Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-134

CWE-134

High likelihood

Use of Externally-Controlled Format String

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product uses a function that accepts a format string as an argument, but the format string originates from an external source.

389 vulnerabilities with CWE-134

UltraISO < 9.3.3.2685 - Remote Code Execution via DAA or ISZ Filename Format String

Xitami Web Server 2.5c2 - Remote Code Execution via SSI Filter Format String

Xitami 2.2a-2.5c2 - Remote Code Execution via Format String in LRWP Request

Unreal Engine - Remote Code Execution via Format String Vulnerability

3Com Wireless 8760 Dual Radio - Denial of Service via Malformed HTTP POST Request

BMC PATROL Agent < 3.7.30 - Remote Code Execution via Format String in Version Number

Vinagre 0.5.x-0.5.1 and 2.x-2.24.1 - Remote Code Execution via Format String in URI or VNC Response

MySQL 5.0 < 5.0.66, 5.1 < 5.1.26, 6.0 < 6.0.6 - Denial of Service via Empty Bit-String Literal

HP TCP/IP Services for OpenVMS 5.x - Privilege Escalation

Ipswitch WS_FTP Home 2007.0.0.2 and WS_FTP Professional 2007.1.0.0 - Format String Vulnerability via FTP Server Greeting

yelp < 2.24 - Remote Code Execution via Format String in URI Handler

OpenSolaris < snv_96 - Remote Code Execution via SMB Packet Format String Specifiers

Snail Game 5th Street - Remote Code Execution via Chat Message Format String

Mac OS X < 10.5.4 - Remote Code Execution via c++filt Format String

EMC DiskXtender MediaStor 6.20.060 - Authenticated Remote Code Execution via Format String Vulnerability

PolicyKit <0.7 - DoS/Code Injection

IBM solidDB 06.00.1018 - Remote Code Execution via Format String Specifiers in Logging Function

MG-SOFT Net Inspector <6.5.0.828 - RCE

Asterisk Open Source <1.6.0-beta6 - RCE

Apple Mac OS X 10.5.2 - Local Format String Vulnerability via mDNSResponderHelper

McAfee Common Management Agent <= 3.6.0.574 - Remote Code Execution via Format String in AgentWakeup Request

Linux Kiss Server 1.2 - Format String

Evolution < 2.12.3 - Remote Code Execution via Encrypted Message Format String

Crysis 1.1.1.5879 - Authenticated Remote Code Execution via Format String in User Name

Mirabilis ICQ 6 build 6043 - Remote Code Execution via Format String in HTML Code Generation

Previous Page 13 of 16 Next

Details

Vulnerabilities 389

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy