Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2007-5253

EPSS 10.25% · P93
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2007-5253

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
c32web.exe in McMurtrey/Whitaker Cart32 before 6.4 allows remote attackers to read arbitrary files via the ImageName parameter in a GetImage action, by appending a NULL byte (%00) sequence followed by an image file extension, as demonstrated by a request for a ".txt%00.gif" file. NOTE: this might be a directory traversal vulnerability.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
McMurtrey/Whitaker Cart32 'c32web.exe' 文件请求漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
McMurtrey/Whitaker Cart32版本之前的版本6.4中的c32web.exe允许远程攻击者可以借助一个GetImage操作中的ImageName 参数读取任意文件,该参数在一个图像文件扩展名后附加医药股 NULL byte (%00)序列。例如一个".txt%00.gif"文件中的一个请求。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
-n/a n/a -

II. Public POCs for CVE-2007-5253

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2007-5253

Please Login to view more intelligence information

Same Patch Batch · n/a · 2007-10-06 · 76 CVEs total

CVE-2004-2693HP-UX权限许可和访问控制漏洞
CVE-2007-5241HP OpenVMS 'NET$CSMACD.EXE' 缓冲区溢出漏洞
CVE-2007-5249Americasarmy America's Army Special Forces Unreal engine中的注册函数缓冲区溢出漏洞
CVE-2007-5248id Software Doom 3 Engine Punkbuster 多重格式字符串漏洞
CVE-2007-5247Monolith Productions First Encounter Assault Recon 格式化字符串漏洞
CVE-2007-5246Borland InterBase和Firebird数据库多个远程栈缓冲区溢出漏洞
CVE-2007-5245Borland Firebird数据库多个远程栈缓冲区溢出漏洞
CVE-2007-5244Borland InterBase数据库多个远程栈缓冲区溢出漏洞
CVE-2007-5243Borland InterBase和Firebird数据库多个远程栈缓冲区溢出漏洞
CVE-2004-2694Microsoft Microsoft Outlook_Express权限许可和访问控制漏洞
CVE-2007-5250Americasarmy America's Army Special Forces Unreal engine 拒绝服务漏洞
CVE-2004-2692php-exec-dir补丁命令访问限制绕过漏洞
CVE-2004-2691带防火墙3Com SuperStack 3 4400 switches拒绝服务漏洞
CVE-2004-2690NewsPHP Administration Pane文件上传不受限漏洞
CVE-2004-2689NewsPHP权限许可和访问控制漏洞
CVE-2004-2688newsPHP跨站脚本漏洞
CVE-2005-4871IBM DB2 XML函数文件建立漏洞
CVE-2005-4870IBM DB2 XML函数远程缓冲区溢出漏洞
CVE-2005-4869IBM DB2 to_char和to_date函数本地拒绝服务漏洞
CVE-2005-4868IBM DB2 Universal Database信息泄露漏洞

Showing top 20 of 76 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: n/a
Same vendor: n/a

V. Comments for CVE-2007-5253

No comments yet

Leave a comment