Export limit exceeded: 343778 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (392 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2009-3663 | 1 Jasper | 1 Httpdx | 2025-04-09 | N/A |
| Format string vulnerability in the h_readrequest function in http.c in httpdx Web Server 1.4 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via format string specifiers in the Host header. | ||||
| CVE-2009-3707 | 1 Vmware | 4 Ace, Player, Server and 1 more | 2025-04-09 | N/A |
| VMware Authentication Daemon 1.0 in vmware-authd.exe in the VMware Authorization Service in VMware Workstation 7.0 before 7.0.1 build 227600 and 6.5.x before 6.5.4 build 246459, VMware Player 3.0 before 3.0.1 build 227600 and 2.5.x before 2.5.4 build 246459, VMware ACE 2.6 before 2.6.1 build 227600 and 2.5.x before 2.5.4 build 246459, and VMware Server 2.x allows remote attackers to cause a denial of service (process crash) via a \x25\xFF sequence in the USER and PASS commands, related to a "format string DoS" issue. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2006-3628 | 3 Ethereal Group, Redhat, Wireshark | 3 Ethereal, Enterprise Linux, Wireshark | 2025-04-03 | N/A |
| Multiple format string vulnerabilities in Wireshark (aka Ethereal) 0.10.x to 0.99.0 allow remote attackers to cause a denial of service and possibly execute arbitrary code via the (1) ANSI MAP, (2) Checkpoint FW-1, (3) MQ, (4) XML, and (5) NTP dissectors. | ||||
| CVE-2006-0150 | 2 Dave Carrigan, Redhat | 2 Auth Ldap, Enterprise Linux | 2025-04-03 | N/A |
| Multiple format string vulnerabilities in the auth_ldap_log_reason function in Apache auth_ldap 1.6.0 and earlier allows remote attackers to execute arbitrary code via various vectors, including the username. | ||||
| CVE-2006-0200 | 1 Php | 1 Php | 2025-04-03 | N/A |
| Format string vulnerability in the error-reporting feature in the mysqli extension in PHP 5.1.0 and 5.1.1 might allow remote attackers to execute arbitrary code via format string specifiers in MySQL error messages. | ||||
| CVE-2006-1840 | 1 Empire Server | 1 Empire Server | 2025-04-03 | N/A |
| Multiple format string vulnerabilities in Empire Server before 4.3.1 allow attackers to cause a denial of service (crash) via the (1) load, (2) spy and (3) bomb functions. | ||||
| CVE-2006-3573 | 1 Milan Mimica | 1 Sparklet | 2025-04-03 | N/A |
| Format string vulnerability in the WriteText function in agl_text.cpp in Milan Mimica Sparklet 0.9.4 and earlier allows remote attackers to execute arbitrary code via format string specifiers in a player nickname. | ||||
| CVE-2003-1381 | 1 Amxmod.net | 1 Amx Mod | 2025-04-03 | N/A |
| Format string vulnerability in AMX 0.9.2 and earlier, a plugin for Valve Software's Half-Life Server, allows remote attackers to execute arbitrary commands via format string specifiers in the amx_say command. | ||||
| CVE-2003-0738 | 1 Phpwebsite | 1 Phpwebsite | 2025-04-03 | N/A |
| The calendar module in phpWebSite 0.9.x and earlier allows remote attackers to cause a denial of service (crash) via a long year parameter. | ||||
| CVE-2004-0777 | 1 Inter7 | 1 Courier-imap | 2025-04-03 | N/A |
| Format string vulnerability in the auth_debug function in Courier-IMAP 1.6.0 through 2.2.1 and 3.x through 3.0.3, when login debugging (DEBUG_LOGIN) is enabled, allows remote attackers to execute arbitrary code. | ||||
| CVE-2004-2714 | 1 Windowmaker | 1 Windowmaker | 2025-04-03 | N/A |
| Unspecified vulnerability in Window Maker 0.80.2 and earlier allows attackers to perform unknown actions via format string specifiers in a font specification in WMGLOBAL, probably a format string vulnerability. | ||||
| CVE-2005-1394 | 1 Esri | 1 Arcinfo Workstation | 2025-04-03 | N/A |
| Format string vulnerability in ArcGIS for ESRI ArcInfo Workstation 9.0 allows local users to gain privileges via format string specifiers in the ARCHOME environment variable to (1) wservice or (2) lockmgr. | ||||
| CVE-2005-3154 | 1 Softwin | 1 Bitdefender | 2025-04-03 | N/A |
| Format string vulnerability in the logging functionality in BitDefender AntiVirus 7.2 through 9 allows remote attackers to cause a denial of service and possibly execute arbitrary code via format string specifiers in file or directory name. | ||||
| CVE-2006-0082 | 2 Imagemagick, Redhat | 2 Imagemagick, Enterprise Linux | 2025-04-03 | N/A |
| Format string vulnerability in the SetImageInfo function in image.c for ImageMagick 6.2.3 and other versions, and GraphicsMagick, allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a numeric format string specifier such as %d in the file name, a variant of CVE-2005-0397, and as demonstrated using the convert program. | ||||
| CVE-2006-1471 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-03 | N/A |
| Format string vulnerability in the CF_syslog function launchd in Apple Mac OS X 10.4 up to 10.4.6 allows local users to execute arbitrary code via format string specifiers that are not properly handled in a syslog call in the logging facility, as demonstrated by using a crafted plist file. | ||||
| CVE-2006-1615 | 1 Clamav | 1 Clamav | 2025-04-03 | N/A |
| Multiple format string vulnerabilities in the logging code in Clam AntiVirus (ClamAV) before 0.88.1 might allow remote attackers to execute arbitrary code. NOTE: as of 20060410, it is unclear whether this is a vulnerability, as there is some evidence that the arguments are actually being sanitized properly. | ||||
| CVE-2006-2409 | 1 Raydium | 1 Raydium | 2025-04-03 | N/A |
| Format string vulnerability in the raydium_log function in console.c in Raydium before SVN revision 310 allows local users to execute arbitrary code via format string specifiers in the format parameter, which are not properly handled in a call to raydium_console_line_add. | ||||
| CVE-2006-2453 | 2 Dia, Redhat | 2 Dia, Enterprise Linux | 2025-04-03 | N/A |
| Multiple unspecified format string vulnerabilities in Dia have unspecified impact and attack vectors, a different set of issues than CVE-2006-2480. | ||||
| CVE-2006-2480 | 2 Dia, Redhat | 2 Dia, Enterprise Linux | 2025-04-03 | N/A |
| Format string vulnerability in Dia 0.94 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code by triggering errors or warnings, as demonstrated via format string specifiers in a .bmp filename. NOTE: the original exploit was demonstrated through a command line argument, but there are other mechanisms for input that are automatically processed by Dia, such as a crafted .dia file. | ||||
| CVE-2004-1628 | 1 Pizzashack | 1 Rssh | 2025-04-03 | N/A |
| Format string vulnerability in log.c in rssh before 2.2.2 allows remote authenticated users to execute arbitrary code. | ||||