Vulnerabilities > Use of Externally-Controlled Format String
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2010-01-25 | CVE-2010-0388 | USE of Externally-Controlled Format String vulnerability in SUN Java System web Server 7.0 Format string vulnerability in the WebDAV implementation in webservd in Sun Java System Web Server 7.0 Update 6 allows remote attackers to cause a denial of service (daemon crash) and possibly have unspecified other impact via format string specifiers in the encoding attribute of the XML declaration in a PROPFIND request. | 7.5 |
2009-10-11 | CVE-2009-3663 | USE of Externally-Controlled Format String vulnerability in Jasper Httpdx 1.4 Format string vulnerability in the h_readrequest function in http.c in httpdx Web Server 1.4 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via format string specifiers in the Host header. | 10.0 |
2009-09-22 | CVE-2009-3294 | Use of Externally-Controlled Format String vulnerability in PHP The popen API function in TSRM/tsrm_win32.c in PHP before 5.2.11 and 5.3.x before 5.3.1, when running on certain Windows operating systems, allows context-dependent attackers to cause a denial of service (crash) via a crafted (1) "e" or (2) "er" string in the second argument (aka mode), possibly related to the _fdopen function in the Microsoft C runtime library. | 5.0 |
2009-09-21 | CVE-2009-3275 | USE of Externally-Controlled Format String vulnerability in Microsoft Enterprise Library 3.1/4.0/4.1 Blocks/Common/Src/Configuration/Manageability/Adm/AdmContentBuilder.cs in Microsoft patterns & practices Enterprise Library (aka EntLib) allows context-dependent attackers to cause a denial of service (CPU consumption) via an input string composed of many \ (backslash) characters followed by a " (double quote), related to a certain regular expression, aka a "ReDoS" vulnerability. | 5.0 |
2009-09-14 | CVE-2008-7228 | USE of Externally-Controlled Format String vulnerability in White Dune White Dune Multiple format string vulnerabilities in White_Dune before 0.29beta851 have unspecified impact and attack vectors, a different vulnerability than CVE-2008-0101. | 10.0 |
2009-09-10 | CVE-2009-3163 | USE of Externally-Controlled Format String vulnerability in Silcnet Silc Client and Silc Toolkit Multiple format string vulnerabilities in lib/silcclient/command.c in Secure Internet Live Conferencing (SILC) Toolkit before 1.1.10, and SILC Client 1.1.8 and earlier, allow remote attackers to execute arbitrary code via format string specifiers in a channel name, related to (1) silc_client_command_topic, (2) silc_client_command_kick, (3) silc_client_command_leave, and (4) silc_client_command_users. | 7.5 |
2009-09-10 | CVE-2008-7160 | USE of Externally-Controlled Format String vulnerability in Silcnet Silc Toolkit The silc_http_server_parse function in lib/silchttp/silchttpserver.c in the internal HTTP server in silcd in Secure Internet Live Conferencing (SILC) Toolkit before 1.1.9 allows remote attackers to overwrite a stack location and possibly execute arbitrary code via a crafted Content-Length header, related to incorrect use of a %lu format string. | 5.8 |
2009-09-10 | CVE-2008-7159 | USE of Externally-Controlled Format String vulnerability in Silcnet Silc Toolkit The silc_asn1_encoder function in lib/silcasn1/silcasn1_encode.c in Secure Internet Live Conferencing (SILC) Toolkit before 1.1.8 allows remote attackers to overwrite a stack location and possibly execute arbitrary code via a crafted OID value, related to incorrect use of a %lu format string. | 5.8 |
2009-09-10 | CVE-2009-3051 | USE of Externally-Controlled Format String vulnerability in Silcnet Silc Client and Silc Toolkit Multiple format string vulnerabilities in lib/silcclient/client_entry.c in Secure Internet Live Conferencing (SILC) Toolkit before 1.1.10, and SILC Client before 1.1.8, allow remote attackers to execute arbitrary code via format string specifiers in a nickname field, related to the (1) silc_client_add_client, (2) silc_client_update_client, and (3) silc_client_nickname_format functions. | 7.5 |
2009-08-25 | CVE-2008-7074 | USE of Externally-Controlled Format String vulnerability in Memcode I.Scribe Format string vulnerability in MemeCode Software i.Scribe 1.88 through 2.00 before Beta9 allows remote SMTP servers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in a server response, which is not properly handled "when displaying the signon message." | 9.3 |