Fortinet Fortigate Format String Bug in HTTPSd (FG-IR-23-138)

The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-23-138 advisory. - A use of externally-controlled format string in Fortinet FortiProxy versions 7.2.0 through 7.2.4, 7.0.0 through 7.0.10,...

K000138508: mod_ssl vulnerability CVE-2004-0700

Security Advisory Description Format string vulnerability in the modproxy hook functions function in sslenginelog.c in modssl before 2.8.19 for Apache before 1.3.31 may allow remote attackers to execute arbitrary messages via format string specifiers in certain log messages for HTTPS that are...

ComSndFTP Server 1.3.7 Beta Denial Of Service

!/usr/bin/perl ComSndFTP Server Remote Format String Denial of Service DoS use strict; use warnings; use IO::Socket; $| = 1; my $host = "192.168.172.136"; my $port = "21""; my $payload = '%s%p%x%d'; print "Connecting... "; my $sock = IO::Socket::INET-new PeerAddr = $host, PeerPort = $port, Proto ...

CVE-2023-40546

A flaw was found in Shim when an error happened while creating a new ESL variable. If Shim fails to create the new variable, it tries to print an error message to the user; however, the number of parameters used by the logging function doesn't match the format string used by it, leading to a cras...

Format string

A flaw was found in Shim when an error happened while creating a new ESL variable. If Shim fails to create the new variable, it tries to print an error message to the user; however, the number of parameters used by the logging function doesn't match the format string used by it, leading to a cras...

CVE-2023-24590

A format string issue in the Controller 6000's optional diagnostic web interface can be used to write/read from memory, and in some instances crash the Controller 6000 leading to a Denial of Service. This issue affects: Gallagher Controller 6000 8.60 prior to vCR8.60.231116a distributed in...

CVE-2023-24590

A format string issue in the Controller 6000's optional diagnostic web interface can be used to write/read from memory, and in some instances crash the Controller 6000 leading to a Denial of Service. This issue affects: Gallagher Controller 6000 8.60 prior to vCR8.60.231116a distributed in...

Format string

A format string issue in the Controller 6000's optional diagnostic web interface can be used to write/read from memory, and in some instances crash the Controller 6000 leading to a Denial of Service. This issue affects: Gallagher Controller 6000 8.60 prior to vCR8.60.231116a distributed in...

CVE-2023-24590

A format string issue in the Controller 6000's optional diagnostic web interface can be used to write/read from memory, and in some instances crash the Controller 6000 leading to a Denial of Service. This issue affects: Gallagher Controller 6000 8.60 prior to vCR8.60.231116a distributed in...

CVE-2023-24590

CVE-2023-24590 describes a format-string vulnerability in Gallagher Controller 6000’s optional diagnostic web interface. The issue allows write/read access to memory and can crash the device, potentially causing a Denial of Service. Affected are Gallagher Controller 6000 versions 8.60 prior to vC...

Gallagher Controller 6000 Formatting String Error Vulnerability

The Gallagher Controller 6000 is an interface between the Gallagher Command Center server and distributed field hardware from Gallagher New Zealand. A format string error vulnerability exists in Gallagher Controller 6000 prior to vCR8.60.231116a, 8.50 and prior versions, which stems from the fact...

The vulnerability of HTTPSd on FortiOS operating systems, the FortiProxy proxy server for protecting against internet attacks, and the FortiPAM identity management system allows a perpetrator to execute arbitrary code or commands.

The vulnerability of HTTPSd in FortiOS operating systems, along with the FortiProxy proxy server for protecting against internet attacks, and the FortiPAM identity management system, is related to the use of uncontrolled format strings. Exploiting this vulnerability allows a malicious actor to...

CVE-2023-36639

A use of externally-controlled format string in Fortinet FortiProxy versions 7.2.0 through 7.2.4, 7.0.0 through 7.0.10, FortiOS versions 7.4.0, 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.12, 6.2.0 through 6.2.15, 6.0.0 through 6.0.17, FortiPAM versions 1.0.0 through 1.0.3 allows...

CVE-2023-36639

A use of externally-controlled format string in Fortinet FortiProxy versions 7.2.0 through 7.2.4, 7.0.0 through 7.0.10, FortiOS versions 7.4.0, 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.12, 6.2.0 through 6.2.15, 6.0.0 through 6.0.17, FortiPAM versions 1.0.0 through 1.0.3 allows...

PT-2023-7697 · Fortinet · Fortiproxy +2

Name of the Vulnerable Software and Affected Versions: FortiProxy versions 7.2.0 through 7.2.4 FortiProxy versions 7.0.0 through 7.0.10 FortiOS versions 7.4.0 FortiOS versions 7.2.0 through 7.2.4 FortiOS versions 7.0.0 through 7.0.11 FortiOS versions 6.4.0 through 6.4.12 FortiOS versions 6.2.0...

The vulnerability of the iControl SOAP interface for access control and remote authentication in BIG-IP allows a perpetrator to execute arbitrary code.

The vulnerability of the iControl SOAP interface for access control and remote authentication in BIG-IP involves the use of uncontrolled format strings. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code remotely...

PT-2023-8709 · Zyxel · Zyxel Usg Flex Series +3

Name of the Vulnerable Software and Affected Versions: Zyxel ATP series versions 4.32 through 5.37 Patch 1 Zyxel USG FLEX series versions 4.50 through 5.37 Patch 1 Zyxel USG FLEX 50W series versions 4.16 through 5.37 Patch 1 Zyxel USG20W-VPN series versions 4.16 through 5.37 Patch 1 Zyxel USG FLE...

Format string

wire-avs provides Audio, Visual, and Signaling AVS functionality sure the secure messaging software Wire. Prior to versions 9.2.22 and 9.3.5, a remote format string vulnerability could potentially allow an attacker to cause a denial of service or possibly execute arbitrary code. The issue has bee...

CVE-2023-48221 wire-avs remote format string vulnerability

wire-avs provides Audio, Visual, and Signaling AVS functionality sure the secure messaging software Wire. Prior to versions 9.2.22 and 9.3.5, a remote format string vulnerability could potentially allow an attacker to cause a denial of service or possibly execute arbitrary code. The issue has bee...

CVE-2023-48221

CVE-2023-48221 affects wire-avs (AVS component of Wire). A remote format string vulnerability in Wire’s AVS prior to versions 9.2.22 and 9.3.5 could potentially cause a denial of service or, possibly, execute arbitrary code. The issue has been fixed in wire-avs 9.2.22 and 9.3.5 and is already inc...