RSyslog SQL injection

SQL injection on syslog message...

CVE-2004-2417

Format string vulnerability in smtp.c for smtp.proxy 1.1.3 and earlier allows remote attackers to execute arbitrary code via format string specifiers in the 1 client hostname or 2 message-id, which are injected into a syslog message...

CVE-2004-2417

CVE-2004-2417 : A format string vulnerability in smtp.c for smtp.proxy 1.1.3 and earlier allows remote code execution by injecting format string specifiers via the client hostname or message-id into a syslog message. Affected: smtp.proxy before 1.1.3. Impact and remediation details are not provid...

sambarXSS.txt

--0-1405209961-1116882149=:65898 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit - Sambar - AFFECTED PRODUCTS: ================== Sambar Server 6.2 http://www.sambar.com/ OVERVIEW: ========= Sambar is an all-in-one and fully functional Web, HTTP, HTTPS, Mail, IRC,...

CVE-2005-2410

Format string vulnerability in the nminfohandler function in Network Manager may allow remote attackers to execute arbitrary code via format string specifiers in a Wireless Access Point identifier, which is not properly handled in a syslog call...

CVE-2005-2410

Format string vulnerability in the nminfohandler function in Network Manager may allow remote attackers to execute arbitrary code via format string specifiers in a Wireless Access Point identifier, which is not properly handled in a syslog call...

CVE-2005-2410

Format string vulnerability in the nminfohandler function in Network Manager may allow remote attackers to execute arbitrary code via format string specifiers in a Wireless Access Point identifier, which is not properly handled in a syslog call...

CVE-2005-2409

Format string vulnerability in util.c in nbsmtp 0.99 and earlier, while running in debug mode, allows remote attackers to execute arbitrary code via format string specifiers that are not properly handled in a syslog call...

Fedora Core 4 : NetworkManager-0.4-20.FC4.1 (2005-680)

Network Manager passes logging messages straight to syslog as the format string. This causes it to crash when connecting to access points that contain format string characters. This was reported initially by Ian Jackson : http://mail.gnome.org/archives/networkmanager-list/2005-July/msg00196. html...

CVE-2002-1789

Format string vulnerability in newsx NNTP client before 1.4.8 allows local users to execute arbitrary code via format string specifiers that are not properly handled in a call to the syslog function...

CVE-2005-1738

The provided CVE-2005-1738 data describes a format-string vulnerability in the logPrintBadfile function of delbadfiles.c in Iron Bars SHell (ibsh) prior to version 0.3d. The flaw, triggered by certain inputs not properly handled in a syslog call, allows access to files outside the home directory ...

CVE-2005-1738

Format string vulnerability in the logPrintBadfile function in delbadfiles.c Iron Bars SHell ibsh before 0.3d allows users to "access files outside the home directory" and possibly execute arbitrary code via certain inputs that are not properly handled in a syslog call...

CVE-2005-1738

Format string vulnerability in the logPrintBadfile function in delbadfiles.c Iron Bars SHell ibsh before 0.3d allows users to "access files outside the home directory" and possibly execute arbitrary code via certain inputs that are not properly handled in a syslog call...

Security fix for the ALT Linux 8 package squid version 2.5.STABLE9-alt3

May 12, 2005 Denis Ovsienko 2.5.STABLE9-alt3 - applied: + 2005-04-20 14:59 Medium Fails to process requests for files larger than 2GB in size + 2005-03-26 23:53 Minor rename related cleanup + 2005-03-29 09:52 Cosmetic New cachemgr pendingobjects and clientobjects actions + 2005-03-30 22:51 Cosmet...

CVE-2004-2026

Format string vulnerability in the logmsg function in svc.c for Pound 1.5 and earlier allows remote attackers to execute arbitrary code via format string specifiers in syslog messages...

CVE-2004-2026

Format string vulnerability in the logmsg function in svc.c for Pound 1.5 and earlier allows remote attackers to execute arbitrary code via format string specifiers in syslog messages...

CVE-2005-1127

Format string vulnerability in the log function in Net::Server 0.87 and earlier, as used in Postfix Greylisting Policy Server Postgrey 1.18 and earlier, and possibly other products, allows remote attackers to cause a denial of service crash via format string specifiers that are not properly handl...

CVE-2005-1100

Format string vulnerability in the ErrorLog function in cnf.c in Greylisting daemon GLD 1.3 and 1.4 allows remote attackers to execute arbitrary code via format string specifiers in data that is passed directly to syslog...

DEBIAN-CVE-2005-1127

Format string vulnerability in the log function in Net::Server 0.87 and earlier, as used in Postfix Greylisting Policy Server Postgrey 1.18 and earlier, and possibly other products, allows remote attackers to cause a denial of service crash via format string specifiers that are not properly handl...

CVE-2005-1127

Format string vulnerability in the log function in Net::Server 0.87 and earlier, as used in Postfix Greylisting Policy Server Postgrey 1.18 and earlier, and possibly other products, allows remote attackers to cause a denial of service crash via format string specifiers that are not properly handl...