[Forgot Password]
Login  Register Subscribe

24128

 
 

131615

 
 

112965

 
 

909

 
 

87888

 
 

136

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML view JSON

CVE-2006-1148Date: (C)2006-03-10   (M)2018-02-19


Multiple stack-based buffer overflows in the procConnectArgs function in servmgr.cpp in PeerCast before 0.1217 allow remote attackers to execute arbitrary code via an HTTP GET request with a long (1) parameter name or (2) value in a URL, which triggers the overflow in the nextCGIarg function in servhs.cpp.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 7.5
Exploit Score: 10.0
Impact Score: 6.4
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: PARTIAL
  
Reference:
BID-17040
SECUNIA-19169
SECUNIA-19291
http://www.securityfocus.com/archive/1/archive/1/427160/100/0/threaded
OSVDB-23777
ADV-2006-0900
GLSA-200603-17
http://www.infigo.hr/in_focus/INFIGO-2006-03-01
http://www.peercast.org/forum/viewtopic.php?t=3346
peercast-url-bo(25113)

CWE    1
CWE-119

© SecPod Technologies