3203 matches found
CVE-2001-0920
Format string vulnerability in auto nice daemon AND 1.0.4 and earlier allows a local user to possibly execute arbitrary code via a process name containing a format string...
CVE-2001-0869
CVE-2001-0869 is a format-string vulnerability in the Cyrus SASL library (cyrus-sasl) affecting the default logging callback _sasl_syslog in common.c. The Mandrake MDKSA-2002:018 advisory notes a format bug in cyrus-sasl that could allow a remote attacker to obtain access or elevate privileges, w...
CVE-2001-1203
The CVE corresponds to a local root vulnerability in the gpm package (gpm-root) where a format string flaw in gpm 1.17.8–1.17.18 allows local privilege escalation. Debian and OpenVAS entries describe the issue as requiring an update to gpm (DSA-095-1); Nessus notes this as a Debian local root adv...
CVE-2001-1022
CVE-2001-1022 relates to a format-string vulnerability in the groff family: the pic component of groff (and jgroff before 1.15) could bypass the -S option and execute arbitrary commands via format-string specifiers in the plot command. Affected: groff 1.16.1 and other versions; jgroff before 1.15...
CVE-2001-1022
Format string vulnerability in pic utility in groff 1.16.1 and other versions, and jgroff before 1.15, allows remote attackers to bypass the -S option and execute arbitrary commands via format string specifiers in the plot command...
CVE-2001-0920
The CVE-2001-0920 entry concerns a format string vulnerability in the auto nice daemon (AND) version 1.0.4 and earlier that lets a local user potentially execute arbitrary code by supplying a process name containing a format string. Affected component: the daemon’s handling of process names. Unde...
CVE-2002-0159
Format string vulnerability in the administration function in Cisco Secure Access Control Server ACS for Windows, 2.6.x and earlier and 3.x through 3.01 build 40, allows remote attackers to crash the CSADMIN module only denial of service of administration function or execute arbitrary code via...
CVE-2001-1176
CVE-2001-1176 describes a format-string vulnerability in Check Point VPN-1/FireWall-1 4.1. The issue allows a remote authenticated firewall administrator to execute arbitrary code via format strings in the control connection. Exploitation details are not provided in the connected documents; no ex...
CVE-2001-1176
Format string vulnerability in Check Point VPN-1/FireWall-1 4.1 allows a remote authenticated firewall administrator to execute arbitrary code via format strings in the control connection...
CVE-2001-0869
Format string vulnerability in the default logging callback function saslsyslog in common.c in Cyrus SASL library cyrus-sasl may allow remote attackers to execute arbitrary commands...
CVE-2002-0586
Format string vulnerability in NsPdLog function for the external database driver proxy daemon library libnspd.a of AOLServer 3.0 through 3.4.2 allows remote attackers to execute arbitrary code via the Error or Notice parameters...
CVE-2002-0598
Format string vulnerability in Foundstone FScan 1.12 with banner grabbing enabled allows remote attackers to execute arbitrary code on the scanning system via format string specifiers in the server banner...
[CERT-intexxia] mmmail POP3-SMTP Daemon Format String Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SECURITY ADVISORY INTEXXIAc 04 06 2002 ID 1054-040602 TITLE : mmmail POP3-SMTP Daemon Format String Vulnerability CREDITS : Guillaume Pelat / INTEXXIA SYSTEM AFFECTED =============== mmmail = 0.0.13 mmpop3d & mmsmtpd DESCRIPTION =========== "mmmail...
IRIX talkd vulnerability
-----BEGIN PGP SIGNED MESSAGE----- SGI Security Advisory Title: talkd vulnerability Number: 20020603-01-I Date: June 10, 2002 Reference: CVE-2000-1010 - ----------------------- - --- Issue Specifics --- - ----------------------- It's been reported that the /usr/etc/talkd daemon contains a format...
CVE-2002-0586
CVE-2002-0586 describes a format-string vulnerability in AOLServer (libnspd.a) across versions 3.0–3.4.2, specifically in the Ns_PdLog function. An attacker could exploit the Error or Notice parameters to execute arbitrary code remotely. The vulnerability impacts the AOLServer external database d...
CVE-2002-0586
Format string vulnerability in NsPdLog function for the external database driver proxy daemon library libnspd.a of AOLServer 3.0 through 3.4.2 allows remote attackers to execute arbitrary code via the Error or Notice parameters...
Ehud Gavron TrACESroute 6.1.1 - Terminator Function Format String
Ehud Gavron TrACESroute 6.1.1 - Terminator Function Format String source: https://www.securityfocus.com/bid/4956/info A format string vulnerability exists in TrACESroute. The problem exists in the terminator -T function of the program. Due to improper use of the fprintf function, an attacker may ...
Ehud Gavron TrACESroute 6.1.1 - Terminator Function Format String
source: https://www.securityfocus.com/bid/4956/info A format string vulnerability exists in TrACESroute. The problem exists in the terminator -T function of the program. Due to improper use of the fprintf function, an attacker may be able to supply a malicious format string to the program that...
SRT Security Advisory (SRT2002-06-04-1711): SCO crontab
====================================================================== Strategic Reconnaissance Team Security Advisory SRT2002-06-04-1611 Topic : SCO OpenServer crontab format string vulnerability Date : June 04, 2002 Credit : KF dotslashatsnosoft.com Site : http://www.snosoft.com...
SRT Security Advisory (SRT2002-06-04-1011): slurp
====================================================================== Strategic Reconnaissance Team Security Advisory SRT2002-06-04-1011 Topic : Slurp news retriever remote format string vulnerability Date : June 04, 2002 Credit : zillionatsafemode.org Site : http://www.snosoft.com...