CVE-2007-4178
published 2007-08-08CVE-2007-4178: Cross-site scripting (XSS) vulnerability in index.php in WebDirector 2.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the…
PriorityP417medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EXPLOIT
EPSS
1.54%
71.9th percentile
Cross-site scripting (XSS) vulnerability in index.php in WebDirector 2.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the deslocal parameter.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| amg_soft | webdirector | <= 2.2 | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
WebDirector - 'index.php' Cross-Site Scripting
exploitdb·2007-08-01
CVE-2007-4178 WebDirector - 'index.php' Cross-Site Scripting
WebDirector - 'index.php' Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/25166/info
WebDirector is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
Exploiting this vulnerability may allow an attacker to perform cross-site scripting attacks on unsuspecting users in the context of the affected website. As a result, the attacker may be able to steal cookie-based authentication credentials and to launch other attacks.
http://www.example.com/index.php?deslocal=[xss]
Exploit-DB
Symantec AntiVirus - 'symtdi.sys' Local Privilege Escalation
exploitdb·2007-07-12
CVE-2007-3673 Symantec AntiVirus - 'symtdi.sys' Local Privilege Escalation
Symantec AntiVirus - 'symtdi.sys' Local Privilege Escalation
---
Symantec AntiVirus symtdi.sys Local Privilege Escalation
Author: Zohiartze Herce
Site: http://48bits.com
https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/4178.rar (07122007-symTDI_advisory.rar)
# milw0rm.com [2007-07-12]
No writeups or analysis indexed.
http://osvdb.org/36439http://pridels-team.blogspot.com/2007/08/webdirector-xss-vuln.htmlhttp://secunia.com/advisories/26315http://www.securityfocus.com/bid/25166http://www.vupen.com/english/advisories/2007/2765http://osvdb.org/36439http://pridels-team.blogspot.com/2007/08/webdirector-xss-vuln.htmlhttp://secunia.com/advisories/26315http://www.securityfocus.com/bid/25166http://www.vupen.com/english/advisories/2007/2765
2007-08-08
Published