CVE-2007-0957

Stack-based buffer overflow in the krb5klogsyslog function in the kadm5 library, as used by the Kerberos administration daemon kadmind and Key Distribution Center KDC, in MIT krb5 before 1.6.1 allows remote authenticated users to execute arbitrary code and modify the Kerberos key database via...

Format string

Multiple format string vulnerabilities in comm.c in Rhapsody IRC 0.28b allow remote attackers to execute arbitrary code via format string specifiers to the createctcpmessage function using the message argument to the 1 me or 2 ctcp commands, and possibly related vectors involving the 3 whois, 4...

CVE-2007-0645

Format string vulnerability in iPhoto 6.0.5 allows remote user-assisted attackers to cause a denial of service crash via format string specifiers in a filename, which is not properly handled when calling certain Apple AppKit functions...

Format string

Format string vulnerability in Help Viewer 3.0.0 allows remote user-assisted attackers to cause a denial of service crash via format string specifiers in a filename, which is not properly handled when calling the NSBeginAlertSheet Apple AppKit function...

Format string

Format string vulnerability in Apple Safari 2.0.4 419.3 allows remote user-assisted attackers to cause a denial of service crash via format string specifiers in filenames that are not properly handled when calling the 1 NSLog and 2 NSBeginAlertSheet Apple AppKit functions...

Format string

Format string vulnerability in iPhoto 6.0.5 allows remote user-assisted attackers to cause a denial of service crash via format string specifiers in a filename, which is not properly handled when calling certain Apple AppKit functions...

CVE-2007-0255

XINE 0.99.4 allows user-assisted remote attackers to cause a denial of service application crash and possibly execute arbitrary code via a certain M3U file that contains a long EXTINF line and contains format string specifiers in an invalid udp:// URI, possibly a variant of CVE-2007-0017...

CVE-2006-5033

Unspecified vulnerability in StoresAndCalendarsList.cgi in Paul Smith Computer Services vCAP 1.9.0 Beta and earlier allows remote attackers to cause a denial of service via the session parameter, possibly related to format string specifiers or malformed URL encoding...

CVE-2006-5033

Unspecified vulnerability in StoresAndCalendarsList.cgi in Paul Smith Computer Services vCAP 1.9.0 Beta and earlier allows remote attackers to cause a denial of service via the session parameter, possibly related to format string specifiers or malformed URL encoding...

CVE-2006-3908

Format string vulnerability in the flushoutput function in ConsoleStreambuf.cpp in Game Network Engine GNE 0.70 and earlier allows remote attackers to cause a denial of service crash and possibly execute code via format string specifiers in unspecified vectors involving output to the gout console...

Format string

Format string vulnerability in ANSI C Sender Policy Framework library libspf before 1.0.0-p5, when debugging is enabled, allows remote attackers to execute arbitrary code via format string specifiers, possibly in an e-mail address...

Format string

Format string vulnerability in the IMAP4rev1 server in Alt-N MDaemon 8.1.1 and possibly 8.1.4 allows remote attackers to cause a denial of service CPU consumption by creating and then listing folders whose names contain format string specifiers...

CVE-2004-2489

Format string vulnerability in IBM Informix Dynamic Server IDS before 9.40.xC3 allows local users to execute arbitrary code via a modified INFORMIXDIR environment variable that points to a file with format string specifiers in the filename...

CVE-2005-3262

Format string vulnerability in RARLAB WinRAR 2.90 through 3.50 allows remote attackers to execute arbitrary code via format string specifiers in a UUE/XXE file, which are not properly handled when WinRAR displays diagnostic errors related to an invalid filename...

CVE-2005-2375

Format string vulnerability in Race Driver 1.20 and earlier allows remote attackers to cause a denial of service application crash via format string specifiers in a 1 nickname or 2 chat message...

CVE-2001-1562

CVE-2001-1562 affects the nvi editor; it is a format string vulnerability in which, before version 1.79, local users could gain privileges via format specifiers embedded in a filename. The Debian advisory DSA-085-1 and OpenVAS entries reiterate that nvi (and nvi-m17n) needed updates to address th...

CVE-2005-1122

Format string vulnerability in cgi.c for Monkey daemon monkeyd before 0.9.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via an HTTP GET request containing double-encoded format string specifiers aka "double expansion error"...

CVE-2005-0687

CVE-2005-0687 describes a format string vulnerability in Hashcash 1.16. An attacker can exploit malformed reply addresses to cause memory consumption DoS and potentially execute arbitrary code when printing the header. The issue is documented in multiple sources (NVD, CVE listings, GLSA 200503-12...

CVE-2004-1388

Format string vulnerability in the gpsdreport function for BerliOS GPD daemon gpsd, formerly pygps 1.9.0 through 2.7 allows remote attackers to execute arbitrary code via certain GPS requests containing format string specifiers that are not properly handled in syslog calls...

CVE-2004-2523

Format string vulnerability in the msg command catmessage function in msg.c in OpenFTPD 0.30.2 and earlier allows remote authenticated users to execute arbitrary code via format string specifiers in the message argument...