CVE-2007-5321
published 2007-10-09CVE-2007-5321: Directory traversal vulnerability in index.php in Verlihub Control Panel (VHCP) 1.7 and earlier allows remote attackers to include arbitrary files via a .…
PriorityP335medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EXPLOIT
EPSS
2.33%
81.5th percentile
Directory traversal vulnerability in index.php in Verlihub Control Panel (VHCP) 1.7 and earlier allows remote attackers to include arbitrary files via a .. (dot dot) in the page parameter.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| verlihub-project | verlihub_control_panel | — | — |
CVSS provenance
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
vendor_redhat7.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-x5wq-3jr3-4r5c: Directory traversal vulnerability in index
ghsa_unreviewed·2022-05-01
CVE-2007-5321 [MEDIUM] CWE-22 GHSA-x5wq-3jr3-4r5c: Directory traversal vulnerability in index
Directory traversal vulnerability in index.php in Verlihub Control Panel (VHCP) 1.7 and earlier allows remote attackers to include arbitrary files via a .. (dot dot) in the page parameter.
Red Hat
kernel: Improper initialization of videobuf_mapping data structures
vendor_redhat·2017-04-24·CVSS 7.8
CVE-2007-6761 [HIGH] CWE-200 kernel: Improper initialization of videobuf_mapping data structures
kernel: Improper initialization of videobuf_mapping data structures
drivers/media/video/videobuf-vmalloc.c in the Linux kernel before 2.6.24 does not initialize videobuf_mapping data structures, which allows local users to trigger an incorrect count value and videobuf leak via unspecified vectors, a different vulnerability than CVE-2010-5321.
Statement: This issue did not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 6, 7 and Red Hat Enterprise MRG.
Red Hat Enterprise Linux 5 is now in Extended Life-cycle Support phase of the support and maintenance life cycle. This has been rated as having Moderate security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle
Red Hat
kernel: v4l: videobuf: hotfix a bug on multiple calls to mmap()
vendor_redhat·2010-07-29·CVSS 7.8
CVE-2010-5321 [HIGH] kernel: v4l: videobuf: hotfix a bug on multiple calls to mmap()
kernel: v4l: videobuf: hotfix a bug on multiple calls to mmap()
Memory leak in drivers/media/video/videobuf-core.c in the videobuf subsystem in the Linux kernel 2.6.x through 4.x allows local users to cause a denial of service (memory consumption) by leveraging /dev/video access for a series of mmap calls that require new allocations, a different vulnerability than CVE-2007-6761. NOTE: as of 2016-06-18, this affects only 11 drivers that have not been updated to use videobuf2 instead of videobuf.
Statement: This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5. This issue does affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 6, 7 and Red Hat Enterprise MRG 2.
Based on the absence of upstream patch addressing this issue in
No detection rules found.
No writeups or analysis indexed.
http://osvdb.org/37612http://secunia.com/advisories/27113http://www.securityfocus.com/bid/25968http://www.vupen.com/english/advisories/2007/3421https://exchange.xforce.ibmcloud.com/vulnerabilities/37002https://www.exploit-db.com/exploits/4494http://osvdb.org/37612http://secunia.com/advisories/27113http://www.securityfocus.com/bid/25968http://www.vupen.com/english/advisories/2007/3421https://exchange.xforce.ibmcloud.com/vulnerabilities/37002https://www.exploit-db.com/exploits/4494
2007-10-09
Published