Vulnerabilities > Use of Externally-Controlled Format String
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2009-03-09 | CVE-2008-6441 | USE of Externally-Controlled Format String vulnerability in Epicgames Unreal Engine 2/2.5/3 Format string vulnerability in the Epic Games Unreal engine client, as used in multiple games, allows remote servers to execute arbitrary code via (1) the CLASS parameter in a DLMGR command, (2) a malformed package (PKG), and possibly (3) the LEVEL parameter in a WELCOME command. | 9.3 |
| 2009-03-04 | CVE-2008-6395 | USE of Externally-Controlled Format String vulnerability in 3Com Wireless 8760 Dual-Radio The web management interface in 3Com Wireless 8760 Dual Radio 11a/b/g PoE Access Point allows remote attackers to cause a denial of service (device crash) via a malformed HTTP POST request. | 7.8 |
| 2009-03-03 | CVE-2009-0754 | USE of Externally-Controlled Format String vulnerability in PHP 4.4.4/5.1.6 PHP 4.4.4, 5.1.6, and other versions, when running on Apache, allows local users to modify behavior of other sites hosted on the same web server by modifying the mbstring.func_overload setting within .htaccess, which causes this setting to be applied to other virtual hosts on the same server. | 2.1 |
| 2009-02-16 | CVE-2009-0601 | USE of Externally-Controlled Format String vulnerability in Wireshark Format string vulnerability in Wireshark 0.99.8 through 1.0.5 on non-Windows platforms allows local users to cause a denial of service (application crash) via format string specifiers in the HOME environment variable. | 2.1 |
| 2009-01-27 | CVE-2008-5982 | USE of Externally-Controlled Format String vulnerability in BMC Patrol Agent Format string vulnerability in BMC PATROL Agent before 3.7.30 allows remote attackers to execute arbitrary code via format string specifiers in an invalid version number to TCP port 3181, which are not properly handled when writing a log message. | 10.0 |
| 2008-12-17 | CVE-2008-5660 | USE of Externally-Controlled Format String vulnerability in Gnome Vinagre Format string vulnerability in the vinagre_utils_show_error function (src/vinagre-utils.c) in Vinagre 0.5.x before 0.5.2 and 2.x before 2.24.2 might allow remote attackers to execute arbitrary code via format string specifiers in a crafted URI or VNC server response. | 6.8 |
| 2008-09-11 | CVE-2008-3963 | USE of Externally-Controlled Format String vulnerability in multiple products MySQL 5.0 before 5.0.66, 5.1 before 5.1.26, and 6.0 before 6.0.6 does not properly handle a b'' (b single-quote single-quote) token, aka an empty bit-string literal, which allows remote attackers to cause a denial of service (daemon crash) by using this token in a SQL statement. | 4.0 |
| 2008-09-05 | CVE-2008-3940 | USE of Externally-Controlled Format String vulnerability in HP Openvms 5 Format string vulnerability in the finger client in HP TCP/IP Services for OpenVMS 5.x allows local users to gain privileges via format string specifiers in a (1) .plan or (2) .project file. | 4.4 |
| 2008-08-20 | CVE-2008-3734 | USE of Externally-Controlled Format String vulnerability in Ipswitch WS FTP Home and WS FTP PRO Format string vulnerability in Ipswitch WS_FTP Home 2007.0.0.2 and WS_FTP Professional 2007.1.0.0 allows remote FTP servers to cause a denial of service (application crash) or possibly execute arbitrary code via format string specifiers in a connection greeting (response). | 9.3 |
| 2008-08-18 | CVE-2008-3533 | USE of Externally-Controlled Format String vulnerability in Gnome and Yelp Format string vulnerability in the window_error function in yelp-window.c in yelp in Gnome after 2.19.90 and before 2.24 allows remote attackers to execute arbitrary code via format string specifiers in an invalid URI on the command line, as demonstrated by use of yelp within (1) man or (2) ghelp URI handlers in Firefox, Evolution, and unspecified other programs. | 10.0 |