SUSE CVE-2006-2480

Format string vulnerability in Dia 0.94 allows user-assisted attackers to cause a denial of service crash and possibly execute arbitrary code by triggering errors or warnings, as demonstrated via format string specifiers in a .bmp filename. NOTE: the original exploit was demonstrated through a...

SUSE CVE-2006-3469

Format string vulnerability in time.cc in MySQL Server 4.1 before 4.1.21 and 5.0 before 1 April 2006 allows remote authenticated users to cause a denial of service crash via a format string instead of a date as the first parameter to the dateformat function, which is later used in a formatted pri...

SUSE CVE-2006-3628

Multiple format string vulnerabilities in Wireshark aka Ethereal 0.10.x to 0.99.0 allow remote attackers to cause a denial of service and possibly execute arbitrary code via the 1 ANSI MAP, 2 Checkpoint FW-1, 3 MQ, 4 XML, and 5 NTP dissectors...

SUSE CVE-2006-4154

Format string vulnerability in the modtcl module 1.0 for Apache 2.x allows context-dependent attackers to execute arbitrary code via format string specifiers that are not properly handled in a setvar function call in 1 tclcmds.c and 2 tclcore.c...

SUSE CVE-2006-6105

Format string vulnerability in the host chooser window gdmchooser in GNOME Foundation Display Manager gdm allows local users to execute arbitrary code via format string specifiers in a hostname, which are used in an error dialog...

SUSE CVE-2006-6772

Format string vulnerability in the inputAnswer function in file.c in w3m before 0.5.2, when run with the dump or backend option, allows remote attackers to execute arbitrary code via format string specifiers in the Common Name CN field of an SSL certificate associated with an https URL...

SUSE CVE-2007-0017

Multiple format string vulnerabilities in 1 the cdiologhandler function in modules/access/cdda/access.c in the CDDA libcddaplugin plugin, and the 2 cdiologhandler and 3 vcdloghandler functions in modules/access/vcdx/access.c in the VCDX libvcdxplugin plugin, in VideoLAN VLC 0.7.0 through 0.8.6...

SUSE CVE-2007-0909

Multiple format string vulnerabilities in PHP before 5.2.1 might allow attackers to execute arbitrary code via format string specifiers to 1 all of the print functions on 64-bit systems, and 2 the odbcresultall function...

SUSE CVE-2007-0999

Format string vulnerability in Ekiga 2.0.3, and probably other versions, allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2007-1006...

SUSE CVE-2007-1007

Format string vulnerability in GnomeMeeting 1.0.2 and earlier allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via format strings in the name, which is not properly handled in a call to the gnomemeetingloginsert function...

SUSE CVE-2007-1463

Format string vulnerability in Inkscape before 0.45.1 allows user-assisted remote attackers to execute arbitrary code via format string specifiers in a URI, which is not properly handled by certain dialogs...

SUSE CVE-2007-1464

Format string vulnerability in the whiteboard Jabber protocol in Inkscape before 0.45.1 allows user-assisted remote attackers to execute arbitrary code via unspecified vectors...

SUSE CVE-2007-2953

Format string vulnerability in the helptagsone function in src/excmds.c in Vim 6.4 and earlier, and 7.x up to 7.1, allows user-assisted remote attackers to execute arbitrary code via format string specifiers in a help-tags tag in a help file, related to the helptags command...

SUSE CVE-2007-2958

Format string vulnerability in the incputerror function in src/inc.c in Sylpheed 2.4.4, and Sylpheed-Claws Claws Mail 1.9.100 and 2.10.0, allows remote POP3 servers to execute arbitrary code via format string specifiers in crafted replies...

SUSE CVE-2007-4658

The moneyformat function in PHP 5 before 5.2.4, and PHP 4 before 4.4.8, permits multiple 1 %i and 2 %n tokens, which has unknown impact and attack vectors, possibly related to a format string vulnerability...

SUSE CVE-2007-5825

Format string vulnerability in the wsaddarg function in webserver.c in mt-dappd in Firefly Media Server 0.2.4 and earlier allows remote attackers to execute arbitrary code via a stats method action to /xml-rpc with format string specifiers in the 1 username or 2 password portion of base64-encoded...

SUSE CVE-2007-6109

Stack-based buffer overflow in emacs allows user-assisted attackers to cause a denial of service application crash and possibly have unspecified other impact via a large precision value in an integer format string specifier to the format function, as demonstrated via a certain "emacs -batch -eval...

SUSE CVE-2007-6682

Format string vulnerability in the httpdFileCallBack function network/httpd.c in VideoLAN VLC 0.8.6d allows remote attackers to execute arbitrary code via format string specifiers in the Connection parameter...

SUSE CVE-2008-0072

Format string vulnerability in the emfmultipartencrypted function in mail/em-format.c in Evolution 2.12.3 and earlier allows remote attackers to execute arbitrary code via a crafted encrypted message, as demonstrated using the Version field...

SUSE CVE-2008-1333

Format string vulnerability in Asterisk Open Source 1.6.x before 1.6.0-beta6 might allow remote attackers to execute arbitrary code via logging messages that are not properly handled by 1 the astverbose logging API call, or 2 the astmanappend function...