3 matches found
CVE-2007-4831
CVE-2007-4831 affects TorrentTrader 1.07; vulnerable component is account_settings.php. Two XSS vectors are confirmed via the avatar and title parameters, caused by unsanitized user input that can inject arbitrary script/HTML in the browser. Exploitation details beyond the high-level description ...
CVE-2007-4536
TorrentTrader 1.07 and earlier sets insecure permissions for files in the root directory, which allows attackers to execute arbitrary PHP code by modifying 1 disclaimer.txt, 2 sponsors.txt, and 3 banners.txt, which are used in an include call. NOTE: there might be local attack vectors that extend...
CVE-2007-4536
TorrentTrader 1.07 and earlier sets insecure permissions for files in the root directory, which allows attackers to execute arbitrary PHP code by modifying 1 disclaimer.txt, 2 sponsors.txt, and 3 banners.txt, which are used in an include call. NOTE: there might be local attack vectors that extend...