Lucene search
K

38 matches found

Cvelist
Cvelist
added 2012/01/13 6:0 p.m.27 views

CVE-2011-2776

Buffer overflow in the Error function in super.c in Super 3.30.0 might allow local users to execute arbitrary code via vectors related to syslog logging. NOTE: some of these details are obtained from third party information...

7.3AI score0.00439EPSS
Exploits0References6
CVE
CVE
added 2012/01/13 6:0 p.m.49 views

CVE-2011-2776

CVE-2011-2776 describes a buffer overflow in the Error function of the Super project (version 3.30.0) caused by the syslog logging path, allowing local users to execute arbitrary code. Multiple sources confirm the root cause in super.c and the impact is local code execution with partial confident...

4.4CVSS7.4AI score0.00439EPSS
Exploits0References6Affected Software1
Debian CVE
Debian CVE
added 2012/01/13 6:0 p.m.37 views

CVE-2011-2776

Buffer overflow in the Error function in super.c in Super 3.30.0 might allow local users to execute arbitrary code via vectors related to syslog logging. NOTE: some of these details are obtained from third party information...

4.4CVSS5.6AI score0.00439EPSS
Exploits0
Debian
Debian
added 2012/01/08 9:27 p.m.17 views

[SECURITY] [DSA 2383-1] super security update

------------------------------------------------------------------------- Debian Security Advisory DSA-2383-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff January 08, 2012 http://www.debian.org/security/faq -...

4.4CVSS6.8AI score0.00439EPSS
Exploits0
Cvelist
Cvelist
added 2007/11/14 1:0 a.m.27 views

CVE-2007-3880

Format string vulnerability in srsexec in Sun Remote Services SRS Net Connect 3.2.3 and 3.2.4, as distributed in the SRS Proxy Core SUNWsrspx package, allows local users to gain privileges via format string specifiers in unspecified input that is logged through syslog...

6.5AI score0.00333EPSS
Exploits0References8
UbuntuCve
UbuntuCve
added 2005/11/30 11:3 a.m.46 views

CVE-2005-3912

Format string vulnerability in miniserv.pl Perl web server in Webmin before 1.250 and Usermin before 1.180, with syslog logging enabled, allows remote attackers to cause a denial of service crash or memory consumption and possibly execute arbitrary code via format string specifiers in the usernam...

7.5CVSS6.6AI score0.1448EPSS
Exploits2References1
CVE
CVE
added 2005/11/30 11:0 a.m.116 views

CVE-2005-3912

CVE-2005-3912: Webmin/miniserv.pl format-string vulnerability (username in login form) can crash or exhaust resources and potentially allow remote code execution when syslog logging is enabled. Affected: Webmin < 1.250 and Usermin

7.5CVSS7.7AI score0.1448EPSS
Exploits2References17Affected Software1
Cvelist
Cvelist
added 2005/02/06 5:0 a.m.15 views

CVE-2005-0226

Format string vulnerability in the LogResolver function in log.c for ngIRCd 0.8.2 and earlier, when compiled with IDENT, logging to SYSLOG, and with DEBUG enabled, allows remote attackers to execute arbitrary code...

7.3AI score0.0972EPSS
Exploits1References4
seebug.org
seebug.org
added 2005/02/03 12:0 a.m.22 views

ngIRCd <= 0.8.2 Remote Format String Exploit

No description provided by source. / ngircdfsexp.c ngIRCd = 0.8.2 remote format string exploit Note: To obtain a successful exploitation, we need that ngIRCd has been compiled with IDENT, logging to SYSLOG and DEBUG enabled. Original Reference: http://www.nosystem.com.ar/advisories/advisory-11.tx...

7.1AI score
Exploits0
Exploit DB
Exploit DB
added 2005/02/03 12:0 a.m.76 views

ngIRCd 0.8.2 - Remote Format String

/ ngircdfsexp.c ngIRCd Use: ./ngircdfsexp -h options options: -h host or IP -p ircd port by default 6667 -t type of target system -g syslog GOT address -o offset RET addr by default 0x0806b000 -b brutefoce the RET address from 0x0806b000 + offset -l targets list root@servidor:/home/coki/audit...

7.4AI score
Exploits0
UbuntuCve
UbuntuCve
added 2004/12/06 5:0 a.m.27 views

CVE-2004-0623

Format string vulnerability in misc.c in GNU GNATS 4.00 may allow remote attackers to execute arbitrary code via format string specifiers in a string that gets logged by syslog...

10CVSS6.3AI score0.04487EPSS
Exploits0References1
NVD
NVD
added 2004/12/06 5:0 a.m.18 views

CVE-2004-0623

Format string vulnerability in misc.c in GNU GNATS 4.00 may allow remote attackers to execute arbitrary code via format string specifiers in a string that gets logged by syslog...

10CVSS7.3AI score0.04487EPSS
Exploits0References3
NVD
NVD
added 2004/12/06 5:0 a.m.26 views

CVE-2004-0451

Multiple format string vulnerabilities in the 1 logquit, 2 logerr, or 3 loginfo functions in Software Upgrade Protocol SUP allows remote attackers to execute arbitrary code via format string specifiers in messages that are logged by syslog...

10CVSS7.6AI score0.0439EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2004/10/26 12:0 a.m.19 views

GLSA-200410-26 : socat: Format string vulnerability

The remote host is affected by the vulnerability described in GLSA-200410-26 socat: Format string vulnerability socat contains a syslog based format string vulnerablility in the 'msg' function of 'error.c'. Exploitation of this bug is only possible when socat is run with the '-ly' option, causing...

5CVSS6.1AI score0.07293EPSS
Exploits1References3
Gentoo Linux
Gentoo Linux
added 2004/10/25 12:0 a.m.27 views

socat: Format string vulnerability

Background socat is a multipurpose bidirectional relay, similar to netcat. Description socat contains a syslog based format string vulnerablility in the 'msg' function of 'error.c'. Exploitation of this bug is only possible when socat is run with the '-ly' option, causing it to log messages to...

5CVSS1.1AI score0.07293EPSS
Exploits1
Cvelist
Cvelist
added 2004/06/30 4:0 a.m.30 views

CVE-2004-0623

Format string vulnerability in misc.c in GNU GNATS 4.00 may allow remote attackers to execute arbitrary code via format string specifiers in a string that gets logged by syslog...

7.2AI score0.04487EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2004/06/30 4:0 a.m.62 views

CVE-2004-0623

Removed by vendor...

10CVSS6.7AI score0.04487EPSS
Exploits0
Packet Storm
Packet Storm
added 2000/04/07 12:0 a.m.31 views

fcheck.txt

The short explanation: fcheck is a file integrity checker written in perl. It can send warnings to syslog via an external program such as logger1. Because it calls system with a scalar argument, a malicious user can cause it to execute programs by creating files with shell metacharacters in their...

7.4AI score
Exploits0
Rows per page
Query Builder