8501 matches found
OllyDbg debugger format string bug
Format string bug on application debugging...
[Full-disclosure] OllyDbg "INT3 AT" Format String Vulnerability
OllyDbg "INT3 AT" Format String Vulnerability by Piotr Bania [email protected] http://pb.specialised.info Original location: http://pb.specialised.info/all/adv/olly-int3-adv.txt Severity: High / Medium - code execution. Version affected: Probably all versions, tested on v1.10. I. BACKGROUND...
CVE-2005-1478
Format string vulnerability in dSMTP dsmtp.exe in DMail 3.1a allows remote attackers to execute arbitrary code via format string specifiers in the xtellmail command...
CVE-2005-1478
CVE-2005-1478 affects NetWin DMail 3.1a DSmtp (dsmtp.exe) where a format-string vulnerability in the xtellmail command allows remote code execution. The root cause is improper handling of format specifiers in DSmtp; impact is arbitrary code execution on the server. Public exploit details are not ...
CVE-2005-1478
Format string vulnerability in dSMTP dsmtp.exe in DMail 3.1a allows remote attackers to execute arbitrary code via format string specifiers in the xtellmail command...
GLSA-200505-03 : Ethereal: Numerous vulnerabilities
The remote host is affected by the vulnerability described in GLSA-200505-03 Ethereal: Numerous vulnerabilities There are numerous vulnerabilities in versions of Ethereal prior to 0.10.11, including: The ANSI A and DHCP dissectors are vulnerable to format string vulnerabilities. The DISTCC, FCELS...
Mandrake Linux Security Advisory : ethereal (MDKSA-2005:083)
A number of vulnerabilities were discovered in previous version of Ethereal that have been fixed in the 0.10.11 release, including : - The ANSI A and DHCP dissectors are vulnerable to format string vulnerabilities. - The DISTCC, FCELS, SIP, ISIS, CMIP, CMP, CMS, CRMF, ESS, OCSP, PKIX1Explitit, PK...
GLSA-200505-02 : Oops!: Remote code execution
The remote host is affected by the vulnerability described in GLSA-200505-02 Oops!: Remote code execution A format string flaw has been detected in the myxlog function of the Oops! proxy, which is called by the passwdmysql and passwdpgsql module's auth functions. Impact : A remote attacker could...
CVE-2004-1917
Format string vulnerability in testfuncfunc in LCDProc 0.4.1 and earlier allows remote attackers to execute arbitrary code via format string specifiers in the str variable...
CVE-2004-1917
CVE-2004-1917 involves a format string vulnerability in LCDProc, present in version 0.4.1 and earlier, specifically in test_func_func. The flaw allows remote attackers to execute arbitrary code by supplying format string specifiers via the str variable. The cited sources consistently describe the...
CVE-2004-1946
Format string vulnerability in the PRINTERROR function in common.c for Cherokee Web Server 0.4.16 and earlier allows local users to execute arbitrary code via format string specifiers in the -C command line argument. NOTE: it is not clear whether this issue could be exploited remotely, or if...
CVE-2003-1170
CVE-2003-1170 affects kpopup (versions 0.9.1 and 0.9.5pre2). A format string vulnerability in main.cpp can allow local users to cause a denial of service (segmentation fault) and possibly execute arbitrary code via command line arguments. Additional VuXML/OpenVAS/Nessus entries note that misc.cpp...
CVE-2004-1946
Format string vulnerability in the PRINT_ERROR function of Cherokee Web Server 0.4.16 and earlier allows local users to execute arbitrary code via format string specifiers in the -C command line argument. The initial description notes it is unclear whether the issue could be exploited remotely or...
CVE-2004-2026
CVE-2004-2026 describes a format-string vulnerability in Pound’s logmsg function (svc.c) affecting Pound 1.5 and earlier. A remote attacker could trigger arbitrary code execution by supplying format-specifiers in syslog messages. The vulnerability is due to improper handling of user-controlled fo...
CVE-2004-1805
The CVE-2004-1805 issue targets games using the Epic Games Unreal Engine 436, describing a format string vulnerability in class names that enables remote attackers to cause a denial of service and potentially execute arbitrary code. The vulnerability appears to be exploitable over the network, wi...
CVE-2004-1900
The CVE-2004-1900 entry describes a format string vulnerability in the logging function of the IGI 2 Covert Strike server (version 1.3 and earlier). The vulnerability allows remote attackers to execute arbitrary code via format string specifiers in RCON commands. The provided documents confirm th...
CVE-2004-2026
Format string vulnerability in the logmsg function in svc.c for Pound 1.5 and earlier allows remote attackers to execute arbitrary code via format string specifiers in syslog messages...
CVE-2003-1170
Format string vulnerability in main.cpp in kpopup 0.9.1 and 0.9.5pre2 allows local users to cause a denial of service segmentation fault and possibly execute arbitrary code via format string specifiers in command line arguments...
CVE-2004-2026
Format string vulnerability in the logmsg function in svc.c for Pound 1.5 and earlier allows remote attackers to execute arbitrary code via format string specifiers in syslog messages...
CVE-2004-1805
Format string vulnerability in games using the Epic Games Unreal Engine 436 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via format string specifiers in class names...