178 matches found
Tolis Group BRU 17.0 - Local Privilege Escalation (1)
Tolis Group BRU 17.0 - Local Privilege Escalation 1 // source: https://www.securityfocus.com/bid/8215/info It has been reported that BRU may not properly parse commandline arguments, potentially leading to at least two vectors of exploitation. It may be possible for local attackers to conduct...
Tolis Group BRU 17.0 - Local Privilege Escalation (2)
Tolis Group BRU 17.0 - Local Privilege Escalation 2 // source: https://www.securityfocus.com/bid/8215/info It has been reported that BRU may not properly parse commandline arguments, potentially leading to at least two vectors of exploitation. It may be possible for local attackers to conduct...
Magic Winmail Server PASS Command Remote Format String
The remote Winmail POP server, according to its banner, is vulnerable to a format string attack when processing the USER command. An unauthenticated attacker may use this flaw to execute arbitrary code on this host. C Tenable Network Security, Inc. include"compat.inc"; ifdescription scriptid11742...
mod_gzip Debug Mode mod_gzip_printf Remote Format String
The remote host is running modgzip with debug symbols compiled in. The debug code includes vulnerabilities that can be exploited by an attacker to gain a shell on this host. C Tenable Network Security, Inc. Ref: From: "Matthew Murphy" To: "BugTraq" , Subject: Modgzip Debug Mode Vulnerabilities...
[SECURITY] [DSA 277-1] New apcupsd packages fix remote root exploit
-------------------------------------------------------------------------- Debian Security Advisory DSA 277-1 [email protected] http://www.debian.org/security/ Martin Schulze April 3rd, 2003 http://www.debian.org/security/faq -...
Generic Format String Detection
Nessus killed the remote service by sending it specially crafted data. The remote service seems to be vulnerable to a format string attack. An attacker might use this flaw to make it crash or even execute arbitrary code on this host. C Tenable Network Security, Inc. References: Date: Wed, 20 Mar...
Sun AnswerBook2 Web Server dwhttpd GET Request Remote Format String
The remote web server is vulnerable to a format string attack. An attacker may exploit this vulnerability to cause the web server to crash continually or even execute arbitrary code on the system. C Tenable Network Security, Inc. Script audit and contributions from Carmichael Security Erik Anders...
CVE-2001-1215
Format string vulnerability in PFinger 0.7.5 through 0.7.7 allows remote attackers to execute arbitrary code via format string specifiers in a .plan file...
CVE-2002-0175
libsafe 2.0-11 and earlier allows attackers to bypass protection against format string vulnerabilities via format strings that use the "'" and "I" characters, which are implemented in libc but not libsafe...
Solaris rpc.rwalld Remote Format String Arbitrary Code Execution
The rpc.walld RPC service is running. Some versions of this server allow an attacker to gain root access remotely, by consuming the resources of the remote host then sending a specially formed packet with format strings to this host. Solaris 2.5.1, 2.6, 7, 8 and 9 are vulnerable to this issue...
GNOME libgtop Daemon Remote Format String
It seems that libgtop is/was running on this port and is vulnerable to a format string attack which may allow an attacker to gain a shell on this host with the privileges of 'nobody'. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid10812; scriptversion"1.20";...
Network Solutions Rwhoisd Syslog Remote Format String
The remote rwhois daemon is vulnerable to a format string attack when supplied malformed arguments to a malformed request such as %p%p%p. An attacker may use this flaw to gain a shell on this host. Note that Nessus solely relied on the banner version to issue this warning. If you manually patched...
locale_sol.txt
----/ Exploiting the Libc Locale Subsystem Format String Vulnerability on Solaris/SPARC ---/ 10/10/2000 -/ Solar Eclipse ---/ I. Introduction This paper describes in detail the exploitation of the libc locale format strin g vulnerability on Solaris/SPARC. The full source code for the exploit is...
Network Solutions Rwhoisd -soa Command Remote Format String
The remote rwhois daemon is vulnerable to a format string attack when supplied malformed arguments to a '-soa' request. An attacker may use this flaw to gain a shell on this host. C Tenable Network Security, Inc. include"compat.inc"; ifdescription scriptid10790; scriptversion "1.16";...
CVE-2001-0570
minicom 1.83.1 and earlier allows a local attacker to gain additional privileges via numerous format string attacks...
Exim 3.x - Format String
source: https://www.securityfocus.com/bid/2828/info Exim is a free, open-source Mail Transfer Agent for Unix systems. Exim is vulnerable to a locally exploitable format string attack which may compromise root access. The vulnerability exists only when the 'syntax checking' mode is turned on, whic...
Icecast utils.c fd_write Function Format String
The remote server claims to be running Icecast 1.3.7 or 1.3.8beta2. These versions are vulnerable to a format string attack that could allow an attacker to execute arbitrary commands on this host. C Tenable Network Security, Inc. include"compat.inc"; ifdescription scriptid10600; scriptversion...
[SECURITY] [DSA-014-2] Correction: New version of splitvt released
---------------------------------------------------------------------------- Debian Security Advisory DSA-014-2 [email protected] http://www.debian.org/security/ Martin Schulze January 23, 2001 - ---------------------------------------------------------------------------- Package : splitvt...
[SECURITY] [DSA-014-1] New version of splitvt released
---------------------------------------------------------------------------- Debian Security Advisory DSA-014-1 [email protected] http://www.debian.org/security/ Martin Schulze January 23, 2001 - ---------------------------------------------------------------------------- Package : splitvt...
CVE-2000-0969
Format string vulnerability in Half Life dedicated server build 3104 and earlier allows remote attackers to execute arbitrary commands by injecting format strings into the changelevel command, via the system console or rcon...