Format string vulnerability in the -a option (daemon mode) in Proxytunnel before 1.2.3 allows remote attackers to execute arbitrary code via format string specifiers in an invalid proxy answer.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| proxytunnel | proxytunnel | 1.2_.0 |
| proxytunnel | proxytunnel | 1.0.6 |
| proxytunnel | proxytunnel | 1.1.3 |
| proxytunnel | proxytunnel | 1.2.2 |
Unspecified vulnerability in cmdline.c in proxytunnel 1.1.3 and earlier allows local users to obtain proxy credentials (username or password) of other users.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| proxytunnel | proxytunnel | 1.0.6 |
| proxytunnel | proxytunnel | 1.1.3 |