3 matches found
CVE-2007-6460
Multiple cross-site scripting XSS vulnerabilities in Anon Proxy Server before 0.101 allow remote attackers to inject arbitrary web script or HTML via the URI, which is later displayed by 1 log.php or 2 logerror.php, a different vulnerability than CVE-2007-6459...
Code injection
Anon Proxy Server 0.100, and probably 0.101, allows remote attackers to execute arbitrary commands via shell metacharacters in 1 the host parameter to diagdns.php, and 2 the host parameter and possibly 3 the port parameter to diagconnect.php, a different vulnerability than CVE-2007-6460...
CVE-2007-6460
CVE-2007-6460 refers to multiple cross-site scripting (XSS) vulnerabilities in Anon Proxy Server prior to 0.101. The affected software is Anon Proxy Server; the vulnerable component is the URI handling that is later displayed by log.php or logerror.php. The description consistently notes XSS enab...