Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-cnxw-4ree-g3ez
Summary
The hpssd daemon might allow local attackers to execute arbitrary commands
    with root privileges.
Aliases
0
alias CVE-2007-5208
Fixed_packages
0
url pkg:deb/debian/hplip@1.6.10-4.3?distro=trixie
purl pkg:deb/debian/hplip@1.6.10-4.3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/hplip@1.6.10-4.3%3Fdistro=trixie
1
url pkg:deb/debian/hplip@2.8.6.b-4%2Blenny1
purl pkg:deb/debian/hplip@2.8.6.b-4%2Blenny1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-8e1n-19ca-ayb4
1
vulnerability VCID-ajy8-wz5n-mfb2
2
vulnerability VCID-e7ce-ncn2-87dd
3
vulnerability VCID-f2yg-yaaj-uub1
4
vulnerability VCID-f39n-wae1-n3cc
5
vulnerability VCID-k8hw-71wj-dygy
6
vulnerability VCID-m5z3-fsqw-nue1
7
vulnerability VCID-mfqk-y4g4-sfa5
8
vulnerability VCID-y2pa-cbhj-r7az
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/hplip@2.8.6.b-4%252Blenny1
2
url pkg:deb/debian/hplip@3.21.2%2Bdfsg1-2?distro=trixie
purl pkg:deb/debian/hplip@3.21.2%2Bdfsg1-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/hplip@3.21.2%252Bdfsg1-2%3Fdistro=trixie
3
url pkg:deb/debian/hplip@3.22.10%2Bdfsg0-2?distro=trixie
purl pkg:deb/debian/hplip@3.22.10%2Bdfsg0-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/hplip@3.22.10%252Bdfsg0-2%3Fdistro=trixie
4
url pkg:deb/debian/hplip@3.22.10%2Bdfsg0-8.1?distro=trixie
purl pkg:deb/debian/hplip@3.22.10%2Bdfsg0-8.1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/hplip@3.22.10%252Bdfsg0-8.1%3Fdistro=trixie
5
url pkg:ebuild/net-print/hplip@2.7.9-r1
purl pkg:ebuild/net-print/hplip@2.7.9-r1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:ebuild/net-print/hplip@2.7.9-r1
Affected_packages
0
url pkg:deb/debian/hplip@0.9.2-2
purl pkg:deb/debian/hplip@0.9.2-2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-8e1n-19ca-ayb4
1
vulnerability VCID-a7h1-7a1g-vqa6
2
vulnerability VCID-ajy8-wz5n-mfb2
3
vulnerability VCID-cnxw-4ree-g3ez
4
vulnerability VCID-e7ce-ncn2-87dd
5
vulnerability VCID-f2yg-yaaj-uub1
6
vulnerability VCID-f39n-wae1-n3cc
7
vulnerability VCID-f3w3-w65v-hyhm
8
vulnerability VCID-k8hw-71wj-dygy
9
vulnerability VCID-m5z3-fsqw-nue1
10
vulnerability VCID-mfqk-y4g4-sfa5
11
vulnerability VCID-y2pa-cbhj-r7az
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/hplip@0.9.2-2
1
url pkg:deb/debian/hplip@1.6.10-3
purl pkg:deb/debian/hplip@1.6.10-3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-8e1n-19ca-ayb4
1
vulnerability VCID-a7h1-7a1g-vqa6
2
vulnerability VCID-ajy8-wz5n-mfb2
3
vulnerability VCID-cnxw-4ree-g3ez
4
vulnerability VCID-e7ce-ncn2-87dd
5
vulnerability VCID-f2yg-yaaj-uub1
6
vulnerability VCID-f39n-wae1-n3cc
7
vulnerability VCID-f3w3-w65v-hyhm
8
vulnerability VCID-k8hw-71wj-dygy
9
vulnerability VCID-m5z3-fsqw-nue1
10
vulnerability VCID-mfqk-y4g4-sfa5
11
vulnerability VCID-y2pa-cbhj-r7az
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/hplip@1.6.10-3
2
url pkg:deb/debian/hplip@1.6.10-3etch1
purl pkg:deb/debian/hplip@1.6.10-3etch1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-8e1n-19ca-ayb4
1
vulnerability VCID-a7h1-7a1g-vqa6
2
vulnerability VCID-ajy8-wz5n-mfb2
3
vulnerability VCID-cnxw-4ree-g3ez
4
vulnerability VCID-e7ce-ncn2-87dd
5
vulnerability VCID-f2yg-yaaj-uub1
6
vulnerability VCID-f39n-wae1-n3cc
7
vulnerability VCID-f3w3-w65v-hyhm
8
vulnerability VCID-k8hw-71wj-dygy
9
vulnerability VCID-m5z3-fsqw-nue1
10
vulnerability VCID-mfqk-y4g4-sfa5
11
vulnerability VCID-y2pa-cbhj-r7az
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/hplip@1.6.10-3etch1
3
url pkg:rpm/redhat/hplip@1.6.7-4.1.el5_0?arch=3
purl pkg:rpm/redhat/hplip@1.6.7-4.1.el5_0?arch=3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-cnxw-4ree-g3ez
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/hplip@1.6.7-4.1.el5_0%3Farch=3
References
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-5208.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-5208.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2007-5208
reference_id
reference_type
scores
0
value 0.73689
scoring_system epss
scoring_elements 0.98802
published_at 2026-04-02T12:55:00Z
1
value 0.73689
scoring_system epss
scoring_elements 0.98805
published_at 2026-04-04T12:55:00Z
2
value 0.73689
scoring_system epss
scoring_elements 0.98809
published_at 2026-04-09T12:55:00Z
3
value 0.73689
scoring_system epss
scoring_elements 0.9881
published_at 2026-04-08T12:55:00Z
4
value 0.73689
scoring_system epss
scoring_elements 0.98812
published_at 2026-04-11T12:55:00Z
5
value 0.73689
scoring_system epss
scoring_elements 0.98813
published_at 2026-04-12T12:55:00Z
6
value 0.73689
scoring_system epss
scoring_elements 0.98814
published_at 2026-04-13T12:55:00Z
7
value 0.73689
scoring_system epss
scoring_elements 0.98818
published_at 2026-04-16T12:55:00Z
8
value 0.73689
scoring_system epss
scoring_elements 0.98819
published_at 2026-04-18T12:55:00Z
9
value 0.73689
scoring_system epss
scoring_elements 0.98822
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2007-5208
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5208
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5208
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=319921
reference_id 319921
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=319921
4
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=447341
reference_id 447341
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=447341
5
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/16837.rb
reference_id CVE-2007-5208;OSVDB-41693
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/16837.rb
6
reference_url https://security.gentoo.org/glsa/200710-26
reference_id GLSA-200710-26
reference_type
scores
url https://security.gentoo.org/glsa/200710-26
7
reference_url https://access.redhat.com/errata/RHSA-2007:0960
reference_id RHSA-2007:0960
reference_type
scores
url https://access.redhat.com/errata/RHSA-2007:0960
8
reference_url https://usn.ubuntu.com/530-1/
reference_id USN-530-1
reference_type
scores
url https://usn.ubuntu.com/530-1/
Weaknesses
0
cwe_id 78
name Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
description The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
Exploits
0
date_added 2010-10-09
description hplip - 'hpssd.py' From Address Arbitrary Command Execution (Metasploit)
required_action null
due_date null
notes null
known_ransomware_campaign_use true
source_date_published 2010-10-09
exploit_type remote
platform linux
source_date_updated 2011-03-06
data_source Exploit-DB
source_url
1
date_added null
description 
This module exploits a command execution vulnerable in the hpssd.py
          daemon of the Hewlett-Packard Linux Imaging and Printing Project.
          According to MITRE, versions 1.x and 2.x before 2.7.10 are vulnerable.

          This module was written and tested using the Fedora 6 Linux distribution.
          On the test system, the daemon listens on localhost only and runs with
          root privileges. Although the configuration shows the daemon is to
          listen on port 2207, it actually listens on a dynamic port.

          NOTE: If the target system does not have a 'sendmail' command installed,
          this vulnerability cannot be exploited.
required_action null
due_date null
notes 
Reliability:
  - unknown-reliability
Stability:
  - unknown-stability
SideEffects:
  - unknown-side-effects
known_ransomware_campaign_use false
source_date_published 2007-10-04
exploit_type null
platform Unix
source_date_updated null
data_source Metasploit
source_url https://github.com/rapid7/metasploit-framework/tree/master/modules/exploits/linux/misc/hplip_hpssd_exec.rb
Severity_range_scorenull
Exploitability2.0
Weighted_severity0.7
Risk_score1.4
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-cnxw-4ree-g3ez