Search
Find a vulnerability
Search criteria
6 vulnerabilities by roi_revolution
CVE-2007-5112 (GCVE-0-2007-5112)
Vulnerability from nvd – Published: 2007-09-26 23:00 – Updated: 2024-08-07 15:17
VLAI
EPSS
VEX
Summary
Cross-site scripting (XSS) vulnerability in session.cgi (aka the login page) in Google Urchin 5 5.7.03 and earlier allows remote attackers to inject arbitrary web script or HTML via the query string, a different vulnerability than CVE-2007-4713. NOTE: this can be leveraged to capture login credentials in some browsers that support remembered (auto-completed) passwords.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
10 references
| URL | Tags |
|---|---|
| http://securityvulns.ru/Sdocument90.html | x_refsource_MISC |
| http://osvdb.org/38578 | vdb-entryx_refsource_OSVDB |
| http://ha.ckers.org/blog/20070823/xss-and-possibl… | x_refsource_MISC |
| http://www.securityfocus.com/archive/1/480469/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.gnucitizen.org/blog/google-urchin-pass… | x_refsource_MISC |
| http://websecurity.com.ua/1283/ | x_refsource_MISC |
| http://www.securityfocus.com/archive/1/482006/100… | mailing-listx_refsource_BUGTRAQ |
| http://securityreason.com/securityalert/3177 | third-party-advisoryx_refsource_SREASON |
| http://hackademix.net/2007/09/24/googhole-xss-pwn… | x_refsource_MISC |
| http://www.securityfocus.com/bid/25788 | vdb-entryx_refsource_BID |
Date Public
2007-08-23 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:17:28.284Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://securityvulns.ru/Sdocument90.html"
},
{
"name": "38578",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/38578"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://ha.ckers.org/blog/20070823/xss-and-possible-information-disclosure-in-urchin/"
},
{
"name": "20070924 Google Urchin password theft madness",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/480469/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.gnucitizen.org/blog/google-urchin-password-theft-madness"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://websecurity.com.ua/1283/"
},
{
"name": "20071010 Vulnerabilities digest",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/482006/100/0/threaded"
},
{
"name": "3177",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3177"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://hackademix.net/2007/09/24/googhole-xss-pwning-gmail-picasa-and-almost-200k-customers/"
},
{
"name": "25788",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25788"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-08-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in session.cgi (aka the login page) in Google Urchin 5 5.7.03 and earlier allows remote attackers to inject arbitrary web script or HTML via the query string, a different vulnerability than CVE-2007-4713. NOTE: this can be leveraged to capture login credentials in some browsers that support remembered (auto-completed) passwords."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://securityvulns.ru/Sdocument90.html"
},
{
"name": "38578",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/38578"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://ha.ckers.org/blog/20070823/xss-and-possible-information-disclosure-in-urchin/"
},
{
"name": "20070924 Google Urchin password theft madness",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/480469/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.gnucitizen.org/blog/google-urchin-password-theft-madness"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://websecurity.com.ua/1283/"
},
{
"name": "20071010 Vulnerabilities digest",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/482006/100/0/threaded"
},
{
"name": "3177",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3177"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://hackademix.net/2007/09/24/googhole-xss-pwning-gmail-picasa-and-almost-200k-customers/"
},
{
"name": "25788",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25788"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-5112",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in session.cgi (aka the login page) in Google Urchin 5 5.7.03 and earlier allows remote attackers to inject arbitrary web script or HTML via the query string, a different vulnerability than CVE-2007-4713. NOTE: this can be leveraged to capture login credentials in some browsers that support remembered (auto-completed) passwords."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://securityvulns.ru/Sdocument90.html",
"refsource": "MISC",
"url": "http://securityvulns.ru/Sdocument90.html"
},
{
"name": "38578",
"refsource": "OSVDB",
"url": "http://osvdb.org/38578"
},
{
"name": "http://ha.ckers.org/blog/20070823/xss-and-possible-information-disclosure-in-urchin/",
"refsource": "MISC",
"url": "http://ha.ckers.org/blog/20070823/xss-and-possible-information-disclosure-in-urchin/"
},
{
"name": "20070924 Google Urchin password theft madness",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/480469/100/0/threaded"
},
{
"name": "http://www.gnucitizen.org/blog/google-urchin-password-theft-madness",
"refsource": "MISC",
"url": "http://www.gnucitizen.org/blog/google-urchin-password-theft-madness"
},
{
"name": "http://websecurity.com.ua/1283/",
"refsource": "MISC",
"url": "http://websecurity.com.ua/1283/"
},
{
"name": "20071010 Vulnerabilities digest",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/482006/100/0/threaded"
},
{
"name": "3177",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3177"
},
{
"name": "http://hackademix.net/2007/09/24/googhole-xss-pwning-gmail-picasa-and-almost-200k-customers/",
"refsource": "MISC",
"url": "http://hackademix.net/2007/09/24/googhole-xss-pwning-gmail-picasa-and-almost-200k-customers/"
},
{
"name": "25788",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25788"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-5112",
"datePublished": "2007-09-26T23:00:00.000Z",
"dateReserved": "2007-09-26T00:00:00.000Z",
"dateUpdated": "2024-08-07T15:17:28.284Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-5113 (GCVE-0-2007-5113)
Vulnerability from nvd – Published: 2007-09-26 23:00 – Updated: 2024-08-07 15:17
VLAI
EPSS
VEX
Summary
report.cgi in Google Urchin allows remote attackers to bypass authentication and obtain sensitive information (web server logs) via certain modified query parameters, as demonstrated using the profile, rid, prefs, n, vid, bd, ed, dt, and gtype parameters, a different vulnerability than CVE-2007-5112.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/26037 | vdb-entryx_refsource_BID |
| http://securityvulns.ru/Sdocument90.html | x_refsource_MISC |
| http://ha.ckers.org/blog/20070823/xss-and-possibl… | x_refsource_MISC |
| http://websecurity.com.ua/1283/ | x_refsource_MISC |
| http://www.securityfocus.com/archive/1/482006/100… | mailing-listx_refsource_BUGTRAQ |
Date Public
2007-08-23 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:17:28.254Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "26037",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/26037"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://securityvulns.ru/Sdocument90.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://ha.ckers.org/blog/20070823/xss-and-possible-information-disclosure-in-urchin/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://websecurity.com.ua/1283/"
},
{
"name": "20071010 Vulnerabilities digest",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/482006/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-08-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "report.cgi in Google Urchin allows remote attackers to bypass authentication and obtain sensitive information (web server logs) via certain modified query parameters, as demonstrated using the profile, rid, prefs, n, vid, bd, ed, dt, and gtype parameters, a different vulnerability than CVE-2007-5112."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "26037",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/26037"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://securityvulns.ru/Sdocument90.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://ha.ckers.org/blog/20070823/xss-and-possible-information-disclosure-in-urchin/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://websecurity.com.ua/1283/"
},
{
"name": "20071010 Vulnerabilities digest",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/482006/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-5113",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "report.cgi in Google Urchin allows remote attackers to bypass authentication and obtain sensitive information (web server logs) via certain modified query parameters, as demonstrated using the profile, rid, prefs, n, vid, bd, ed, dt, and gtype parameters, a different vulnerability than CVE-2007-5112."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "26037",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26037"
},
{
"name": "http://securityvulns.ru/Sdocument90.html",
"refsource": "MISC",
"url": "http://securityvulns.ru/Sdocument90.html"
},
{
"name": "http://ha.ckers.org/blog/20070823/xss-and-possible-information-disclosure-in-urchin/",
"refsource": "MISC",
"url": "http://ha.ckers.org/blog/20070823/xss-and-possible-information-disclosure-in-urchin/"
},
{
"name": "http://websecurity.com.ua/1283/",
"refsource": "MISC",
"url": "http://websecurity.com.ua/1283/"
},
{
"name": "20071010 Vulnerabilities digest",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/482006/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-5113",
"datePublished": "2007-09-26T23:00:00.000Z",
"dateReserved": "2007-09-26T00:00:00.000Z",
"dateUpdated": "2024-08-07T15:17:28.254Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-4713 (GCVE-0-2007-4713)
Vulnerability from nvd – Published: 2007-09-05 19:00 – Updated: 2024-08-07 15:08
VLAI
EPSS
VEX
Summary
Multiple cross-site scripting (XSS) vulnerabilities in urchin.cgi in Urchin 5.6.00r2 allow remote attackers to inject arbitrary web script or HTML via the (1) dtc, (2) vid, (3) n, (4) dt, (5) ed, and (6) bd parameters.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.vupen.com/english/advisories/2007/3085 | vdb-entryx_refsource_VUPEN |
| http://pridels-team.blogspot.com/2007/09/urchin-5… | x_refsource_MISC |
| http://osvdb.org/36807 | vdb-entryx_refsource_OSVDB |
| http://secunia.com/advisories/26682 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/bid/25530 | vdb-entryx_refsource_BID |
Date Public
2007-09-01 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:08:33.621Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "urchin-urchin-xss(36401)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36401"
},
{
"name": "ADV-2007-3085",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/3085"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://pridels-team.blogspot.com/2007/09/urchin-5x-multiple-xss-vuln.html"
},
{
"name": "36807",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/36807"
},
{
"name": "26682",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26682"
},
{
"name": "25530",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25530"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-09-01T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in urchin.cgi in Urchin 5.6.00r2 allow remote attackers to inject arbitrary web script or HTML via the (1) dtc, (2) vid, (3) n, (4) dt, (5) ed, and (6) bd parameters."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "urchin-urchin-xss(36401)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36401"
},
{
"name": "ADV-2007-3085",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/3085"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://pridels-team.blogspot.com/2007/09/urchin-5x-multiple-xss-vuln.html"
},
{
"name": "36807",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/36807"
},
{
"name": "26682",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26682"
},
{
"name": "25530",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25530"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4713",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in urchin.cgi in Urchin 5.6.00r2 allow remote attackers to inject arbitrary web script or HTML via the (1) dtc, (2) vid, (3) n, (4) dt, (5) ed, and (6) bd parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "urchin-urchin-xss(36401)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36401"
},
{
"name": "ADV-2007-3085",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/3085"
},
{
"name": "http://pridels-team.blogspot.com/2007/09/urchin-5x-multiple-xss-vuln.html",
"refsource": "MISC",
"url": "http://pridels-team.blogspot.com/2007/09/urchin-5x-multiple-xss-vuln.html"
},
{
"name": "36807",
"refsource": "OSVDB",
"url": "http://osvdb.org/36807"
},
{
"name": "26682",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26682"
},
{
"name": "25530",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25530"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-4713",
"datePublished": "2007-09-05T19:00:00.000Z",
"dateReserved": "2007-09-05T00:00:00.000Z",
"dateUpdated": "2024-08-07T15:08:33.621Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-5112 (GCVE-0-2007-5112)
Vulnerability from cvelistv5 – Published: 2007-09-26 23:00 – Updated: 2024-08-07 15:17
VLAI
EPSS
VEX
Summary
Cross-site scripting (XSS) vulnerability in session.cgi (aka the login page) in Google Urchin 5 5.7.03 and earlier allows remote attackers to inject arbitrary web script or HTML via the query string, a different vulnerability than CVE-2007-4713. NOTE: this can be leveraged to capture login credentials in some browsers that support remembered (auto-completed) passwords.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
10 references
| URL | Tags |
|---|---|
| http://securityvulns.ru/Sdocument90.html | x_refsource_MISC |
| http://osvdb.org/38578 | vdb-entryx_refsource_OSVDB |
| http://ha.ckers.org/blog/20070823/xss-and-possibl… | x_refsource_MISC |
| http://www.securityfocus.com/archive/1/480469/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.gnucitizen.org/blog/google-urchin-pass… | x_refsource_MISC |
| http://websecurity.com.ua/1283/ | x_refsource_MISC |
| http://www.securityfocus.com/archive/1/482006/100… | mailing-listx_refsource_BUGTRAQ |
| http://securityreason.com/securityalert/3177 | third-party-advisoryx_refsource_SREASON |
| http://hackademix.net/2007/09/24/googhole-xss-pwn… | x_refsource_MISC |
| http://www.securityfocus.com/bid/25788 | vdb-entryx_refsource_BID |
Date Public
2007-08-23 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:17:28.284Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://securityvulns.ru/Sdocument90.html"
},
{
"name": "38578",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/38578"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://ha.ckers.org/blog/20070823/xss-and-possible-information-disclosure-in-urchin/"
},
{
"name": "20070924 Google Urchin password theft madness",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/480469/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.gnucitizen.org/blog/google-urchin-password-theft-madness"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://websecurity.com.ua/1283/"
},
{
"name": "20071010 Vulnerabilities digest",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/482006/100/0/threaded"
},
{
"name": "3177",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3177"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://hackademix.net/2007/09/24/googhole-xss-pwning-gmail-picasa-and-almost-200k-customers/"
},
{
"name": "25788",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25788"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-08-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in session.cgi (aka the login page) in Google Urchin 5 5.7.03 and earlier allows remote attackers to inject arbitrary web script or HTML via the query string, a different vulnerability than CVE-2007-4713. NOTE: this can be leveraged to capture login credentials in some browsers that support remembered (auto-completed) passwords."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://securityvulns.ru/Sdocument90.html"
},
{
"name": "38578",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/38578"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://ha.ckers.org/blog/20070823/xss-and-possible-information-disclosure-in-urchin/"
},
{
"name": "20070924 Google Urchin password theft madness",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/480469/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.gnucitizen.org/blog/google-urchin-password-theft-madness"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://websecurity.com.ua/1283/"
},
{
"name": "20071010 Vulnerabilities digest",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/482006/100/0/threaded"
},
{
"name": "3177",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3177"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://hackademix.net/2007/09/24/googhole-xss-pwning-gmail-picasa-and-almost-200k-customers/"
},
{
"name": "25788",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25788"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-5112",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in session.cgi (aka the login page) in Google Urchin 5 5.7.03 and earlier allows remote attackers to inject arbitrary web script or HTML via the query string, a different vulnerability than CVE-2007-4713. NOTE: this can be leveraged to capture login credentials in some browsers that support remembered (auto-completed) passwords."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://securityvulns.ru/Sdocument90.html",
"refsource": "MISC",
"url": "http://securityvulns.ru/Sdocument90.html"
},
{
"name": "38578",
"refsource": "OSVDB",
"url": "http://osvdb.org/38578"
},
{
"name": "http://ha.ckers.org/blog/20070823/xss-and-possible-information-disclosure-in-urchin/",
"refsource": "MISC",
"url": "http://ha.ckers.org/blog/20070823/xss-and-possible-information-disclosure-in-urchin/"
},
{
"name": "20070924 Google Urchin password theft madness",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/480469/100/0/threaded"
},
{
"name": "http://www.gnucitizen.org/blog/google-urchin-password-theft-madness",
"refsource": "MISC",
"url": "http://www.gnucitizen.org/blog/google-urchin-password-theft-madness"
},
{
"name": "http://websecurity.com.ua/1283/",
"refsource": "MISC",
"url": "http://websecurity.com.ua/1283/"
},
{
"name": "20071010 Vulnerabilities digest",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/482006/100/0/threaded"
},
{
"name": "3177",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3177"
},
{
"name": "http://hackademix.net/2007/09/24/googhole-xss-pwning-gmail-picasa-and-almost-200k-customers/",
"refsource": "MISC",
"url": "http://hackademix.net/2007/09/24/googhole-xss-pwning-gmail-picasa-and-almost-200k-customers/"
},
{
"name": "25788",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25788"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-5112",
"datePublished": "2007-09-26T23:00:00.000Z",
"dateReserved": "2007-09-26T00:00:00.000Z",
"dateUpdated": "2024-08-07T15:17:28.284Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-5113 (GCVE-0-2007-5113)
Vulnerability from cvelistv5 – Published: 2007-09-26 23:00 – Updated: 2024-08-07 15:17
VLAI
EPSS
VEX
Summary
report.cgi in Google Urchin allows remote attackers to bypass authentication and obtain sensitive information (web server logs) via certain modified query parameters, as demonstrated using the profile, rid, prefs, n, vid, bd, ed, dt, and gtype parameters, a different vulnerability than CVE-2007-5112.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/26037 | vdb-entryx_refsource_BID |
| http://securityvulns.ru/Sdocument90.html | x_refsource_MISC |
| http://ha.ckers.org/blog/20070823/xss-and-possibl… | x_refsource_MISC |
| http://websecurity.com.ua/1283/ | x_refsource_MISC |
| http://www.securityfocus.com/archive/1/482006/100… | mailing-listx_refsource_BUGTRAQ |
Date Public
2007-08-23 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:17:28.254Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "26037",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/26037"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://securityvulns.ru/Sdocument90.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://ha.ckers.org/blog/20070823/xss-and-possible-information-disclosure-in-urchin/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://websecurity.com.ua/1283/"
},
{
"name": "20071010 Vulnerabilities digest",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/482006/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-08-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "report.cgi in Google Urchin allows remote attackers to bypass authentication and obtain sensitive information (web server logs) via certain modified query parameters, as demonstrated using the profile, rid, prefs, n, vid, bd, ed, dt, and gtype parameters, a different vulnerability than CVE-2007-5112."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "26037",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/26037"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://securityvulns.ru/Sdocument90.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://ha.ckers.org/blog/20070823/xss-and-possible-information-disclosure-in-urchin/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://websecurity.com.ua/1283/"
},
{
"name": "20071010 Vulnerabilities digest",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/482006/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-5113",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "report.cgi in Google Urchin allows remote attackers to bypass authentication and obtain sensitive information (web server logs) via certain modified query parameters, as demonstrated using the profile, rid, prefs, n, vid, bd, ed, dt, and gtype parameters, a different vulnerability than CVE-2007-5112."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "26037",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26037"
},
{
"name": "http://securityvulns.ru/Sdocument90.html",
"refsource": "MISC",
"url": "http://securityvulns.ru/Sdocument90.html"
},
{
"name": "http://ha.ckers.org/blog/20070823/xss-and-possible-information-disclosure-in-urchin/",
"refsource": "MISC",
"url": "http://ha.ckers.org/blog/20070823/xss-and-possible-information-disclosure-in-urchin/"
},
{
"name": "http://websecurity.com.ua/1283/",
"refsource": "MISC",
"url": "http://websecurity.com.ua/1283/"
},
{
"name": "20071010 Vulnerabilities digest",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/482006/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-5113",
"datePublished": "2007-09-26T23:00:00.000Z",
"dateReserved": "2007-09-26T00:00:00.000Z",
"dateUpdated": "2024-08-07T15:17:28.254Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-4713 (GCVE-0-2007-4713)
Vulnerability from cvelistv5 – Published: 2007-09-05 19:00 – Updated: 2024-08-07 15:08
VLAI
EPSS
VEX
Summary
Multiple cross-site scripting (XSS) vulnerabilities in urchin.cgi in Urchin 5.6.00r2 allow remote attackers to inject arbitrary web script or HTML via the (1) dtc, (2) vid, (3) n, (4) dt, (5) ed, and (6) bd parameters.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.vupen.com/english/advisories/2007/3085 | vdb-entryx_refsource_VUPEN |
| http://pridels-team.blogspot.com/2007/09/urchin-5… | x_refsource_MISC |
| http://osvdb.org/36807 | vdb-entryx_refsource_OSVDB |
| http://secunia.com/advisories/26682 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/bid/25530 | vdb-entryx_refsource_BID |
Date Public
2007-09-01 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:08:33.621Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "urchin-urchin-xss(36401)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36401"
},
{
"name": "ADV-2007-3085",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/3085"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://pridels-team.blogspot.com/2007/09/urchin-5x-multiple-xss-vuln.html"
},
{
"name": "36807",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/36807"
},
{
"name": "26682",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26682"
},
{
"name": "25530",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25530"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-09-01T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in urchin.cgi in Urchin 5.6.00r2 allow remote attackers to inject arbitrary web script or HTML via the (1) dtc, (2) vid, (3) n, (4) dt, (5) ed, and (6) bd parameters."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "urchin-urchin-xss(36401)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36401"
},
{
"name": "ADV-2007-3085",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/3085"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://pridels-team.blogspot.com/2007/09/urchin-5x-multiple-xss-vuln.html"
},
{
"name": "36807",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/36807"
},
{
"name": "26682",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26682"
},
{
"name": "25530",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25530"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4713",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in urchin.cgi in Urchin 5.6.00r2 allow remote attackers to inject arbitrary web script or HTML via the (1) dtc, (2) vid, (3) n, (4) dt, (5) ed, and (6) bd parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "urchin-urchin-xss(36401)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36401"
},
{
"name": "ADV-2007-3085",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/3085"
},
{
"name": "http://pridels-team.blogspot.com/2007/09/urchin-5x-multiple-xss-vuln.html",
"refsource": "MISC",
"url": "http://pridels-team.blogspot.com/2007/09/urchin-5x-multiple-xss-vuln.html"
},
{
"name": "36807",
"refsource": "OSVDB",
"url": "http://osvdb.org/36807"
},
{
"name": "26682",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26682"
},
{
"name": "25530",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25530"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-4713",
"datePublished": "2007-09-05T19:00:00.000Z",
"dateReserved": "2007-09-05T00:00:00.000Z",
"dateUpdated": "2024-08-07T15:08:33.621Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}