CWE-134

High likelihood

Use of Externally-Controlled Format String

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product uses a function that accepts a format string as an argument, but the format string originates from an external source.

388 vulnerabilities with CWE-134
CVE-2011-0185
Apple Mac OS X <10.7.2 - Privilege Escalation
CVE-2011-1764
Exim < 4.76 - Remote Code Execution via DKIM Logging Format String
CVE-2011-2475
Sybase OneBridge Mobile Data Suite 5.5-5.6 - Remote Code Execution via Format String
CVE-2011-1568
7-Technologies IGSS <9.00.00.11074 - RCE
CVE-2011-0173
Apple Mac OS X < 10.6.7 - Remote Code Execution via AppleScript Display Dialog Format String
CVE-2011-1153
PHP < 5.3.5 - Format String Vulnerability in phar_object.c
CVE-2011-0270
HP OpenView Network Node Manager 7.51 and 7.53 - Remote Code Execution via Format String in nnmRptConfig.exe
CVE-2010-10017 HIGH
WM Downloader 3.1.2.2 - Buffer Overflow
CVE-2010-3438 CRITICAL
libpoe-component-irc-perl <6.32 - Code Injection
CVSS 9.8
CVE-2010-4235
RealNetworks Helix Server and Helix Mobile Server < 14.2 - Remote Code Execution via x-wap-profile HTTP Header
CVE-2010-4013
Mac OS X 10.6.x < 10.6.6 - Remote Code Execution via PackageKit Format String
CVE-2010-2950
PHP 5.3.x-5.3.3 - Format String Vulnerability in phar_stream_flush
CVE-2010-2451
KVIrc 3.4 and 4.0 - Use of Externally-Controlled Format String in DCC Functionality
CVE-2010-1376
Mac OS X 10.6 - Remote Code Execution via Format String in Network Authorization URL Handling
CVE-2010-2271
Accoria Rock Web Server 1.4.7 - Remote Format String Injection via authcfg.cgi Password File Parameter
CVE-2010-2094
PHP 5.3 - Format String Vulnerability in phar Extension
CVE-2010-1039
NFS/ONCplus < b.11.31_09 - Remote Code Execution via Format String in RPC Request
CVE-2010-1550
HP OpenView Network Node Manager <7.53 - RCE
CVE-2010-1139
VMware VIX API <1.6 - Privilege Escalation
CVE-2010-0743
tgt < 0.9.5 - Format String Vulnerability in isns.c
CVE-2010-0388
Sun Java System Web Server 7.0 Update 6 - Denial of Service via WebDAV PROPFIND Request Format String
CVE-2009-5141
Jgaa Warftpd - Format String Vulnerability
CVE-2009-4811
VMware ACE 2.6-2.6.1 and 2.5.x-2.5.4 - Denial of Service via Format String in Authentication Daemon
CVE-2009-4775
Ipswitch WS_FTP Professional 12 - Denial of Service via HTTP Response Status Code Format String
CVE-2009-4769
httpdx <1.5 - Remote Code Execution
Details
Vulnerabilities 388
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits