Search criteria
6 vulnerabilities found for webbler_cms by tincan
CVE-2007-4071 (GCVE-0-2007-4071)
Vulnerability from nvd – Published: 2007-07-30 17:00 – Updated: 2024-08-07 14:37
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in uploader/index.php in Webbler CMS before 3.1.6 allow remote attackers to inject arbitrary web script or HTML via the (1) page or (2) login parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Date Public ?
2007-07-24 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:37:06.114Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "37133",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/37133"
},
{
"name": "2946",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/2946"
},
{
"name": "20070724 PR07-18: Cross-site Scripting (XSS) / HTML injection on Webbler CMS admin login page (1)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/474529/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.procheckup.com/Vulner_2007.php"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://tincan.co.uk/?lid=1975"
},
{
"name": "20070724 PR07-19: Cross-site Scripting (XSS) / HTML injection on Webbler CMS admin login page (2)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/474518/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-07-24T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in uploader/index.php in Webbler CMS before 3.1.6 allow remote attackers to inject arbitrary web script or HTML via the (1) page or (2) login parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "37133",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/37133"
},
{
"name": "2946",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/2946"
},
{
"name": "20070724 PR07-18: Cross-site Scripting (XSS) / HTML injection on Webbler CMS admin login page (1)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/474529/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.procheckup.com/Vulner_2007.php"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://tincan.co.uk/?lid=1975"
},
{
"name": "20070724 PR07-19: Cross-site Scripting (XSS) / HTML injection on Webbler CMS admin login page (2)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/474518/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4071",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in uploader/index.php in Webbler CMS before 3.1.6 allow remote attackers to inject arbitrary web script or HTML via the (1) page or (2) login parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "37133",
"refsource": "OSVDB",
"url": "http://osvdb.org/37133"
},
{
"name": "2946",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2946"
},
{
"name": "20070724 PR07-18: Cross-site Scripting (XSS) / HTML injection on Webbler CMS admin login page (1)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/474529/100/0/threaded"
},
{
"name": "http://www.procheckup.com/Vulner_2007.php",
"refsource": "MISC",
"url": "http://www.procheckup.com/Vulner_2007.php"
},
{
"name": "http://tincan.co.uk/?lid=1975",
"refsource": "MISC",
"url": "http://tincan.co.uk/?lid=1975"
},
{
"name": "20070724 PR07-19: Cross-site Scripting (XSS) / HTML injection on Webbler CMS admin login page (2)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/474518/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-4071",
"datePublished": "2007-07-30T17:00:00.000Z",
"dateReserved": "2007-07-30T00:00:00.000Z",
"dateUpdated": "2024-08-07T14:37:06.114Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-4072 (GCVE-0-2007-4072)
Vulnerability from nvd – Published: 2007-07-30 17:00 – Updated: 2024-08-07 14:37
VLAI?
Summary
Webbler CMS before 3.1.6 provides the full installation path within HTML comments in certain documents, which allows remote attackers to obtain sensitive information by viewing the HTML source, as demonstrated by viewing the source generated from index.php.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Date Public ?
2007-07-24 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:37:06.118Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20070724 PR07-20: Webroot disclosure on Webbler CMS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/474530/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.procheckup.com/Vulner_2007.php"
},
{
"name": "38995",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/38995"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://tincan.co.uk/?lid=1975"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-07-24T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Webbler CMS before 3.1.6 provides the full installation path within HTML comments in certain documents, which allows remote attackers to obtain sensitive information by viewing the HTML source, as demonstrated by viewing the source generated from index.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20070724 PR07-20: Webroot disclosure on Webbler CMS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/474530/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.procheckup.com/Vulner_2007.php"
},
{
"name": "38995",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/38995"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://tincan.co.uk/?lid=1975"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4072",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Webbler CMS before 3.1.6 provides the full installation path within HTML comments in certain documents, which allows remote attackers to obtain sensitive information by viewing the HTML source, as demonstrated by viewing the source generated from index.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20070724 PR07-20: Webroot disclosure on Webbler CMS",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/474530/100/0/threaded"
},
{
"name": "http://www.procheckup.com/Vulner_2007.php",
"refsource": "MISC",
"url": "http://www.procheckup.com/Vulner_2007.php"
},
{
"name": "38995",
"refsource": "OSVDB",
"url": "http://osvdb.org/38995"
},
{
"name": "http://tincan.co.uk/?lid=1975",
"refsource": "MISC",
"url": "http://tincan.co.uk/?lid=1975"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-4072",
"datePublished": "2007-07-30T17:00:00.000Z",
"dateReserved": "2007-07-30T00:00:00.000Z",
"dateUpdated": "2024-08-07T14:37:06.118Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-4073 (GCVE-0-2007-4073)
Vulnerability from nvd – Published: 2007-07-30 17:00 – Updated: 2024-08-07 14:37
VLAI?
Summary
Webbler CMS before 3.1.6 does not properly restrict use of "mail a friend" forms, which allows remote attackers to send arbitrary amounts of forged e-mail. NOTE: this could be leveraged for spam or phishing attacks.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Date Public ?
2007-07-24 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:37:06.120Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "38994",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/38994"
},
{
"name": "20070724 PR07-21: Webbler CMS forms are susceptible to spamming and phishing abuses",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/474521/100/0/threaded"
},
{
"name": "2955",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/2955"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.procheckup.com/Vulner_2007.php"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://tincan.co.uk/?lid=1975"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-07-24T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Webbler CMS before 3.1.6 does not properly restrict use of \"mail a friend\" forms, which allows remote attackers to send arbitrary amounts of forged e-mail. NOTE: this could be leveraged for spam or phishing attacks."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "38994",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/38994"
},
{
"name": "20070724 PR07-21: Webbler CMS forms are susceptible to spamming and phishing abuses",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/474521/100/0/threaded"
},
{
"name": "2955",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/2955"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.procheckup.com/Vulner_2007.php"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://tincan.co.uk/?lid=1975"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4073",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Webbler CMS before 3.1.6 does not properly restrict use of \"mail a friend\" forms, which allows remote attackers to send arbitrary amounts of forged e-mail. NOTE: this could be leveraged for spam or phishing attacks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "38994",
"refsource": "OSVDB",
"url": "http://osvdb.org/38994"
},
{
"name": "20070724 PR07-21: Webbler CMS forms are susceptible to spamming and phishing abuses",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/474521/100/0/threaded"
},
{
"name": "2955",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2955"
},
{
"name": "http://www.procheckup.com/Vulner_2007.php",
"refsource": "MISC",
"url": "http://www.procheckup.com/Vulner_2007.php"
},
{
"name": "http://tincan.co.uk/?lid=1975",
"refsource": "MISC",
"url": "http://tincan.co.uk/?lid=1975"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-4073",
"datePublished": "2007-07-30T17:00:00.000Z",
"dateReserved": "2007-07-30T00:00:00.000Z",
"dateUpdated": "2024-08-07T14:37:06.120Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-4071 (GCVE-0-2007-4071)
Vulnerability from cvelistv5 – Published: 2007-07-30 17:00 – Updated: 2024-08-07 14:37
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in uploader/index.php in Webbler CMS before 3.1.6 allow remote attackers to inject arbitrary web script or HTML via the (1) page or (2) login parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Date Public ?
2007-07-24 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:37:06.114Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "37133",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/37133"
},
{
"name": "2946",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/2946"
},
{
"name": "20070724 PR07-18: Cross-site Scripting (XSS) / HTML injection on Webbler CMS admin login page (1)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/474529/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.procheckup.com/Vulner_2007.php"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://tincan.co.uk/?lid=1975"
},
{
"name": "20070724 PR07-19: Cross-site Scripting (XSS) / HTML injection on Webbler CMS admin login page (2)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/474518/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-07-24T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in uploader/index.php in Webbler CMS before 3.1.6 allow remote attackers to inject arbitrary web script or HTML via the (1) page or (2) login parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "37133",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/37133"
},
{
"name": "2946",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/2946"
},
{
"name": "20070724 PR07-18: Cross-site Scripting (XSS) / HTML injection on Webbler CMS admin login page (1)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/474529/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.procheckup.com/Vulner_2007.php"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://tincan.co.uk/?lid=1975"
},
{
"name": "20070724 PR07-19: Cross-site Scripting (XSS) / HTML injection on Webbler CMS admin login page (2)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/474518/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4071",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in uploader/index.php in Webbler CMS before 3.1.6 allow remote attackers to inject arbitrary web script or HTML via the (1) page or (2) login parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "37133",
"refsource": "OSVDB",
"url": "http://osvdb.org/37133"
},
{
"name": "2946",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2946"
},
{
"name": "20070724 PR07-18: Cross-site Scripting (XSS) / HTML injection on Webbler CMS admin login page (1)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/474529/100/0/threaded"
},
{
"name": "http://www.procheckup.com/Vulner_2007.php",
"refsource": "MISC",
"url": "http://www.procheckup.com/Vulner_2007.php"
},
{
"name": "http://tincan.co.uk/?lid=1975",
"refsource": "MISC",
"url": "http://tincan.co.uk/?lid=1975"
},
{
"name": "20070724 PR07-19: Cross-site Scripting (XSS) / HTML injection on Webbler CMS admin login page (2)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/474518/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-4071",
"datePublished": "2007-07-30T17:00:00.000Z",
"dateReserved": "2007-07-30T00:00:00.000Z",
"dateUpdated": "2024-08-07T14:37:06.114Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-4072 (GCVE-0-2007-4072)
Vulnerability from cvelistv5 – Published: 2007-07-30 17:00 – Updated: 2024-08-07 14:37
VLAI?
Summary
Webbler CMS before 3.1.6 provides the full installation path within HTML comments in certain documents, which allows remote attackers to obtain sensitive information by viewing the HTML source, as demonstrated by viewing the source generated from index.php.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Date Public ?
2007-07-24 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:37:06.118Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20070724 PR07-20: Webroot disclosure on Webbler CMS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/474530/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.procheckup.com/Vulner_2007.php"
},
{
"name": "38995",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/38995"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://tincan.co.uk/?lid=1975"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-07-24T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Webbler CMS before 3.1.6 provides the full installation path within HTML comments in certain documents, which allows remote attackers to obtain sensitive information by viewing the HTML source, as demonstrated by viewing the source generated from index.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20070724 PR07-20: Webroot disclosure on Webbler CMS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/474530/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.procheckup.com/Vulner_2007.php"
},
{
"name": "38995",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/38995"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://tincan.co.uk/?lid=1975"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4072",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Webbler CMS before 3.1.6 provides the full installation path within HTML comments in certain documents, which allows remote attackers to obtain sensitive information by viewing the HTML source, as demonstrated by viewing the source generated from index.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20070724 PR07-20: Webroot disclosure on Webbler CMS",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/474530/100/0/threaded"
},
{
"name": "http://www.procheckup.com/Vulner_2007.php",
"refsource": "MISC",
"url": "http://www.procheckup.com/Vulner_2007.php"
},
{
"name": "38995",
"refsource": "OSVDB",
"url": "http://osvdb.org/38995"
},
{
"name": "http://tincan.co.uk/?lid=1975",
"refsource": "MISC",
"url": "http://tincan.co.uk/?lid=1975"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-4072",
"datePublished": "2007-07-30T17:00:00.000Z",
"dateReserved": "2007-07-30T00:00:00.000Z",
"dateUpdated": "2024-08-07T14:37:06.118Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-4073 (GCVE-0-2007-4073)
Vulnerability from cvelistv5 – Published: 2007-07-30 17:00 – Updated: 2024-08-07 14:37
VLAI?
Summary
Webbler CMS before 3.1.6 does not properly restrict use of "mail a friend" forms, which allows remote attackers to send arbitrary amounts of forged e-mail. NOTE: this could be leveraged for spam or phishing attacks.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Date Public ?
2007-07-24 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:37:06.120Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "38994",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/38994"
},
{
"name": "20070724 PR07-21: Webbler CMS forms are susceptible to spamming and phishing abuses",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/474521/100/0/threaded"
},
{
"name": "2955",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/2955"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.procheckup.com/Vulner_2007.php"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://tincan.co.uk/?lid=1975"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-07-24T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Webbler CMS before 3.1.6 does not properly restrict use of \"mail a friend\" forms, which allows remote attackers to send arbitrary amounts of forged e-mail. NOTE: this could be leveraged for spam or phishing attacks."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "38994",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/38994"
},
{
"name": "20070724 PR07-21: Webbler CMS forms are susceptible to spamming and phishing abuses",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/474521/100/0/threaded"
},
{
"name": "2955",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/2955"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.procheckup.com/Vulner_2007.php"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://tincan.co.uk/?lid=1975"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4073",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Webbler CMS before 3.1.6 does not properly restrict use of \"mail a friend\" forms, which allows remote attackers to send arbitrary amounts of forged e-mail. NOTE: this could be leveraged for spam or phishing attacks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "38994",
"refsource": "OSVDB",
"url": "http://osvdb.org/38994"
},
{
"name": "20070724 PR07-21: Webbler CMS forms are susceptible to spamming and phishing abuses",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/474521/100/0/threaded"
},
{
"name": "2955",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2955"
},
{
"name": "http://www.procheckup.com/Vulner_2007.php",
"refsource": "MISC",
"url": "http://www.procheckup.com/Vulner_2007.php"
},
{
"name": "http://tincan.co.uk/?lid=1975",
"refsource": "MISC",
"url": "http://tincan.co.uk/?lid=1975"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-4073",
"datePublished": "2007-07-30T17:00:00.000Z",
"dateReserved": "2007-07-30T00:00:00.000Z",
"dateUpdated": "2024-08-07T14:37:06.120Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}