Total
322 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2008-3533 | 1 Gnome | 2 Gnome, Yelp | 2024-02-04 | 10.0 HIGH | N/A |
Format string vulnerability in the window_error function in yelp-window.c in yelp in Gnome after 2.19.90 and before 2.24 allows remote attackers to execute arbitrary code via format string specifiers in an invalid URI on the command line, as demonstrated by use of yelp within (1) man or (2) ghelp URI handlers in Firefox, Evolution, and unspecified other programs. | |||||
CVE-2009-3163 | 1 Silcnet | 2 Silc Client, Silc Toolkit | 2024-02-04 | 7.5 HIGH | N/A |
Multiple format string vulnerabilities in lib/silcclient/command.c in Secure Internet Live Conferencing (SILC) Toolkit before 1.1.10, and SILC Client 1.1.8 and earlier, allow remote attackers to execute arbitrary code via format string specifiers in a channel name, related to (1) silc_client_command_topic, (2) silc_client_command_kick, (3) silc_client_command_leave, and (4) silc_client_command_users. | |||||
CVE-2009-0538 | 1 Symantec | 1 Pcanywhere | 2024-02-04 | 4.6 MEDIUM | N/A |
Format string vulnerability in Symantec pcAnywhere before 12.5 SP1 allows local users to read and modify arbitrary memory locations, and cause a denial of service (application crash) or possibly have unspecified other impact, via format string specifiers in the pathname of a remote control file (aka .CHF file). | |||||
CVE-2008-6519 | 1 Imatix | 1 Xitami | 2024-02-04 | 10.0 HIGH | N/A |
Format string vulnerability in Xitami Web Server 2.2a through 2.5c2, and possibly other versions, allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via format string specifiers in a Long Running Web Process (LRWP) request, which triggers incorrect logging code involving the sendfmt function in the SMT kernel. | |||||
CVE-2008-7074 | 1 Memcode | 1 I.scribe | 2024-02-04 | 9.3 HIGH | N/A |
Format string vulnerability in MemeCode Software i.Scribe 1.88 through 2.00 before Beta9 allows remote SMTP servers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in a server response, which is not properly handled "when displaying the signon message." | |||||
CVE-2008-2310 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2024-02-04 | 6.8 MEDIUM | N/A |
Format string vulnerability in c++filt in Apple Mac OS X 10.5 before 10.5.4 allows user-assisted attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted string in (1) C++ or (2) Java source code. | |||||
CVE-2008-3871 | 1 Ezbsystems | 1 Ultraiso | 2024-02-04 | 9.3 HIGH | N/A |
Multiple format string vulnerabilities in UltraISO 9.3.1.2633, and possibly other versions before 9.3.3.2685, allow user-assisted attackers to execute arbitrary code via format string specifiers in the filename of a (1) DAA or (2) ISZ file. | |||||
CVE-2008-3734 | 1 Ipswitch | 2 Ws Ftp Home, Ws Ftp Pro | 2024-02-04 | 9.3 HIGH | N/A |
Format string vulnerability in Ipswitch WS_FTP Home 2007.0.0.2 and WS_FTP Professional 2007.1.0.0 allows remote FTP servers to cause a denial of service (application crash) or possibly execute arbitrary code via format string specifiers in a connection greeting (response). | |||||
CVE-2008-3940 | 1 Hp | 1 Openvms | 2024-02-04 | 4.4 MEDIUM | N/A |
Format string vulnerability in the finger client in HP TCP/IP Services for OpenVMS 5.x allows local users to gain privileges via format string specifiers in a (1) .plan or (2) .project file. | |||||
CVE-2009-3294 | 2 Microsoft, Php | 4 Windows 7, Windows Server 2008, Windows Xp and 1 more | 2024-02-04 | 5.0 MEDIUM | N/A |
The popen API function in TSRM/tsrm_win32.c in PHP before 5.2.11 and 5.3.x before 5.3.1, when running on certain Windows operating systems, allows context-dependent attackers to cause a denial of service (crash) via a crafted (1) "e" or (2) "er" string in the second argument (aka mode), possibly related to the _fdopen function in the Microsoft C runtime library. NOTE: this might not cross privilege boundaries except in rare cases in which the mode argument is accessible to an attacker outside of an application that uses the popen function. | |||||
CVE-2008-7159 | 1 Silcnet | 1 Silc Toolkit | 2024-02-04 | 5.8 MEDIUM | N/A |
The silc_asn1_encoder function in lib/silcasn1/silcasn1_encode.c in Secure Internet Live Conferencing (SILC) Toolkit before 1.1.8 allows remote attackers to overwrite a stack location and possibly execute arbitrary code via a crafted OID value, related to incorrect use of a %lu format string. | |||||
CVE-2009-1210 | 1 Wireshark | 1 Wireshark | 2024-02-04 | 10.0 HIGH | N/A |
Format string vulnerability in the PROFINET/DCP (PN-DCP) dissector in Wireshark 1.0.6 and earlier allows remote attackers to execute arbitrary code via a PN-DCP packet with format string specifiers in the station name. NOTE: some of these details are obtained from third party information. | |||||
CVE-2009-1886 | 1 Samba | 1 Samba | 2024-02-04 | 9.3 HIGH | N/A |
Multiple format string vulnerabilities in client/client.c in smbclient in Samba 3.2.0 through 3.2.12 might allow context-dependent attackers to execute arbitrary code via format string specifiers in a filename. | |||||
CVE-2009-0754 | 2 Apache, Php | 2 Apache, Php | 2024-02-04 | 2.1 LOW | N/A |
PHP 4.4.4, 5.1.6, and other versions, when running on Apache, allows local users to modify behavior of other sites hosted on the same web server by modifying the mbstring.func_overload setting within .htaccess, which causes this setting to be applied to other virtual hosts on the same server. | |||||
CVE-2008-6441 | 1 Epicgames | 1 Unreal Engine | 2024-02-04 | 9.3 HIGH | N/A |
Format string vulnerability in the Epic Games Unreal engine client, as used in multiple games, allows remote servers to execute arbitrary code via (1) the CLASS parameter in a DLMGR command, (2) a malformed package (PKG), and possibly (3) the LEVEL parameter in a WELCOME command. | |||||
CVE-2008-0965 | 1 Sun | 3 Opensolaris, Solaris, Sunos | 2024-02-04 | 9.3 HIGH | N/A |
Multiple format string vulnerabilities in snoop on Sun Solaris 8 through 10 and OpenSolaris before snv_96, when the -o option is omitted, allow remote attackers to execute arbitrary code via format string specifiers in an SMB packet. | |||||
CVE-2009-3617 | 1 Tatsuhiro Tsujikawa | 1 Aria2 | 2024-02-04 | 7.6 HIGH | N/A |
Format string vulnerability in the AbstractCommand::onAbort function in src/AbstractCommand.cc in aria2 before 1.6.2, when logging is enabled, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via format string specifiers in a download URI. NOTE: some of these details are obtained from third party information. | |||||
CVE-2008-1333 | 1 Asterisk | 1 Open Source | 2024-02-04 | 5.8 MEDIUM | N/A |
Format string vulnerability in Asterisk Open Source 1.6.x before 1.6.0-beta6 might allow remote attackers to execute arbitrary code via logging messages that are not properly handled by (1) the ast_verbose logging API call, or (2) the astman_append function. | |||||
CVE-2008-7160 | 1 Silcnet | 1 Silc Toolkit | 2024-02-04 | 5.8 MEDIUM | N/A |
The silc_http_server_parse function in lib/silchttp/silchttpserver.c in the internal HTTP server in silcd in Secure Internet Live Conferencing (SILC) Toolkit before 1.1.9 allows remote attackers to overwrite a stack location and possibly execute arbitrary code via a crafted Content-Length header, related to incorrect use of a %lu format string. | |||||
CVE-2008-0989 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2024-02-04 | 6.9 MEDIUM | N/A |
Format string vulnerability in mDNSResponderHelper in Apple Mac OS X 10.5.2 allows local users to execute arbitrary code via format string specifiers in the local hostname. |