| Max CVSS | 7.5 | Min CVSS | 4.3 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2007-5987 | 6.8 |
details.php in BtiTracker before 1.4.5, when torrent viewing is disabled for guests, allows remote attackers to bypass protection mechanisms via a direct request, as demonstrated by (1) reading the details of an arbitrary torrent and (2) modifying a
|
29-07-2017 - 01:33 | 15-11-2007 - 00:46 | |
| CVE-2007-5986 | 7.5 |
SQL injection vulnerability in include/functions.php in BtiTracker before 1.4.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
29-07-2017 - 01:33 | 15-11-2007 - 00:46 | |
| CVE-2007-5985 | 4.3 |
Multiple cross-site scripting (XSS) vulnerabilities in BtiTracker before 1.4.5 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to (1) account.php, (2) moresmiles.php, or (3) recover.php; or (4) the "to" parameter
|
29-07-2017 - 01:33 | 15-11-2007 - 00:46 | |
| CVE-2007-5988 | 7.5 |
blocks/shoutbox_block.php in BtiTracker 1.4.4 does not verify user accounts, which allows remote attackers to post shoutbox entries as arbitrary users via a modified nick field.
|
29-07-2017 - 01:33 | 15-11-2007 - 00:46 |