CVE-2007-3388
published 2007-08-03CVE-2007-3388: Multiple format string vulnerabilities in (1) qtextedit.cpp, (2) qdatatable.cpp, (3) qsqldatabase.cpp, (4) qsqlindex.cpp, (5) qsqlrecord.cpp, (6) qglobal.cpp…
PriorityP335medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EPSS
4.20%
89.7th percentile
Multiple format string vulnerabilities in (1) qtextedit.cpp, (2) qdatatable.cpp, (3) qsqldatabase.cpp, (4) qsqlindex.cpp, (5) qsqlrecord.cpp, (6) qglobal.cpp, and (7) qsvgdevice.cpp in QTextEdit in Trolltech Qt 3 before 3.3.8 20070727 allow remote attackers to execute arbitrary code via format string specifiers in text used to compose an error message.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| trolltech | qt | <= 3.3.7 | — |
CVSS provenance
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
vendor_redhat6.8MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-f86g-8g2c-pghw: Multiple format string vulnerabilities in (1) qtextedit
ghsa_unreviewed·2022-05-03
CVE-2007-3388 [MEDIUM] GHSA-f86g-8g2c-pghw: Multiple format string vulnerabilities in (1) qtextedit
Multiple format string vulnerabilities in (1) qtextedit.cpp, (2) qdatatable.cpp, (3) qsqldatabase.cpp, (4) qsqlindex.cpp, (5) qsqlrecord.cpp, (6) qglobal.cpp, and (7) qsvgdevice.cpp in QTextEdit in Trolltech Qt 3 before 3.3.8 20070727 allow remote attackers to execute arbitrary code via format string specifiers in text used to compose an error message.
Ubuntu
Qt vulnerability
vendor_ubuntu·2007-08-03
CVE-2007-3388 Qt vulnerability
Title: Qt vulnerability
Summary: Qt vulnerability
Several format string vulnerabilities have been discovered in Qt
warning messages. By causing an application to process specially
crafted input data which triggered Qt warnings, this could be
exploited to execute arbitrary code with the privilege of the user
running the application.
Instructions: After a standard system upgrade you should restart your KDE session to
to effect the necessary changes.
Red Hat
qt3 format string flaw
vendor_redhat·2007-07-27·CVSS 6.8
CVE-2007-3388 [MEDIUM] qt3 format string flaw
qt3 format string flaw
Multiple format string vulnerabilities in (1) qtextedit.cpp, (2) qdatatable.cpp, (3) qsqldatabase.cpp, (4) qsqlindex.cpp, (5) qsqlrecord.cpp, (6) qglobal.cpp, and (7) qsvgdevice.cpp in QTextEdit in Trolltech Qt 3 before 3.3.8 20070727 allow remote attackers to execute arbitrary code via format string specifiers in text used to compose an error message.
Red Hat
CVE-2007-1287: A regression error in the phpinfo function in PHP 4
vendor_redhat·CVSS 4.3
CVE-2007-1287 [MEDIUM] CVE-2007-1287: A regression error in the phpinfo function in PHP 4
A regression error in the phpinfo function in PHP 4.4.3 to 4.4.6, and PHP 6.0 in CVS, allows remote attackers to conduct cross-site scripting (XSS) attacks via GET, POST, or COOKIE array values, which are not escaped in the phpinfo output, as originally fixed for CVE-2005-3388.
Statement: The phpinfo function should not be used in publically-accessible PHP scripts.
No detection rules found.
No public exploits indexed.
ftp://patches.sgi.com/support/free/security/advisories/20070801-01-P.aschttp://bugs.gentoo.org/show_bug.cgi?id=185446http://dist.trolltech.com/developer/download/170529.diffhttp://fedoranews.org/updates/FEDORA-2007-221.shtmlhttp://fedoranews.org/updates/FEDORA-2007-703.shtmlhttp://secunia.com/advisories/24460http://secunia.com/advisories/26264http://secunia.com/advisories/26284http://secunia.com/advisories/26291http://secunia.com/advisories/26295http://secunia.com/advisories/26298http://secunia.com/advisories/26306http://secunia.com/advisories/26385http://secunia.com/advisories/26607http://secunia.com/advisories/26804http://secunia.com/advisories/26852http://secunia.com/advisories/26882http://secunia.com/advisories/27996http://secunia.com/advisories/28021http://security.gentoo.org/glsa/glsa-200712-08.xmlhttp://securitytracker.com/id?1018485http://support.avaya.com/elmodocs2/security/ASA-2007-388.htmhttp://trolltech.com/company/newsroom/announcements/press.2007-07-27.7503755960http://www.debian.org/security/2007/dsa-1426http://www.gentoo.org/security/en/glsa/glsa-200708-16.xmlhttp://www.gentoo.org/security/en/glsa/glsa-200710-28.xmlhttp://www.mandriva.com/security/advisories?name=MDKSA-2007:151http://www.novell.com/linux/security/advisories/2007_48_qt3.htmlhttp://www.redhat.com/support/errata/RHSA-2007-0721.htmlhttp://www.securityfocus.com/archive/1/475480/30/5550/threadedhttp://www.securityfocus.com/bid/25154http://www.slackware.org/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.354168http://www.ubuntu.com/usn/usn-495-1http://www.vupen.com/english/advisories/2007/2733https://issues.rpath.com/browse/RPL-1597https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9690ftp://patches.sgi.com/support/free/security/advisories/20070801-01-P.aschttp://bugs.gentoo.org/show_bug.cgi?id=185446http://dist.trolltech.com/developer/download/170529.diffhttp://fedoranews.org/updates/FEDORA-2007-221.shtmlhttp://fedoranews.org/updates/FEDORA-2007-703.shtmlhttp://secunia.com/advisories/24460http://secunia.com/advisories/26264http://secunia.com/advisories/26284http://secunia.com/advisories/26291http://secunia.com/advisories/26295http://secunia.com/advisories/26298http://secunia.com/advisories/26306http://secunia.com/advisories/26385http://secunia.com/advisories/26607http://secunia.com/advisories/26804http://secunia.com/advisories/26852http://secunia.com/advisories/26882http://secunia.com/advisories/27996http://secunia.com/advisories/28021http://security.gentoo.org/glsa/glsa-200712-08.xmlhttp://securitytracker.com/id?1018485http://support.avaya.com/elmodocs2/security/ASA-2007-388.htmhttp://trolltech.com/company/newsroom/announcements/press.2007-07-27.7503755960http://www.debian.org/security/2007/dsa-1426http://www.gentoo.org/security/en/glsa/glsa-200708-16.xmlhttp://www.gentoo.org/security/en/glsa/glsa-200710-28.xmlhttp://www.mandriva.com/security/advisories?name=MDKSA-2007:151http://www.novell.com/linux/security/advisories/2007_48_qt3.htmlhttp://www.redhat.com/support/errata/RHSA-2007-0721.htmlhttp://www.securityfocus.com/archive/1/475480/30/5550/threadedhttp://www.securityfocus.com/bid/25154http://www.slackware.org/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.354168http://www.ubuntu.com/usn/usn-495-1http://www.vupen.com/english/advisories/2007/2733https://issues.rpath.com/browse/RPL-1597https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9690
2007-08-03
Published