Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the wp-pagenavi domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/u918112125/domains/exploit.company/public_html/wp-includes/functions.php on line 6114
Multiple vulnerabilities in Vavoom - exploit.company
header-logo
Suggest Exploit
vendor:
Vavoom
by:
7.5
CVSS
HIGH
Buffer Overflow, Format String, Denial of Service
CWE
Product Name: Vavoom
Affected Version From:
Affected Version To: 1.23
Patch Exists: YES
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:

Multiple vulnerabilities in Vavoom

An attacker can exploit these issues to execute arbitrary code within the context of the affected application or crash the application, denying service to legitimate users.

Mitigation:

Update to version 1.24 or later.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/25436/info

Vavoom is prone to multiple remote vulnerabilities, including a buffer-overflow issue, a format-string issue, and a denial-of-service issue.

An attacker can exploit these issues to execute arbitrary code within the context of the affected application or crash the application, denying service to legitimate users.

Vavoom 1.24 is vulnerable; prior versions may also be affected. 

For the format-string vulnerability, an attacker sends a chat message containing '%n%n%n%n%s' string.

Navigation

Suggest Exploit

Services By CQR