cbcvebase.
CVE-2007-5825
published 2007-11-05

CVE-2007-5825: Format string vulnerability in the ws_addarg function in webserver.c in mt-dappd in Firefly Media Server 0.2.4 and earlier allows remote attackers to execute…

PriorityP344high7.5CVSS 2.0
AVNACLAuNCPIPAP
EPSS
3.72%
88.4th percentile
Format string vulnerability in the ws_addarg function in webserver.c in mt-dappd in Firefly Media Server 0.2.4 and earlier allows remote attackers to execute arbitrary code via a stats method action to /xml-rpc with format string specifiers in the (1) username or (2) password portion of base64-encoded data on the "Authorization: Basic" HTTP header line.

Affected

1 ranges
VendorProductVersion rangeFixed in
fireflymedia_server
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.