Format string vulnerability in the administration function in Cisco Secure Access Control Server (ACS) for Windows, 2.6.x and earlier and 3.x through 3.01 (build 40), allows remote attackers to crash the CSADMIN module only (denial of service of administration function) or execute arbitrary code via format strings in the URL to port 2002.
Max CVSS
7.5
EPSS Score
2.21%
Published
2002-04-22
Updated
2016-10-18
The calendar module in phpWebSite 0.9.x and earlier allows remote attackers to cause a denial of service (crash) via a long year parameter.
Max CVSS
7.8
EPSS Score
0.33%
Published
2003-10-20
Updated
2016-10-18
Format string vulnerability in AMX 0.9.2 and earlier, a plugin for Valve Software's Half-Life Server, allows remote attackers to execute arbitrary commands via format string specifiers in the amx_say command.
Max CVSS
6.8
EPSS Score
1.84%
Published
2003-12-31
Updated
2017-07-29
Multiple format string vulnerabilities in (1) neon 0.24.4 and earlier, and other products that use neon including (2) Cadaver, (3) Subversion, and (4) OpenOffice, allow remote malicious WebDAV servers to execute arbitrary code.
Max CVSS
6.8
EPSS Score
0.61%
Published
2004-06-01
Updated
2020-10-13
Format string vulnerability in the auth_debug function in Courier-IMAP 1.6.0 through 2.2.1 and 3.x through 3.0.3, when login debugging (DEBUG_LOGIN) is enabled, allows remote attackers to execute arbitrary code.
Max CVSS
7.5
EPSS Score
8.29%
Published
2004-10-20
Updated
2017-07-11
Format string vulnerability in log.c in rssh before 2.2.2 allows remote authenticated users to execute arbitrary code.
Max CVSS
9.0
EPSS Score
0.56%
Published
2004-10-23
Updated
2020-12-08
Format string vulnerability in the LogMsg function in sercd before 2.3.1 and sredird 2.2.1 and earlier allows remote attackers to execute arbitrary code via format string specifiers passed from the HandleCPCCommand function.
Max CVSS
7.5
EPSS Score
12.66%
Published
2004-12-31
Updated
2017-07-11
Unspecified vulnerability in Window Maker 0.80.2 and earlier allows attackers to perform unknown actions via format string specifiers in a font specification in WMGLOBAL, probably a format string vulnerability.
Max CVSS
6.0
EPSS Score
0.20%
Published
2004-12-31
Updated
2017-07-29
Format string vulnerability in cgi.c for Monkey daemon (monkeyd) before 0.9.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via an HTTP GET request containing double-encoded format string specifiers (aka "double expansion error").
Max CVSS
7.5
EPSS Score
2.50%
Published
2005-04-14
Updated
2020-03-26
Format string vulnerability in the logging functionality in BitDefender AntiVirus 7.2 through 9 allows remote attackers to cause a denial of service and possibly execute arbitrary code via format string specifiers in file or directory name.
Max CVSS
7.5
EPSS Score
12.51%
Published
2005-10-05
Updated
2016-09-30
Multiple format string vulnerabilities in logging functions in mod_auth_pgsql before 2.0.3, when used for user authentication against a PostgreSQL database, allows remote unauthenticated attackers to execute arbitrary code, as demonstrated via the username.
Max CVSS
10.0
EPSS Score
7.82%
Published
2005-12-31
Updated
2018-10-03
Format string vulnerability in the SetImageInfo function in image.c for ImageMagick 6.2.3 and other versions, and GraphicsMagick, allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a numeric format string specifier such as %d in the file name, a variant of CVE-2005-0397, and as demonstrated using the convert program.
Max CVSS
5.1
EPSS Score
1.74%
Published
2006-01-04
Updated
2018-10-19
Multiple format string vulnerabilities in the auth_ldap_log_reason function in Apache auth_ldap 1.6.0 and earlier allows remote attackers to execute arbitrary code via various vectors, including the username.
Max CVSS
7.5
EPSS Score
17.21%
Published
2006-01-09
Updated
2018-10-19
Format string vulnerability in the error-reporting feature in the mysqli extension in PHP 5.1.0 and 5.1.1 might allow remote attackers to execute arbitrary code via format string specifiers in MySQL error messages.
Max CVSS
9.3
EPSS Score
11.77%
Published
2006-01-13
Updated
2018-10-30
Format string vulnerability in a logging function as used by various SFTP servers, including (1) AttachmateWRQ Reflection for Secure IT UNIX Server before 6.0.0.9, (2) Reflection for Secure IT Windows Server before 6.0 build 38, (3) F-Secure SSH Server for Windows before 5.3 build 35, (4) F-Secure SSH Server for UNIX 3.0 through 5.0.8, (5) SSH Tectia Server 4.3.6 and earlier and 4.4.0, and (6) SSH Shell Server 3.2.9 and earlier, allows remote authenticated users to execute arbitrary commands via unspecified vectors, involving crafted filenames and the stat command.
Max CVSS
6.5
EPSS Score
1.61%
Published
2006-02-15
Updated
2017-07-20
Format string vulnerability in LocalSyslogAppender in Apache log4net 1.2.9 might allow remote attackers to cause a denial of service (memory corruption and termination) via unknown vectors.
Max CVSS
5.0
EPSS Score
2.41%
Published
2006-03-09
Updated
2017-07-20
Format string vulnerability in PunkBuster 1.180 and earlier, as used by Soldier of Fortune II and possibly other games, allows remote attackers to cause a denial of service (server crash) and possibly execute arbitrary code via format string specifiers in invalid cvar values, which are not properly handled when the server kicks the player and records the reason.
Max CVSS
6.4
EPSS Score
9.29%
Published
2006-02-18
Updated
2018-10-19
Format string vulnerability in the CF_syslog function launchd in Apple Mac OS X 10.4 up to 10.4.6 allows local users to execute arbitrary code via format string specifiers that are not properly handled in a syslog call in the logging facility, as demonstrated by using a crafted plist file.
Max CVSS
4.6
EPSS Score
1.71%
Published
2006-06-27
Updated
2018-10-18
Multiple format string vulnerabilities in the logging code in Clam AntiVirus (ClamAV) before 0.88.1 might allow remote attackers to execute arbitrary code. NOTE: as of 20060410, it is unclear whether this is a vulnerability, as there is some evidence that the arguments are actually being sanitized properly.
Max CVSS
10.0
EPSS Score
8.93%
Published
2006-04-06
Updated
2017-07-20
Multiple format string vulnerabilities in Empire Server before 4.3.1 allow attackers to cause a denial of service (crash) via the (1) load, (2) spy and (3) bomb functions.
Max CVSS
6.4
EPSS Score
0.50%
Published
2006-04-19
Updated
2017-07-20
Format string vulnerability in the raydium_log function in console.c in Raydium before SVN revision 310 allows local users to execute arbitrary code via format string specifiers in the format parameter, which are not properly handled in a call to raydium_console_line_add.
Max CVSS
4.6
EPSS Score
1.71%
Published
2006-05-16
Updated
2018-10-18
Multiple unspecified format string vulnerabilities in Dia have unspecified impact and attack vectors, a different set of issues than CVE-2006-2480.
Max CVSS
7.5
EPSS Score
2.55%
Published
2006-05-28
Updated
2018-10-03
Format string vulnerability in Dia 0.94 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code by triggering errors or warnings, as demonstrated via format string specifiers in a .bmp filename. NOTE: the original exploit was demonstrated through a command line argument, but there are other mechanisms for input that are automatically processed by Dia, such as a crafted .dia file.
Max CVSS
5.1
EPSS Score
1.84%
Published
2006-05-19
Updated
2018-10-03
Format string vulnerability in time.cc in MySQL Server 4.1 before 4.1.21 and 5.0 before 1 April 2006 allows remote authenticated users to cause a denial of service (crash) via a format string instead of a date as the first parameter to the date_format function, which is later used in a formatted print call to display the error message.
Max CVSS
4.0
EPSS Score
93.18%
Published
2006-07-21
Updated
2019-12-17
Format string vulnerability in the WriteText function in agl_text.cpp in Milan Mimica Sparklet 0.9.4 and earlier allows remote attackers to execute arbitrary code via format string specifiers in a player nickname.
Max CVSS
10.0
EPSS Score
13.81%
Published
2006-07-13
Updated
2018-10-18
323 vulnerabilities found
1 2 3 4 5 6 7 8 9 10 11 12 13
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!