Vulnerabilities > Use of Externally-Controlled Format String
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2008-03-03 | CVE-2008-1127 | USE of Externally-Controlled Format String vulnerability in Crytek Crysis 1.1.1.5879 Format string vulnerability in the cryactio function in Crysis 1.1.1.5879 allows remote authenticated users to execute arbitrary code via format string specifiers in the user name, which is triggered when the game character is killed. | 6.0 |
| 2008-03-03 | CVE-2008-1120 | USE of Externally-Controlled Format String vulnerability in ICQ Mirabilis ICQ 6 Format string vulnerability in the embedded Internet Explorer component for Mirabilis ICQ 6 build 6043 allows remote servers to execute arbitrary code or cause a denial of service (crash) via unspecified vectors related to HTML code generation. | 9.3 |
| 2008-02-27 | CVE-2008-1055 | USE of Externally-Controlled Format String vulnerability in Netwin Surgemail and Webmail Format string vulnerability in webmail.exe in NetWin SurgeMail 38k4 and earlier and beta 39a, and WebMail 3.1s and earlier, allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via format string specifiers in the page parameter. | 7.5 |
| 2008-02-25 | CVE-2008-0945 | USE of Externally-Controlled Format String vulnerability in Ipswitch Imserver and Instant Messaging Format string vulnerability in the logging function in the IM Server (aka IMserve or IMserver) in Ipswitch Instant Messaging (IM) 2.0.8.1 and earlier allows remote authenticated users to cause a denial of service (daemon crash) and possibly have unspecified other impact via format string specifiers in an IP address field. | 3.5 |
| 2008-02-13 | CVE-2008-0764 | USE of Externally-Controlled Format String vulnerability in Larson Software Technology Network Print Server Format string vulnerability in the logging function in Larson Network Print Server (LstNPS) 9.4.2 build 105 and earlier for Windows might allow remote attackers to execute arbitrary code via format string specifiers in a USEP command on TCP port 3114. | 10.0 |
| 2008-02-13 | CVE-2008-0755 | USE of Externally-Controlled Format String vulnerability in Cyan Soft products Format string vulnerability in the ReportSysLogEvent function in the LPD server in cyan soft Opium OPI Server 4.10.1028 and earlier; cyanPrintIP Easy OPI, Professional, and Basic 4.10.1030 and earlier; Workstation 4.10.836 and earlier; and Standard 4.10.940 and earlier; might allow remote attackers to execute arbitrary code via format string specifiers in the queue name in a request. | 7.5 |
| 2008-01-04 | CVE-2007-6625 | USE of Externally-Controlled Format String vulnerability in Novell Identity Manager 3.5.1 The Platform Service Process (asampsp) in Fan-Out Driver Platform Services for Novell Identity Manager (IDM) 3.5.1 allows remote attackers to cause a denial of service (daemon crash) via unspecified network traffic that triggers a syslog message containing invalid format string specifiers, as demonstrated by a Nessus scan. | 5.0 |
| 2007-12-19 | CVE-2007-4708 | USE of Externally-Controlled Format String vulnerability in Apple mac OS X 10.4.11 Format string vulnerability in Address Book in Apple Mac OS X 10.4.11 allows remote attackers to execute arbitrary code via the URL handler. | 9.3 |
| 2007-12-07 | CVE-2007-6273 | USE of Externally-Controlled Format String vulnerability in Sonicwall Global VPN Client 3.1.556/4.0.0.810 Multiple format string vulnerabilities in the configuration file in SonicWALL GLobal VPN Client 3.1.556 and 4.0.0.810 allow user-assisted remote attackers to execute arbitrary code via format string specifiers in the (1) Hostname tag or the (2) name attribute in the Connection tag. | 9.3 |
| 2007-11-30 | CVE-2007-6183 | USE of Externally-Controlled Format String vulnerability in Ruby Gnome2 Ruby Gnome2 0.16.0 Format string vulnerability in the mdiag_initialize function in gtk/src/rbgtkmessagedialog.c in Ruby-GNOME 2 (aka Ruby/Gnome2) 0.16.0, and SVN versions before 20071127, allows context-dependent attackers to execute arbitrary code via format string specifiers in the message parameter. | 6.8 |