CVE-2002-0842

Format string vulnerability in certain third party modifications to moddav for logging bad gateway messages e.g. Oracle9i Application Server 9.0.2 allows remote attackers to execute arbitrary code via a destination URI that forces a "502 Bad Gateway" response, which causes the format string...

CVE-2003-0081

Format string vulnerability in packet-socks.c of the SOCKS dissector for Ethereal 0.8.7 through 0.9.9 allows remote attackers to execute arbitrary code via SOCKS packets containing format string specifiers...

CVE-2004-0165

Format string vulnerability in Point-to-Point Protocol PPP daemon pppd 2.4.0 for Mac OS X 10.3.2 and earlier allows remote attackers to read arbitrary pppd process data, including PAP or CHAP authentication credentials, to gain privileges...

CVE-2001-1081

Format string vulnerabilities in Livingston/Lucent RADIUS before 2.1.va.1 may allow local or remote attackers to cause a denial of service and possibly execute arbitrary code via format specifiers that are injected into log messages...

CVE-2004-0165

The Mac OS X PPP daemon (pppd) 2.4.0 on Mac OS X ≤10.3.2 is affected by a format-string vulnerability in option_error() that can cause vslprintf() to leak data from the pppd process, potentially exposing PAP/CHAP credentials. This may enable reading arbitrary pppd data when the service is used as...

CVE-2001-0792

CVE-2001-0792 describes a format-string vulnerability in XChat 1.2.x that lets remote attackers execute arbitrary code via a malformed nickname. The provided documents identify the affected product as XChat 1.2.x and classify the issue as a remote, unauthenticated vector with potential for arbitr...

CVE-2002-1519

The CVE-2002-1519 entry describes a format-string vulnerability in the CLI interface of WatchGuard Firebox Vclass (3.2 and earlier) and RSSA Appliance 3.0.2. The issue arises from format string specifiers in the password parameter, allowing remote attackers to trigger denial of service and potent...

CVE-2003-0969

mpg321 0.2.10 allows remote attackers to overwrite memory and possibly execute arbitrary code via an mp3 file that passes certain strings to the printf function, possibly triggering a format string vulnerability...

CVE-2004-0159

Format string vulnerability in hsftp 1.11 allows remote authenticated users to cause a denial of service and potentially execute arbitrary code via file names crafted to trigger unsafe handling during directory listings. Debian’s DSA-447-1 confirms the fix is to upgrade hsftp (current patched ver...

CVE-2003-0081

CVE-2003-0081 affects Ethereal (packet analyzer) with a format string vulnerability in the SOCKS dissector, impacting Ethereal 0.8.7–0.9.9. Remote attackers could execute arbitrary code by sending crafted SOCKS packets. Debian, Red Hat, Mandrake/Mandriva, SUSE and other advisories reference this ...

CVE-2003-0103

Format string vulnerability in Nokia 6210 handset allows remote attackers to cause a denial of service crash, lockup, or restart via a Multi-Part vCard with fields containing a large number of format string specifiers...

CVE-2002-1244

Format string vulnerability in Pablo FTP Server 1.5, 1.3, and possibly other versions, allows remote attackers to cause a denial of service and possibly execute arbitrary code via format strings in the USER command...

CVE-2003-0969

mpg321 0.2.10 allows remote attackers to overwrite memory and possibly execute arbitrary code via an mp3 file that passes certain strings to the printf function, possibly triggering a format string vulnerability...

CVE-2003-0103

CVE-2003-0103 describes a format-string vulnerability in the Nokia 6210 handset. A crafted Multi-Part vCard containing many format specifiers can cause a remote denial of service (crash, lockup, or restart). The initial sources identify the impacted device and the vulnerability class, but do not ...

CVE-2004-0159

Format string vulnerability in hsftp 1.11 allows remote authenticated users to cause a denial of service and possibly execute arbitrary code via file names containing format string characters that are not properly handled when executing an "ls" command...

vpopmail: Multiple vulnerabilities

Background vpopmail handles virtual mail domains for qmail and Postfix. Description vpopmail is vulnerable to several unspecified SQL injection exploits. Furthermore when using Sybase as the backend database vpopmail is vulnerable to a buffer overflow and format string exploit. Impact These...

GLSA-200404-18 : Multiple Vulnerabilities in ssmtp

The remote host is affected by the vulnerability described in GLSA-200404-18 Multiple Vulnerabilities in ssmtp There are two format string vulnerabilities inside the logevent and die functions of ssmtp. Strings from outside ssmtp are passed to various printf-like functions from within logevent an...

GLSA-200405-08 : Pound format string vulnerability

The remote host is affected by the vulnerability described in GLSA-200405-08 Pound format string vulnerability A format string flaw in the processing of syslog messages was discovered and corrected in Pound. Impact : This flaw may allow remote execution of arbitrary code with the rights of the...

GLSA-200404-19 : Buffer overflows and format string vulnerabilities in LCDproc

The remote host is affected by the vulnerability described in GLSA-200404-19 Buffer overflows and format string vulnerabilities in LCDproc Due to insufficient checking of client-supplied data, the LCDd server is susceptible to two buffer overflows and one string buffer vulnerability. If the serve...

GLSA-200407-18 : mod_ssl: Format string vulnerability

The remote host is affected by the vulnerability described in GLSA-200407-18 modssl: Format string vulnerability A bug in sslengineext.c makes modssl vulnerable to a ssllog related format string vulnerability in the modproxy hook functions. Impact : Given the right server configuration, an attack...