Total
338 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-0705 | 2 Attachmatewrq, F-secure | 2 Reflection For Secure It Server, F-secure Ssh Server | 2024-11-21 | 6.5 MEDIUM | N/A |
| Format string vulnerability in a logging function as used by various SFTP servers, including (1) AttachmateWRQ Reflection for Secure IT UNIX Server before 6.0.0.9, (2) Reflection for Secure IT Windows Server before 6.0 build 38, (3) F-Secure SSH Server for Windows before 5.3 build 35, (4) F-Secure SSH Server for UNIX 3.0 through 5.0.8, (5) SSH Tectia Server 4.3.6 and earlier and 4.4.0, and (6) SSH Shell Server 3.2.9 and earlier, allows remote authenticated users to execute arbitrary commands via unspecified vectors, involving crafted filenames and the stat command. | |||||
| CVE-2006-0200 | 1 Php | 1 Php | 2024-11-21 | 9.3 HIGH | N/A |
| Format string vulnerability in the error-reporting feature in the mysqli extension in PHP 5.1.0 and 5.1.1 might allow remote attackers to execute arbitrary code via format string specifiers in MySQL error messages. | |||||
| CVE-2006-0150 | 1 Dave Carrigan | 1 Auth Ldap | 2024-11-21 | 7.5 HIGH | N/A |
| Multiple format string vulnerabilities in the auth_ldap_log_reason function in Apache auth_ldap 1.6.0 and earlier allows remote attackers to execute arbitrary code via various vectors, including the username. | |||||
| CVE-2006-0082 | 1 Imagemagick | 1 Imagemagick | 2024-11-21 | 5.1 MEDIUM | N/A |
| Format string vulnerability in the SetImageInfo function in image.c for ImageMagick 6.2.3 and other versions, and GraphicsMagick, allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a numeric format string specifier such as %d in the file name, a variant of CVE-2005-0397, and as demonstrated using the convert program. | |||||
| CVE-2005-3656 | 1 Guiseppe Tanzilli And Matthias Eckermann | 1 Mod Auth Pgsql | 2024-11-21 | 10.0 HIGH | N/A |
| Multiple format string vulnerabilities in logging functions in mod_auth_pgsql before 2.0.3, when used for user authentication against a PostgreSQL database, allows remote unauthenticated attackers to execute arbitrary code, as demonstrated via the username. | |||||
| CVE-2005-3154 | 1 Softwin | 1 Bitdefender | 2024-11-21 | 7.5 HIGH | N/A |
| Format string vulnerability in the logging functionality in BitDefender AntiVirus 7.2 through 9 allows remote attackers to cause a denial of service and possibly execute arbitrary code via format string specifiers in file or directory name. | |||||
| CVE-2005-1394 | 1 Esri | 1 Arcinfo Workstation | 2024-11-20 | 7.2 HIGH | N/A |
| Format string vulnerability in ArcGIS for ESRI ArcInfo Workstation 9.0 allows local users to gain privileges via format string specifiers in the ARCHOME environment variable to (1) wservice or (2) lockmgr. | |||||
| CVE-2005-1122 | 1 Monkey-project | 1 Monkey | 2024-11-20 | 7.5 HIGH | N/A |
| Format string vulnerability in cgi.c for Monkey daemon (monkeyd) before 0.9.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via an HTTP GET request containing double-encoded format string specifiers (aka "double expansion error"). | |||||
| CVE-2004-2714 | 1 Windowmaker | 1 Windowmaker | 2024-11-20 | 6.0 MEDIUM | N/A |
| Unspecified vulnerability in Window Maker 0.80.2 and earlier allows attackers to perform unknown actions via format string specifiers in a font specification in WMGLOBAL, probably a format string vulnerability. | |||||
| CVE-2004-2386 | 2 Denis Sbragion, Peter Astrand | 2 Sredird, Sercd | 2024-11-20 | 7.5 HIGH | N/A |
| Format string vulnerability in the LogMsg function in sercd before 2.3.1 and sredird 2.2.1 and earlier allows remote attackers to execute arbitrary code via format string specifiers passed from the HandleCPCCommand function. | |||||
| CVE-2004-1628 | 1 Pizzashack | 1 Rssh | 2024-11-20 | 9.0 HIGH | N/A |
| Format string vulnerability in log.c in rssh before 2.2.2 allows remote authenticated users to execute arbitrary code. | |||||
| CVE-2004-0777 | 1 Inter7 | 1 Courier-imap | 2024-11-20 | 7.5 HIGH | N/A |
| Format string vulnerability in the auth_debug function in Courier-IMAP 1.6.0 through 2.2.1 and 3.x through 3.0.3, when login debugging (DEBUG_LOGIN) is enabled, allows remote attackers to execute arbitrary code. | |||||
| CVE-2004-0179 | 3 Apache, Debian, Webdav | 5 Openoffice, Subversion, Debian Linux and 2 more | 2024-11-20 | 6.8 MEDIUM | N/A |
| Multiple format string vulnerabilities in (1) neon 0.24.4 and earlier, and other products that use neon including (2) Cadaver, (3) Subversion, and (4) OpenOffice, allow remote malicious WebDAV servers to execute arbitrary code. | |||||
| CVE-2003-1381 | 1 Amxmod.net | 1 Amx Mod | 2024-11-20 | 6.8 MEDIUM | N/A |
| Format string vulnerability in AMX 0.9.2 and earlier, a plugin for Valve Software's Half-Life Server, allows remote attackers to execute arbitrary commands via format string specifiers in the amx_say command. | |||||
| CVE-2003-0738 | 1 Phpwebsite | 1 Phpwebsite | 2024-11-20 | 7.8 HIGH | N/A |
| The calendar module in phpWebSite 0.9.x and earlier allows remote attackers to cause a denial of service (crash) via a long year parameter. | |||||
| CVE-2002-0159 | 1 Cisco | 1 Secure Access Control Server | 2024-11-20 | 7.5 HIGH | N/A |
| Format string vulnerability in the administration function in Cisco Secure Access Control Server (ACS) for Windows, 2.6.x and earlier and 3.x through 3.01 (build 40), allows remote attackers to crash the CSADMIN module only (denial of service of administration function) or execute arbitrary code via format strings in the URL to port 2002. | |||||
| CVE-2024-9129 | 2024-10-23 | N/A | N/A | ||
| In versions of Zend Server 8.5 and prior to version 9.2 a format string injection was discovered. Reported by Dylan Marino | |||||
| CVE-2024-45330 | 1 Fortinet | 2 Fortianalyzer, Fortianalyzer Cloud | 2024-10-19 | N/A | 7.2 HIGH |
| A use of externally-controlled format string in Fortinet FortiAnalyzer versions 7.4.0 through 7.4.3, 7.2.2 through 7.2.5 allows attacker to escalate its privileges via specially crafted requests. | |||||