3209 matches found
CVE-2001-0187
Format string vulnerability in wu-ftp 2.6.1 and earlier, when running with debug mode enabled, allows remote attackers to execute arbitrary commands via a malformed argument that is recorded in a PASV port assignment...
Дырка в CGI pwc (format string bug)
Ошибка форматной строки при работе с syslog...
CVE-2001-0181
Format string vulnerability in the error logging code of DHCP server and client in Caldera Linux allows remote attackers to execute arbitrary commands...
[SECURITY] [DSA 028-1] New man-db packages released
---------------------------------------------------------------------------- Debian Security Advisory DSA-028-1 [email protected] http://www.debian.org/security/ Martin Schulze February 9, 2001 - ---------------------------------------------------------------------------- Package : man-db...
CVE-2001-0032
Format string vulnerability in ssldump possibly allows remote attackers to cause a denial of service and possibly gain root privileges via malicious format string specifiers in a URL...
SuSe / Debian man package format string vulnerability
Hi, This issue has been discussed in vuln-dev 2001-01-26, see: http://www.securityfocus.com/templates/archive.pike?end=2001-01-27&tid=15872 4&fromthread=0&start=2001-01-21&threads=1&list=82& Posted also on suse security list, and aparently overlooked. The man package that ships with SuSe Linux at...
Дырка в man (linux)
Ошиюка форматной строки при разборе агрументов...
WU-FTPD 2.4.2/2.5/2.6 - Debug Mode Client Hostname Format String
source: https://www.securityfocus.com/bid/2296/info Wu-ftpd is a widely used unix ftp server. It contains a format string vulnerability that may be exploitable under certain perhaps 'extreme' circumstances. When running in debug mode, Wu-ftpd logs user activity to syslog in an insecure manner. An...
CVE-2000-0901
Format string vulnerability in screen 3.9.5 and earlier allows local users to gain root privileges via format characters in the vbellmsg initialization variable...
CVE-2000-1000
Summary: CVE-2000-1000 is a format-string vulnerability in AOL Instant Messenger (AIM) 4.1 and earlier. The issue arises when transferring a file whose name contains format specifiers, which can cause a denial of service and may allow arbitrary command execution. Root cause: format-string handlin...
CVE-2000-1044
CVE-2000-1044 concerns a format-string vulnerability in ypbind-mt on SuSE Linux (notably SuSE-6.2) that could allow an attacker to gain root privileges. The vulnerability arises in the handling of format strings in the affected component; no exploitation details are provided in the available docu...
CVE-2000-0993
Format string vulnerability in pwerror function in BSD libutil library allows local users to gain root privileges via a malformed password in commands such as chpass or passwd...
CVE-2000-1040
Format string vulnerability in logging function of ypbind 3.3, while running in debug mode, leaks file descriptors and allows an attacker to cause a denial of service...
CVE-2000-1043
Format string vulnerability in ypserv in Mandrake Linux 7.1 and earlier, and possibly other Linux operating systems, allows an attacker to gain root privileges when ypserv is built without a vsyslog function...
CVE-2000-0917
Format string vulnerability in usesyslog function in LPRng 3.6.24 allows remote attackers to execute arbitrary commands...
CVE-2000-0993
The CVE-2000-0993 entry describes a format-string vulnerability in the OpenBSD/libutil pw_error(3) function that, when invoked by setuid programs such as chpass, could let a local user gain superuser access. Public details indicate OpenBSD fixed the issue in 2000 within the affected libutil code,...
CVE-2000-0996
Format string vulnerability in OpenBSD su program and possibly other BSD-based operating systems allows local attackers to gain root privileges via a malformed shell...
CVE-2000-1043
CVE-2000-1043 describes a format-string vulnerability in the ypserv component (and related ypbind behavior) affecting Mandrake Linux 7.1 and earlier, with potential impact on other Linux systems. The underlying issue is a format-string bug that can allow an attacker to gain root privileges when y...
CVE-2000-1004
CVE-2000-1004 documents a format string vulnerability in OpenBSD photurisd. The issue allows local users to execute arbitrary commands via a configuration-file directory name that contains formatting characters. Affected component: photurisd in OpenBSD (specific version details not provided in th...
CVE-2000-0995
CVE-2000-0995 describes a format-string vulnerability in the OpenBSD yp_passwd utility (and possibly other BSD-based OSes) that can allow an attacker to gain root privileges via a malformed name. The initial description states the vulnerability and impact; a patch is referenced (028_format_string...