CVE-2007-4993

EPSS 0.26% · P50 Updated Feb 27, 2026

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2007-4993

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Description

pygrub (tools/pygrub/src/GrubConf.py) in Xen 3.0.3, when booting a guest domain, allows local users with elevated privileges in the guest domain to execute arbitrary commands in domain 0 via a crafted grub.conf file whose contents are used in exec statements.

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Title

Xen pygrub 脚本本地命令注入漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Xen是英国剑桥大学开发的一款开源的虚拟机监视器产品。该产品能够使不同和不兼容的操作系统运行在同一台计算机上，并支持在运行时进行迁移，保证正常运行并且避免宕机。 Xen的实现上存在漏洞，本地攻击者可能利用此漏洞提升自己的权限。在启动guest域时，pygrub使用Python exec()语句处理grub.conf的不可信任数据，如果创建了特制的grub.conf文件的话，guest域中的root用户就可以在Domain-0中执行任意Python代码。有漏洞的代码位于tools/pygrub/src/

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
-	n/a	n/a	-

II. Public POCs for CVE-2007-4993

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2007-4993

请登录查看更多情报信息。

http://bugzilla.xensource.com/bugzilla/show_bug.cgi?id=1068x_refsource_CONFIRM
https://issues.rpath.com/browse/RPL-1752x_refsource_CONFIRM
http://secunia.com/advisories/26986third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/27103third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/27085third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/27141third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/27072third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/27047third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/27161third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/27486third-party-advisoryx_refsource_SECUNIA
http://www.securityfocus.com/bid/25825vdb-entryx_refsource_BID
http://www.debian.org/security/2007/dsa-1384vendor-advisoryx_refsource_DEBIAN
http://www.ubuntu.com/usn/usn-527-1vendor-advisoryx_refsource_UBUNTU
http://www.vupen.com/english/advisories/2007/3348vdb-entryx_refsource_VUPEN
http://www.mandriva.com/security/advisories?name=MDKSA-2007:203vendor-advisoryx_refsource_MANDRIVA
http://www.redhat.com/support/errata/RHSA-2007-0323.htmlvendor-advisoryx_refsource_REDHAT
https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00082.htmlvendor-advisoryx_refsource_FEDORA
https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00004.htmlvendor-advisoryx_refsource_FEDORA
https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00030.htmlvendor-advisoryx_refsource_FEDORA
http://www.securityfocus.com/archive/1/481825/100/0/threadedmailing-listx_refsource_BUGTRAQ
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11240vdb-entrysignaturex_refsource_OVAL
https://nvd.nist.gov/vuln/detail/CVE-2007-4993

Same Patch Batch · n/a · 2007-09-27 · 31 CVEs total

CVE-2007-5131		Interspire Interspire ActiveKB SQL注入漏洞
CVE-2007-4671		Apple Safari 输入验证错误漏洞
CVE-2007-3761		Apple Safari 跨站脚本漏洞
CVE-2007-3760		Apple Safari 跨站脚本漏洞
CVE-2007-3759		Apple Safari 配置错误漏洞
CVE-2007-3758		Apple Safari 跨站脚本漏洞
CVE-2007-3757		Apple iPhone 输入验证错误漏洞
CVE-2007-3756		Apple Safari 信息泄露漏洞
CVE-2007-3755		Apple iPhone 输入验证错误漏洞
CVE-2007-3754		Apple iPhone授权问题漏洞
CVE-2007-3753		Apple iPhone 输入验证错误漏洞
CVE-2007-5135		OpenSSL 数字错误漏洞
CVE-2007-5134		Catalyst 6500和Cisco系列环回地址非授权访问漏洞
CVE-2007-5133		Microsoft Windows 资源管理错误漏洞
CVE-2007-5132		Sun Solaris线程处理本地拒绝服务漏洞
CVE-2007-5117		FrontAccounting'access/login.php和includes/lang/language.php'输入验证漏洞
CVE-2007-5130		Boesch-it Boesch-it SimpGB 输入验证漏洞
CVE-2007-5129		Boesch-it Boesch-it SimpGB 信息泄露漏洞
CVE-2007-5128		PHP PHP PHP 输入验证漏洞
CVE-2007-5127		SimpGB 多个跨站脚本攻击漏洞

Showing top 20 of 31 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: n/a

Same vendor: n/a

V. Comments for CVE-2007-4993

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2007-4993

I. Basic Information for CVE-2007-4993

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2007-4993

III. Intelligence Information for CVE-2007-4993

Same Patch Batch · n/a · 2007-09-27 · 31 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2007-4993

Leave a comment