CVE Daily
← All tags

Tag: Format String Vulnerability

All CVEs associated with "Format String Vulnerability". Page 4/7 • 778 CVEs.

Subscribe CVEs: RSS for “Format String Vulnerability”  ·  RSS (High+Critical only)

About “Format String Vulnerability”

A curated feed of “Format String Vulnerability”-related CVEs appears below. We currently track 778 CVEs for this tag (all time). In the last 365 days, 39 were published. Average CVSS is 7.4 (all time; 6.8 over 365d), and 70% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-134 - Use of Externally-Controlled Format String, CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'), CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection').

In our taxonomy this topic maps to a HIGH impact class. Common exploitation patterns for this weakness can lead to high. Use the filters to triage high risk first and validate exposure in your environment. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2007-08-15
Medium

CVE-2007-2928

Format string vulnerability in the IBM Lenovo Access Support acpRunner ActiveX control, as distributed in acpcontroller.dll before 1.2.8.0 and possibly acpir.dll before 1.0.0.9 (Automated Solutions 1…

CVSS: 5.8 CWE: N/A View on NVD
2007-08-14
Medium

CVE-2007-4335

Format string vulnerability in the SMTP server component in Qbik WinGate 5.x and 6.x before 6.2.2 allows remote attackers to cause a denial of service (service crash) via format string specifiers in…

CVSS: 5.0 CWE: N/A View on NVD
2007-08-03
Medium

CVE-2007-3388

Multiple format string vulnerabilities in (1) qtextedit.cpp, (2) qdatatable.cpp, (3) qsqldatabase.cpp, (4) qsqlindex.cpp, (5) qsqlrecord.cpp, (6) qglobal.cpp, and (7) qsvgdevice.cpp in QTextEdit in T…

CVSS: 6.8 CWE: N/A View on NVD
2007-07-31
Medium

CVE-2007-2953

Format string vulnerability in the helptags_one function in src/ex_cmds.c in Vim 6.4 and earlier, and 7.x up to 7.1, allows user-assisted remote attackers to execute arbitrary code via format string…

CVSS: 6.8 CWE: N/A View on NVD
2007-07-17
High

CVE-2007-3836

Format string vulnerability in HydraIRC 0.3.151 allows remote attackers to cause a denial of service via format string specifiers in certain data related to failed DCC file transfer negotiation.

CVSS: 7.8 CWE: N/A View on NVD
2007-06-27
Medium

CVE-2007-3441

Format string vulnerability in the Aastra 9112i SIP Phone with firmware 1.4.0.1048 and boot version 1.1.0.10 allows remote attackers to cause a denial of service (blocked call reception and slow call…

CVSS: 5.0 CWE: N/A View on NVD
Low

CVE-2007-3442

Format string vulnerability on the Research in Motion BlackBerry 7270 before 4.0 SP1 Bundle 108 allows remote attackers to cause a denial of service (blocked call reception and calling) via format st…

CVSS: 2.3 CWE: N/A View on NVD
Medium

CVE-2007-3444

The Research in Motion BlackBerry 7270 with 4.0 SP1 Bundle 83 allows remote attackers to cause a denial of service (blocked call reception) via a malformed SIP invite message, possibly related to mul…

CVSS: 4.3 CWE: N/A View on NVD
2007-06-21
Critical

CVE-2007-3316

Multiple format string vulnerabilities in plugins in VideoLAN VLC Media Player before 0.8.6c allow remote attackers to cause a denial of service (crash) or execute arbitrary code via format string sp…

CVSS: 9.3 CWE: N/A View on NVD
2007-06-04
Medium

CVE-2007-3009

Format string vulnerability in the MprLogToFile::logEvent function in Mbedthis AppWeb 2.0.5-4, when the build supports logging but the configuration disables logging, allows remote attackers to cause…

CVSS: 4.3 CWE: N/A View on NVD
2007-05-24
High

CVE-2007-0753

Format string vulnerability in the VPN daemon (vpnd) in Apple Mac OS X 10.3.9 and 10.4.9 allows local users to execute arbitrary code via the -i parameter.

CVSS: 7.2 CWE: CWE-134 - Use of Externally-Controlled Format String View on NVD
2007-05-14
High

CVE-2007-2655

Unspecified vulnerability in NetWin Webmail 3.1s-1 in SurgeMail before 3.8i2 has unknown impact and remote attack vectors, possibly a format string vulnerability that allows remote code execution.

CVSS: 7.5 CWE: CWE-134 - Use of Externally-Controlled Format String View on NVD
2007-04-30
High

CVE-2007-2054

Multiple format string vulnerabilities in AFFLIB before 2.2.6 allow remote attackers to execute arbitrary code via certain command line parameters, which are used in (1) warn and (2) err calls in (a)…

CVSS: 7.5 CWE: N/A View on NVD
Critical

CVE-2007-2352

Multiple format string vulnerabilities in AFFLIB 2.2.6 allow remote attackers to execute arbitrary code via certain command line parameters, which are used in (1) warn and (2) err calls, possibly inv…

CVSS: 10.0 CWE: N/A View on NVD
2007-04-26
Critical

CVE-2007-2318

Multiple format string vulnerabilities in FileZilla before 2.2.32 allow remote attackers to execute arbitrary code via format string specifiers in (1) FTP server responses or (2) data sent by an FTP…

CVSS: 9.3 CWE: N/A View on NVD
2007-04-19
High

CVE-2007-1681

Format string vulnerability in libwebconsole_services.so in Sun Java Web Console 2.2.2 through 2.2.5 allows remote attackers to cause a denial of service (application crash), obtain sensitive informa…

CVSS: 7.5 CWE: N/A View on NVD
2007-04-13
Medium

CVE-2007-2027

Untrusted search path vulnerability in the add_filename_to_string function in intl/gettext/loadmsgcat.c for Elinks 0.11.1 allows local users to cause Elinks to use an untrusted gettext message catalo…

CVSS: 4.4 CWE: CWE-134 - Use of Externally-Controlled Format String View on NVD
2007-04-06
Critical

CVE-2007-0957

Stack-based buffer overflow in the krb5_klog_syslog function in the kadm5 library, as used by the Kerberos administration daemon (kadmind) and Key Distribution Center (KDC), in MIT krb5 before 1.6.1…

CVSS: 9.0 CWE: CWE-787 - Out-of-bounds Write View on NVD
2007-03-21
Medium

CVE-2007-1002

Format string vulnerability in the write_html function in calendar/gui/e-cal-component-memo-preview.c in Evolution Shared Memo 2.8.2.1, and possibly earlier versions, allows user-assisted remote atta…

CVSS: 6.8 CWE: N/A View on NVD
Medium

CVE-2007-1463

Format string vulnerability in Inkscape before 0.45.1 allows user-assisted remote attackers to execute arbitrary code via format string specifiers in a URI, which is not properly handled by certain d…

CVSS: 6.8 CWE: N/A View on NVD
Medium

CVE-2007-1464

Format string vulnerability in the whiteboard Jabber protocol in Inkscape before 0.45.1 allows user-assisted remote attackers to execute arbitrary code via unspecified vectors.

CVSS: 6.8 CWE: N/A View on NVD
High

CVE-2007-1557

Format string vulnerability in F-Secure Anti-Virus Client Security 6.02 allows local users to cause a denial of service and possibly gain privileges via format string specifiers in the Management Ser…

CVSS: 7.2 CWE: N/A View on NVD
2007-03-19
High

CVE-2007-1503

Multiple format string vulnerabilities in comm.c in Rhapsody IRC 0.28b allow remote attackers to execute arbitrary code via format string specifiers to the create_ctcp_message function using the mess…

CVSS: 7.5 CWE: N/A View on NVD
2007-03-10
Critical

CVE-2007-0999

Format string vulnerability in Ekiga 2.0.3, and probably other versions, allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2007-1006.

CVSS: 9.3 CWE: N/A View on NVD
2007-03-03
Critical

CVE-2007-1251

Format string vulnerability in the new_warning function in ntserv/warning.c for Netrek Vanilla Server 2.12.0, when EVENTLOG is enabled, allows remote attackers to cause a denial of service (crash) or…

CVSS: 9.3 CWE: CWE-134 - Use of Externally-Controlled Format String View on NVD
2007-02-20
Critical

CVE-2007-1007

Format string vulnerability in GnomeMeeting 1.0.2 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format strings in the name, which is…

CVSS: 10.0 CWE: N/A View on NVD
Critical

CVE-2007-1006

Multiple format string vulnerabilities in the gm_main_window_flash_message function in Ekiga before 2.0.5 allow attackers to cause a denial of service and possibly execute arbitrary code via a crafte…

CVSS: 10.0 CWE: CWE-134 - Use of Externally-Controlled Format String View on NVD
2007-02-13
High

CVE-2007-0909

Multiple format string vulnerabilities in PHP before 5.2.1 might allow attackers to execute arbitrary code via format string specifiers to (1) all of the *print functions on 64-bit systems, and (2) t…

CVSS: 7.5 CWE: N/A View on NVD
2007-02-06
High

CVE-2007-0454

Format string vulnerability in the afsacl.so VFS module in Samba 3.0.6 through 3.0.23d allows context-dependent attackers to execute arbitrary code via format string specifiers in a filename on an AF…

CVSS: 7.5 CWE: CWE-134 - Use of Externally-Controlled Format String View on NVD
2007-02-02
Medium

CVE-2007-0665

Format string vulnerability in the SCP module in Ipswitch WS_FTP 2007 Professional might allow remote attackers to execute arbitrary commands via format string specifiers in the filename, related to…

CVSS: 6.8 CWE: N/A View on NVD
2007-02-01
High

CVE-2007-0644

Format string vulnerability in Apple Safari 2.0.4 (419.3) allows remote user-assisted attackers to cause a denial of service (crash) via format string specifiers in filenames that are not properly ha…

CVSS: 7.1 CWE: N/A View on NVD
Medium

CVE-2007-0645

Format string vulnerability in iPhoto 6.0.5 allows remote user-assisted attackers to cause a denial of service (crash) via format string specifiers in a filename, which is not properly handled when c…

CVSS: 6.8 CWE: N/A View on NVD
High

CVE-2007-0646

Format string vulnerability in iMovie HD 6.0.3, and Safari in Apple Mac OS X 10.4 through 10.4.10, allows remote user-assisted attackers to cause a denial of service (crash) via format string specifi…

CVSS: 7.1 CWE: CWE-134 - Use of Externally-Controlled Format String View on NVD
High

CVE-2007-0647

Format string vulnerability in Help Viewer 3.0.0 allows remote user-assisted attackers to cause a denial of service (crash) via format string specifiers in a filename, which is not properly handled w…

CVSS: 7.1 CWE: N/A View on NVD
2007-01-31
High

CVE-2007-0465

Format string vulnerability in Apple Installer 2.1.5 on Mac OS X 10.4.8 allows user-assisted remote attackers to execute arbitrary code via format string specifiers in a (1) PKG, (2) DISTZ, or (3) MP…

CVSS: 7.6 CWE: N/A View on NVD
2007-01-29
Medium

CVE-2007-0463

Format string vulnerability in Apple Software Update 2.0.5 on Mac OS X 10.4.8 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via format string spec…

CVSS: 5.0 CWE: N/A View on NVD
2007-01-23
High

CVE-2007-0021

Format string vulnerability in Apple iChat 3.1.6 allows remote attackers to cause a denial of service (null pointer dereference and application crash) and possibly execute arbitrary code via format s…

CVSS: 7.5 CWE: N/A View on NVD
2007-01-19
High

CVE-2007-0391

Format string vulnerability in the log creation functionality of BitDefender Client Professional Plus 8.02 allows attackers to execute arbitrary code via certain scan job settings.

CVSS: 7.2 CWE: N/A View on NVD
2007-01-18
High

CVE-2007-0338

Heap-based buffer overflow in Dream FTP Server allows remote attackers to execute arbitrary code via a USER command with a large number of format string specifiers, which triggers the overflow during…

CVSS: 7.5 CWE: N/A View on NVD
High

CVE-2007-0344

Multiple format string vulnerabilities in (1) _invitedToRoom: and (2) _invitedToDirectChat: in Colloquy 2.1 and earlier allow remote attackers to cause a denial of service (application crash) and pos…

CVSS: 7.5 CWE: CWE-134 - Use of Externally-Controlled Format String View on NVD
High

CVE-2007-0317

Format string vulnerability in the LogMessage function in FileZilla before 3.0.0-beta5 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via…

CVSS: 7.5 CWE: N/A View on NVD
2007-01-16
Critical

CVE-2007-0254

Format string vulnerability in the errors_create_window function in errors.c in xine-ui allows attackers to execute arbitrary code via unknown vectors.

CVSS: 10.0 CWE: N/A View on NVD
Critical

CVE-2007-0255

XINE 0.99.4 allows user-assisted remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a certain M3U file that contains a long #EXTINF line and con…

CVSS: 9.3 CWE: N/A View on NVD
2007-01-09
Medium

CVE-2007-0148

Format string vulnerability in OmniGroup OmniWeb 5.5.1 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via format string specifiers in the Javascrip…

CVSS: 6.8 CWE: N/A View on NVD
2007-01-04
Medium

CVE-2007-0051

Format string vulnerability in Apple iPhoto 6.0.5 (316), and other versions before 6.0.6, allows remote user-assisted attackers to execute arbitrary code via a crafted photocast with format string sp…

CVSS: 6.8 CWE: CWE-134 - Use of Externally-Controlled Format String View on NVD
2007-01-03
Medium

CVE-2007-0017

Multiple format string vulnerabilities in (1) the cdio_log_handler function in modules/access/cdda/access.c in the CDDA (libcdda_plugin) plugin, and the (2) cdio_log_handler and (3) vcd_log_handler f…

CVSS: 6.8 CWE: CWE-134 - Use of Externally-Controlled Format String View on NVD
2006-12-27
Critical

CVE-2006-6772

Format string vulnerability in the inputAnswer function in file.c in w3m before 0.5.2, when run with the dump or backend option, allows remote attackers to execute arbitrary code via format string sp…

CVSS: 9.3 CWE: CWE-134 - Use of Externally-Controlled Format String View on NVD
Medium

CVE-2006-6750

Format string vulnerability in XM Easy Personal FTP Server 5.0.1 allows remote attackers to cause a denial of service (application crash) via format string specifiers in a long PORT command. NOTE: t…

CVSS: 5.0 CWE: N/A View on NVD
Medium

CVE-2006-6751

Format string vulnerability in XM Easy Personal FTP Server 5.2.1 allows remote attackers to cause a denial of service (application crash) via format string specifiers in the USER command or certain o…

CVSS: 5.0 CWE: CWE-134 - Use of Externally-Controlled Format String View on NVD
2006-12-21
High

CVE-2006-6692

Multiple format string vulnerabilities in zabbix before 20061006 allow attackers to cause a denial of service (application crash) and possibly execute arbitrary code via format string specifiers in i…

CVSS: 7.5 CWE: N/A View on NVD
2006-12-20
Medium

CVE-2006-6664

Format string vulnerability in Marathon Aleph One before 0.17.1 and 2006-12-17 might allow remote attackers to cause a denial of service (application crash) or execute arbitrary code via format strin…

CVSS: 5.0 CWE: N/A View on NVD
2006-12-15
Medium

CVE-2006-6105

Format string vulnerability in the host chooser window (gdmchooser) in GNOME Foundation Display Manager (gdm) allows local users to execute arbitrary code via format string specifiers in a hostname,…

CVSS: 4.3 CWE: N/A View on NVD
2006-12-13
Medium

CVE-2006-6494

Directory traversal vulnerability in ld.so.1 in Sun Solaris 8, 9, and 10 allows local users to execute arbitrary code via a .. (dot dot) sequence in the LANG environment variable that points to a loc…

CVSS: 6.6 CWE: N/A View on NVD
Medium

CVE-2006-6495

Stack-based buffer overflow in ld.so.1 in Sun Solaris 8, 9, and 10 allows local users to execute arbitrary code via large precision padding values in a format string specifier in the format parameter…

CVSS: 6.6 CWE: N/A View on NVD
2006-12-05
Low

CVE-2006-6306

Format string vulnerability in Novell Modular Authentication Services (NMAS) in the Novell Client 4.91 SP2 and SP3 allows users with physical access to read stack and memory contents via format strin…

CVSS: 1.2 CWE: N/A View on NVD
2006-12-04
High

CVE-2006-6250

Format string vulnerability in Songbird Media Player 0.2 and earlier allows remote attackers to cause a denial of service (crash) via an M3U Playlist file containing extended ASCII, which causes the…

CVSS: 7.8 CWE: N/A View on NVD
2006-12-02
High

CVE-2006-6226

Multiple format string vulnerabilities in NeoEngine 0.8.2 and earlier, and CVS 3422, allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) Console::Render in…

CVSS: 7.5 CWE: N/A View on NVD
2006-11-28
Critical

CVE-2006-4181

Format string vulnerability in the sqllog function in the SQL accounting code for radiusd in GNU Radius 1.2 and 1.3 allows remote attackers to execute arbitrary code via unknown vectors.

CVSS: 10.0 CWE: N/A View on NVD
2006-11-07
Medium

CVE-2006-5789

War FTP Daemon (WarFTPd) 1.82.00-RC11 allows remote authenticated users to cause a denial of service via a large number of "%s" format strings in (1) CWD, (2) CDUP, (3) DELE, (4) NLST, (5) LIST, (6)…

CVSS: 4.0 CWE: CWE-399 View on NVD
High

CVE-2006-5790

Multiple format string vulnerabilities in elogd.c in ELOG 2.6.2 and earlier allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) an entry with an at…

CVSS: 7.5 CWE: N/A View on NVD
2006-10-27
Critical

CVE-2006-5558

Format string vulnerability in the swask command in HP-UX B.11.11 and possibly other versions allows local users to execute arbitrary code via format string specifiers in the -s argument. NOTE: this…

CVSS: 10.0 CWE: N/A View on NVD
2006-10-16
Medium

CVE-2006-4154

Format string vulnerability in the mod_tcl module 1.0 for Apache 2.x allows context-dependent attackers to execute arbitrary code via format string specifiers that are not properly handled in a set_v…

CVSS: 6.8 CWE: N/A View on NVD
2006-10-05
Medium

CVE-2006-5157

Format string vulnerability in the ActiveX control (ATXCONSOLE.OCX) in TrendMicro OfficeScan Corporate Edition (OSCE) before 7.3 Patch 1 allows remote attackers to execute arbitrary code via format s…

CVSS: 5.1 CWE: N/A View on NVD
2006-09-29
High

CVE-2006-5084

Format string vulnerability in the NSRunAlertPanel function in eBay Skype for Mac 1.5.*.79 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute ar…

CVSS: 7.5 CWE: CWE-20 - Improper Input Validation View on NVD
2006-09-27
Medium

CVE-2006-5033

Unspecified vulnerability in StoresAndCalendarsList.cgi in Paul Smith Computer Services vCAP 1.9.0 Beta and earlier allows remote attackers to cause a denial of service via the session parameter, pos…

CVSS: 5.0 CWE: N/A View on NVD
2006-09-19
High

CVE-2006-2191

Format string vulnerability in Mailman before 2.1.9 allows attackers to execute arbitrary code via unspecified vectors. NOTE: the vendor has disputed this vulnerability, stating that it is "unexploit…

CVSS: 7.5 CWE: N/A View on NVD
2006-09-14
Medium

CVE-2006-4802

Format string vulnerability in the Real Time Virus Scan service in Symantec AntiVirus Corporate Edition 8.1 up to 10.0, and Client Security 1.x up to 3.0, allows local users to execute arbitrary code…

CVSS: 4.6 CWE: N/A View on NVD
High

CVE-2006-3454

Multiple format string vulnerabilities in Symantec AntiVirus Corporate Edition 8.1 up to 10.0, and Client Security 1.x up to 3.0, allow local users to execute arbitrary code via format strings in (1)…

CVSS: 7.2 CWE: N/A View on NVD
2006-09-09
Medium

CVE-2006-4654

Format string vulnerability in Easy Address Book Web Server 1.2 allows remote attackers to cause a denial of service (crash) or "compromise the server" via encoded format string specifiers in the que…

CVSS: 5.1 CWE: N/A View on NVD
2006-08-24
High

CVE-2006-4346

Asterisk 1.2.10 supports the use of client-controlled variables to determine filenames in the Record function, which allows remote attackers to (1) execute code via format string specifiers or (2) ov…

CVSS: 7.5 CWE: N/A View on NVD
2006-08-14
Medium

CVE-2006-4127

Multiple format string vulnerabilities in DConnect Daemon 0.7.0 and earlier allow remote administrators to execute arbitrary code via format string specifiers that are not properly handled when calli…

CVSS: 4.6 CWE: N/A View on NVD
2006-08-10
Medium

CVE-2006-4070

Format string vulnerability in Imendio Planner 0.13 allows user-assisted attackers to execute arbitrary code via format string specifiers in a filename.

CVSS: 5.1 CWE: N/A View on NVD
2006-07-31
High

CVE-2006-3120

Format string vulnerability in Brian Wotring Osiris before 4.2.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via unspecified attack ve…

CVSS: 7.5 CWE: N/A View on NVD
2006-07-27
High

CVE-2006-3908

Format string vulnerability in the flush_output function in ConsoleStreambuf.cpp in Game Network Engine (GNE) 0.70 and earlier allows remote attackers to cause a denial of service (crash) and possibl…

CVSS: 7.5 CWE: N/A View on NVD
2006-07-21
Medium

CVE-2006-3469

Format string vulnerability in time.cc in MySQL Server 4.1 before 4.1.21 and 5.0 before 1 April 2006 allows remote authenticated users to cause a denial of service (crash) via a format string instead…

CVSS: 4.0 CWE: CWE-134 - Use of Externally-Controlled Format String View on NVD
Critical

CVE-2006-3628

Multiple format string vulnerabilities in Wireshark (aka Ethereal) 0.10.x to 0.99.0 allow remote attackers to cause a denial of service and possibly execute arbitrary code via the (1) ANSI MAP, (2) C…

CVSS: 10.0 CWE: CWE-134 - Use of Externally-Controlled Format String View on NVD
2006-07-13
Critical

CVE-2006-3573

Format string vulnerability in the WriteText function in agl_text.cpp in Milan Mimica Sparklet 0.9.4 and earlier allows remote attackers to execute arbitrary code via format string specifiers in a pl…

CVSS: 10.0 CWE: CWE-134 - Use of Externally-Controlled Format String View on NVD
2006-06-27
Medium

CVE-2006-1471

Format string vulnerability in the CF_syslog function launchd in Apple Mac OS X 10.4 up to 10.4.6 allows local users to execute arbitrary code via format string specifiers that are not properly handl…

CVSS: 4.6 CWE: CWE-134 - Use of Externally-Controlled Format String View on NVD
High

CVE-2006-3223

Format string vulnerability in CA Integrated Threat Management (ITM), eTrust Antivirus (eAV), and eTrust PestPatrol (ePP) r8 allows attackers to cause a denial of service (crash) and possibly execute…

CVSS: 7.5 CWE: N/A View on NVD
2006-05-28
High

CVE-2006-2453

Multiple unspecified format string vulnerabilities in Dia have unspecified impact and attack vectors, a different set of issues than CVE-2006-2480.

CVSS: 7.5 CWE: CWE-134 - Use of Externally-Controlled Format String View on NVD
2006-05-22
Medium

CVE-2006-1520

Format string vulnerability in ANSI C Sender Policy Framework library (libspf) before 1.0.0-p5, when debugging is enabled, allows remote attackers to execute arbitrary code via format string specifie…

CVSS: 6.4 CWE: N/A View on NVD
High

CVE-2006-2537

Multiple format string vulnerabilities in (a) OpenBOR 2.0046 and earlier, (b) Beats of Rage (BOR) 1.0029 and earlier, and (c) Horizontal Shooter BOR (HOR) 2.0000 and earlier allow remote attackers to…

CVSS: 7.5 CWE: N/A View on NVD
2006-05-19
Medium

CVE-2006-2480

Format string vulnerability in Dia 0.94 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code by triggering errors or warnings, as demonstrated via f…

CVSS: 5.1 CWE: CWE-134 - Use of Externally-Controlled Format String View on NVD
2006-05-16
Medium

CVE-2006-2409

Format string vulnerability in the raydium_log function in console.c in Raydium before SVN revision 310 allows local users to execute arbitrary code via format string specifiers in the format paramet…

CVSS: 4.6 CWE: CWE-134 - Use of Externally-Controlled Format String View on NVD
2006-05-05
Medium

CVE-2006-2230

Multiple format string vulnerabilities in xiTK (xitk/main.c) in xine 0.99.4 might allow attackers to cause a denial of service via format string specifiers in an MP3 filename specified on the command…

CVSS: 5.0 CWE: N/A View on NVD
2006-05-01
High

CVE-2006-2115

Format string vulnerability in SWS web Server 0.1.7 allows remote attackers to execute arbitrary code via unspecified vectors that are not properly handled in a syslog function call.

CVSS: 7.5 CWE: N/A View on NVD
2006-04-25
Medium

CVE-2006-2012

Format string vulnerability in Skulltag 0.96f and earlier allows remote attackers to cause a denial of service via the version string.

CVSS: 5.0 CWE: N/A View on NVD
2006-04-20
High

CVE-2006-1905

Multiple format string vulnerabilities in xiTK (xitk/main.c) in xine 0.99.3 allow remote attackers to execute arbitrary code via format string specifiers in a long filename on an EXTINFO line in a pl…

CVSS: 7.5 CWE: N/A View on NVD
2006-04-19
Medium

CVE-2006-1840

Multiple format string vulnerabilities in Empire Server before 4.3.1 allow attackers to cause a denial of service (crash) via the (1) load, (2) spy and (3) bomb functions.

CVSS: 6.4 CWE: CWE-134 - Use of Externally-Controlled Format String View on NVD
2006-04-06
Critical

CVE-2006-1615

Multiple format string vulnerabilities in the logging code in Clam AntiVirus (ClamAV) before 0.88.1 might allow remote attackers to execute arbitrary code. NOTE: as of 20060410, it is unclear whethe…

CVSS: 10.0 CWE: CWE-134 - Use of Externally-Controlled Format String View on NVD
2006-04-05
High

CVE-2006-1618

Format string vulnerability in the (1) Con_message and (2) conPrintf functions in con_main.c in Doomsday engine 1.8.6 allows remote attackers to execute arbitrary code via format string specifiers in…

CVSS: 7.5 CWE: N/A View on NVD
2006-04-04
Critical

CVE-2006-0559

Format string vulnerability in the SMTP server for McAfee WebShield 4.5 MR2 and earlier allows remote attackers to execute arbitrary code via format strings in the domain name portion of a destinatio…

CVSS: 10.0 CWE: N/A View on NVD
2006-03-28
High

CVE-2006-1403

Format string vulnerability in the PrintString function in c_console.cpp in client/server Doom (csDoom) 0.7 and earlier allows remote attackers to cause a denial of service and possibly execute arbit…

CVSS: 7.8 CWE: N/A View on NVD
2006-03-19
Medium

CVE-2006-1298

Format string vulnerability in the Job Engine service (bengine.exe) in the Media Server in Veritas Backup Exec 10d (10.1) for Windows Servers rev. 5629, Backup Exec 10.0 for Windows Servers rev. 5520…

CVSS: 4.6 CWE: N/A View on NVD
2006-03-12
High

CVE-2006-1159

Format string vulnerability in Easy File Sharing (EFS) Web Server 3.2 allows remote attackers to cause a denial of service (server crash) and possibly execute arbitrary code via format string specifi…

CVSS: 7.8 CWE: N/A View on NVD
2006-03-10
Medium

CVE-2006-1145

Format string vulnerability in the safe_cprintf function in acebot_cmds.c in Alien Arena 2006 Gold Edition 5.00 allows remote attackers (possibly authenticated) to execute arbitrary code via unspecif…

CVSS: 6.5 CWE: N/A View on NVD
2006-03-09
Medium

CVE-2006-0743

Format string vulnerability in LocalSyslogAppender in Apache log4net 1.2.9 might allow remote attackers to cause a denial of service (memory corruption and termination) via unknown vectors.

CVSS: 5.0 CWE: CWE-134 - Use of Externally-Controlled Format String View on NVD
High

CVE-2006-1075

Format string vulnerability in the visualization function in Jason Boettcher Liero Xtreme 0.62b and earlier allows remote attackers to execute arbitrary code via format string specifiers in (1) a nic…

CVSS: 7.5 CWE: N/A View on NVD
2006-02-28
Medium

CVE-2006-0925

Format string vulnerability in the IMAP4rev1 server in Alt-N MDaemon 8.1.1 and possibly 8.1.4 allows remote attackers to cause a denial of service (CPU consumption) by creating and then listing folde…

CVSS: 5.0 CWE: N/A View on NVD
2006-02-18
Medium

CVE-2006-0771

Format string vulnerability in PunkBuster 1.180 and earlier, as used by Soldier of Fortune II and possibly other games, allows remote attackers to cause a denial of service (server crash) and possibl…

CVSS: 6.4 CWE: CWE-134 - Use of Externally-Controlled Format String View on NVD
2006-02-17
Medium

CVE-2006-0738

Multiple format string vulnerabilities in eStara SIP softphone allow remote attackers to cause a denial of service (hang) via SIP INVITE requests with format string specifiers in the SDP session desc…

CVSS: 5.0 CWE: N/A View on NVD
2006-02-15
Medium

CVE-2006-0705

Format string vulnerability in a logging function as used by various SFTP servers, including (1) AttachmateWRQ Reflection for Secure IT UNIX Server before 6.0.0.9, (2) Reflection for Secure IT Window…

CVSS: 6.5 CWE: CWE-134 - Use of Externally-Controlled Format String View on NVD
High

CVE-2006-0681

Format string vulnerability in powerd.c in Power Daemon (powerd) 2.0.2 and earlier allows remote attackers to execute arbitrary code via format string specifiers in the WHATIDO variable.

CVSS: 7.5 CWE: N/A View on NVD
2006-02-09
Medium

CVE-2006-0618

Format string vulnerability in fontsleuth in QNX Neutrino RTOS 6.3.0 allows local users to execute arbitrary code via format string specifiers in the zeroth argument (program name).

CVSS: 4.6 CWE: N/A View on NVD
2006-01-21
Medium

CVE-2006-0348

Format string vulnerability in the write_logfile function in ELOG before 2.6.1 allows remote attackers to cause a denial of service (server crash) via unknown attack vectors. NOTE: the provenance of…

CVSS: 5.0 CWE: N/A View on NVD
Medium

CVE-2006-0328

Format string vulnerability in Tftpd32 2.81 allows remote attackers to cause a denial of service via format string specifiers in a filename in a (1) GET or (2) SEND request.

CVSS: 5.0 CWE: N/A View on NVD
2006-01-18
Medium

CVE-2006-0250

Format string vulnerability in the snmp_input function in snmptrapd in CMU SNMP utilities (cmu-snmp) allows remote attackers to execute arbitrary code by sending crafted SNMP messages to UDP port 162.

CVSS: 6.4 CWE: N/A View on NVD
2006-01-13
Critical

CVE-2006-0200

Format string vulnerability in the error-reporting feature in the mysqli extension in PHP 5.1.0 and 5.1.1 might allow remote attackers to execute arbitrary code via format string specifiers in MySQL…

CVSS: 9.3 CWE: CWE-134 - Use of Externally-Controlled Format String View on NVD
2006-01-11
High

CVE-2006-0178

Format string vulnerability in /bin/ftp in UNICOS 9.0.2.2 allows local users to have an unknown impact via format string specifiers in the quote command. NOTE: because the program is not setuid and…

CVSS: 7.2 CWE: N/A View on NVD
2006-01-09
High

CVE-2006-0150

Multiple format string vulnerabilities in the auth_ldap_log_reason function in Apache auth_ldap 1.6.0 and earlier allows remote attackers to execute arbitrary code via various vectors, including the…

CVSS: 7.5 CWE: CWE-134 - Use of Externally-Controlled Format String View on NVD
Medium

CVE-2006-0083

Format string vulnerability in the logging code of SMS Server Tools (smstools) 1.14.8 and earlier allows local users to execute arbitrary code via unspecified attack vectors.

CVSS: 4.6 CWE: N/A View on NVD
2006-01-04
Medium

CVE-2006-0082

Format string vulnerability in the SetImageInfo function in image.c for ImageMagick 6.2.3 and other versions, and GraphicsMagick, allows user-assisted attackers to cause a denial of service (crash) a…

CVSS: 5.1 CWE: CWE-134 - Use of Externally-Controlled Format String View on NVD
2005-12-31
Critical

CVE-2005-3656

Multiple format string vulnerabilities in logging functions in mod_auth_pgsql before 2.0.3, when used for user authentication against a PostgreSQL database, allows remote unauthenticated attackers to…

CVSS: 10.0 CWE: CWE-134 - Use of Externally-Controlled Format String View on NVD
High

CVE-2005-4610

Format string vulnerability in the server for Dopewars before 1.5.12, when running as an NT service, allows remote attackers to execute arbitrary code via unspecified attack vectors.

CVSS: 7.5 CWE: N/A View on NVD
High

CVE-2005-4714

Format string vulnerability in the vmps_log function in OpenVMPS (VLAN Management Policy Server) 1.3 allows remote attackers to execute arbitrary code via unknown vectors.

CVSS: 7.5 CWE: N/A View on NVD
High

CVE-2005-4817

Format string vulnerability in ui.c in Textbased MSN Client (TMSNC) before 0.2.5 allows attackers to cause a denial of service and possibly execute arbitrary code via unknown attack vectors that caus…

CVSS: 7.5 CWE: N/A View on NVD
Medium

CVE-2005-4846

Format string vulnerability in Logger.cc for Spey 0.3.3 allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in a syslog call.

CVSS: 4.3 CWE: CWE-20 - Improper Input Validation View on NVD
2005-12-29
Critical

CVE-2005-4565

Format string vulnerability in the Internet Key Exchange version 1 (IKEv1) implementation in ADTRAN NetVanta before 10.03.03.E might allow remote attackers to have an unknown impact via format string…

CVSS: 10.0 CWE: N/A View on NVD
High

CVE-2005-4568

Multiple format string vulnerabilities in FTGate Technology (formerly known as Floosietek) FTGate 4.4 (aka Build 4.4.000 Oct 26 2005) allow remote attackers to execute arbitrary code via format strin…

CVSS: 7.5 CWE: N/A View on NVD
2005-12-23
Medium

CVE-2005-4511

Format string vulnerability in TN3270 Resource Gateway 1.1.0 allows local users to cause a denial of service and possibly execute arbitrary code via format string specifiers in syslog function calls.

CVSS: 4.6 CWE: N/A View on NVD