CVE-2007-0364
published 2007-01-19CVE-2007-0364: Multiple cross-site scripting (XSS) vulnerabilities in nicecoder.com INDEXU 5.3 and earlier allow remote attackers to inject arbitrary web script or HTML via…
PriorityP422medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EXPLOIT
EPSS
2.67%
83.8th percentile
Multiple cross-site scripting (XSS) vulnerabilities in nicecoder.com INDEXU 5.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) error_msg parameter to (a) suggest_category.php; the (2) u parameter to (b) user_detail.php; the (3) friend_name, (4) friend_email, (5) error_msg, (6) my_name, (7) my_email, and (8) id parameters to (c) tell_friend.php; the (9) error_msg, (10) email, (11) name, and (12) subject parameters to (d) sendmail.php; the (13) email, (14) error_msg, and (15) username parameters to (e) send_pwd.php; the (16) keyword parameter to (f) search.php; the (17) error_msg, (18) username, (19) password, (20) password2, and (21) email parameters to (g) register.php; the (22) url, (23) contact_name, and (24) email parameters to (h) power_search.php; the (25) path and (26) total parameters to (i) new.php; the (27) query parameter to (j) modify.php; the (28) error_msg parameter to (k) login.php; the (29) error_msg and (30) email parameters to (l) mailing_list.php; the (31) gateway parameter to (m) upgrade.php; and another unspecified vector.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| nicecoder | indexu | <= 5.3 | — |
| nicecoder | indexu | — | — |
| nicecoder | indexu | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Indexu 5.0/5.3 - 'register.php' Multiple Cross-Site Scripting Vulnerabilities
exploitdb·2007-01-16
CVE-2007-0364 Indexu 5.0/5.3 - 'register.php' Multiple Cross-Site Scripting Vulnerabilities
Indexu 5.0/5.3 - 'register.php' Multiple Cross-Site Scripting Vulnerabilities
---
source: https://www.securityfocus.com/bid/22084/info
Indexu is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.
An attacker may leverage these issues to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
Indexu 5.3.0 and prior versions are vulnerable; other versions may also be affected.
http://www.example.com/INDEXU_PATH/register.php?error_msg=[XSS]
http://www.example.com/INDEXU_PATH/register.php?username=[XSS]
http://www.example.com/INDEXU_PATH/register.php?password=[XSS]
http://ww
Exploit-DB
Indexu 5.0/5.3 - 'user_detail.php?u' Cross-Site Scripting
exploitdb·2007-01-16
CVE-2007-0364 Indexu 5.0/5.3 - 'user_detail.php?u' Cross-Site Scripting
Indexu 5.0/5.3 - 'user_detail.php?u' Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/22084/info
Indexu is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.
An attacker may leverage these issues to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
Indexu 5.3.0 and prior versions are vulnerable; other versions may also be affected.
http://www.example.com/INDEXU_PATH/user_detail.php?u=[XSS]
Exploit-DB
Indexu 5.0/5.3 - 'tell_friend.php' Multiple Cross-Site Scripting Vulnerabilities
exploitdb·2007-01-16
CVE-2007-0364 Indexu 5.0/5.3 - 'tell_friend.php' Multiple Cross-Site Scripting Vulnerabilities
Indexu 5.0/5.3 - 'tell_friend.php' Multiple Cross-Site Scripting Vulnerabilities
---
source: https://www.securityfocus.com/bid/22084/info
Indexu is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.
An attacker may leverage these issues to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
Indexu 5.3.0 and prior versions are vulnerable; other versions may also be affected.
http://www.example.com/INDEXU_PATH/tell_friend.php?friend_name=[XSS]
http://www.example.com/INDEXU_PATH/tell_friend.php?friend_email=[XSS]
http://www.example.com/INDEXU_PATH/tell_friend.php?error_
Exploit-DB
Indexu 5.0/5.3 - 'upgrade.php?gateway' Cross-Site Scripting
exploitdb·2007-01-16
CVE-2007-0364 Indexu 5.0/5.3 - 'upgrade.php?gateway' Cross-Site Scripting
Indexu 5.0/5.3 - 'upgrade.php?gateway' Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/22084/info
Indexu is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.
An attacker may leverage these issues to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
Indexu 5.3.0 and prior versions are vulnerable; other versions may also be affected.
http://www.example.com/INDEXU_PATH/upgrade.php?pflag=upgrade&true&gateway=[XSS]
Exploit-DB
Indexu 5.0/5.3 - 'new.php' Multiple Cross-Site Scripting Vulnerabilities
exploitdb·2007-01-16
CVE-2007-0364 Indexu 5.0/5.3 - 'new.php' Multiple Cross-Site Scripting Vulnerabilities
Indexu 5.0/5.3 - 'new.php' Multiple Cross-Site Scripting Vulnerabilities
---
source: https://www.securityfocus.com/bid/22084/info
Indexu is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.
An attacker may leverage these issues to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
Indexu 5.3.0 and prior versions are vulnerable; other versions may also be affected.
http://www.example.com/INDEXU_PATH/new.php?path=[XSS]
http://www.example.com/INDEXU_PATH//new.php?total=[XSS]
Exploit-DB
Indexu 5.0/5.3 - 'search.php?keyword' Cross-Site Scripting
exploitdb·2007-01-16
CVE-2007-0364 Indexu 5.0/5.3 - 'search.php?keyword' Cross-Site Scripting
Indexu 5.0/5.3 - 'search.php?keyword' Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/22084/info
Indexu is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.
An attacker may leverage these issues to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
Indexu 5.3.0 and prior versions are vulnerable; other versions may also be affected.
http://www.example.com/INDEXU_PATH/search.php?keyword=[XSS]
Exploit-DB
Indexu 5.0/5.3 - 'suggest_category.php?Error_msg' Cross-Site Scripting
exploitdb·2007-01-16
CVE-2007-0364 Indexu 5.0/5.3 - 'suggest_category.php?Error_msg' Cross-Site Scripting
Indexu 5.0/5.3 - 'suggest_category.php?Error_msg' Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/22084/info
Indexu is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.
An attacker may leverage these issues to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
Indexu 5.3.0 and prior versions are vulnerable; other versions may also be affected.
http://www.example.com/INDEXU_PATH/suggest_category.php?error_msg=[XSS]
Exploit-DB
Indexu 5.0/5.3 - 'send_pwd.php' Multiple Cross-Site Scripting Vulnerabilities
exploitdb·2007-01-16
CVE-2007-0364 Indexu 5.0/5.3 - 'send_pwd.php' Multiple Cross-Site Scripting Vulnerabilities
Indexu 5.0/5.3 - 'send_pwd.php' Multiple Cross-Site Scripting Vulnerabilities
---
source: https://www.securityfocus.com/bid/22084/info
Indexu is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.
An attacker may leverage these issues to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
Indexu 5.3.0 and prior versions are vulnerable; other versions may also be affected.
http://www.example.com/INDEXU_PATH/send_pwd.php?email=[XSS]
http://www.example.com/INDEXU_PATH/send_pwd.php?error_msg=[XSS]
http://www.example.com/INDEXU_PATH/send_pwd.php?username=[XSS]
Exploit-DB
Indexu 5.0/5.3 - 'mailing_list.php' Multiple Cross-Site Scripting Vulnerabilities
exploitdb·2007-01-16
CVE-2007-0364 Indexu 5.0/5.3 - 'mailing_list.php' Multiple Cross-Site Scripting Vulnerabilities
Indexu 5.0/5.3 - 'mailing_list.php' Multiple Cross-Site Scripting Vulnerabilities
---
source: https://www.securityfocus.com/bid/22084/info
Indexu is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.
An attacker may leverage these issues to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
Indexu 5.3.0 and prior versions are vulnerable; other versions may also be affected.
http://www.example.com/INDEXU_PATH/mailing_list.php?error_msg=[XSS]
http://www.example.com/INDEXU_PATH/mailing_list.php?email=[XSS]
Exploit-DB
Indexu 5.0/5.3 - 'power_search.php' Multiple Cross-Site Scripting Vulnerabilities
exploitdb·2007-01-16
CVE-2007-0364 Indexu 5.0/5.3 - 'power_search.php' Multiple Cross-Site Scripting Vulnerabilities
Indexu 5.0/5.3 - 'power_search.php' Multiple Cross-Site Scripting Vulnerabilities
---
source: https://www.securityfocus.com/bid/22084/info
Indexu is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.
An attacker may leverage these issues to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
Indexu 5.3.0 and prior versions are vulnerable; other versions may also be affected.
http://www.example.com/INDEXU_PATH/power_search.php?url=[XSS]
http://www.example.com/INDEXU_PATH//power_search.php?contact_name=[XSS]
http://www.example.com/INDEXU_PATH//power_search.php?email=[X
Exploit-DB
Indexu 5.0/5.3 - 'login.php?Error_msg' Cross-Site Scripting
exploitdb·2007-01-16
CVE-2007-0364 Indexu 5.0/5.3 - 'login.php?Error_msg' Cross-Site Scripting
Indexu 5.0/5.3 - 'login.php?Error_msg' Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/22084/info
Indexu is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.
An attacker may leverage these issues to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
Indexu 5.3.0 and prior versions are vulnerable; other versions may also be affected.
http://www.example.com/INDEXU_PATH/login.php?error_msg=[XSS]
Exploit-DB
Indexu 5.0/5.3 - 'Sendmail.php' Multiple Cross-Site Scripting Vulnerabilities
exploitdb·2007-01-16
CVE-2007-0364 Indexu 5.0/5.3 - 'Sendmail.php' Multiple Cross-Site Scripting Vulnerabilities
Indexu 5.0/5.3 - 'Sendmail.php' Multiple Cross-Site Scripting Vulnerabilities
---
source: https://www.securityfocus.com/bid/22084/info
Indexu is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.
An attacker may leverage these issues to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
Indexu 5.3.0 and prior versions are vulnerable; other versions may also be affected.
http://www.example.com/INDEXU_PATH/sendmail.php?error_msg=[XSS]
http://www.example.com/INDEXU_PATH/sendmail.php?email=[XSS]
http://www.example.com/INDEXU_PATH/sendmail.php?name=[XSS]
http://www.examp
Bugzilla
CVE-2007-2692 mysql SECURITY INVOKER functions do not drop privileges
bugzilla·2007-05-29·CVSS 6.0
CVE-2007-2692 [MEDIUM] CVE-2007-2692 mysql SECURITY INVOKER functions do not drop privileges
CVE-2007-2692 mysql SECURITY INVOKER functions do not drop privileges
Description of problem:
Functions declared as SECURITY INVOKER do not drop privileges upon
return and thus make it possible for an authenticated user calling
then can gain certain privileges.
Version-Release number of selected component (if applicable):
MySQL 5.0.x before 5.0.40 and 5.1.x before 5.1.18
Discussion:
This issue was addressed in:
Red Hat Application Stack:
http://rhn.redhat.com/errata/RHSA-2007-0894.html
Red Hat Enterprise Linux:
http://rhn.redhat.com/errata/RHSA-2008-0364.html
---
Reporter changed to [email protected] by request of Jay Turner.
Bugzilla
CVE-2006-4031 MySQL improper permission revocation
bugzilla·2006-08-11·CVSS 2.1
CVE-2006-4031 [LOW] CVE-2006-4031 MySQL improper permission revocation
CVE-2006-4031 MySQL improper permission revocation
MySQL improper permission revocation
If a user has been granted permissions to create a MERGE table, even
after permissions have been revoked from the parent table, the user
can access the data via the MERGE table.
More information including a patch can be found here:
http://bugs.mysql.com/bug.php?id=15195
Discussion:
moving to security response parent bug
---
This issue was addressed in:
Red Hat Application Stack:
http://rhn.redhat.com/errata/RHSA-2007-0083.html
Red Hat Enterprise Linux:
http://rhn.redhat.com/errata/RHSA-2008-0364.html
http://rhn.redhat.com/errata/RHSA-2008-0768.html
http://osvdb.org/32839http://secunia.com/advisories/23764http://www.osvdb.org/32838http://www.osvdb.org/32840http://www.osvdb.org/32841http://www.osvdb.org/32842http://www.osvdb.org/32843http://www.osvdb.org/32844http://www.osvdb.org/32845http://www.osvdb.org/32846http://www.osvdb.org/32847http://www.osvdb.org/32848http://www.osvdb.org/32849http://www.osvdb.org/32850http://www.osvdb.org/32851http://www.securityfocus.com/archive/1/457079/100/0/threadedhttp://www.securityfocus.com/bid/22084http://www.vupen.com/english/advisories/2007/0222https://exchange.xforce.ibmcloud.com/vulnerabilities/31538http://osvdb.org/32839http://secunia.com/advisories/23764http://www.osvdb.org/32838http://www.osvdb.org/32840http://www.osvdb.org/32841http://www.osvdb.org/32842http://www.osvdb.org/32843http://www.osvdb.org/32844http://www.osvdb.org/32845http://www.osvdb.org/32846http://www.osvdb.org/32847http://www.osvdb.org/32848http://www.osvdb.org/32849http://www.osvdb.org/32850http://www.osvdb.org/32851http://www.securityfocus.com/archive/1/457079/100/0/threadedhttp://www.securityfocus.com/bid/22084http://www.vupen.com/english/advisories/2007/0222https://exchange.xforce.ibmcloud.com/vulnerabilities/31538
2007-01-19
Published