Search

Find a vulnerability

Search criteria

    6 vulnerabilities found for webbler_cms by tincan

    CVE-2007-4072 (GCVE-0-2007-4072)

    Vulnerability from nvd – Published: 2007-07-30 17:00 – Updated: 2024-08-07 14:37
    VLAI
    Summary
    Webbler CMS before 3.1.6 provides the full installation path within HTML comments in certain documents, which allows remote attackers to obtain sensitive information by viewing the HTML source, as demonstrated by viewing the source generated from index.php.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/archive/1/474530/100… mailing-listx_refsource_BUGTRAQ
    http://www.procheckup.com/Vulner_2007.php x_refsource_MISC
    http://osvdb.org/38995 vdb-entryx_refsource_OSVDB
    http://tincan.co.uk/?lid=1975 x_refsource_MISC
    Date Public
    2007-07-24 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T14:37:06.118Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20070724 PR07-20: Webroot disclosure on Webbler CMS",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/474530/100/0/threaded"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.procheckup.com/Vulner_2007.php"
              },
              {
                "name": "38995",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/38995"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://tincan.co.uk/?lid=1975"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-07-24T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Webbler CMS before 3.1.6 provides the full installation path within HTML comments in certain documents, which allows remote attackers to obtain sensitive information by viewing the HTML source, as demonstrated by viewing the source generated from index.php."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-15T20:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "20070724 PR07-20: Webroot disclosure on Webbler CMS",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/474530/100/0/threaded"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.procheckup.com/Vulner_2007.php"
            },
            {
              "name": "38995",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/38995"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://tincan.co.uk/?lid=1975"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-4072",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Webbler CMS before 3.1.6 provides the full installation path within HTML comments in certain documents, which allows remote attackers to obtain sensitive information by viewing the HTML source, as demonstrated by viewing the source generated from index.php."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20070724 PR07-20: Webroot disclosure on Webbler CMS",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/474530/100/0/threaded"
                },
                {
                  "name": "http://www.procheckup.com/Vulner_2007.php",
                  "refsource": "MISC",
                  "url": "http://www.procheckup.com/Vulner_2007.php"
                },
                {
                  "name": "38995",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/38995"
                },
                {
                  "name": "http://tincan.co.uk/?lid=1975",
                  "refsource": "MISC",
                  "url": "http://tincan.co.uk/?lid=1975"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-4072",
        "datePublished": "2007-07-30T17:00:00.000Z",
        "dateReserved": "2007-07-30T00:00:00.000Z",
        "dateUpdated": "2024-08-07T14:37:06.118Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-4071 (GCVE-0-2007-4071)

    Vulnerability from nvd – Published: 2007-07-30 17:00 – Updated: 2024-08-07 14:37
    VLAI
    Summary
    Multiple cross-site scripting (XSS) vulnerabilities in uploader/index.php in Webbler CMS before 3.1.6 allow remote attackers to inject arbitrary web script or HTML via the (1) page or (2) login parameter.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://osvdb.org/37133 vdb-entryx_refsource_OSVDB
    http://securityreason.com/securityalert/2946 third-party-advisoryx_refsource_SREASON
    http://www.securityfocus.com/archive/1/474529/100… mailing-listx_refsource_BUGTRAQ
    http://www.procheckup.com/Vulner_2007.php x_refsource_MISC
    http://tincan.co.uk/?lid=1975 x_refsource_MISC
    http://www.securityfocus.com/archive/1/474518/100… mailing-listx_refsource_BUGTRAQ
    Date Public
    2007-07-24 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T14:37:06.114Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "37133",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/37133"
              },
              {
                "name": "2946",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/2946"
              },
              {
                "name": "20070724 PR07-18: Cross-site Scripting (XSS) / HTML injection on Webbler CMS admin login page (1)",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/474529/100/0/threaded"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.procheckup.com/Vulner_2007.php"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://tincan.co.uk/?lid=1975"
              },
              {
                "name": "20070724 PR07-19: Cross-site Scripting (XSS) / HTML injection on Webbler CMS admin login page (2)",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/474518/100/0/threaded"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-07-24T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in uploader/index.php in Webbler CMS before 3.1.6 allow remote attackers to inject arbitrary web script or HTML via the (1) page or (2) login parameter."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-15T20:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "37133",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/37133"
            },
            {
              "name": "2946",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/2946"
            },
            {
              "name": "20070724 PR07-18: Cross-site Scripting (XSS) / HTML injection on Webbler CMS admin login page (1)",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/474529/100/0/threaded"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.procheckup.com/Vulner_2007.php"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://tincan.co.uk/?lid=1975"
            },
            {
              "name": "20070724 PR07-19: Cross-site Scripting (XSS) / HTML injection on Webbler CMS admin login page (2)",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/474518/100/0/threaded"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-4071",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple cross-site scripting (XSS) vulnerabilities in uploader/index.php in Webbler CMS before 3.1.6 allow remote attackers to inject arbitrary web script or HTML via the (1) page or (2) login parameter."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "37133",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/37133"
                },
                {
                  "name": "2946",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/2946"
                },
                {
                  "name": "20070724 PR07-18: Cross-site Scripting (XSS) / HTML injection on Webbler CMS admin login page (1)",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/474529/100/0/threaded"
                },
                {
                  "name": "http://www.procheckup.com/Vulner_2007.php",
                  "refsource": "MISC",
                  "url": "http://www.procheckup.com/Vulner_2007.php"
                },
                {
                  "name": "http://tincan.co.uk/?lid=1975",
                  "refsource": "MISC",
                  "url": "http://tincan.co.uk/?lid=1975"
                },
                {
                  "name": "20070724 PR07-19: Cross-site Scripting (XSS) / HTML injection on Webbler CMS admin login page (2)",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/474518/100/0/threaded"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-4071",
        "datePublished": "2007-07-30T17:00:00.000Z",
        "dateReserved": "2007-07-30T00:00:00.000Z",
        "dateUpdated": "2024-08-07T14:37:06.114Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-4073 (GCVE-0-2007-4073)

    Vulnerability from nvd – Published: 2007-07-30 17:00 – Updated: 2024-08-07 14:37
    VLAI
    Summary
    Webbler CMS before 3.1.6 does not properly restrict use of "mail a friend" forms, which allows remote attackers to send arbitrary amounts of forged e-mail. NOTE: this could be leveraged for spam or phishing attacks.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://osvdb.org/38994 vdb-entryx_refsource_OSVDB
    http://www.securityfocus.com/archive/1/474521/100… mailing-listx_refsource_BUGTRAQ
    http://securityreason.com/securityalert/2955 third-party-advisoryx_refsource_SREASON
    http://www.procheckup.com/Vulner_2007.php x_refsource_MISC
    http://tincan.co.uk/?lid=1975 x_refsource_MISC
    Date Public
    2007-07-24 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T14:37:06.120Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "38994",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/38994"
              },
              {
                "name": "20070724 PR07-21: Webbler CMS forms are susceptible to spamming and phishing abuses",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/474521/100/0/threaded"
              },
              {
                "name": "2955",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/2955"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.procheckup.com/Vulner_2007.php"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://tincan.co.uk/?lid=1975"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-07-24T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Webbler CMS before 3.1.6 does not properly restrict use of \"mail a friend\" forms, which allows remote attackers to send arbitrary amounts of forged e-mail.  NOTE: this could be leveraged for spam or phishing attacks."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-15T20:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "38994",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/38994"
            },
            {
              "name": "20070724 PR07-21: Webbler CMS forms are susceptible to spamming and phishing abuses",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/474521/100/0/threaded"
            },
            {
              "name": "2955",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/2955"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.procheckup.com/Vulner_2007.php"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://tincan.co.uk/?lid=1975"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-4073",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Webbler CMS before 3.1.6 does not properly restrict use of \"mail a friend\" forms, which allows remote attackers to send arbitrary amounts of forged e-mail.  NOTE: this could be leveraged for spam or phishing attacks."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "38994",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/38994"
                },
                {
                  "name": "20070724 PR07-21: Webbler CMS forms are susceptible to spamming and phishing abuses",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/474521/100/0/threaded"
                },
                {
                  "name": "2955",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/2955"
                },
                {
                  "name": "http://www.procheckup.com/Vulner_2007.php",
                  "refsource": "MISC",
                  "url": "http://www.procheckup.com/Vulner_2007.php"
                },
                {
                  "name": "http://tincan.co.uk/?lid=1975",
                  "refsource": "MISC",
                  "url": "http://tincan.co.uk/?lid=1975"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-4073",
        "datePublished": "2007-07-30T17:00:00.000Z",
        "dateReserved": "2007-07-30T00:00:00.000Z",
        "dateUpdated": "2024-08-07T14:37:06.120Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-4072 (GCVE-0-2007-4072)

    Vulnerability from cvelistv5 – Published: 2007-07-30 17:00 – Updated: 2024-08-07 14:37
    VLAI
    Summary
    Webbler CMS before 3.1.6 provides the full installation path within HTML comments in certain documents, which allows remote attackers to obtain sensitive information by viewing the HTML source, as demonstrated by viewing the source generated from index.php.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/archive/1/474530/100… mailing-listx_refsource_BUGTRAQ
    http://www.procheckup.com/Vulner_2007.php x_refsource_MISC
    http://osvdb.org/38995 vdb-entryx_refsource_OSVDB
    http://tincan.co.uk/?lid=1975 x_refsource_MISC
    Date Public
    2007-07-24 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T14:37:06.118Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20070724 PR07-20: Webroot disclosure on Webbler CMS",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/474530/100/0/threaded"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.procheckup.com/Vulner_2007.php"
              },
              {
                "name": "38995",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/38995"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://tincan.co.uk/?lid=1975"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-07-24T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Webbler CMS before 3.1.6 provides the full installation path within HTML comments in certain documents, which allows remote attackers to obtain sensitive information by viewing the HTML source, as demonstrated by viewing the source generated from index.php."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-15T20:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "20070724 PR07-20: Webroot disclosure on Webbler CMS",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/474530/100/0/threaded"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.procheckup.com/Vulner_2007.php"
            },
            {
              "name": "38995",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/38995"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://tincan.co.uk/?lid=1975"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-4072",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Webbler CMS before 3.1.6 provides the full installation path within HTML comments in certain documents, which allows remote attackers to obtain sensitive information by viewing the HTML source, as demonstrated by viewing the source generated from index.php."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20070724 PR07-20: Webroot disclosure on Webbler CMS",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/474530/100/0/threaded"
                },
                {
                  "name": "http://www.procheckup.com/Vulner_2007.php",
                  "refsource": "MISC",
                  "url": "http://www.procheckup.com/Vulner_2007.php"
                },
                {
                  "name": "38995",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/38995"
                },
                {
                  "name": "http://tincan.co.uk/?lid=1975",
                  "refsource": "MISC",
                  "url": "http://tincan.co.uk/?lid=1975"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-4072",
        "datePublished": "2007-07-30T17:00:00.000Z",
        "dateReserved": "2007-07-30T00:00:00.000Z",
        "dateUpdated": "2024-08-07T14:37:06.118Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-4071 (GCVE-0-2007-4071)

    Vulnerability from cvelistv5 – Published: 2007-07-30 17:00 – Updated: 2024-08-07 14:37
    VLAI
    Summary
    Multiple cross-site scripting (XSS) vulnerabilities in uploader/index.php in Webbler CMS before 3.1.6 allow remote attackers to inject arbitrary web script or HTML via the (1) page or (2) login parameter.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://osvdb.org/37133 vdb-entryx_refsource_OSVDB
    http://securityreason.com/securityalert/2946 third-party-advisoryx_refsource_SREASON
    http://www.securityfocus.com/archive/1/474529/100… mailing-listx_refsource_BUGTRAQ
    http://www.procheckup.com/Vulner_2007.php x_refsource_MISC
    http://tincan.co.uk/?lid=1975 x_refsource_MISC
    http://www.securityfocus.com/archive/1/474518/100… mailing-listx_refsource_BUGTRAQ
    Date Public
    2007-07-24 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T14:37:06.114Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "37133",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/37133"
              },
              {
                "name": "2946",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/2946"
              },
              {
                "name": "20070724 PR07-18: Cross-site Scripting (XSS) / HTML injection on Webbler CMS admin login page (1)",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/474529/100/0/threaded"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.procheckup.com/Vulner_2007.php"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://tincan.co.uk/?lid=1975"
              },
              {
                "name": "20070724 PR07-19: Cross-site Scripting (XSS) / HTML injection on Webbler CMS admin login page (2)",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/474518/100/0/threaded"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-07-24T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in uploader/index.php in Webbler CMS before 3.1.6 allow remote attackers to inject arbitrary web script or HTML via the (1) page or (2) login parameter."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-15T20:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "37133",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/37133"
            },
            {
              "name": "2946",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/2946"
            },
            {
              "name": "20070724 PR07-18: Cross-site Scripting (XSS) / HTML injection on Webbler CMS admin login page (1)",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/474529/100/0/threaded"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.procheckup.com/Vulner_2007.php"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://tincan.co.uk/?lid=1975"
            },
            {
              "name": "20070724 PR07-19: Cross-site Scripting (XSS) / HTML injection on Webbler CMS admin login page (2)",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/474518/100/0/threaded"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-4071",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple cross-site scripting (XSS) vulnerabilities in uploader/index.php in Webbler CMS before 3.1.6 allow remote attackers to inject arbitrary web script or HTML via the (1) page or (2) login parameter."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "37133",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/37133"
                },
                {
                  "name": "2946",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/2946"
                },
                {
                  "name": "20070724 PR07-18: Cross-site Scripting (XSS) / HTML injection on Webbler CMS admin login page (1)",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/474529/100/0/threaded"
                },
                {
                  "name": "http://www.procheckup.com/Vulner_2007.php",
                  "refsource": "MISC",
                  "url": "http://www.procheckup.com/Vulner_2007.php"
                },
                {
                  "name": "http://tincan.co.uk/?lid=1975",
                  "refsource": "MISC",
                  "url": "http://tincan.co.uk/?lid=1975"
                },
                {
                  "name": "20070724 PR07-19: Cross-site Scripting (XSS) / HTML injection on Webbler CMS admin login page (2)",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/474518/100/0/threaded"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-4071",
        "datePublished": "2007-07-30T17:00:00.000Z",
        "dateReserved": "2007-07-30T00:00:00.000Z",
        "dateUpdated": "2024-08-07T14:37:06.114Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-4073 (GCVE-0-2007-4073)

    Vulnerability from cvelistv5 – Published: 2007-07-30 17:00 – Updated: 2024-08-07 14:37
    VLAI
    Summary
    Webbler CMS before 3.1.6 does not properly restrict use of "mail a friend" forms, which allows remote attackers to send arbitrary amounts of forged e-mail. NOTE: this could be leveraged for spam or phishing attacks.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://osvdb.org/38994 vdb-entryx_refsource_OSVDB
    http://www.securityfocus.com/archive/1/474521/100… mailing-listx_refsource_BUGTRAQ
    http://securityreason.com/securityalert/2955 third-party-advisoryx_refsource_SREASON
    http://www.procheckup.com/Vulner_2007.php x_refsource_MISC
    http://tincan.co.uk/?lid=1975 x_refsource_MISC
    Date Public
    2007-07-24 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T14:37:06.120Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "38994",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/38994"
              },
              {
                "name": "20070724 PR07-21: Webbler CMS forms are susceptible to spamming and phishing abuses",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/474521/100/0/threaded"
              },
              {
                "name": "2955",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/2955"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.procheckup.com/Vulner_2007.php"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://tincan.co.uk/?lid=1975"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-07-24T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Webbler CMS before 3.1.6 does not properly restrict use of \"mail a friend\" forms, which allows remote attackers to send arbitrary amounts of forged e-mail.  NOTE: this could be leveraged for spam or phishing attacks."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-15T20:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "38994",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/38994"
            },
            {
              "name": "20070724 PR07-21: Webbler CMS forms are susceptible to spamming and phishing abuses",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/474521/100/0/threaded"
            },
            {
              "name": "2955",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/2955"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.procheckup.com/Vulner_2007.php"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://tincan.co.uk/?lid=1975"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-4073",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Webbler CMS before 3.1.6 does not properly restrict use of \"mail a friend\" forms, which allows remote attackers to send arbitrary amounts of forged e-mail.  NOTE: this could be leveraged for spam or phishing attacks."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "38994",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/38994"
                },
                {
                  "name": "20070724 PR07-21: Webbler CMS forms are susceptible to spamming and phishing abuses",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/474521/100/0/threaded"
                },
                {
                  "name": "2955",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/2955"
                },
                {
                  "name": "http://www.procheckup.com/Vulner_2007.php",
                  "refsource": "MISC",
                  "url": "http://www.procheckup.com/Vulner_2007.php"
                },
                {
                  "name": "http://tincan.co.uk/?lid=1975",
                  "refsource": "MISC",
                  "url": "http://tincan.co.uk/?lid=1975"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-4073",
        "datePublished": "2007-07-30T17:00:00.000Z",
        "dateReserved": "2007-07-30T00:00:00.000Z",
        "dateUpdated": "2024-08-07T14:37:06.120Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }