8451 matches found
CVE-2000-0969
Format string vulnerability in Half Life dedicated server build 3104 and earlier allows remote attackers to execute arbitrary commands by injecting format strings into the changelevel command, via the system console or rcon...
CVE-2000-1010
The CVE is a format-string vulnerability in talkd reported across multiple UNIX-like systems. Affected: IRIX (talkd in /usr/etc/talkd), UnixWare 7.1.1 and Open UNIX 8.0.0 (in.talkd); OpenBSD and possibly other BSDs per the CVE description. Root cause: untrusted user-supplied fields in talkd allow...
CVE-2000-1043
Format string vulnerability in ypserv in Mandrake Linux 7.1 and earlier, and possibly other Linux operating systems, allows an attacker to gain root privileges when ypserv is built without a vsyslog function...
CVE-2000-1004
CVE-2000-1004 documents a format string vulnerability in OpenBSD photurisd. The issue allows local users to execute arbitrary commands via a configuration-file directory name that contains formatting characters. Affected component: photurisd in OpenBSD (specific version details not provided in th...
CVE-2000-1040
CVE-2000-1040 concerns a format string vulnerability in the logging function of ypbind 3.3 when run in debug mode. The flaw can leak file descriptors and allow a denial of service. Some sources (Mandrake MDKSA-2000:064) also mention a related buffer overflow in ypserv if the build system lacks vs...
CVE-2000-0947
The CVE-2000-0947 issue is a format-string vulnerability in CFEngine’s cfd (CFEngine daemon) that can be triggered via the CAUTH command, allowing an attacker to cause the vulnerable host to run arbitrary commands. OpenVAS/Nessus entries describe that the flaw arises in cfd’s syslog handling and ...
CVE-2000-1004
Format string vulnerability in OpenBSD photurisd allows local users to execute arbitrary commands via a configuration file directory name that contains formatting characters...
CVE-2000-0917
Format string vulnerability in usesyslog function in LPRng 3.6.24 allows remote attackers to execute arbitrary commands...
CVE-2000-0996
CVE-2000-0996: A format-string vulnerability in the OpenBSD su utility (and possibly other BSD-based OSes) allows a local attacker to gain root privileges via a malformed shell. The issue is described in the NVD entry with a CVSS v2 base score of 7.2 (HIGH) and LOCAL, LOW–complexity conditions, e...
CVE-2000-1043
CVE-2000-1043 describes a format-string vulnerability in the ypserv component (and related ypbind behavior) affecting Mandrake Linux 7.1 and earlier, with potential impact on other Linux systems. The underlying issue is a format-string bug that can allow an attacker to gain root privileges when y...
CVE-2000-0995
CVE-2000-0995 describes a format-string vulnerability in the OpenBSD yp_passwd utility (and possibly other BSD-based OSes) that can allow an attacker to gain root privileges via a malformed name. The initial description states the vulnerability and impact; a patch is referenced (028_format_string...
CVE-2000-1010
Format string vulnerability in talkd in OpenBSD and possibly other BSD-based OSes allows remote attackers to execute arbitrary commands via a user name that contains format characters...
CVE-2000-1000
Format string vulnerability in AOL Instant Messenger AIM 4.1.2010 allows remote attackers to cause a denial of service and possibly execute arbitrary commands by transferring a file whose name includes format characters...
CVE-2000-1044
CVE-2000-1044 concerns a format-string vulnerability in ypbind-mt on SuSE Linux (notably SuSE-6.2) that could allow an attacker to gain root privileges. The vulnerability arises in the handling of format strings in the affected component; no exploitation details are provided in the available docu...
CVE-2000-0996
Format string vulnerability in OpenBSD su program and possibly other BSD-based operating systems allows local attackers to gain root privileges via a malformed shell...
CVE-2000-1014
The CVE-2000-1014 entry concerns a format string vulnerability in the search97.cgi CGI script of the SCO help HTTP server for Unixware 7 . The flaw allows remote attackers to execute arbitrary commands through format string characters supplied in the queryText parameter, enabling potential remote...
CVE-2000-0917
CVE-2000-0917 describes a format-string vulnerability in LPRng’s use_syslog() in version 3.6.24 (and earlier), enabling remote attackers to execute arbitrary commands. Multiple sources corroborate: Red Hat RHSA-2000-065 notes vulnerability in 3.6.24 and earlier; CERT advisories document the forma...
CVE-2000-0947
Format string vulnerability in cfd daemon in GNU CFEngine before 1.6.0a11 allows attackers to execute arbitrary commands via format characters in the CAUTH command...
CVE-2000-0993
Format string vulnerability in pwerror function in BSD libutil library allows local users to gain root privileges via a malformed password in commands such as chpass or passwd...
CVE-2000-0901
Format string vulnerability in screen 3.9.5 and earlier allows local users to gain root privileges via format characters in the vbellmsg initialization variable...