CyberSec.Space Logo
Back to CVE Browser

CVE-2007-1485

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.0080%
EPSS Percentile36.91th
PublishedMar 16, 2007
Last ModifiedApr 23, 2026

Vulnerability Description

Buffer overflow in the set_umask function in QFTP in LIBFtp 3.1-1 allows local users to execute arbitrary code via a long -m argument. NOTE: CVE disputes this issue because QFTP is not setuid, and it is unlikely that there are web interfaces to QFTP that would accept untrusted command line arguments

Affected Platforms (CPE)

πŸ“¦
Ftplib

Ftplib

= 3.1-1

References & Advisories

πŸ”— http://osvdb.org/35089
πŸ”— http://securityreason.com/securityalert/2443
πŸ”— http://www.securityfocus.com/archive/1/462952/100/0/threaded
πŸ”— http://www.securityfocus.com/bid/22986
πŸ”— http://osvdb.org/35089
πŸ”— http://securityreason.com/securityalert/2443
πŸ”— http://www.securityfocus.com/archive/1/462952/100/0/threaded
πŸ”— http://www.securityfocus.com/bid/22986

Related Vulnerabilities

CVE-2007-182210.0

Alcatel-Lucent Lucent Technologies voice mail systems allow remote attackers to retrieve or remove messages, or reconfigure mailbo...

CVE-2007-186610.0

Stack-based buffer overflow in the dns_decode_reverse_name function in dns_decode.c in dproxy-nexgen allows remote attackers to ex...

CVE-2007-350010.0

Xeweb XEForum allows remote attackers to gain privileges via a modified xeforum cookie.

CVE-2007-186710.0

Buffer overflow in IrfanView 3.99 allows remote attackers to execute arbitrary code via a crafted animated cursor (ANI) file.