CyberSec.Space Logo
Back to CVE Browser

CVE-2007-3911

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.0690%
EPSS Percentile38.40th
PublishedJul 30, 2007
Last ModifiedApr 23, 2026

Vulnerability Description

Multiple heap-based buffer overflows in (1) clsscheduler.exe (aka scheduler client) and (2) srvscheduler.exe (aka scheduler server) in BakBone NetVault Reporter 3.5 before Update4 allow remote attackers to execute arbitrary code via long filename arguments in HTTP requests.

Affected Platforms (CPE)

πŸ“¦
Bakbone

Netvault Reporter

<= 3.5update3

References & Advisories

πŸ”— http://secunia.com/advisories/26222
πŸ”— http://securityreason.com/securityalert/2954
πŸ”— http://www.securityfocus.com/archive/1/474626/100/0/threaded
πŸ”— http://www.securityfocus.com/bid/25068
πŸ”— http://www.securitytracker.com/id?1018460
πŸ”— http://www.vupen.com/english/advisories/2007/2658
πŸ”— http://www.zerodayinitiative.com/advisories/ZDI-07-044.html
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/35588

Related Vulnerabilities

CVE-2007-195910.0

Unspecified vulnerability in the process_cmdent function in command.cpp in TinyMUX before 2.4 has unknown impact and attack vector...

CVE-2007-023610.0

Double free vulnerability in the _ATPsndrsp function in Apple Mac OS X 10.4.8, and possibly other versions, allows remote attacker...

CVE-2007-182210.0

Alcatel-Lucent Lucent Technologies voice mail systems allow remote attackers to retrieve or remove messages, or reconfigure mailbo...

CVE-2007-025410.0

Format string vulnerability in the errors_create_window function in errors.c in xine-ui allows attackers to execute arbitrary code...