DEBIAN-CVE-2004-0393

Format string vulnerability in the msg function for rlpr daemon rlprd 2.0.4 allows remote attackers to execute arbitrary code via format string specifiers in a buffer that can not be resolved, which is provided to the syslog function...

CVE-2004-0393

Format string vulnerability in the msg function for rlpr daemon rlprd 2.0.4 allows remote attackers to execute arbitrary code via format string specifiers in a buffer that can not be resolved, which is provided to the syslog function...

CVE-2004-0448

Format string vulnerability in the log function for jftpgw 0.13.4 and earlier allows remote authenticated users to execute arbitrary code via format string specifiers in certain syslog messages...

CVE-2004-0623

Format string vulnerability in misc.c in GNU GNATS 4.00 may allow remote attackers to execute arbitrary code via format string specifiers in a string that gets logged by syslog...

CVE-2004-0623

Format string vulnerability in misc.c in GNU GNATS 4.00 may allow remote attackers to execute arbitrary code via format string specifiers in a string that gets logged by syslog...

DEBIAN-CVE-2004-0451

Multiple format string vulnerabilities in the 1 logquit, 2 logerr, or 3 loginfo functions in Software Upgrade Protocol SUP allows remote attackers to execute arbitrary code via format string specifiers in messages that are logged by syslog...

Multiple vulnerabilities in Kreed 1.05

Luigi Auriemma Application: Kreed http://www.kreed3d.com Versions: = 1.05 Platforms: Windows Bugs: A in-game format string B forced exit caused by "message too long" C server temporary freezed by script errors Exploitation: remote, versus server Date: 02 December 2004 Author: Luigi Auriemma e-mai...

Kreed <= 1.05 Format String and Denial of Service Exploit

No description provided by source. / by Luigi Auriemma / include stdio.h include stdlib.h include string.h include time.h / Read/Write bits to buffer 0.1.1 by Luigi Auriemma e-mail: [email protected] web: http://aluigi.altervista.org max 32 bits numbers supported from 0 to 4294967295. Probabl...

Kreed <= 1.05 Format String and Denial of Service Exploit

Exploit for unknown platform in category dos / poc ========================================================= Kreed include include include / Read/Write bits to buffer 0.1.1 by Luigi Auriemma e-mail: email protected web: http://aluigi.altervista.org max 32 bits numbers supported from 0 to...

Kreed 1.05 - Format String / Denial of Service

/ by Luigi Auriemma / include include include include / Read/Write bits to buffer 0.1.1 by Luigi Auriemma e-mail: [email protected] web: http://aluigi.altervista.org max 32 bits numbers supported from 0 to 4294967295. Probably not the fastest bit packing functions existent, but I like them. /...

Kreed 1.05 - Format String Denial of Service

Kreed 1.05 - Format String Denial of Service / by Luigi Auriemma / include include include include / Read/Write bits to buffer 0.1.1 by Luigi Auriemma e-mail: [email protected] web: http://aluigi.altervista.org max 32 bits numbers supported from 0 to 4294967295. Probably not the fastest bit...

CVE-2004-1097

Format string vulnerability in the cherokeeloggerncsawritestring function in Cherokee 0.4.17 and earlier, when authenticating via authpam, allows remote attackers to cause a denial of service application crash or possibly execute arbitrary code via format string specifiers in the URL...

CVE-2004-1097

The CVE-2004-1097 entry concerns Cherokee Web Server (versions = 0.4.17.1). No in-wild exploit details or CVE-derived attack vectors beyond the format-string misuse are provided in the supplied documents. If upgrading is possible, applying the patch or upgrading to a newer version is the recommen...

mc -- multiple vulnerabilities

Andrew V. Samoilov reported several vulnerabilities that were corrected in MidnightCommand 4.6.0: Format string issues CVE-2004-1004 Buffer overflows CVE-2004-1005 Denial-of-service, infinite loop CVE-2004-1009 Denial-of-service, corrupted section header CVE-2004-1090 Denial-of-service, null...

CVE-2004-0277

Format string vulnerability in Dream FTP 1.02 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via format string specifiers in the username...

FreeBSD : ez-ipupdate -- format string vulnerability (44)

The following package needs to be updated: ez-ipupdate %NASLMINLEVEL 999999 @DEPRECATED@ This script has been deprecated by freebsdpkge69ba632326f11d9b5b7000854d03344.nasl. Disabled on 2011/10/02. C Tenable Network Security, Inc. This script contains information extracted from VuXML : Copyright...

FreeBSD : proxytunnel -- format string vulnerability (157)

The following package needs to be updated: proxytunnel %NASLMINLEVEL 999999 @DEPRECATED@ This script has been deprecated by freebsdpkg50744596368f11d9a9e70001020eed82.nasl. Disabled on 2011/10/02. C Tenable Network Security, Inc. This script contains information extracted from VuXML : Copyright...

FreeBSD : socat -- format string vulnerability (180)

The following package needs to be updated: socat %NASLMINLEVEL 999999 @DEPRECATED@ This script has been deprecated by freebsdpkgf3017ce132a411d9a9e70001020eed82.nasl. Disabled on 2011/10/02. C Tenable Network Security, Inc. This script contains information extracted from VuXML : Copyright 2003-20...

FreeBSD : gnats -- format string vulnerability (59)

The following package needs to be updated: gnats %NASLMINLEVEL 999999 @DEPRECATED@ This script has been deprecated by freebsdpkgfc99c736349911d998a70090962cff2a.nasl. Disabled on 2011/10/02. C Tenable Network Security, Inc. This script contains information extracted from VuXML : Copyright 2003-20...

nsg-advisory-08.txt

------------------------------------------------- No System Group - Advisory 03 - 15/11/04 ------------------------------------------------- Program: Tom's IPX Tunneling Daemon - TipxD Homepage: http://tipxd.sourceforge.net Vulnerable Versions: TipxD 1.1.1 and prior Risk: Low Impact: Local Format...