Next Page >>
format string vulnerability
http://php-security.org/2010/05/14/mops-2010-028-php-phar_wrapper_open_url-format-string-vulnerabilities/
MOPS-2010-027: PHP phar_parse_url Format String Vulnerabilities
http://php-security.org/2010/05/14/mops-2010-027-php-phar_parse_url-format-string-vulnerabilities/
MOPS-2010-026: PHP phar_wrapper_unlink Format String Vulnerability
http://php-security.org/2010/05/14/mops-2010-026-php-phar_wrapper_unlink-format-string-vulnerability/
MOPS-2010-025: PHP phar_wrapper_open_dir Format String Vulnerability
http://php-security.org/2010/05/14/mops-2010-025-php-phar_wrapper_open_dir-format-string-vulnerability/
ESXi any ESXi not affected
ESX any ESX not affected
f. VMware Remote Console format string vulnerability
VMware Remote Console (VMrc) contains a format string vulnerability.
Exploitation of this issue may lead to arbitrary code execution on
the system where VMrc is installed.
ESXi any ESXi not affected
ESX any ESX not affected
f. VMware Remote Console format string vulnerability
VMware Remote Console (VMrc) contains a format string vulnerability.
Exploitation of this issue may lead to arbitrary code execution on
the system where VMrc is installed.
http://www.debian.org/security/ Florian Weimer
March 23, 2009 http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : webcit
Vulnerability : format string vulnerability
Problem type : remote
Debian-specific: no
CVE Id(s) : CVE-2009-0364
Wilfried Goesgens discovered that WebCit, the web-based user interface
SEC Consult Security Advisory < 20071204-0 >
=====================================================================================
title: SonicWALL Global VPN Client Format String
Vulnerability
program: SonicWALL Global VPN Client
vulnerable version: < 4.0.0.830
homepage: www.sonicwall.com
found: 06-12-2007
by: lofi42*
perm. link: http://www.sec-consult.com/305.html
http://www.debian.org/security/ Thijs Kinkhorst
March 05, 2008 http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : evolution
Vulnerability : format string attack
Problem type : remote
Debian-specific: no
CVE Id(s) : CVE-2008-0072
Ulf Härnhammar discovered that Evolution, the e-mail and groupware suite,
Hash: SHA1
Core Security Technologies - CoreLabs Advisory
http://www.coresecurity.com/corelabs/
Vinagre show_error() format string vulnerability
1. *Advisory Information*
Kaspersky Web Scanner ActiveX Format String Vulnerability
iDefense Security Advisory 10.10.07
http://labs.idefense.com/intelligence/vulnerabilities/
Oct 10, 2007
I. BACKGROUND
Kaspersky Lab Online Virus Scanner is a free online virus scanner
service, enabling a user to scan their system for malicious code via
BLUE MOON SECURITY ADVISORY 2008-07
===================================
:Title: Format string vulnerability in 5th street (Hot Step, High Street 5)
:Severity: Critical
:Reporter: Blue Moon Consulting, superkhung
:Products: 5th street and derived clients
:Fixed in: --
ZDI-08-082: BMC PatrolAgent Version Logging Format String Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-08-082
December 8, 2008
-- Affected Vendors:
BMC Software
-- Affected Products:
BMC Software Patrol
http://www.debian.org/security/ Moritz Muehlenhoff
November 30, 2011 http://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : clearsilver
Vulnerability : format string vulnerability
Problem type : remote
Debian-specific: no
CVE ID : CVE-2011-4357
Leo Iannacone and Colin Watson discovered a format string vulnerability
Asterisk Project Security Advisory - AST-2008-004
+------------------------------------------------------------------------+
| Product | Asterisk |
|--------------------+---------------------------------------------------|
| Summary | Format String Vulnerability in Logger and Manager |
|--------------------+---------------------------------------------------|
| Nature of Advisory | Denial of Service |
|--------------------+---------------------------------------------------|
| Susceptibility | Remote Unauthenticated Sessions |
|--------------------+---------------------------------------------------|
ZDI-09-017: Oracle Applications Server 10g Format String Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-09-017
April 14, 2009
-- Affected Vendors:
Oracle
-- Affected Products:
Oracle Application Server
SonicWALL SSL-VPN 200 3.0.0.8 and below.
Vulnerability discovered:
Format string vulnerability.
Vulnerability impact:
High - Remote code execution, and the ability to remotely map out the
internal memory structures.
======
No fix.
Developers have not been contacted since one year ago the format string
vulnerability I reported to them was handled as a normal bug and the
patch was released some months after my advisory.
#######################################################################
Affected: 2007.1
_______________________________________________________________________
Problem Description:
Format string vulnerability in the errors_create_window function in
errors.c in xine-ui allows attackers to execute arbitrary code via
unknown vectors. (CVE-2007-0254)
XINE 0.99.4 allows user-assisted remote attackers to cause a denial
of service (application crash) and possibly execute arbitrary code
----------------
A] format string
----------------
The OcxSpool function is affected by a format string vulnerability
caused by the usage of the Msg string provided by the attacker directly
with vsprintf() without the required format argument.
------------------------------
-------------------------------------
A] format string in ReportSysLogEvent
-------------------------------------
The LPD servers are affected by a format string vulnerability in the
ReportSysLogEvent function used for logging.
The best way for exploiting this vulnerability is through a malformed
queue name which will be used to build a "Print queue" error message
directly passed to vsprintf without the needed format argument.
Symantec PcAnywhere version 10 – 12.5
==================================================
2) Severity Rating: Low
==================================================
3) Description of Vulnerability
A local format string vulnerability was discovered within Symantec PcAnywhere version 10 thru 12.5 .The vulnerability is due to improper processing of format strings within (.CHF) remote control file names or associated file path . When special crafted format strings are entered as the file name (%s%s%s%s%s.chf) or within the path of the CHF file the format string vulnerability is triggered. Making it possible to read/write arbitrary memory and at a minimum cause a denial of service condition.
==================================================
4) Solution : Upgrade to version 12.5 SP1
==================================================
5) Time Table:
01/06/2009 Reported Vulnerability to Vendor.
http://www.debian.org/security/ Florian Weimer
May 06, 2011 http://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : exim4
Vulnerability : format string vulnerability
Problem type : remote
Debian-specific: no
CVE ID : CVE-2011-1764
Debian Bug : 624670
Check Point Software Technologies - Vulnerability Discovery Team (VDT)
http://www.checkpoint.com/defense/
rpc.pcnfsd syslog format string vulnerability
CVE-2010-1039
INTRODUCTION
There exists a vulnerability within a log function of the rpc.pcnfsd service
RubyGnome2 0.16.0
Format String Vulnerability In Gtk::MessageDialog
http://em386.blogspot.com
Ruby Gnome2 is a project to provide GTK2 bindings to ruby scripts so you can write GUI code in less time. There is a format string vulnerability in Gtk::MessageDialog(). This design flaw does not
allow for a user generated string to be safely sent to this function.
It is really just an API to the GTK2 function gtk_message_dialog_new() Ruby/Gnome2 does not properly use a format specifier for the message
variable in ruby-gnome2-all-0.16.0/gtk/src/rbgtkmessagedialog.c as requested by the Gtk man page for this function.
CVE Id(s) : CVE-2010-2451 CVE-2010-2452
Two security issues have been discovered in the DCC protocol support
code of kvirc, a KDE-based next generation IRC client, which allow
the overwriting of local files through directory traversal and the
execution of arbitrary code through a format string attack.
For the stable distribution (lenny), these problems have been fixed in
version 3.4.0-5.
For the unstable distribution (sid), these problems have been fixed in
Debian-specific: no
Debian bug : none
CVE ID : CVE-2010-0393
Ronald Volgers discovered that the lppasswd component of the cups suite,
the Common UNIX Printing System, is vulnerable to format string attacks
due to insecure use of the LOCALEDIR environment variable. An attacker
can abuse this behaviour to execute arbitrary code via crafted localization
files and triggering calls to _cupsLangprintf(). This works as the lppasswd
binary happens to be installed with setuid 0 permissions.
smbftpd 0.96 format string vulnerability
--------------------------------------------------------------------------
Versions: 0.96
maybe earlier versions as well
Date: 01 Oct 2007
Author: Jerry Illikainen
email: jerry@debork.se
http://software.emc.com/products/product_family/diskxtender_family.htm
II. DESCRIPTION
Remote exploitation of a format string vulnerability in EMC Corp.'s
DiskXtender could allow an attacker to execute arbitrary code with the
privileges of the affected service.
When handling requests on the RPC interface with UUID
b157b800-aef5-11d3-ae49-00600834c15f, the service does not properly
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
A buffer overflow and a format string vulnerability in aria2 allow
remote attackers to execute arbitrary code.
Background
==========
SEC Consult Security Advisory < 20090525-4 >
==========================================================================
title: SonicOS Format String Vulnerability
program: SonicWALL Global VPN Client
vulnerable version: PRO 4100 SonicOS 4.0.0.2-51e Standard and Enhanced
possibly other versions
homepage: http://www.sonicwall.com
found: October 2006
by: lofi42
permanent link: https://www.sec-consult.com/advisories_e.html#a54
** McAfee Security Bulletin - Common Management Agent 3.6.0 format string
vulnerability with debug level set to 8 **
https://knowledge.mcafee.com/SupportSite/search.do?cmd=displayKC&docType=kc&externalId=615103&sliceId=SAL_Public
This knowledgebase article shows the following versions as vulnerable:
CMA 3.6.0.574 (Patch3) or earlier
McAfee Agent (MA) 4.0
http://www.sun.com/service/netconnect/
II. DESCRIPTION
Local exploitation of a format string vulnerability in the srsexec
binary, optionally included in Sun Microsystems Inc.'s Solaris 10,
allows attackers to execute arbitrary code with root privileges.
The vulnerability exists since attacker supplied data is passed directly
to the syslog() function as the format string. This allows an attacker
Next Page>>
|
