Vulnerabilities > Use of Externally-Controlled Format String
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-06-27 | CVE-2006-1471 | USE of Externally-Controlled Format String vulnerability in Apple mac OS X and mac OS X Server Format string vulnerability in the CF_syslog function launchd in Apple Mac OS X 10.4 up to 10.4.6 allows local users to execute arbitrary code via format string specifiers that are not properly handled in a syslog call in the logging facility, as demonstrated by using a crafted plist file. | 4.6 |
| 2006-05-28 | CVE-2006-2453 | USE of Externally-Controlled Format String vulnerability in DIA Multiple unspecified format string vulnerabilities in Dia have unspecified impact and attack vectors, a different set of issues than CVE-2006-2480. | 7.5 |
| 2006-05-19 | CVE-2006-2480 | USE of Externally-Controlled Format String vulnerability in DIA 0.94 Format string vulnerability in Dia 0.94 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code by triggering errors or warnings, as demonstrated via format string specifiers in a .bmp filename. | 5.1 |
| 2006-05-16 | CVE-2006-2409 | USE of Externally-Controlled Format String vulnerability in Raydium Format string vulnerability in the raydium_log function in console.c in Raydium before SVN revision 310 allows local users to execute arbitrary code via format string specifiers in the format parameter, which are not properly handled in a call to raydium_console_line_add. | 4.6 |
| 2006-04-19 | CVE-2006-1840 | USE of Externally-Controlled Format String vulnerability in Empire Server Empire Server Multiple format string vulnerabilities in Empire Server before 4.3.1 allow attackers to cause a denial of service (crash) via the (1) load, (2) spy and (3) bomb functions. | 6.4 |
| 2006-04-06 | CVE-2006-1615 | USE of Externally-Controlled Format String vulnerability in Clamav Multiple format string vulnerabilities in the logging code in Clam AntiVirus (ClamAV) before 0.88.1 might allow remote attackers to execute arbitrary code. | 10.0 |
| 2006-03-09 | CVE-2006-0743 | USE of Externally-Controlled Format String vulnerability in Apache Log4Net 1.2.9Beta Format string vulnerability in LocalSyslogAppender in Apache log4net 1.2.9 might allow remote attackers to cause a denial of service (memory corruption and termination) via unknown vectors. | 5.0 |
| 2006-02-18 | CVE-2006-0771 | USE of Externally-Controlled Format String vulnerability in Even Balance Punkbuster Format string vulnerability in PunkBuster 1.180 and earlier, as used by Soldier of Fortune II and possibly other games, allows remote attackers to cause a denial of service (server crash) and possibly execute arbitrary code via format string specifiers in invalid cvar values, which are not properly handled when the server kicks the player and records the reason. | 6.4 |
| 2006-02-15 | CVE-2006-0705 | USE of Externally-Controlled Format String vulnerability in multiple products Format string vulnerability in a logging function as used by various SFTP servers, including (1) AttachmateWRQ Reflection for Secure IT UNIX Server before 6.0.0.9, (2) Reflection for Secure IT Windows Server before 6.0 build 38, (3) F-Secure SSH Server for Windows before 5.3 build 35, (4) F-Secure SSH Server for UNIX 3.0 through 5.0.8, (5) SSH Tectia Server 4.3.6 and earlier and 4.4.0, and (6) SSH Shell Server 3.2.9 and earlier, allows remote authenticated users to execute arbitrary commands via unspecified vectors, involving crafted filenames and the stat command. | 6.5 |
| 2006-01-13 | CVE-2006-0200 | USE of Externally-Controlled Format String vulnerability in PHP 5.1.0/5.1.1 Format string vulnerability in the error-reporting feature in the mysqli extension in PHP 5.1.0 and 5.1.1 might allow remote attackers to execute arbitrary code via format string specifiers in MySQL error messages. | 9.3 |