Security Vulnerabilities, CVEs, Published In September 2007
CVE-2007-5107
Public exploit
Stack-based buffer overflow in the AskJeevesToolBar.SettingsPlugin.1 ActiveX control in askBar.dll in IAC Search & Media ask.com Ask Toolbar 4.0.2.53 and earlier allows remote attackers to execute arbitrary code via a long ShortFormat property value. NOTE: some of these details are obtained from third party information. NOTE: the researcher claims that this is the same as CVE-2007-5108, but there is insufficient detail for CVE-2007-5108 to be certain.
Max CVSS
9.3
EPSS Score
85.93%
Published
2007-09-26
Updated
2018-10-15
CVE-2007-5067
Public exploit
Multiple buffer overflows in iMatix Xitami Web Server 2.5c2 allow remote attackers to execute arbitrary code via a long If-Modified-Since header to (1) xigui32.exe or (2) xitami.exe.
Max CVSS
7.5
EPSS Score
95.59%
Published
2007-09-24
Updated
2017-09-29
CVE-2007-4915
Public exploit
The Intersil isl3893 extensions for Boa 0.93.15, as used on the FreeLan RO80211G-AP and other devices, do not prevent stack writes from entering memory locations used for string constants, which allows remote attackers to change the admin password stored in memory via a long username in an HTTP Basic Authentication request.
Max CVSS
10.0
EPSS Score
71.39%
Published
2007-09-17
Updated
2018-10-15
CVE-2007-4880
Public exploit
Buffer overflow in the Client Acceptor Daemon (CAD), dsmcad.exe, in certain IBM Tivoli Storage Manager (TSM) clients 5.1 before 5.1.8.1, 5.2 before 5.2.5.2, 5.3 before 5.3.5.3, and 5.4 before 5.4.1.2 allows remote attackers to execute arbitrary code via crafted HTTP headers, aka IC52905.
Max CVSS
10.0
EPSS Score
96.73%
Published
2007-09-28
Updated
2017-07-29
CVE-2007-4776
Public exploit
Buffer overflow in Microsoft Visual Basic 6.0 and Enterprise Edition 6.0 SP6 allows user-assisted remote attackers to execute arbitrary code via a Visual Basic project (vbp) file containing a long Reference line, related to VBP_Open and OLE. NOTE: there are limited usage scenarios under which this would be a vulnerability.
Max CVSS
9.3
EPSS Score
93.70%
Published
2007-09-10
Updated
2017-09-29
CVE-2007-3010
Known exploited
Public exploit
masterCGI in the Unified Maintenance Tool in Alcatel OmniPCX Enterprise Communication Server R7.1 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the user parameter during a ping action.
Max CVSS
10.0
EPSS Score
97.32%
Published
2007-09-18
Updated
2018-10-16
CISA KEV Added
2022-04-15
6 vulnerabilities found