CWE-134
High likelihoodUse of Externally-Controlled Format String
The product uses a function that accepts a format string as an argument, but the format string originates from an external source.
388 vulnerabilities with CWE-134
CVE-2009-3732
VMware ACE 2.5.0-2.5.3 - Remote Code Execution via Format String Vulnerability
CVE-2009-4014
Lintian < 2.3.2 - Use of Externally-Controlled Format String in Check Scripts and Schedule Module
CVE-2009-3617
aria2 < 1.6.2 - Remote Code Execution via Format String in Download URI
CVE-2009-3707
VMware Workstation/Player/ACE/Server DoS via Format String in Auth Daemon
CVE-2009-3663
httpdx Web Server 1.4 - Remote Code Execution via Host Header Format String Specifiers
CVE-2009-3294
PHP 5.2.0-5.2.10 - Denial of Service via popen Mode Argument
CVE-2009-3275
Microsoft Enterprise Library - Denial of Service via Regex Backslash Handling
CVE-2009-3163
SILC Client < 1.1.8 and SILC Toolkit < 1.1.9 - Remote Code Execution via Channel Name Format String
CVE-2009-3051
SILC Client < 1.1.8 and SILC Toolkit < 1.1.10 - Remote Code Execution via Nickname Format String
CVE-2009-2916
Vietcong 2 < 1.10 - Remote Code Execution via Format String in Nickname
CVE-2009-2191
Mac OS X 10.4.11 and 10.5 < 10.5.8 - Remote Code Execution via Login Window Application Name
CVE-2009-2548
Armed Assault <1.14-1.16 beta & II <1.02 - RCE/DoS
CVE-2009-2446
MySQL 4.0.0-5.0.83 - Authenticated Denial of Service via Format String in Database Name
CVE-2009-1886
Samba 3.2.0-3.2.12 - Remote Code Execution via Format String in Filename
CVE-2009-1262
FortiClient 3.0.614 - Local Use-After-Free via VPN Connection Name Format String Specifiers
CVE-2009-1210
Wireshark < 1.0.6 - Remote Code Execution via PN-DCP Station Name Format String
CVE-2009-0364
WebCit < 7.39 - Remote Code Execution via Format String in Mini Calendar
CVE-2009-0538
Symantec pcAnywhere <12.5 SP1 - Memory Corruption
CVE-2009-0754
PHP <4.4.4, <5.1.6 - Code Injection
CVE-2009-0601
Wireshark 0.99.8-1.0.5 - Denial of Service via HOME Environment Variable Format String
CVE-2008-7228
White_Dune <0.29beta851 - Format String
CVE-2008-7160
Secure Internet Live Conferencing Toolkit <1.1.9 - RCE
CVE-2008-7159
Secure Internet Live Conferencing Toolkit <1.1.8 - RCE
CVE-2008-7074
i.Scribe 1.88-2.00 - Remote Code Execution via SMTP Server Response Format String
CVE-2008-3871
UltraISO < 9.3.3.2685 - Remote Code Execution via DAA or ISZ Filename Format String
Details
Vulnerabilities
388
Exploit Likelihood
High