N/A

Multiple format string vulnerabilities in the tolog function in httpdx 1.4, 1.4.5, 1.4.6, 1.4.6b, and 1.5 allow (1) remote attackers to execute arbitrary code via format string specifiers in a GET request to the HTTP server component when logging is enabled, and allow (2) remote authenticated users to execute arbitrary code via format string specifiers in a PWD command to the FTP server component.

N/A

N/A

httpdx tolog功能多个格式化字符串漏洞

httpdx是一款轻型的http和ftp服务器。 httpdx的tolog功能存在多个格式化字符串漏洞，（1）当日志功能打开时，远程攻击者可在向HTTP服务器组件发起的GET请求中通过格式化的字符串说明符执行任意代码；（2）在向FTP服务器组件发起PWD命令时，远程认证用户可通过格式化字符串说明符执行任意代码。

N/A

N/A