Search

Find a vulnerability

Search criteria

    3 vulnerabilities by anonymityanywhere

    VAR-200903-0004

    Vulnerability from variot - Updated: 2025-04-10 23:03

    TorK before 0.22, when running on Windows and Mac OS X, installs Privoxy with a configuration file (config.txt or config) that contains insecure (1) enable-remote-toggle and (2) enable-edit-actions settings, which allows remote attackers to bypass intended access restrictions and modify configuration. TorK is prone to multiple insecure-configuration vulnerabilities because of several default configuration options used by the Privoxy web proxy server. Attackers can exploit these issues to bypass proxy filter rules or modify user-defined configuration values. These issues affect versions prior to TorK 0.22. TorK is a powerful KDE desktop anonymous management tool. It is possible to browse the web anonymously through a browser and send anonymous emails from the MixMinion network. You can use ssh, IRC chat tools and IM instant messaging tools anonymously. And can control and monitor anonymous traffic on the Tor network through TorK. This configuration file contains insecure (1) enable-remote-toggle and (2) enable-edit-actions settings

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-200903-0004",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "tork",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "anonymityanywhere",
            "version": "0.22"
          },
          {
            "model": "tork",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "anonymityanywhere",
            "version": "0.22"
          },
          {
            "model": "mac os x",
            "scope": null,
            "trust": 0.8,
            "vendor": "apple",
            "version": null
          },
          {
            "model": "windows",
            "scope": null,
            "trust": 0.8,
            "vendor": "microsoft",
            "version": null
          },
          {
            "model": "tork",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "tork",
            "version": "0.21"
          },
          {
            "model": "vidalia",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "tor",
            "version": "0"
          },
          {
            "model": "tork",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "tork",
            "version": "0.22"
          },
          {
            "model": "vidalia",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "tor",
            "version": "0.1.2.18"
          }
        ],
        "sources": [
          {
            "db": "BID",
            "id": "26386"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2009-002717"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200903-530"
          },
          {
            "db": "NVD",
            "id": "CVE-2007-6723"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:anonymityanywhere:tork",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:apple:mac_os_x",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:microsoft:windows",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2009-002717"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Vidalia Project",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-200903-530"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2007-6723",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "CVE-2007-6723",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.8,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "VHN-30085",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2007-6723",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "CVE-2007-6723",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-200903-530",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-30085",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-30085"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2009-002717"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200903-530"
          },
          {
            "db": "NVD",
            "id": "CVE-2007-6723"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "TorK before 0.22, when running on Windows and Mac OS X, installs Privoxy with a configuration file (config.txt or config) that contains insecure (1) enable-remote-toggle and (2) enable-edit-actions settings, which allows remote attackers to bypass intended access restrictions and modify configuration. TorK is prone to multiple insecure-configuration vulnerabilities because of several default configuration options used by the Privoxy web proxy server. \nAttackers can exploit these issues to bypass proxy filter rules or modify user-defined configuration values. \nThese issues affect versions prior to TorK 0.22. TorK is a powerful KDE desktop anonymous management tool. It is possible to browse the web anonymously through a browser and send anonymous emails from the MixMinion network. You can use ssh, IRC chat tools and IM instant messaging tools anonymously. And can control and monitor anonymous traffic on the Tor network through TorK. This configuration file contains insecure (1) enable-remote-toggle and (2) enable-edit-actions settings",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2007-6723"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2009-002717"
          },
          {
            "db": "BID",
            "id": "26386"
          },
          {
            "db": "VULHUB",
            "id": "VHN-30085"
          }
        ],
        "trust": 1.98
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2007-6723",
            "trust": 2.8
          },
          {
            "db": "BID",
            "id": "26386",
            "trust": 2.0
          },
          {
            "db": "OSVDB",
            "id": "48694",
            "trust": 1.7
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2009-002717",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200903-530",
            "trust": 0.7
          },
          {
            "db": "MLIST",
            "id": "[OR-TALK] 20071031 INSECURE PRIVOXY CONFIGURATION IN VIDALIA BUNDLES PRIOR TO 0.1.2.18",
            "trust": 0.6
          },
          {
            "db": "MLIST",
            "id": "[OR-TALK] 20071031 RE: INSECURE PRIVOXY CONFIGURATION IN VIDALIA BUNDLES PRIOR TO 0.1.2.18",
            "trust": 0.6
          },
          {
            "db": "XF",
            "id": "42280",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-30085",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-30085"
          },
          {
            "db": "BID",
            "id": "26386"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2009-002717"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200903-530"
          },
          {
            "db": "NVD",
            "id": "CVE-2007-6723"
          }
        ]
      },
      "id": "VAR-200903-0004",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-30085"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2025-04-10T23:03:13.271000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "https://www.torproject.org/"
          },
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "http://www.apple.com/"
          },
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "http://www.microsoft.com/"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2009-002717"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-16",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-30085"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2009-002717"
          },
          {
            "db": "NVD",
            "id": "CVE-2007-6723"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.0,
            "url": "http://archives.seul.org/or/talk/oct-2007/msg00291.html"
          },
          {
            "trust": 1.9,
            "url": "http://sourceforge.net/project/shownotes.php?release_id=551544\u0026group_id=159836"
          },
          {
            "trust": 1.7,
            "url": "http://www.securityfocus.com/bid/26386"
          },
          {
            "trust": 1.7,
            "url": "http://archives.seul.org/or/talk/oct-2007/msg00296.html"
          },
          {
            "trust": 1.7,
            "url": "http://www.osvdb.org/48694"
          },
          {
            "trust": 1.1,
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42280"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-6723"
          },
          {
            "trust": 0.8,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-6723"
          },
          {
            "trust": 0.6,
            "url": "http://xforce.iss.net/xforce/xfdb/42280"
          },
          {
            "trust": 0.3,
            "url": "http://www.privoxy.org/"
          },
          {
            "trust": 0.3,
            "url": "http://www.torproject.org/index.html.en"
          },
          {
            "trust": 0.3,
            "url": "http://www.anonymityanywhere.com/tork/index.php?option=com_frontpage\u0026itemid=28"
          },
          {
            "trust": 0.1,
            "url": "http://sourceforge.net/project/shownotes.php?release_id=551544\u0026amp;group_id=159836"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-30085"
          },
          {
            "db": "BID",
            "id": "26386"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2009-002717"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200903-530"
          },
          {
            "db": "NVD",
            "id": "CVE-2007-6723"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-30085"
          },
          {
            "db": "BID",
            "id": "26386"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2009-002717"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200903-530"
          },
          {
            "db": "NVD",
            "id": "CVE-2007-6723"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2009-03-31T00:00:00",
            "db": "VULHUB",
            "id": "VHN-30085"
          },
          {
            "date": "2007-11-08T00:00:00",
            "db": "BID",
            "id": "26386"
          },
          {
            "date": "2012-06-26T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2009-002717"
          },
          {
            "date": "2009-03-31T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-200903-530"
          },
          {
            "date": "2009-03-31T17:30:00.327000",
            "db": "NVD",
            "id": "CVE-2007-6723"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-08-17T00:00:00",
            "db": "VULHUB",
            "id": "VHN-30085"
          },
          {
            "date": "2016-07-05T22:00:00",
            "db": "BID",
            "id": "26386"
          },
          {
            "date": "2012-06-26T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2009-002717"
          },
          {
            "date": "2009-03-31T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-200903-530"
          },
          {
            "date": "2025-04-09T00:30:58.490000",
            "db": "NVD",
            "id": "CVE-2007-6723"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-200903-530"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Windows and  Mac OS X Run on  TorK Vulnerabilities whose settings are changed",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2009-002717"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Configuration Error",
        "sources": [
          {
            "db": "BID",
            "id": "26386"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200903-530"
          }
        ],
        "trust": 0.9
      }
    }

    CVE-2007-6723 (GCVE-0-2007-6723)

    Vulnerability from nvd – Published: 2009-03-31 17:00 – Updated: 2024-08-07 16:18
    VLAI
    Summary
    TorK before 0.22, when running on Windows and Mac OS X, installs Privoxy with a configuration file (config.txt or config) that contains insecure (1) enable-remote-toggle and (2) enable-edit-actions settings, which allows remote attackers to bypass intended access restrictions and modify configuration.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2007-10-31 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T16:18:20.722Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "[or-talk] 20071031 Insecure Privoxy Configuration in Vidalia Bundles Prior to 0.1.2.18",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://archives.seul.org/or/talk/Oct-2007/msg00291.html"
              },
              {
                "name": "[or-talk] 20071031 Re: Insecure Privoxy Configuration in Vidalia Bundles Prior to 0.1.2.18",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://archives.seul.org/or/talk/Oct-2007/msg00296.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://sourceforge.net/project/shownotes.php?release_id=551544\u0026group_id=159836"
              },
              {
                "name": "tork-privoxy-security-bypass(42280)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42280"
              },
              {
                "name": "48694",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/48694"
              },
              {
                "name": "26386",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/26386"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-10-31T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "TorK before 0.22, when running on Windows and Mac OS X, installs Privoxy with a configuration file (config.txt or config) that contains insecure (1) enable-remote-toggle and (2) enable-edit-actions settings, which allows remote attackers to bypass intended access restrictions and modify configuration."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-16T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "[or-talk] 20071031 Insecure Privoxy Configuration in Vidalia Bundles Prior to 0.1.2.18",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://archives.seul.org/or/talk/Oct-2007/msg00291.html"
            },
            {
              "name": "[or-talk] 20071031 Re: Insecure Privoxy Configuration in Vidalia Bundles Prior to 0.1.2.18",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://archives.seul.org/or/talk/Oct-2007/msg00296.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://sourceforge.net/project/shownotes.php?release_id=551544\u0026group_id=159836"
            },
            {
              "name": "tork-privoxy-security-bypass(42280)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42280"
            },
            {
              "name": "48694",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/48694"
            },
            {
              "name": "26386",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/26386"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-6723",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "TorK before 0.22, when running on Windows and Mac OS X, installs Privoxy with a configuration file (config.txt or config) that contains insecure (1) enable-remote-toggle and (2) enable-edit-actions settings, which allows remote attackers to bypass intended access restrictions and modify configuration."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "[or-talk] 20071031 Insecure Privoxy Configuration in Vidalia Bundles Prior to 0.1.2.18",
                  "refsource": "MLIST",
                  "url": "http://archives.seul.org/or/talk/Oct-2007/msg00291.html"
                },
                {
                  "name": "[or-talk] 20071031 Re: Insecure Privoxy Configuration in Vidalia Bundles Prior to 0.1.2.18",
                  "refsource": "MLIST",
                  "url": "http://archives.seul.org/or/talk/Oct-2007/msg00296.html"
                },
                {
                  "name": "http://sourceforge.net/project/shownotes.php?release_id=551544\u0026group_id=159836",
                  "refsource": "CONFIRM",
                  "url": "http://sourceforge.net/project/shownotes.php?release_id=551544\u0026group_id=159836"
                },
                {
                  "name": "tork-privoxy-security-bypass(42280)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42280"
                },
                {
                  "name": "48694",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/48694"
                },
                {
                  "name": "26386",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/26386"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-6723",
        "datePublished": "2009-03-31T17:00:00.000Z",
        "dateReserved": "2009-03-31T00:00:00.000Z",
        "dateUpdated": "2024-08-07T16:18:20.722Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-6723 (GCVE-0-2007-6723)

    Vulnerability from cvelistv5 – Published: 2009-03-31 17:00 – Updated: 2024-08-07 16:18
    VLAI
    Summary
    TorK before 0.22, when running on Windows and Mac OS X, installs Privoxy with a configuration file (config.txt or config) that contains insecure (1) enable-remote-toggle and (2) enable-edit-actions settings, which allows remote attackers to bypass intended access restrictions and modify configuration.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2007-10-31 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T16:18:20.722Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "[or-talk] 20071031 Insecure Privoxy Configuration in Vidalia Bundles Prior to 0.1.2.18",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://archives.seul.org/or/talk/Oct-2007/msg00291.html"
              },
              {
                "name": "[or-talk] 20071031 Re: Insecure Privoxy Configuration in Vidalia Bundles Prior to 0.1.2.18",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://archives.seul.org/or/talk/Oct-2007/msg00296.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://sourceforge.net/project/shownotes.php?release_id=551544\u0026group_id=159836"
              },
              {
                "name": "tork-privoxy-security-bypass(42280)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42280"
              },
              {
                "name": "48694",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/48694"
              },
              {
                "name": "26386",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/26386"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-10-31T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "TorK before 0.22, when running on Windows and Mac OS X, installs Privoxy with a configuration file (config.txt or config) that contains insecure (1) enable-remote-toggle and (2) enable-edit-actions settings, which allows remote attackers to bypass intended access restrictions and modify configuration."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-16T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "[or-talk] 20071031 Insecure Privoxy Configuration in Vidalia Bundles Prior to 0.1.2.18",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://archives.seul.org/or/talk/Oct-2007/msg00291.html"
            },
            {
              "name": "[or-talk] 20071031 Re: Insecure Privoxy Configuration in Vidalia Bundles Prior to 0.1.2.18",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://archives.seul.org/or/talk/Oct-2007/msg00296.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://sourceforge.net/project/shownotes.php?release_id=551544\u0026group_id=159836"
            },
            {
              "name": "tork-privoxy-security-bypass(42280)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42280"
            },
            {
              "name": "48694",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/48694"
            },
            {
              "name": "26386",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/26386"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-6723",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "TorK before 0.22, when running on Windows and Mac OS X, installs Privoxy with a configuration file (config.txt or config) that contains insecure (1) enable-remote-toggle and (2) enable-edit-actions settings, which allows remote attackers to bypass intended access restrictions and modify configuration."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "[or-talk] 20071031 Insecure Privoxy Configuration in Vidalia Bundles Prior to 0.1.2.18",
                  "refsource": "MLIST",
                  "url": "http://archives.seul.org/or/talk/Oct-2007/msg00291.html"
                },
                {
                  "name": "[or-talk] 20071031 Re: Insecure Privoxy Configuration in Vidalia Bundles Prior to 0.1.2.18",
                  "refsource": "MLIST",
                  "url": "http://archives.seul.org/or/talk/Oct-2007/msg00296.html"
                },
                {
                  "name": "http://sourceforge.net/project/shownotes.php?release_id=551544\u0026group_id=159836",
                  "refsource": "CONFIRM",
                  "url": "http://sourceforge.net/project/shownotes.php?release_id=551544\u0026group_id=159836"
                },
                {
                  "name": "tork-privoxy-security-bypass(42280)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42280"
                },
                {
                  "name": "48694",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/48694"
                },
                {
                  "name": "26386",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/26386"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-6723",
        "datePublished": "2009-03-31T17:00:00.000Z",
        "dateReserved": "2009-03-31T00:00:00.000Z",
        "dateUpdated": "2024-08-07T16:18:20.722Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }