mod_ntlm format string bug

Format string bug in logging...

Mod_NTLM 0.x - Authorisation Format String

ModNTLM 0.x - Authorisation Format String source: https://www.securityfocus.com/bid/7393/info A format string vulnerability has been reported for the modntlm Apache module. The problem occurs when logging authentication strings passed in HTTP requests. By passing malicious format specifiers in a...

Mod_NTLM 0.x - Authorisation Format String

source: https://www.securityfocus.com/bid/7393/info A format string vulnerability has been reported for the modntlm Apache module. The problem occurs when logging authentication strings passed in HTTP requests. By passing malicious format specifiers in a request, it may be possibile for an attack...

CVE-2002-0690

Format string vulnerability in McAfee Security ePolicy Orchestrator ePO 2.5.1 allows remote attackers to execute arbitrary code via an HTTP GET request with a URI containing format strings...

CVE-2002-1415

Format string vulnerability in SMTP service for WebEasyMail 3.4.2.2 and earlier allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via format strings in SMTP requests...

AOL Server proxy API format string bug

Format string bug on syslog call...

Multiple vulnerabilities in AutomatedShops WebC shopping cart

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Security Vulnerability Advisory Product: WebC shopping cart Versions: 2.011 - 5.005 Vulnerable to all exploits 5.010 vulnerable to local exploit Vendor: Automated Shops http://www.automatedshops.com Platforms: Linux/FreeBSD/Win32 Impact: Remote code...

Eye of Gnome contains format string vulnerability in the file name handling of command line arguments

Overview Eye of Gnome contains a format string vulnerability that may allow remote attackers to execute arbitrary code with the privileges of the user running the application, typically an unprivileged system user. Description Eye of Gnome EOG is an image viewing application that is part of the...

[SECURITY] [DSA 277-1] New apcupsd packages fix remote root exploit

-------------------------------------------------------------------------- Debian Security Advisory DSA 277-1 [email protected] http://www.debian.org/security/ Martin Schulze April 3rd, 2003 http://www.debian.org/security/faq -...

[SECURITY] [DSA 277-1] New apcupsd packages fix remote root exploit

-------------------------------------------------------------------------- Debian Security Advisory DSA 277-1 [email protected] http://www.debian.org/security/ Martin Schulze April 3rd, 2003 http://www.debian.org/security/faq -...

Format string vulnerability in SSLtelnet

SSLtelnet contains a format string vulnerability that could allow remote code execution and privilege escalation...

DSA-277 apcupsd - buffer overflows, format string

Bulletin has no description...

CVE-2002-0598

Foundstone FScan 1.12 with banner grabbing enabled is affected by a format string vulnerability in the server banner that can allow remote code execution. The issue is documented with a CVE listing and a CVSS v2 base score of 7.5 (HIGH); impact is partial on confidentiality, integrity, and availa...

CVE-2002-1051

The CVE-2002-1051 entry concerns NANOG traceroute (traceroute-nanog). A format string vulnerability exists in TrACESroute 6.0 GOLD that allows local users to execute arbitrary code via the -T (terminator) argument. The issue is tied to NANOG traceroute’s handling of input leading to potential cod...

CVE-2002-0716

Format string vulnerability in crontab for SCO OpenServer 5.0.5 and 5.0.6 allows local users to gain privileges via format string specifiers in the file name argument...

CVE-2002-0916

This CVE (CVE-2002-0916) affects Squid 2.4.STABLE6 and earlier, in the Stellar-X msntauth authentication module. The issue is a format string vulnerability in the allowuser code that handles the user name, where untrusted input is used in a syslog call, enabling remote code execution. Documents c...

CVE-2002-0573

CVE-2002-0573 affects Solaris systems running the rpc.rwalld daemon (Solaris 2.5.1–8). The issue is a format-string vulnerability in the error-handling path of rpc.rwalld, which can allow a remote attacker to execute arbitrary code with the daemon’s privileges (typically root) by sending a specia...

CVE-2002-0817

Format string vulnerability in super for Linux allows local users to gain root privileges via a long command line argument...

CVE-2002-0916

Format string vulnerability in the allowuser code for the Stellar-X msntauth authentication module, as distributed in Squid 2.4.STABLE6 and earlier, allows remote attackers to execute arbitrary code via format strings in the user name, which are not properly handled in a syslog call...

CVE-2002-0246

Format string vulnerability in the message catalog library functions in UnixWare 7.1.1 allows local users to gain privileges by modifying the LCMESSAGE environment variable to read other message catalogs containing format strings from setuid programs such as vxprint...