Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Format string vulnerability in ALPass 2.7 English and 3.02 Korean might allow user-assisted remote attackers to execute arbitrary code via format string specifiers in an fnm field in a folder-name record in an ALPASS DB (APW) file.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
ALPass导入APW文件缓冲区溢出漏洞
Vulnerability Description
ALPass是由韩国人开发的网站和论坛、电子邮件ID和口令管理工具。 ALPass允许在口令文件中创建文件夹以便于组织站点信息。在从外部资源导入APW文件时,文件夹名称记录是从APW文件读取并解密的,以下是解密后的文件夹名称记录的内容: fnm:TESTFOLDER sp:y fid:1 pid:0 然后未经任何过滤便将文件夹名称传送给了sprintf()函数,这可能导致格式串问题,例如,如果用户受骗导入了包含有fnm:%n%n%n%n%n%n%n%n的特制APW文件做为文件夹名称,对sprintf()的
CVSS Information
N/A
Vulnerability Type
N/A