CWE:
 

Topic
Date
Author
Low
OpenSSH 6.8 Insecure Functions
04.04.2015
Nicholas Lemonias
Med.
War FTP Daemon Format String DoS (LIST command)
01.04.2014
corelanc0d3r
High
Tftpd32 Client Side Format String
04.12.2013
Fara Rustein
High
Flightgear 2.0 / 2.4 Format String
09.05.2013
Kurono
High
Polycom H.323 Format String
16.03.2013
Moritz Jodeit
High
VMWare OVF Tools Format String
07.02.2013
Juan vazquez
High
EMC NetWorker Format String
01.09.2012
Aaron Portnoy
High
XM Easy Personal FTP Server 5.30 Format String
15.06.2012
mr_me
High
ComSndFTP 1.3.7 Beta Format String Overflow
09.06.2012
Dark2S Security Team/H...
High
sudo 1.8.3p1 Format String
31.01.2012
Phenoelit Group
High
7T Interactive Graphical SCADA System Multiple Security Vulnerabilities
07.04.2011
Luigi Auriemma
High
rpc.pcnfsd Remote Format String Exploit
21.07.2010
Rodrigo Rubira Branco
High
HP OpenView Network Node Manager Arbitrary Code
24.05.2010
HP
Low
Ipswitch WS_FTP 12 Professional Remote Format String
23.04.2010
AKA
High
aria2 upstream 1.6.1 remote Denial of Service
22.10.2009
Jan Lieskovsky
Med.
VMware Authorization Service <= 2.5.3 (vmware-authd.exe) Format String DoS
16.10.2009
shinnai
Med.
Regular Expression Denial of Service
23.09.2009
Alex Roichman
High
i.Scribe SMTP Client <= 2.00b (wscanf) Remote Format String PoC
27.08.2009
grTs;SiD.psycho
High
Vietcong 2 Format String
25.08.2009
null
Med.
MySQL <= 5.0.45 post auth format string vulnerability
10.07.2009
Kingcope
High
Format String Vulnerability: FortiClient Version 3
11.04.2009
dh layereddefense com
High
Wireshark <= 1.0.6 PN-DCP Format String Exploit PoC
03.04.2009
THCX
Med.
GeoVision LiveAudio ActiveX Control GetAudioPlayingTime() remote freed-memory access
28.03.2009
trotzkista
High
Xitami Web Server v2.5c2 LRWP Processing Format String PoC
26.03.2009
bratax
High
BMC PatrolAgent Version Logging Format String Vulnerability
31.01.2009
Anonymous
High
WS_FTP Home/Professional FTP Client Remote Format String PoC
22.08.2008
securfrog
High
Format string vulnerability in 5th street
12.07.2008
Nam Nguyen


CVEMAP Search Results

CVE
Details
Description
2014-06-02
Medium
CVE-2013-7386

Vendor: Rom walton
Software: Boinc
 

 
Format string vulnerability in the PROJECT::write_account_file function in client/cs_account.cpp in BOINC, possibly 7.2.33, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via format string specifiers in the gui_urls item in an account file.

 
2014-04-23
Medium
CVE-2014-1315

Vendor: Apple
Software: Mac os x
 

 
Format string vulnerability in CoreServicesUIAgent in Apple OS X 10.9.x through 10.9.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via format string specifiers in a URL.

 
2014-03-31
Low
CVE-2009-5141

Vendor: JGAA
Software: Warftpd
 

 
Format string vulnerability in War FTP Daemon (warftpd) 1.82 RC 12 allows remote authenticated users to cause a denial of service (crash) via format string specifiers in a LIST command.

 
2014-02-10
Medium
CVE-2011-4930

Vendor: Condor project
Software: Condor
 

 
Multiple format string vulnerabilities in Condor 7.2.0 through 7.6.4, and possibly certain 7.7.x versions, as used in Red Hat MRG Grid and possibly other products, allow local users to cause a denial of service (condor_schedd daemon and failure to launch jobs) and possibly execute arbitrary code via format string specifiers in (1) the reason for a hold for a job that uses an XML user log, (2) the filename of a file to be transferred, and possibly other unspecified vectors.

 
2013-12-13
Medium
CVE-2013-6809

Vendor: Philippe jounin
Software: Tftpd32
 

 
Format string vulnerability in the client in Tftpd32 before 4.50 allows remote servers to cause a denial of service (crash) or possibly execute arbitrary code via format string specifiers in the Remote File field.

 
2013-10-23
Medium
CVE-2013-5135

Vendor: Apple
Software: Remote desktop
 

 
Format string vulnerability in Screen Sharing Server in Apple Mac OS X before 10.9 and Apple Remote Desktop before 3.5.4 allows remote attackers to execute arbitrary code via format string specifiers in a VNC username.

 
2013-10-16
Low
CVE-2013-4389

Vendor: Rubyonrails
Software: Ruby on rails
 

 
Multiple format string vulnerabilities in log_subscriber.rb files in the log subscriber component in Action Mailer in Ruby on Rails 3.x before 3.2.15 allow remote attackers to cause a denial of service via a crafted e-mail address that is improperly handled during construction of a log message.

 
2013-08-09
Medium
CVE-2013-4147

Vendor: Yard radius
Software: Yard radius
 

 
Multiple format string vulnerabilities in Yet Another Radius Daemon (YARD RADIUS) 1.1.2 allow context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via format string specifiers in a request in the (1) log_msg function in log.c or (2) version or (3) build_version function in version.c.

 
2013-06-07
Medium
CVE-2013-2851

Vendor: Linux
Software: Linux kernel
 

 
Format string vulnerability in the register_disk function in block/genhd.c in the Linux kernel through 3.9.4 allows local users to gain privileges by leveraging root access and writing format string specifiers to /sys/module/md_mod/parameters/new_array in order to create a crafted /dev/md device name.

 
Medium
CVE-2013-2852

Vendor: Linux
Software: Linux kernel
 

 
Format string vulnerability in the b43_request_firmware function in drivers/net/wireless/b43/main.c in the Broadcom B43 wireless driver in the Linux kernel through 3.9.4 allows local users to gain privileges by leveraging root access and including format string specifiers in an fwpostfix modprobe parameter, leading to improper construction of an error message.

 

 


Copyright 2017, cxsecurity.com

 

Back to Top