cfingerd lists all users on a system via search.**@target.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| infodrom | cfingerd | 1.2.2 |
Buffer overflow in cfingerd allows local users to gain root privileges via a long GECOS field.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| infodrom | cfingerd | 1.4.2 |
Cfingerd with ALLOW_EXECUTION enabled does not properly drop privileges when it executes a program on behalf of the user, allowing local users to gain root privileges.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| infodrom | cfingerd | * |
Format string vulnerability in Infodrom cfingerd 1.4.3 and earlier allows a remote attacker to gain additional privileges via a malformed ident reply that is passed to the syslog function.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-193,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| infodrom | cfingerd | * |
Buffer overflow in cfingerd 1.4.3 and earlier with the ALLOW_LINE_PARSING option enabled allows local users to execute arbitrary code via a long line in the .nofinger file.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| infodrom | cfingerd | 1.4.3 |
| infodrom | cfingerd | 1.4.2 |
| infodrom | cfingerd | 1.4.1 |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Infodrom Software E-Invoice Approval System allows SQL Injection.This issue affects E-Invoice Approval System: before v.20230701.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| cve@usom.gov.tr | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| infodrom | e-invoice_approval_system | * |
Plaintext Storage of a Password vulnerability in Infodrom Software E-Invoice Approval System allows Read Sensitive Strings Within an Executable.This issue affects E-Invoice Approval System: before v.20230701.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| cve@usom.gov.tr | 9.1 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H | 2.3 | 6.0 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| infodrom | e-invoice_approval_system | * |