Vulnerabilities > Use of Externally-Controlled Format String
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2014-04-01 | CVE-2009-5141 | USE of Externally-Controlled Format String vulnerability in Jgaa Warftpd 1.8.2 Format string vulnerability in War FTP Daemon (warftpd) 1.82 RC 12 allows remote authenticated users to cause a denial of service (crash) via format string specifiers in a LIST command. | 4.0 |
2014-01-29 | CVE-2014-1683 | USE of Externally-Controlled Format String vulnerability in Skybluecanvas The bashMail function in cms/data/skins/techjunkie/fragments/contacts/functions.php in SkyBlueCanvas CMS before 1.1 r248-04, when the pid parameter is 4, allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) name, (2) email, (3) subject, or (4) message parameter to index.php. | 6.8 |
2014-01-24 | CVE-2013-1886 | USE of Externally-Controlled Format String vulnerability in Redhat Certificate System and Dogtag Certificate System Format string vulnerability in the token processing system (pki-tps) in Red Hat Certificate System (RHCS) 8.1 and possibly Dogtag Certificate System 9 and 10 allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in unspecified vectors, related to viewing certificates. | 7.5 |
2013-12-13 | CVE-2013-6809 | USE of Externally-Controlled Format String vulnerability in Philippe Jounin Tftpd32 Format string vulnerability in the client in Tftpd32 before 4.50 allows remote servers to cause a denial of service (crash) or possibly execute arbitrary code via format string specifiers in the Remote File field. | 5.0 |
2013-10-24 | CVE-2013-5135 | USE of Externally-Controlled Format String vulnerability in Apple Remote Desktop and mac OS X Format string vulnerability in Screen Sharing Server in Apple Mac OS X before 10.9 and Apple Remote Desktop before 3.5.4 allows remote attackers to execute arbitrary code via format string specifiers in a VNC username. | 7.5 |
2013-10-09 | CVE-2013-4258 | USE of Externally-Controlled Format String vulnerability in Radscan Network Audio System 1.9.3 Format string vulnerability in the osLogMsg function in server/os/aulog.c in Network Audio System (NAS) 1.9.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in unspecified vectors, related to syslog. | 7.5 |
2013-08-09 | CVE-2013-4147 | USE of Externally-Controlled Format String vulnerability in Yard Radius Project Yard Radius 1.1.24 Multiple format string vulnerabilities in Yet Another Radius Daemon (YARD RADIUS) 1.1.2 allow context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via format string specifiers in a request in the (1) log_msg function in log.c or (2) version or (3) build_version function in version.c. | 7.5 |
2013-05-25 | CVE-2013-3560 | USE of Externally-Controlled Format String vulnerability in multiple products The dissect_dsmcc_un_download function in epan/dissectors/packet-mpeg-dsmcc.c in the MPEG DSM-CC dissector in Wireshark 1.8.x before 1.8.7 uses an incorrect format string, which allows remote attackers to cause a denial of service (application crash) via a malformed packet. | 5.0 |
2013-01-21 | CVE-2013-0929 | USE of Externally-Controlled Format String vulnerability in EMC Alphastor 4.0 Format string vulnerability in the _vsnsprintf function in rrobotd.exe in the Device Manager in EMC AlphaStor 4.0 before build 800 allows remote attackers to execute arbitrary code via format string specifiers in a command. | 7.6 |
2012-11-21 | CVE-2012-4426 | USE of Externally-Controlled Format String vulnerability in Mcrypt Multiple format string vulnerabilities in mcrypt 2.6.8 and earlier might allow user-assisted remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via vectors involving (1) errors.c or (2) mcrypt.c. | 6.8 |