Search...

CVE-2007-1925

2007-04-10T19:19:00

ID CVE-2007-1925
Type cve
Reporter NVD
Modified 2017-07-28T21:31:08

Description

The borrado function in modules/Your_Account/index.php in Tru-Zone Nuke ET 3.4 before fix 7 does not verify that account deletion requests come from the account owner, which allows remote authenticated users to delete arbitrary accounts via a modified cookie.

JSON Vulners Source

Initial Source

{"id": "CVE-2007-1925", "bulletinFamily": "NVD", "title": "CVE-2007-1925", "description": "The borrado function in modules/Your_Account/index.php in Tru-Zone Nuke ET 3.4 before fix 7 does not verify that account deletion requests come from the account owner, which allows remote authenticated users to delete arbitrary accounts via a modified cookie.", "published": "2007-04-10T19:19:00", "modified": "2017-07-28T21:31:08", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-1925", "reporter": "NVD", "references": ["http://www.vupen.com/english/advisories/2007/1285", "https://exchange.xforce.ibmcloud.com/vulnerabilities/33483", "http://truzone.org/modules.php?name=Forums&file=viewtopic&p=287012", "http://truzone.org/modules.php?name=News&file=article&sid=1613", "http://www.securityfocus.com/bid/23354"], "cvelist": ["CVE-2007-1925"], "type": "cve", "lastseen": "2017-07-29T11:21:57", "history": [{"bulletin": {"assessment": {"href": "", "name": "", "system": ""}, "bulletinFamily": "NVD", "cpe": ["cpe:/a:tru-zone:nukeet:3.4"], "cvelist": ["CVE-2007-1925"], "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "The borrado function in modules/Your_Account/index.php in Tru-Zone Nuke ET 3.4 before fix 7 does not verify that account deletion requests come from the account owner, which allows remote authenticated users to delete arbitrary accounts via a modified cookie.", "edition": 1, "enchantments": {}, "hash": "1adfe9485ec5f12c22ef7aa41fb2c1dd667995ab95eebd3bbb288abf31b6ac5d", "hashmap": [{"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "scanner"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "reporter"}, {"hash": "4ea3269b60d436f59076821f2f972979", "key": "published"}, {"hash": "ef0434d83ac038af681afd8c25470e8c", "key": "description"}, {"hash": "be45cfd478240fb5dd28bd7185950506", "key": "cpe"}, {"hash": "6d3f4796275bb54c21a33b82f399cc6d", "key": "assessment"}, {"hash": "10915effc6d3de79e63567f5af21e271", "key": "references"}, {"hash": "c13ba5c88bc0f3c33b06e29e0326cd27", "key": "cvelist"}, {"hash": "79648ef3c93f48e5e21c42b05ecb7577", "key": "title"}, {"hash": "9acfc3ecd06539a3534549fd05dfad8e", "key": "cvss"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "07110b858ff12b713f134a4098ce32ec", "key": "href"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "3da4c4e9bf047914554d9ce4c8761e3a", "key": "modified"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-1925", "id": "CVE-2007-1925", "lastseen": "2016-09-03T08:42:19", "modified": "2011-03-07T21:53:12", "objectVersion": "1.2", "published": "2007-04-10T19:19:00", "references": ["http://www.vupen.com/english/advisories/2007/1285", "http://truzone.org/modules.php?name=Forums&file=viewtopic&p=287012", "http://truzone.org/modules.php?name=News&file=article&sid=1613", "http://www.securityfocus.com/bid/23354", "http://xforce.iss.net/xforce/xfdb/33483"], "reporter": "NVD", "scanner": [], "title": "CVE-2007-1925", "type": "cve", "viewCount": 0}, "differentElements": ["references", "modified"], "edition": 1, "lastseen": "2016-09-03T08:42:19"}], "edition": 2, "hashmap": [{"key": "assessment", "hash": "6d3f4796275bb54c21a33b82f399cc6d"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "be45cfd478240fb5dd28bd7185950506"}, {"key": "cvelist", "hash": "c13ba5c88bc0f3c33b06e29e0326cd27"}, {"key": "cvss", "hash": "9acfc3ecd06539a3534549fd05dfad8e"}, {"key": "description", "hash": "ef0434d83ac038af681afd8c25470e8c"}, {"key": "href", "hash": "07110b858ff12b713f134a4098ce32ec"}, {"key": "modified", "hash": "3467f3bf9db0079aa3fca1e2d78f801d"}, {"key": "published", "hash": "4ea3269b60d436f59076821f2f972979"}, {"key": "references", "hash": "679fbb236d20b1a17414375e39bac962"}, {"key": "reporter", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "scanner", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "title", "hash": "79648ef3c93f48e5e21c42b05ecb7577"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "fc10f05595d0647c69a80829b149b10d845a57b0f39ff6595b1689a1976df078", "viewCount": 0, "enchantments": {"score": {"value": 7.5, "vector": "NONE", "modified": "2017-07-29T11:21:57"}, "vulnersScore": 7.5}, "objectVersion": "1.3", "cpe": ["cpe:/a:tru-zone:nukeet:3.4"], "assessment": {"href": "", "name": "", "system": ""}, "scanner": []}

{"osvdb": [{"lastseen": "2017-04-28T13:20:30", "references": [], "description": "# No description provided by the source\n\n## References:\nVendor Specific News/Changelog Entry: http://truzone.org/modules.php?name=Forums&file=viewtopic&p=287012\nVendor Specific News/Changelog Entry: http://truzone.org/modules.php?name=News&file=article&sid=1613\n[Secunia Advisory ID:24800](https://secuniaresearch.flexerasoftware.com/advisories/24800/)\nISS X-Force ID: 33483\nFrSIRT Advisory: ADV-2007-1285\n[CVE-2007-1925](https://vulners.com/cve/CVE-2007-1925)\nBugtraq ID: 23354\n", "edition": 1, "reporter": "OSVDB", "published": "2007-04-05T09:00:26", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "title": "Nuke ET modules/Your_Account/index.php borrado Function Arbitrary Account Deletion", "type": "osvdb", "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2007-1925"], "modified": "2007-04-05T09:00:26", "href": "https://vulners.com/osvdb/OSVDB:34665", "id": "OSVDB:34665", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:25", "references": ["https://vulners.com/securityvulns/securityvulns:doc:16676", "https://vulners.com/securityvulns/securityvulns:doc:16672", "https://vulners.com/securityvulns/securityvulns:doc:16675", "https://vulners.com/securityvulns/securityvulns:doc:16678", "https://vulners.com/securityvulns/securityvulns:doc:16682", "https://vulners.com/securityvulns/securityvulns:doc:16674", "https://vulners.com/securityvulns/securityvulns:doc:16684", "https://vulners.com/securityvulns/securityvulns:doc:16685", "https://vulners.com/securityvulns/securityvulns:doc:16671", "https://vulners.com/securityvulns/securityvulns:doc:16673", "https://vulners.com/securityvulns/securityvulns:doc:16677", "https://vulners.com/securityvulns/securityvulns:doc:16679", "https://vulners.com/securityvulns/securityvulns:doc:16683"], "description": "PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.", "edition": 1, "reporter": " ", "published": "2007-04-12T00:00:00", "title": "Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:09:25", "vector": "NONE", "value": 4.3}}, "bulletinFamily": "software", "affectedSoftware": [{"name": "SmodBIP", "version": "1.06", "operator": "eq"}, {"name": "SmodCMS", "version": "2.10", "operator": "eq"}, {"name": "Ichitaro", "version": "2007", "operator": "eq"}, {"name": "ScarAdController", "version": "1.1", "operator": "eq"}, {"name": "PcP-Guestbook", "version": "3.0", "operator": "eq"}, {"name": "Battle.net Clan Script", "version": "1.5", "operator": "eq"}, {"name": "Webspell", "version": "4.01", "operator": "eq"}, {"name": "eCardMAX HotEditor", "version": "4.0", "operator": "eq"}, {"name": "Tru-Zone Nuke ET", "version": "3.4", "operator": "eq"}, {"name": "witshare", "version": "0.9", "operator": "eq"}, {"name": "PHP121 Instant Messenger", "version": "2.2", "operator": "eq"}, {"name": "Scorp Book", "version": "1.0", "operator": "eq"}, {"name": "LanguageTool", "version": "0.8", "operator": "eq"}, {"name": "cattaDoc", "version": "2.21", "operator": "eq"}, {"name": "Phpwiki", "version": "1.3", "operator": "eq"}, {"name": "toendaCMS", "version": "1.5", "operator": "eq"}, {"name": "HIOX GUEST BOOK", "version": "4.0", "operator": "eq"}, {"name": "Beryo", "version": "2.0", "operator": "eq"}], "cvelist": ["CVE-2007-1932", "CVE-2007-1906", "CVE-2007-1936", "CVE-2007-1929", "CVE-2007-1939", "CVE-2007-2025", "CVE-2007-1968", "CVE-2007-1931", "CVE-2007-1938", "CVE-2007-1928", "CVE-2007-1925", "CVE-2007-1871", "CVE-2007-1998", "CVE-2007-1969", "CVE-2007-1933", "CVE-2007-1920", "CVE-2007-1930", "CVE-2007-1909", "CVE-2007-1908", "CVE-2007-2024", "CVE-2007-1935", "CVE-2007-1872"], "modified": "2007-04-12T00:00:00", "id": "SECURITYVULNS:VULN:7570", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:7570", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:NONE/A:NONE/"}}]}