CVE-2010-3894

EPSS 12.0%

Stack-based buffer overflow in the Java_com_ibm_es_oss_CryptionNative_ESEncrypt function in /opt/IBM/es/lib/libffq.cryptionjni.so in the login form in the administration interface in IBM OmniFind Enterprise Edition before 8.5 FP6 allows remote attackers to execute arbitrary code via a long password.

Affected products

n/a · n/a

public PoCs found — 2

cve_referencewww.exploit-db.com/exploits/15474unverified exploitdbwww.exploit-db.com/exploits/15474unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://security.fatihkilic.de/advisory/fkilic-sa-2010-ibm-omnifind.txt http://www.exploit-db.com/exploits/15474 http://www.osvdb.org/69079 http://www.securityfocus.com/archive/1/514688/100/0/threaded http://www.securityfocus.com/bid/44740 http://www.vupen.com/english/advisories/2010/2933