Lucene search
K

1662 matches found

securityvulns
securityvulns
added 2004/11/06 12:0 a.m.24 views

DHCP format tring bug

Format string bug via DNS name on syslog call...

2.3AI score
Exploits0References2Affected Software1
securityvulns
securityvulns
added 2004/11/03 12:0 a.m.27 views

proxytunnel format string bug

Format string bug on syslog...

1.8AI score
Exploits0References1
securityvulns
securityvulns
added 2004/11/03 12:0 a.m.27 views

Speedtouch USB driver for linux format string bugs

Format string bug on syslog call...

1.4AI score
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2004/11/02 12:0 a.m.27 views

Cherokee formatstring bug

Format string bug on syslog call and gile logging in NCSA format, cherokeeloggerncsawritestring...

2.1AI score
Exploits0References2Affected Software1
Tenable Nessus
Tenable Nessus
added 2004/10/26 12:0 a.m.19 views

GLSA-200410-26 : socat: Format string vulnerability

The remote host is affected by the vulnerability described in GLSA-200410-26 socat: Format string vulnerability socat contains a syslog based format string vulnerablility in the 'msg' function of 'error.c'. Exploitation of this bug is only possible when socat is run with the '-ly' option, causing...

5CVSS6.1AI score0.07293EPSS
Exploits1References3
securityvulns
securityvulns
added 2004/10/26 12:0 a.m.32 views

socat format string bug

syslog format string bug with -ly option...

1.4AI score
Exploits0References1Affected Software1
Gentoo Linux
Gentoo Linux
added 2004/10/25 12:0 a.m.25 views

socat: Format string vulnerability

Background socat is a multipurpose bidirectional relay, similar to netcat. Description socat contains a syslog based format string vulnerablility in the 'msg' function of 'error.c'. Exploitation of this bug is only possible when socat is run with the '-ly' option, causing it to log messages to...

5CVSS1.1AI score0.07293EPSS
Exploits1
FreeBSD
FreeBSD
added 2004/10/18 12:0 a.m.14 views

socat -- format string vulnerability

Socat Security Advisory 1 states: socat up to version 1.4.0.2 contains a syslog based format string vulnerability. This issue was originally reported by CoKi on 19 Oct.2004 http://www.nosystem.com.ar/advisories/advisory-07.txt. Further investigation showed that this vulnerability could under some...

3.5AI score
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2004/09/29 12:0 a.m.19 views

Debian DSA-175-1 : syslog-ng - buffer overflow

Balazs Scheidler discovered a problem in the way syslog-ng handles macro expansion. When a macro is expanded a static length buffer is used accompanied by a counter. However, when constant characters are appended, the counter is not updated properly, leading to incorrect boundary checking. An...

7.5CVSS5.7AI score0.05578EPSS
Exploits1References3
securityvulns
securityvulns
added 2004/09/15 12:0 a.m.27 views

SUS (extended su) format string bug

Format string bug on syslog call...

1.5AI score
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2004/09/01 4:0 a.m.26 views

CVE-2002-1200

Balabit Syslog-NG 1.4.x before 1.4.15, and 1.5.x before 1.5.20, when using template filenames or output, does not properly track the size of a buffer when constant characters are encountered during macro expansion, which allows remote attackers to cause a denial of service and possibly execute...

7.6AI score0.05578EPSS
Exploits1References8
CVE
CVE
added 2004/09/01 4:0 a.m.64 views

CVE-2002-1200

Balabit Syslog-NG is affected by CVE-2002-1200. Affected lines are syslog-ng 1.4.x before 1.4.15 and 1.5.x before 1.5.20. The issue arises from improper buffer size tracking during macro expansion when constant characters are appended to template filenames or output, leading to out-of-bounds writ...

7.5CVSS7.6AI score0.05578EPSS
Exploits1References8Affected Software1
Debian CVE
Debian CVE
added 2004/09/01 4:0 a.m.29 views

CVE-2002-1200

Balabit Syslog-NG 1.4.x before 1.4.15, and 1.5.x before 1.5.20, when using template filenames or output, does not properly track the size of a buffer when constant characters are encountered during macro expansion, which allows remote attackers to cause a denial of service and possibly execute...

7.5CVSS7.7AI score0.05578EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2004/08/20 12:0 a.m.17 views

Cfengine CAUTH Command Remote Format String

Cfengine is running on this remote host. Cfengine contains a component, cfd, which serves as a remote-configuration client to cfengine. This version of cfd contains several flaws in the way that it calls syslog. As a result, trusted hosts and valid users if access controls are not in place can...

10CVSS6.2AI score0.02525EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2004/08/20 12:0 a.m.11 views

Lynx < 2.8.5 dev 6 Syslog URI Format String

Binary data 1737.prm...

7.3AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2004/07/31 12:0 a.m.34 views

Mandrake Linux Security Advisory : dhcp (MDKSA-2004:061)

A vulnerability in how ISC's DHCPD handles syslog messages can allow a malicious attacker with the ability to send special packets to the DHCPD listening port to crash the daemon, causing a Denial of Service. It is also possible that they may be able to execute arbitrary code on the vulnerable...

10CVSS6.1AI score0.45333EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2004/07/25 12:0 a.m.14 views

SUSE-SA:2002:039: syslog-ng

The remote host is missing the patch for the advisory SUSE-SA:2002:039 syslog-ng. The syslog-ng package is a portable syslog implementation which can be used as syslogd replacement. Syslog-ng contained buffer overflows in its macro expansion routines. These overflows could be triggered by remote...

5.7AI score
Exploits0
securityvulns
securityvulns
added 2004/07/09 12:0 a.m.34 views

SSLTelnet format string bug

Format string on syslog in ssltenetd SSLsetverify...

1.7AI score
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2004/07/08 4:0 a.m.26 views

CVE-2004-0448

Format string vulnerability in the log function for jftpgw 0.13.4 and earlier allows remote authenticated users to execute arbitrary code via format string specifiers in certain syslog messages...

7.1AI score0.04343EPSS
Exploits0References3
CVE
CVE
added 2004/06/30 4:0 a.m.55 views

CVE-2004-0623

GNU GNATS 4.00 is affected by a format string vulnerability in misc.c that can allow a remote attacker to execute arbitrary code via format specifiers in a string logged by syslog. The CVE-2004-0623 entry notes a high severity (base score 10.0, CVSS2: AV:N/AC:L/Au:N/C:C/I:C/A:C) with remote, unau...

10CVSS7.2AI score0.04487EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder