140 matches found
security flaw
Interpretation conflict in the MagicHTML filter in SquirrelMail 1.4.0 to 1.4.5 allows remote attackers to conduct cross-site scripting XSS attacks via style sheet specifiers with invalid 1 "/" and "/" comments, or 2 a newline in a "url" specifier, which is processed by certain web browsers...
Format string
Format string vulnerability in the IMAP4rev1 server in Alt-N MDaemon 8.1.1 and possibly 8.1.4 allows remote attackers to cause a denial of service CPU consumption by creating and then listing folders whose names contain format string specifiers...
CVE-2004-2489
Format string vulnerability in IBM Informix Dynamic Server IDS before 9.40.xC3 allows local users to execute arbitrary code via a modified INFORMIXDIR environment variable that points to a file with format string specifiers in the filename...
CVE-2004-2519
Gattaca Server 2003 1.1.10.0 allows remote attackers to cause a denial of service CPU consumption via directory specifiers in the LANGUAGE parameter to 1 index.tmpl and 2 web.tmpl, such as a slash "/", b backslash "", c dot ".",, d dot dot "..", and e internal slash "lang//en"...
CVE-2005-3262
Format string vulnerability in RARLAB WinRAR 2.90 through 3.50 allows remote attackers to execute arbitrary code via format string specifiers in a UUE/XXE file, which are not properly handled when WinRAR displays diagnostic errors related to an invalid filename...
DEBIAN-CVE-2005-1857
Format string vulnerability in simpleproxy before 3.4 allows remote malicious HTTP proxies to execute arbitrary code via format string specifiers in a reply...
CVE-2005-2375
Format string vulnerability in Race Driver 1.20 and earlier allows remote attackers to cause a denial of service application crash via format string specifiers in a 1 nickname or 2 chat message...
CVE-2001-1562
CVE-2001-1562 affects the nvi editor; it is a format string vulnerability in which, before version 1.79, local users could gain privileges via format specifiers embedded in a filename. The Debian advisory DSA-085-1 and OpenVAS entries reiterate that nvi (and nvi-m17n) needed updates to address th...
DEBIAN-CVE-2005-1686
Format string vulnerability in gedit 2.10.2 may allow attackers to cause a denial of service application crash via a bin file with format string specifiers in the filename. NOTE: while this issue is triggered on the command line by the gedit user, it has been reported that web browsers and email...
CVE-2005-1122
Format string vulnerability in cgi.c for Monkey daemon monkeyd before 0.9.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via an HTTP GET request containing double-encoded format string specifiers aka "double expansion error"...
CVE-2005-0687
CVE-2005-0687 describes a format string vulnerability in Hashcash 1.16. An attacker can exploit malformed reply addresses to cause memory consumption DoS and potentially execute arbitrary code when printing the header. The issue is documented in multiple sources (NVD, CVE listings, GLSA 200503-12...
CVE-2004-1388
Format string vulnerability in the gpsdreport function for BerliOS GPD daemon gpsd, formerly pygps 1.9.0 through 2.7 allows remote attackers to execute arbitrary code via certain GPS requests containing format string specifiers that are not properly handled in syslog calls...
CVE-2004-1388
Format string vulnerability in the gpsdreport function for BerliOS GPD daemon gpsd, formerly pygps 1.9.0 through 2.7 allows remote attackers to execute arbitrary code via certain GPS requests containing format string specifiers that are not properly handled in syslog calls...
CVE-2004-2523
Format string vulnerability in the msg command catmessage function in msg.c in OpenFTPD 0.30.2 and earlier allows remote authenticated users to execute arbitrary code via format string specifiers in the message argument...
CVE-2004-0393
Format string vulnerability in the msg function for rlpr daemon rlprd 2.0.4 allows remote attackers to execute arbitrary code via format string specifiers in a buffer that can not be resolved, which is provided to the syslog function...
CVE-2004-0450
Format string vulnerability in the printlog function in log2mail before 0.2.5.2 allows local users or remote attackers to execute arbitrary code via format string specifiers in a logfile monitored by log2mail...
CVE-2001-1078
Format string vulnerability in flog function of eXtremail 1.1.9 and earlier allows remote attackers to gain root privileges via format specifiers in the SMTP commands 1 HELO, 2 EHLO, 3 MAIL FROM, or 4 RCPT TO, and the POP3 commands 5 USER and 6 other commands that can be executed after POP3...
DEBIAN-CVE-2001-1562
Format string vulnerability in nvi before 1.79 allows local users to gain privileges via format string specifiers in a filename...
CVE-2001-0166
Macromedia Shockwave Flash plugin version 8 and earlier allows remote attackers to cause a denial of service via malformed tag length specifiers in a SWF file...
CVE-2001-0037
Directory traversal vulnerability in HomeSeer before 1.4.29 allows remote attackers to read arbitrary files via a URL containing .. dot dot specifiers...