Vulnerabilities > Use of Externally-Controlled Format String
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-10-08 | CVE-2007-5265 | USE of Externally-Controlled Format String vulnerability in Dawnoftime Dawn of Time Multiple format string vulnerabilities in websrv.cpp in Dawn of Time 1.69s beta4 and earlier allow remote attackers to execute arbitrary code via format string specifiers in the (1) username or (2) password fields when accessing certain "restricted zones", which are not properly handled by the (a) processWebHeader and (b) filterWebRequest functions. | 7.5 |
| 2007-10-08 | CVE-2007-5262 | USE of Externally-Controlled Format String vulnerability in Battlefront Dropteam Multiple format string vulnerabilities in Battlefront Dropteam 1.3.3 and earlier allow remote attackers to execute arbitrary code via format string specifiers in the (1) username, (2) password, and (3) nickname fields in a "0x01" packet. | 7.5 |
| 2007-10-06 | CVE-2007-5248 | USE of Externally-Controlled Format String vulnerability in multiple products Multiple format string vulnerabilities in the ID Software Doom 3 engine, as used by Doom 3 1.3.1 and earlier, Quake 4 1.4.2 and earlier, and Prey 1.3 and earlier, when Punkbuster (PB) is enabled, allow remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via format string specifiers in (1) a PB_Y packet to the YPG server or (2) a PB_U packet to UCON. | 9.3 |
| 2007-10-06 | CVE-2007-5247 | USE of Externally-Controlled Format String vulnerability in Monolith Productions First Encounter Assault Recon Multiple format string vulnerabilities in the Monolith Lithtech engine, as used by First Encounter Assault Recon (F.E.A.R.) 1.08 and earlier, when Punkbuster (PB) is enabled, allow remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via format string specifiers in (1) a PB_Y packet to the YPG server on UDP port 27888 or (2) a PB_U packet to UCON on UDP port 27888, different vectors than CVE-2004-1500. | 9.3 |
| 2007-10-03 | CVE-2007-5184 | USE of Externally-Controlled Format String vulnerability in Smbftpd 0.96 Format string vulnerability in the SMBDirList function in dirlist.c in SmbFTPD 0.96 allows remote attackers to execute arbitrary code via format string specifiers in a directory name. | 7.5 |
| 2007-09-12 | CVE-2007-4832 | USE of Externally-Controlled Format String vulnerability in Immersion Games Cellfactor Revolution Format string vulnerability in CellFactor Revolution 1.03 and earlier allows remote attackers to execute arbitrary code via format string specifiers in a malformed nickname. | 7.5 |
| 2007-09-08 | CVE-2007-4754 | USE of Externally-Controlled Format String vulnerability in COR Entertainment Alien Arena 2007 Format string vulnerability in the safe_bprintf function in acesrc/acebot_cmds.c in Alien Arena 2007 6.10 and earlier allows remote attackers to cause a denial of service (daemon crash) via format string specifiers in a nickname. | 7.5 |
| 2007-08-28 | CVE-2007-4550 | USE of Externally-Controlled Format String vulnerability in Altools Alpass 2.7/3.02 Format string vulnerability in ALPass 2.7 English and 3.02 Korean might allow user-assisted remote attackers to execute arbitrary code via format string specifiers in an fnm field in a folder-name record in an ALPASS DB (APW) file. | 5.1 |
| 2007-08-18 | CVE-2007-4273 | USE of Externally-Controlled Format String vulnerability in IBM DB2 Universal Database IBM DB2 UDB 8 before Fixpak 15 and 9.1 before Fixpak 3 allows local users to create arbitrary directories and execute arbitrary code via a "crafted localized message file" that enables a format string attack, possibly involving the (1) OSSEMEMDBG or (2) TRC_LOG_FILE environment variable in db2licd (db2licm). | 4.6 |
| 2007-05-24 | CVE-2007-0753 | USE of Externally-Controlled Format String vulnerability in Apple mac OS X and mac OS X Server Format string vulnerability in the VPN daemon (vpnd) in Apple Mac OS X 10.3.9 and 10.4.9 allows local users to execute arbitrary code via the -i parameter. | 7.2 |