CVE

Id
26133  
CVE No.
CVE-2007-2776  
Status
Candidate  
Description
AlstraSoft Template Seller Pro 3.25 and earlier sends a redirect to the web browser but does not exit when administrative credentials are missing, which allows remote attackers to inject a credential variable setting and obtain administrative access via a direct request to admin/changeinfo.php.  
Phase
Assigned (20070521)  
Votes
None (candidate not yet proposed)  
Comments
 

Actions

Related CVE References

Id CVE Id CVE No. Reference Actions
263106 26133 CVE-2007-2776 MILW0RM:3958  View
263107 26133 CVE-2007-2776 URL:http://www.milw0rm.com/exploits/3958  View
263108 26133 CVE-2007-2776 MISC:http://itablackhawk.altervista.org/exploit/alsoft_exploit_pack  View
263109 26133 CVE-2007-2776 BID:24068  View
263110 26133 CVE-2007-2776 URL:http://www.securityfocus.com/bid/24068  View
263111 26133 CVE-2007-2776 OSVDB:40422  View
263112 26133 CVE-2007-2776 URL:http://osvdb.org/40422  View
263113 26133 CVE-2007-2776 XF:alstrasoft-template-changeinfo-unauth-access(34396)  View

Related JVN

Id JVN No. Title Summary CVE No. CVE Id CVSS_v2 CVSS_v3 JVN URL Actions
55188 JVNDB-2007-003880 MolyX BOARD におけるディレクトリトラバーサルの脆弱性 MolyX BOARD には、ディレクトリトラバーサルの脆弱性が存在します。 CVE-2007-2778 26133 7.8 http://jvndb.jvn.jp/ja/contents/2007/JVNDB-2007-003880.html  View