Total
295 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-1251 | 1 Netrek | 1 Netrek Vanilla Server | 2018-10-16 | 9.3 HIGH | N/A |
| Format string vulnerability in the new_warning function in ntserv/warning.c for Netrek Vanilla Server 2.12.0, when EVENTLOG is enabled, allows remote attackers to cause a denial of service (crash) or execute arbitrary code via format string specifiers in the message handling. | |||||
| CVE-2007-0753 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2018-10-16 | 7.2 HIGH | N/A |
| Format string vulnerability in the VPN daemon (vpnd) in Apple Mac OS X 10.3.9 and 10.4.9 allows local users to execute arbitrary code via the -i parameter. | |||||
| CVE-2007-0454 | 3 Debian, Mandrakesoft, Samba | 5 Debian Linux, Mandrake Linux, Mandrake Linux Corporate Server and 2 more | 2018-10-16 | 7.5 HIGH | N/A |
| Format string vulnerability in the afsacl.so VFS module in Samba 3.0.6 through 3.0.23d allows context-dependent attackers to execute arbitrary code via format string specifiers in a filename on an AFS file system, which is not properly handled during Windows ACL mapping. | |||||
| CVE-2007-0051 | 1 Apple | 1 Iphoto | 2018-10-16 | 6.8 MEDIUM | N/A |
| Format string vulnerability in Apple iPhoto 6.0.5 (316), and other versions before 6.0.6, allows remote user-assisted attackers to execute arbitrary code via a crafted photocast with format string specifiers in the title of an RSS iPhoto feed. | |||||
| CVE-2008-0945 | 1 Ipswitch | 2 Imserver, Instant Messaging | 2018-10-15 | 3.5 LOW | N/A |
| Format string vulnerability in the logging function in the IM Server (aka IMserve or IMserver) in Ipswitch Instant Messaging (IM) 2.0.8.1 and earlier allows remote authenticated users to cause a denial of service (daemon crash) and possibly have unspecified other impact via format string specifiers in an IP address field. | |||||
| CVE-2008-0764 | 1 Larson Software Technology | 1 Network Print Server | 2018-10-15 | 10.0 HIGH | N/A |
| Format string vulnerability in the logging function in Larson Network Print Server (LstNPS) 9.4.2 build 105 and earlier for Windows might allow remote attackers to execute arbitrary code via format string specifiers in a USEP command on TCP port 3114. | |||||
| CVE-2008-0755 | 1 Cyan Soft | 6 Cyanprintip Basic, Cyanprintip Easy Opi, Cyanprintip Professional and 3 more | 2018-10-15 | 7.5 HIGH | N/A |
| Format string vulnerability in the ReportSysLogEvent function in the LPD server in cyan soft Opium OPI Server 4.10.1028 and earlier; cyanPrintIP Easy OPI, Professional, and Basic 4.10.1030 and earlier; Workstation 4.10.836 and earlier; and Standard 4.10.940 and earlier; might allow remote attackers to execute arbitrary code via format string specifiers in the queue name in a request. | |||||
| CVE-2008-0072 | 2 Gnome, Linux | 2 Evolution, Linux Kernel | 2018-10-15 | 6.8 MEDIUM | N/A |
| Format string vulnerability in the emf_multipart_encrypted function in mail/em-format.c in Evolution 2.12.3 and earlier allows remote attackers to execute arbitrary code via a crafted encrypted message, as demonstrated using the Version field. | |||||
| CVE-2007-6183 | 1 Ruby Gnome2 | 1 Ruby Gnome2 | 2018-10-15 | 6.8 MEDIUM | N/A |
| Format string vulnerability in the mdiag_initialize function in gtk/src/rbgtkmessagedialog.c in Ruby-GNOME 2 (aka Ruby/Gnome2) 0.16.0, and SVN versions before 20071127, allows context-dependent attackers to execute arbitrary code via format string specifiers in the message parameter. | |||||
| CVE-2007-5825 | 1 Firefly | 1 Media Server | 2018-10-15 | 7.5 HIGH | N/A |
| Format string vulnerability in the ws_addarg function in webserver.c in mt-dappd in Firefly Media Server 0.2.4 and earlier allows remote attackers to execute arbitrary code via a stats method action to /xml-rpc with format string specifiers in the (1) username or (2) password portion of base64-encoded data on the "Authorization: Basic" HTTP header line. | |||||
| CVE-2007-5740 | 1 Vergenet | 1 Perdition Mail Retrieval Proxy | 2018-10-15 | 7.5 HIGH | N/A |
| The format string protection mechanism in IMAPD for Perdition Mail Retrieval Proxy 1.17 and earlier allows remote attackers to execute arbitrary code via an IMAP tag with a null byte followed by a format string specifier, which is not counted by the mechanism. | |||||
| CVE-2007-5545 | 1 Tibco | 1 Smart Pgm Fx | 2018-10-15 | 7.5 HIGH | N/A |
| Format string vulnerability in TIBCO SmartPGM FX allows remote attackers to execute arbitrary code via format string specifiers in unspecified vectors. NOTE: as of 20071016, the only disclosure is a vague pre-advisory with no actionable information. However, since it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes. | |||||
| CVE-2007-5184 | 1 Smbftpd | 1 Smbftpd | 2018-10-15 | 7.5 HIGH | N/A |
| Format string vulnerability in the SMBDirList function in dirlist.c in SmbFTPD 0.96 allows remote attackers to execute arbitrary code via format string specifiers in a directory name. | |||||
| CVE-2007-5262 | 1 Battlefront | 1 Dropteam | 2018-10-15 | 7.5 HIGH | N/A |
| Multiple format string vulnerabilities in Battlefront Dropteam 1.3.3 and earlier allow remote attackers to execute arbitrary code via format string specifiers in the (1) username, (2) password, and (3) nickname fields in a "0x01" packet. | |||||
| CVE-2007-5265 | 1 Dawnoftime | 1 Dawn Of Time | 2018-10-15 | 7.5 HIGH | N/A |
| Multiple format string vulnerabilities in websrv.cpp in Dawn of Time 1.69s beta4 and earlier allow remote attackers to execute arbitrary code via format string specifiers in the (1) username or (2) password fields when accessing certain "restricted zones", which are not properly handled by the (a) processWebHeader and (b) filterWebRequest functions. | |||||
| CVE-2007-5248 | 2 Id Software, Take2games | 3 Doom 3, Quake 4, Prey | 2018-10-15 | 9.3 HIGH | N/A |
| Multiple format string vulnerabilities in the ID Software Doom 3 engine, as used by Doom 3 1.3.1 and earlier, Quake 4 1.4.2 and earlier, and Prey 1.3 and earlier, when Punkbuster (PB) is enabled, allow remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via format string specifiers in (1) a PB_Y packet to the YPG server or (2) a PB_U packet to UCON. NOTE: this issue might be in Punkbuster itself, but there are insufficient details to be certain. | |||||
| CVE-2007-5247 | 1 Monolith Productions | 1 First Encounter Assault Recon | 2018-10-15 | 9.3 HIGH | N/A |
| Multiple format string vulnerabilities in the Monolith Lithtech engine, as used by First Encounter Assault Recon (F.E.A.R.) 1.08 and earlier, when Punkbuster (PB) is enabled, allow remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via format string specifiers in (1) a PB_Y packet to the YPG server on UDP port 27888 or (2) a PB_U packet to UCON on UDP port 27888, different vectors than CVE-2004-1500. NOTE: this issue might be in Punkbuster itself, but there are insufficient details to be certain. | |||||
| CVE-2007-4754 | 1 Cor Entertainment | 1 Alien Arena 2007 | 2018-10-15 | 7.5 HIGH | N/A |
| Format string vulnerability in the safe_bprintf function in acesrc/acebot_cmds.c in Alien Arena 2007 6.10 and earlier allows remote attackers to cause a denial of service (daemon crash) via format string specifiers in a nickname. | |||||
| CVE-2009-0538 | 1 Symantec | 1 Pcanywhere | 2018-10-11 | 4.6 MEDIUM | N/A |
| Format string vulnerability in Symantec pcAnywhere before 12.5 SP1 allows local users to read and modify arbitrary memory locations, and cause a denial of service (application crash) or possibly have unspecified other impact, via format string specifiers in the pathname of a remote control file (aka .CHF file). | |||||
| CVE-2008-6441 | 1 Epicgames | 1 Unreal Engine | 2018-10-11 | 9.3 HIGH | N/A |
| Format string vulnerability in the Epic Games Unreal engine client, as used in multiple games, allows remote servers to execute arbitrary code via (1) the CLASS parameter in a DLMGR command, (2) a malformed package (PKG), and possibly (3) the LEVEL parameter in a WELCOME command. | |||||