Search Results (Refine Search)
- Results Type: Overview
- Search Type: Search All
- Category (CWE): CWE-134 Use of Externally-Controlled Format String
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2012-1851 |
Format string vulnerability in the Print Spooler service in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted response, aka "Print Spooler Service Format String Vulnerability." Published: August 14, 2012; 9:55:01 PM -0400 |
V3.x:(not available) V2.0: 10.0 HIGH |
CVE-2012-2090 |
Multiple format string vulnerabilities in FlightGear 2.6 and earlier and SimGear 2.6 and earlier allow user-assisted remote attackers to cause a denial of service and possibly execute arbitrary code via format string specifiers in certain data chunk values in an aircraft xml model to (1) fgfs/flightgear/src/Cockpit/panel.cxx or (2) fgfs/flightgear/src/Network/generic.cxx, or (3) a scene graph model to simgear/simgear/scene/model/SGText.cxx. Published: June 16, 2012; 11:41:40 PM -0400 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2012-2369 |
Format string vulnerability in the log_message_cb function in otr-plugin.c in the Off-the-Record Messaging (OTR) pidgin-otr plugin before 3.2.1 for Pidgin might allow remote attackers to execute arbitrary code via format string specifiers in data that generates a log message. Published: May 23, 2012; 4:55:01 PM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2012-0646 |
Format string vulnerability in VPN in Apple iOS before 5.1 allows remote attackers to execute arbitrary code via a crafted racoon configuration file. Published: March 08, 2012; 5:55:04 PM -0500 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2012-0242 |
Format string vulnerability in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to execute arbitrary code via format string specifiers in a message string. Published: February 21, 2012; 8:31:57 AM -0500 |
V3.x:(not available) V2.0: 10.0 HIGH |
CVE-2012-0809 |
Format string vulnerability in the sudo_debug function in Sudo 1.8.0 through 1.8.3p1 allows local users to execute arbitrary code via format string sequences in the program name for sudo. Published: January 31, 2012; 7:55:02 PM -0500 |
V3.x:(not available) V2.0: 7.2 HIGH |
CVE-2011-4357 |
Format string vulnerability in the p_cgi_error function in python/neo_cgi.c in the Python CGI Kit (neo_cgi) module for Clearsilver 0.10.5 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers that are not properly handled when creating CGI error messages using the cgi_error API function. Published: December 10, 2011; 12:55:01 PM -0500 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2011-0185 |
Format string vulnerability in the debug-logging feature in Application Firewall in Apple Mac OS X before 10.7.2 allows local users to gain privileges via a crafted name of an executable file. Published: October 14, 2011; 6:55:07 AM -0400 |
V3.x:(not available) V2.0: 4.4 MEDIUM |
CVE-2011-1764 |
Format string vulnerability in the dkim_exim_verify_finish function in src/dkim.c in Exim before 4.76 might allow remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via format string specifiers in data used in DKIM logging, as demonstrated by an identity field containing a % (percent) character. Published: October 04, 2011; 10:56:24 PM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2011-2475 |
Format string vulnerability in ECTrace.dll in the iMailGateway service in the Internet Mail Gateway in OneBridge Server and DMZ Proxy in Sybase OneBridge Mobile Data Suite 5.5 and 5.6 allows remote attackers to execute arbitrary code via format string specifiers in unspecified string fields, related to authentication logging. Published: June 09, 2011; 5:55:01 PM -0400 |
V3.x:(not available) V2.0: 10.0 HIGH |
CVE-2011-1568 |
Format string vulnerability in the logText function in shmemmgr9.dll in IGSSdataServer.exe 9.00.00.11074, and 9.00.00.11063 and earlier, in 7-Technologies Interactive Graphical SCADA System (IGSS) allows remote attackers to cause a denial of service and possibly execute arbitrary code, as demonstrated using the RMS Reports Delete command, related to the logging of messages to GSST.LOG. NOTE: some of these details are obtained from third party information. Published: April 05, 2011; 11:19:36 AM -0400 |
V3.x:(not available) V2.0: 10.0 HIGH |
CVE-2010-4235 |
Format string vulnerability in RealNetworks Helix Server 12.x, 13.x, and 14.x before 14.2, and Helix Mobile Server 12.x, 13.x, and 14.x before 14.2, allows remote attackers to execute arbitrary code via vectors related to the x-wap-profile HTTP header. Published: April 04, 2011; 8:27:36 AM -0400 |
V3.x:(not available) V2.0: 10.0 HIGH |
CVE-2011-0173 |
Multiple format string vulnerabilities in AppleScript in Apple Mac OS X before 10.6.7 allow context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via format string specifiers in a (1) display dialog or (2) display alert command in a dialog in an AppleScript Studio application. Published: March 22, 2011; 10:00:04 PM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2011-1153 |
Multiple format string vulnerabilities in phar_object.c in the phar extension in PHP 5.3.5 and earlier allow context-dependent attackers to obtain sensitive information from process memory, cause a denial of service (memory corruption), or possibly execute arbitrary code via format string specifiers in an argument to a class method, leading to an incorrect zend_throw_exception_ex call. Published: March 16, 2011; 6:55:04 PM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2011-0270 |
Format string vulnerability in nnmRptConfig.exe in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via format string specifiers in input data that involves an invalid template name. Published: January 13, 2011; 2:00:05 PM -0500 |
V3.x:(not available) V2.0: 10.0 HIGH |
CVE-2010-4013 |
Format string vulnerability in PackageKit in Apple Mac OS X 10.6.x before 10.6.6 allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to interaction between Software Update and distribution scripts. Published: January 10, 2011; 3:00:15 PM -0500 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2010-2950 |
Format string vulnerability in stream.c in the phar extension in PHP 5.3.x through 5.3.3 allows context-dependent attackers to obtain sensitive information (memory contents) and possibly execute arbitrary code via a crafted phar:// URI that is not properly handled by the phar_stream_flush function, leading to errors in the php_stream_wrapper_log_error function. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-2094. Published: September 28, 2010; 2:00:02 PM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2010-2451 |
Multiple format string vulnerabilities in the DCC functionality in KVIrc 3.4 and 4.0 have unspecified impact and remote attack vectors. Published: June 29, 2010; 2:30:01 PM -0400 |
V3.x:(not available) V2.0: 10.0 HIGH |
CVE-2010-1376 |
Multiple format string vulnerabilities in Network Authorization in Apple Mac OS X 10.6 before 10.6.4 allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via format string specifiers in a (1) afp, (2) cifs, or (3) smb URL. Published: June 17, 2010; 12:30:01 PM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2010-2271 |
Format string vulnerability in authcfg.cgi in Accoria Web Server (aka Rock Web Server) 1.4.7 allows remote attackers to have an unspecified impact via format string specifiers in the path (aka Password File) parameter. Published: June 15, 2010; 10:30:01 AM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |