CVS 1.11.x - Multiple Vulnerabilities

CVS 1.11.x - Multiple Vulnerabilities // source: https://www.securityfocus.com/bid/10499/info CVS is prone to multiple vulnerabilities. The issues include a double free vulnerability, format string vulnerabilities, and integer overflows. There is also a null termination issue in the security patc...

CVS 1.11.x - Multiple Vulnerabilities

// source: https://www.securityfocus.com/bid/10499/info CVS is prone to multiple vulnerabilities. The issues include a double free vulnerability, format string vulnerabilities, and integer overflows. There is also a null termination issue in the security patch for BID 10384, potentially leading t...

CVE-2004-0536

Tripwire contains a format string vulnerability in the mail-report code path (cPipedMailMessage) that can be triggered by a specially crafted filename during a scan. Local users could gain privileges (Tripwire commonly runs as root) if the report generation is executed under the user context. Pub...

CVE-2004-0450

The CVE-2004-0450 entry concerns a format-string vulnerability in log2mail (printlog) prior to version 0.2.5.2. A logged message crafted to exploit the format string could be processed by log2mail and cause arbitrary code execution with the privileges of the log2mail process (often a member of ad...

CVE-2004-0536

Format string vulnerability in Tripwire commercial 4.0.1 and earlier, including 2.4, and open source 2.3.1 and earlier, allows local users to gain privileges via format string specifiers in a file name, which is used in the generation of an email report...

CVE-2004-0450

Format string vulnerability in the printlog function in log2mail before 0.2.5.2 allows local users or remote attackers to execute arbitrary code via format string specifiers in a logfile monitored by log2mail...

tripwire: Format string vulnerability

Background tripwire is an open source file integrity checker. Description The code that generates email reports contains a format string vulnerability in pipedmailmessage.cpp. Impact With a carefully crafted filename on a local filesystem an attacker could cause execution of arbitrary code with...

[SECURITY] [DSA 513-1] New log2mail packages fix format string vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Debian Security Advisory DSA 513-1 [email protected] http://www.debian.org/security/ Matt Zimmerman June 3rd, 2004 http://www.debian.org/security/faq -...

[SECURITY] [DSA 513-1] New log2mail packages fix format string vulnerabilities

-------------------------------------------------------------------------- Debian Security Advisory DSA 513-1 [email protected] http://www.debian.org/security/ Matt Zimmerman June 3rd, 2004 http://www.debian.org/security/faq -...

DSA-513 log2mail - format string

Bulletin has no description...

Tripwire format string bug

Format string bug during e-mail report generation...

[Full-Disclosure] Format String Vulnerability in Tripwire

SUMMARY ------- Tripwiretm is a Security, Intrusion Detection, Damage Assessment and Recovery, Forensics software. A vulnerability in the product allows a user on the local machine under certain circumstances to execute arbitrary code with the rights of the user running the program typically root...

CVE-2004-0179

Multiple format string vulnerabilities in 1 neon 0.24.4 and earlier, and other products that use neon including 2 Cadaver, 3 Subversion, and 4 OpenOffice, allow remote malicious WebDAV servers to execute arbitrary code...

CVE-2004-0179

Multiple format string vulnerabilities in 1 neon 0.24.4 and earlier, and other products that use neon including 2 Cadaver, 3 Subversion, and 4 OpenOffice, allow remote malicious WebDAV servers to execute arbitrary code...

DEBIAN-CVE-2004-0156

Format string vulnerabilities in the 1 die or 2 logevent functions for ssmtp before 2.50.6 allow remote mail relays to cause a denial of service and possibly execute arbitrary code...

[SECURITY] [DSA 510-1] New jftpgw packages fix format string vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Debian Security Advisory DSA 510-1 [email protected] http://www.debian.org/security/ Matt Zimmerman May 29th, 2004 http://www.debian.org/security/faq -...

jftpgw format string buffer overflow

syslog format string bug...

tla: Multiple vulnerabilities in included libneon

Background GNU Arch tla is a revision control system suited for widely distributed development. Description Multiple format string vulnerabilities and a heap overflow vulnerability were discovered in the code of the neon library GLSA 200405-01 and 200405-13. Current versions of the tla package...

Arbitrary code execution via a format string vulnerability in jftpgw

The log functions in jftpgw may allow remotely authenticated user to execute arbitrary code via the format string specifiers in certain syslog messages...

[SECURITY] [DSA 510-1] New jftpgw packages fix format string vulnerability

-------------------------------------------------------------------------- Debian Security Advisory DSA 510-1 [email protected] http://www.debian.org/security/ Matt Zimmerman May 29th, 2004 http://www.debian.org/security/faq -...