QwikSec

Security Database

CVE

CWE

Training

CVE-2007-5825

Published: Nov 5, 2007

Modified: Aug 7, 2024

PUBLISHED

Description

Format string vulnerability in the ws_addarg function in webserver.c in mt-dappd in Firefly Media Server 0.2.4 and earlier allows remote attackers to execute arbitrary code via a stats method action to /xml-rpc with format string specifiers in the (1) username or (2) password portion of base64-encoded data on the "Authorization: Basic" HTTP header line.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

vendor-advisory

x_refsource_DEBIAN

vdb-entry

x_refsource_BID

20071102 [UPH-07-03] Firefly Media Server remote format string vulnerability

mailing-list

x_refsource_BUGTRAQ

20071102 Re: [UPH-07-03] Firefly Media Server remote format string vulnerability

mailing-list

x_refsource_BUGTRAQ

third-party-advisory

x_refsource_SECUNIA

firefly-addarg-format-string(38243)

vdb-entry

x_refsource_XF

http://sourceforge.net/project/shownotes.php?group_id=98211&release_id=548679

x_refsource_CONFIRM

http://bugs.gentoo.org/show_bug.cgi?id=200110

x_refsource_MISC

third-party-advisory

x_refsource_SECUNIA

vendor-advisory

x_refsource_GENTOO

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.