CWE-134

High likelihood

Use of Externally-Controlled Format String

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product uses a function that accepts a format string as an argument, but the format string originates from an external source.

389 vulnerabilities with CWE-134
CVE-2006-0150
auth_ldap <= 1.6.0 - Remote Code Execution via Format String in auth_ldap_log_reason
CVE-2006-0082
ImageMagick - Use of Externally-Controlled Format String via Filename
CVE-2005-3656
mod_auth_pgsql < 2.0.3 - Unauthenticated Remote Code Execution via Format String Vulnerability
CVE-2005-3154
BitDefender AntiVirus 7.2-9 - Remote Code Execution via Format String in File or Directory Name
CVE-2005-1394
ArcGIS for ESRI ArcInfo Workstation 9.0 - Privilege Escalation
CVE-2005-1122
monkey-project/monkey < 0.9.0 - Remote Code Execution via Double-Encoded Format String Specifiers
CVE-2004-2386
sredird <= 2.2.1 - Remote Code Execution via Format String in LogMsg
CVE-2004-2714
Windowmaker - Format String Vulnerability
CVE-2004-1628
rssh < 2.2.2 - Authenticated Remote Code Execution via Format String Vulnerability
CVE-2004-0777
Courier-IMAP 1.6.0-2.2.1 and 3.x-3.0.3 - Remote Code Execution via Format String in auth_debug
CVE-2004-0179
neon < 0.24.5 - Remote Code Execution via Format String Vulnerability
CVE-2003-1381
amx_mod 0.9.2 - Remote Code Execution via Format String Specifiers in amx_say Command
CVE-2003-0738
phpWebSite < 0.9.0 - Denial of Service via Calendar Module Year Parameter
CVE-2002-0159
Cisco Secure Access Control Server <=3.01 (build 40) - Remote Code Execution via Format String
Details
Vulnerabilities 389
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits