CVE-2006-4127

high

Description

Multiple format string vulnerabilities in DConnect Daemon 0.7.0 and earlier allow remote administrators to execute arbitrary code via format string specifiers that are not properly handled when calling the (1) privmsg() or (2) pubmsg functions from (a) cmd.user.c, (b) penalties.c, or (c) cmd.dc.c.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/28280

http://www.vupen.com/english/advisories/2006/3181

http://www.securityfocus.com/archive/1/442440/100/0/threaded

http://www.dc.ds.pg.gda.pl/?page=doc&doc=changelog

http://www.dc.ds.pg.gda.pl/

http://securityreason.com/securityalert/1377

http://secunia.com/advisories/21384

Details

Source: Mitre, NVD

Published: 2006-08-14

Updated: 2026-04-16

Risk Information

CVSS v2

Base Score: 4.6

Vector: CVSS2#AV:N/AC:H/Au:S/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 7.2

Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Severity: High

EPSS

EPSS: 0.01514