3203 matches found
CVE-2001-1208
CVE-2001-1208 describes a format-string vulnerability in DayDream BBS that allows remote code execution via format specifiers in a file containing a ~#RA control code. The entry lists a base score of 7.5 (HIGH) with network attack vector, low attack complexity, and no authentication required. The...
CVE-2001-1208
Format string vulnerability in DayDream BBS allows remote attackers to execute arbitrary code via format string specifiers in a file containing a RA control code...
FreeBSD-SA-02:15.cyrus-sasl
-----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-02:15 Security Advisory FreeBSD, Inc. Topic: cyrus-sasl library contains format string vulnerability Category: ports Module: cyrus-sasl Announced: 2002-03-12 Credits: Kari...
CVE-2000-0699
The CVE-2000-0699 entry concerns HP-UX 10.20’s ftpd with a format-string vulnerability in the PASS command. The underlying flaw allows a remote attacker to cause a denial of service or execute arbitrary commands through crafted PASS input, potentially enabling shell access as indicated by Nessus ...
CVE-2001-0740
CVE-2001-0740 affects 3COM OfficeConnect 812/840 ADSL Router with OCR812 router software version 1.1.9 and earlier. The vulnerability is a potential format string flaw triggered by a long string containing many "%s" sequences, which can cause a denial of service via remote access. The connected d...
CVE-2001-0690
CVE-2001-0690 describes a format-string vulnerability in Exim in batched SMTP mode that can let an unauthenticated remote attacker execute arbitrary code via format strings in SMTP headers. The entry specifies affected Exim versions: 3.22-10 (Red Hat), 3.12 (Debian), and 3.16 (Conectiva). Attack ...
CVE-2001-0522
Format string vulnerability in Gnu Privacy Guard aka GnuPG or gpg 1.05 and earlier can allow an attacker to gain privileges via format strings in the original filename that is stored in an encrypted file...
CVE-2001-0717
CVE-2001-0717 is a format-string vulnerability in the ToolTalk RPC server rpc.ttdbserverd that permits remote command execution via syslog formatting. Public advisories (Sun, HP, IBM, SunOS/Solaris, AIX, SGI/IRIX, Xi Graphics, Caldera) describe vulnerable platforms and vendor patches. CORE/SECURE...
CVE-2001-0522
The CVE-2001-0522 issue concerns GnuPG (GPG) versions 1.0.5 and earlier, where a format-string vulnerability in the do_get/tty_printf flow exposes the original encrypted-file filename to format-string processing. This can allow code execution with the privileges of the user decrypting the file. T...
CVE-2000-0699
Format string vulnerability in ftpd in HP-UX 10.20 allows remote attackers to cause a denial of service or execute arbitrary commands via format strings in the PASS command...
CVE-2001-0717
Format string vulnerability in ToolTalk database server rpc.ttdbserverd allows remote attackers to execute arbitrary commands via format string specifiers that are passed to the syslog function...
CVE-2001-0879
CVE-2001-0879 describes a format-string vulnerability in the C runtime functions used by Microsoft SQL Server 7.0 and 2000. The underlying issue is a format string handling flaw in the C runtime, which can allow an attacker to trigger a denial of service. The available connected documents confirm...
CVE-2001-0740
3COM OfficeConnect 812 and 840 ADSL Router 4.2, running OCR812 router software 1.1.9 and earlier, allows remote attackers to cause a denial of service via a long string containing a large number of "%s" strings, possibly triggering a format string vulnerability...
[H20020304]: Remotely exploitable format string vulnerability in ntop
h o l o g r a m | s e c u r i t y | a d v i s o r y Advisory ID : H20020304 Software : ntop Synopsis : Remotely exploitable format string vulnerability in ntop. Vendor : Luca Deri www.ntop.org Verified : Version 2.0 Author : hologram [email protected] | Overview...
Caldera UnixWare 7.1.1 - Message Catalog Environment Variable Format String
// source: https://www.securityfocus.com/bid/4060/info UnixWare is a commercially available Unix Operating System. It was originally developed by SCO, and is now distributed and maintained by Caldera. A format string vulnerability in the locale subsystem could lead to a user gaining elevated...
Caldera UnixWare 7.1.1 - Message Catalog Environment Variable Format String
Caldera UnixWare 7.1.1 - Message Catalog Environment Variable Format String // source: https://www.securityfocus.com/bid/4060/info UnixWare is a commercially available Unix Operating System. It was originally developed by SCO, and is now distributed and maintained by Caldera. A format string...
CVE-2001-1078
CVE-2001-1078 affects eXtremail 1.1.9 and earlier. The vulnerability is a format-string issue in the flog function that can be exploited remotely to gain root privileges by supplying format specifiers through SMTP commands (HELO, EHLO, MAIL FROM, RCPT TO) and via POP3 commands after authenticatio...
CVE-2001-1034
Format string vulnerability in Hylafax on FreeBSD allows local users to execute arbitrary code via format specifiers in the -h hostname argument for 1 faxrm or 2 faxalter...
CVE-2001-0915
Format string vulnerability in Berkeley parallel make pmake 2.1.33 and earlier allows a local user to gain root privileges via format specifiers in the check argument of a shell definition...
CVE-2001-1034
CVE-2001-1034 describes format-string vulnerabilities in HylaFAX. HylaFAX components affected include faxrm, faxalter, faxgetty, faxwatch, and hfaxd; the root cause is unchecked input used as a format string, enabling local privilege escalation or denial of service in some configurations. Debian ...