CVE-2007-1145
published 2007-03-02CVE-2007-1145: Multiple cross-site scripting (XSS) vulnerabilities in Kayako SupportSuite - ESupport 3.00.13 and 3.04.10 allow remote attackers to inject arbitrary web script…
PriorityP415medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EPSS
1.92%
77.3th percentile
Multiple cross-site scripting (XSS) vulnerabilities in Kayako SupportSuite - ESupport 3.00.13 and 3.04.10 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to a (1) lostpassword or (2) register action in index.php, (3) unspecified vectors in the Submit form in a submit action in index.php, and (4) the user's name in index.php; and (5) allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors related to the Admin and Staff Control Panel. NOTE: this might issue overlap CVE-2004-1412, CVE-2005-0487, or CVE-2005-0842.
Affected
19 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| kayako | esupport | <= 3.60.04 | — |
| kayako | esupport | — | — |
| kayako | esupport | — | — |
| kayako | esupport | — | — |
| kayako | esupport | — | — |
| kayako | esupport | — | — |
| kayako | esupport | — | — |
| kayako | esupport | — | — |
| kayako | esupport | — | — |
| kayako | esupport | — | — |
| kayako | supportsuite | <= 3.60.04 | — |
| kayako | supportsuite | — | — |
| kayako | supportsuite | — | — |
| kayako | supportsuite | — | — |
| kayako | supportsuite | — | — |
| kayako | supportsuite | — | — |
| kayako | supportsuite | — | — |
| kayako | supportsuite | — | — |
| kayako | supportsuite | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-478q-7xf2-cxcp: Cross-site scripting (XSS) vulnerability in modules/tickets/functions_ticketsui
ghsa_unreviewed·2022-05-02·CVSS 4.3
CVE-2009-3567 [MEDIUM] CWE-79 GHSA-478q-7xf2-cxcp: Cross-site scripting (XSS) vulnerability in modules/tickets/functions_ticketsui
Cross-site scripting (XSS) vulnerability in modules/tickets/functions_ticketsui.php in Kayako SupportSuite and eSupport 3.60.04 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in the staff control panel, a different vector than CVE-2007-1145.
GHSA
GHSA-vm66-xcq3-qvjh: Multiple cross-site scripting (XSS) vulnerabilities in Kayako SupportSuite - ESupport 3
ghsa_unreviewed·2022-05-01·CVSS 4.3
CVE-2007-1145 [MEDIUM] CWE-79 GHSA-vm66-xcq3-qvjh: Multiple cross-site scripting (XSS) vulnerabilities in Kayako SupportSuite - ESupport 3
Multiple cross-site scripting (XSS) vulnerabilities in Kayako SupportSuite - ESupport 3.00.13 and 3.04.10 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to a (1) lostpassword or (2) register action in index.php, (3) unspecified vectors in the Submit form in a submit action in index.php, and (4) the user's name in index.php; and (5) allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors related to the Admin and Staff Control Panel. NOTE: this might issue overlap CVE-2004-1412, CVE-2005-0487, or CVE-2005-0842.
No detection rules found.
Exploit-DB
Linux Kernel 2.6.22 - IPv6 Hop-By-Hop Header Remote Denial of Service
exploitdb·2007-12-19
CVE-2007-4567 Linux Kernel 2.6.22 - IPv6 Hop-By-Hop Header Remote Denial of Service
Linux Kernel 2.6.22 - IPv6 Hop-By-Hop Header Remote Denial of Service
---
/*
source: https://www.securityfocus.com/bid/26943/info
The Linux kernel is prone to a remote denial-of-service vulnerability because it fails to adequately validate specially crafted IPv6 'Hop-By-Hop' headers.
Attackers can exploit this issue to cause a kernel panic, denying service to legitimate users.
*/
/*
* Clemens Kurtenbach
* PoC code for exploiting the jumbo bug found in
* linux kernels >=2.6.20 and
#include
#include
/* network */
#include
#include
#include
#include
#include
#include
#define MY_FRAME_LEN 1145
char *resolve6(unsigned char *target) {
char *ret_addr;
struct in6_addr my_in6;
char *glob_addr = (char *) &my_in6;
struct addrinfo addr_hints, *addr_result;
unsigned char out[64];
memset(&addr
Exploit-DB
FlashFXP 3.4.0 build 1145 - Remote Buffer Overflow (Denial of Service) (PoC)
exploitdb·2007-02-06
CVE-2007-0825 FlashFXP 3.4.0 build 1145 - Remote Buffer Overflow (Denial of Service) (PoC)
FlashFXP 3.4.0 build 1145 - Remote Buffer Overflow (Denial of Service) (PoC)
---
/***************************************************************************
* FlashFXP V 3.4.0 build 1145 Buffer Overflow DoS *
* *
* *
* There's a strange bug in FlashFXP. *
* When sending a long PWD command with more than 5420 \ separated by at *
* least one different char, it is possible to make the app unstable. *
* It will first freeze during 45s consuming 100% resources, and then, if *
* the user hits disconnect and then reconnects to the server it will enter *
* in an infinite loop trying to put data on the stack. *
* *
* *
* I admit it is a little bit tricky but maybe someone will find a better *
* way to exploit this vuln. *
* *
* Have Fun! *
* *
* Coded by Marsu *
*********************************
No writeups or analysis indexed.
http://osvdb.org/33535http://osvdb.org/33536http://secunia.com/advisories/24223http://securityreason.com/securityalert/2335http://www.securityfocus.com/archive/1/460591/100/0/threadedhttp://www.securityfocus.com/bid/22631http://www.vupen.com/english/advisories/2007/0717http://osvdb.org/33535http://osvdb.org/33536http://secunia.com/advisories/24223http://securityreason.com/securityalert/2335http://www.securityfocus.com/archive/1/460591/100/0/threadedhttp://www.securityfocus.com/bid/22631http://www.vupen.com/english/advisories/2007/0717
2007-03-02
Published