CVE-2004-1500

Format string vulnerability in the Lithtech engine, as used in multiple games, allows remote authenticated users to cause a denial of service application crash via format string specifiers in 1 a nickname or 2 a message...

CVE-2004-1522

Format string vulnerability in Army Men RTS 1.0 allows remote attackers to cause a denial of service application crash via a nickname that contains format strings...

CVE-2004-2026

Format string vulnerability in the logmsg function in svc.c for Pound 1.5 and earlier allows remote attackers to execute arbitrary code via format string specifiers in syslog messages...

CVE-2004-2074

Format string vulnerability in Dream FTP 1.02 allows local users to cause a denial of service crash via format string specifiers in the 1 PASS or 2 RETR commands...

CVE-2004-2238

Format string vulnerability in vsybase.c in vpopmail 5.4.2 and earlier has unknown impact and attack vectors. NOTE: in a followup post, it was observed that the source code used constants that, when compiled, became static format strings. Thus this is not a vulnerability...

CVE-2004-2264

Format string bug in the openaltfile function in filename.c for GNU less 382, 381, and 358 might allow local users to cause a denial of service or possibly execute arbitrary code via format strings in the LESSOPEN environment variable. NOTE: since less is not setuid or setgid, then this is not a...

CVE-2004-2434

Microsoft Internet Explorer 6.0 SP1 allows remote attackers to cause a denial of service browser crash via a link with "::" colon colon left brace, which triggers a null dereference when the user attempts to save the link using "Save As" and Internet Explorer prepares an error message with an...

CVE-2004-2523

Format string vulnerability in the msg command catmessage function in msg.c in OpenFTPD 0.30.2 and earlier allows remote authenticated users to execute arbitrary code via format string specifiers in the message argument...

CVE-2004-1388

Format string vulnerability in the gpsdreport function for BerliOS GPD daemon gpsd, formerly pygps 1.9.0 through 2.7 allows remote attackers to execute arbitrary code via certain GPS requests containing format string specifiers that are not properly handled in syslog calls...

DEBIAN-CVE-2004-2386

Format string vulnerability in the LogMsg function in sercd before 2.3.1 and sredird 2.2.1 and earlier allows remote attackers to execute arbitrary code via format string specifiers passed from the HandleCPCCommand function...

CVE-2004-2714

Unspecified vulnerability in Window Maker 0.80.2 and earlier allows attackers to perform unknown actions via format string specifiers in a font specification in WMGLOBAL, probably a format string vulnerability...

CVE-2004-1484

Format string vulnerability in the msg function in error.c in socat 1.4.0.3 and earlier, when used as an HTTP proxy client and run with the -ly option, allows remote attackers or local users to execute arbitrary code via format string specifiers in a syslog message...

DEBIAN-CVE-2004-1484

Format string vulnerability in the msg function in error.c in socat 1.4.0.3 and earlier, when used as an HTTP proxy client and run with the -ly option, allows remote attackers or local users to execute arbitrary code via format string specifiers in a syslog message...

DEBIAN-CVE-2004-1471

Format string vulnerability in wrapper.c in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16 allows remote attackers with CVSROOT commit access to cause a denial of service application crash and possibly execute arbitrary code via format string specifiers in a wrapper line...

CVE-2004-0998

CVE-2004-0998 is a format-string vulnerability in telnetd-ssl versions up to 0.17.17+0.1-2woody3 (stable) / 0.17.24+0.1-6 (sid) that allows a remote attacker to execute arbitrary code. Debian's DSA-616-1 confirms a remote, format-string flaw in netkit-telnet-ssl with a fixed upgrade path to the c...

CVE-2004-2160

Format string vulnerability in xmlelem.c for XMLStarlet Command Line XML Toolkit 0.9.3 may allow attackers to cause a denial of service or execute arbitrary code...

DEBIAN-CVE-2004-2714

Unspecified vulnerability in Window Maker 0.80.2 and earlier allows attackers to perform unknown actions via format string specifiers in a font specification in WMGLOBAL, probably a format string vulnerability...

CVE-2004-1471

Format string vulnerability in wrapper.c in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16 allows remote attackers with CVSROOT commit access to cause a denial of service application crash and possibly execute arbitrary code via format string specifiers in a wrapper line...

DEBIAN-CVE-2004-2026

Format string vulnerability in the logmsg function in svc.c for Pound 1.5 and earlier allows remote attackers to execute arbitrary code via format string specifiers in syslog messages...

CVE-2004-2026

Format string vulnerability in the logmsg function in svc.c for Pound 1.5 and earlier allows remote attackers to execute arbitrary code via format string specifiers in syslog messages...