7.5

CVE-2007-5265

Exploit

EPSS 14.94%
Veröffentlicht 08.10.2007 21:17:00
Zuletzt bearbeitet 09.04.2025 00:30:58
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

Multiple format string vulnerabilities in websrv.cpp in Dawn of Time 1.69s beta4 and earlier allow remote attackers to execute arbitrary code via format string specifiers in the (1) username or (2) password fields when accessing certain "restricted zones", which are not properly handled by the (a) processWebHeader and (b) filterWebRequest functions.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 11

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Dawnoftime ≫ Dawn Of Time Version <= 1.69s_beta4

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	14.94%	0.945

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

CWE-134 Use of Externally-Controlled Format String

The product uses a function that accepts a format string as an argument, but the format string originates from an external source.

http://aluigi.altervista.org/adv/dawnfs-adv.txt

Exploit

http://forums.dawnoftime.org/viewtopic.php?t=2102

http://secunia.com/advisories/27083

Vendor Advisory

http://securityreason.com/securityalert/3201

http://www.securityfocus.com/archive/1/481619/100/0/threaded

http://www.securityfocus.com/bid/25944

Exploit

http://www.vupen.com/english/advisories/2007/3418

https://exchange.xforce.ibmcloud.com/vulnerabilities/36973

https://nvd.nist.gov/vuln/detail/CVE-2007-5265

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2007-5265

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2007-5265

EUVD