Search Results (Refine Search)
- Results Type: Overview
- Search Type: Search All
- Category (CWE): CWE-134 Use of Externally-Controlled Format String
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2009-3051 |
Multiple format string vulnerabilities in lib/silcclient/client_entry.c in Secure Internet Live Conferencing (SILC) Toolkit before 1.1.10, and SILC Client before 1.1.8, allow remote attackers to execute arbitrary code via format string specifiers in a nickname field, related to the (1) silc_client_add_client, (2) silc_client_update_client, and (3) silc_client_nickname_format functions. Published: September 10, 2009; 2:30:00 PM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2008-7074 |
Format string vulnerability in MemeCode Software i.Scribe 1.88 through 2.00 before Beta9 allows remote SMTP servers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in a server response, which is not properly handled "when displaying the signon message." Published: August 25, 2009; 6:30:00 AM -0400 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2009-2916 |
Format string vulnerability in the CNS_AddTxt function in logs.dll in 2K Games Vietcong 2 1.10 and earlier might allow remote attackers to execute arbitrary code via format string specifiers in the nickname. Published: August 21, 2009; 7:30:00 AM -0400 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2009-2191 |
Format string vulnerability in Login Window in Apple Mac OS X 10.4.11 and 10.5 before 10.5.8 allows attackers to execute arbitrary code or cause a denial of service (application crash) via format string specifiers in an application name. Published: August 06, 2009; 12:30:00 PM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2009-2548 |
Format string vulnerability in Armed Assault (aka ArmA) 1.14 and earlier, and 1.16 beta, and Armed Assault II 1.02 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in the (1) nickname and (2) datafile fields in a join request, which is not properly handled when logging an error message. Published: July 20, 2009; 4:00:13 PM -0400 |
V3.x:(not available) V2.0: 10.0 HIGH |
CVE-2009-2446 |
Multiple format string vulnerabilities in the dispatch_command function in libmysqld/sql_parse.cc in mysqld in MySQL 4.0.0 through 5.0.83 allow remote authenticated users to cause a denial of service (daemon crash) and possibly have unspecified other impact via format string specifiers in a database name in a (1) COM_CREATE_DB or (2) COM_DROP_DB request. NOTE: some of these details are obtained from third party information. Published: July 13, 2009; 1:30:00 PM -0400 |
V3.x:(not available) V2.0: 8.5 HIGH |
CVE-2009-1886 |
Multiple format string vulnerabilities in client/client.c in smbclient in Samba 3.2.0 through 3.2.12 might allow context-dependent attackers to execute arbitrary code via format string specifiers in a filename. Published: June 24, 2009; 9:30:01 PM -0400 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2009-1262 |
Format string vulnerability in Fortinet FortiClient 3.0.614, and possibly earlier, allows local users to execute arbitrary code via format string specifiers in the VPN connection name. Published: April 07, 2009; 7:30:00 PM -0400 |
V3.x:(not available) V2.0: 7.2 HIGH |
CVE-2008-3871 |
Multiple format string vulnerabilities in UltraISO 9.3.1.2633, and possibly other versions before 9.3.3.2685, allow user-assisted attackers to execute arbitrary code via format string specifiers in the filename of a (1) DAA or (2) ISZ file. Published: April 01, 2009; 2:00:00 PM -0400 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2009-1210 |
Format string vulnerability in the PROFINET/DCP (PN-DCP) dissector in Wireshark 1.0.6 and earlier allows remote attackers to execute arbitrary code via a PN-DCP packet with format string specifiers in the station name. NOTE: some of these details are obtained from third party information. Published: April 01, 2009; 6:30:00 AM -0400 |
V3.x:(not available) V2.0: 10.0 HIGH |
CVE-2009-0364 |
Format string vulnerability in the mini_calendar component in Citadel.org WebCit 7.22, and other versions before 7.39, allows remote attackers to execute arbitrary code via unspecified vectors. Published: March 26, 2009; 1:50:27 AM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2008-6520 |
Multiple format string vulnerabilities in the SSI filter in Xitami Web Server 2.5c2, and possibly other versions, allow remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via format string specifiers in a URI that ends in (1) .ssi, (2) .shtm, or (3) .shtml, which triggers incorrect logging code involving the sendfmt function in the SMT kernel. Published: March 25, 2009; 2:30:00 PM -0400 |
V3.x:(not available) V2.0: 10.0 HIGH |
CVE-2008-6519 |
Format string vulnerability in Xitami Web Server 2.2a through 2.5c2, and possibly other versions, allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via format string specifiers in a Long Running Web Process (LRWP) request, which triggers incorrect logging code involving the sendfmt function in the SMT kernel. Published: March 25, 2009; 2:30:00 PM -0400 |
V3.x:(not available) V2.0: 10.0 HIGH |
CVE-2009-0538 |
Format string vulnerability in Symantec pcAnywhere before 12.5 SP1 allows local users to read and modify arbitrary memory locations, and cause a denial of service (application crash) or possibly have unspecified other impact, via format string specifiers in the pathname of a remote control file (aka .CHF file). Published: March 18, 2009; 11:30:00 AM -0400 |
V3.x:(not available) V2.0: 4.6 MEDIUM |
CVE-2008-6441 |
Format string vulnerability in the Epic Games Unreal engine client, as used in multiple games, allows remote servers to execute arbitrary code via (1) the CLASS parameter in a DLMGR command, (2) a malformed package (PKG), and possibly (3) the LEVEL parameter in a WELCOME command. Published: March 09, 2009; 10:30:00 AM -0400 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2008-6395 |
The web management interface in 3Com Wireless 8760 Dual Radio 11a/b/g PoE Access Point allows remote attackers to cause a denial of service (device crash) via a malformed HTTP POST request. Published: March 04, 2009; 12:30:02 PM -0500 |
V3.x:(not available) V2.0: 7.8 HIGH |
CVE-2009-0754 |
PHP 4.4.4, 5.1.6, and other versions, when running on Apache, allows local users to modify behavior of other sites hosted on the same web server by modifying the mbstring.func_overload setting within .htaccess, which causes this setting to be applied to other virtual hosts on the same server. Published: March 03, 2009; 11:30:05 AM -0500 |
V3.x:(not available) V2.0: 2.1 LOW |
CVE-2009-0601 |
Format string vulnerability in Wireshark 0.99.8 through 1.0.5 on non-Windows platforms allows local users to cause a denial of service (application crash) via format string specifiers in the HOME environment variable. Published: February 16, 2009; 3:30:03 PM -0500 |
V3.x:(not available) V2.0: 2.1 LOW |
CVE-2008-5982 |
Format string vulnerability in BMC PATROL Agent before 3.7.30 allows remote attackers to execute arbitrary code via format string specifiers in an invalid version number to TCP port 3181, which are not properly handled when writing a log message. Published: January 27, 2009; 5:30:00 PM -0500 |
V3.x:(not available) V2.0: 10.0 HIGH |
CVE-2008-5660 |
Format string vulnerability in the vinagre_utils_show_error function (src/vinagre-utils.c) in Vinagre 0.5.x before 0.5.2 and 2.x before 2.24.2 might allow remote attackers to execute arbitrary code via format string specifiers in a crafted URI or VNC server response. Published: December 17, 2008; 3:30:01 PM -0500 |
V3.x:(not available) V2.0: 6.8 MEDIUM |