2 results (0.009 seconds)

CVSS: 10.0EPSS: 0%CPEs: 15EXPL: 0

Format string vulnerability in ez-ipupdate.c for ez-ipupdate 3.0.10 through 3.0.11b8, when running in daemon mode with certain service types in use, allows remote servers to execute arbitrary code. • http://lists.grok.org.uk/pipermail/full-disclosure/2004-November/028590.html http://secunia.com/advisories/13167 http://www.debian.org/security/2004/dsa-592 http://www.gentoo.org/security/en/glsa/glsa-200411-20.xml http://www.mandriva.com/security/advisories?name=MDKSA-2004:129 http://www.securityfocus.com/bid/11657 https://exchange.xforce.ibmcloud.com/vulnerabilities/18032 •

CVSS: 2.1EPSS: 0%CPEs: 2EXPL: 0

ez-ipupdate 3.0.11b7 and earlier creates insecure temporary cache files, which allows local users to conduct unauthorized operations via a symlink attack on the ez-ipupdate.cache file. • http://cvs.mandriva.com/cgi-bin/viewcvs.cgi/SPECS/ez-ipupdate/ez-ipupdate.spec?r1=1.4&r2=1.5 http://cvs.mandriva.com/cgi-bin/viewcvs.cgi/SPECS/ez-ipupdate/ez-ipupdate.spec?rev=1.6 •