3 results (0.002 seconds)

CVSS: 7.5EPSS: 11%CPEs: 16EXPL: 0

Multiple format string vulnerabilities in lib/silcclient/command.c in Secure Internet Live Conferencing (SILC) Toolkit before 1.1.10, and SILC Client 1.1.8 and earlier, allow remote attackers to execute arbitrary code via format string specifiers in a channel name, related to (1) silc_client_command_topic, (2) silc_client_command_kick, (3) silc_client_command_leave, and (4) silc_client_command_users. Múltiples vulnerabilidades de formato de cadena en lib/silcclient/command.c en Secure Internet Live Conferencing (SILC) Toolkit anteriores a v1.1.10, y SILC Client v1.1.8 y anteriores , permite a atacantes remotos ejecutar código arbitrario a través de los especificadores de cadena en el nombre de canal, relacionado con (1) silc_client_command_topic, (2) silc_client_command_kick, (3) silc_client_command_leave, y (4) silc_client_command_users. • http://secunia.com/advisories/36614 http://silcnet.org/docs/changelog/SILC%20Toolkit%201.1.10 http://silcnet.org/general/news/news_toolkit.php http://www.debian.org/security/2009/dsa-1879 http://www.mandriva.com/security/advisories?name=MDVSA-2009:234 http://www.mandriva.com/security/advisories?name=MDVSA-2009:235 http://www.openwall.com/lists/oss-security/2009/08/31/5 http://www.openwall.com/lists/oss-security/2009/09/03/5 http://www.securityfocus.com/bid/36193 • CWE-134: Use of Externally-Controlled Format String •

CVSS: 5.8EPSS: 2%CPEs: 8EXPL: 0

The silc_http_server_parse function in lib/silchttp/silchttpserver.c in the internal HTTP server in silcd in Secure Internet Live Conferencing (SILC) Toolkit before 1.1.9 allows remote attackers to overwrite a stack location and possibly execute arbitrary code via a crafted Content-Length header, related to incorrect use of a %lu format string. la funcion silc_http_server_parse en lib/silchttp/silchttpserver.c en el servidor HTTP interno en silcd en Secure Internet Live Conferencing (SILC) Toolkit anteriores a v1.1.9 permite a atacantes remotos sobrescribir un lugar de la pila y posiblemente ejecutar código arbitrario a través de una cabecera Content-Lenght, relacionada con el uso incorrecto de un formato de cadena %lu. • http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html http://secunia.com/advisories/36614 http://secunia.com/advisories/36625 http://silcnet.org/docs/changelog/SILC%20Toolkit%201.1.9 http://silcnet.org/general/news/news_toolkit.php http://www.debian.org/security/2009/dsa-1879 http://www.mandriva.com/security/advisories?name=MDVSA-2009:234 http://www.openwall.com/lists/oss-security/2009/08/31/5 http://www.openwall.com/lists/oss-security/2009/09/03&# • CWE-134: Use of Externally-Controlled Format String •

CVSS: 7.5EPSS: 9%CPEs: 15EXPL: 0

Multiple format string vulnerabilities in lib/silcclient/client_entry.c in Secure Internet Live Conferencing (SILC) Toolkit before 1.1.10, and SILC Client before 1.1.8, allow remote attackers to execute arbitrary code via format string specifiers in a nickname field, related to the (1) silc_client_add_client, (2) silc_client_update_client, and (3) silc_client_nickname_format functions. Múltiples vulnerabilidades de formato de cadena en lib/silcclient/client_entry.c de Secure Internet Live Conferencing (SILC) Toolkit anterior a v1.1.10, y SILC Client anterior a v1.1.8, permite a atacantes remotos ejecutar código de su elección a través de especificadores de formato de cadena en un campo nickname (apodo). Está relacionado con las funciones (1) silc_client_add_client, (2) silc_client_update_client y (3) silc_client_nickname_format. • http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html http://secunia.com/advisories/36134 http://secunia.com/advisories/36614 http://silcnet.org/docs/changelog/SILC%20Client%201.1.8 http://silcnet.org/docs/changelog/SILC%20Toolkit%201.1.10 http://silcnet.org/docs/release/SILC%20Client%201.1.8 http://silcnet.org/general/news/news_client.php http://silcnet.org/general/news/news_toolkit.php http://www.debian.org/security/2009/dsa-1879 http://www. • CWE-134: Use of Externally-Controlled Format String •