CVE-2007-3572
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2007-3572
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
Incomplete blacklist vulnerability in cgi-bin/runDiagnostics.cgi in the web interface on the Yoggie Pico and Pico Pro allows remote attackers to execute arbitrary commands via shell metacharacters in the param parameter, as demonstrated by URL encoded "`" (backtick) characters (%60 sequences).
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Yoggie Pico/Pico Pro反引号远程命令执行漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Yoggie Pico是一款小巧的USB设备,可实现防火墙和反病毒功能。 Yoggie Pico在处理用户提交的请求数据时存在漏洞,远程攻击者可能利用此漏洞在设备上执行任意命令。 Yoggie Pico安全设备的Web接口开放了ping功能以便于诊断。这个接口以ping -c 10 <given ip>的形式将输入的IP/主机名直接传送给了ping命令,并对"&"、";"和管道执行了基本安全检查,但没有检查反引号("`"),这允许攻击者通过提交特制的URL请求在设备上以root用户权限执行任意命令。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| - | n/a | n/a | - |
II. Public POCs for CVE-2007-3572
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2007-3572
Please Login to view more intelligence information
- http://archives.neohapsis.com/archives/fulldisclosure/2007-07/0020.htmlmailing-listx_refsource_FULLDISC
- http://archives.neohapsis.com/archives/fulldisclosure/2007-07/0092.htmlmailing-listx_refsource_FULLDISC
- https://nvd.nist.gov/vuln/detail/CVE-2007-3572
Same Patch Batch · n/a · 2007-07-05 · 33 CVEs total
| CVE-2007-3581 | Jedox Palo 远程欺骗网络漏洞 | |
| CVE-2007-3571 | Apache web 远程攻击漏洞 | |
| CVE-2007-3570 | Linux Access Gateway 远程攻击漏洞 | |
| CVE-2007-3569 | Oliver 多个跨站脚本攻击漏洞 | |
| CVE-2007-3568 | ImLib库_LoadBMP函数拒绝服务漏洞 | |
| CVE-2007-3567 | MySQLDumper绕过Apache访问控制认证漏洞 | |
| CVE-2007-3012 | Fujitsu PRIMERGY BX300刀片服务器信息泄露漏洞 | |
| CVE-2007-3011 | Fujitsu ServerView DBASCIIAccess脚本远程代码执行漏洞 | |
| CVE-1999-1591 | Microsoft VisualInterDev 6.0 - IIS4无认证管理漏洞 | |
| CVE-2007-3588 | VBZooM SQL注入漏洞 | |
| CVE-2007-3587 | MyCMS 多个输入验证漏洞 | |
| CVE-2007-3586 | MyCMS 多个输入验证漏洞 | |
| CVE-2007-3585 | MyCMS 多个输入验证漏洞 | |
| CVE-2007-3584 | Postnuke PNphpBB2 SQL注入漏洞 | |
| CVE-2007-3583 | Girlserv Ads Details_News.PHP SQL注入漏洞 | |
| CVE-2007-3582 | SuperCali Index.PHP SQL注入漏洞 | |
| CVE-2007-3589 | B1GBB id参数多个SQL注入漏洞 | |
| CVE-2007-3580 | PHPIDS 远程注入漏洞 | |
| CVE-2007-3579 | PHPIDS 远程注入漏洞 | |
| CVE-2007-3578 | PHPIDS 远程注入漏洞 |
Showing top 20 of 33 CVEs. View all on vendor page → →
IV. Related Vulnerabilities
Same vendor: n/a
- CVE-2026-8226
Open5GS types.c ogs_pcc_rule_install_flow_from_media denial - CVE-2026-8225
Open5GS delete Endpoint sm-sm.c pcf_npcf_smpolicycontrol_han - CVE-2026-8224
Open5GS PCF context.c pcf_sess_set_ipv6prefix denial of serv - CVE-2026-8223
Open5GS sm-policies Endpoint pcf_sess_sbi_discover_and_send - CVE-2026-8222
Open5GS sm-policies Endpoint nbsf-handler.c pcf_nbsf_managem
V. Comments for CVE-2007-3572
No comments yet