CVE

Id
28721  
CVE No.
CVE-2007-5364  
Status
Candidate  
Description
** DISPUTED ** Directory traversal vulnerability in payments/ideal_process.php in the iDEAL transaction handler in ViArt Shopping Cart allows remote attackers to have an unknown impact via directory traversal sequences in the filename parameter to the createCertFingerprint function. NOTE: this issue is disputed by CVE because PHP encounters a fatal function-call error on a direct request for payments/ideal_process.php.  
Phase
Assigned (20071010)  
Votes
None (candidate not yet proposed)  
Comments
 

Actions

Related CVE References

Id CVE Id CVE No. Reference Actions
299990 28721 CVE-2007-5364 BUGTRAQ:20071005 [Aria-Security] Stuffed Tracker Multiple Cross-Site Scripting VULN  View
299991 28721 CVE-2007-5364 URL:http://www.securityfocus.com/archive/1/archive/1/481658/100/0/threaded  View
299992 28721 CVE-2007-5364 BUGTRAQ:20071009 Viart Shopping Cart Directory Transversal  View
299993 28721 CVE-2007-5364 URL:http://www.securityfocus.com/archive/1/481848  View
299994 28721 CVE-2007-5364 BID:25998  View
299995 28721 CVE-2007-5364 URL:http://www.securityfocus.com/bid/25998  View
299996 28721 CVE-2007-5364 SREASON:3212  View

Related JVN

Id JVN No. Title Summary CVE No. CVE Id CVSS_v2 CVSS_v3 JVN URL Actions
54066 JVNDB-2007-002758 複数の Fujitsu Interstage 製品における重要な情報を取得される脆弱性 Fujitsu Interstage Application Server および Interstage Apworks/Studio の Tomcat ベースのサーブレットサービスは、useCanonCaches Java Virtual Machine (JVM) オプションを有効にする処理に不備があるため、重要な情報 (Web ルートパス) を取得される脆弱性が存在します。 CVE-2007-5366 28721 5 http://jvndb.jvn.jp/ja/contents/2007/JVNDB-2007-002758.html  View