Total
332 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2009-3294 | 2 Microsoft, Php | 4 Windows 7, Windows Server 2008, Windows Xp and 1 more | 2024-02-28 | 5.0 MEDIUM | N/A |
The popen API function in TSRM/tsrm_win32.c in PHP before 5.2.11 and 5.3.x before 5.3.1, when running on certain Windows operating systems, allows context-dependent attackers to cause a denial of service (crash) via a crafted (1) "e" or (2) "er" string in the second argument (aka mode), possibly related to the _fdopen function in the Microsoft C runtime library. NOTE: this might not cross privilege boundaries except in rare cases in which the mode argument is accessible to an attacker outside of an application that uses the popen function. | |||||
CVE-2008-3116 | 1 Hanghai | 3 5th Street, High Street 5, Hot Step | 2024-02-28 | 10.0 HIGH | N/A |
Format string vulnerability in dx8render.dll in Snail Game (aka Suzhou Snail Electronic Company) 5th street (aka Hot Step or High Street 5) allows remote attackers to execute arbitrary code via format string specifiers in a chat message. | |||||
CVE-2008-7159 | 1 Silcnet | 1 Silc Toolkit | 2024-02-28 | 5.8 MEDIUM | N/A |
The silc_asn1_encoder function in lib/silcasn1/silcasn1_encode.c in Secure Internet Live Conferencing (SILC) Toolkit before 1.1.8 allows remote attackers to overwrite a stack location and possibly execute arbitrary code via a crafted OID value, related to incorrect use of a %lu format string. | |||||
CVE-2008-7074 | 1 Memcode | 1 I.scribe | 2024-02-28 | 9.3 HIGH | N/A |
Format string vulnerability in MemeCode Software i.Scribe 1.88 through 2.00 before Beta9 allows remote SMTP servers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in a server response, which is not properly handled "when displaying the signon message." | |||||
CVE-2009-2191 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2024-02-28 | 7.5 HIGH | N/A |
Format string vulnerability in Login Window in Apple Mac OS X 10.4.11 and 10.5 before 10.5.8 allows attackers to execute arbitrary code or cause a denial of service (application crash) via format string specifiers in an application name. | |||||
CVE-2009-1210 | 1 Wireshark | 1 Wireshark | 2024-02-28 | 10.0 HIGH | N/A |
Format string vulnerability in the PROFINET/DCP (PN-DCP) dissector in Wireshark 1.0.6 and earlier allows remote attackers to execute arbitrary code via a PN-DCP packet with format string specifiers in the station name. NOTE: some of these details are obtained from third party information. | |||||
CVE-2008-1357 | 1 Mcafee | 4 Agent, Cma, Epolicy Orchestrator and 1 more | 2024-02-28 | 5.4 MEDIUM | N/A |
Format string vulnerability in the logDetail function of applib.dll in McAfee Common Management Agent (CMA) 3.6.0.574 (Patch 3) and earlier, as used in ePolicy Orchestrator 4.0.0 build 1015, allows remote attackers to cause a denial of service (crash) or execute arbitrary code via format string specifiers in a sender field in an AgentWakeup request to UDP port 8082. NOTE: this issue only exists when the debug level is 8. | |||||
CVE-2008-3734 | 1 Ipswitch | 2 Ws Ftp Home, Ws Ftp Pro | 2024-02-28 | 9.3 HIGH | N/A |
Format string vulnerability in Ipswitch WS_FTP Home 2007.0.0.2 and WS_FTP Professional 2007.1.0.0 allows remote FTP servers to cause a denial of service (application crash) or possibly execute arbitrary code via format string specifiers in a connection greeting (response). | |||||
CVE-2008-0963 | 1 Emc | 1 Diskxtender | 2024-02-28 | 9.0 HIGH | N/A |
Format string vulnerability in EMC DiskXtender MediaStor 6.20.060 allows remote authenticated users to execute arbitrary code via a crafted message to the RPC interface. | |||||
CVE-2009-3163 | 1 Silcnet | 2 Silc Client, Silc Toolkit | 2024-02-28 | 7.5 HIGH | N/A |
Multiple format string vulnerabilities in lib/silcclient/command.c in Secure Internet Live Conferencing (SILC) Toolkit before 1.1.10, and SILC Client 1.1.8 and earlier, allow remote attackers to execute arbitrary code via format string specifiers in a channel name, related to (1) silc_client_command_topic, (2) silc_client_command_kick, (3) silc_client_command_leave, and (4) silc_client_command_users. | |||||
CVE-2008-0989 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2024-02-28 | 6.9 MEDIUM | N/A |
Format string vulnerability in mDNSResponderHelper in Apple Mac OS X 10.5.2 allows local users to execute arbitrary code via format string specifiers in the local hostname. | |||||
CVE-2009-3707 | 1 Vmware | 4 Ace, Player, Server and 1 more | 2024-02-28 | 5.0 MEDIUM | N/A |
VMware Authentication Daemon 1.0 in vmware-authd.exe in the VMware Authorization Service in VMware Workstation 7.0 before 7.0.1 build 227600 and 6.5.x before 6.5.4 build 246459, VMware Player 3.0 before 3.0.1 build 227600 and 2.5.x before 2.5.4 build 246459, VMware ACE 2.6 before 2.6.1 build 227600 and 2.5.x before 2.5.4 build 246459, and VMware Server 2.x allows remote attackers to cause a denial of service (process crash) via a \x25\xFF sequence in the USER and PASS commands, related to a "format string DoS" issue. NOTE: some of these details are obtained from third party information. | |||||
CVE-2008-2310 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2024-02-28 | 6.8 MEDIUM | N/A |
Format string vulnerability in c++filt in Apple Mac OS X 10.5 before 10.5.4 allows user-assisted attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted string in (1) C++ or (2) Java source code. | |||||
CVE-2009-1262 | 1 Fortinet | 1 Forticlient | 2024-02-28 | 7.2 HIGH | N/A |
Format string vulnerability in Fortinet FortiClient 3.0.614, and possibly earlier, allows local users to execute arbitrary code via format string specifiers in the VPN connection name. | |||||
CVE-2008-3940 | 1 Hp | 1 Openvms | 2024-02-28 | 4.4 MEDIUM | N/A |
Format string vulnerability in the finger client in HP TCP/IP Services for OpenVMS 5.x allows local users to gain privileges via format string specifiers in a (1) .plan or (2) .project file. | |||||
CVE-2009-2548 | 1 Bistudio | 2 Arma, Arma 2 | 2024-02-28 | 10.0 HIGH | N/A |
Format string vulnerability in Armed Assault (aka ArmA) 1.14 and earlier, and 1.16 beta, and Armed Assault II 1.02 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in the (1) nickname and (2) datafile fields in a join request, which is not properly handled when logging an error message. | |||||
CVE-2008-1705 | 1 Ibm | 1 Soliddb | 2024-02-28 | 6.8 MEDIUM | N/A |
Format string vulnerability in the logging function in IBM solidDB 06.00.1018 and earlier allows remote attackers to execute arbitrary code via format string specifiers in the (1) user name, (2) peer name, and possibly unspecified other fields. | |||||
CVE-2008-3533 | 1 Gnome | 2 Gnome, Yelp | 2024-02-28 | 10.0 HIGH | N/A |
Format string vulnerability in the window_error function in yelp-window.c in yelp in Gnome after 2.19.90 and before 2.24 allows remote attackers to execute arbitrary code via format string specifiers in an invalid URI on the command line, as demonstrated by use of yelp within (1) man or (2) ghelp URI handlers in Firefox, Evolution, and unspecified other programs. | |||||
CVE-2008-6441 | 1 Epicgames | 1 Unreal Engine | 2024-02-28 | 9.3 HIGH | N/A |
Format string vulnerability in the Epic Games Unreal engine client, as used in multiple games, allows remote servers to execute arbitrary code via (1) the CLASS parameter in a DLMGR command, (2) a malformed package (PKG), and possibly (3) the LEVEL parameter in a WELCOME command. | |||||
CVE-2008-1401 | 1 Mg-soft | 1 Net Inspector | 2024-02-28 | 4.3 MEDIUM | N/A |
Format string vulnerability in the Net Inspector HTTP server (mghttpd) in MG-SOFT Net Inspector 6.5.0.828 and earlier for Windows allows remote attackers to execute arbitrary code via format string specifiers in the URI, which is recorded in a log file. |