Format String Error

Home/Alerts/Alert detail/

Risk:
Medium

Type:
Active

CWE:
CWE-134

Summary: A Format String error occurs when the submitted data of an input string is evaluated as a command by the application.

Solution: Rewrite the background program using proper deletion of bad character strings. This will require a recompile of the background executable.

Other info: Potential Format String Error. The script closed the connection on a /%s

References: https://owasp.org/www-community/attacks/Format_string_attack

Top Security News

Massive PSAUX ransomware attack targets 22,000 CyberPanel instances

Truist Bank confirms breach after stolen data shows up on hacking forum

Millions of Synology NAS devices vulnerable to zero-click attacks (CVE-2024-10443)

Microsoft SharePoint RCE bug exploited to breach corporate network

CISA proposes new security requirements to protect govt, personal data

LiteSpeed Cache WordPress plugin bug lets hackers get admin access

DDoS site Dstat.cc seized and two suspects arrested in Germany

Google patches actively exploited Android vulnerability (CVE-2024-43093)

Common Alerts

LowInformation Disclosure - Debug Error Messages via WebSocket

InformationalCSP: Header & Meta

MediumSource Code Disclosure - SVN

HighExternal Redirect

InformationalSec-Fetch-User Header Has an Invalid Value

HighSource Code Disclosure - Git

MediumApplication Error Disclosure

HighSQL Injection - MySQL

InformationalHTTP Parameter Pollution

InformationalInformation Disclosure - Suspicious Comments in XML via WebSocket

Top CVE List

CVE-2024-38094 Microsoft SharePoint Deserialization Vulnerability

CVE-2022-3075 Google Chromium Mojo Insufficient Data Validation Vulnerability

CVE-2024-8957 PTZOptics PT30X-SDI/NDI Cameras OS Command Injection Vulnerability

CVE-2024-37383 RoundCube Webmail Cross-Site Scripting (XSS) Vulnerability

CVE-2024-20481 Cisco ASA and FTD Denial-of-Service Vulnerability

CVE-2024-8956 PTZOptics PT30X-SDI/NDI Cameras Authentication Bypass Vulnerability

CVE-2020-3452 Cisco ASA and FTD Read-Only Path Traversal Vulnerability

CVE-2020-3837 Apple Multiple Products Memory Corruption Vulnerability

CVE-2021-34486 Microsoft Windows Event Tracing Privilege Escalation Vulnerability

CVE-2022-22948 VMware vCenter Server Incorrect Default File Permissions Vulnerability

Common CWEs

CWE-536 Servlet Runtime Error Message Containing Sensitive Information

CWE-35 Path Traversal: '.../...//'

CWE-1092 Use of Same Invokable Control Element in Multiple Architectural Layers

CWE-1066 Missing Serialization Control Element

CWE-495 Private Data Structure Returned From A Public Method

CWE-430 Deployment of Wrong Handler

CWE-105 Struts: Form Field Without Validator

CWE-1284 Improper Validation of Specified Quantity in Input

CWE-683 Function Call With Incorrect Order of Arguments

CWE-412 Unrestricted Externally Accessible Lock

Free security scan for your website

Don't show website scan report rating on the leaderboard