CVE-2007-3911

critical

Description

Multiple heap-based buffer overflows in (1) clsscheduler.exe (aka scheduler client) and (2) srvscheduler.exe (aka scheduler server) in BakBone NetVault Reporter 3.5 before Update4 allow remote attackers to execute arbitrary code via long filename arguments in HTTP requests.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/35588

http://www.zerodayinitiative.com/advisories/ZDI-07-044.html

http://www.vupen.com/english/advisories/2007/2658

http://www.securitytracker.com/id?1018460

http://www.securityfocus.com/bid/25068

http://www.securityfocus.com/archive/1/474626/100/0/threaded

http://securityreason.com/securityalert/2954

http://secunia.com/advisories/26222

Details

Source: Mitre, NVD

Published: 2007-07-30

Updated: 2025-04-09

Risk Information

CVSS v2

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Severity: Critical

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.19743