Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    2 vulnerabilities found for filedownload by modxcms

    CVE-2007-0659 (GCVE-0-2007-0659)

    Vulnerability from nvd – Published: 2007-02-01 22:00 – Updated: 2024-08-07 12:26
    VLAI
    Summary
    download.php in the MuddyDogPaws FileDownload snippet before 2.5 for MODx allows remote attackers to download arbitrary files, as demonstrated by downloading config.inc.php to obtain database credentials.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.vupen.com/english/advisories/2007/0426 vdb-entryx_refsource_VUPEN
    http://secunia.com/advisories/23953 third-party-advisoryx_refsource_SECUNIA
    http://modxcms.com/forums/index.php/topic%2C10470… x_refsource_CONFIRM
    http://www.muddydogpaws.com/Home.html x_refsource_CONFIRM
    http://www.securityfocus.com/bid/22327 vdb-entryx_refsource_BID
    Date Public
    2007-01-29 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T12:26:54.256Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "ADV-2007-0426",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2007/0426"
              },
              {
                "name": "23953",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/23953"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://modxcms.com/forums/index.php/topic%2C10470.0.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.muddydogpaws.com/Home.html"
              },
              {
                "name": "22327",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/22327"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-01-29T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "download.php in the MuddyDogPaws FileDownload snippet before 2.5 for MODx allows remote attackers to download arbitrary files, as demonstrated by downloading config.inc.php to obtain database credentials."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2009-02-26T10:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "ADV-2007-0426",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2007/0426"
            },
            {
              "name": "23953",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/23953"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://modxcms.com/forums/index.php/topic%2C10470.0.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.muddydogpaws.com/Home.html"
            },
            {
              "name": "22327",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/22327"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-0659",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "download.php in the MuddyDogPaws FileDownload snippet before 2.5 for MODx allows remote attackers to download arbitrary files, as demonstrated by downloading config.inc.php to obtain database credentials."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "ADV-2007-0426",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2007/0426"
                },
                {
                  "name": "23953",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/23953"
                },
                {
                  "name": "http://modxcms.com/forums/index.php/topic,10470.0.html",
                  "refsource": "CONFIRM",
                  "url": "http://modxcms.com/forums/index.php/topic,10470.0.html"
                },
                {
                  "name": "http://www.muddydogpaws.com/Home.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.muddydogpaws.com/Home.html"
                },
                {
                  "name": "22327",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/22327"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-0659",
        "datePublished": "2007-02-01T22:00:00.000Z",
        "dateReserved": "2007-02-01T00:00:00.000Z",
        "dateUpdated": "2024-08-07T12:26:54.256Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-0659 (GCVE-0-2007-0659)

    Vulnerability from cvelistv5 – Published: 2007-02-01 22:00 – Updated: 2024-08-07 12:26
    VLAI
    Summary
    download.php in the MuddyDogPaws FileDownload snippet before 2.5 for MODx allows remote attackers to download arbitrary files, as demonstrated by downloading config.inc.php to obtain database credentials.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.vupen.com/english/advisories/2007/0426 vdb-entryx_refsource_VUPEN
    http://secunia.com/advisories/23953 third-party-advisoryx_refsource_SECUNIA
    http://modxcms.com/forums/index.php/topic%2C10470… x_refsource_CONFIRM
    http://www.muddydogpaws.com/Home.html x_refsource_CONFIRM
    http://www.securityfocus.com/bid/22327 vdb-entryx_refsource_BID
    Date Public
    2007-01-29 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T12:26:54.256Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "ADV-2007-0426",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2007/0426"
              },
              {
                "name": "23953",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/23953"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://modxcms.com/forums/index.php/topic%2C10470.0.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.muddydogpaws.com/Home.html"
              },
              {
                "name": "22327",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/22327"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-01-29T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "download.php in the MuddyDogPaws FileDownload snippet before 2.5 for MODx allows remote attackers to download arbitrary files, as demonstrated by downloading config.inc.php to obtain database credentials."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2009-02-26T10:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "ADV-2007-0426",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2007/0426"
            },
            {
              "name": "23953",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/23953"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://modxcms.com/forums/index.php/topic%2C10470.0.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.muddydogpaws.com/Home.html"
            },
            {
              "name": "22327",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/22327"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-0659",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "download.php in the MuddyDogPaws FileDownload snippet before 2.5 for MODx allows remote attackers to download arbitrary files, as demonstrated by downloading config.inc.php to obtain database credentials."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "ADV-2007-0426",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2007/0426"
                },
                {
                  "name": "23953",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/23953"
                },
                {
                  "name": "http://modxcms.com/forums/index.php/topic,10470.0.html",
                  "refsource": "CONFIRM",
                  "url": "http://modxcms.com/forums/index.php/topic,10470.0.html"
                },
                {
                  "name": "http://www.muddydogpaws.com/Home.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.muddydogpaws.com/Home.html"
                },
                {
                  "name": "22327",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/22327"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-0659",
        "datePublished": "2007-02-01T22:00:00.000Z",
        "dateReserved": "2007-02-01T00:00:00.000Z",
        "dateUpdated": "2024-08-07T12:26:54.256Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }