CVE-2007-2059
published 2007-04-18CVE-2007-2059: Multiple buffer overflows in the ESA protocol implementation in eIQnetworks Enterprise Security Analyzer (ESA) 2.5 allow remote attackers to execute arbitrary…
PriorityP348critical10CVSS 2.0
AVNACLAuNCCICAC
EXPLOIT
EPSS
7.29%
93.6th percentile
Multiple buffer overflows in the ESA protocol implementation in eIQnetworks Enterprise Security Analyzer (ESA) 2.5 allow remote attackers to execute arbitrary code via a long parameter to the (1) DELETESEARCHFOLDER, (2) DELTASK, (3) HMGR_CHECKHOSTSCSV, (4) TASKUPDATEDUSER, (5) VERIFYUSERKEY, or (6) VERIFYPWD command.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| eiqnetworks | enterprise_security_analyzer | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-fh85-pv2m-cvhw: Multiple buffer overflows in the ESA protocol implementation in eIQnetworks Enterprise Security Analyzer (ESA) 2
ghsa_unreviewed·2022-05-01
CVE-2007-2059 [HIGH] GHSA-fh85-pv2m-cvhw: Multiple buffer overflows in the ESA protocol implementation in eIQnetworks Enterprise Security Analyzer (ESA) 2
Multiple buffer overflows in the ESA protocol implementation in eIQnetworks Enterprise Security Analyzer (ESA) 2.5 allow remote attackers to execute arbitrary code via a long parameter to the (1) DELETESEARCHFOLDER, (2) DELTASK, (3) HMGR_CHECKHOSTSCSV, (4) TASKUPDATEDUSER, (5) VERIFYUSERKEY, or (6) VERIFYPWD command.
GHSA
GHSA-c6jg-f33g-jwfh: Stack-based buffer overflow in eIQNetworks Enterprise Security Analyzer (ESA) 2
ghsa_unreviewed·2022-05-01·CVSS 10.0
CVE-2007-5699 [CRITICAL] CWE-119 GHSA-c6jg-f33g-jwfh: Stack-based buffer overflow in eIQNetworks Enterprise Security Analyzer (ESA) 2
Stack-based buffer overflow in eIQNetworks Enterprise Security Analyzer (ESA) 2.5 allows remote attackers to execute arbitrary code via certain data on TCP port 10616 that results in a long argument to the SEARCHREPORT command, a different vector than CVE-2007-2059.
No detection rules found.
No writeups or analysis indexed.
http://secunia.com/advisories/24881http://www.infigo.hr/en/in_focus/advisories/INFIGO-2007-04-05http://www.securityfocus.com/archive/1/465488/100/0/threadedhttp://www.vupen.com/english/advisories/2007/1380https://exchange.xforce.ibmcloud.com/vulnerabilities/33646http://secunia.com/advisories/24881http://www.infigo.hr/en/in_focus/advisories/INFIGO-2007-04-05http://www.securityfocus.com/archive/1/465488/100/0/threadedhttp://www.vupen.com/english/advisories/2007/1380https://exchange.xforce.ibmcloud.com/vulnerabilities/33646
2007-04-18
Published