Vulnerabilities (CVE)

Filtered by CWE-134
Total 353 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2007-1251 1 Netrek 1 Netrek Vanilla Server 2025-04-09 9.3 HIGH N/A
Format string vulnerability in the new_warning function in ntserv/warning.c for Netrek Vanilla Server 2.12.0, when EVENTLOG is enabled, allows remote attackers to cause a denial of service (crash) or execute arbitrary code via format string specifiers in the message handling.
CVE-2008-1206 1 Linux Kiss Server 1 Linux Kiss Server 2025-04-09 6.8 MEDIUM N/A
Format string vulnerability in the log_message function in lks.c in Linux Kiss Server 1.2, when background (daemon) mode is disabled, allows remote attackers to cause a denial of service (crash) or execute arbitrary code via format string specifiers in an invalid command.
CVE-2008-1333 1 Asterisk 1 Open Source 2025-04-09 5.8 MEDIUM N/A
Format string vulnerability in Asterisk Open Source 1.6.x before 1.6.0-beta6 might allow remote attackers to execute arbitrary code via logging messages that are not properly handled by (1) the ast_verbose logging API call, or (2) the astman_append function.
CVE-2008-6519 1 Imatix 1 Xitami 2025-04-09 10.0 HIGH N/A
Format string vulnerability in Xitami Web Server 2.2a through 2.5c2, and possibly other versions, allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via format string specifiers in a Long Running Web Process (LRWP) request, which triggers incorrect logging code involving the sendfmt function in the SMT kernel.
CVE-2008-0072 2 Gnome, Linux 2 Evolution, Linux Kernel 2025-04-09 6.8 MEDIUM N/A
Format string vulnerability in the emf_multipart_encrypted function in mail/em-format.c in Evolution 2.12.3 and earlier allows remote attackers to execute arbitrary code via a crafted encrypted message, as demonstrated using the Version field.
CVE-2008-0764 1 Larson Software Technology 1 Network Print Server 2025-04-09 10.0 HIGH N/A
Format string vulnerability in the logging function in Larson Network Print Server (LstNPS) 9.4.2 build 105 and earlier for Windows might allow remote attackers to execute arbitrary code via format string specifiers in a USEP command on TCP port 3114.
CVE-2007-4708 1 Apple 1 Mac Os X 2025-04-09 9.3 HIGH N/A
Format string vulnerability in Address Book in Apple Mac OS X 10.4.11 allows remote attackers to execute arbitrary code via the URL handler.
CVE-2008-0965 1 Sun 3 Opensolaris, Solaris, Sunos 2025-04-09 9.3 HIGH N/A
Multiple format string vulnerabilities in snoop on Sun Solaris 8 through 10 and OpenSolaris before snv_96, when the -o option is omitted, allow remote attackers to execute arbitrary code via format string specifiers in an SMB packet.
CVE-2008-5660 1 Gnome 1 Vinagre 2025-04-09 6.8 MEDIUM N/A
Format string vulnerability in the vinagre_utils_show_error function (src/vinagre-utils.c) in Vinagre 0.5.x before 0.5.2 and 2.x before 2.24.2 might allow remote attackers to execute arbitrary code via format string specifiers in a crafted URI or VNC server response.
CVE-2008-3871 1 Ezbsystems 1 Ultraiso 2025-04-09 9.3 HIGH N/A
Multiple format string vulnerabilities in UltraISO 9.3.1.2633, and possibly other versions before 9.3.3.2685, allow user-assisted attackers to execute arbitrary code via format string specifiers in the filename of a (1) DAA or (2) ISZ file.
CVE-2008-1357 1 Mcafee 4 Agent, Cma, Epolicy Orchestrator and 1 more 2025-04-09 5.4 MEDIUM N/A
Format string vulnerability in the logDetail function of applib.dll in McAfee Common Management Agent (CMA) 3.6.0.574 (Patch 3) and earlier, as used in ePolicy Orchestrator 4.0.0 build 1015, allows remote attackers to cause a denial of service (crash) or execute arbitrary code via format string specifiers in a sender field in an AgentWakeup request to UDP port 8082. NOTE: this issue only exists when the debug level is 8.
CVE-2007-5184 1 Smbftpd 1 Smbftpd 2025-04-09 7.5 HIGH N/A
Format string vulnerability in the SMBDirList function in dirlist.c in SmbFTPD 0.96 allows remote attackers to execute arbitrary code via format string specifiers in a directory name.
CVE-2008-1658 1 Freedesktop 1 Policykit 2025-04-09 4.6 MEDIUM N/A
Format string vulnerability in the grant helper (polkit-grant-helper.c) in PolicyKit 0.7 and earlier allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via format strings in a password.
CVE-2009-0601 6 Apple, Freebsd, Linux and 3 more 6 Mac Os X, Freebsd, Linux Kernel and 3 more 2025-04-09 2.1 LOW N/A
Format string vulnerability in Wireshark 0.99.8 through 1.0.5 on non-Windows platforms allows local users to cause a denial of service (application crash) via format string specifiers in the HOME environment variable.
CVE-2008-1127 1 Crytek 1 Crysis 2025-04-09 6.0 MEDIUM N/A
Format string vulnerability in the cryactio function in Crysis 1.1.1.5879 allows remote authenticated users to execute arbitrary code via format string specifiers in the user name, which is triggered when the game character is killed.
CVE-2007-5396 1 Miranda-im 1 Miranda Im 2025-04-09 6.8 MEDIUM N/A
Format string vulnerability in the ext_yahoo_contact_added function in yahoo.c in Miranda IM 0.7.1 allows remote attackers to execute arbitrary code via a Y7 Buddy Authorization packet with format string specifiers in the contact Yahoo! handle (who).
CVE-2008-1401 1 Mg-soft 1 Net Inspector 2025-04-09 4.3 MEDIUM N/A
Format string vulnerability in the Net Inspector HTTP server (mghttpd) in MG-SOFT Net Inspector 6.5.0.828 and earlier for Windows allows remote attackers to execute arbitrary code via format string specifiers in the URI, which is recorded in a log file.
CVE-2008-1705 1 Ibm 1 Soliddb 2025-04-09 6.8 MEDIUM N/A
Format string vulnerability in the logging function in IBM solidDB 06.00.1018 and earlier allows remote attackers to execute arbitrary code via format string specifiers in the (1) user name, (2) peer name, and possibly unspecified other fields.
CVE-2008-6441 1 Epicgames 1 Unreal Engine 2025-04-09 9.3 HIGH N/A
Format string vulnerability in the Epic Games Unreal engine client, as used in multiple games, allows remote servers to execute arbitrary code via (1) the CLASS parameter in a DLMGR command, (2) a malformed package (PKG), and possibly (3) the LEVEL parameter in a WELCOME command.
CVE-2006-6751 1 Dxmsoft 1 Xm Easy Personal Ftp Server 2025-04-09 5.0 MEDIUM N/A
Format string vulnerability in XM Easy Personal FTP Server 5.2.1 allows remote attackers to cause a denial of service (application crash) via format string specifiers in the USER command or certain other available or nonexistent commands. NOTE: It was later reported that 5.3.0 is also vulnerable.