Vulnerabilities > Use of Externally-Controlled Format String
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2008-08-08 | CVE-2008-0965 | USE of Externally-Controlled Format String vulnerability in SUN Opensolaris, Solaris and Sunos Multiple format string vulnerabilities in snoop on Sun Solaris 8 through 10 and OpenSolaris before snv_96, when the -o option is omitted, allow remote attackers to execute arbitrary code via format string specifiers in an SMB packet. | 9.3 |
2008-07-10 | CVE-2008-3116 | USE of Externally-Controlled Format String vulnerability in Hanghai 5TH Street, High Street 5 and HOT Step Format string vulnerability in dx8render.dll in Snail Game (aka Suzhou Snail Electronic Company) 5th street (aka Hot Step or High Street 5) allows remote attackers to execute arbitrary code via format string specifiers in a chat message. | 10.0 |
2008-07-01 | CVE-2008-2310 | USE of Externally-Controlled Format String vulnerability in Apple mac OS X and mac OS X Server Format string vulnerability in c++filt in Apple Mac OS X 10.5 before 10.5.4 allows user-assisted attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted string in (1) C++ or (2) Java source code. | 6.8 |
2008-04-14 | CVE-2008-0963 | USE of Externally-Controlled Format String vulnerability in EMC Diskxtender 6.20.060 Format string vulnerability in EMC DiskXtender MediaStor 6.20.060 allows remote authenticated users to execute arbitrary code via a crafted message to the RPC interface. | 9.0 |
2008-04-09 | CVE-2008-1705 | USE of Externally-Controlled Format String vulnerability in IBM Soliddb 06.00.1018 Format string vulnerability in the logging function in IBM solidDB 06.00.1018 and earlier allows remote attackers to execute arbitrary code via format string specifiers in the (1) user name, (2) peer name, and possibly unspecified other fields. | 6.8 |
2008-03-20 | CVE-2008-1401 | USE of Externally-Controlled Format String vulnerability in Mg-Soft NET Inspector Format string vulnerability in the Net Inspector HTTP server (mghttpd) in MG-SOFT Net Inspector 6.5.0.828 and earlier for Windows allows remote attackers to execute arbitrary code via format string specifiers in the URI, which is recorded in a log file. | 4.3 |
2008-03-20 | CVE-2008-1333 | USE of Externally-Controlled Format String vulnerability in Asterisk Open Source Format string vulnerability in Asterisk Open Source 1.6.x before 1.6.0-beta6 might allow remote attackers to execute arbitrary code via logging messages that are not properly handled by (1) the ast_verbose logging API call, or (2) the astman_append function. | 5.8 |
2008-03-18 | CVE-2008-0989 | USE of Externally-Controlled Format String vulnerability in Apple mac OS X and mac OS X Server Format string vulnerability in mDNSResponderHelper in Apple Mac OS X 10.5.2 allows local users to execute arbitrary code via format string specifiers in the local hostname. | 6.9 |
2008-03-17 | CVE-2008-1357 | USE of Externally-Controlled Format String vulnerability in Mcafee products Format string vulnerability in the logDetail function of applib.dll in McAfee Common Management Agent (CMA) 3.6.0.574 (Patch 3) and earlier, as used in ePolicy Orchestrator 4.0.0 build 1015, allows remote attackers to cause a denial of service (crash) or execute arbitrary code via format string specifiers in a sender field in an AgentWakeup request to UDP port 8082. | 5.4 |
2008-03-06 | CVE-2008-0072 | USE of Externally-Controlled Format String vulnerability in Gnome Evolution Format string vulnerability in the emf_multipart_encrypted function in mail/em-format.c in Evolution 2.12.3 and earlier allows remote attackers to execute arbitrary code via a crafted encrypted message, as demonstrated using the Version field. | 6.8 |