Multiple format string vulnerabilities in (1) neon 0.24.4 and earlier, and other products that use neon including (2) Cadaver, (3) Subversion, and (4) OpenOffice, allow remote malicious WebDAV servers to execute arbitrary code.
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10913
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1065
http://www.securityfocus.com/bid/10136
http://www.redhat.com/support/errata/RHSA-2004-160.html
http://www.redhat.com/support/errata/RHSA-2004-159.html
http://www.redhat.com/support/errata/RHSA-2004-158.html
http://www.redhat.com/support/errata/RHSA-2004-157.html
http://www.mandriva.com/security/advisories?name=MDKSA-2004:032
http://www.debian.org/security/2004/dsa-487
http://security.gentoo.org/glsa/glsa-200405-04.xml
http://security.gentoo.org/glsa/glsa-200405-01.xml
http://secunia.com/advisories/11363