8517 matches found
CVE-2005-1478
CVE-2005-1478 affects NetWin DMail 3.1a DSmtp (dsmtp.exe) where a format-string vulnerability in the xtellmail command allows remote code execution. The root cause is improper handling of format specifiers in DSmtp; impact is arbitrary code execution on the server. Public exploit details are not ...
GLSA-200505-02 : Oops!: Remote code execution
The remote host is affected by the vulnerability described in GLSA-200505-02 Oops!: Remote code execution A format string flaw has been detected in the myxlog function of the Oops! proxy, which is called by the passwdmysql and passwdpgsql module's auth functions. Impact : A remote attacker could...
Mandrake Linux Security Advisory : ethereal (MDKSA-2005:083)
A number of vulnerabilities were discovered in previous version of Ethereal that have been fixed in the 0.10.11 release, including : - The ANSI A and DHCP dissectors are vulnerable to format string vulnerabilities. - The DISTCC, FCELS, SIP, ISIS, CMIP, CMP, CMS, CRMF, ESS, OCSP, PKIX1Explitit, PK...
GLSA-200505-03 : Ethereal: Numerous vulnerabilities
The remote host is affected by the vulnerability described in GLSA-200505-03 Ethereal: Numerous vulnerabilities There are numerous vulnerabilities in versions of Ethereal prior to 0.10.11, including: The ANSI A and DHCP dissectors are vulnerable to format string vulnerabilities. The DISTCC, FCELS...
CVE-2004-2026
Format string vulnerability in the logmsg function in svc.c for Pound 1.5 and earlier allows remote attackers to execute arbitrary code via format string specifiers in syslog messages...
CVE-2004-1900
The CVE-2004-1900 entry describes a format string vulnerability in the logging function of the IGI 2 Covert Strike server (version 1.3 and earlier). The vulnerability allows remote attackers to execute arbitrary code via format string specifiers in RCON commands. The provided documents confirm th...
CVE-2004-1805
The CVE-2004-1805 issue targets games using the Epic Games Unreal Engine 436, describing a format string vulnerability in class names that enables remote attackers to cause a denial of service and potentially execute arbitrary code. The vulnerability appears to be exploitable over the network, wi...
CVE-2003-1170
CVE-2003-1170 affects kpopup (versions 0.9.1 and 0.9.5pre2). A format string vulnerability in main.cpp can allow local users to cause a denial of service (segmentation fault) and possibly execute arbitrary code via command line arguments. Additional VuXML/OpenVAS/Nessus entries note that misc.cpp...
CVE-2004-1946
Format string vulnerability in the PRINTERROR function in common.c for Cherokee Web Server 0.4.16 and earlier allows local users to execute arbitrary code via format string specifiers in the -C command line argument. NOTE: it is not clear whether this issue could be exploited remotely, or if...
CVE-2004-2026
CVE-2004-2026 describes a format-string vulnerability in Pound’s logmsg function (svc.c) affecting Pound 1.5 and earlier. A remote attacker could trigger arbitrary code execution by supplying format-specifiers in syslog messages. The vulnerability is due to improper handling of user-controlled fo...
CVE-2004-1805
Format string vulnerability in games using the Epic Games Unreal Engine 436 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via format string specifiers in class names...
CVE-2004-1946
Format string vulnerability in the PRINT_ERROR function of Cherokee Web Server 0.4.16 and earlier allows local users to execute arbitrary code via format string specifiers in the -C command line argument. The initial description notes it is unclear whether the issue could be exploited remotely or...
CVE-2003-1170
Format string vulnerability in main.cpp in kpopup 0.9.1 and 0.9.5pre2 allows local users to cause a denial of service segmentation fault and possibly execute arbitrary code via format string specifiers in command line arguments...
CVE-2004-2026
Format string vulnerability in the logmsg function in svc.c for Pound 1.5 and earlier allows remote attackers to execute arbitrary code via format string specifiers in syslog messages...
CVE-2004-1900
Format string vulnerability in the logging function in IGI 2 Covert Strike server 1.3 and earlier allows remote attackers to execute arbitrary code via format string specifiers in RCON commands...
CVE-2004-1917
Format string vulnerability in testfuncfunc in LCDProc 0.4.1 and earlier allows remote attackers to execute arbitrary code via format string specifiers in the str variable...
CVE-2004-1917
Format string vulnerability in testfuncfunc in LCDProc 0.4.1 and earlier allows remote attackers to execute arbitrary code via format string specifiers in the str variable...
CVE-2004-1917
CVE-2004-1917 involves a format string vulnerability in LCDProc, present in version 0.4.1 and earlier, specifically in test_func_func. The flaw allows remote attackers to execute arbitrary code by supplying format string specifiers via the str variable. The cited sources consistently describe the...
Oops! proxy format string vulnerability
Format string bug during database logging...
[NEWS] Ethereal Protocol Dissectors Buffer Overflow Vulnerabilities
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion The SecuriTeam alerts list - Free, Accurate, Independent. Get your security news from a reliable source...