K51484039: PHP 'snmp.c' remote format string vulnerability CVE-2016-4071

Security Advisory Description Format string vulnerability in the phpsnmperror function in ext/snmp/snmp.c in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allows remote attackers to execute arbitrary code via format string specifiers in an SNMP::get call. CVE-2016-4071 Impact There...

CVE-2023-23783

A use of externally-controlled format string in Fortinet FortiWeb version 7.0.0 through 7.0.1, FortiWeb 6.4 all versions allows attacker to execute unauthorized code or commands via specially crafted command arguments...

CVE-2023-23783

CVE-2023-23783 relates to Fortinet FortiWeb, where a vulnerability stems from an externally-controlled format string in the command line interface. Affected products include FortiWeb 7.0.0–7.0.1 and FortiWeb 6.4 (all versions). The root cause is improper handling of format strings, which could al...

FortiWeb - format string vulnerability in the CLI

A format string vulnerability CWE-134 in the command line interpreter of FortiWeb may allow an authenticated user to execute unauthorized code or commands via specially crafted command arguments...

Fortinet FortiWeb 格式化字符串错误漏洞

Fortinet FortiWeb is a web application layer firewall from Fortinet that blocks threats such as cross-site scripting, SQL injection, cookie poisoning, schema poisoning and other attacks, secures web applications and protects sensitive database content. A formatted string error vulnerability exist...

SUSE CVE-2000-0573

The lreply function in wu-ftpd 2.6.0 and earlier does not properly cleanse an untrusted format string, which allows remote attackers to execute arbitrary commands via the SITE EXEC command...

SUSE CVE-2000-0666

rpc.statd in the nfs-utils package in various Linux distributions does not properly cleanse untrusted format strings, which allows remote attackers to gain root privileges...

SUSE CVE-2002-1215

Multiple format string vulnerabilities in heartbeat 0.4.9 and earlier claimed as buffer overflows in some sources allow remote attackers to execute arbitrary code via certain packets to UDP port 694 incorrectly claimed as TCP in some sources...

SUSE CVE-2003-0289

Format string vulnerability in scsiopen.c of the cdrecord program in cdrtools 2.0 allows local users to gain privileges via format string specifiers in the dev parameter...

SUSE CVE-2003-0852

Format string vulnerability in sendmessage.c for Sylpheed-claws 0.9.4 through 0.9.6 allows remote SMTP servers to cause a denial of service crash in sylpheed via format strings in an error message...

SUSE CVE-2003-0886

Format string vulnerability in hfaxd for Hylafax 4.1.7 and earlier allows remote attackers to execute arbitrary code...

SUSE CVE-2003-0978

Format string vulnerability in gpgkeyshkp experimental HKP interface for the GnuPG gpg client 1.2.3 and earlier, and 1.3.3 and earlier, allows remote attackers or a malicious keyserver to cause a denial of service crash and possibly execute arbitrary code during key retrieval...

SUSE CVE-2004-0104

Multiple format string vulnerabilities in Metamail 2.7 and earlier allow remote attackers to execute arbitrary code...

SUSE CVE-2004-0153

Multiple format string vulnerabilities in emil 2.1.0 and earlier may allow remote attackers to execute arbitrary code by triggering certain error messages...

SUSE CVE-2004-0179

Multiple format string vulnerabilities in 1 neon 0.24.4 and earlier, and other products that use neon including 2 Cadaver, 3 Subversion, and 4 OpenOffice, allow remote malicious WebDAV servers to execute arbitrary code...

SUSE CVE-2004-0232

Multiple format string vulnerabilities in Midnight Commander mc before 4.6.0 may allow attackers to cause a denial of service or execute arbitrary code...

SUSE CVE-2004-0453

Format string vulnerability in the monitor "memory dump" command in VICE 1.6 to 1.14 allows local users to cause a denial of service emulator crash and possibly execute arbitrary code via format string specifiers in an output string...

SUSE CVE-2004-0536

Format string vulnerability in Tripwire commercial 4.0.1 and earlier, including 2.4, and open source 2.3.1 and earlier, allows local users to gain privileges via format string specifiers in a file name, which is used in the generation of an email report...

SUSE CVE-2004-0623

Format string vulnerability in misc.c in GNU GNATS 4.00 may allow remote attackers to execute arbitrary code via format string specifiers in a string that gets logged by syslog...

SUSE CVE-2004-0777

Format string vulnerability in the authdebug function in Courier-IMAP 1.6.0 through 2.2.1 and 3.x through 3.0.3, when login debugging DEBUGLOGIN is enabled, allows remote attackers to execute arbitrary code...