diff --git a/2023/51xxx/CVE-2023-51123.json b/2023/51xxx/CVE-2023-51123.json
index 3a709ad50e7..5c3ff0cb897 100644
--- a/2023/51xxx/CVE-2023-51123.json
+++ b/2023/51xxx/CVE-2023-51123.json
@@ -56,6 +56,11 @@
"url": "https://github.com/WhereisRain/dir-815",
"refsource": "MISC",
"name": "https://github.com/WhereisRain/dir-815"
+ },
+ {
+ "refsource": "MISC",
+ "name": "https://github.com/WhereisRain/dir-815/blob/main/README.md",
+ "url": "https://github.com/WhereisRain/dir-815/blob/main/README.md"
}
]
}
diff --git a/2024/0xxx/CVE-2024-0778.json b/2024/0xxx/CVE-2024-0778.json
index e26dd0c837a..04b6b86df32 100644
--- a/2024/0xxx/CVE-2024-0778.json
+++ b/2024/0xxx/CVE-2024-0778.json
@@ -1,17 +1,104 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-0778",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "cna@vuldb.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, has been found in Uniview ISC 2500-S up to 20210930. Affected by this issue is the function setNatConfig of the file /Interface/DevManage/VM.php. The manipulation of the argument natAddress/natPort/natServerPort leads to os command injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-251696. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced."
+ },
+ {
+ "lang": "deu",
+ "value": "** UNSUPPPORTED WHEN ASSIGNED ** Eine kritische Schwachstelle wurde in Uniview ISC 2500-S bis 20210930 entdeckt. Es geht hierbei um die Funktion setNatConfig der Datei /Interface/DevManage/VM.php. Mittels dem Manipulieren des Arguments natAddress/natPort/natServerPort mit unbekannten Daten kann eine os command injection-Schwachstelle ausgenutzt werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-78 OS Command Injection",
+ "cweId": "CWE-78"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Uniview",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "ISC 2500-S",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "20210930"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://vuldb.com/?id.251696",
+ "refsource": "MISC",
+ "name": "https://vuldb.com/?id.251696"
+ },
+ {
+ "url": "https://vuldb.com/?ctiid.251696",
+ "refsource": "MISC",
+ "name": "https://vuldb.com/?ctiid.251696"
+ },
+ {
+ "url": "https://github.com/dezhoutorizhao/cve/blob/main/rce.md",
+ "refsource": "MISC",
+ "name": "https://github.com/dezhoutorizhao/cve/blob/main/rce.md"
+ }
+ ]
+ },
+ "credits": [
+ {
+ "lang": "en",
+ "value": "h3110w0r1d (VulDB User)"
+ }
+ ],
+ "impact": {
+ "cvss": [
+ {
+ "version": "3.1",
+ "baseScore": 8,
+ "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+ "baseSeverity": "HIGH"
+ },
+ {
+ "version": "3.0",
+ "baseScore": 8,
+ "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+ "baseSeverity": "HIGH"
+ },
+ {
+ "version": "2.0",
+ "baseScore": 7.7,
+ "vectorString": "AV:A/AC:L/Au:S/C:C/I:C/A:C"
}
]
}
diff --git a/2024/0xxx/CVE-2024-0781.json b/2024/0xxx/CVE-2024-0781.json
index ca1127b7124..f85b92da8e1 100644
--- a/2024/0xxx/CVE-2024-0781.json
+++ b/2024/0xxx/CVE-2024-0781.json
@@ -1,17 +1,104 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-0781",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "cna@vuldb.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "A vulnerability, which was classified as problematic, was found in CodeAstro Internet Banking System 1.0. This affects an unknown part of the file pages_client_signup.php. The manipulation of the argument Client Full Name with the input leads to open redirect. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-251697 was assigned to this vulnerability."
+ },
+ {
+ "lang": "deu",
+ "value": "Es wurde eine problematische Schwachstelle in CodeAstro Internet Banking System 1.0 gefunden. Es geht dabei um eine nicht klar definierte Funktion der Datei pages_client_signup.php. Mittels Manipulieren des Arguments Client Full Name mit der Eingabe mit unbekannten Daten kann eine open redirect-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-601 Open Redirect",
+ "cweId": "CWE-601"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "CodeAstro",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Internet Banking System",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "1.0"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://vuldb.com/?id.251697",
+ "refsource": "MISC",
+ "name": "https://vuldb.com/?id.251697"
+ },
+ {
+ "url": "https://vuldb.com/?ctiid.251697",
+ "refsource": "MISC",
+ "name": "https://vuldb.com/?ctiid.251697"
+ },
+ {
+ "url": "https://drive.google.com/drive/folders/1f61RXqelSDY0T92aLjmb8BhgAHt_eeUS",
+ "refsource": "MISC",
+ "name": "https://drive.google.com/drive/folders/1f61RXqelSDY0T92aLjmb8BhgAHt_eeUS"
+ }
+ ]
+ },
+ "credits": [
+ {
+ "lang": "en",
+ "value": "Mohammed Aashique (VulDB User)"
+ }
+ ],
+ "impact": {
+ "cvss": [
+ {
+ "version": "3.1",
+ "baseScore": 3.5,
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
+ "baseSeverity": "LOW"
+ },
+ {
+ "version": "3.0",
+ "baseScore": 3.5,
+ "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
+ "baseSeverity": "LOW"
+ },
+ {
+ "version": "2.0",
+ "baseScore": 4,
+ "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N"
}
]
}