CVEブラウザに戻る

CVE-2007-3911

CRITICAL

10.0

CVSS Severity Score

EPSS Score0.0690%

EPSS Percentile38.40th

Published2007年7月30日

Last Modified2026年4月23日

Vulnerability Description

Multiple heap-based buffer overflows in (1) clsscheduler.exe (aka scheduler client) and (2) srvscheduler.exe (aka scheduler server) in BakBone NetVault Reporter 3.5 before Update4 allow remote attackers to execute arbitrary code via long filename arguments in HTTP requests.

Affected Platforms (CPE)

📦

Bakbone

Netvault Reporter

<= 3.5update3

References & Advisories

🔗 http://secunia.com/advisories/26222

🔗 http://securityreason.com/securityalert/2954

🔗 http://www.securityfocus.com/archive/1/474626/100/0/threaded

🔗 http://www.securityfocus.com/bid/25068

🔗 http://www.securitytracker.com/id?1018460

🔗 http://www.vupen.com/english/advisories/2007/2658

🔗 http://www.zerodayinitiative.com/advisories/ZDI-07-044.html

🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/35588

関連する脆弱性情報

CVE-2007-005710.0

Cisco Clean Access (CCA) 3.6.x through 3.6.4.2 and 4.0.x through 4.0.3.2 does not properly configure or allow modification of a sh...

CVE-2007-049610.0

PHP remote file inclusion vulnerability in lib/nl/nl.php in Neon Labs Website (nlws) 3.2 and earlier allows remote attackers to ex...

CVE-2007-350010.0

Xeweb XEForum allows remote attackers to gain privileges via a modified xeforum cookie.

CVE-2007-010010.0

The Perforce client does not restrict the set of files that it overwrites upon receiving a request from the server, which allows r...