Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    10 vulnerabilities by speedtech

    CVE-2010-2158 (GCVE-0-2010-2158)

    Vulnerability from nvd – Published: 2010-06-07 14:00 – Updated: 2024-09-16 19:31
    VLAI
    Summary
    Multiple cross-site scripting (XSS) vulnerabilities in the Storm module 5.x and 6.x before 6.x-1.33 for Drupal allow remote authenticated users, with certain module privileges, to inject arbitrary web script or HTML via the (1) fullname, (2) phone, or (3) im parameter in a stormperson action to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://drupal.org/node/803770 x_refsource_CONFIRM
    http://secunia.com/advisories/39732 third-party-advisoryx_refsource_SECUNIA
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T02:25:06.585Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://drupal.org/node/803770"
              },
              {
                "name": "39732",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/39732"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in the Storm module 5.x and 6.x before 6.x-1.33 for Drupal allow remote authenticated users, with certain module privileges, to inject arbitrary web script or HTML via the (1) fullname, (2) phone, or (3) im parameter in a stormperson action to index.php.  NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2010-06-07T14:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://drupal.org/node/803770"
            },
            {
              "name": "39732",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/39732"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2010-2158",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple cross-site scripting (XSS) vulnerabilities in the Storm module 5.x and 6.x before 6.x-1.33 for Drupal allow remote authenticated users, with certain module privileges, to inject arbitrary web script or HTML via the (1) fullname, (2) phone, or (3) im parameter in a stormperson action to index.php.  NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://drupal.org/node/803770",
                  "refsource": "CONFIRM",
                  "url": "http://drupal.org/node/803770"
                },
                {
                  "name": "39732",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/39732"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2010-2158",
        "datePublished": "2010-06-07T14:00:00.000Z",
        "dateReserved": "2010-06-07T00:00:00.000Z",
        "dateUpdated": "2024-09-16T19:31:46.212Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2010-2123 (GCVE-0-2010-2123)

    Vulnerability from nvd – Published: 2010-06-01 21:00 – Updated: 2024-08-07 02:25
    VLAI
    Summary
    Multiple cross-site scripting (XSS) vulnerabilities in the Storm module 5.x and 6.x before 6.x-1.33 for Drupal allow remote authenticated users, with certain module privileges, to inject arbitrary web script or HTML via the (1) fullname, (2) address, (3) city, (4) provstate (aka state), (5) phone, or (6) taxid parameter in a stormorganization action to index.php; the (7) name parameter in a stormperson action to index.php; the (8) stepno (aka Step no.) or (9) title parameter in a stormtask action to index.php; the (10) title (aka Project) parameter in a stormticket action to index.php; or (11) unspecified parameters in a stormproject action to index.php. NOTE: some of these details are obtained from third party information.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://drupal.org/node/803770 x_refsource_CONFIRM
    http://secunia.com/advisories/39732 third-party-advisoryx_refsource_SECUNIA
    http://archives.neohapsis.com/archives/fulldisclo… mailing-listx_refsource_FULLDISC
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.securityfocus.com/bid/40288 vdb-entryx_refsource_BID
    http://www.osvdb.org/64616 vdb-entryx_refsource_OSVDB
    Date Public
    2010-05-12 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T02:25:06.337Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://drupal.org/node/803770"
              },
              {
                "name": "39732",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/39732"
              },
              {
                "name": "20100512 Drupal storm 1.32",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-05/0160.html"
              },
              {
                "name": "drupal-storm-unspecified-xss(58717)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58717"
              },
              {
                "name": "40288",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/40288"
              },
              {
                "name": "64616",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/64616"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2010-05-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in the Storm module 5.x and 6.x before 6.x-1.33 for Drupal allow remote authenticated users, with certain module privileges, to inject arbitrary web script or HTML via the (1) fullname, (2) address, (3) city, (4) provstate (aka state), (5) phone, or (6) taxid parameter in a stormorganization action to index.php; the (7) name parameter in a stormperson action to index.php; the (8) stepno (aka Step no.) or (9) title parameter in a stormtask action to index.php; the (10) title (aka Project) parameter in a stormticket action to index.php; or (11) unspecified parameters in a stormproject action to index.php.  NOTE: some of these details are obtained from third party information."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-16T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://drupal.org/node/803770"
            },
            {
              "name": "39732",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/39732"
            },
            {
              "name": "20100512 Drupal storm 1.32",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-05/0160.html"
            },
            {
              "name": "drupal-storm-unspecified-xss(58717)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58717"
            },
            {
              "name": "40288",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/40288"
            },
            {
              "name": "64616",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/64616"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2010-2123",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple cross-site scripting (XSS) vulnerabilities in the Storm module 5.x and 6.x before 6.x-1.33 for Drupal allow remote authenticated users, with certain module privileges, to inject arbitrary web script or HTML via the (1) fullname, (2) address, (3) city, (4) provstate (aka state), (5) phone, or (6) taxid parameter in a stormorganization action to index.php; the (7) name parameter in a stormperson action to index.php; the (8) stepno (aka Step no.) or (9) title parameter in a stormtask action to index.php; the (10) title (aka Project) parameter in a stormticket action to index.php; or (11) unspecified parameters in a stormproject action to index.php.  NOTE: some of these details are obtained from third party information."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://drupal.org/node/803770",
                  "refsource": "CONFIRM",
                  "url": "http://drupal.org/node/803770"
                },
                {
                  "name": "39732",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/39732"
                },
                {
                  "name": "20100512 Drupal storm 1.32",
                  "refsource": "FULLDISC",
                  "url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-05/0160.html"
                },
                {
                  "name": "drupal-storm-unspecified-xss(58717)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58717"
                },
                {
                  "name": "40288",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/40288"
                },
                {
                  "name": "64616",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/64616"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2010-2123",
        "datePublished": "2010-06-01T21:00:00.000Z",
        "dateReserved": "2010-06-01T00:00:00.000Z",
        "dateUpdated": "2024-08-07T02:25:06.337Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2009-4515 (GCVE-0-2009-4515)

    Vulnerability from nvd – Published: 2009-12-31 19:00 – Updated: 2024-09-17 03:22
    VLAI
    Summary
    The Storm module 6.x before 6.x-1.25 for Drupal does not enforce privilege requirements for storminvoiceitem nodes, which allows remote attackers to read node titles via unspecified vectors.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://secunia.com/advisories/37202 third-party-advisoryx_refsource_SECUNIA
    http://drupal.org/node/617480 x_refsource_CONFIRM
    http://drupal.org/node/617494 x_refsource_CONFIRM
    http://www.vupen.com/english/advisories/2009/3090 vdb-entryx_refsource_VUPEN
    http://www.securityfocus.com/bid/36879 vdb-entryx_refsource_BID
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T07:08:36.700Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "37202",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/37202"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://drupal.org/node/617480"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://drupal.org/node/617494"
              },
              {
                "name": "ADV-2009-3090",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2009/3090"
              },
              {
                "name": "36879",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/36879"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Storm module 6.x before 6.x-1.25 for Drupal does not enforce privilege requirements for storminvoiceitem nodes, which allows remote attackers to read node titles via unspecified vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2009-12-31T19:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "37202",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/37202"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://drupal.org/node/617480"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://drupal.org/node/617494"
            },
            {
              "name": "ADV-2009-3090",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2009/3090"
            },
            {
              "name": "36879",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/36879"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2009-4515",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Storm module 6.x before 6.x-1.25 for Drupal does not enforce privilege requirements for storminvoiceitem nodes, which allows remote attackers to read node titles via unspecified vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "37202",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/37202"
                },
                {
                  "name": "http://drupal.org/node/617480",
                  "refsource": "CONFIRM",
                  "url": "http://drupal.org/node/617480"
                },
                {
                  "name": "http://drupal.org/node/617494",
                  "refsource": "CONFIRM",
                  "url": "http://drupal.org/node/617494"
                },
                {
                  "name": "ADV-2009-3090",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2009/3090"
                },
                {
                  "name": "36879",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/36879"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2009-4515",
        "datePublished": "2009-12-31T19:00:00.000Z",
        "dateReserved": "2009-12-31T00:00:00.000Z",
        "dateUpdated": "2024-09-17T03:22:46.291Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-4738 (GCVE-0-2007-4738)

    Vulnerability from nvd – Published: 2007-09-06 19:00 – Updated: 2024-08-07 15:08
    VLAI
    Summary
    Multiple PHP remote file inclusion vulnerabilities in SpeedTech PHP Library (STPHPLibrary) 0.8.0 allow remote attackers to execute arbitrary PHP code via a URL in the (1) db_conf or (2) ADODB_DIR parameter to utils/stphpimage_show.php; or a URL in the STPHPLIB_DIR parameter to (3) stphpbutton.php, (4) stphpcheckbox.php, (5) stphpcheckboxwithcaption.php, (6) stphpcheckgroup.php, (7) stphpcomponent.php, (8) stphpcontrolwithcaption.php, (9) stphpedit.php, (10) stphpeditwithcaption.php, (11) stphphr.php, (12) stphpimage.php, (13) stphpimagewithcaption.php, (14) stphplabel.php, (15) stphplistbox.php, (16) stphplistboxwithcaption.php, (17) stphplocale.php, (18) stphppanel.php, (19) stphpradiobutton.php, (20) stphpradiobuttonwithcaption.php, (21) stphpradiogroup.php, (22) stphprichbutton.php, (23) stphpspacer.php, (24) stphptable.php, (25) stphptablecell.php, (26) stphptablerow.php, (27) stphptabpanel.php, (28) stphptabtitle.php, (29) stphptextarea.php, (30) stphptextareawithcaption.php, (31) stphptoolbar.php, (32) stphpwindow.php, (33) stphpxmldoc.php, or (34) stphpxmlelement.php, a different set of vectors than CVE-2007-4737. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://osvdb.org/39077 vdb-entryx_refsource_OSVDB
    http://osvdb.org/39082 vdb-entryx_refsource_OSVDB
    http://osvdb.org/39088 vdb-entryx_refsource_OSVDB
    http://osvdb.org/39076 vdb-entryx_refsource_OSVDB
    http://osvdb.org/39090 vdb-entryx_refsource_OSVDB
    http://osvdb.org/39085 vdb-entryx_refsource_OSVDB
    http://osvdb.org/39079 vdb-entryx_refsource_OSVDB
    http://osvdb.org/39093 vdb-entryx_refsource_OSVDB
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://osvdb.org/39099 vdb-entryx_refsource_OSVDB
    http://osvdb.org/39096 vdb-entryx_refsource_OSVDB
    http://osvdb.org/39102 vdb-entryx_refsource_OSVDB
    http://osvdb.org/39101 vdb-entryx_refsource_OSVDB
    http://osvdb.org/39095 vdb-entryx_refsource_OSVDB
    http://osvdb.org/39105 vdb-entryx_refsource_OSVDB
    http://osvdb.org/39097 vdb-entryx_refsource_OSVDB
    http://osvdb.org/39084 vdb-entryx_refsource_OSVDB
    http://osvdb.org/39074 vdb-entryx_refsource_OSVDB
    http://osvdb.org/39094 vdb-entryx_refsource_OSVDB
    http://osvdb.org/39098 vdb-entryx_refsource_OSVDB
    http://osvdb.org/39083 vdb-entryx_refsource_OSVDB
    http://osvdb.org/39078 vdb-entryx_refsource_OSVDB
    http://osvdb.org/39100 vdb-entryx_refsource_OSVDB
    http://osvdb.org/39103 vdb-entryx_refsource_OSVDB
    http://osvdb.org/39075 vdb-entryx_refsource_OSVDB
    http://osvdb.org/39091 vdb-entryx_refsource_OSVDB
    http://www.securityfocus.com/bid/25525 vdb-entryx_refsource_BID
    http://osvdb.org/39089 vdb-entryx_refsource_OSVDB
    http://osvdb.org/39081 vdb-entryx_refsource_OSVDB
    http://osvdb.org/39087 vdb-entryx_refsource_OSVDB
    http://secunia.com/advisories/26658 third-party-advisoryx_refsource_SECUNIA
    http://osvdb.org/39080 vdb-entryx_refsource_OSVDB
    http://osvdb.org/39104 vdb-entryx_refsource_OSVDB
    http://osvdb.org/39073 vdb-entryx_refsource_OSVDB
    http://osvdb.org/39092 vdb-entryx_refsource_OSVDB
    http://osvdb.org/39086 vdb-entryx_refsource_OSVDB
    Date Public
    2007-09-04 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T15:08:33.812Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "39077",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/39077"
              },
              {
                "name": "39082",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/39082"
              },
              {
                "name": "39088",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/39088"
              },
              {
                "name": "39076",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/39076"
              },
              {
                "name": "39090",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/39090"
              },
              {
                "name": "39085",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/39085"
              },
              {
                "name": "39079",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/39079"
              },
              {
                "name": "39093",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/39093"
              },
              {
                "name": "speedtech-stphpimageshow-file-include(36417)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36417"
              },
              {
                "name": "39099",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/39099"
              },
              {
                "name": "39096",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/39096"
              },
              {
                "name": "39102",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/39102"
              },
              {
                "name": "39101",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/39101"
              },
              {
                "name": "39095",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/39095"
              },
              {
                "name": "39105",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/39105"
              },
              {
                "name": "39097",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/39097"
              },
              {
                "name": "39084",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/39084"
              },
              {
                "name": "39074",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/39074"
              },
              {
                "name": "39094",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/39094"
              },
              {
                "name": "39098",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/39098"
              },
              {
                "name": "39083",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/39083"
              },
              {
                "name": "39078",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/39078"
              },
              {
                "name": "39100",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/39100"
              },
              {
                "name": "39103",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/39103"
              },
              {
                "name": "39075",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/39075"
              },
              {
                "name": "39091",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/39091"
              },
              {
                "name": "25525",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/25525"
              },
              {
                "name": "39089",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/39089"
              },
              {
                "name": "39081",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/39081"
              },
              {
                "name": "39087",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/39087"
              },
              {
                "name": "26658",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/26658"
              },
              {
                "name": "39080",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/39080"
              },
              {
                "name": "39104",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/39104"
              },
              {
                "name": "39073",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/39073"
              },
              {
                "name": "39092",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/39092"
              },
              {
                "name": "39086",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/39086"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-09-04T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple PHP remote file inclusion vulnerabilities in SpeedTech PHP Library (STPHPLibrary) 0.8.0 allow remote attackers to execute arbitrary PHP code via a URL in the (1) db_conf or (2) ADODB_DIR parameter to utils/stphpimage_show.php; or a URL in the STPHPLIB_DIR parameter to (3) stphpbutton.php, (4) stphpcheckbox.php, (5) stphpcheckboxwithcaption.php, (6) stphpcheckgroup.php, (7) stphpcomponent.php, (8) stphpcontrolwithcaption.php, (9) stphpedit.php, (10) stphpeditwithcaption.php, (11) stphphr.php, (12) stphpimage.php, (13) stphpimagewithcaption.php, (14) stphplabel.php, (15) stphplistbox.php, (16) stphplistboxwithcaption.php, (17) stphplocale.php, (18) stphppanel.php, (19) stphpradiobutton.php, (20) stphpradiobuttonwithcaption.php, (21) stphpradiogroup.php, (22) stphprichbutton.php, (23) stphpspacer.php, (24) stphptable.php, (25) stphptablecell.php, (26) stphptablerow.php, (27) stphptabpanel.php, (28) stphptabtitle.php, (29) stphptextarea.php, (30) stphptextareawithcaption.php, (31) stphptoolbar.php, (32) stphpwindow.php, (33) stphpxmldoc.php, or (34) stphpxmlelement.php, a different set of vectors than CVE-2007-4737.  NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-28T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "39077",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/39077"
            },
            {
              "name": "39082",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/39082"
            },
            {
              "name": "39088",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/39088"
            },
            {
              "name": "39076",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/39076"
            },
            {
              "name": "39090",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/39090"
            },
            {
              "name": "39085",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/39085"
            },
            {
              "name": "39079",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/39079"
            },
            {
              "name": "39093",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/39093"
            },
            {
              "name": "speedtech-stphpimageshow-file-include(36417)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36417"
            },
            {
              "name": "39099",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/39099"
            },
            {
              "name": "39096",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/39096"
            },
            {
              "name": "39102",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/39102"
            },
            {
              "name": "39101",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/39101"
            },
            {
              "name": "39095",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/39095"
            },
            {
              "name": "39105",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/39105"
            },
            {
              "name": "39097",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/39097"
            },
            {
              "name": "39084",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/39084"
            },
            {
              "name": "39074",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/39074"
            },
            {
              "name": "39094",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/39094"
            },
            {
              "name": "39098",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/39098"
            },
            {
              "name": "39083",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/39083"
            },
            {
              "name": "39078",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/39078"
            },
            {
              "name": "39100",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/39100"
            },
            {
              "name": "39103",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/39103"
            },
            {
              "name": "39075",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/39075"
            },
            {
              "name": "39091",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/39091"
            },
            {
              "name": "25525",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/25525"
            },
            {
              "name": "39089",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/39089"
            },
            {
              "name": "39081",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/39081"
            },
            {
              "name": "39087",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/39087"
            },
            {
              "name": "26658",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/26658"
            },
            {
              "name": "39080",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/39080"
            },
            {
              "name": "39104",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/39104"
            },
            {
              "name": "39073",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/39073"
            },
            {
              "name": "39092",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/39092"
            },
            {
              "name": "39086",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/39086"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-4738",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple PHP remote file inclusion vulnerabilities in SpeedTech PHP Library (STPHPLibrary) 0.8.0 allow remote attackers to execute arbitrary PHP code via a URL in the (1) db_conf or (2) ADODB_DIR parameter to utils/stphpimage_show.php; or a URL in the STPHPLIB_DIR parameter to (3) stphpbutton.php, (4) stphpcheckbox.php, (5) stphpcheckboxwithcaption.php, (6) stphpcheckgroup.php, (7) stphpcomponent.php, (8) stphpcontrolwithcaption.php, (9) stphpedit.php, (10) stphpeditwithcaption.php, (11) stphphr.php, (12) stphpimage.php, (13) stphpimagewithcaption.php, (14) stphplabel.php, (15) stphplistbox.php, (16) stphplistboxwithcaption.php, (17) stphplocale.php, (18) stphppanel.php, (19) stphpradiobutton.php, (20) stphpradiobuttonwithcaption.php, (21) stphpradiogroup.php, (22) stphprichbutton.php, (23) stphpspacer.php, (24) stphptable.php, (25) stphptablecell.php, (26) stphptablerow.php, (27) stphptabpanel.php, (28) stphptabtitle.php, (29) stphptextarea.php, (30) stphptextareawithcaption.php, (31) stphptoolbar.php, (32) stphpwindow.php, (33) stphpxmldoc.php, or (34) stphpxmlelement.php, a different set of vectors than CVE-2007-4737.  NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "39077",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/39077"
                },
                {
                  "name": "39082",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/39082"
                },
                {
                  "name": "39088",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/39088"
                },
                {
                  "name": "39076",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/39076"
                },
                {
                  "name": "39090",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/39090"
                },
                {
                  "name": "39085",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/39085"
                },
                {
                  "name": "39079",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/39079"
                },
                {
                  "name": "39093",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/39093"
                },
                {
                  "name": "speedtech-stphpimageshow-file-include(36417)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36417"
                },
                {
                  "name": "39099",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/39099"
                },
                {
                  "name": "39096",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/39096"
                },
                {
                  "name": "39102",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/39102"
                },
                {
                  "name": "39101",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/39101"
                },
                {
                  "name": "39095",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/39095"
                },
                {
                  "name": "39105",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/39105"
                },
                {
                  "name": "39097",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/39097"
                },
                {
                  "name": "39084",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/39084"
                },
                {
                  "name": "39074",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/39074"
                },
                {
                  "name": "39094",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/39094"
                },
                {
                  "name": "39098",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/39098"
                },
                {
                  "name": "39083",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/39083"
                },
                {
                  "name": "39078",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/39078"
                },
                {
                  "name": "39100",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/39100"
                },
                {
                  "name": "39103",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/39103"
                },
                {
                  "name": "39075",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/39075"
                },
                {
                  "name": "39091",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/39091"
                },
                {
                  "name": "25525",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/25525"
                },
                {
                  "name": "39089",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/39089"
                },
                {
                  "name": "39081",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/39081"
                },
                {
                  "name": "39087",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/39087"
                },
                {
                  "name": "26658",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/26658"
                },
                {
                  "name": "39080",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/39080"
                },
                {
                  "name": "39104",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/39104"
                },
                {
                  "name": "39073",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/39073"
                },
                {
                  "name": "39092",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/39092"
                },
                {
                  "name": "39086",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/39086"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-4738",
        "datePublished": "2007-09-06T19:00:00.000Z",
        "dateReserved": "2007-09-06T00:00:00.000Z",
        "dateUpdated": "2024-08-07T15:08:33.812Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-4737 (GCVE-0-2007-4737)

    Vulnerability from nvd – Published: 2007-09-06 19:00 – Updated: 2024-08-07 15:08
    VLAI
    Summary
    Multiple PHP remote file inclusion vulnerabilities in SpeedTech PHP Library (STPHPLibrary) 0.8.0 allow remote attackers to execute arbitrary PHP code via a URL in the STPHPLIB_DIR parameter to (1) stphpapplication.php, (2) stphpbtnimage.php, or (3) stphpform.php.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://osvdb.org/38929 vdb-entryx_refsource_OSVDB
    http://osvdb.org/38930 vdb-entryx_refsource_OSVDB
    https://www.exploit-db.com/exploits/4358 exploitx_refsource_EXPLOIT-DB
    http://www.securityfocus.com/bid/25525 vdb-entryx_refsource_BID
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://osvdb.org/38931 vdb-entryx_refsource_OSVDB
    http://www.vupen.com/english/advisories/2007/3092 vdb-entryx_refsource_VUPEN
    http://secunia.com/advisories/26658 third-party-advisoryx_refsource_SECUNIA
    Date Public
    2007-09-03 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T15:08:33.804Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "38929",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/38929"
              },
              {
                "name": "38930",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/38930"
              },
              {
                "name": "4358",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/4358"
              },
              {
                "name": "25525",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/25525"
              },
              {
                "name": "speedtech-stphplibdir-file-include(36416)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36416"
              },
              {
                "name": "38931",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/38931"
              },
              {
                "name": "ADV-2007-3092",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2007/3092"
              },
              {
                "name": "26658",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/26658"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-09-03T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple PHP remote file inclusion vulnerabilities in SpeedTech PHP Library (STPHPLibrary) 0.8.0 allow remote attackers to execute arbitrary PHP code via a URL in the STPHPLIB_DIR parameter to (1) stphpapplication.php, (2) stphpbtnimage.php, or (3) stphpform.php."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-09-28T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "38929",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/38929"
            },
            {
              "name": "38930",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/38930"
            },
            {
              "name": "4358",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/4358"
            },
            {
              "name": "25525",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/25525"
            },
            {
              "name": "speedtech-stphplibdir-file-include(36416)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36416"
            },
            {
              "name": "38931",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/38931"
            },
            {
              "name": "ADV-2007-3092",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2007/3092"
            },
            {
              "name": "26658",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/26658"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-4737",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple PHP remote file inclusion vulnerabilities in SpeedTech PHP Library (STPHPLibrary) 0.8.0 allow remote attackers to execute arbitrary PHP code via a URL in the STPHPLIB_DIR parameter to (1) stphpapplication.php, (2) stphpbtnimage.php, or (3) stphpform.php."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "38929",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/38929"
                },
                {
                  "name": "38930",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/38930"
                },
                {
                  "name": "4358",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/4358"
                },
                {
                  "name": "25525",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/25525"
                },
                {
                  "name": "speedtech-stphplibdir-file-include(36416)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36416"
                },
                {
                  "name": "38931",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/38931"
                },
                {
                  "name": "ADV-2007-3092",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2007/3092"
                },
                {
                  "name": "26658",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/26658"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-4737",
        "datePublished": "2007-09-06T19:00:00.000Z",
        "dateReserved": "2007-09-06T00:00:00.000Z",
        "dateUpdated": "2024-08-07T15:08:33.804Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2010-2158 (GCVE-0-2010-2158)

    Vulnerability from cvelistv5 – Published: 2010-06-07 14:00 – Updated: 2024-09-16 19:31
    VLAI
    Summary
    Multiple cross-site scripting (XSS) vulnerabilities in the Storm module 5.x and 6.x before 6.x-1.33 for Drupal allow remote authenticated users, with certain module privileges, to inject arbitrary web script or HTML via the (1) fullname, (2) phone, or (3) im parameter in a stormperson action to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://drupal.org/node/803770 x_refsource_CONFIRM
    http://secunia.com/advisories/39732 third-party-advisoryx_refsource_SECUNIA
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T02:25:06.585Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://drupal.org/node/803770"
              },
              {
                "name": "39732",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/39732"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in the Storm module 5.x and 6.x before 6.x-1.33 for Drupal allow remote authenticated users, with certain module privileges, to inject arbitrary web script or HTML via the (1) fullname, (2) phone, or (3) im parameter in a stormperson action to index.php.  NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2010-06-07T14:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://drupal.org/node/803770"
            },
            {
              "name": "39732",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/39732"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2010-2158",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple cross-site scripting (XSS) vulnerabilities in the Storm module 5.x and 6.x before 6.x-1.33 for Drupal allow remote authenticated users, with certain module privileges, to inject arbitrary web script or HTML via the (1) fullname, (2) phone, or (3) im parameter in a stormperson action to index.php.  NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://drupal.org/node/803770",
                  "refsource": "CONFIRM",
                  "url": "http://drupal.org/node/803770"
                },
                {
                  "name": "39732",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/39732"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2010-2158",
        "datePublished": "2010-06-07T14:00:00.000Z",
        "dateReserved": "2010-06-07T00:00:00.000Z",
        "dateUpdated": "2024-09-16T19:31:46.212Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2010-2123 (GCVE-0-2010-2123)

    Vulnerability from cvelistv5 – Published: 2010-06-01 21:00 – Updated: 2024-08-07 02:25
    VLAI
    Summary
    Multiple cross-site scripting (XSS) vulnerabilities in the Storm module 5.x and 6.x before 6.x-1.33 for Drupal allow remote authenticated users, with certain module privileges, to inject arbitrary web script or HTML via the (1) fullname, (2) address, (3) city, (4) provstate (aka state), (5) phone, or (6) taxid parameter in a stormorganization action to index.php; the (7) name parameter in a stormperson action to index.php; the (8) stepno (aka Step no.) or (9) title parameter in a stormtask action to index.php; the (10) title (aka Project) parameter in a stormticket action to index.php; or (11) unspecified parameters in a stormproject action to index.php. NOTE: some of these details are obtained from third party information.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://drupal.org/node/803770 x_refsource_CONFIRM
    http://secunia.com/advisories/39732 third-party-advisoryx_refsource_SECUNIA
    http://archives.neohapsis.com/archives/fulldisclo… mailing-listx_refsource_FULLDISC
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.securityfocus.com/bid/40288 vdb-entryx_refsource_BID
    http://www.osvdb.org/64616 vdb-entryx_refsource_OSVDB
    Date Public
    2010-05-12 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T02:25:06.337Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://drupal.org/node/803770"
              },
              {
                "name": "39732",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/39732"
              },
              {
                "name": "20100512 Drupal storm 1.32",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-05/0160.html"
              },
              {
                "name": "drupal-storm-unspecified-xss(58717)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58717"
              },
              {
                "name": "40288",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/40288"
              },
              {
                "name": "64616",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/64616"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2010-05-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in the Storm module 5.x and 6.x before 6.x-1.33 for Drupal allow remote authenticated users, with certain module privileges, to inject arbitrary web script or HTML via the (1) fullname, (2) address, (3) city, (4) provstate (aka state), (5) phone, or (6) taxid parameter in a stormorganization action to index.php; the (7) name parameter in a stormperson action to index.php; the (8) stepno (aka Step no.) or (9) title parameter in a stormtask action to index.php; the (10) title (aka Project) parameter in a stormticket action to index.php; or (11) unspecified parameters in a stormproject action to index.php.  NOTE: some of these details are obtained from third party information."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-16T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://drupal.org/node/803770"
            },
            {
              "name": "39732",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/39732"
            },
            {
              "name": "20100512 Drupal storm 1.32",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-05/0160.html"
            },
            {
              "name": "drupal-storm-unspecified-xss(58717)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58717"
            },
            {
              "name": "40288",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/40288"
            },
            {
              "name": "64616",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/64616"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2010-2123",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple cross-site scripting (XSS) vulnerabilities in the Storm module 5.x and 6.x before 6.x-1.33 for Drupal allow remote authenticated users, with certain module privileges, to inject arbitrary web script or HTML via the (1) fullname, (2) address, (3) city, (4) provstate (aka state), (5) phone, or (6) taxid parameter in a stormorganization action to index.php; the (7) name parameter in a stormperson action to index.php; the (8) stepno (aka Step no.) or (9) title parameter in a stormtask action to index.php; the (10) title (aka Project) parameter in a stormticket action to index.php; or (11) unspecified parameters in a stormproject action to index.php.  NOTE: some of these details are obtained from third party information."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://drupal.org/node/803770",
                  "refsource": "CONFIRM",
                  "url": "http://drupal.org/node/803770"
                },
                {
                  "name": "39732",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/39732"
                },
                {
                  "name": "20100512 Drupal storm 1.32",
                  "refsource": "FULLDISC",
                  "url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-05/0160.html"
                },
                {
                  "name": "drupal-storm-unspecified-xss(58717)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58717"
                },
                {
                  "name": "40288",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/40288"
                },
                {
                  "name": "64616",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/64616"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2010-2123",
        "datePublished": "2010-06-01T21:00:00.000Z",
        "dateReserved": "2010-06-01T00:00:00.000Z",
        "dateUpdated": "2024-08-07T02:25:06.337Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2009-4515 (GCVE-0-2009-4515)

    Vulnerability from cvelistv5 – Published: 2009-12-31 19:00 – Updated: 2024-09-17 03:22
    VLAI
    Summary
    The Storm module 6.x before 6.x-1.25 for Drupal does not enforce privilege requirements for storminvoiceitem nodes, which allows remote attackers to read node titles via unspecified vectors.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://secunia.com/advisories/37202 third-party-advisoryx_refsource_SECUNIA
    http://drupal.org/node/617480 x_refsource_CONFIRM
    http://drupal.org/node/617494 x_refsource_CONFIRM
    http://www.vupen.com/english/advisories/2009/3090 vdb-entryx_refsource_VUPEN
    http://www.securityfocus.com/bid/36879 vdb-entryx_refsource_BID
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T07:08:36.700Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "37202",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/37202"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://drupal.org/node/617480"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://drupal.org/node/617494"
              },
              {
                "name": "ADV-2009-3090",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2009/3090"
              },
              {
                "name": "36879",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/36879"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Storm module 6.x before 6.x-1.25 for Drupal does not enforce privilege requirements for storminvoiceitem nodes, which allows remote attackers to read node titles via unspecified vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2009-12-31T19:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "37202",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/37202"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://drupal.org/node/617480"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://drupal.org/node/617494"
            },
            {
              "name": "ADV-2009-3090",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2009/3090"
            },
            {
              "name": "36879",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/36879"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2009-4515",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Storm module 6.x before 6.x-1.25 for Drupal does not enforce privilege requirements for storminvoiceitem nodes, which allows remote attackers to read node titles via unspecified vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "37202",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/37202"
                },
                {
                  "name": "http://drupal.org/node/617480",
                  "refsource": "CONFIRM",
                  "url": "http://drupal.org/node/617480"
                },
                {
                  "name": "http://drupal.org/node/617494",
                  "refsource": "CONFIRM",
                  "url": "http://drupal.org/node/617494"
                },
                {
                  "name": "ADV-2009-3090",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2009/3090"
                },
                {
                  "name": "36879",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/36879"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2009-4515",
        "datePublished": "2009-12-31T19:00:00.000Z",
        "dateReserved": "2009-12-31T00:00:00.000Z",
        "dateUpdated": "2024-09-17T03:22:46.291Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-4738 (GCVE-0-2007-4738)

    Vulnerability from cvelistv5 – Published: 2007-09-06 19:00 – Updated: 2024-08-07 15:08
    VLAI
    Summary
    Multiple PHP remote file inclusion vulnerabilities in SpeedTech PHP Library (STPHPLibrary) 0.8.0 allow remote attackers to execute arbitrary PHP code via a URL in the (1) db_conf or (2) ADODB_DIR parameter to utils/stphpimage_show.php; or a URL in the STPHPLIB_DIR parameter to (3) stphpbutton.php, (4) stphpcheckbox.php, (5) stphpcheckboxwithcaption.php, (6) stphpcheckgroup.php, (7) stphpcomponent.php, (8) stphpcontrolwithcaption.php, (9) stphpedit.php, (10) stphpeditwithcaption.php, (11) stphphr.php, (12) stphpimage.php, (13) stphpimagewithcaption.php, (14) stphplabel.php, (15) stphplistbox.php, (16) stphplistboxwithcaption.php, (17) stphplocale.php, (18) stphppanel.php, (19) stphpradiobutton.php, (20) stphpradiobuttonwithcaption.php, (21) stphpradiogroup.php, (22) stphprichbutton.php, (23) stphpspacer.php, (24) stphptable.php, (25) stphptablecell.php, (26) stphptablerow.php, (27) stphptabpanel.php, (28) stphptabtitle.php, (29) stphptextarea.php, (30) stphptextareawithcaption.php, (31) stphptoolbar.php, (32) stphpwindow.php, (33) stphpxmldoc.php, or (34) stphpxmlelement.php, a different set of vectors than CVE-2007-4737. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://osvdb.org/39077 vdb-entryx_refsource_OSVDB
    http://osvdb.org/39082 vdb-entryx_refsource_OSVDB
    http://osvdb.org/39088 vdb-entryx_refsource_OSVDB
    http://osvdb.org/39076 vdb-entryx_refsource_OSVDB
    http://osvdb.org/39090 vdb-entryx_refsource_OSVDB
    http://osvdb.org/39085 vdb-entryx_refsource_OSVDB
    http://osvdb.org/39079 vdb-entryx_refsource_OSVDB
    http://osvdb.org/39093 vdb-entryx_refsource_OSVDB
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://osvdb.org/39099 vdb-entryx_refsource_OSVDB
    http://osvdb.org/39096 vdb-entryx_refsource_OSVDB
    http://osvdb.org/39102 vdb-entryx_refsource_OSVDB
    http://osvdb.org/39101 vdb-entryx_refsource_OSVDB
    http://osvdb.org/39095 vdb-entryx_refsource_OSVDB
    http://osvdb.org/39105 vdb-entryx_refsource_OSVDB
    http://osvdb.org/39097 vdb-entryx_refsource_OSVDB
    http://osvdb.org/39084 vdb-entryx_refsource_OSVDB
    http://osvdb.org/39074 vdb-entryx_refsource_OSVDB
    http://osvdb.org/39094 vdb-entryx_refsource_OSVDB
    http://osvdb.org/39098 vdb-entryx_refsource_OSVDB
    http://osvdb.org/39083 vdb-entryx_refsource_OSVDB
    http://osvdb.org/39078 vdb-entryx_refsource_OSVDB
    http://osvdb.org/39100 vdb-entryx_refsource_OSVDB
    http://osvdb.org/39103 vdb-entryx_refsource_OSVDB
    http://osvdb.org/39075 vdb-entryx_refsource_OSVDB
    http://osvdb.org/39091 vdb-entryx_refsource_OSVDB
    http://www.securityfocus.com/bid/25525 vdb-entryx_refsource_BID
    http://osvdb.org/39089 vdb-entryx_refsource_OSVDB
    http://osvdb.org/39081 vdb-entryx_refsource_OSVDB
    http://osvdb.org/39087 vdb-entryx_refsource_OSVDB
    http://secunia.com/advisories/26658 third-party-advisoryx_refsource_SECUNIA
    http://osvdb.org/39080 vdb-entryx_refsource_OSVDB
    http://osvdb.org/39104 vdb-entryx_refsource_OSVDB
    http://osvdb.org/39073 vdb-entryx_refsource_OSVDB
    http://osvdb.org/39092 vdb-entryx_refsource_OSVDB
    http://osvdb.org/39086 vdb-entryx_refsource_OSVDB
    Date Public
    2007-09-04 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T15:08:33.812Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "39077",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/39077"
              },
              {
                "name": "39082",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/39082"
              },
              {
                "name": "39088",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/39088"
              },
              {
                "name": "39076",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/39076"
              },
              {
                "name": "39090",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/39090"
              },
              {
                "name": "39085",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/39085"
              },
              {
                "name": "39079",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/39079"
              },
              {
                "name": "39093",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/39093"
              },
              {
                "name": "speedtech-stphpimageshow-file-include(36417)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36417"
              },
              {
                "name": "39099",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/39099"
              },
              {
                "name": "39096",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/39096"
              },
              {
                "name": "39102",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/39102"
              },
              {
                "name": "39101",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/39101"
              },
              {
                "name": "39095",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/39095"
              },
              {
                "name": "39105",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/39105"
              },
              {
                "name": "39097",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/39097"
              },
              {
                "name": "39084",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/39084"
              },
              {
                "name": "39074",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/39074"
              },
              {
                "name": "39094",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/39094"
              },
              {
                "name": "39098",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/39098"
              },
              {
                "name": "39083",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/39083"
              },
              {
                "name": "39078",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/39078"
              },
              {
                "name": "39100",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/39100"
              },
              {
                "name": "39103",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/39103"
              },
              {
                "name": "39075",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/39075"
              },
              {
                "name": "39091",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/39091"
              },
              {
                "name": "25525",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/25525"
              },
              {
                "name": "39089",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/39089"
              },
              {
                "name": "39081",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/39081"
              },
              {
                "name": "39087",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/39087"
              },
              {
                "name": "26658",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/26658"
              },
              {
                "name": "39080",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/39080"
              },
              {
                "name": "39104",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/39104"
              },
              {
                "name": "39073",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/39073"
              },
              {
                "name": "39092",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/39092"
              },
              {
                "name": "39086",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/39086"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-09-04T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple PHP remote file inclusion vulnerabilities in SpeedTech PHP Library (STPHPLibrary) 0.8.0 allow remote attackers to execute arbitrary PHP code via a URL in the (1) db_conf or (2) ADODB_DIR parameter to utils/stphpimage_show.php; or a URL in the STPHPLIB_DIR parameter to (3) stphpbutton.php, (4) stphpcheckbox.php, (5) stphpcheckboxwithcaption.php, (6) stphpcheckgroup.php, (7) stphpcomponent.php, (8) stphpcontrolwithcaption.php, (9) stphpedit.php, (10) stphpeditwithcaption.php, (11) stphphr.php, (12) stphpimage.php, (13) stphpimagewithcaption.php, (14) stphplabel.php, (15) stphplistbox.php, (16) stphplistboxwithcaption.php, (17) stphplocale.php, (18) stphppanel.php, (19) stphpradiobutton.php, (20) stphpradiobuttonwithcaption.php, (21) stphpradiogroup.php, (22) stphprichbutton.php, (23) stphpspacer.php, (24) stphptable.php, (25) stphptablecell.php, (26) stphptablerow.php, (27) stphptabpanel.php, (28) stphptabtitle.php, (29) stphptextarea.php, (30) stphptextareawithcaption.php, (31) stphptoolbar.php, (32) stphpwindow.php, (33) stphpxmldoc.php, or (34) stphpxmlelement.php, a different set of vectors than CVE-2007-4737.  NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-28T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "39077",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/39077"
            },
            {
              "name": "39082",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/39082"
            },
            {
              "name": "39088",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/39088"
            },
            {
              "name": "39076",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/39076"
            },
            {
              "name": "39090",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/39090"
            },
            {
              "name": "39085",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/39085"
            },
            {
              "name": "39079",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/39079"
            },
            {
              "name": "39093",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/39093"
            },
            {
              "name": "speedtech-stphpimageshow-file-include(36417)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36417"
            },
            {
              "name": "39099",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/39099"
            },
            {
              "name": "39096",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/39096"
            },
            {
              "name": "39102",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/39102"
            },
            {
              "name": "39101",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/39101"
            },
            {
              "name": "39095",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/39095"
            },
            {
              "name": "39105",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/39105"
            },
            {
              "name": "39097",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/39097"
            },
            {
              "name": "39084",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/39084"
            },
            {
              "name": "39074",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/39074"
            },
            {
              "name": "39094",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/39094"
            },
            {
              "name": "39098",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/39098"
            },
            {
              "name": "39083",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/39083"
            },
            {
              "name": "39078",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/39078"
            },
            {
              "name": "39100",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/39100"
            },
            {
              "name": "39103",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/39103"
            },
            {
              "name": "39075",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/39075"
            },
            {
              "name": "39091",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/39091"
            },
            {
              "name": "25525",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/25525"
            },
            {
              "name": "39089",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/39089"
            },
            {
              "name": "39081",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/39081"
            },
            {
              "name": "39087",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/39087"
            },
            {
              "name": "26658",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/26658"
            },
            {
              "name": "39080",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/39080"
            },
            {
              "name": "39104",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/39104"
            },
            {
              "name": "39073",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/39073"
            },
            {
              "name": "39092",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/39092"
            },
            {
              "name": "39086",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/39086"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-4738",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple PHP remote file inclusion vulnerabilities in SpeedTech PHP Library (STPHPLibrary) 0.8.0 allow remote attackers to execute arbitrary PHP code via a URL in the (1) db_conf or (2) ADODB_DIR parameter to utils/stphpimage_show.php; or a URL in the STPHPLIB_DIR parameter to (3) stphpbutton.php, (4) stphpcheckbox.php, (5) stphpcheckboxwithcaption.php, (6) stphpcheckgroup.php, (7) stphpcomponent.php, (8) stphpcontrolwithcaption.php, (9) stphpedit.php, (10) stphpeditwithcaption.php, (11) stphphr.php, (12) stphpimage.php, (13) stphpimagewithcaption.php, (14) stphplabel.php, (15) stphplistbox.php, (16) stphplistboxwithcaption.php, (17) stphplocale.php, (18) stphppanel.php, (19) stphpradiobutton.php, (20) stphpradiobuttonwithcaption.php, (21) stphpradiogroup.php, (22) stphprichbutton.php, (23) stphpspacer.php, (24) stphptable.php, (25) stphptablecell.php, (26) stphptablerow.php, (27) stphptabpanel.php, (28) stphptabtitle.php, (29) stphptextarea.php, (30) stphptextareawithcaption.php, (31) stphptoolbar.php, (32) stphpwindow.php, (33) stphpxmldoc.php, or (34) stphpxmlelement.php, a different set of vectors than CVE-2007-4737.  NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "39077",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/39077"
                },
                {
                  "name": "39082",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/39082"
                },
                {
                  "name": "39088",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/39088"
                },
                {
                  "name": "39076",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/39076"
                },
                {
                  "name": "39090",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/39090"
                },
                {
                  "name": "39085",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/39085"
                },
                {
                  "name": "39079",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/39079"
                },
                {
                  "name": "39093",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/39093"
                },
                {
                  "name": "speedtech-stphpimageshow-file-include(36417)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36417"
                },
                {
                  "name": "39099",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/39099"
                },
                {
                  "name": "39096",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/39096"
                },
                {
                  "name": "39102",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/39102"
                },
                {
                  "name": "39101",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/39101"
                },
                {
                  "name": "39095",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/39095"
                },
                {
                  "name": "39105",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/39105"
                },
                {
                  "name": "39097",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/39097"
                },
                {
                  "name": "39084",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/39084"
                },
                {
                  "name": "39074",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/39074"
                },
                {
                  "name": "39094",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/39094"
                },
                {
                  "name": "39098",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/39098"
                },
                {
                  "name": "39083",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/39083"
                },
                {
                  "name": "39078",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/39078"
                },
                {
                  "name": "39100",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/39100"
                },
                {
                  "name": "39103",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/39103"
                },
                {
                  "name": "39075",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/39075"
                },
                {
                  "name": "39091",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/39091"
                },
                {
                  "name": "25525",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/25525"
                },
                {
                  "name": "39089",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/39089"
                },
                {
                  "name": "39081",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/39081"
                },
                {
                  "name": "39087",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/39087"
                },
                {
                  "name": "26658",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/26658"
                },
                {
                  "name": "39080",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/39080"
                },
                {
                  "name": "39104",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/39104"
                },
                {
                  "name": "39073",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/39073"
                },
                {
                  "name": "39092",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/39092"
                },
                {
                  "name": "39086",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/39086"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-4738",
        "datePublished": "2007-09-06T19:00:00.000Z",
        "dateReserved": "2007-09-06T00:00:00.000Z",
        "dateUpdated": "2024-08-07T15:08:33.812Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-4737 (GCVE-0-2007-4737)

    Vulnerability from cvelistv5 – Published: 2007-09-06 19:00 – Updated: 2024-08-07 15:08
    VLAI
    Summary
    Multiple PHP remote file inclusion vulnerabilities in SpeedTech PHP Library (STPHPLibrary) 0.8.0 allow remote attackers to execute arbitrary PHP code via a URL in the STPHPLIB_DIR parameter to (1) stphpapplication.php, (2) stphpbtnimage.php, or (3) stphpform.php.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://osvdb.org/38929 vdb-entryx_refsource_OSVDB
    http://osvdb.org/38930 vdb-entryx_refsource_OSVDB
    https://www.exploit-db.com/exploits/4358 exploitx_refsource_EXPLOIT-DB
    http://www.securityfocus.com/bid/25525 vdb-entryx_refsource_BID
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://osvdb.org/38931 vdb-entryx_refsource_OSVDB
    http://www.vupen.com/english/advisories/2007/3092 vdb-entryx_refsource_VUPEN
    http://secunia.com/advisories/26658 third-party-advisoryx_refsource_SECUNIA
    Date Public
    2007-09-03 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T15:08:33.804Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "38929",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/38929"
              },
              {
                "name": "38930",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/38930"
              },
              {
                "name": "4358",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/4358"
              },
              {
                "name": "25525",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/25525"
              },
              {
                "name": "speedtech-stphplibdir-file-include(36416)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36416"
              },
              {
                "name": "38931",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/38931"
              },
              {
                "name": "ADV-2007-3092",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2007/3092"
              },
              {
                "name": "26658",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/26658"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-09-03T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple PHP remote file inclusion vulnerabilities in SpeedTech PHP Library (STPHPLibrary) 0.8.0 allow remote attackers to execute arbitrary PHP code via a URL in the STPHPLIB_DIR parameter to (1) stphpapplication.php, (2) stphpbtnimage.php, or (3) stphpform.php."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-09-28T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "38929",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/38929"
            },
            {
              "name": "38930",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/38930"
            },
            {
              "name": "4358",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/4358"
            },
            {
              "name": "25525",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/25525"
            },
            {
              "name": "speedtech-stphplibdir-file-include(36416)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36416"
            },
            {
              "name": "38931",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/38931"
            },
            {
              "name": "ADV-2007-3092",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2007/3092"
            },
            {
              "name": "26658",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/26658"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-4737",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple PHP remote file inclusion vulnerabilities in SpeedTech PHP Library (STPHPLibrary) 0.8.0 allow remote attackers to execute arbitrary PHP code via a URL in the STPHPLIB_DIR parameter to (1) stphpapplication.php, (2) stphpbtnimage.php, or (3) stphpform.php."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "38929",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/38929"
                },
                {
                  "name": "38930",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/38930"
                },
                {
                  "name": "4358",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/4358"
                },
                {
                  "name": "25525",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/25525"
                },
                {
                  "name": "speedtech-stphplibdir-file-include(36416)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36416"
                },
                {
                  "name": "38931",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/38931"
                },
                {
                  "name": "ADV-2007-3092",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2007/3092"
                },
                {
                  "name": "26658",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/26658"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-4737",
        "datePublished": "2007-09-06T19:00:00.000Z",
        "dateReserved": "2007-09-06T00:00:00.000Z",
        "dateUpdated": "2024-08-07T15:08:33.804Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }