CVE-2007-5497

Multiple integer overflows in libext2fs in e2fsprogs before 1.40.3 allow user-assisted remote attackers to execute arbitrary code via a crafted filesystem image.

Publication date: Fri, 07 Dec 2007 17:46:00 +0000

Cyber News related to CVE-2007-5497

CVE-2015-2503 - Microsoft Access 2007 SP3, Excel 2007 SP3, InfoPath 2007 SP3, OneNote 2007 SP3, PowerPoint 2007 SP3, Project 2007 SP3, Publisher 2007 SP3, Visio 2007 SP3, Word 2007 SP3, Office 2007 IME (Japanese) SP3, Access 2010 SP2, Excel 2010 SP2, InfoPath 2010 ...
5 years ago

CVE-2007-5186 - PHP remote file inclusion vulnerability in index.php in Segue CMS 1.8.4 and earlier, when register_globals is disabled, allows remote attackers to execute arbitrary PHP code via a URL in the themesdir parameter, a different vector than CVE-2006-5497. ...
6 years ago

CVE-2007-5497 - Multiple integer overflows in libext2fs in e2fsprogs before 1.40.3 allow user-assisted remote attackers to execute arbitrary code via a crafted filesystem image. ...
1 year ago

CVE-2006-5722 - Multiple PHP remote file inclusion vulnerabilities in Segue CMS 1.5.9 and earlier, when magic_quotes_gpc is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the theme parameter to (1) themesettings.php or (2) index.php, a ...
13 years ago

CVE-2015-5497 - Cross-site scripting (XSS) vulnerability in the Web Links module 6.x-2.x before 6.x-2.6 and 7.x-1.x before 7.x-1.0 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors. ...
8 years ago

CVE-2016-5497 - Unspecified vulnerability in the RDBMS Security component in Oracle Database Server 12.1.0.2 allows local users to affect confidentiality, integrity, and availability via unknown vectors. ...
6 years ago

CVE-2013-5497 - The authentication manager process in the web framework in Cisco Intrusion Prevention System (IPS) does not properly handle user tokens, which allows remote attackers to cause a denial of service (intermittent MainApp hang) via a crafted ...
6 years ago

CVE-2008-5497 - BandSite CMS 1.1.4 allows remote attackers to bypass authentication and gain administrative access by setting the login_auth cookie to true. ...
6 years ago

CVE-2006-5497 - PHP remote file inclusion vulnerability in themes/program/themesettings.inc.php in Segue CMS 1.5.8 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the themesdir parameter. ...
6 years ago

CVE-2018-5497 - Clustered Data ONTAP versions prior to 9.1P16, 9.3P10 and 9.4P5 are susceptible to a vulnerability which discloses sensitive information to an unauthorized user. ...
5 years ago

CVE-2019-5497 - NetApp AFF A700s Baseboard Management Controller (BMC) firmware versions 1.22 and higher were shipped with a default account enabled that could allow unauthorized arbitrary command execution. ...
3 years ago

CVE-2020-5497 - The OpenID Connect reference implementation for MITREid Connect through 1.3.3 allows XSS due to userInfoJson being included in the page unsanitized. This is related to header.tag. The issue can be exploited to execute arbitrary JavaScript. ...
1 year ago

CVE-2012-5497 - membership_tool.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to enumerate user account names via a crafted URL. ...
1 year ago

CVE-2023-5497 - A vulnerability classified as critical has been found in Tongda OA 2017 11.10. Affected is an unknown function of the file general/hr/salary/welfare_manage/delete.php. The manipulation of the argument WELFARE_ID leads to sql injection. It is possible ...
8 months ago

CVE-2024-5497 - Out of bounds memory access in Browser UI in Google Chrome prior to 125.0.6422.141 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security ...
5 days ago

CVE-2024-38565 - In the Linux kernel, the following vulnerability has been resolved: wifi: ar5523: enable proper endpoint verification Syzkaller reports [1] hitting a warning about an endpoint in use not having an expected type to it. Fix the issue by checking for ...
2 weeks ago Tenable.com

CVE-2013-6078 - The default configuration of EMC RSA BSAFE Toolkits and RSA Data Protection Manager (DPM) 20130918 uses the Dual Elliptic Curve Deterministic Random Bit Generation (Dual_EC_DRBG) algorithm, which makes it easier for context-dependent attackers to ...
10 years ago

CVE-2011-1892 - Microsoft Office Groove 2007 SP2, SharePoint Workspace 2010 Gold and SP1, Office Forms Server 2007 SP2, Office SharePoint Server 2007 SP2, Office SharePoint Server 2010 Gold and SP1, Office Groove Data Bridge Server 2007 SP2, Office Groove Management ...
5 years ago

CVE-2015-0085 - Use-after-free vulnerability in Microsoft Office 2007 SP3, Excel 2007 SP3, PowerPoint 2007 SP3, Word 2007 SP3, Office 2010 SP2, Excel 2010 SP2, PowerPoint 2010 SP2, Word 2010 SP2, Office 2013 Gold and SP1, Word 2013 Gold and SP1, Office 2013 RT Gold ...
5 years ago

CVE-2016-0012 - Microsoft Office 2007 SP3, Excel 2007 SP3, PowerPoint 2007 SP3, Visio 2007 SP3, Word 2007 SP3, Office 2010 SP2, Excel 2010 SP2, PowerPoint 2010 SP2, Visio 2010 SP2, Word 2010 SP2, Office 2013 SP1, Excel 2013 SP1, PowerPoint 2013 SP1, Visio 2013 SP1, ...
5 years ago

CVE-2007-4246 - Unspecified vulnerability, possibly a buffer overflow, in Justsystem Ichitaro 2007 and earlier allows remote attackers to execute arbitrary code via a modified document, as actively exploited in August 2007 by malware such as Tarodrop.D (Tarodrop.Q), ...
6 years ago

CVE-2007-0222 - Directory traversal vulnerability in the EmChartBean server side component for Oracle Application Server 10g allows remote attackers to read arbitrary files via unknown vectors, probably "\.." sequences in the beanId parameter. NOTE: this is ...
5 years ago

CVE-2007-2135 - The ADI_BINARY component in the Oracle E-Business Suite allows remote attackers to download arbitrary documents from the APPS.FND_DOCUMENTS table via the ADI_DISPLAY_REPORT function, when passed a certain parameter. NOTE: due to lack of details from ...
5 years ago

CVE-2007-2170 - The APPLSYS.FND_DM_NODES package in Oracle E-Business Suite does not check for valid sessions, which allows remote attackers to delete arbitrary nodes. NOTE: due to lack of details from Oracle, it is not clear whether this issue is related to other ...
5 years ago

CVE-2007-2841 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2007-3947. Reason: This candidate is a reservation duplicate of CVE-2007-3947. Notes: All CVE users should reference CVE-2007-3947 instead of this candidate. All references and ...
54 years ago Tenable.com

Latest Cyber News

CVE-2024-21778 - 1 minute ago
CVE-2024-39475 - 1 minute ago
CVE-2024-39895 - 3 hours ago
CVE-2024-39701 - 3 hours ago
CVE-2024-39312 - 3 hours ago
CVE-2024-34702 - 3 hours ago
CVE-2023-39017 - 3 hours ago
CVE-2024-39473 - 3 hours ago
CVE-2024-39472 - 3 hours ago
CVE-2024-39477 - 3 hours ago
CVE-2024-39474 - 3 hours ago
CVE-2024-39476 - 3 hours ago
CVE-2024-6523 - 4 hours ago
CVE-2024-34481 - 4 hours ago
CVE-2024-39937 - 4 hours ago
CVE-2024-39943 - 4 hours ago
CVE-2024-37768 - 4 hours ago
CVE-2024-23997 - 4 hours ago
CVE-2024-39936 - 4 hours ago
CVE-2024-23998 - 4 hours ago

Cyber Trends (last 7 days)

Okta - 7 months ago
23andMe - 7 months ago
Kimsuky - 7 months ago
LogoFAIL - 7 months ago
Gh0st rat - 7 months ago

Trending Cyber News (last 7 days)

CVE-2023-49593 - 4 hours ago
CVE-2023-49073 - 4 hours ago
CVE-2023-47856 - 4 hours ago
CVE-2023-47677 - 4 hours ago
CVE-2023-45742 - 4 hours ago
CVE-2023-45215 - 4 hours ago
CVE-2023-41251 - 4 hours ago
CVE-2023-34435 - 4 hours ago
CVE-2024-6564 - 4 hours ago
CVE-2024-6563 - 4 hours ago
CVE-2024-39699 - 4 hours ago
CVE-2024-39695 - 4 hours ago
CVE-2024-39203 - 4 hours ago
CVE-2024-39202 - 4 hours ago
CVE-2024-31504 - 4 hours ago
CVE-2024-23562 - 4 hours ago
CVE-2024-21778 - 1 minute ago
CVE-2023-50383 - 4 hours ago
CVE-2023-50330 - 4 hours ago
CVE-2023-50243 - 4 hours ago