Lucene search
K

140 matches found

RedHat Linux
RedHat Linux
added 2006/05/03 4:9 p.m.4 views

security flaw

Interpretation conflict in the MagicHTML filter in SquirrelMail 1.4.0 to 1.4.5 allows remote attackers to conduct cross-site scripting XSS attacks via style sheet specifiers with invalid 1 "/" and "/" comments, or 2 a newline in a "url" specifier, which is processed by certain web browsers...

4.3CVSS5.7AI score0.02034EPSS
Exploits0References4
Prion
Prion
added 2006/02/28 11:2 a.m.13 views

Format string

Format string vulnerability in the IMAP4rev1 server in Alt-N MDaemon 8.1.1 and possibly 8.1.4 allows remote attackers to cause a denial of service CPU consumption by creating and then listing folders whose names contain format string specifiers...

5CVSS6.9AI score0.03119EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2005/10/25 4:0 a.m.24 views

CVE-2004-2489

Format string vulnerability in IBM Informix Dynamic Server IDS before 9.40.xC3 allows local users to execute arbitrary code via a modified INFORMIXDIR environment variable that points to a file with format string specifiers in the filename...

7AI score0.0043EPSS
Exploits0References6
Cvelist
Cvelist
added 2005/10/25 4:0 a.m.16 views

CVE-2004-2519

Gattaca Server 2003 1.1.10.0 allows remote attackers to cause a denial of service CPU consumption via directory specifiers in the LANGUAGE parameter to 1 index.tmpl and 2 web.tmpl, such as a slash "/", b backslash "", c dot ".",, d dot dot "..", and e internal slash "lang//en"...

6.6AI score0.08033EPSS
Exploits1References7
Cvelist
Cvelist
added 2005/10/20 4:0 a.m.21 views

CVE-2005-3262

Format string vulnerability in RARLAB WinRAR 2.90 through 3.50 allows remote attackers to execute arbitrary code via format string specifiers in a UUE/XXE file, which are not properly handled when WinRAR displays diagnostic errors related to an invalid filename...

7.7AI score0.08795EPSS
Exploits0References4
OSV
OSV
added 2005/09/02 10:3 p.m.1 views

DEBIAN-CVE-2005-1857

Format string vulnerability in simpleproxy before 3.4 allows remote malicious HTTP proxies to execute arbitrary code via format string specifiers in a reply...

7.5CVSS8AI score0.04325EPSS
Exploits0References1
NVD
NVD
added 2005/07/26 4:0 a.m.17 views

CVE-2005-2375

Format string vulnerability in Race Driver 1.20 and earlier allows remote attackers to cause a denial of service application crash via format string specifiers in a 1 nickname or 2 chat message...

5CVSS6.7AI score0.01297EPSS
Exploits1References2
CVE
CVE
added 2005/07/14 4:0 a.m.48 views

CVE-2001-1562

CVE-2001-1562 affects the nvi editor; it is a format string vulnerability in which, before version 1.79, local users could gain privileges via format specifiers embedded in a filename. The Debian advisory DSA-085-1 and OpenVAS entries reiterate that nvi (and nvi-m17n) needed updates to address th...

7.2CVSS6.4AI score0.00397EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2005/05/20 4:0 a.m.1 views

DEBIAN-CVE-2005-1686

Format string vulnerability in gedit 2.10.2 may allow attackers to cause a denial of service application crash via a bin file with format string specifiers in the filename. NOTE: while this issue is triggered on the command line by the gedit user, it has been reported that web browsers and email...

2.6CVSS6.3AI score0.07655EPSS
Exploits0References1
Cvelist
Cvelist
added 2005/04/16 4:0 a.m.20 views

CVE-2005-1122

Format string vulnerability in cgi.c for Monkey daemon monkeyd before 0.9.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via an HTTP GET request containing double-encoded format string specifiers aka "double expansion error"...

7.7AI score0.02688EPSS
Exploits0References4
CVE
CVE
added 2005/03/08 5:0 a.m.68 views

CVE-2005-0687

CVE-2005-0687 describes a format string vulnerability in Hashcash 1.16. An attacker can exploit malformed reply addresses to cause memory consumption DoS and potentially execute arbitrary code when printing the header. The issue is documented in multiple sources (NVD, CVE listings, GLSA 200503-12...

7.5CVSS7.5AI score0.02884EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2004/12/31 5:0 a.m.5 views

CVE-2004-1388

Format string vulnerability in the gpsdreport function for BerliOS GPD daemon gpsd, formerly pygps 1.9.0 through 2.7 allows remote attackers to execute arbitrary code via certain GPS requests containing format string specifiers that are not properly handled in syslog calls...

7.5AI score
Exploits0References5
NVD
NVD
added 2004/12/31 5:0 a.m.17 views

CVE-2004-1388

Format string vulnerability in the gpsdreport function for BerliOS GPD daemon gpsd, formerly pygps 1.9.0 through 2.7 allows remote attackers to execute arbitrary code via certain GPS requests containing format string specifiers that are not properly handled in syslog calls...

7.5CVSS7.5AI score0.68195EPSS
Exploits8References5
NVD
NVD
added 2004/12/31 5:0 a.m.19 views

CVE-2004-2523

Format string vulnerability in the msg command catmessage function in msg.c in OpenFTPD 0.30.2 and earlier allows remote authenticated users to execute arbitrary code via format string specifiers in the message argument...

6.5CVSS7.4AI score0.05402EPSS
Exploits1References8
Debian CVE
Debian CVE
added 2004/06/30 4:0 a.m.20 views

CVE-2004-0393

Format string vulnerability in the msg function for rlpr daemon rlprd 2.0.4 allows remote attackers to execute arbitrary code via format string specifiers in a buffer that can not be resolved, which is provided to the syslog function...

10CVSS7.5AI score0.17427EPSS
Exploits1
Cvelist
Cvelist
added 2004/06/08 4:0 a.m.28 views

CVE-2004-0450

Format string vulnerability in the printlog function in log2mail before 0.2.5.2 allows local users or remote attackers to execute arbitrary code via format string specifiers in a logfile monitored by log2mail...

7.3AI score0.04739EPSS
Exploits0References7
Cvelist
Cvelist
added 2002/02/02 5:0 a.m.17 views

CVE-2001-1078

Format string vulnerability in flog function of eXtremail 1.1.9 and earlier allows remote attackers to gain root privileges via format specifiers in the SMTP commands 1 HELO, 2 EHLO, 3 MAIL FROM, or 4 RCPT TO, and the POP3 commands 5 USER and 6 other commands that can be executed after POP3...

7AI score0.05444EPSS
Exploits1References5
OSV
OSV
added 2001/12/31 5:0 a.m.1 views

DEBIAN-CVE-2001-1562

Format string vulnerability in nvi before 1.79 allows local users to gain privileges via format string specifiers in a filename...

7.2CVSS6.9AI score0.00397EPSS
Exploits0References1
NVD
NVD
added 2001/03/26 5:0 a.m.22 views

CVE-2001-0166

Macromedia Shockwave Flash plugin version 8 and earlier allows remote attackers to cause a denial of service via malformed tag length specifiers in a SWF file...

7.6CVSS6.7AI score0.01704EPSS
Exploits0References2
NVD
NVD
added 2001/02/16 5:0 a.m.13 views

CVE-2001-0037

Directory traversal vulnerability in HomeSeer before 1.4.29 allows remote attackers to read arbitrary files via a URL containing .. dot dot specifiers...

5CVSS6.7AI score0.07938EPSS
Exploits1References4
Rows per page
Query Builder