CVE-2006-1905

Multiple format string vulnerabilities in xiTK xitk/main.c in xine 0.99.3 allow remote attackers to execute arbitrary code via format string specifiers in a long filename on an EXTINFO line in a playlist file...

CVE-2006-1905

CVE-2006-1905 affects xine (xiTK, xiTk/main.c) with multiple format-string vulnerabilities in the xine UI when processing a long filename on an EXTINFO line in a playlist. A remote attacker could execute arbitrary code via format specifiers. Affected software is xine 0.99.3 (and related CVE-2006-...

CVE-2006-1840

Multiple format string vulnerabilities in Empire Server before 4.3.1 allow attackers to cause a denial of service crash via the 1 load, 2 spy and 3 bomb functions...

CVE-2006-1840

Multiple format string vulnerabilities in Empire Server before 4.3.1 allow attackers to cause a denial of service crash via the 1 load, 2 spy and 3 bomb functions...

CVE-2006-1840

CVE-2006-1840 – Normal mode Affected software: Empire Server (pre-4.3.1). Vulnerability: multiple format string vulnerabilities in the functions load, spy, and bomb. Impact: denial of service (crash). Root cause: format string handling issue in the specified functions. Exploitation: not described...

GLSA-200604-06 : ClamAV: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-200604-06 ClamAV: Multiple vulnerabilities ClamAV contains format string vulnerabilities in the logging code CVE-2006-1615. Furthermore Damian Put discovered an integer overflow in ClamAV's PE header parser CVE-2006-1614 and David...

CVE-2006-1615

Multiple format string vulnerabilities in the logging code in Clam AntiVirus ClamAV before 0.88.1 might allow remote attackers to execute arbitrary code. NOTE: as of 20060410, it is unclear whether this is a vulnerability, as there is some evidence that the arguments are actually being sanitized...

CVE-2006-1615

Multiple format string vulnerabilities in the logging code in Clam AntiVirus ClamAV before 0.88.1 might allow remote attackers to execute arbitrary code. NOTE: as of 20060410, it is unclear whether this is a vulnerability, as there is some evidence that the arguments are actually being sanitized...

CVE-2006-1615

CVE-2006-1615 refers to ClamAV (prior to 0.88.1) format-string vulnerabilities in the logging code that may allow remote attackers to execute arbitrary code. Public sources (Debian DSA-1024-1, OpenVAS entries) describe this format-string issue as potentially enabling code execution, with remote i...

[SECURITY] [DSA 1016-1] New evolution packages fix arbitrary code execution

-------------------------------------------------------------------------- Debian Security Advisory DSA 1016-1 [email protected] http://www.debian.org/security/ Martin Schulze March 23rd, 2006 http://www.debian.org/security/faq -...

CVE-2006-0738

Multiple format string vulnerabilities in eStara SIP softphone allow remote attackers to cause a denial of service hang via SIP INVITE requests with format string specifiers in the SDP session description, as demonstrated using 1 the field name, 2 the o field owner/creator and session identifier,...

Mandrake Linux Security Advisory : apache2-mod_auth_pgsql (MDKSA-2006:009)

iDefense discovered several format string vulnerabilities in the way that modauthpgsql logs information which could potentially be used by a remote attacker to execute arbitrary code as the apache user if modauthpgsql is used for user authentication. The provided packages have been patched to...

Mandrake Linux Security Advisory : gda2.0 (MDKSA-2005:203)

Steve Kemp discovered two format string vulnerabilities in libgda2, the GNOME Data Access library for GNOME2, which may lead to the execution of arbitrary code in programs that use this library. The updated packages have been patched to correct this issue. %NASLMINLEVEL 70300 C Tenable Network...

mod_auth_pgsql: Multiple format string vulnerabilities

Background modauthpgsql is an Apache2 module that allows user authentication against a PostgreSQL database. Description The error logging functions of modauthpgsql fail to validate certain strings before passing them to syslog, resulting in format string vulnerabilities. Impact An unauthenticated...

CVE-2006-0150

Multiple format string vulnerabilities in the authldaplogreason function in Apache authldap 1.6.0 and earlier allows remote attackers to execute arbitrary code via various vectors, including the username...

[Full-disclosure] [USN-239-1] libapache2-mod-auth-pgsql vulnerability

=========================================================== Ubuntu Security Notice USN-239-1 January 09, 2006 libapache2-mod-auth-pgsql vulnerability CVE-2005-3656 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 4.10 Warty...

CVE-2005-3656

CVE-2005-3656 describes a format-string vulnerability in mod_auth_pgsql used for authenticating against PostgreSQL. The flaw in logging functions could enable remote, unauthenticated code execution with the httpd user. Affected modules include libapache2-mod-auth-pgsql; multiple advisories (Red H...

CVE-2005-4568

Multiple format string vulnerabilities in FTGate Technology formerly known as Floosietek FTGate 4.4 aka Build 4.4.000 Oct 26 2005 allow remote attackers to execute arbitrary code via format string specifiers in the 1 USER, 2 PASS, and 3 TOP commands to the POP3 server; and the 4 LIST and 5...

CVE-2005-3666

Technical details (affected implementations, exact root cause, impact, and fixes for CVE-2005-3666) are not publicly available in the provided documents. Monitor for updates as new information becomes available.

CVE-2005-3486

Multiple format string vulnerabilities in Scorched 3D 39.1 bf and earlier allow remote attackers to execute arbitrary code via various 1 GLConsole::addLine, 2 ServerCommon::sendString, 3 ServerCommon::serverLog functions, and possibly other unspecified vectors...