Search

Find a vulnerability

Search criteria

    6 vulnerabilities by roi_revolution

    CVE-2007-5112 (GCVE-0-2007-5112)

    Vulnerability from nvd – Published: 2007-09-26 23:00 – Updated: 2024-08-07 15:17
    VLAI
    Summary
    Cross-site scripting (XSS) vulnerability in session.cgi (aka the login page) in Google Urchin 5 5.7.03 and earlier allows remote attackers to inject arbitrary web script or HTML via the query string, a different vulnerability than CVE-2007-4713. NOTE: this can be leveraged to capture login credentials in some browsers that support remembered (auto-completed) passwords.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Date Public
    2007-08-23 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T15:17:28.284Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://securityvulns.ru/Sdocument90.html"
              },
              {
                "name": "38578",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/38578"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://ha.ckers.org/blog/20070823/xss-and-possible-information-disclosure-in-urchin/"
              },
              {
                "name": "20070924 Google Urchin password theft madness",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/480469/100/0/threaded"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.gnucitizen.org/blog/google-urchin-password-theft-madness"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://websecurity.com.ua/1283/"
              },
              {
                "name": "20071010 Vulnerabilities digest",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/482006/100/0/threaded"
              },
              {
                "name": "3177",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/3177"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://hackademix.net/2007/09/24/googhole-xss-pwning-gmail-picasa-and-almost-200k-customers/"
              },
              {
                "name": "25788",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/25788"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-08-23T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site scripting (XSS) vulnerability in session.cgi (aka the login page) in Google Urchin 5 5.7.03 and earlier allows remote attackers to inject arbitrary web script or HTML via the query string, a different vulnerability than CVE-2007-4713.  NOTE: this can be leveraged to capture login credentials in some browsers that support remembered (auto-completed) passwords."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-15T20:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://securityvulns.ru/Sdocument90.html"
            },
            {
              "name": "38578",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/38578"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://ha.ckers.org/blog/20070823/xss-and-possible-information-disclosure-in-urchin/"
            },
            {
              "name": "20070924 Google Urchin password theft madness",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/480469/100/0/threaded"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.gnucitizen.org/blog/google-urchin-password-theft-madness"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://websecurity.com.ua/1283/"
            },
            {
              "name": "20071010 Vulnerabilities digest",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/482006/100/0/threaded"
            },
            {
              "name": "3177",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/3177"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://hackademix.net/2007/09/24/googhole-xss-pwning-gmail-picasa-and-almost-200k-customers/"
            },
            {
              "name": "25788",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/25788"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-5112",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site scripting (XSS) vulnerability in session.cgi (aka the login page) in Google Urchin 5 5.7.03 and earlier allows remote attackers to inject arbitrary web script or HTML via the query string, a different vulnerability than CVE-2007-4713.  NOTE: this can be leveraged to capture login credentials in some browsers that support remembered (auto-completed) passwords."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://securityvulns.ru/Sdocument90.html",
                  "refsource": "MISC",
                  "url": "http://securityvulns.ru/Sdocument90.html"
                },
                {
                  "name": "38578",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/38578"
                },
                {
                  "name": "http://ha.ckers.org/blog/20070823/xss-and-possible-information-disclosure-in-urchin/",
                  "refsource": "MISC",
                  "url": "http://ha.ckers.org/blog/20070823/xss-and-possible-information-disclosure-in-urchin/"
                },
                {
                  "name": "20070924 Google Urchin password theft madness",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/480469/100/0/threaded"
                },
                {
                  "name": "http://www.gnucitizen.org/blog/google-urchin-password-theft-madness",
                  "refsource": "MISC",
                  "url": "http://www.gnucitizen.org/blog/google-urchin-password-theft-madness"
                },
                {
                  "name": "http://websecurity.com.ua/1283/",
                  "refsource": "MISC",
                  "url": "http://websecurity.com.ua/1283/"
                },
                {
                  "name": "20071010 Vulnerabilities digest",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/482006/100/0/threaded"
                },
                {
                  "name": "3177",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/3177"
                },
                {
                  "name": "http://hackademix.net/2007/09/24/googhole-xss-pwning-gmail-picasa-and-almost-200k-customers/",
                  "refsource": "MISC",
                  "url": "http://hackademix.net/2007/09/24/googhole-xss-pwning-gmail-picasa-and-almost-200k-customers/"
                },
                {
                  "name": "25788",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/25788"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-5112",
        "datePublished": "2007-09-26T23:00:00.000Z",
        "dateReserved": "2007-09-26T00:00:00.000Z",
        "dateUpdated": "2024-08-07T15:17:28.284Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-5113 (GCVE-0-2007-5113)

    Vulnerability from nvd – Published: 2007-09-26 23:00 – Updated: 2024-08-07 15:17
    VLAI
    Summary
    report.cgi in Google Urchin allows remote attackers to bypass authentication and obtain sensitive information (web server logs) via certain modified query parameters, as demonstrated using the profile, rid, prefs, n, vid, bd, ed, dt, and gtype parameters, a different vulnerability than CVE-2007-5112.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2007-08-23 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T15:17:28.254Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "26037",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/26037"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://securityvulns.ru/Sdocument90.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://ha.ckers.org/blog/20070823/xss-and-possible-information-disclosure-in-urchin/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://websecurity.com.ua/1283/"
              },
              {
                "name": "20071010 Vulnerabilities digest",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/482006/100/0/threaded"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-08-23T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "report.cgi in Google Urchin allows remote attackers to bypass authentication and obtain sensitive information (web server logs) via certain modified query parameters, as demonstrated using the profile, rid, prefs, n, vid, bd, ed, dt, and gtype parameters, a different vulnerability than CVE-2007-5112."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-15T20:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "26037",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/26037"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://securityvulns.ru/Sdocument90.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://ha.ckers.org/blog/20070823/xss-and-possible-information-disclosure-in-urchin/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://websecurity.com.ua/1283/"
            },
            {
              "name": "20071010 Vulnerabilities digest",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/482006/100/0/threaded"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-5113",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "report.cgi in Google Urchin allows remote attackers to bypass authentication and obtain sensitive information (web server logs) via certain modified query parameters, as demonstrated using the profile, rid, prefs, n, vid, bd, ed, dt, and gtype parameters, a different vulnerability than CVE-2007-5112."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "26037",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/26037"
                },
                {
                  "name": "http://securityvulns.ru/Sdocument90.html",
                  "refsource": "MISC",
                  "url": "http://securityvulns.ru/Sdocument90.html"
                },
                {
                  "name": "http://ha.ckers.org/blog/20070823/xss-and-possible-information-disclosure-in-urchin/",
                  "refsource": "MISC",
                  "url": "http://ha.ckers.org/blog/20070823/xss-and-possible-information-disclosure-in-urchin/"
                },
                {
                  "name": "http://websecurity.com.ua/1283/",
                  "refsource": "MISC",
                  "url": "http://websecurity.com.ua/1283/"
                },
                {
                  "name": "20071010 Vulnerabilities digest",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/482006/100/0/threaded"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-5113",
        "datePublished": "2007-09-26T23:00:00.000Z",
        "dateReserved": "2007-09-26T00:00:00.000Z",
        "dateUpdated": "2024-08-07T15:17:28.254Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-4713 (GCVE-0-2007-4713)

    Vulnerability from nvd – Published: 2007-09-05 19:00 – Updated: 2024-08-07 15:08
    VLAI
    Summary
    Multiple cross-site scripting (XSS) vulnerabilities in urchin.cgi in Urchin 5.6.00r2 allow remote attackers to inject arbitrary web script or HTML via the (1) dtc, (2) vid, (3) n, (4) dt, (5) ed, and (6) bd parameters.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.vupen.com/english/advisories/2007/3085 vdb-entryx_refsource_VUPEN
    http://pridels-team.blogspot.com/2007/09/urchin-5… x_refsource_MISC
    http://osvdb.org/36807 vdb-entryx_refsource_OSVDB
    http://secunia.com/advisories/26682 third-party-advisoryx_refsource_SECUNIA
    http://www.securityfocus.com/bid/25530 vdb-entryx_refsource_BID
    Date Public
    2007-09-01 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T15:08:33.621Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "urchin-urchin-xss(36401)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36401"
              },
              {
                "name": "ADV-2007-3085",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2007/3085"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://pridels-team.blogspot.com/2007/09/urchin-5x-multiple-xss-vuln.html"
              },
              {
                "name": "36807",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/36807"
              },
              {
                "name": "26682",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/26682"
              },
              {
                "name": "25530",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/25530"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-09-01T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in urchin.cgi in Urchin 5.6.00r2 allow remote attackers to inject arbitrary web script or HTML via the (1) dtc, (2) vid, (3) n, (4) dt, (5) ed, and (6) bd parameters."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-28T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "urchin-urchin-xss(36401)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36401"
            },
            {
              "name": "ADV-2007-3085",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2007/3085"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://pridels-team.blogspot.com/2007/09/urchin-5x-multiple-xss-vuln.html"
            },
            {
              "name": "36807",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/36807"
            },
            {
              "name": "26682",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/26682"
            },
            {
              "name": "25530",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/25530"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-4713",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple cross-site scripting (XSS) vulnerabilities in urchin.cgi in Urchin 5.6.00r2 allow remote attackers to inject arbitrary web script or HTML via the (1) dtc, (2) vid, (3) n, (4) dt, (5) ed, and (6) bd parameters."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "urchin-urchin-xss(36401)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36401"
                },
                {
                  "name": "ADV-2007-3085",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2007/3085"
                },
                {
                  "name": "http://pridels-team.blogspot.com/2007/09/urchin-5x-multiple-xss-vuln.html",
                  "refsource": "MISC",
                  "url": "http://pridels-team.blogspot.com/2007/09/urchin-5x-multiple-xss-vuln.html"
                },
                {
                  "name": "36807",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/36807"
                },
                {
                  "name": "26682",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/26682"
                },
                {
                  "name": "25530",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/25530"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-4713",
        "datePublished": "2007-09-05T19:00:00.000Z",
        "dateReserved": "2007-09-05T00:00:00.000Z",
        "dateUpdated": "2024-08-07T15:08:33.621Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-5112 (GCVE-0-2007-5112)

    Vulnerability from cvelistv5 – Published: 2007-09-26 23:00 – Updated: 2024-08-07 15:17
    VLAI
    Summary
    Cross-site scripting (XSS) vulnerability in session.cgi (aka the login page) in Google Urchin 5 5.7.03 and earlier allows remote attackers to inject arbitrary web script or HTML via the query string, a different vulnerability than CVE-2007-4713. NOTE: this can be leveraged to capture login credentials in some browsers that support remembered (auto-completed) passwords.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Date Public
    2007-08-23 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T15:17:28.284Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://securityvulns.ru/Sdocument90.html"
              },
              {
                "name": "38578",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/38578"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://ha.ckers.org/blog/20070823/xss-and-possible-information-disclosure-in-urchin/"
              },
              {
                "name": "20070924 Google Urchin password theft madness",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/480469/100/0/threaded"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.gnucitizen.org/blog/google-urchin-password-theft-madness"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://websecurity.com.ua/1283/"
              },
              {
                "name": "20071010 Vulnerabilities digest",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/482006/100/0/threaded"
              },
              {
                "name": "3177",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/3177"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://hackademix.net/2007/09/24/googhole-xss-pwning-gmail-picasa-and-almost-200k-customers/"
              },
              {
                "name": "25788",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/25788"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-08-23T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site scripting (XSS) vulnerability in session.cgi (aka the login page) in Google Urchin 5 5.7.03 and earlier allows remote attackers to inject arbitrary web script or HTML via the query string, a different vulnerability than CVE-2007-4713.  NOTE: this can be leveraged to capture login credentials in some browsers that support remembered (auto-completed) passwords."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-15T20:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://securityvulns.ru/Sdocument90.html"
            },
            {
              "name": "38578",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/38578"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://ha.ckers.org/blog/20070823/xss-and-possible-information-disclosure-in-urchin/"
            },
            {
              "name": "20070924 Google Urchin password theft madness",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/480469/100/0/threaded"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.gnucitizen.org/blog/google-urchin-password-theft-madness"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://websecurity.com.ua/1283/"
            },
            {
              "name": "20071010 Vulnerabilities digest",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/482006/100/0/threaded"
            },
            {
              "name": "3177",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/3177"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://hackademix.net/2007/09/24/googhole-xss-pwning-gmail-picasa-and-almost-200k-customers/"
            },
            {
              "name": "25788",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/25788"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-5112",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site scripting (XSS) vulnerability in session.cgi (aka the login page) in Google Urchin 5 5.7.03 and earlier allows remote attackers to inject arbitrary web script or HTML via the query string, a different vulnerability than CVE-2007-4713.  NOTE: this can be leveraged to capture login credentials in some browsers that support remembered (auto-completed) passwords."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://securityvulns.ru/Sdocument90.html",
                  "refsource": "MISC",
                  "url": "http://securityvulns.ru/Sdocument90.html"
                },
                {
                  "name": "38578",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/38578"
                },
                {
                  "name": "http://ha.ckers.org/blog/20070823/xss-and-possible-information-disclosure-in-urchin/",
                  "refsource": "MISC",
                  "url": "http://ha.ckers.org/blog/20070823/xss-and-possible-information-disclosure-in-urchin/"
                },
                {
                  "name": "20070924 Google Urchin password theft madness",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/480469/100/0/threaded"
                },
                {
                  "name": "http://www.gnucitizen.org/blog/google-urchin-password-theft-madness",
                  "refsource": "MISC",
                  "url": "http://www.gnucitizen.org/blog/google-urchin-password-theft-madness"
                },
                {
                  "name": "http://websecurity.com.ua/1283/",
                  "refsource": "MISC",
                  "url": "http://websecurity.com.ua/1283/"
                },
                {
                  "name": "20071010 Vulnerabilities digest",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/482006/100/0/threaded"
                },
                {
                  "name": "3177",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/3177"
                },
                {
                  "name": "http://hackademix.net/2007/09/24/googhole-xss-pwning-gmail-picasa-and-almost-200k-customers/",
                  "refsource": "MISC",
                  "url": "http://hackademix.net/2007/09/24/googhole-xss-pwning-gmail-picasa-and-almost-200k-customers/"
                },
                {
                  "name": "25788",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/25788"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-5112",
        "datePublished": "2007-09-26T23:00:00.000Z",
        "dateReserved": "2007-09-26T00:00:00.000Z",
        "dateUpdated": "2024-08-07T15:17:28.284Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-5113 (GCVE-0-2007-5113)

    Vulnerability from cvelistv5 – Published: 2007-09-26 23:00 – Updated: 2024-08-07 15:17
    VLAI
    Summary
    report.cgi in Google Urchin allows remote attackers to bypass authentication and obtain sensitive information (web server logs) via certain modified query parameters, as demonstrated using the profile, rid, prefs, n, vid, bd, ed, dt, and gtype parameters, a different vulnerability than CVE-2007-5112.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2007-08-23 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T15:17:28.254Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "26037",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/26037"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://securityvulns.ru/Sdocument90.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://ha.ckers.org/blog/20070823/xss-and-possible-information-disclosure-in-urchin/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://websecurity.com.ua/1283/"
              },
              {
                "name": "20071010 Vulnerabilities digest",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/482006/100/0/threaded"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-08-23T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "report.cgi in Google Urchin allows remote attackers to bypass authentication and obtain sensitive information (web server logs) via certain modified query parameters, as demonstrated using the profile, rid, prefs, n, vid, bd, ed, dt, and gtype parameters, a different vulnerability than CVE-2007-5112."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-15T20:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "26037",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/26037"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://securityvulns.ru/Sdocument90.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://ha.ckers.org/blog/20070823/xss-and-possible-information-disclosure-in-urchin/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://websecurity.com.ua/1283/"
            },
            {
              "name": "20071010 Vulnerabilities digest",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/482006/100/0/threaded"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-5113",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "report.cgi in Google Urchin allows remote attackers to bypass authentication and obtain sensitive information (web server logs) via certain modified query parameters, as demonstrated using the profile, rid, prefs, n, vid, bd, ed, dt, and gtype parameters, a different vulnerability than CVE-2007-5112."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "26037",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/26037"
                },
                {
                  "name": "http://securityvulns.ru/Sdocument90.html",
                  "refsource": "MISC",
                  "url": "http://securityvulns.ru/Sdocument90.html"
                },
                {
                  "name": "http://ha.ckers.org/blog/20070823/xss-and-possible-information-disclosure-in-urchin/",
                  "refsource": "MISC",
                  "url": "http://ha.ckers.org/blog/20070823/xss-and-possible-information-disclosure-in-urchin/"
                },
                {
                  "name": "http://websecurity.com.ua/1283/",
                  "refsource": "MISC",
                  "url": "http://websecurity.com.ua/1283/"
                },
                {
                  "name": "20071010 Vulnerabilities digest",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/482006/100/0/threaded"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-5113",
        "datePublished": "2007-09-26T23:00:00.000Z",
        "dateReserved": "2007-09-26T00:00:00.000Z",
        "dateUpdated": "2024-08-07T15:17:28.254Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-4713 (GCVE-0-2007-4713)

    Vulnerability from cvelistv5 – Published: 2007-09-05 19:00 – Updated: 2024-08-07 15:08
    VLAI
    Summary
    Multiple cross-site scripting (XSS) vulnerabilities in urchin.cgi in Urchin 5.6.00r2 allow remote attackers to inject arbitrary web script or HTML via the (1) dtc, (2) vid, (3) n, (4) dt, (5) ed, and (6) bd parameters.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.vupen.com/english/advisories/2007/3085 vdb-entryx_refsource_VUPEN
    http://pridels-team.blogspot.com/2007/09/urchin-5… x_refsource_MISC
    http://osvdb.org/36807 vdb-entryx_refsource_OSVDB
    http://secunia.com/advisories/26682 third-party-advisoryx_refsource_SECUNIA
    http://www.securityfocus.com/bid/25530 vdb-entryx_refsource_BID
    Date Public
    2007-09-01 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T15:08:33.621Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "urchin-urchin-xss(36401)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36401"
              },
              {
                "name": "ADV-2007-3085",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2007/3085"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://pridels-team.blogspot.com/2007/09/urchin-5x-multiple-xss-vuln.html"
              },
              {
                "name": "36807",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/36807"
              },
              {
                "name": "26682",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/26682"
              },
              {
                "name": "25530",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/25530"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-09-01T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in urchin.cgi in Urchin 5.6.00r2 allow remote attackers to inject arbitrary web script or HTML via the (1) dtc, (2) vid, (3) n, (4) dt, (5) ed, and (6) bd parameters."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-28T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "urchin-urchin-xss(36401)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36401"
            },
            {
              "name": "ADV-2007-3085",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2007/3085"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://pridels-team.blogspot.com/2007/09/urchin-5x-multiple-xss-vuln.html"
            },
            {
              "name": "36807",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/36807"
            },
            {
              "name": "26682",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/26682"
            },
            {
              "name": "25530",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/25530"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-4713",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple cross-site scripting (XSS) vulnerabilities in urchin.cgi in Urchin 5.6.00r2 allow remote attackers to inject arbitrary web script or HTML via the (1) dtc, (2) vid, (3) n, (4) dt, (5) ed, and (6) bd parameters."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "urchin-urchin-xss(36401)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36401"
                },
                {
                  "name": "ADV-2007-3085",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2007/3085"
                },
                {
                  "name": "http://pridels-team.blogspot.com/2007/09/urchin-5x-multiple-xss-vuln.html",
                  "refsource": "MISC",
                  "url": "http://pridels-team.blogspot.com/2007/09/urchin-5x-multiple-xss-vuln.html"
                },
                {
                  "name": "36807",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/36807"
                },
                {
                  "name": "26682",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/26682"
                },
                {
                  "name": "25530",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/25530"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-4713",
        "datePublished": "2007-09-05T19:00:00.000Z",
        "dateReserved": "2007-09-05T00:00:00.000Z",
        "dateUpdated": "2024-08-07T15:08:33.621Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }