Total
370 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-2310 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | 6.8 MEDIUM | N/A |
| Format string vulnerability in c++filt in Apple Mac OS X 10.5 before 10.5.4 allows user-assisted attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted string in (1) C++ or (2) Java source code. | |||||
| CVE-2009-0364 | 1 Citadel | 1 Webcit | 2025-04-09 | 7.5 HIGH | N/A |
| Format string vulnerability in the mini_calendar component in Citadel.org WebCit 7.22, and other versions before 7.39, allows remote attackers to execute arbitrary code via unspecified vectors. | |||||
| CVE-2008-6441 | 1 Epicgames | 1 Unreal Engine | 2025-04-09 | 9.3 HIGH | N/A |
| Format string vulnerability in the Epic Games Unreal engine client, as used in multiple games, allows remote servers to execute arbitrary code via (1) the CLASS parameter in a DLMGR command, (2) a malformed package (PKG), and possibly (3) the LEVEL parameter in a WELCOME command. | |||||
| CVE-2008-7074 | 1 Memcode | 1 I.scribe | 2025-04-09 | 9.3 HIGH | N/A |
| Format string vulnerability in MemeCode Software i.Scribe 1.88 through 2.00 before Beta9 allows remote SMTP servers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in a server response, which is not properly handled "when displaying the signon message." | |||||
| CVE-2007-5825 | 1 Firefly | 1 Media Server | 2025-04-09 | 7.5 HIGH | N/A |
| Format string vulnerability in the ws_addarg function in webserver.c in mt-dappd in Firefly Media Server 0.2.4 and earlier allows remote attackers to execute arbitrary code via a stats method action to /xml-rpc with format string specifiers in the (1) username or (2) password portion of base64-encoded data on the "Authorization: Basic" HTTP header line. | |||||
| CVE-2007-5247 | 1 Monolith Productions | 1 First Encounter Assault Recon | 2025-04-09 | 9.3 HIGH | N/A |
| Multiple format string vulnerabilities in the Monolith Lithtech engine, as used by First Encounter Assault Recon (F.E.A.R.) 1.08 and earlier, when Punkbuster (PB) is enabled, allow remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via format string specifiers in (1) a PB_Y packet to the YPG server on UDP port 27888 or (2) a PB_U packet to UCON on UDP port 27888, different vectors than CVE-2004-1500. NOTE: this issue might be in Punkbuster itself, but there are insufficient details to be certain. | |||||
| CVE-2009-3163 | 1 Silcnet | 2 Silc Client, Silc Toolkit | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple format string vulnerabilities in lib/silcclient/command.c in Secure Internet Live Conferencing (SILC) Toolkit before 1.1.10, and SILC Client 1.1.8 and earlier, allow remote attackers to execute arbitrary code via format string specifiers in a channel name, related to (1) silc_client_command_topic, (2) silc_client_command_kick, (3) silc_client_command_leave, and (4) silc_client_command_users. | |||||
| CVE-2008-1206 | 1 Linux Kiss Server | 1 Linux Kiss Server | 2025-04-09 | 6.8 MEDIUM | N/A |
| Format string vulnerability in the log_message function in lks.c in Linux Kiss Server 1.2, when background (daemon) mode is disabled, allows remote attackers to cause a denial of service (crash) or execute arbitrary code via format string specifiers in an invalid command. | |||||
| CVE-2008-7228 | 1 White Dune | 1 White Dune | 2025-04-09 | 10.0 HIGH | N/A |
| Multiple format string vulnerabilities in White_Dune before 0.29beta851 have unspecified impact and attack vectors, a different vulnerability than CVE-2008-0101. | |||||
| CVE-2008-1127 | 1 Crytek | 1 Crysis | 2025-04-09 | 6.0 MEDIUM | N/A |
| Format string vulnerability in the cryactio function in Crysis 1.1.1.5879 allows remote authenticated users to execute arbitrary code via format string specifiers in the user name, which is triggered when the game character is killed. | |||||
| CVE-2007-3880 | 1 Sun | 2 Net Connect Software, Sunos | 2025-04-09 | 7.2 HIGH | N/A |
| Format string vulnerability in srsexec in Sun Remote Services (SRS) Net Connect 3.2.3 and 3.2.4, as distributed in the SRS Proxy Core (SUNWsrspx) package, allows local users to gain privileges via format string specifiers in unspecified input that is logged through syslog. | |||||
| CVE-2007-5184 | 1 Smbftpd | 1 Smbftpd | 2025-04-09 | 7.5 HIGH | N/A |
| Format string vulnerability in the SMBDirList function in dirlist.c in SmbFTPD 0.96 allows remote attackers to execute arbitrary code via format string specifiers in a directory name. | |||||
| CVE-2009-3617 | 1 Tatsuhiro Tsujikawa | 1 Aria2 | 2025-04-09 | 7.6 HIGH | N/A |
| Format string vulnerability in the AbstractCommand::onAbort function in src/AbstractCommand.cc in aria2 before 1.6.2, when logging is enabled, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via format string specifiers in a download URI. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2007-4550 | 1 Altools | 1 Alpass | 2025-04-09 | 5.1 MEDIUM | N/A |
| Format string vulnerability in ALPass 2.7 English and 3.02 Korean might allow user-assisted remote attackers to execute arbitrary code via format string specifiers in an fnm field in a folder-name record in an ALPASS DB (APW) file. | |||||
| CVE-2007-2027 | 1 Elinks | 1 Elinks | 2025-04-09 | 4.4 MEDIUM | N/A |
| Untrusted search path vulnerability in the add_filename_to_string function in intl/gettext/loadmsgcat.c for Elinks 0.11.1 allows local users to cause Elinks to use an untrusted gettext message catalog (.po file) in a "../po" directory, which can be leveraged to conduct format string attacks. | |||||
| CVE-2008-1333 | 1 Asterisk | 1 Open Source | 2025-04-09 | 5.8 MEDIUM | N/A |
| Format string vulnerability in Asterisk Open Source 1.6.x before 1.6.0-beta6 might allow remote attackers to execute arbitrary code via logging messages that are not properly handled by (1) the ast_verbose logging API call, or (2) the astman_append function. | |||||
| CVE-2009-2446 | 2 Mysql, Oracle | 2 Mysql, Mysql | 2025-04-09 | 8.5 HIGH | N/A |
| Multiple format string vulnerabilities in the dispatch_command function in libmysqld/sql_parse.cc in mysqld in MySQL 4.0.0 through 5.0.83 allow remote authenticated users to cause a denial of service (daemon crash) and possibly have unspecified other impact via format string specifiers in a database name in a (1) COM_CREATE_DB or (2) COM_DROP_DB request. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2009-0754 | 2 Apache, Php | 2 Apache, Php | 2025-04-09 | 2.1 LOW | N/A |
| PHP 4.4.4, 5.1.6, and other versions, when running on Apache, allows local users to modify behavior of other sites hosted on the same web server by modifying the mbstring.func_overload setting within .htaccess, which causes this setting to be applied to other virtual hosts on the same server. | |||||
| CVE-2009-2191 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | 7.5 HIGH | N/A |
| Format string vulnerability in Login Window in Apple Mac OS X 10.4.11 and 10.5 before 10.5.8 allows attackers to execute arbitrary code or cause a denial of service (application crash) via format string specifiers in an application name. | |||||
| CVE-2008-1401 | 1 Mg-soft | 1 Net Inspector | 2025-04-09 | 4.3 MEDIUM | N/A |
| Format string vulnerability in the Net Inspector HTTP server (mghttpd) in MG-SOFT Net Inspector 6.5.0.828 and earlier for Windows allows remote attackers to execute arbitrary code via format string specifiers in the URI, which is recorded in a log file. | |||||