|
|
CVE Reference: CVE-2007-5825 |
|
| NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE. | |
|
Original Page at CVE MITRE: CVE-2007-5825 |
|
|
Description: Format string vulnerability in the ws_addarg function in webserver.c in mt-dappd in Firefly Media Server 0.2.4 and earlier allows remote attackers to execute arbitrary code via a stats method action to /xml-rpc with format string specifiers in the (1) username or (2) password portion of base64-encoded data on the "Authorization: Basic" HTTP header line. |
|
|
CVE Status: Candidate |
|
|
References: XF http://xforce.iss.net/xforce/xfdb/38243 SAID Secunia Advisory: SA28269 Secunia Advisory: SA30661 MISC http://bugs.gentoo.org/show_bug.cgi?id=200110 GENTOO http://www.gentoo.org/security/en/glsa/glsa-200712-18.xml DEBIAN http://www.debian.org/security/2008/dsa-1597 CONFIRM http://sourceforge.net/project/shownotes.php?group_id=98211&release_id=548679 BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/483209/100/0/threaded http://www.securityfocus.com/archive/1/archive/1/483214/100/0/threaded BID 26310 |
|
| Return to the previous page. |
