Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-134

CWE-134

High likelihood

Use of Externally-Controlled Format String

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product uses a function that accepts a format string as an argument, but the format string originates from an external source.

388 vulnerabilities with CWE-134

Apple Remote Desktop < 3.5.4 - Remote Code Execution via VNC Username Format String

Ruby on Rails 3.0.0-3.2.14 - Denial of Service via Format String in Action Mailer Log Subscriber

Network Audio System 1.9.3 - Format String Vulnerability in osLogMsg Function

YARD RADIUS 1.1.2 - Format String Vulnerability in Log and Version Functions

Linux kernel <3.9.4 - Privilege Escalation

Linux kernel <3.9.4 - Privilege Escalation

Debian Linux - Format String Vulnerability

EMC AlphaStor 4.0 - Remote Code Execution via Format String in rrobotd.exe

CVE-2012-10055 CRITICAL

ComSndFTP FTP Server <1.3.7 Beta - Code Injection

CVE-2012-0824 CRITICAL

gnusound 0.7.5 - Format String Vulnerability

mcrypt < 2.6.8 - Format String Vulnerability in errors.c and mcrypt.c

VMware OVF Tool 2.1 - Remote Code Execution via Crafted OVF File

YAML::LibYAML 0.38 - Denial of Service via Format String Specifiers in Error Reporting

Perl < 2.18.1 - Format String Vulnerability

EMC NetWorker 7.6.3-7.6.4 and 8.0 - Remote Code Execution via nsrd RPC Service Format String

Windows Print Spooler Service - Remote Code Execution via Format String Vulnerability

FlightGear and SimGear < 2.6.0 - Format String Vulnerability via Aircraft XML Model

pidgin-otr < 3.2.0 - Remote Code Execution via Format String in Log Message

iPhone OS < 5.1 - Remote Code Execution via VPN Racoon Configuration File

Advantech WebAccess < 7.0 - Remote Code Execution via Format String Specifiers

sudo 1.8.0-1.8.3p1 - Local Use-After-Free via Format String in sudo_debug

CVE-2011-10029 HIGH

Solar FTP Server < 2.1.1 - Denial of Service via USER Command Format String

CVE-2011-1588 HIGH

Thunar < 1.3.1 - Denial of Service via Format String Error in File Name Handling

Condor 7.2.0-7.6.4 - Format String Vulnerability via Job Hold Reason or Filename

Clearsilver < 0.10.5 - Format String Vulnerability via Python CGI Kit Error Handling

Previous Page 10 of 16 Next

Details

Vulnerabilities 388

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy