CVE-2007-3011
published 2007-07-05CVE-2007-3011: The DBAsciiAccess CGI Script in the web interface in Fujitsu-Siemens Computers ServerView before 4.50.09 allows remote attackers to execute arbitrary commands…
PriorityP346high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
4.17%
89.6th percentile
The DBAsciiAccess CGI Script in the web interface in Fujitsu-Siemens Computers ServerView before 4.50.09 allows remote attackers to execute arbitrary commands via shell metacharacters in the Servername subparameter of the ParameterList parameter.
Affected
33 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| fujitsu | serverview | — | — |
| fujitsu | serverview | — | — |
| fujitsu | serverview | — | — |
| fujitsu | serverview | — | — |
| fujitsu | serverview | — | — |
| fujitsu | serverview | — | — |
| fujitsu | serverview | — | — |
| fujitsu | serverview | — | — |
| fujitsu | serverview | — | — |
| fujitsu | serverview | — | — |
| fujitsu | serverview | — | — |
| fujitsu | serverview | — | — |
| fujitsu | serverview | — | — |
| fujitsu | serverview | — | — |
| fujitsu | serverview | — | — |
| fujitsu | serverview | — | — |
| fujitsu | serverview | — | — |
| fujitsu | serverview | — | — |
| fujitsu | serverview | — | — |
| fujitsu | serverview | — | — |
| fujitsu | serverview | — | — |
| fujitsu | serverview | — | — |
| fujitsu | serverview | — | — |
| fujitsu | serverview | — | — |
| fujitsu | serverview | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
FSD 2.052/3.000 - 'servinterface.cc servinterface::sendmulticast' 'PIcallsign' Command Remote Overflow
exploitdb·2007-10-01
CVE-2007-5256 FSD 2.052/3.000 - 'servinterface.cc servinterface::sendmulticast' 'PIcallsign' Command Remote Overflow
FSD 2.052/3.000 - 'servinterface.cc servinterface::sendmulticast' 'PIcallsign' Command Remote Overflow
---
source: https://www.securityfocus.com/bid/25883/info
FSD is prone to multiple remote buffer-overflow vulnerabilities because the application fails to perform adequate boundary-checks on user-supplied data.
An attacker can exploit these issues to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.
These issues affect FSD 2.052 d9 and 3.0000 d9; other versions may also be affected.
A]
connect with nc or telnet to port 3010 (sometimes it can be 3011, but
it's easy to recognize since it shows a "FSD>" prompt) and then send:
HELP aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa...(more_than_100_'a's)...aaaa
Exploit-DB
Fujitsu ServerView 4.50.8 - DBASCIIAccess Remote Command Execution
exploitdb·2007-07-03
CVE-2007-3011 Fujitsu ServerView 4.50.8 - DBASCIIAccess Remote Command Execution
Fujitsu ServerView 4.50.8 - DBASCIIAccess Remote Command Execution
---
source: https://www.securityfocus.com/bid/24762/info
Fujitsu ServerView is prone to a remote command-execution vulnerability because it fails to adequately sanitize user-supplied data.
Attackers can exploit this issue to execute arbitrary commands with the privileges of the affected application. Successful attacks will compromise the application and underlying webserver; other attacks are also possible.
Versions prior to Fujitsu ServerView 4.50.09 are vulnerable.
http://www.example.com/cgi-bin/ServerView/
SnmpView/DBAsciiAccess
?SSL=
&Application=ServerView/SnmpView
&Submit=Submit
&UserID=1
&Profile=
&DBAccess=ASCII
&Viewing=-1
&Action=Show
&ThisApplication=TestConnectivityFrame
&DBElement=ServerName
&DBValue=bcme
No writeups or analysis indexed.
http://osvdb.org/37835http://secunia.com/advisories/25944http://securityreason.com/securityalert/2858http://www.redteam-pentesting.de/advisories/rt-sa-2007-002.phphttp://www.securityfocus.com/archive/1/472800/100/0/threadedhttp://www.securityfocus.com/bid/24762http://www.vupen.com/english/advisories/2007/2441https://exchange.xforce.ibmcloud.com/vulnerabilities/35257http://osvdb.org/37835http://secunia.com/advisories/25944http://securityreason.com/securityalert/2858http://www.redteam-pentesting.de/advisories/rt-sa-2007-002.phphttp://www.securityfocus.com/archive/1/472800/100/0/threadedhttp://www.securityfocus.com/bid/24762http://www.vupen.com/english/advisories/2007/2441https://exchange.xforce.ibmcloud.com/vulnerabilities/35257
2007-07-05
Published