The NIST SP 800-90A default statement of the Dual Elliptic Curve Deterministic Random Bit Generation (Dual_EC_DRBG) algorithm contains point Q constants with a possible relationship to certain "skeleton key" values, which might allow context-dependent attackers to defeat cryptographic protection mechanisms by leveraging knowledge of those values. NOTE: this is a preliminary CVE for Dual_EC_DRBG; future research may provide additional details about point Q and associated attacks, and could potentially lead to a RECAST or REJECT of this CVE.
Memory leak in a certain Red Hat patch, applied to vsftpd 2.0.5 on Red Hat Enterprise Linux (RHEL) 5 and Fedora 6 through 8, and on Foresight Linux and rPath appliances, allows remote attackers to cause a denial of service (memory consumption) via a large number of CWD commands, as demonstrated by an attack on a daemon with the deny_file configuration option.
Unspecified vulnerability in OpenSSL before A.00.09.07l on HP-UX B.11.11, B.11.23, and B.11.31 allows local users to cause a denial of service via unspecified vectors.
Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.
The date handling code in modules/proxy/proxy_util.c (mod_proxy) in Apache 2.3.0, when using a threaded MPM, allows remote origin servers to cause a denial of service (caching forward proxy process crash) via crafted date headers that trigger a buffer over-read.
PHP 5 before 5.2.3 does not enforce the open_basedir or safe_mode restriction in certain cases, which allows context-dependent attackers to determine the existence of arbitrary files by checking if the readfile function returns a string. NOTE: this issue might also involve the realpath function.
The MS-RPC functionality in smbd in Samba 3.0.0 through 3.0.25rc3 allows remote attackers to execute arbitrary commands via shell metacharacters involving the (1) SamrChangePassword function, when the "username map script" smb.conf option is enabled, and allows remote authenticated users to execute commands via shell metacharacters involving other MS-RPC functions in the (2) remote printer and (3) file share management.
- mr-l0n3lly/CVE-2007-2447
- testaross4/CVE-2007-2447
- Nosferatuvjr/Samba-Usermap-exploit
- k4u5h41/usermap_script_CVE-2007-2447
- 0xConstant/CVE-2007-2447
- s4msec/CVE-2007-2447
- xbufu/CVE-2007-2447
- 3t4n/samba-3.0.24-CVE-2007-2447-vunerable-
- Alien0ne/CVE-2007-2447
- cherrera0001/CVE-2007-2447
- G01d3nW01f/CVE-2007-2447
- un4gi/CVE-2007-2447
- ozuma/CVE-2007-2447
- 0xKn/CVE-2007-2447
- Ziemni/CVE-2007-2447-in-Python
- WildfootW/CVE-2007-2447_Samba_3.0.25rc3
- xlcc4096/exploit-CVE-2007-2447
- amriunix/CVE-2007-2447
- 3x1t1um/CVE-2007-2447
- JoseBarrios/CVE-2007-2447
- b1fair/smb_usermap
- Unix13/metasploitable2
- Aviksaikat/CVE-2007-2447
- HerculesRD/PyUsernameMapScriptRCE
- crypticdante/CVE-2007-2447
- bdunlap9/CVE-2007-2447_python
- MikeRega7/CVE-2007-2447-RCE
- 0xTabun/CVE-2007-2447
- ShivamDey/Samba-CVE-2007-2447-Exploit
- mmezirard/cve-2007-2447
Logic error in the SID/Name translation functionality in smbd in Samba 3.0.23d through 3.0.25pre2 allows local users to gain temporary privileges and execute SMB/CIFS protocol operations via unspecified vectors that cause the daemon to transition to the root user.
A flaw was found in StarWind iSCSI target. An attacker could script standard iSCSI Initiator operation(s) to exhaust the StarWind service socket, which could lead to denial of service. This affects iSCSI SAN (Windows Native) Version 3.2.2 build 2007-02-20.
A vulnerability, which was classified as critical, has been found in web-cyradm. Affected by this issue is some unknown functionality of the file auth.inc.php. The manipulation of the argument login/login_password/LANG leads to sql injection. The attack may be launched remotely. The name of the patch is 2bcbead3bdb5f118bf2c38c541eaa73c29dcc90f. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217640.
A vulnerability classified as problematic has been found in web-cyradm. This affects an unknown part of the file search.php. The manipulation of the argument searchstring leads to sql injection. It is recommended to apply a patch to fix this issue. The identifier VDB-217449 was assigned to this vulnerability.
