CVE-2002-1215

CVE-2002-1215 affects heartbeat 0.4.9 and earlier. Multiple format string vulnerabilities allow a remote attacker to execute arbitrary code by sending crafted UDP packets to port 694 (some sources describe as a buffer overflow). Debian/OSS-related advisories reference this in DSAs and OpenVAS ent...

CVE-2002-1215

Multiple format string vulnerabilities in heartbeat 0.4.9 and earlier claimed as buffer overflows in some sources allow remote attackers to execute arbitrary code via certain packets to UDP port 694 incorrectly claimed as TCP in some sources...

CVE-2002-0884

Multiple format string vulnerabilities in in.rarpd ARP server on Solaris, Caldera UnixWare and Open UNIX, and possibly other operating systems, allows remote attackers to execute arbitrary code via format strings that are not properly handled in the functions 1 syserr and 2 error...

CVE-2002-0884

Multiple format string vulnerabilities in in.rarpd ARP server on Solaris, Caldera UnixWare and Open UNIX, and possibly other operating systems, allows remote attackers to execute arbitrary code via format strings that are not properly handled in the functions 1 syserr and 2 error...

CVE-2002-0857

Format string vulnerabilities in Oracle Listener Control utility lsnrctl for Oracle 9.2 and 9.0, 8.1, and 7.3.4, allow remote attackers to execute arbitrary code on the Oracle DBA system by placing format strings into certain entries in the listener.ora configuration file...

CVE-2002-0857

The CVE-2002-0857 entry describes a format-string vulnerability in Oracle’s Listener Control Utility (LSNRCTL) used to administer Listeners. Affects Oracle 9.2 and 9.0, 8.1, and 7.3.4; by inserting format specifiers into the Listener configuration (listener.ora) or supplying crafted commands, an ...

Oracle Listener Control Format String Vulnerabilities (#NISR14082002)

NGSSoftware Insight Security Research Advisory Name: Oracle Listener Control Format Strings Systems Affected: Oracle 9i, 8i on all platforms Severity: Medium Category: Format String Vulnerabilities Vendor URL: http://www.oracle.com/ Authors: David Litchfield [email protected] Advisory URL:...

[SECURITY] [DSA 148-1] New hylafax packages fix security related problems

-------------------------------------------------------------------------- Debian Security Advisory DSA 148-1 [email protected] http://www.debian.org/security/ Martin Schulze August 12th, 2002 - -------------------------------------------------------------------------- Package : hylafax...

CVE-2002-0525

Format string vulnerabilities in 1 inews or 2 rnews for INN 2.2.3 and earlier allow local users and remote malicious NNTP servers to gain privileges via format string specifiers in NTTP responses...

CVE-2000-1207

userhelper in the usermode package on Red Hat Linux executes non-setuid programs as root, which does not activate the security measures in glibc and allows the programs to be exploited via format string vulnerabilities in glibc via the LANG or LCALL environment variables CVE-2000-0844...

HylaFAX - Various Vulnerabilities Fixed

HylaFAX.org Security Advisory 17 June 2002 Subject: Various Vulnerabilities Fixed Introduction: HylaFAX is a mature est. 1991 enterprise-class open-source software package for sending and receiving facsimiles as well as for sending alpha-numeric pages. It runs on a wide variety of UNIX-like...

CVE-2002-0702

Format string vulnerabilities in the logging routines for dynamic DNS code print.c of ISC DHCP daemon DHCPD 3 to 3.0.1rc8, with the NSUPDATE option enabled, allow remote malicious DNS servers to execute arbitrary code via format strings in a DNS server response...

CVE-2002-0702

Format string vulnerabilities in the logging routines for dynamic DNS code print.c of ISC DHCP daemon DHCPD 3 to 3.0.1rc8, with the NSUPDATE option enabled, allow remote malicious DNS servers to execute arbitrary code via format strings in a DNS server response...

CVE-2002-0175

The CVE-2002-0175 issue concerns libsafe 2.0-11 and earlier, where format-string protection can be bypassed by using certain characters ("'" and "I") that are implemented in glibc but not in libsafe. The connected Mandrake advisory (MDKSA-2002:026) states that this bypass arises from how printf w...

CVE-2002-0525

Format string vulnerabilities in 1 inews or 2 rnews for INN 2.2.3 and earlier allow local users and remote malicious NNTP servers to gain privileges via format string specifiers in NTTP responses...

CVE-2001-1308

Format string vulnerabilities in iPlanet Directory Server 4.1.4 and earlier LDAP allow remote attackers to cause a denial of service crash and possibly execute arbitrary code, as demonstrated by the PROTOS LDAPv3 test suite...

Multiple buffer overflows in Progress

Multiple buffer overflows, format string bugs, etc...

ISC INN 2.0/2.1/2.2.x - Multiple Local Format String Vulnerabilities

source: https://www.securityfocus.com/bid/4501/info The Internet Software Consortium ISC Internet News INN project is a powerful, mature implementation of a usenet system, including a NNTP server and a newsreading server. It is available for a wide range of Unix based systems, including Linux...

CVE-2001-1129

The CVE-2001-1129 entry covers multiple components of Progress database 9.1C (probuild, dbutil, mprosrv, mprshut, proapsv, progres, proutil, rfutil, and prolib). The vulnerability is a local format-string flaw in the PROMSGS environment file that allows a local user to execute arbitrary code. The...

CVE-2001-1129

Format string vulnerabilities in 1 probuild, 2 dbutil, 3 mprosrv, 4 mprshut, 5 proapsv, 6 progres, 7 proutil, 8 rfutil and 9 prolib in Progress database 9.1C allows a local user to execute arbitrary code via format string specifiers in the file used by the PROMSGS environment variable...