Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
4 vulnerabilities by Simplenews
CVE-2012-2724 (GCVE-0-2012-2724)
Vulnerability from cvelistv5 – Published: 2020-01-09 19:51 – Updated: 2024-08-06 19:42
VLAI
Summary
The Simplenews module 6.x-1.x before 6.x-1.4, 6.x-2.x before 6.x-2.0-alpha4, and 7.x-1.x before 7.x-1.0-rc1 for Drupal reveals the email addresses of new mailing list subscribers when confirmation is required, which allows remote attackers to obtain sensitive information via the confirmation page.
Severity
No CVSS data available.
CWE
- Path Disclosure
Assigner
References
10 references
| URL | Tags |
|---|---|
| http://drupal.org/node/1619848 | x_refsource_MISC |
| http://www.openwall.com/lists/oss-security/2012/06/14/3 | x_refsource_MISC |
| http://drupal.org/node/1619812 | x_refsource_MISC |
| http://drupal.org/node/1619818 | x_refsource_MISC |
| http://drupal.org/node/1619820 | x_refsource_MISC |
| http://drupalcode.org/project/simplenews.git/comm… | x_refsource_MISC |
| http://drupalcode.org/project/simplenews.git/comm… | x_refsource_MISC |
| http://drupalcode.org/project/simplenews.git/comm… | x_refsource_MISC |
| http://www.securityfocus.com/bid/53839 | x_refsource_MISC |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Simplenews | Simplenews |
Affected:
6.x-1.x before 6.x-1.4
Affected: 6.x-2.x before 6.x-2.0-alpha4 Affected: and 7.x-1.x before 7.x-1.0-rc1 |
Date Public
2012-06-06 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:42:32.301Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://drupal.org/node/1619848"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/06/14/3"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://drupal.org/node/1619812"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://drupal.org/node/1619818"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://drupal.org/node/1619820"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://drupalcode.org/project/simplenews.git/commitdiff/36352c1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://drupalcode.org/project/simplenews.git/commitdiff/6d5704c"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://drupalcode.org/project/simplenews.git/commitdiff/faec6a6"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/53839"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/76143"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Simplenews",
"vendor": "Simplenews",
"versions": [
{
"status": "affected",
"version": "6.x-1.x before 6.x-1.4"
},
{
"status": "affected",
"version": "6.x-2.x before 6.x-2.0-alpha4"
},
{
"status": "affected",
"version": "and 7.x-1.x before 7.x-1.0-rc1"
}
]
}
],
"datePublic": "2012-06-06T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The Simplenews module 6.x-1.x before 6.x-1.4, 6.x-2.x before 6.x-2.0-alpha4, and 7.x-1.x before 7.x-1.0-rc1 for Drupal reveals the email addresses of new mailing list subscribers when confirmation is required, which allows remote attackers to obtain sensitive information via the confirmation page."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Path Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-09T19:51:42.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://drupal.org/node/1619848"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2012/06/14/3"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://drupal.org/node/1619812"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://drupal.org/node/1619818"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://drupal.org/node/1619820"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://drupalcode.org/project/simplenews.git/commitdiff/36352c1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://drupalcode.org/project/simplenews.git/commitdiff/6d5704c"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://drupalcode.org/project/simplenews.git/commitdiff/faec6a6"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.securityfocus.com/bid/53839"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/76143"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-2724",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Simplenews",
"version": {
"version_data": [
{
"version_value": "6.x-1.x before 6.x-1.4"
},
{
"version_value": "6.x-2.x before 6.x-2.0-alpha4"
},
{
"version_value": "and 7.x-1.x before 7.x-1.0-rc1"
}
]
}
}
]
},
"vendor_name": "Simplenews"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Simplenews module 6.x-1.x before 6.x-1.4, 6.x-2.x before 6.x-2.0-alpha4, and 7.x-1.x before 7.x-1.0-rc1 for Drupal reveals the email addresses of new mailing list subscribers when confirmation is required, which allows remote attackers to obtain sensitive information via the confirmation page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Path Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://drupal.org/node/1619848",
"refsource": "MISC",
"url": "http://drupal.org/node/1619848"
},
{
"name": "http://www.openwall.com/lists/oss-security/2012/06/14/3",
"refsource": "MISC",
"url": "http://www.openwall.com/lists/oss-security/2012/06/14/3"
},
{
"name": "http://drupal.org/node/1619812",
"refsource": "MISC",
"url": "http://drupal.org/node/1619812"
},
{
"name": "http://drupal.org/node/1619818",
"refsource": "MISC",
"url": "http://drupal.org/node/1619818"
},
{
"name": "http://drupal.org/node/1619820",
"refsource": "MISC",
"url": "http://drupal.org/node/1619820"
},
{
"name": "http://drupalcode.org/project/simplenews.git/commitdiff/36352c1",
"refsource": "MISC",
"url": "http://drupalcode.org/project/simplenews.git/commitdiff/36352c1"
},
{
"name": "http://drupalcode.org/project/simplenews.git/commitdiff/6d5704c",
"refsource": "MISC",
"url": "http://drupalcode.org/project/simplenews.git/commitdiff/6d5704c"
},
{
"name": "http://drupalcode.org/project/simplenews.git/commitdiff/faec6a6",
"refsource": "MISC",
"url": "http://drupalcode.org/project/simplenews.git/commitdiff/faec6a6"
},
{
"name": "http://www.securityfocus.com/bid/53839",
"refsource": "MISC",
"url": "http://www.securityfocus.com/bid/53839"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/76143",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/76143"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-2724",
"datePublished": "2020-01-09T19:51:42.000Z",
"dateReserved": "2012-05-14T00:00:00.000Z",
"dateUpdated": "2024-08-06T19:42:32.301Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-4873 (GCVE-0-2007-4873)
Vulnerability from cvelistv5 – Published: 2007-09-27 19:00 – Updated: 2024-08-07 15:08
VLAI
Summary
SimpNews 2.41.03 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download arbitrary .inc files via a direct request, as demonstrated by admin/includes/dbtables.inc.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://lists.grok.org.uk/pipermail/full-disclosur… | mailing-listx_refsource_FULLDISC |
| http://forum.boesch-it.de/viewtopic.php?t=2791 | x_refsource_CONFIRM |
| http://securityreason.com/securityalert/3173 | third-party-advisoryx_refsource_SREASON |
| http://osvdb.org/45479 | vdb-entryx_refsource_OSVDB |
| http://www.securityfocus.com/archive/1/480601/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.netvigilance.com/advisory0069 | x_refsource_MISC |
Date Public
2007-09-25 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:08:33.878Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "simpnews-dbtables-information-disclosure(36778)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36778"
},
{
"name": "20070925 SimpNews version 2.41.03 File Content Disclosure Vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/066056.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://forum.boesch-it.de/viewtopic.php?t=2791"
},
{
"name": "3173",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3173"
},
{
"name": "45479",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/45479"
},
{
"name": "20070925 SimpNews version 2.41.03 File Content Disclosure Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/480601/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.netvigilance.com/advisory0069"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-09-25T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SimpNews 2.41.03 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download arbitrary .inc files via a direct request, as demonstrated by admin/includes/dbtables.inc."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "simpnews-dbtables-information-disclosure(36778)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36778"
},
{
"name": "20070925 SimpNews version 2.41.03 File Content Disclosure Vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/066056.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://forum.boesch-it.de/viewtopic.php?t=2791"
},
{
"name": "3173",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3173"
},
{
"name": "45479",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/45479"
},
{
"name": "20070925 SimpNews version 2.41.03 File Content Disclosure Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/480601/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.netvigilance.com/advisory0069"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4873",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SimpNews 2.41.03 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download arbitrary .inc files via a direct request, as demonstrated by admin/includes/dbtables.inc."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "simpnews-dbtables-information-disclosure(36778)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36778"
},
{
"name": "20070925 SimpNews version 2.41.03 File Content Disclosure Vulnerability",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/066056.html"
},
{
"name": "http://forum.boesch-it.de/viewtopic.php?t=2791",
"refsource": "CONFIRM",
"url": "http://forum.boesch-it.de/viewtopic.php?t=2791"
},
{
"name": "3173",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3173"
},
{
"name": "45479",
"refsource": "OSVDB",
"url": "http://osvdb.org/45479"
},
{
"name": "20070925 SimpNews version 2.41.03 File Content Disclosure Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/480601/100/0/threaded"
},
{
"name": "http://www.netvigilance.com/advisory0069",
"refsource": "MISC",
"url": "http://www.netvigilance.com/advisory0069"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-4873",
"datePublished": "2007-09-27T19:00:00.000Z",
"dateReserved": "2007-09-13T00:00:00.000Z",
"dateUpdated": "2024-08-07T15:08:33.878Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-4872 (GCVE-0-2007-4872)
Vulnerability from cvelistv5 – Published: 2007-09-27 19:00 – Updated: 2024-08-07 15:08
VLAI
Summary
SimpNews 2.41.03 allows remote attackers to obtain sensitive information via (1) an invalid lang parameter to admin/index.php; or a direct request to (2) admin/dbg_infos.php, (3) admin/heading.php, or (4) evsearch.php; which reveals the path in various error messages.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
10 references
| URL | Tags |
|---|---|
| http://osvdb.org/43541 | vdb-entryx_refsource_OSVDB |
| http://forum.boesch-it.de/viewtopic.php?t=2791 | x_refsource_CONFIRM |
| http://lists.grok.org.uk/pipermail/full-disclosur… | mailing-listx_refsource_FULLDISC |
| http://osvdb.org/43540 | vdb-entryx_refsource_OSVDB |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.securityfocus.com/archive/1/480588/100… | mailing-listx_refsource_BUGTRAQ |
| http://securityreason.com/securityalert/3174 | third-party-advisoryx_refsource_SREASON |
| http://osvdb.org/43543 | vdb-entryx_refsource_OSVDB |
| http://www.netvigilance.com/advisory0068 | x_refsource_MISC |
| http://osvdb.org/43542 | vdb-entryx_refsource_OSVDB |
Date Public
2007-09-25 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:08:33.799Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "43541",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/43541"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://forum.boesch-it.de/viewtopic.php?t=2791"
},
{
"name": "20070925 SimpNews version 2.41.03 Multiple Path Disclosure Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/066052.html"
},
{
"name": "43540",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/43540"
},
{
"name": "simpnews-multiple-information-disclosure(36779)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36779"
},
{
"name": "20070925 SimpNews version 2.41.03 Multiple Path Disclosure Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/480588/100/0/threaded"
},
{
"name": "3174",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3174"
},
{
"name": "43543",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/43543"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.netvigilance.com/advisory0068"
},
{
"name": "43542",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/43542"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-09-25T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SimpNews 2.41.03 allows remote attackers to obtain sensitive information via (1) an invalid lang parameter to admin/index.php; or a direct request to (2) admin/dbg_infos.php, (3) admin/heading.php, or (4) evsearch.php; which reveals the path in various error messages."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "43541",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/43541"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://forum.boesch-it.de/viewtopic.php?t=2791"
},
{
"name": "20070925 SimpNews version 2.41.03 Multiple Path Disclosure Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/066052.html"
},
{
"name": "43540",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/43540"
},
{
"name": "simpnews-multiple-information-disclosure(36779)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36779"
},
{
"name": "20070925 SimpNews version 2.41.03 Multiple Path Disclosure Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/480588/100/0/threaded"
},
{
"name": "3174",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3174"
},
{
"name": "43543",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/43543"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.netvigilance.com/advisory0068"
},
{
"name": "43542",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/43542"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4872",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SimpNews 2.41.03 allows remote attackers to obtain sensitive information via (1) an invalid lang parameter to admin/index.php; or a direct request to (2) admin/dbg_infos.php, (3) admin/heading.php, or (4) evsearch.php; which reveals the path in various error messages."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "43541",
"refsource": "OSVDB",
"url": "http://osvdb.org/43541"
},
{
"name": "http://forum.boesch-it.de/viewtopic.php?t=2791",
"refsource": "CONFIRM",
"url": "http://forum.boesch-it.de/viewtopic.php?t=2791"
},
{
"name": "20070925 SimpNews version 2.41.03 Multiple Path Disclosure Vulnerabilities",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/066052.html"
},
{
"name": "43540",
"refsource": "OSVDB",
"url": "http://osvdb.org/43540"
},
{
"name": "simpnews-multiple-information-disclosure(36779)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36779"
},
{
"name": "20070925 SimpNews version 2.41.03 Multiple Path Disclosure Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/480588/100/0/threaded"
},
{
"name": "3174",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3174"
},
{
"name": "43543",
"refsource": "OSVDB",
"url": "http://osvdb.org/43543"
},
{
"name": "http://www.netvigilance.com/advisory0068",
"refsource": "MISC",
"url": "http://www.netvigilance.com/advisory0068"
},
{
"name": "43542",
"refsource": "OSVDB",
"url": "http://osvdb.org/43542"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-4872",
"datePublished": "2007-09-27T19:00:00.000Z",
"dateReserved": "2007-09-13T00:00:00.000Z",
"dateUpdated": "2024-08-07T15:08:33.799Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-2598 (GCVE-0-2007-2598)
Vulnerability from cvelistv5 – Published: 2007-05-11 10:00 – Updated: 2024-08-07 13:42
VLAI
Summary
SQL injection vulnerability in print.php in SimpleNews 1.0.0 FINAL allows remote attackers to execute arbitrary SQL commands via the news_id parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| http://www.w4ck1ng.com/exploits/w4ck1ng_simplenews.txt | x_refsource_MISC |
| http://secunia.com/advisories/25223 | third-party-advisoryx_refsource_SECUNIA |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.securityfocus.com/bid/23904 | vdb-entryx_refsource_BID |
| http://osvdb.org/35910 | vdb-entryx_refsource_OSVDB |
| https://www.exploit-db.com/exploits/3886 | exploitx_refsource_EXPLOIT-DB |
| http://www.vupen.com/english/advisories/2007/1741 | vdb-entryx_refsource_VUPEN |
Date Public
2007-05-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T13:42:33.446Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.w4ck1ng.com/exploits/w4ck1ng_simplenews.txt"
},
{
"name": "25223",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25223"
},
{
"name": "simplenews-print-sql-injection(34220)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34220"
},
{
"name": "23904",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/23904"
},
{
"name": "35910",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/35910"
},
{
"name": "3886",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/3886"
},
{
"name": "ADV-2007-1741",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/1741"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-05-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in print.php in SimpleNews 1.0.0 FINAL allows remote attackers to execute arbitrary SQL commands via the news_id parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.w4ck1ng.com/exploits/w4ck1ng_simplenews.txt"
},
{
"name": "25223",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25223"
},
{
"name": "simplenews-print-sql-injection(34220)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34220"
},
{
"name": "23904",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/23904"
},
{
"name": "35910",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/35910"
},
{
"name": "3886",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/3886"
},
{
"name": "ADV-2007-1741",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/1741"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2598",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in print.php in SimpleNews 1.0.0 FINAL allows remote attackers to execute arbitrary SQL commands via the news_id parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.w4ck1ng.com/exploits/w4ck1ng_simplenews.txt",
"refsource": "MISC",
"url": "http://www.w4ck1ng.com/exploits/w4ck1ng_simplenews.txt"
},
{
"name": "25223",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25223"
},
{
"name": "simplenews-print-sql-injection(34220)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34220"
},
{
"name": "23904",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23904"
},
{
"name": "35910",
"refsource": "OSVDB",
"url": "http://osvdb.org/35910"
},
{
"name": "3886",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/3886"
},
{
"name": "ADV-2007-1741",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1741"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-2598",
"datePublished": "2007-05-11T10:00:00.000Z",
"dateReserved": "2007-05-11T00:00:00.000Z",
"dateUpdated": "2024-08-07T13:42:33.446Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}