Lucene search

[email protected]CVE-2007-1780

HistoryMar 30, 2007 - 10:19 a.m.

CVE-2007-1780

2007-03-3010:19:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

security

vulnerability

xss

dht shell

overlay weaver

remote code injection

5.9 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.006 Low

EPSS

Percentile

78.2%

JSON

Cross-site scripting (XSS) vulnerability in the DHT shell (owdhtshell) in Overlay Weaver 0.5.9 to 0.5.11, when invoked with the -x option, allows remote attackers to inject arbitrary web script or HTML via fields in certain input forms.

CPENameOperatorVersion
overlay_weaver:overlay_weaveroverlay weavereq0.5.11
overlay_weaver:overlay_weaveroverlay weavereq0.5.10
overlay_weaver:overlay_weaveroverlay weavereq0.5.9

CPE	Name	Operator	Version
overlay_weaver:overlay_weaver	overlay weaver	eq	0.5.11
overlay_weaver:overlay_weaver	overlay weaver	eq	0.5.10
overlay_weaver:overlay_weaver	overlay weaver	eq	0.5.9

References

jvn.jp/jp/JVN%2362399483/index.html

overlayweaver.sourceforge.net/news/

secunia.com/advisories/24669

www.securityfocus.com/bid/23195

www.vupen.com/english/advisories/2007/1167

exchange.xforce.ibmcloud.com/vulnerabilities/33340

5.9 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.006 Low

EPSS

Percentile

78.2%

JSON

Related for CVE-2007-1780

prion1 cvelist1 securityvulns1