Lucene search
K

45 matches found

ATTACKERKB
ATTACKERKB
added 2007/04/30 10:19 p.m.4 views

CVE-2007-2053

Multiple stack-based buffer overflows in AFFLIB before 2.2.6 allow remote attackers to cause a denial of service crash or possibly execute arbitrary code via 1 a long LastModified value in an S3 XML response in lib/s3.cpp; 2 a long a path or b bucket in an S3 URL in lib/vnodes3.cpp; or 3 a long c...

10CVSS6.6AI score0.06711EPSS
Exploits0References9
Prion
Prion
added 2007/04/30 10:19 p.m.18 views

Format string

Multiple format string vulnerabilities in AFFLIB before 2.2.6 allow remote attackers to execute arbitrary code via certain command line parameters, which are used in 1 warn and 2 err calls in a lib/s3.cpp, b tools/afconvert.cpp, c tools/afcopy.cpp, d tools/afinfo.cpp, e aimage/aimage.cpp, f...

7.5CVSS8.1AI score0.03384EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2007/04/30 10:19 p.m.18 views

CVE-2007-2055

AFFLIB 2.2.8 and earlier allows attackers to execute arbitrary commands via shell metacharacters involving 1 certain command line parameters in tools/afconvert.cpp and 2 arguments to the getparameter function in aimage/ident.cpp. NOTE: it is unknown if the getparameter vector 2 is ever called...

7.5CVSS7.6AI score0.02225EPSS
Exploits0References5
Prion
Prion
added 2007/04/30 10:19 p.m.20 views

Stack overflow

Multiple stack-based buffer overflows in AFFLIB before 2.2.6 allow remote attackers to cause a denial of service crash or possibly execute arbitrary code via 1 a long LastModified value in an S3 XML response in lib/s3.cpp; 2 a long a path or b bucket in an S3 URL in lib/vnodes3.cpp; or 3 a long c...

10CVSS8.8AI score0.06711EPSS
Exploits0References8Affected Software1
NVD
NVD
added 2007/04/30 10:19 p.m.27 views

CVE-2007-2054

Multiple format string vulnerabilities in AFFLIB before 2.2.6 allow remote attackers to execute arbitrary code via certain command line parameters, which are used in 1 warn and 2 err calls in a lib/s3.cpp, b tools/afconvert.cpp, c tools/afcopy.cpp, d tools/afinfo.cpp, e aimage/aimage.cpp, f...

7.5CVSS7.7AI score0.03384EPSS
Exploits0References4
Prion
Prion
added 2007/04/30 10:19 p.m.24 views

Format string

Multiple format string vulnerabilities in AFFLIB 2.2.6 allow remote attackers to execute arbitrary code via certain command line parameters, which are used in 1 warn and 2 err calls, possibly involving a lib/s3.cpp, b tools/afconvert.cpp, c tools/afcopy.cpp, d tools/afinfo.cpp, e aimage/imager.cp...

10CVSS8.2AI score0.05133EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2007/04/30 10:19 p.m.15 views

CVE-2007-2053

Multiple stack-based buffer overflows in AFFLIB before 2.2.6 allow remote attackers to cause a denial of service crash or possibly execute arbitrary code via 1 a long LastModified value in an S3 XML response in lib/s3.cpp; 2 a long a path or b bucket in an S3 URL in lib/vnodes3.cpp; or 3 a long c...

10CVSS8.1AI score0.06711EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2007/04/30 10:19 p.m.3 views

CVE-2007-2056

Rejected reason: The getlock function in aimage/aimage.cpp in AFFLIB 2.2.8 and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary lock files aka "time-of-check-time-of-use file race". NOTE: the researcher has retracted the original advisory, stating that "th...

5.9AI score
Exploits0References1
NVD
NVD
added 2007/04/30 10:19 p.m.20 views

CVE-2007-2352

Multiple format string vulnerabilities in AFFLIB 2.2.6 allow remote attackers to execute arbitrary code via certain command line parameters, which are used in 1 warn and 2 err calls, possibly involving a lib/s3.cpp, b tools/afconvert.cpp, c tools/afcopy.cpp, d tools/afinfo.cpp, e aimage/imager.cp...

10CVSS7.8AI score0.05133EPSS
Exploits0References3
Prion
Prion
added 2007/04/30 10:19 p.m.19 views

Command injection

AFFLIB 2.2.8 and earlier allows attackers to execute arbitrary commands via shell metacharacters involving 1 certain command line parameters in tools/afconvert.cpp and 2 arguments to the getparameter function in aimage/ident.cpp. NOTE: it is unknown if the getparameter vector 2 is ever called...

7.5CVSS8.1AI score0.02225EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2007/04/30 10:0 p.m.22 views

CVE-2007-2055

AFFLIB 2.2.8 and earlier allows attackers to execute arbitrary commands via shell metacharacters involving 1 certain command line parameters in tools/afconvert.cpp and 2 arguments to the getparameter function in aimage/ident.cpp. NOTE: it is unknown if the getparameter vector 2 is ever called...

7.6AI score0.02225EPSS
Exploits0References5
Cvelist
Cvelist
added 2007/04/30 10:0 p.m.35 views

CVE-2007-2054

Multiple format string vulnerabilities in AFFLIB before 2.2.6 allow remote attackers to execute arbitrary code via certain command line parameters, which are used in 1 warn and 2 err calls in a lib/s3.cpp, b tools/afconvert.cpp, c tools/afcopy.cpp, d tools/afinfo.cpp, e aimage/aimage.cpp, f...

7.7AI score0.03384EPSS
Exploits0References4
CVE
CVE
added 2007/04/30 10:0 p.m.54 views

CVE-2007-2054

AFFLIB 2.2.6 and earlier contains multiple format-string vulnerabilities exposing several command-line utilities (lib/s3.cpp, tools/afconvert.cpp, tools/afcopy.cpp, tools/afinfo.cpp, aimage/aimage.cpp, aimage/imager.cpp, tools/afxml.cpp) to remote code execution via parameters used as format stri...

7.5CVSS7.8AI score0.03384EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2007/04/30 10:0 p.m.20 views

CVE-2007-2352

Multiple format string vulnerabilities in AFFLIB 2.2.6 allow remote attackers to execute arbitrary code via certain command line parameters, which are used in 1 warn and 2 err calls, possibly involving a lib/s3.cpp, b tools/afconvert.cpp, c tools/afcopy.cpp, d tools/afinfo.cpp, e aimage/imager.cp...

7.8AI score0.05133EPSS
Exploits0References3
CVE
CVE
added 2007/04/30 10:0 p.m.38 views

CVE-2007-2056

AFFLIB (AFFLIB) vulnerability CVE-2007-2056 affects the getlock function in aimage/aimage.cpp, with a time-of-check-to-time-of-use file race that could allow a local attacker to overwrite an arbitrary file. The issue is reported for AFFLIB versions 2.2.8 and earlier. The race condition occurs whe...

6.5AI score
Exploits0
CVE
CVE
added 2007/04/30 10:0 p.m.54 views

CVE-2007-2055

CVE-2007-2055 affects AFFLIB 2.2.8 and earlier, with confirmed shell metacharacter injection in two code paths: (1) command line parameters used in tools/afconvert.cpp, and (2) arguments to get_parameter in aimage/ident.cpp. The vulnerability arises from unvalidated inputs passed to subprocesses ...

7.5CVSS7.6AI score0.02225EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2007/04/30 10:0 p.m.50 views

CVE-2007-2053

AFFLIB (before 2.2.6) contains multiple stack-based buffer overflows that can be triggered remotely via: (1) a long LastModified value in an S3 XML response (lib/s3.cpp), (2) a long path or bucket in an S3 URL (lib/vnode_s3.cpp), and (3) a long EFW/AFD/aimage file path (various files). The aimage...

10CVSS8.1AI score0.06711EPSS
Exploits0References8Affected Software1
CVE
CVE
added 2007/04/30 10:0 p.m.51 views

CVE-2007-2352

Summary (CVE-2007-2352): AFFLIB before 2.2.6 contains multiple format-string vulnerabilities exploitable via command-line inputs that are used as format strings in warn/err calls. Affected components include lib/s3.cpp, tools/afconvert.cpp, tools/afcopy.cpp, tools/afinfo.cpp, aimage/imager.cpp, a...

10CVSS7.8AI score0.05133EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2007/04/30 10:0 p.m.26 views

CVE-2007-2053

Multiple stack-based buffer overflows in AFFLIB before 2.2.6 allow remote attackers to cause a denial of service crash or possibly execute arbitrary code via 1 a long LastModified value in an S3 XML response in lib/s3.cpp; 2 a long a path or b bucket in an S3 URL in lib/vnodes3.cpp; or 3 a long c...

8.1AI score0.06711EPSS
Exploits0References8
seebug.org
seebug.org
added 2007/04/29 12:0 a.m.28 views

AFFLIB多个格式串处理漏洞

AFFLIB是用于操作高级取证格式(AFF)文件的开源函数库。 AFFLIB的一些命令行工具实现上存在格式串处理漏洞,本地攻击者可能利用此漏洞提升自己的权限。 这些工具以格式串参数向warn和err调用传输一些命令行参数。如果攻击者能够影响这些命令行参数的话,就可能导致执行任意指令。 s3格式串注入 文件:lib/s3.cpp 行数:207 err调用中的一个命令行参数用作了格式串,如果攻击者能够影响名称的话就可以导致格式串注入漏洞。192-207行说明了这个问题: void s3cpconst char fname,string key struct s3headers meta2 =...

6.8AI score
Exploits0
Rows per page
Query Builder