38 matches found
CVE-2011-2776
Buffer overflow in the Error function in super.c in Super 3.30.0 might allow local users to execute arbitrary code via vectors related to syslog logging. NOTE: some of these details are obtained from third party information...
CVE-2011-2776
CVE-2011-2776 describes a buffer overflow in the Error function of the Super project (version 3.30.0) caused by the syslog logging path, allowing local users to execute arbitrary code. Multiple sources confirm the root cause in super.c and the impact is local code execution with partial confident...
CVE-2011-2776
Buffer overflow in the Error function in super.c in Super 3.30.0 might allow local users to execute arbitrary code via vectors related to syslog logging. NOTE: some of these details are obtained from third party information...
[SECURITY] [DSA 2383-1] super security update
------------------------------------------------------------------------- Debian Security Advisory DSA-2383-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff January 08, 2012 http://www.debian.org/security/faq -...
CVE-2007-3880
Format string vulnerability in srsexec in Sun Remote Services SRS Net Connect 3.2.3 and 3.2.4, as distributed in the SRS Proxy Core SUNWsrspx package, allows local users to gain privileges via format string specifiers in unspecified input that is logged through syslog...
CVE-2005-3912
Format string vulnerability in miniserv.pl Perl web server in Webmin before 1.250 and Usermin before 1.180, with syslog logging enabled, allows remote attackers to cause a denial of service crash or memory consumption and possibly execute arbitrary code via format string specifiers in the usernam...
CVE-2005-3912
CVE-2005-3912: Webmin/miniserv.pl format-string vulnerability (username in login form) can crash or exhaust resources and potentially allow remote code execution when syslog logging is enabled. Affected: Webmin < 1.250 and Usermin
CVE-2005-0226
Format string vulnerability in the LogResolver function in log.c for ngIRCd 0.8.2 and earlier, when compiled with IDENT, logging to SYSLOG, and with DEBUG enabled, allows remote attackers to execute arbitrary code...
ngIRCd <= 0.8.2 Remote Format String Exploit
No description provided by source. / ngircdfsexp.c ngIRCd = 0.8.2 remote format string exploit Note: To obtain a successful exploitation, we need that ngIRCd has been compiled with IDENT, logging to SYSLOG and DEBUG enabled. Original Reference: http://www.nosystem.com.ar/advisories/advisory-11.tx...
ngIRCd 0.8.2 - Remote Format String
/ ngircdfsexp.c ngIRCd Use: ./ngircdfsexp -h options options: -h host or IP -p ircd port by default 6667 -t type of target system -g syslog GOT address -o offset RET addr by default 0x0806b000 -b brutefoce the RET address from 0x0806b000 + offset -l targets list root@servidor:/home/coki/audit...
CVE-2004-0623
Format string vulnerability in misc.c in GNU GNATS 4.00 may allow remote attackers to execute arbitrary code via format string specifiers in a string that gets logged by syslog...
CVE-2004-0623
Format string vulnerability in misc.c in GNU GNATS 4.00 may allow remote attackers to execute arbitrary code via format string specifiers in a string that gets logged by syslog...
CVE-2004-0451
Multiple format string vulnerabilities in the 1 logquit, 2 logerr, or 3 loginfo functions in Software Upgrade Protocol SUP allows remote attackers to execute arbitrary code via format string specifiers in messages that are logged by syslog...
GLSA-200410-26 : socat: Format string vulnerability
The remote host is affected by the vulnerability described in GLSA-200410-26 socat: Format string vulnerability socat contains a syslog based format string vulnerablility in the 'msg' function of 'error.c'. Exploitation of this bug is only possible when socat is run with the '-ly' option, causing...
socat: Format string vulnerability
Background socat is a multipurpose bidirectional relay, similar to netcat. Description socat contains a syslog based format string vulnerablility in the 'msg' function of 'error.c'. Exploitation of this bug is only possible when socat is run with the '-ly' option, causing it to log messages to...
CVE-2004-0623
Format string vulnerability in misc.c in GNU GNATS 4.00 may allow remote attackers to execute arbitrary code via format string specifiers in a string that gets logged by syslog...
CVE-2004-0623
Removed by vendor...
fcheck.txt
The short explanation: fcheck is a file integrity checker written in perl. It can send warnings to syslog via an external program such as logger1. Because it calls system with a scalar argument, a malicious user can cause it to execute programs by creating files with shell metacharacters in their...