Vulnerabilities > Use of Externally-Controlled Format String

DATE CVE VULNERABILITY TITLE RISK
2005-10-05 CVE-2005-3154 USE of Externally-Controlled Format String vulnerability in Softwin Bitdefender 7.2/8.0/9.0
Format string vulnerability in the logging functionality in BitDefender AntiVirus 7.2 through 9 allows remote attackers to cause a denial of service and possibly execute arbitrary code via format string specifiers in file or directory name.
network
low complexity
softwin CWE-134
7.5
2005-04-14 CVE-2005-1122 USE of Externally-Controlled Format String vulnerability in Monkey-Project Monkey
Format string vulnerability in cgi.c for Monkey daemon (monkeyd) before 0.9.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via an HTTP GET request containing double-encoded format string specifiers (aka "double expansion error").
network
low complexity
monkey-project CWE-134
7.5
2004-12-31 CVE-2004-2714 USE of Externally-Controlled Format String vulnerability in Windowmaker
Unspecified vulnerability in Window Maker 0.80.2 and earlier allows attackers to perform unknown actions via format string specifiers in a font specification in WMGLOBAL, probably a format string vulnerability.
6.0
2004-12-31 CVE-2004-2386 USE of Externally-Controlled Format String vulnerability in multiple products
Format string vulnerability in the LogMsg function in sercd before 2.3.1 and sredird 2.2.1 and earlier allows remote attackers to execute arbitrary code via format string specifiers passed from the HandleCPCCommand function.
network
low complexity
denis-sbragion peter-astrand CWE-134
7.5
2004-10-23 CVE-2004-1628 USE of Externally-Controlled Format String vulnerability in Pizzashack Rssh
Format string vulnerability in log.c in rssh before 2.2.2 allows remote authenticated users to execute arbitrary code.
network
low complexity
pizzashack CWE-134
critical
9.0
2004-10-20 CVE-2004-0777 USE of Externally-Controlled Format String vulnerability in Inter7 Courier-Imap
Format string vulnerability in the auth_debug function in Courier-IMAP 1.6.0 through 2.2.1 and 3.x through 3.0.3, when login debugging (DEBUG_LOGIN) is enabled, allows remote attackers to execute arbitrary code.
network
low complexity
inter7 CWE-134
7.5
2003-12-31 CVE-2003-1381 USE of Externally-Controlled Format String vulnerability in Amxmod.Net AMX MOD 0.9.2
Format string vulnerability in AMX 0.9.2 and earlier, a plugin for Valve Software's Half-Life Server, allows remote attackers to execute arbitrary commands via format string specifiers in the amx_say command.
6.8
2003-10-20 CVE-2003-0738 USE of Externally-Controlled Format String vulnerability in PHPwebsite
The calendar module in phpWebSite 0.9.x and earlier allows remote attackers to cause a denial of service (crash) via a long year parameter.
network
low complexity
phpwebsite CWE-134
7.8
2002-04-22 CVE-2002-0159 USE of Externally-Controlled Format String vulnerability in Cisco Secure Access Control Server
Format string vulnerability in the administration function in Cisco Secure Access Control Server (ACS) for Windows, 2.6.x and earlier and 3.x through 3.01 (build 40), allows remote attackers to crash the CSADMIN module only (denial of service of administration function) or execute arbitrary code via format strings in the URL to port 2002.
network
low complexity
cisco CWE-134
7.5