Total
378 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-0017 | 1 Videolan | 1 Vlc Media Player | 2025-04-09 | N/A |
| Multiple format string vulnerabilities in (1) the cdio_log_handler function in modules/access/cdda/access.c in the CDDA (libcdda_plugin) plugin, and the (2) cdio_log_handler and (3) vcd_log_handler functions in modules/access/vcdx/access.c in the VCDX (libvcdx_plugin) plugin, in VideoLAN VLC 0.7.0 through 0.8.6 allow user-assisted remote attackers to execute arbitrary code via format string specifiers in an invalid URI, as demonstrated by a udp://-- URI in an M3U file. | ||||
| CVE-2007-0753 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | N/A |
| Format string vulnerability in the VPN daemon (vpnd) in Apple Mac OS X 10.3.9 and 10.4.9 allows local users to execute arbitrary code via the -i parameter. | ||||
| CVE-2008-6395 | 1 3com | 1 Wireless 8760 Dual-radio | 2025-04-09 | N/A |
| The web management interface in 3Com Wireless 8760 Dual Radio 11a/b/g PoE Access Point allows remote attackers to cause a denial of service (device crash) via a malformed HTTP POST request. | ||||
| CVE-2007-1251 | 1 Netrek | 1 Netrek Vanilla Server | 2025-04-09 | N/A |
| Format string vulnerability in the new_warning function in ntserv/warning.c for Netrek Vanilla Server 2.12.0, when EVENTLOG is enabled, allows remote attackers to cause a denial of service (crash) or execute arbitrary code via format string specifiers in the message handling. | ||||
| CVE-2008-1705 | 1 Ibm | 1 Soliddb | 2025-04-09 | N/A |
| Format string vulnerability in the logging function in IBM solidDB 06.00.1018 and earlier allows remote attackers to execute arbitrary code via format string specifiers in the (1) user name, (2) peer name, and possibly unspecified other fields. | ||||
| CVE-2008-5660 | 1 Gnome | 1 Vinagre | 2025-04-09 | N/A |
| Format string vulnerability in the vinagre_utils_show_error function (src/vinagre-utils.c) in Vinagre 0.5.x before 0.5.2 and 2.x before 2.24.2 might allow remote attackers to execute arbitrary code via format string specifiers in a crafted URI or VNC server response. | ||||
| CVE-2008-7074 | 1 Memcode | 1 I.scribe | 2025-04-09 | N/A |
| Format string vulnerability in MemeCode Software i.Scribe 1.88 through 2.00 before Beta9 allows remote SMTP servers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in a server response, which is not properly handled "when displaying the signon message." | ||||
| CVE-2009-2916 | 1 2kgames | 1 Vietcong 2 | 2025-04-09 | N/A |
| Format string vulnerability in the CNS_AddTxt function in logs.dll in 2K Games Vietcong 2 1.10 and earlier might allow remote attackers to execute arbitrary code via format string specifiers in the nickname. | ||||
| CVE-2007-1006 | 2 Ekiga, Redhat | 2 Ekiga, Enterprise Linux | 2025-04-09 | N/A |
| Multiple format string vulnerabilities in the gm_main_window_flash_message function in Ekiga before 2.0.5 allow attackers to cause a denial of service and possibly execute arbitrary code via a crafted Q.931 SETUP packet. | ||||
| CVE-2006-6751 | 1 Dxmsoft | 1 Xm Easy Personal Ftp Server | 2025-04-09 | N/A |
| Format string vulnerability in XM Easy Personal FTP Server 5.2.1 allows remote attackers to cause a denial of service (application crash) via format string specifiers in the USER command or certain other available or nonexistent commands. NOTE: It was later reported that 5.3.0 is also vulnerable. | ||||
| CVE-2006-6772 | 1 W3m | 1 W3m | 2025-04-09 | N/A |
| Format string vulnerability in the inputAnswer function in file.c in w3m before 0.5.2, when run with the dump or backend option, allows remote attackers to execute arbitrary code via format string specifiers in the Common Name (CN) field of an SSL certificate associated with an https URL. | ||||
| CVE-2007-0051 | 1 Apple | 1 Iphoto | 2025-04-09 | N/A |
| Format string vulnerability in Apple iPhoto 6.0.5 (316), and other versions before 6.0.6, allows remote user-assisted attackers to execute arbitrary code via a crafted photocast with format string specifiers in the title of an RSS iPhoto feed. | ||||
| CVE-2007-0344 | 1 Colloquy | 1 Colloquy | 2025-04-09 | N/A |
| Multiple format string vulnerabilities in (1) _invitedToRoom: and (2) _invitedToDirectChat: in Colloquy 2.1 and earlier allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via format string specifiers in the channel name of an INVITE request, related to the implementation of AlertSheet and AlertPanel in Apple AppKit. | ||||
| CVE-2007-0454 | 3 Debian, Mandrakesoft, Samba | 5 Debian Linux, Mandrake Linux, Mandrake Linux Corporate Server and 2 more | 2025-04-09 | N/A |
| Format string vulnerability in the afsacl.so VFS module in Samba 3.0.6 through 3.0.23d allows context-dependent attackers to execute arbitrary code via format string specifiers in a filename on an AFS file system, which is not properly handled during Windows ACL mapping. | ||||
| CVE-2008-0755 | 1 Cyan Soft | 6 Cyanprintip Basic, Cyanprintip Easy Opi, Cyanprintip Professional and 3 more | 2025-04-09 | N/A |
| Format string vulnerability in the ReportSysLogEvent function in the LPD server in cyan soft Opium OPI Server 4.10.1028 and earlier; cyanPrintIP Easy OPI, Professional, and Basic 4.10.1030 and earlier; Workstation 4.10.836 and earlier; and Standard 4.10.940 and earlier; might allow remote attackers to execute arbitrary code via format string specifiers in the queue name in a request. | ||||
| CVE-2007-4708 | 1 Apple | 1 Mac Os X | 2025-04-09 | N/A |
| Format string vulnerability in Address Book in Apple Mac OS X 10.4.11 allows remote attackers to execute arbitrary code via the URL handler. | ||||
| CVE-2008-0963 | 1 Emc | 1 Diskxtender | 2025-04-09 | N/A |
| Format string vulnerability in EMC DiskXtender MediaStor 6.20.060 allows remote authenticated users to execute arbitrary code via a crafted message to the RPC interface. | ||||
| CVE-2007-4754 | 1 Cor Entertainment | 1 Alien Arena 2007 | 2025-04-09 | N/A |
| Format string vulnerability in the safe_bprintf function in acesrc/acebot_cmds.c in Alien Arena 2007 6.10 and earlier allows remote attackers to cause a denial of service (daemon crash) via format string specifiers in a nickname. | ||||
| CVE-2007-5265 | 1 Dawnoftime | 1 Dawn Of Time | 2025-04-09 | N/A |
| Multiple format string vulnerabilities in websrv.cpp in Dawn of Time 1.69s beta4 and earlier allow remote attackers to execute arbitrary code via format string specifiers in the (1) username or (2) password fields when accessing certain "restricted zones", which are not properly handled by the (a) processWebHeader and (b) filterWebRequest functions. | ||||
| CVE-2007-5247 | 1 Monolith Productions | 1 First Encounter Assault Recon | 2025-04-09 | N/A |
| Multiple format string vulnerabilities in the Monolith Lithtech engine, as used by First Encounter Assault Recon (F.E.A.R.) 1.08 and earlier, when Punkbuster (PB) is enabled, allow remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via format string specifiers in (1) a PB_Y packet to the YPG server on UDP port 27888 or (2) a PB_U packet to UCON on UDP port 27888, different vectors than CVE-2004-1500. NOTE: this issue might be in Punkbuster itself, but there are insufficient details to be certain. | ||||