Total
329 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-0344 | 1 Colloquy | 1 Colloquy | 2024-02-28 | 7.5 HIGH | N/A |
| Multiple format string vulnerabilities in (1) _invitedToRoom: and (2) _invitedToDirectChat: in Colloquy 2.1 and earlier allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via format string specifiers in the channel name of an INVITE request, related to the implementation of AlertSheet and AlertPanel in Apple AppKit. | |||||
| CVE-2007-6625 | 1 Novell | 1 Identity Manager | 2024-02-28 | 5.0 MEDIUM | N/A |
| The Platform Service Process (asampsp) in Fan-Out Driver Platform Services for Novell Identity Manager (IDM) 3.5.1 allows remote attackers to cause a denial of service (daemon crash) via unspecified network traffic that triggers a syslog message containing invalid format string specifiers, as demonstrated by a Nessus scan. | |||||
| CVE-2007-2027 | 1 Elinks | 1 Elinks | 2024-02-28 | 4.4 MEDIUM | N/A |
| Untrusted search path vulnerability in the add_filename_to_string function in intl/gettext/loadmsgcat.c for Elinks 0.11.1 allows local users to cause Elinks to use an untrusted gettext message catalog (.po file) in a "../po" directory, which can be leveraged to conduct format string attacks. | |||||
| CVE-2006-0705 | 2 Attachmatewrq, F-secure | 2 Reflection For Secure It Server, F-secure Ssh Server | 2024-02-28 | 6.5 MEDIUM | N/A |
| Format string vulnerability in a logging function as used by various SFTP servers, including (1) AttachmateWRQ Reflection for Secure IT UNIX Server before 6.0.0.9, (2) Reflection for Secure IT Windows Server before 6.0 build 38, (3) F-Secure SSH Server for Windows before 5.3 build 35, (4) F-Secure SSH Server for UNIX 3.0 through 5.0.8, (5) SSH Tectia Server 4.3.6 and earlier and 4.4.0, and (6) SSH Shell Server 3.2.9 and earlier, allows remote authenticated users to execute arbitrary commands via unspecified vectors, involving crafted filenames and the stat command. | |||||
| CVE-2004-2714 | 1 Windowmaker | 1 Windowmaker | 2024-02-28 | 6.0 MEDIUM | N/A |
| Unspecified vulnerability in Window Maker 0.80.2 and earlier allows attackers to perform unknown actions via format string specifiers in a font specification in WMGLOBAL, probably a format string vulnerability. | |||||
| CVE-2006-2453 | 1 Dia | 1 Dia | 2024-02-28 | 7.5 HIGH | N/A |
| Multiple unspecified format string vulnerabilities in Dia have unspecified impact and attack vectors, a different set of issues than CVE-2006-2480. | |||||
| CVE-2005-3656 | 1 Guiseppe Tanzilli And Matthias Eckermann | 1 Mod Auth Pgsql | 2024-02-28 | 10.0 HIGH | N/A |
| Multiple format string vulnerabilities in logging functions in mod_auth_pgsql before 2.0.3, when used for user authentication against a PostgreSQL database, allows remote unauthenticated attackers to execute arbitrary code, as demonstrated via the username. | |||||
| CVE-2006-3573 | 1 Milan Mimica | 1 Sparklet | 2024-02-28 | 10.0 HIGH | N/A |
| Format string vulnerability in the WriteText function in agl_text.cpp in Milan Mimica Sparklet 0.9.4 and earlier allows remote attackers to execute arbitrary code via format string specifiers in a player nickname. | |||||
| CVE-2006-1840 | 1 Empire Server | 1 Empire Server | 2024-02-28 | 6.4 MEDIUM | N/A |
| Multiple format string vulnerabilities in Empire Server before 4.3.1 allow attackers to cause a denial of service (crash) via the (1) load, (2) spy and (3) bomb functions. | |||||
| CVE-2006-0150 | 1 Dave Carrigan | 1 Auth Ldap | 2024-02-28 | 7.5 HIGH | N/A |
| Multiple format string vulnerabilities in the auth_ldap_log_reason function in Apache auth_ldap 1.6.0 and earlier allows remote attackers to execute arbitrary code via various vectors, including the username. | |||||
| CVE-2006-2409 | 1 Raydium | 1 Raydium | 2024-02-28 | 4.6 MEDIUM | N/A |
| Format string vulnerability in the raydium_log function in console.c in Raydium before SVN revision 310 allows local users to execute arbitrary code via format string specifiers in the format parameter, which are not properly handled in a call to raydium_console_line_add. | |||||
| CVE-2004-2386 | 2 Denis Sbragion, Peter Astrand | 2 Sredird, Sercd | 2024-02-28 | 7.5 HIGH | N/A |
| Format string vulnerability in the LogMsg function in sercd before 2.3.1 and sredird 2.2.1 and earlier allows remote attackers to execute arbitrary code via format string specifiers passed from the HandleCPCCommand function. | |||||
| CVE-2006-0200 | 1 Php | 1 Php | 2024-02-28 | 9.3 HIGH | N/A |
| Format string vulnerability in the error-reporting feature in the mysqli extension in PHP 5.1.0 and 5.1.1 might allow remote attackers to execute arbitrary code via format string specifiers in MySQL error messages. | |||||
| CVE-2006-1615 | 1 Clamav | 1 Clamav | 2024-02-28 | 10.0 HIGH | N/A |
| Multiple format string vulnerabilities in the logging code in Clam AntiVirus (ClamAV) before 0.88.1 might allow remote attackers to execute arbitrary code. NOTE: as of 20060410, it is unclear whether this is a vulnerability, as there is some evidence that the arguments are actually being sanitized properly. | |||||
| CVE-2006-0771 | 1 Even Balance | 1 Punkbuster | 2024-02-28 | 6.4 MEDIUM | N/A |
| Format string vulnerability in PunkBuster 1.180 and earlier, as used by Soldier of Fortune II and possibly other games, allows remote attackers to cause a denial of service (server crash) and possibly execute arbitrary code via format string specifiers in invalid cvar values, which are not properly handled when the server kicks the player and records the reason. | |||||
| CVE-2006-3628 | 2 Ethereal Group, Wireshark | 2 Ethereal, Wireshark | 2024-02-28 | 10.0 HIGH | N/A |
| Multiple format string vulnerabilities in Wireshark (aka Ethereal) 0.10.x to 0.99.0 allow remote attackers to cause a denial of service and possibly execute arbitrary code via the (1) ANSI MAP, (2) Checkpoint FW-1, (3) MQ, (4) XML, and (5) NTP dissectors. | |||||
| CVE-2006-1471 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2024-02-28 | 4.6 MEDIUM | N/A |
| Format string vulnerability in the CF_syslog function launchd in Apple Mac OS X 10.4 up to 10.4.6 allows local users to execute arbitrary code via format string specifiers that are not properly handled in a syslog call in the logging facility, as demonstrated by using a crafted plist file. | |||||
| CVE-2005-3154 | 1 Softwin | 1 Bitdefender | 2024-02-28 | 7.5 HIGH | N/A |
| Format string vulnerability in the logging functionality in BitDefender AntiVirus 7.2 through 9 allows remote attackers to cause a denial of service and possibly execute arbitrary code via format string specifiers in file or directory name. | |||||
| CVE-2005-1122 | 1 Monkey-project | 1 Monkey | 2024-02-28 | 7.5 HIGH | N/A |
| Format string vulnerability in cgi.c for Monkey daemon (monkeyd) before 0.9.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via an HTTP GET request containing double-encoded format string specifiers (aka "double expansion error"). | |||||
| CVE-2006-0743 | 1 Apache | 1 Log4net | 2024-02-28 | 5.0 MEDIUM | N/A |
| Format string vulnerability in LocalSyslogAppender in Apache log4net 1.2.9 might allow remote attackers to cause a denial of service (memory corruption and termination) via unknown vectors. | |||||