CyberSec.Space Logo
CVEブラウザに戻る

CVE-2008-1136

CRITICAL
9.3
CVSS Severity Score
EPSS Score0.0380%
EPSS Percentile5.90th
Published2008年3月4日
Last Modified2026年4月23日

Vulnerability Description

The Utils::runScripts function in src/utils.cpp in vdccm 0.92 through 0.10.0 in SynCE (SynCE-dccm) allows remote attackers to execute arbitrary commands via shell metacharacters in a certain string to TCP port 5679.

Affected Platforms (CPE)

📦
Synce

Synce

= 0.10.0
📦
Synce

Synce

= 0.92

References & Advisories

🔗 http://secunia.com/advisories/29228
🔗 http://secunia.com/advisories/29285
🔗 http://securityreason.com/securityalert/3710
🔗 http://sourceforge.net/forum/forum.php?forum_id=766440
🔗 http://www.coresecurity.com/?action=item&id=2070
🔗 http://www.securityfocus.com/archive/1/485884/100/0/threaded
🔗 http://www.securityfocus.com/bid/27178
🔗 http://www.securityfocus.com/bid/28141

関連する脆弱性情報

CVE-2001-098110.0

HP CIFS/9000 Server (SAMBA) A.01.07 and earlier with the "unix password sync" option enabled calls the passwd program without spec...

CVE-2000-049310.0

Buffer overflow in Simple Network Time Sync (SMTS) daemon allows remote attackers to cause a denial of service and possibly execut...

CVE-2021-2879910.0

An improper authorization vulnerability has been reported to affect QNAP NAS running HBS 3 (Hybrid Backup Sync. ) If exploited, th...

CVE-2007-421910.0

Integer overflow in the RPCFN_SYNC_TASK function in StRpcSrv.dll, as used by the ServerProtect service (SpntSvc.exe), in Trend Mic...