mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-07-29 05:56:59 +00:00
97 lines
3.5 KiB
JSON
97 lines
3.5 KiB
JSON
{
|
|
"CVE_data_meta": {
|
|
"ASSIGNER": "cve@mitre.org",
|
|
"ID": "CVE-2007-1605",
|
|
"STATE": "PUBLIC"
|
|
},
|
|
"affects": {
|
|
"vendor": {
|
|
"vendor_data": [
|
|
{
|
|
"product": {
|
|
"product_data": [
|
|
{
|
|
"product_name": "n/a",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_value": "n/a"
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
},
|
|
"vendor_name": "n/a"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"data_format": "MITRE",
|
|
"data_type": "CVE",
|
|
"data_version": "4.0",
|
|
"description": {
|
|
"description_data": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "w-Agora (Web-Agora) allows remote attackers to obtain sensitive information via a request to rss.php with an invalid (1) site or (2) bn parameter, (3) a certain value of the site[] parameter, or (4) an empty value of the bn[] parameter; a request to index.php with a certain value of the (5) site[] or (6) sort[] parameter; (7) a request to profile.php with an empty value of the site[] parameter; or a request to search.php with (8) an empty value of the bn[] parameter or a certain value of the (9) pattern[] or (10) search_date[] parameter, which reveal the path in various error messages, probably related to variable type inconsistencies. NOTE: the bn[] parameter to index.php is already covered by CVE-2007-0606.1."
|
|
}
|
|
]
|
|
},
|
|
"problemtype": {
|
|
"problemtype_data": [
|
|
{
|
|
"description": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "n/a"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
"references": {
|
|
"reference_data": [
|
|
{
|
|
"name": "34381",
|
|
"refsource": "OSVDB",
|
|
"url": "http://osvdb.org/34381"
|
|
},
|
|
{
|
|
"name": "34382",
|
|
"refsource": "OSVDB",
|
|
"url": "http://osvdb.org/34382"
|
|
},
|
|
{
|
|
"name": "20070320 w-agora [multiples file upload,xss,full path disclosure,error sql]",
|
|
"refsource": "BUGTRAQ",
|
|
"url": "http://www.securityfocus.com/archive/1/463286/100/0/threaded"
|
|
},
|
|
{
|
|
"name": "wagora-multiple-path-disclosure(33174)",
|
|
"refsource": "XF",
|
|
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33174"
|
|
},
|
|
{
|
|
"name": "2462",
|
|
"refsource": "SREASON",
|
|
"url": "http://securityreason.com/securityalert/2462"
|
|
},
|
|
{
|
|
"name": "34380",
|
|
"refsource": "OSVDB",
|
|
"url": "http://osvdb.org/34380"
|
|
},
|
|
{
|
|
"name": "24605",
|
|
"refsource": "SECUNIA",
|
|
"url": "http://secunia.com/advisories/24605"
|
|
},
|
|
{
|
|
"name": "23057",
|
|
"refsource": "BID",
|
|
"url": "http://www.securityfocus.com/bid/23057"
|
|
}
|
|
]
|
|
}
|
|
} |