Format string

Format string vulnerability in GnomeMeeting 1.0.2 and earlier allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via format strings in the name, which is not properly handled in a call to the gnomemeetingloginsert function...

VLC media player: Format string vulnerability

Background VLC media player is a multimedia player for various audio and video formats. Description Kevin Finisterre has discovered that when handling media locations, various functions throughout VLC media player make improper use of format strings. Impact An attacker could entice a user to open...

CVE-2007-0404

bin/compile-messages.py in Django 0.95 does not quote argument strings before invoking the msgfmt program through the os.system function, which allows attackers to execute arbitrary commands via shell metacharacters in a 1 .po or 2 .mo file...

CVE-2005-4817

Format string vulnerability in ui.c in Textbased MSN Client TMSNC before 0.2.5 allows attackers to cause a denial of service and possibly execute arbitrary code via unknown attack vectors that cause format strings to be injected into the wprintw function...

DEBIAN-CVE-2006-6692

Multiple format string vulnerabilities in zabbix before 20061006 allow attackers to cause a denial of service application crash and possibly execute arbitrary code via format string specifiers in information that would be recorded in the system log using 1 zabbixlog or 2 zabbixsyslog...

CVE-2006-6600

Cross-site scripting XSS vulnerability in dir.php in TorrentFlux 2.2, when allows remote attackers to inject arbitrary web script or HTML via double URL-encoded strings in the dir parameter, a related issue to CVE-2006-5609...

CVE-2006-6600

Cross-site scripting XSS vulnerability in dir.php in TorrentFlux 2.2, when allows remote attackers to inject arbitrary web script or HTML via double URL-encoded strings in the dir parameter, a related issue to CVE-2006-5609...

CVE-2006-6600

CVE-2006-6600 describes a Cross-site Scripting (XSS) vulnerability in TorrentFlux 2.2, specifically in dir.php, where remote attackers can inject arbitrary web script or HTML through double URL-encoded strings in the dir parameter. This is linked to CVE-2006-5609. The provided sources confirm the...

CVE-2006-6252

Microsoft Windows Live Messenger 8.0 and earlier, when gestual emoticons are enabled, allows remote attackers to cause a denial of service CPU consumption via a long string composed of ":D" sequences, which are interpreted as emoticons...

WordPress: Multiple vulnerabilities

Background WordPress is a PHP and MySQL based multiuser blogging system. Description "random" discovered that users can enter serialized objects as strings in their profiles that will be harmful when unserialized. "adapter" found out that user-edit.php fails to effectively deny non-permitted user...

PT-2006-6339 · Ig · Ig Shop

Name of the Vulnerable Software and Affected Versions: iG Shop version 1.4 Description: The issue is related to a cross-site scripting XSS vulnerability. It allows remote attackers to inject arbitrary web script or HTML via arbitrary query strings in the change pass.php file when the action...

Solaris locale Format Strings (noexec stack) Exploit

No description provided by source. / exploit for locale subsystem format strings bug In Solaris with noexec stack. Tested in Solaris 2.6/7.0 If it wont work, try adjust retloc offset. e.g. ./ex -o -4 $gcc -o ex ex.c ldd /usr/bin/passwd|sed -e 's/^.lib\0-9a-zA-Z\.so./-l\1/' usages: ./ex -h Thanks...

Linux eXtremail 1.5.x Remote Format Strings Exploit

No description provided by source. // / Linux eXtremail 1.5.x Remote Format Strings Exploit / / / / / / By B-r00t - 02/07/2003 / / / / Versions: Linux eXtremail-1.5-8 = VULNERABLE / / Linux eXtremail-1.5-5 = VULNERABLE / / Exploit uses format strings bug in fLog of smtpd to bind a / / r00tshell t...

wu-ftpd 2.6.0 Remote Format Strings Exploit

No description provided by source. / 12:40 11/10/00: Tool for either attack or defense within an information warfare setting. Rather, it is a small program demonstrating proof of concept. Default values for solaris 2.8 and inetd. If you are not the intended recipient, or a person responsible for...

BFTPd vsprintf() Format Strings Exploit

No description provided by source. Copyright c 2000 - Security.is The following material may be freely redistributed, provided that the code or the disclaimer have not been partly removed, altered or modified in any way. The material is the property of security.is. You are allowed to adopt the...

GLSA-200610-05 : CAPI4Hylafax fax receiver: Execution of arbitrary code

The remote host is affected by the vulnerability described in GLSA-200610-05 CAPI4Hylafax fax receiver: Execution of arbitrary code Lionel Elie Mamane discovered an error in c2faxrecv, which doesn't properly sanitize TSI strings when handling incoming calls. Impact : A remote attacker can send nu...

Debian DSA-943-1 : perl - integer overflow

Jack Louis discovered an integer overflow in Perl, Larry Wall's Practical Extraction and Report Language, that allows attackers to overwrite arbitrary memory and possibly execute arbitrary code via specially crafted content that is passed to vulnerable format strings of third-party software. The...

Microsoft Office fails to properly parse malformed strings

Overview A vulnerability in the way Microsoft Office parses files with malformed strings may lead to execution of arbitrary code. Description Microsoft Office contains a vulnerability that could be exploited when parsing specially crafted strings. According to Microsoft Security Bulletin...

python repr unicode buffer overflow

Buffer overflow in the repr function in Python 2.3 through 2.6 before 20060822 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via crafted wide character UTF-32/UCS-4 strings to certain scripts...

CVE-2006-4980

Buffer overflow in the repr function in Python 2.3 through 2.6 before 20060822 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via crafted wide character UTF-32/UCS-4 strings to certain scripts...