Total
332 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2007-4708 | 1 Apple | 1 Mac Os X | 2024-02-28 | 9.3 HIGH | N/A |
Format string vulnerability in Address Book in Apple Mac OS X 10.4.11 allows remote attackers to execute arbitrary code via the URL handler. | |||||
CVE-2008-1206 | 1 Linux Kiss Server | 1 Linux Kiss Server | 2024-02-28 | 6.8 MEDIUM | N/A |
Format string vulnerability in the log_message function in lks.c in Linux Kiss Server 1.2, when background (daemon) mode is disabled, allows remote attackers to cause a denial of service (crash) or execute arbitrary code via format string specifiers in an invalid command. | |||||
CVE-2007-4550 | 1 Altools | 1 Alpass | 2024-02-28 | 5.1 MEDIUM | N/A |
Format string vulnerability in ALPass 2.7 English and 3.02 Korean might allow user-assisted remote attackers to execute arbitrary code via format string specifiers in an fnm field in a folder-name record in an ALPASS DB (APW) file. | |||||
CVE-2007-5248 | 2 Id Software, Take2games | 3 Doom 3, Quake 4, Prey | 2024-02-28 | 9.3 HIGH | N/A |
Multiple format string vulnerabilities in the ID Software Doom 3 engine, as used by Doom 3 1.3.1 and earlier, Quake 4 1.4.2 and earlier, and Prey 1.3 and earlier, when Punkbuster (PB) is enabled, allow remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via format string specifiers in (1) a PB_Y packet to the YPG server or (2) a PB_U packet to UCON. NOTE: this issue might be in Punkbuster itself, but there are insufficient details to be certain. | |||||
CVE-2008-0764 | 1 Larson Software Technology | 1 Network Print Server | 2024-02-28 | 10.0 HIGH | N/A |
Format string vulnerability in the logging function in Larson Network Print Server (LstNPS) 9.4.2 build 105 and earlier for Windows might allow remote attackers to execute arbitrary code via format string specifiers in a USEP command on TCP port 3114. | |||||
CVE-2008-1055 | 1 Netwin | 2 Surgemail, Webmail | 2024-02-28 | 7.5 HIGH | N/A |
Format string vulnerability in webmail.exe in NetWin SurgeMail 38k4 and earlier and beta 39a, and WebMail 3.1s and earlier, allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via format string specifiers in the page parameter. | |||||
CVE-2006-6772 | 1 W3m | 1 W3m | 2024-02-28 | 9.3 HIGH | N/A |
Format string vulnerability in the inputAnswer function in file.c in w3m before 0.5.2, when run with the dump or backend option, allows remote attackers to execute arbitrary code via format string specifiers in the Common Name (CN) field of an SSL certificate associated with an https URL. | |||||
CVE-2007-5545 | 1 Tibco | 1 Smart Pgm Fx | 2024-02-28 | 7.5 HIGH | N/A |
Format string vulnerability in TIBCO SmartPGM FX allows remote attackers to execute arbitrary code via format string specifiers in unspecified vectors. NOTE: as of 20071016, the only disclosure is a vague pre-advisory with no actionable information. However, since it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes. | |||||
CVE-2007-6273 | 1 Sonicwall | 1 Global Vpn Client | 2024-02-28 | 9.3 HIGH | N/A |
Multiple format string vulnerabilities in the configuration file in SonicWALL GLobal VPN Client 3.1.556 and 4.0.0.810 allow user-assisted remote attackers to execute arbitrary code via format string specifiers in the (1) Hostname tag or the (2) name attribute in the Connection tag. NOTE: there might not be any realistic circumstances in which this issue crosses privilege boundaries. | |||||
CVE-2007-0753 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2024-02-28 | 7.2 HIGH | N/A |
Format string vulnerability in the VPN daemon (vpnd) in Apple Mac OS X 10.3.9 and 10.4.9 allows local users to execute arbitrary code via the -i parameter. | |||||
CVE-2007-3880 | 1 Sun | 2 Net Connect Software, Sunos | 2024-02-28 | 7.2 HIGH | N/A |
Format string vulnerability in srsexec in Sun Remote Services (SRS) Net Connect 3.2.3 and 3.2.4, as distributed in the SRS Proxy Core (SUNWsrspx) package, allows local users to gain privileges via format string specifiers in unspecified input that is logged through syslog. | |||||
CVE-2007-5740 | 1 Vergenet | 1 Perdition Mail Retrieval Proxy | 2024-02-28 | 7.5 HIGH | N/A |
The format string protection mechanism in IMAPD for Perdition Mail Retrieval Proxy 1.17 and earlier allows remote attackers to execute arbitrary code via an IMAP tag with a null byte followed by a format string specifier, which is not counted by the mechanism. | |||||
CVE-2007-4273 | 1 Ibm | 1 Db2 Universal Database | 2024-02-28 | 4.6 MEDIUM | N/A |
IBM DB2 UDB 8 before Fixpak 15 and 9.1 before Fixpak 3 allows local users to create arbitrary directories and execute arbitrary code via a "crafted localized message file" that enables a format string attack, possibly involving the (1) OSSEMEMDBG or (2) TRC_LOG_FILE environment variable in db2licd (db2licm). | |||||
CVE-2007-0017 | 1 Videolan | 1 Vlc Media Player | 2024-02-28 | 6.8 MEDIUM | N/A |
Multiple format string vulnerabilities in (1) the cdio_log_handler function in modules/access/cdda/access.c in the CDDA (libcdda_plugin) plugin, and the (2) cdio_log_handler and (3) vcd_log_handler functions in modules/access/vcdx/access.c in the VCDX (libvcdx_plugin) plugin, in VideoLAN VLC 0.7.0 through 0.8.6 allow user-assisted remote attackers to execute arbitrary code via format string specifiers in an invalid URI, as demonstrated by a udp://-- URI in an M3U file. | |||||
CVE-2007-4754 | 1 Cor Entertainment | 1 Alien Arena 2007 | 2024-02-28 | 7.5 HIGH | N/A |
Format string vulnerability in the safe_bprintf function in acesrc/acebot_cmds.c in Alien Arena 2007 6.10 and earlier allows remote attackers to cause a denial of service (daemon crash) via format string specifiers in a nickname. | |||||
CVE-2007-3675 | 1 Kaspersky Lab | 1 Online Scanner | 2024-02-28 | 9.3 HIGH | N/A |
Multiple format string vulnerabilities in the kavwebscan.CKAVWebScan ActiveX control (kavwebscan.dll) in Kaspersky Online Scanner before 5.0.98 allow remote attackers to execute arbitrary code via format string specifiers in "various string formatting functions," which trigger heap-based buffer overflows. | |||||
CVE-2007-5265 | 1 Dawnoftime | 1 Dawn Of Time | 2024-02-28 | 7.5 HIGH | N/A |
Multiple format string vulnerabilities in websrv.cpp in Dawn of Time 1.69s beta4 and earlier allow remote attackers to execute arbitrary code via format string specifiers in the (1) username or (2) password fields when accessing certain "restricted zones", which are not properly handled by the (a) processWebHeader and (b) filterWebRequest functions. | |||||
CVE-2007-4832 | 1 Immersion Games | 1 Cellfactor Revolution | 2024-02-28 | 7.5 HIGH | N/A |
Format string vulnerability in CellFactor Revolution 1.03 and earlier allows remote attackers to execute arbitrary code via format string specifiers in a malformed nickname. | |||||
CVE-2008-0755 | 1 Cyan Soft | 6 Cyanprintip Basic, Cyanprintip Easy Opi, Cyanprintip Professional and 3 more | 2024-02-28 | 7.5 HIGH | N/A |
Format string vulnerability in the ReportSysLogEvent function in the LPD server in cyan soft Opium OPI Server 4.10.1028 and earlier; cyanPrintIP Easy OPI, Professional, and Basic 4.10.1030 and earlier; Workstation 4.10.836 and earlier; and Standard 4.10.940 and earlier; might allow remote attackers to execute arbitrary code via format string specifiers in the queue name in a request. | |||||
CVE-2007-1251 | 1 Netrek | 1 Netrek Vanilla Server | 2024-02-28 | 9.3 HIGH | N/A |
Format string vulnerability in the new_warning function in ntserv/warning.c for Netrek Vanilla Server 2.12.0, when EVENTLOG is enabled, allows remote attackers to cause a denial of service (crash) or execute arbitrary code via format string specifiers in the message handling. |