Total
328 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-6520 | 1 Imatix | 1 Xitami | 2017-08-17 | 10.0 HIGH | N/A |
| Multiple format string vulnerabilities in the SSI filter in Xitami Web Server 2.5c2, and possibly other versions, allow remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via format string specifiers in a URI that ends in (1) .ssi, (2) .shtm, or (3) .shtml, which triggers incorrect logging code involving the sendfmt function in the SMT kernel. | |||||
| CVE-2008-7159 | 1 Silcnet | 1 Silc Toolkit | 2017-08-17 | 5.8 MEDIUM | N/A |
| The silc_asn1_encoder function in lib/silcasn1/silcasn1_encode.c in Secure Internet Live Conferencing (SILC) Toolkit before 1.1.8 allows remote attackers to overwrite a stack location and possibly execute arbitrary code via a crafted OID value, related to incorrect use of a %lu format string. | |||||
| CVE-2008-6395 | 1 3com | 1 Wireless 8760 Dual-radio | 2017-08-17 | 7.8 HIGH | N/A |
| The web management interface in 3Com Wireless 8760 Dual Radio 11a/b/g PoE Access Point allows remote attackers to cause a denial of service (device crash) via a malformed HTTP POST request. | |||||
| CVE-2008-3940 | 1 Hp | 1 Openvms | 2017-08-08 | 4.4 MEDIUM | N/A |
| Format string vulnerability in the finger client in HP TCP/IP Services for OpenVMS 5.x allows local users to gain privileges via format string specifiers in a (1) .plan or (2) .project file. | |||||
| CVE-2008-2310 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-08-08 | 6.8 MEDIUM | N/A |
| Format string vulnerability in c++filt in Apple Mac OS X 10.5 before 10.5.4 allows user-assisted attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted string in (1) C++ or (2) Java source code. | |||||
| CVE-2008-0963 | 1 Emc | 1 Diskxtender | 2017-08-08 | 9.0 HIGH | N/A |
| Format string vulnerability in EMC DiskXtender MediaStor 6.20.060 allows remote authenticated users to execute arbitrary code via a crafted message to the RPC interface. | |||||
| CVE-2007-6625 | 1 Novell | 1 Identity Manager | 2017-08-08 | 5.0 MEDIUM | N/A |
| The Platform Service Process (asampsp) in Fan-Out Driver Platform Services for Novell Identity Manager (IDM) 3.5.1 allows remote attackers to cause a denial of service (daemon crash) via unspecified network traffic that triggers a syslog message containing invalid format string specifiers, as demonstrated by a Nessus scan. | |||||
| CVE-2008-0989 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-08-08 | 6.9 MEDIUM | N/A |
| Format string vulnerability in mDNSResponderHelper in Apple Mac OS X 10.5.2 allows local users to execute arbitrary code via format string specifiers in the local hostname. | |||||
| CVE-2007-4708 | 1 Apple | 1 Mac Os X | 2017-07-29 | 9.3 HIGH | N/A |
| Format string vulnerability in Address Book in Apple Mac OS X 10.4.11 allows remote attackers to execute arbitrary code via the URL handler. | |||||
| CVE-2007-4832 | 1 Immersion Games | 1 Cellfactor Revolution | 2017-07-29 | 7.5 HIGH | N/A |
| Format string vulnerability in CellFactor Revolution 1.03 and earlier allows remote attackers to execute arbitrary code via format string specifiers in a malformed nickname. | |||||
| CVE-2007-5396 | 1 Miranda-im | 1 Miranda Im | 2017-07-29 | 6.8 MEDIUM | N/A |
| Format string vulnerability in the ext_yahoo_contact_added function in yahoo.c in Miranda IM 0.7.1 allows remote attackers to execute arbitrary code via a Y7 Buddy Authorization packet with format string specifiers in the contact Yahoo! handle (who). | |||||
| CVE-2007-3675 | 1 Kaspersky Lab | 1 Online Scanner | 2017-07-29 | 9.3 HIGH | N/A |
| Multiple format string vulnerabilities in the kavwebscan.CKAVWebScan ActiveX control (kavwebscan.dll) in Kaspersky Online Scanner before 5.0.98 allow remote attackers to execute arbitrary code via format string specifiers in "various string formatting functions," which trigger heap-based buffer overflows. | |||||
| CVE-2007-3917 | 1 Wesnoth | 1 Wesnoth | 2017-07-29 | 7.8 HIGH | N/A |
| The multiplayer engine in Wesnoth 1.2.x before 1.2.7 and 1.3.x before 1.3.9 allows remote servers to cause a denial of service (crash) via a long message with multibyte characters that can produce an invalid UTF-8 string after it is truncated, which triggers an uncaught exception, involving the truncate_message function in server/server.cpp. NOTE: this issue affects both clients and servers. | |||||
| CVE-2007-4273 | 1 Ibm | 1 Db2 Universal Database | 2017-07-29 | 4.6 MEDIUM | N/A |
| IBM DB2 UDB 8 before Fixpak 15 and 9.1 before Fixpak 3 allows local users to create arbitrary directories and execute arbitrary code via a "crafted localized message file" that enables a format string attack, possibly involving the (1) OSSEMEMDBG or (2) TRC_LOG_FILE environment variable in db2licd (db2licm). | |||||
| CVE-2007-2655 | 1 Netwin | 2 Surgemail, Webmail | 2017-07-29 | 7.5 HIGH | N/A |
| Unspecified vulnerability in NetWin Webmail 3.1s-1 in SurgeMail before 3.8i2 has unknown impact and remote attack vectors, possibly a format string vulnerability that allows remote code execution. | |||||
| CVE-2006-6751 | 1 Dxmsoft | 1 Xm Easy Personal Ftp Server | 2017-07-29 | 5.0 MEDIUM | N/A |
| Format string vulnerability in XM Easy Personal FTP Server 5.2.1 allows remote attackers to cause a denial of service (application crash) via format string specifiers in the USER command or certain other available or nonexistent commands. NOTE: It was later reported that 5.3.0 is also vulnerable. | |||||
| CVE-2004-2714 | 1 Windowmaker | 1 Windowmaker | 2017-07-29 | 6.0 MEDIUM | N/A |
| Unspecified vulnerability in Window Maker 0.80.2 and earlier allows attackers to perform unknown actions via format string specifiers in a font specification in WMGLOBAL, probably a format string vulnerability. | |||||
| CVE-2003-1381 | 1 Amxmod.net | 1 Amx Mod | 2017-07-29 | 6.8 MEDIUM | N/A |
| Format string vulnerability in AMX 0.9.2 and earlier, a plugin for Valve Software's Half-Life Server, allows remote attackers to execute arbitrary commands via format string specifiers in the amx_say command. | |||||
| CVE-2006-1615 | 1 Clamav | 1 Clamav | 2017-07-20 | 10.0 HIGH | N/A |
| Multiple format string vulnerabilities in the logging code in Clam AntiVirus (ClamAV) before 0.88.1 might allow remote attackers to execute arbitrary code. NOTE: as of 20060410, it is unclear whether this is a vulnerability, as there is some evidence that the arguments are actually being sanitized properly. | |||||
| CVE-2006-1840 | 1 Empire Server | 1 Empire Server | 2017-07-20 | 6.4 MEDIUM | N/A |
| Multiple format string vulnerabilities in Empire Server before 4.3.1 allow attackers to cause a denial of service (crash) via the (1) load, (2) spy and (3) bomb functions. | |||||