CVE-2005-1121

Format string vulnerability in the my_xlog function in lib.c for Oops! Proxy Server 1.5.23 and earlier, as called by the auth functions in the passwd_mysql and passwd_pgsql modules, may allow attackers to execute arbitrary code via a URL.

Published: May 2, 2005
Updated: Apr 13, 2023
CVE: CVE-2005-1121
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:N/I:P/A:N

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
igor_khasilev / oops_proxy_server	1.5.19	1.5.19.x
igor_khasilev / oops_proxy_server	1.5.53	1.5.53.x
igor_khasilev / oops_proxy_server	1.4.22	1.4.22.x
gentoo / linux	-	-

http://rst.void.ru/papers/advisory24.txt
http://security.gentoo.org/glsa/glsa-200505-02.xml
http://www.debian.org/security/2005/dsa-726
http://www.securityfocus.com/bid/13172
https://exchange.xforce.ibmcloud.com/vulnerabilities/20191

Vulnerability Database

289,599

CVE-2005-1121