CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Related To CWE-134

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2014-1683 134 2 Exec Code 2014-01-29 2014-02-21
6.8
None Remote Medium Not required Partial Partial Partial
The bashMail function in cms/data/skins/techjunkie/fragments/contacts/functions.php in SkyBlueCanvas CMS before 1.1 r248-04, when the pid parameter is 4, allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) name, (2) email, (3) subject, or (4) message parameter to index.php, when the pid parameter is 4.
2 CVE-2014-1315 134 DoS Exec Code 2014-04-23 2014-04-23
6.8
None Remote Medium Not required Partial Partial Partial
Format string vulnerability in CoreServicesUIAgent in Apple OS X 10.9.x through 10.9.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via format string specifiers in a URL.
3 CVE-2013-7386 134 DoS Exec Code 2014-06-02 2014-06-03
5.0
None Remote Low Not required None None Partial
Format string vulnerability in the PROJECT::write_account_file function in client/cs_account.cpp in BOINC, possibly 7.2.33, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via format string specifiers in the gui_urls item in an account file.
4 CVE-2013-6809 134 DoS Exec Code 2013-12-13 2013-12-16
5.0
None Remote Low Not required None None Partial
Format string vulnerability in the client in Tftpd32 before 4.50 allows remote servers to cause a denial of service (crash) or possibly execute arbitrary code via format string specifiers in the Remote File field.
5 CVE-2013-5135 134 Exec Code 2013-10-23 2013-10-24
7.5
None Remote Low Not required Partial Partial Partial
Format string vulnerability in Screen Sharing Server in Apple Mac OS X before 10.9 and Apple Remote Desktop before 3.5.4 allows remote attackers to execute arbitrary code via format string specifiers in a VNC username.
6 CVE-2013-4389 134 DoS 2013-10-16 2014-04-01
4.3
None Remote Medium Not required None None Partial
Multiple format string vulnerabilities in log_subscriber.rb files in the log subscriber component in Action Mailer in Ruby on Rails 3.x before 3.2.15 allow remote attackers to cause a denial of service via a crafted e-mail address that is improperly handled during construction of a log message.
7 CVE-2013-4258 134 DoS Exec Code 2013-10-09 2013-10-23
7.5
None Remote Low Not required Partial Partial Partial
Format string vulnerability in the osLogMsg function in server/os/aulog.c in Network Audio System (NAS) 1.9.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in unspecified vectors, related to syslog.
8 CVE-2013-4147 134 DoS Exec Code 2013-08-09 2013-08-13
7.5
None Remote Low Not required Partial Partial Partial
Multiple format string vulnerabilities in Yet Another Radius Daemon (YARD RADIUS) 1.1.2 allow context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via format string specifiers in a request in the (1) log_msg function in log.c or (2) version or (3) build_version function in version.c.
9 CVE-2013-3560 134 DoS 2013-05-24 2013-12-05
5.0
None Remote Low Not required None None Partial
The dissect_dsmcc_un_download function in epan/dissectors/packet-mpeg-dsmcc.c in the MPEG DSM-CC dissector in Wireshark 1.8.x before 1.8.7 uses an incorrect format string, which allows remote attackers to cause a denial of service (application crash) via a malformed packet.
10 CVE-2013-2852 134 +Priv 2013-06-07 2014-02-06
6.9
None Local Medium Not required Complete Complete Complete
Format string vulnerability in the b43_request_firmware function in drivers/net/wireless/b43/main.c in the Broadcom B43 wireless driver in the Linux kernel through 3.9.4 allows local users to gain privileges by leveraging root access and including format string specifiers in an fwpostfix modprobe parameter, leading to improper construction of an error message.
11 CVE-2013-2851 134 +Priv 2013-06-07 2014-03-26
6.0
None Local High Single system Complete Complete Complete
Format string vulnerability in the register_disk function in block/genhd.c in the Linux kernel through 3.9.4 allows local users to gain privileges by leveraging root access and writing format string specifiers to /sys/module/md_mod/parameters/new_array in order to create a crafted /dev/md device name.
12 CVE-2013-1886 134 DoS Exec Code 2014-01-24 2014-01-24
7.5
None Remote Low Not required Partial Partial Partial
Format string vulnerability in the token processing system (pki-tps) in Red Hat Certificate System (RHCS) 8.1 and possibly Dogtag Certificate System 9 and 10 allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in unspecified vectors, related to viewing certificates.
13 CVE-2013-0929 134 Exec Code 2013-01-21 2013-01-22
7.6
None Remote High Not required Complete Complete Complete
Format string vulnerability in the _vsnsprintf function in rrobotd.exe in the Device Manager in EMC AlphaStor 4.0 before build 800 allows remote attackers to execute arbitrary code via format string specifiers in a command.
14 CVE-2012-4426 134 DoS Exec Code 2012-11-21 2012-11-23
6.8
None Remote Medium Not required Partial Partial Partial
Multiple format string vulnerabilities in mcrypt 2.6.8 and earlier might allow user-assisted remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via vectors involving (1) errors.c or (2) mcrypt.c.
15 CVE-2012-3569 134 Exec Code 2012-11-14 2013-08-17
9.3
None Remote Medium Not required Complete Complete Complete
Format string vulnerability in VMware OVF Tool 2.1 on Windows, as used in VMware Workstation 8.x before 8.0.5, VMware Player 4.x before 4.0.5, and other products, allows user-assisted remote attackers to execute arbitrary code via a crafted OVF file.
16 CVE-2012-2369 134 Exec Code 2012-05-23 2013-04-04
7.5
None Remote Low Not required Partial Partial Partial
Format string vulnerability in the log_message_cb function in otr-plugin.c in the Off-the-Record Messaging (OTR) pidgin-otr plugin before 3.2.1 for Pidgin might allow remote attackers to execute arbitrary code via format string specifiers in data that generates a log message.
17 CVE-2012-2288 134 Exec Code 2012-09-04 2013-03-05
9.3
None Remote Medium Not required Complete Complete Complete
Format string vulnerability in the nsrd RPC service in EMC NetWorker 7.6.3 and 7.6.4 before 7.6.4.1, and 8.0 before 8.0.0.1, allows remote attackers to execute arbitrary code via format string specifiers in a message.
18 CVE-2012-2090 134 DoS Exec Code 2012-06-16 2012-12-20
9.3
None Remote Medium Not required Complete Complete Complete
Multiple format string vulnerabilities in FlightGear 2.6 and earlier and SimGear 2.6 and earlier allow user-assisted remote attackers to cause a denial of service and possibly execute arbitrary code via format string specifiers in certain data chunk values in an aircraft xml model to (1) fgfs/flightgear/src/Cockpit/panel.cxx or (2) fgfs/flightgear/src/Network/generic.cxx, or (3) a scene graph model to simgear/simgear/scene/model/SGText.cxx.
19 CVE-2012-1851 134 Exec Code 2012-08-14 2013-11-02
10.0
None Remote Low Not required Complete Complete Complete
Format string vulnerability in the Print Spooler service in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted response, aka "Print Spooler Service Format String Vulnerability."
20 CVE-2012-1152 134 DoS 2012-09-09 2013-04-01
5.0
None Remote Low Not required None None Partial
Multiple format string vulnerabilities in the error reporting functionality in the YAML::LibYAML (aka YAML-LibYAML and perl-YAML-LibYAML) module 0.38 for Perl allow remote attackers to cause a denial of service (process crash) via format string specifiers in a (1) YAML stream to the Load function, (2) YAML node to the load_node function, (3) YAML mapping to the load_mapping function, or (4) YAML sequence to the load_sequence function.
21 CVE-2012-1151 134 DoS 2012-09-09 2013-04-04
5.0
None Remote Low Not required None None Partial
Multiple format string vulnerabilities in dbdimp.c in DBD::Pg (aka DBD-Pg or libdbd-pg-perl) module before 2.19.0 for Perl allow remote PostgreSQL database servers to cause a denial of service (process crash) via format string specifiers in (1) a crafted database warning to the pg_warn function or (2) a crafted DBD statement to the dbd_st_prepare function.
22 CVE-2012-0809 134 Exec Code 2012-01-31 2012-02-01
7.2
Admin Local Low Not required Complete Complete Complete
Format string vulnerability in the sudo_debug function in Sudo 1.8.0 through 1.8.3p1 allows local users to execute arbitrary code via format string sequences in the program name for sudo.
23 CVE-2012-0646 134 Exec Code 2012-03-08 2012-03-09
9.3
None Remote Medium Not required Complete Complete Complete
Format string vulnerability in VPN in Apple iOS before 5.1 allows remote attackers to execute arbitrary code via a crafted racoon configuration file.
24 CVE-2012-0242 134 Exec Code 2012-02-21 2012-02-21
10.0
None Remote Low Not required Complete Complete Complete
Format string vulnerability in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to execute arbitrary code via format string specifiers in a message string.
25 CVE-2011-4930 134 DoS Exec Code 2014-02-10 2014-02-10
4.4
None Local Medium Not required Partial Partial Partial
Multiple format string vulnerabilities in Condor 7.2.0 through 7.6.4, and possibly certain 7.7.x versions, as used in Red Hat MRG Grid and possibly other products, allow local users to cause a denial of service (condor_schedd daemon and failure to launch jobs) and possibly execute arbitrary code via format string specifiers in (1) the reason for a hold for a job that uses an XML user log, (2) the filename of a file to be transferred, and possibly other unspecified vectors.
26 CVE-2011-4357 134 DoS Exec Code 2011-12-10 2011-12-12
7.5
None Remote Low Not required Partial Partial Partial
Format string vulnerability in the p_cgi_error function in python/neo_cgi.c in the Python CGI Kit (neo_cgi) module for Clearsilver 0.10.5 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers that are not properly handled when creating CGI error messages using the cgi_error API function.
27 CVE-2011-2475 134 Exec Code 2011-06-09 2011-06-14
10.0
None Remote Low Not required Complete Complete Complete
Format string vulnerability in ECTrace.dll in the iMailGateway service in the Internet Mail Gateway in OneBridge Server and DMZ Proxy in Sybase OneBridge Mobile Data Suite 5.5 and 5.6 allows remote attackers to execute arbitrary code via format string specifiers in unspecified string fields, related to authentication logging.
28 CVE-2011-1764 134 DoS Exec Code 2011-10-04 2014-02-20
7.5
None Remote Low Not required Partial Partial Partial
Format string vulnerability in the dkim_exim_verify_finish function in src/dkim.c in Exim before 4.76 might allow remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via format string specifiers in data used in DKIM logging, as demonstrated by an identity field containing a % (percent) character.
29 CVE-2011-1568 134 1 DoS Exec Code 2011-04-05 2011-09-21
10.0
None Remote Low Not required Complete Complete Complete
Format string vulnerability in the logText function in shmemmgr9.dll in IGSSdataServer.exe 9.00.00.11074, and 9.00.00.11063 and earlier, in 7-Technologies Interactive Graphical SCADA System (IGSS) allows remote attackers to cause a denial of service and possibly execute arbitrary code, as demonstrated using the RMS Reports Delete command, related to the logging of messages to GSST.LOG. NOTE: some of these details are obtained from third party information.
30 CVE-2011-1153 134 DoS Exec Code Mem. Corr. +Info 2011-03-16 2011-10-20
7.5
None Remote Low Not required Partial Partial Partial
Multiple format string vulnerabilities in phar_object.c in the phar extension in PHP 5.3.5 and earlier allow context-dependent attackers to obtain sensitive information from process memory, cause a denial of service (memory corruption), or possibly execute arbitrary code via format string specifiers in an argument to a class method, leading to an incorrect zend_throw_exception_ex call.
31 CVE-2011-0270 134 Exec Code 2011-01-13 2011-01-22
10.0
None Remote Low Not required Complete Complete Complete
Format string vulnerability in nnmRptConfig.exe in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via format string specifiers in input data that involves an invalid template name.
32 CVE-2011-0185 134 +Priv 2011-10-14 2012-01-13
4.4
None Local Medium Not required Partial Partial Partial
Format string vulnerability in the debug-logging feature in Application Firewall in Apple Mac OS X before 10.7.2 allows local users to gain privileges via a crafted name of an executable file.
33 CVE-2011-0173 134 DoS Exec Code 2011-03-22 2011-03-24
6.8
None Remote Medium Not required Partial Partial Partial
Multiple format string vulnerabilities in AppleScript in Apple Mac OS X before 10.6.7 allow context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via format string specifiers in a (1) display dialog or (2) display alert command in a dialog in an AppleScript Studio application.
34 CVE-2010-4235 134 Exec Code 2011-04-04 2011-04-06
10.0
None Remote Low Not required Complete Complete Complete
Format string vulnerability in RealNetworks Helix Server 12.x, 13.x, and 14.x before 14.2, and Helix Mobile Server 12.x, 13.x, and 14.x before 14.2, allows remote attackers to execute arbitrary code via vectors related to the x-wap-profile HTTP header.
35 CVE-2010-4013 134 DoS Exec Code 2011-01-10 2011-01-20
6.8
None Remote Medium Not required Partial Partial Partial
Format string vulnerability in PackageKit in Apple Mac OS X 10.6.x before 10.6.6 allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to interaction between Software Update and distribution scripts.
36 CVE-2010-2950 134 Exec Code +Info 2010-09-28 2011-05-03
6.8
None Remote Medium Not required Partial Partial Partial
Format string vulnerability in stream.c in the phar extension in PHP 5.3.x through 5.3.3 allows context-dependent attackers to obtain sensitive information (memory contents) and possibly execute arbitrary code via a crafted phar:// URI that is not properly handled by the phar_stream_flush function, leading to errors in the php_stream_wrapper_log_error function. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-2094.
37 CVE-2010-2451 134 2010-06-29 2012-11-05
10.0
None Remote Low Not required Complete Complete Complete
Multiple format string vulnerabilities in the DCC functionality in KVIrc 3.4 and 4.0 have unspecified impact and remote attack vectors.
38 CVE-2010-2271 134 2010-06-15 2010-06-16
7.5
None Remote Low Not required Partial Partial Partial
Format string vulnerability in authcfg.cgi in Accoria Web Server (aka Rock Web Server) 1.4.7 allows remote attackers to have an unspecified impact via format string specifiers in the path (aka Password File) parameter.
39 CVE-2010-2094 134 Exec Code +Info 2010-05-27 2011-01-26
6.8
None Remote Medium Not required Partial Partial Partial
Multiple format string vulnerabilities in the phar extension in PHP 5.3 before 5.3.2 allow context-dependent attackers to obtain sensitive information (memory contents) and possibly execute arbitrary code via a crafted phar:// URI that is not properly handled by the (1) phar_stream_flush, (2) phar_wrapper_unlink, (3) phar_parse_url, or (4) phar_wrapper_open_url functions in ext/phar/stream.c; and the (5) phar_wrapper_open_dir function in ext/phar/dirstream.c, which triggers errors in the php_stream_wrapper_log_error function.
40 CVE-2010-1550 134 Exec Code 2010-05-13 2010-05-20
10.0
None Remote Low Not required Complete Complete Complete
Format string vulnerability in ovet_demandpoll.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via format string specifiers in the sel parameter.
41 CVE-2010-1376 134 DoS Exec Code 2010-06-17 2010-06-18
6.8
None Remote Medium Not required Partial Partial Partial
Multiple format string vulnerabilities in Network Authorization in Apple Mac OS X 10.6 before 10.6.4 allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via format string specifiers in a (1) afp, (2) cifs, or (3) smb URL.
42 CVE-2010-1139 134 +Priv 2010-04-12 2013-05-14
7.2
None Local Low Not required Complete Complete Complete
Format string vulnerability in vmrun in VMware VIX API 1.6.x, VMware Workstation 6.5.x before 6.5.4 build 246459, VMware Player 2.5.x before 2.5.4 build 246459, and VMware Server 2.x on Linux, and VMware Fusion 2.x before 2.0.7 build 246742, allows local users to gain privileges via format string specifiers in process metadata.
43 CVE-2010-1039 134 Exec Code 2010-05-20 2011-07-25
10.0
None Remote Low Not required Complete Complete Complete
Format string vulnerability in the _msgout function in rpc.pcnfsd in IBM AIX 6.1, 5.3, and earlier; IBM VIOS 2.1, 1.5, and earlier; NFS/ONCplus B.11.31_09 and earlier on HP HP-UX B.11.11, B.11.23, and B.11.31; and SGI IRIX 6.5 allows remote attackers to execute arbitrary code via an RPC request containing format string specifiers in an invalid directory name.
44 CVE-2010-0743 134 DoS 2010-04-08 2010-09-30
5.0
None Remote Low Not required None None Partial
Multiple format string vulnerabilities in isns.c in (1) Linux SCSI target framework (aka tgt or scsi-target-utils) 1.0.3, 0.9.5, and earlier and (2) iSCSI Enterprise Target (aka iscsitarget) 0.4.16 allow remote attackers to cause a denial of service (tgtd daemon crash) or possibly have unspecified other impact via vectors that involve the isns_attr_query and qry_rsp_handle functions, and are related to (a) client appearance and (b) client disappearance messages.
45 CVE-2010-0388 134 DoS 2010-01-25 2010-01-26
7.5
None Remote Low Not required Partial Partial Partial
Format string vulnerability in the WebDAV implementation in webservd in Sun Java System Web Server 7.0 Update 6 allows remote attackers to cause a denial of service (daemon crash) and possibly have unspecified other impact via format string specifiers in the encoding attribute of the XML declaration in a PROPFIND request.
46 CVE-2009-5141 134 1 DoS 2014-03-31 2014-04-01
4.0
None Remote Low Single system None None Partial
Format string vulnerability in War FTP Daemon (warftpd) 1.82 RC 12 allows remote authenticated users to cause a denial of service (crash) via format string specifiers in a LIST command.
47 CVE-2009-4811 134 DoS 2010-04-27 2013-05-14
5.0
None Remote Low Not required None None Partial
VMware Authentication Daemon 1.0 in vmware-authd.exe in the VMware Authorization Service in VMware Workstation 7.0 before 7.0.1 build 227600 and 6.5.x before 6.5.4 build 246459, VMware Player 3.0 before 3.0.1 build 227600 and 2.5.x before 2.5.4 build 246459, VMware ACE 2.6 before 2.6.1 build 227600 and 2.5.x before 2.5.4 build 246459, and VMware Server 2.x allows remote attackers to cause a denial of service (process crash) via a \x25\x90 sequence in the USER and PASS commands, a related issue to CVE-2009-3707. NOTE: some of these details are obtained from third party information.
48 CVE-2009-4775 134 1 DoS 2010-04-21 2010-04-22
4.3
None Remote Medium Not required None None Partial
Format string vulnerability in Ipswitch WS_FTP Professional 12 before 12.2 allows remote attackers to cause a denial of service (crash) via format string specifiers in the status code portion of an HTTP response.
49 CVE-2009-4769 134 2 Exec Code 2010-04-20 2010-06-07
9.3
None Remote Medium Not required Complete Complete Complete
Multiple format string vulnerabilities in the tolog function in httpdx 1.4, 1.4.5, 1.4.6, 1.4.6b, and 1.5 allow (1) remote attackers to execute arbitrary code via format string specifiers in a GET request to the HTTP server component when logging is enabled, and allow (2) remote authenticated users to execute arbitrary code via format string specifiers in a PWD command to the FTP server component.
50 CVE-2009-4014 134 2010-02-02 2010-02-03
7.5
None Remote Low Not required Partial Partial Partial
Multiple format string vulnerabilities in Lintian 1.23.x through 1.23.28, 1.24.x through 1.24.2.1, and 2.x before 2.3.2 allow remote attackers to have an unspecified impact via vectors involving (1) check scripts and (2) the Lintian::Schedule module.
Total number of vulnerabilities : 151   Page : 1 (This Page)2 3 4
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.