within an information warfare setting. Rather, it is a...

[SECURITY] [DSA-009-1] multiple stunnel vulnerabilities

Package : stunnel Problem type : insecure file handling, format string bug Debian-specific: no Lez discovered a format string problem in stunnel a tool to create Universal SSL tunnel for other network daemons. Brian Hatch responded by stating he was already preparing a new release with multiple...

FreeBSD-SA-00:80.halflifeserver

-----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-00:80 Security Advisory FreeBSD, Inc. Topic: halflifeserver allows remote code execution Category: ports Module: halflifeserver Announced: 2000-12-20 Credits: Mark Cooper...

CVE-2000-0917

Format string vulnerability in usesyslog function in LPRng 3.6.24 allows remote attackers to execute arbitrary commands...

CVE-2000-0901

Format string vulnerability in screen 3.9.5 and earlier allows local users to gain root privileges via format characters in the vbellmsg initialization variable...

CVE-2000-0995

Format string vulnerability in OpenBSD yppasswd program and possibly other BSD-based operating systems allows attackers to gain root privileges a malformed name...

CVE-2000-0994

Format string vulnerability in OpenBSD fstat program and possibly other BSD-based operating systems allows local users to gain root privileges via the PWD environmental variable...

CVE-2000-0947

Format string vulnerability in cfd daemon in GNU CFEngine before 1.6.0a11 allows attackers to execute arbitrary commands via format characters in the CAUTH command...