admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-05 18:28:42 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 03:54:39 +00:00
parent 2ed1dc9c74
commit 1a97f8f169
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
60 changed files with 4015 additions and 4015 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

130
1999/0xxx/CVE-1999-0783.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-1999-0783",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "FreeBSD allows local users to conduct a denial of service by creating a hard link from a device special file to a file on an NFS file system."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-1999-0783",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "I-057",
"refsource" : "CIAC",
"url" : "http://www.ciac.org/ciac/bulletins/i-057.shtml"
},
{
"name" : "6090",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/6090"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "FreeBSD allows local users to conduct a denial of service by creating a hard link from a device special file to a file on an NFS file system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "I-057",
"refsource": "CIAC",
"url": "http://www.ciac.org/ciac/bulletins/i-057.shtml"
},
{
"name": "6090",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/6090"
}
]
}
}

120
1999/1xxx/CVE-1999-1381.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-1999-1381",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in dbadmin CGI program 1.0.1 on Linux allows remote attackers to execute arbitrary commands."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-1999-1381",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "19981008 buffer overflow in dbadmin",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=90786656409618&w=2"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in dbadmin CGI program 1.0.1 on Linux allows remote attackers to execute arbitrary commands."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "19981008 buffer overflow in dbadmin",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=90786656409618&w=2"
}
]
}
}

150
1999/1xxx/CVE-1999-1402.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-1999-1402",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The access permissions for a UNIX domain socket are ignored in Solaris 2.x and SunOS 4.x, and other BSD-based operating systems before 4.4, which could allow local users to connect to the socket and possibly disrupt or control the operations of the program using that socket."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-1999-1402",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "19970517 UNIX domain socket (Solarisx86 2.5)",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=87602167418317&w=2"
},
{
"name" : "19971003 Solaris 2.6 and sockets",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=87602248718482&w=2"
},
{
"name" : "456",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/456"
},
{
"name" : "sun-domain-socket-permissions(7172)",
"refsource" : "XF",
"url" : "http://www.iss.net/security_center/static/7172.php"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The access permissions for a UNIX domain socket are ignored in Solaris 2.x and SunOS 4.x, and other BSD-based operating systems before 4.4, which could allow local users to connect to the socket and possibly disrupt or control the operations of the program using that socket."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "sun-domain-socket-permissions(7172)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/7172.php"
},
{
"name": "456",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/456"
},
{
"name": "19971003 Solaris 2.6 and sockets",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=87602248718482&w=2"
},
{
"name": "19970517 UNIX domain socket (Solarisx86 2.5)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=87602167418317&w=2"
}
]
}
}

140
2000/0xxx/CVE-2000-0836.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2000-0836",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in CamShot WebCam Trial2.6 allows remote attackers to execute arbitrary commands via a long Authorization header."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2000-0836",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20000915 [NEWS] Vulnerability in CamShot server (Authorization)",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2000-09/0176.html"
},
{
"name" : "1685",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/1685"
},
{
"name" : "camshot-password-bo(5246)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/5246"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in CamShot WebCam Trial2.6 allows remote attackers to execute arbitrary commands via a long Authorization header."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20000915 [NEWS] Vulnerability in CamShot server (Authorization)",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-09/0176.html"
},
{
"name": "camshot-password-bo(5246)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5246"
},
{
"name": "1685",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/1685"
}
]
}
}

150
2000/0xxx/CVE-2000-0870.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2000-0870",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in EFTP allows remote attackers to cause a denial of service via a long string."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2000-0870",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20000911[EXPL] EFTP vulnerable to two DoS attacks",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2000-09/0089.html"
},
{
"name" : "1675",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/1675"
},
{
"name" : "eftp-bo(5219)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/5219"
},
{
"name" : "1555",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/1555"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in EFTP allows remote attackers to cause a denial of service via a long string."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1555",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/1555"
},
{
"name": "1675",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/1675"
},
{
"name": "eftp-bo(5219)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5219"
},
{
"name": "20000911[EXPL] EFTP vulnerable to two DoS attacks",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-09/0089.html"
}
]
}
}

150
2000/0xxx/CVE-2000-0914.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2000-0914",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "OpenBSD 2.6 and earlier allows remote attackers to cause a denial of service by flooding the server with ARP requests."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2000-0914",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20001005 obsd_fun.c",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2000-10/0078.html"
},
{
"name" : "1759",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/1759"
},
{
"name" : "bsd-arp-request-dos(5340)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/5340"
},
{
"name" : "1592",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/1592"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OpenBSD 2.6 and earlier allows remote attackers to cause a denial of service by flooding the server with ARP requests."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1592",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/1592"
},
{
"name": "20001005 obsd_fun.c",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-10/0078.html"
},
{
"name": "bsd-arp-request-dos(5340)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5340"
},
{
"name": "1759",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/1759"
}
]
}
}

140
2000/0xxx/CVE-2000-0991.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2000-0991",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in Hilgraeve, Inc. HyperTerminal client on Windows 98, ME, and 2000 allows remote attackers to execute arbitrary commands via a long telnet URL, aka the \"HyperTerminal Buffer Overflow\" vulnerability."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2000-0991",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "MS00-079",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-079"
},
{
"name" : "1815",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/1815"
},
{
"name" : "win-hyperterminal-telnet-bo(5387)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/5387"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in Hilgraeve, Inc. HyperTerminal client on Windows 98, ME, and 2000 allows remote attackers to execute arbitrary commands via a long telnet URL, aka the \"HyperTerminal Buffer Overflow\" vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MS00-079",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-079"
},
{
"name": "1815",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/1815"
},
{
"name": "win-hyperterminal-telnet-bo(5387)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5387"
}
]
}
}

190
2005/2xxx/CVE-2005-2256.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-2256",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Encoded directory traversal vulnerability in phpPgAdmin 3.1 to 3.5.3 allows remote attackers to access arbitrary files via \"%2e%2e%2f\" (encoded dot dot) sequences in the formLanguage parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-2256",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[Dailydave] 20050704 !!! pre-authenticated remote code inclusion vulnerability inside phppgadmin !!!",
"refsource" : "MLIST",
"url" : "http://archives.neohapsis.com/archives/dailydave/2005-q3/0010.html"
},
{
"name" : "DSA-759",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2005/dsa-759"
},
{
"name" : "http://sourceforge.net/project/shownotes.php?release_id=342261",
"refsource" : "CONFIRM",
"url" : "http://sourceforge.net/project/shownotes.php?release_id=342261"
},
{
"name" : "14142",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/14142"
},
{
"name" : "1014414",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1014414"
},
{
"name" : "15941",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/15941"
},
{
"name" : "http://www.vuxml.org/freebsd/88188a8c-eff6-11d9-8310-0001020eed82.html",
"refsource" : "MISC",
"url" : "http://www.vuxml.org/freebsd/88188a8c-eff6-11d9-8310-0001020eed82.html"
},
{
"name" : "16116",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/16116"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Encoded directory traversal vulnerability in phpPgAdmin 3.1 to 3.5.3 allows remote attackers to access arbitrary files via \"%2e%2e%2f\" (encoded dot dot) sequences in the formLanguage parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-759",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-759"
},
{
"name": "[Dailydave] 20050704 !!! pre-authenticated remote code inclusion vulnerability inside phppgadmin !!!",
"refsource": "MLIST",
"url": "http://archives.neohapsis.com/archives/dailydave/2005-q3/0010.html"
},
{
"name": "http://www.vuxml.org/freebsd/88188a8c-eff6-11d9-8310-0001020eed82.html",
"refsource": "MISC",
"url": "http://www.vuxml.org/freebsd/88188a8c-eff6-11d9-8310-0001020eed82.html"
},
{
"name": "14142",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/14142"
},
{
"name": "1014414",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1014414"
},
{
"name": "16116",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/16116"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=342261",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=342261"
},
{
"name": "15941",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/15941"
}
]
}
}

210
2005/2xxx/CVE-2005-2627.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-2627",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple integer underflows in Kismet before 2005-08-R1 allow remote attackers to execute arbitrary code via (1) kernel headers in a pcap file or (2) data frame dissection, which leads to heap-based buffer overflows."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-2627",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.kismetwireless.net/blog/?entry=/kismet/entry-1124158146.txt",
"refsource" : "CONFIRM",
"url" : "http://www.kismetwireless.net/blog/?entry=/kismet/entry-1124158146.txt"
},
{
"name" : "http://www.kismetwireless.net/CHANGELOG",
"refsource" : "CONFIRM",
"url" : "http://www.kismetwireless.net/CHANGELOG"
},
{
"name" : "DSA-788",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2005/dsa-788"
},
{
"name" : "GLSA-200508-10",
"refsource" : "GENTOO",
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200508-10.xml"
},
{
"name" : "SUSE-SR:2005:020",
"refsource" : "SUSE",
"url" : "http://www.novell.com/linux/security/advisories/2005_20_sr.html"
},
{
"name" : "14430",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/14430"
},
{
"name" : "ADV-2005-1422",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2005/1422"
},
{
"name" : "16447",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/16447"
},
{
"name" : "16477",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/16477"
},
{
"name" : "16634",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/16634"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple integer underflows in Kismet before 2005-08-R1 allow remote attackers to execute arbitrary code via (1) kernel headers in a pcap file or (2) data frame dissection, which leads to heap-based buffer overflows."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-200508-10",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200508-10.xml"
},
{
"name": "DSA-788",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-788"
},
{
"name": "SUSE-SR:2005:020",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2005_20_sr.html"
},
{
"name": "16634",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/16634"
},
{
"name": "16477",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/16477"
},
{
"name": "ADV-2005-1422",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/1422"
},
{
"name": "16447",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/16447"
},
{
"name": "http://www.kismetwireless.net/CHANGELOG",
"refsource": "CONFIRM",
"url": "http://www.kismetwireless.net/CHANGELOG"
},
{
"name": "http://www.kismetwireless.net/blog/?entry=/kismet/entry-1124158146.txt",
"refsource": "CONFIRM",
"url": "http://www.kismetwireless.net/blog/?entry=/kismet/entry-1124158146.txt"
},
{
"name": "14430",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/14430"
}
]
}
}

150
2005/2xxx/CVE-2005-2643.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-2643",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Tor 0.1.0.13 and earlier, and experimental versions 0.1.1.4-alpha and earlier, does not reject certain weak keys when using ephemeral Diffie-Hellman (DH) handshakes, which allows malicious Tor servers to obtain the keys that a client uses for other systems in the circuit."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-2643",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[or-announce] 20050811 Tor security advisory: DH handshake flaw",
"refsource" : "MLIST",
"url" : "http://archives.seul.org/or/announce/Aug-2005/msg00002.html"
},
{
"name" : "20050819 Fwd: Tor security advisory: DH handshake flaw",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=112448002732443&w=2"
},
{
"name" : "1014739",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1014739"
},
{
"name" : "16424",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/16424"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Tor 0.1.0.13 and earlier, and experimental versions 0.1.1.4-alpha and earlier, does not reject certain weak keys when using ephemeral Diffie-Hellman (DH) handshakes, which allows malicious Tor servers to obtain the keys that a client uses for other systems in the circuit."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "16424",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/16424"
},
{
"name": "[or-announce] 20050811 Tor security advisory: DH handshake flaw",
"refsource": "MLIST",
"url": "http://archives.seul.org/or/announce/Aug-2005/msg00002.html"
},
{
"name": "20050819 Fwd: Tor security advisory: DH handshake flaw",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=112448002732443&w=2"
},
{
"name": "1014739",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1014739"
}
]
}
}

120
2005/2xxx/CVE-2005-2731.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-2731",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in Astaro Security Linux 6.0, when using Webmin, allows remote authenticated webmin users to read arbitrary files via a .. (dot dot) in the wfe_download parameter to index.fpl."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-2731",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20050825 Astaro Security Linux 6.0 - HTTP CONNECT Access Localhost Weakness",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=112501186602731&w=2"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in Astaro Security Linux 6.0, when using Webmin, allows remote authenticated webmin users to read arbitrary files via a .. (dot dot) in the wfe_download parameter to index.fpl."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20050825 Astaro Security Linux 6.0 - HTTP CONNECT Access Localhost Weakness",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=112501186602731&w=2"
}
]
}
}

130
2005/2xxx/CVE-2005-2916.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-2916",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Linksys WRT54G 3.01.03, 3.03.6, 4.00.7, and possibly other versions before 4.20.7, does not verify user authentication until after an HTTP POST request has been processed, which allows remote attackers to (1) modify configuration using restore.cgi or (2) upload new firmware using upgrade.cgi."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-2916",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20050913 Linksys WRT54G 'restore.cgi' Configuration Modification Design Error Vulnerability",
"refsource" : "IDEFENSE",
"url" : "http://www.idefense.com/application/poi/display?id=306&type=vulnerabilities"
},
{
"name" : "20050913 Linksys WRT54G 'upgrade.cgi' Firmware Upload Design Error Vulnerability",
"refsource" : "IDEFENSE",
"url" : "http://www.idefense.com/application/poi/display?id=307&type=vulnerabilities"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Linksys WRT54G 3.01.03, 3.03.6, 4.00.7, and possibly other versions before 4.20.7, does not verify user authentication until after an HTTP POST request has been processed, which allows remote attackers to (1) modify configuration using restore.cgi or (2) upload new firmware using upgrade.cgi."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20050913 Linksys WRT54G 'restore.cgi' Configuration Modification Design Error Vulnerability",
"refsource": "IDEFENSE",
"url": "http://www.idefense.com/application/poi/display?id=306&type=vulnerabilities"
},
{
"name": "20050913 Linksys WRT54G 'upgrade.cgi' Firmware Upload Design Error Vulnerability",
"refsource": "IDEFENSE",
"url": "http://www.idefense.com/application/poi/display?id=307&type=vulnerabilities"
}
]
}
}

130
2005/3xxx/CVE-2005-3231.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-3231",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple interpretation error in unspecified versions of CAT Quick Heal allows remote attackers to bypass virus detection via a malicious executable in a specially crafted RAR file with malformed central and local headers, which can still be opened by products such as Winrar and PowerZip, even though they are rejected as corrupted by Winzip and BitZipper."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3231",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20051007 Antivirus detection bypass by special crafted archive.",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=112879611919750&w=2"
},
{
"name" : "http://shadock.net/secubox/AVCraftedArchive.html",
"refsource" : "MISC",
"url" : "http://shadock.net/secubox/AVCraftedArchive.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple interpretation error in unspecified versions of CAT Quick Heal allows remote attackers to bypass virus detection via a malicious executable in a specially crafted RAR file with malformed central and local headers, which can still be opened by products such as Winrar and PowerZip, even though they are rejected as corrupted by Winzip and BitZipper."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://shadock.net/secubox/AVCraftedArchive.html",
"refsource": "MISC",
"url": "http://shadock.net/secubox/AVCraftedArchive.html"
},
{
"name": "20051007 Antivirus detection bypass by special crafted archive.",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=112879611919750&w=2"
}
]
}
}

170
2005/3xxx/CVE-2005-3413.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-3413",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in desktop.php in eyeOS 0.8.4 allows remote attackers to inject arbitrary web script or HTML via the motd parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3413",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.thebillygoatcurse.com/advisories/eyeOS_0.8.4_Multiple.pdf",
"refsource" : "MISC",
"url" : "http://www.thebillygoatcurse.com/advisories/eyeOS_0.8.4_Multiple.pdf"
},
{
"name" : "15255",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/15255"
},
{
"name" : "ADV-2005-2259",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2005/2259"
},
{
"name" : "20410",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/20410"
},
{
"name" : "17105",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17105"
},
{
"name" : "eyeos-desktop-xss(22936)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/22936"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in desktop.php in eyeOS 0.8.4 allows remote attackers to inject arbitrary web script or HTML via the motd parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "eyeos-desktop-xss(22936)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22936"
},
{
"name": "20410",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/20410"
},
{
"name": "15255",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15255"
},
{
"name": "http://www.thebillygoatcurse.com/advisories/eyeOS_0.8.4_Multiple.pdf",
"refsource": "MISC",
"url": "http://www.thebillygoatcurse.com/advisories/eyeOS_0.8.4_Multiple.pdf"
},
{
"name": "17105",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17105"
},
{
"name": "ADV-2005-2259",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2259"
}
]
}
}

140
2005/3xxx/CVE-2005-3512.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-3512",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in index.php in VUBB alpha rc1 allows remote attackers to inject arbitrary web script or HTML via the t parameter in a newreply action."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3512",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20051101 VUBB XSS & path disclosure Vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=113087965608496&w=2"
},
{
"name" : "http://irannetjob.com/content/view/152/28/",
"refsource" : "MISC",
"url" : "http://irannetjob.com/content/view/152/28/"
},
{
"name" : "15260",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/15260/"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in index.php in VUBB alpha rc1 allows remote attackers to inject arbitrary web script or HTML via the t parameter in a newreply action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20051101 VUBB XSS & path disclosure Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=113087965608496&w=2"
},
{
"name": "15260",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15260/"
},
{
"name": "http://irannetjob.com/content/view/152/28/",
"refsource": "MISC",
"url": "http://irannetjob.com/content/view/152/28/"
}
]
}
}

190
2005/3xxx/CVE-2005-3518.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-3518",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in search.php in PunBB 1.2.7 and 1.2.8 allows remote attackers to execute arbitrary SQL commands via the old_searches parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3518",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20051014 [KAPDA::#6] Punbb SQL Injection Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=112939699128430&w=2"
},
{
"name" : "http://www.kapda.ir/advisory-91.html",
"refsource" : "MISC",
"url" : "http://www.kapda.ir/advisory-91.html"
},
{
"name" : "http://www.punbb.org/changelogs/1.2.8_to_1.2.9.txt",
"refsource" : "CONFIRM",
"url" : "http://www.punbb.org/changelogs/1.2.8_to_1.2.9.txt"
},
{
"name" : "15114",
"refsource" : "BID",
"url" : "http://www.securityfocus.net/bid/15114/"
},
{
"name" : "20018",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/20018"
},
{
"name" : "17227",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17227/"
},
{
"name" : "87",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/87"
},
{
"name" : "punbb-oldsearches-sql-injection(22760)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/22760"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in search.php in PunBB 1.2.7 and 1.2.8 allows remote attackers to execute arbitrary SQL commands via the old_searches parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.punbb.org/changelogs/1.2.8_to_1.2.9.txt",
"refsource": "CONFIRM",
"url": "http://www.punbb.org/changelogs/1.2.8_to_1.2.9.txt"
},
{
"name": "20051014 [KAPDA::#6] Punbb SQL Injection Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=112939699128430&w=2"
},
{
"name": "17227",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17227/"
},
{
"name": "http://www.kapda.ir/advisory-91.html",
"refsource": "MISC",
"url": "http://www.kapda.ir/advisory-91.html"
},
{
"name": "20018",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/20018"
},
{
"name": "15114",
"refsource": "BID",
"url": "http://www.securityfocus.net/bid/15114/"
},
{
"name": "punbb-oldsearches-sql-injection(22760)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22760"
},
{
"name": "87",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/87"
}
]
}
}

34
2005/3xxx/CVE-2005-3609.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-3609",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3609",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

150
2005/3xxx/CVE-2005-3731.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-3731",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in yaSSL before 1.0.6 has unknown impact and attack vectors, related to \"certificate chain processing.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3731",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://yassl.com/release.html",
"refsource" : "CONFIRM",
"url" : "http://yassl.com/release.html"
},
{
"name" : "15487",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/15487"
},
{
"name" : "20831",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/20831"
},
{
"name" : "17619",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17619"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in yaSSL before 1.0.6 has unknown impact and attack vectors, related to \"certificate chain processing.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://yassl.com/release.html",
"refsource": "CONFIRM",
"url": "http://yassl.com/release.html"
},
{
"name": "17619",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17619"
},
{
"name": "15487",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15487"
},
{
"name": "20831",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/20831"
}
]
}
}

170
2005/4xxx/CVE-2005-4006.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-4006",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SAPID CMS before 1.2.3.03 allows remote attackers to bypass authentication via direct requests to the usr/system files (1) insert_file.php, (2) insert_image.php, (3) insert_link.php, (4) insert_qcfile.php, and (5) edit.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4006",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://sapid-club.com/en/viewtopic.php?p=586#586",
"refsource" : "CONFIRM",
"url" : "http://sapid-club.com/en/viewtopic.php?p=586#586"
},
{
"name" : "http://sourceforge.net/project/shownotes.php?release_id=375289&group_id=118100",
"refsource" : "CONFIRM",
"url" : "http://sourceforge.net/project/shownotes.php?release_id=375289&group_id=118100"
},
{
"name" : "15689",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/15689"
},
{
"name" : "ADV-2005-2703",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2005/2703"
},
{
"name" : "21389",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/21389"
},
{
"name" : "17859",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17859"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SAPID CMS before 1.2.3.03 allows remote attackers to bypass authentication via direct requests to the usr/system files (1) insert_file.php, (2) insert_image.php, (3) insert_link.php, (4) insert_qcfile.php, and (5) edit.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=375289&group_id=118100",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=375289&group_id=118100"
},
{
"name": "ADV-2005-2703",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2703"
},
{
"name": "21389",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/21389"
},
{
"name": "http://sapid-club.com/en/viewtopic.php?p=586#586",
"refsource": "CONFIRM",
"url": "http://sapid-club.com/en/viewtopic.php?p=586#586"
},
{
"name": "15689",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15689"
},
{
"name": "17859",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17859"
}
]
}
}

140
2005/4xxx/CVE-2005-4326.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-4326",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The web interface for American Power Conversion (APC) PowerChute Network Shutdown performs all communication in cleartext (base64-encoded), which allows remote attackers to sniff authentication credentials."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4326",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://nam-en.apc.com/cgi-bin/nam_en.cfg/php/enduser/std_adp.php?p_faqid=7330",
"refsource" : "CONFIRM",
"url" : "http://nam-en.apc.com/cgi-bin/nam_en.cfg/php/enduser/std_adp.php?p_faqid=7330"
},
{
"name" : "1015250",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/alerts/2005/Nov/1015250.html"
},
{
"name" : "powerchute-web-weak-security(23183)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/23183"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The web interface for American Power Conversion (APC) PowerChute Network Shutdown performs all communication in cleartext (base64-encoded), which allows remote attackers to sniff authentication credentials."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1015250",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/alerts/2005/Nov/1015250.html"
},
{
"name": "http://nam-en.apc.com/cgi-bin/nam_en.cfg/php/enduser/std_adp.php?p_faqid=7330",
"refsource": "CONFIRM",
"url": "http://nam-en.apc.com/cgi-bin/nam_en.cfg/php/enduser/std_adp.php?p_faqid=7330"
},
{
"name": "powerchute-web-weak-security(23183)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23183"
}
]
}
}

150
2005/4xxx/CVE-2005-4434.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-4434",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in AbleDesign ReSearch 2.x allows remote attackers to inject arbitrary web script or HTML via unknown vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4434",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "15988",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/15988"
},
{
"name" : "21986",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/21986"
},
{
"name" : "18122",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18122"
},
{
"name" : "abledesign-research-xss(23830)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/23830"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in AbleDesign ReSearch 2.x allows remote attackers to inject arbitrary web script or HTML via unknown vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "18122",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18122"
},
{
"name": "abledesign-research-xss(23830)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23830"
},
{
"name": "15988",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15988"
},
{
"name": "21986",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/21986"
}
]
}
}

150
2005/4xxx/CVE-2005-4435.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-4435",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in index.php AbleDesign D-Man 3.x allows remote attackers to inject arbitrary web script or HTML via the title parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4435",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "15993",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/15993"
},
{
"name" : "21984",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/21984"
},
{
"name" : "18074",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18074"
},
{
"name" : "dman-index-script-xss(23833)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/23833"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in index.php AbleDesign D-Man 3.x allows remote attackers to inject arbitrary web script or HTML via the title parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "21984",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/21984"
},
{
"name": "15993",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15993"
},
{
"name": "18074",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18074"
},
{
"name": "dman-index-script-xss(23833)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23833"
}
]
}
}

160
2005/4xxx/CVE-2005-4805.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-4805",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Sun Java System Application Server 7 Standard and Platform Edition 6 and earlier, and 2004Q2 Standard and Platform Edition Update 2 and earlier, allows remote attackers to obtain the source code for Java Server pages (JSP) via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4805",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "101910",
"refsource" : "SUNALERT",
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101910-1"
},
{
"name" : "15084",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/15084"
},
{
"name" : "19950",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/19950"
},
{
"name" : "1015047",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1015047"
},
{
"name" : "17164",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17164"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Sun Java System Application Server 7 Standard and Platform Edition 6 and earlier, and 2004Q2 Standard and Platform Edition Update 2 and earlier, allows remote attackers to obtain the source code for Java Server pages (JSP) via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "17164",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17164"
},
{
"name": "15084",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15084"
},
{
"name": "1015047",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015047"
},
{
"name": "19950",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/19950"
},
{
"name": "101910",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101910-1"
}
]
}
}

120
2009/2xxx/CVE-2009-2262.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-2262",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in install/di.php in AjaxPortal 3.0 allows remote attackers to execute arbitrary PHP code via a URL in the pathtoserverdata parameter. NOTE: the installation instructions specify deleting the install/ folder."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-2262",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20090629 AjaxPortal v3.0 Remote File Inclusion Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/504618/100/0/threaded"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in install/di.php in AjaxPortal 3.0 allows remote attackers to execute arbitrary PHP code via a URL in the pathtoserverdata parameter. NOTE: the installation instructions specify deleting the install/ folder."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20090629 AjaxPortal v3.0 Remote File Inclusion Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/504618/100/0/threaded"
}
]
}
}

140
2009/2xxx/CVE-2009-2359.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-2359",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in TekRADIUS 3.0 allow context-dependent attackers to execute arbitrary SQL commands via (1) the GUI client, as demonstrated by input to the Browse Users text box in the Users tab; or (2) the command-line client, as demonstrated by a certain trcli -r command."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-2359",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20090706 Medium security hole in TekRADIUS",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/504740/100/0/threaded"
},
{
"name" : "http://www.nth-dimension.org.uk/utils/get.php?downloadsid=56",
"refsource" : "MISC",
"url" : "http://www.nth-dimension.org.uk/utils/get.php?downloadsid=56"
},
{
"name" : "ADV-2009-1816",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/1816"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in TekRADIUS 3.0 allow context-dependent attackers to execute arbitrary SQL commands via (1) the GUI client, as demonstrated by input to the Browse Users text box in the Users tab; or (2) the command-line client, as demonstrated by a certain trcli -r command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2009-1816",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1816"
},
{
"name": "20090706 Medium security hole in TekRADIUS",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/504740/100/0/threaded"
},
{
"name": "http://www.nth-dimension.org.uk/utils/get.php?downloadsid=56",
"refsource": "MISC",
"url": "http://www.nth-dimension.org.uk/utils/get.php?downloadsid=56"
}
]
}
}

140
2009/2xxx/CVE-2009-2440.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-2440",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in index.php in JNM Guestbook 3.0 allows remote attackers to inject arbitrary web script or HTML via the page parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-2440",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://packetstormsecurity.org/0907-exploits/jnm-xss.txt",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.org/0907-exploits/jnm-xss.txt"
},
{
"name" : "35760",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35760"
},
{
"name" : "ADV-2009-1831",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/1831"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in index.php in JNM Guestbook 3.0 allows remote attackers to inject arbitrary web script or HTML via the page parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2009-1831",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1831"
},
{
"name": "35760",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35760"
},
{
"name": "http://packetstormsecurity.org/0907-exploits/jnm-xss.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/0907-exploits/jnm-xss.txt"
}
]
}
}

150
2009/2xxx/CVE-2009-2605.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-2605",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in adminquery.php in Traidnt Up 2.0 allow remote attackers to execute arbitrary SQL commands via (1) trupuser and (2) truppassword cookies to uploadcp/index.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-2605",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "8831",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/8831"
},
{
"name" : "54809",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/54809"
},
{
"name" : "35273",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35273"
},
{
"name" : "traidntup-index-sql-injection(50866)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/50866"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in adminquery.php in Traidnt Up 2.0 allow remote attackers to execute arbitrary SQL commands via (1) trupuser and (2) truppassword cookies to uploadcp/index.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "35273",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35273"
},
{
"name": "8831",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/8831"
},
{
"name": "traidntup-index-sql-injection(50866)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50866"
},
{
"name": "54809",
"refsource": "OSVDB",
"url": "http://osvdb.org/54809"
}
]
}
}

120
2009/2xxx/CVE-2009-2611.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-2611",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in infusions/last_seen_users_panel/last_seen_users_panel.php in MyFusion (aka MyF) 6 Beta, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the settings[locale] parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-2611",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "9018",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/9018"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in infusions/last_seen_users_panel/last_seen_users_panel.php in MyFusion (aka MyF) 6 Beta, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the settings[locale] parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "9018",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/9018"
}
]
}
}

150
2009/3xxx/CVE-2009-3018.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-3018",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Maxthon Browser 3.0.0.145 Alpha with Ultramode does not properly block javascript: and data: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Refresh header that contains a javascript: URI, (2) entering a javascript: URI when specifying the content of a Refresh header, (3) injecting a Refresh header that contains JavaScript sequences in a data:text/html URI, or (4) entering a data:text/html URI with JavaScript sequences when specifying the content of a Refresh header; does not properly block data: URIs in Location headers in HTTP responses, which allows user-assisted remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (5) injecting a Location header that contains JavaScript sequences in a data:text/html URI or (6) entering a data:text/html URI with JavaScript sequences when specifying the content of a Location header; and does not properly handle javascript: URIs in HTML links within (a) 301 and (b) 302 error documents sent from web servers, which allows user-assisted remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (7) injecting a Location HTTP response header or (8) specifying the content of a Location HTTP response header."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-3018",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20090828 Cross-Site Scripting vulnerability in Mozilla, Firefox, SeaMonkey, Orca Browser and Maxthon",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/506163/100/0/threaded"
},
{
"name" : "http://websecurity.com.ua/3386/",
"refsource" : "MISC",
"url" : "http://websecurity.com.ua/3386/"
},
{
"name" : "oval:org.mitre.oval:def:6524",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6524"
},
{
"name" : "maxthon-browser-javascript-xss(53001)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/53001"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Maxthon Browser 3.0.0.145 Alpha with Ultramode does not properly block javascript: and data: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Refresh header that contains a javascript: URI, (2) entering a javascript: URI when specifying the content of a Refresh header, (3) injecting a Refresh header that contains JavaScript sequences in a data:text/html URI, or (4) entering a data:text/html URI with JavaScript sequences when specifying the content of a Refresh header; does not properly block data: URIs in Location headers in HTTP responses, which allows user-assisted remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (5) injecting a Location header that contains JavaScript sequences in a data:text/html URI or (6) entering a data:text/html URI with JavaScript sequences when specifying the content of a Location header; and does not properly handle javascript: URIs in HTML links within (a) 301 and (b) 302 error documents sent from web servers, which allows user-assisted remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (7) injecting a Location HTTP response header or (8) specifying the content of a Location HTTP response header."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://websecurity.com.ua/3386/",
"refsource": "MISC",
"url": "http://websecurity.com.ua/3386/"
},
{
"name": "oval:org.mitre.oval:def:6524",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6524"
},
{
"name": "maxthon-browser-javascript-xss(53001)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53001"
},
{
"name": "20090828 Cross-Site Scripting vulnerability in Mozilla, Firefox, SeaMonkey, Orca Browser and Maxthon",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/506163/100/0/threaded"
}
]
}
}

150
2009/3xxx/CVE-2009-3709.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-3709",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in the Meta Content Optimizer in Konae Technologies Alleycode HTML Editor 2.21 allows user-assisted remote attackers to execute arbitrary code via a long value in a TITLE tag."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-3709",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20091005 AlleyCode SEH overflow POC‏‏",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/506987/100/0/threaded"
},
{
"name" : "http://packetstormsecurity.org/0910-exploits/alleycode-overflow.txt",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.org/0910-exploits/alleycode-overflow.txt"
},
{
"name" : "58649",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/58649"
},
{
"name" : "36940",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/36940"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the Meta Content Optimizer in Konae Technologies Alleycode HTML Editor 2.21 allows user-assisted remote attackers to execute arbitrary code via a long value in a TITLE tag."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.org/0910-exploits/alleycode-overflow.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/0910-exploits/alleycode-overflow.txt"
},
{
"name": "58649",
"refsource": "OSVDB",
"url": "http://osvdb.org/58649"
},
{
"name": "36940",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36940"
},
{
"name": "20091005 AlleyCode SEH overflow POC‏‏",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/506987/100/0/threaded"
}
]
}
}

190
2009/3xxx/CVE-2009-3859.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-3859",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in eEye Retina WiFi Scanner 1.0.8.68, as used in Retina Network Security Scanner 5.10.14, allows user-assisted remote attackers to cause a denial of service (application crash) or execute arbitrary code via a .rws file with a long RWS010 entry."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-3859",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "AD20090710",
"refsource" : "EEYE",
"url" : "http://research.eeye.com/html/advisories/published/AD20090710.html"
},
{
"name" : "9114",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/9114"
},
{
"name" : "35624",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/35624"
},
{
"name" : "55744",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/55744"
},
{
"name" : "1022534",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1022534"
},
{
"name" : "35786",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35786"
},
{
"name" : "ADV-2009-1862",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/1862"
},
{
"name" : "retinawifiscanner-rws-bo(51625)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/51625"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in eEye Retina WiFi Scanner 1.0.8.68, as used in Retina Network Security Scanner 5.10.14, allows user-assisted remote attackers to cause a denial of service (application crash) or execute arbitrary code via a .rws file with a long RWS010 entry."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "retinawifiscanner-rws-bo(51625)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51625"
},
{
"name": "9114",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/9114"
},
{
"name": "ADV-2009-1862",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1862"
},
{
"name": "55744",
"refsource": "OSVDB",
"url": "http://osvdb.org/55744"
},
{
"name": "35786",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35786"
},
{
"name": "35624",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35624"
},
{
"name": "AD20090710",
"refsource": "EEYE",
"url": "http://research.eeye.com/html/advisories/published/AD20090710.html"
},
{
"name": "1022534",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1022534"
}
]
}
}

130
2009/3xxx/CVE-2009-3952.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-3952",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in Adobe Illustrator CS3 13.0.3 and earlier and Illustrator CS4 14.0.0 allows attackers to execute arbitrary code via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2009-3952",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.adobe.com/support/security/bulletins/apsb10-01.html",
"refsource" : "CONFIRM",
"url" : "http://www.adobe.com/support/security/bulletins/apsb10-01.html"
},
{
"name" : "37666",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/37666"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in Adobe Illustrator CS3 13.0.3 and earlier and Illustrator CS4 14.0.0 allows attackers to execute arbitrary code via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.adobe.com/support/security/bulletins/apsb10-01.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb10-01.html"
},
{
"name": "37666",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37666"
}
]
}
}

140
2015/0xxx/CVE-2015-0175.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-0175",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM WebSphere Application Server (WAS) 8.5 Liberty Profile before 8.5.5.5 does not properly implement authData elements, which allows remote authenticated users to gain privileges via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2015-0175",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21697368",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21697368"
},
{
"name" : "PI33008",
"refsource" : "AIXAPAR",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1PI33008"
},
{
"name" : "1032190",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1032190"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM WebSphere Application Server (WAS) 8.5 Liberty Profile before 8.5.5.5 does not properly implement authData elements, which allows remote authenticated users to gain privileges via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "PI33008",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI33008"
},
{
"name": "1032190",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032190"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21697368",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21697368"
}
]
}
}

150
2015/0xxx/CVE-2015-0203.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-0203",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The qpidd broker in Apache Qpid 0.30 and earlier allows remote authenticated users to cause a denial of service (daemon crash) via an AMQP message with (1) an invalid range in a sequence set, (2) content-bearing methods other than message-transfer, or (3) a session-gap control before a corresponding session-attach."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-0203",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://packetstormsecurity.com/files/129941/Apache-Qpid-0.30-Denial-Of-Service.html",
"refsource" : "MISC",
"url" : "https://packetstormsecurity.com/files/129941/Apache-Qpid-0.30-Denial-Of-Service.html"
},
{
"name" : "https://issues.apache.org/jira/browse/QPID-6310",
"refsource" : "CONFIRM",
"url" : "https://issues.apache.org/jira/browse/QPID-6310"
},
{
"name" : "RHBA-2016:1500",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHBA-2016:1500"
},
{
"name" : "72030",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/72030"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The qpidd broker in Apache Qpid 0.30 and earlier allows remote authenticated users to cause a denial of service (daemon crash) via an AMQP message with (1) an invalid range in a sequence set, (2) content-bearing methods other than message-transfer, or (3) a session-gap control before a corresponding session-attach."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHBA-2016:1500",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHBA-2016:1500"
},
{
"name": "https://issues.apache.org/jira/browse/QPID-6310",
"refsource": "CONFIRM",
"url": "https://issues.apache.org/jira/browse/QPID-6310"
},
{
"name": "https://packetstormsecurity.com/files/129941/Apache-Qpid-0.30-Denial-Of-Service.html",
"refsource": "MISC",
"url": "https://packetstormsecurity.com/files/129941/Apache-Qpid-0.30-Denial-Of-Service.html"
},
{
"name": "72030",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/72030"
}
]
}
}

130
2015/0xxx/CVE-2015-0684.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-0684",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in the Image Management component in Cisco Unified Communications Domain Manager 8.1(4) allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCuq52515."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2015-0684",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20150331 Cisco Unified Communications Domain Manager Application Software SQL Injection Vulnerability",
"refsource" : "CISCO",
"url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=38114"
},
{
"name" : "1032001",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1032001"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the Image Management component in Cisco Unified Communications Domain Manager 8.1(4) allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCuq52515."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1032001",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032001"
},
{
"name": "20150331 Cisco Unified Communications Domain Manager Application Software SQL Injection Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=38114"
}
]
}
}

140
2015/0xxx/CVE-2015-0911.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-0911",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in TAGAWA Takao TransmitMail 1.0.11 through 1.5.8 allows remote attackers to read arbitrary files via vectors related to attachment handling."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2015-0911",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://dounokouno.com/2015/04/20/transmitmail-%E3%81%AE%E8%84%86%E5%BC%B1%E6%80%A7%E3%81%AB%E3%81%A4%E3%81%84%E3%81%A6/",
"refsource" : "CONFIRM",
"url" : "http://dounokouno.com/2015/04/20/transmitmail-%E3%81%AE%E8%84%86%E5%BC%B1%E6%80%A7%E3%81%AB%E3%81%A4%E3%81%84%E3%81%A6/"
},
{
"name" : "JVN#41653647",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN41653647/index.html"
},
{
"name" : "JVNDB-2015-000055",
"refsource" : "JVNDB",
"url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000055"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in TAGAWA Takao TransmitMail 1.0.11 through 1.5.8 allows remote attackers to read arbitrary files via vectors related to attachment handling."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVNDB-2015-000055",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000055"
},
{
"name": "JVN#41653647",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN41653647/index.html"
},
{
"name": "http://dounokouno.com/2015/04/20/transmitmail-%E3%81%AE%E8%84%86%E5%BC%B1%E6%80%A7%E3%81%AB%E3%81%A4%E3%81%84%E3%81%A6/",
"refsource": "CONFIRM",
"url": "http://dounokouno.com/2015/04/20/transmitmail-%E3%81%AE%E8%84%86%E5%BC%B1%E6%80%A7%E3%81%AB%E3%81%A4%E3%81%84%E3%81%A6/"
}
]
}
}

120
2015/0xxx/CVE-2015-0926.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-0926",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Labtech before 100.237 on Linux uses world-writable permissions for root-executed scripts, which allows local users to gain privileges by modifying a script file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2015-0926",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "VU#637068",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/637068"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Labtech before 100.237 on Linux uses world-writable permissions for root-executed scripts, which allows local users to gain privileges by modifying a script file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#637068",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/637068"
}
]
}
}

140
2015/1xxx/CVE-2015-1307.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-1307",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "plasma-workspace before 5.1.95 allows remote attackers to obtain passwords via a Trojan horse Look and Feel package."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-1307",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20150122 Re: KDE Plasma vulnerabilities: need CVE",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2015/01/22/6"
},
{
"name" : "https://www.kde.org/info/security/advisory-20150122-1.txt",
"refsource" : "CONFIRM",
"url" : "https://www.kde.org/info/security/advisory-20150122-1.txt"
},
{
"name" : "72285",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/72285"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "plasma-workspace before 5.1.95 allows remote attackers to obtain passwords via a Trojan horse Look and Feel package."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.kde.org/info/security/advisory-20150122-1.txt",
"refsource": "CONFIRM",
"url": "https://www.kde.org/info/security/advisory-20150122-1.txt"
},
{
"name": "72285",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/72285"
},
{
"name": "[oss-security] 20150122 Re: KDE Plasma vulnerabilities: need CVE",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/01/22/6"
}
]
}
}

190
2015/1xxx/CVE-2015-1442.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-1442",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in views/zero_transact_user.php in the administrative backend in ZeroCMS 1.3.3, 1.3.2, and earlier allows remote authenticated users to execute arbitrary SQL commands via the user_id parameter in a Modify Account action. NOTE: The article_id parameter to zero_view_article.php vector is already covered by CVE-2014-4034."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-1442",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20150201 SQL injection vulnerabilities in zerocms <= v.1.3.3",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2015/Feb/4"
},
{
"name" : "[oss-security] 20150201 CVE-Request -- Zerocms <= v. 1.3.3 -- SQL injection vulnerabilities",
"refsource" : "MLIST",
"url" : "http://seclists.org/oss-sec/2015/q1/379"
},
{
"name" : "[oss-security] 20150201 Re: CVE-Request -- Zerocms <= v. 1.3.3 -- SQL injection vulnerabilities",
"refsource" : "MLIST",
"url" : "http://seclists.org/oss-sec/2015/q1/380"
},
{
"name" : "http://packetstormsecurity.com/files/130192/ZeroCMS-1.3.3-SQL-Injection.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/130192/ZeroCMS-1.3.3-SQL-Injection.html"
},
{
"name" : "http://sroesemann.blogspot.de/2015/01/report-for-advisory-sroeadv-2015-14.html",
"refsource" : "MISC",
"url" : "http://sroesemann.blogspot.de/2015/01/report-for-advisory-sroeadv-2015-14.html"
},
{
"name" : "http://sroesemann.blogspot.de/2015/01/sroeadv-2015-13.html",
"refsource" : "MISC",
"url" : "http://sroesemann.blogspot.de/2015/01/sroeadv-2015-13.html"
},
{
"name" : "http://sroesemann.blogspot.de/2015/02/addition-for-advisory-sroeadv-2015-14.html",
"refsource" : "MISC",
"url" : "http://sroesemann.blogspot.de/2015/02/addition-for-advisory-sroeadv-2015-14.html"
},
{
"name" : "72398",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/72398"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in views/zero_transact_user.php in the administrative backend in ZeroCMS 1.3.3, 1.3.2, and earlier allows remote authenticated users to execute arbitrary SQL commands via the user_id parameter in a Modify Account action. NOTE: The article_id parameter to zero_view_article.php vector is already covered by CVE-2014-4034."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/130192/ZeroCMS-1.3.3-SQL-Injection.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/130192/ZeroCMS-1.3.3-SQL-Injection.html"
},
{
"name": "[oss-security] 20150201 CVE-Request -- Zerocms <= v. 1.3.3 -- SQL injection vulnerabilities",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2015/q1/379"
},
{
"name": "http://sroesemann.blogspot.de/2015/01/report-for-advisory-sroeadv-2015-14.html",
"refsource": "MISC",
"url": "http://sroesemann.blogspot.de/2015/01/report-for-advisory-sroeadv-2015-14.html"
},
{
"name": "http://sroesemann.blogspot.de/2015/01/sroeadv-2015-13.html",
"refsource": "MISC",
"url": "http://sroesemann.blogspot.de/2015/01/sroeadv-2015-13.html"
},
{
"name": "[oss-security] 20150201 Re: CVE-Request -- Zerocms <= v. 1.3.3 -- SQL injection vulnerabilities",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2015/q1/380"
},
{
"name": "20150201 SQL injection vulnerabilities in zerocms <= v.1.3.3",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2015/Feb/4"
},
{
"name": "http://sroesemann.blogspot.de/2015/02/addition-for-advisory-sroeadv-2015-14.html",
"refsource": "MISC",
"url": "http://sroesemann.blogspot.de/2015/02/addition-for-advisory-sroeadv-2015-14.html"
},
{
"name": "72398",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/72398"
}
]
}
}

160
2015/1xxx/CVE-2015-1473.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-1473",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The ADDW macro in stdio-common/vfscanf.c in the GNU C Library (aka glibc or libc6) before 2.21 does not properly consider data-type size during a risk-management decision for use of the alloca function, which might allow context-dependent attackers to cause a denial of service (segmentation violation) or overwrite memory locations beyond the stack boundary via a long line containing wide characters that are improperly handled in a wscanf call."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-1473",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20150203 Re: CVE request: heap buffer overflow in glibc swscanf",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2015/02/04/1"
},
{
"name" : "https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commit;h=5bd80bfe9ca0d955bfbbc002781bc7b01b6bcb06",
"refsource" : "CONFIRM",
"url" : "https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commit;h=5bd80bfe9ca0d955bfbbc002781bc7b01b6bcb06"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"name" : "USN-2519-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2519-1"
},
{
"name" : "72499",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/72499"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The ADDW macro in stdio-common/vfscanf.c in the GNU C Library (aka glibc or libc6) before 2.21 does not properly consider data-type size during a risk-management decision for use of the alloca function, which might allow context-dependent attackers to cause a denial of service (segmentation violation) or overwrite memory locations beyond the stack boundary via a long line containing wide characters that are improperly handled in a wscanf call."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"name": "USN-2519-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2519-1"
},
{
"name": "https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commit;h=5bd80bfe9ca0d955bfbbc002781bc7b01b6bcb06",
"refsource": "CONFIRM",
"url": "https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commit;h=5bd80bfe9ca0d955bfbbc002781bc7b01b6bcb06"
},
{
"name": "72499",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/72499"
},
{
"name": "[oss-security] 20150203 Re: CVE request: heap buffer overflow in glibc swscanf",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2015/02/04/1"
}
]
}
}

140
2015/4xxx/CVE-2015-4798.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-4798",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Oracle Applications Technology Stack component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to DB Listener, a different vulnerability than CVE-2015-4839."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2015-4798",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"
},
{
"name" : "77250",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/77250"
},
{
"name" : "1033877",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1033877"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Oracle Applications Technology Stack component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to DB Listener, a different vulnerability than CVE-2015-4839."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1033877",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033877"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"
},
{
"name": "77250",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/77250"
}
]
}
}

180
2015/4xxx/CVE-2015-4886.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-4886",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Oracle Report Manager component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.3, 12.2.3, and 12.2.4 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Reports Security. NOTE: the previous information is from the October 2015 CPU. Oracle has not commented on third-party claims that this issue is an XML External Entity (XXE) vulnerability, which allows remote attackers to read arbitrary files, cause a denial of service, or conduct SMB Relay attacks via a crafted DTD in an XML request involving the OA_HTML/copxml servlet."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2015-4886",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20151029 [ERPSCAN-15-028] Oracle E-Business Suite - XXE injection Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/536788/100/0/threaded"
},
{
"name" : "20151030 [ERPSCAN-15-028] Oracle E-Business Suite - XXE injection Vulnerability",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2015/Oct/111"
},
{
"name" : "https://erpscan.io/advisories/erpscan-15-028-oracle-e-business-suite-xxe-injection-vulnerability/",
"refsource" : "MISC",
"url" : "https://erpscan.io/advisories/erpscan-15-028-oracle-e-business-suite-xxe-injection-vulnerability/"
},
{
"name" : "http://packetstormsecurity.com/files/134117/Oracle-E-Business-Suite-12.1.3-XXE-Injection.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/134117/Oracle-E-Business-Suite-12.1.3-XXE-Injection.html"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"
},
{
"name" : "77245",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/77245"
},
{
"name" : "1033877",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1033877"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Oracle Report Manager component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.3, 12.2.3, and 12.2.4 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Reports Security. NOTE: the previous information is from the October 2015 CPU. Oracle has not commented on third-party claims that this issue is an XML External Entity (XXE) vulnerability, which allows remote attackers to read arbitrary files, cause a denial of service, or conduct SMB Relay attacks via a crafted DTD in an XML request involving the OA_HTML/copxml servlet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1033877",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033877"
},
{
"name": "https://erpscan.io/advisories/erpscan-15-028-oracle-e-business-suite-xxe-injection-vulnerability/",
"refsource": "MISC",
"url": "https://erpscan.io/advisories/erpscan-15-028-oracle-e-business-suite-xxe-injection-vulnerability/"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"
},
{
"name": "http://packetstormsecurity.com/files/134117/Oracle-E-Business-Suite-12.1.3-XXE-Injection.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/134117/Oracle-E-Business-Suite-12.1.3-XXE-Injection.html"
},
{
"name": "20151029 [ERPSCAN-15-028] Oracle E-Business Suite - XXE injection Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/536788/100/0/threaded"
},
{
"name": "77245",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/77245"
},
{
"name": "20151030 [ERPSCAN-15-028] Oracle E-Business Suite - XXE injection Vulnerability",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2015/Oct/111"
}
]
}
}

130
2015/4xxx/CVE-2015-4915.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-4915",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Integrated Lights Out Manager (ILOM) component in Oracle Sun Systems Products Suite 3.0, 3.1, and 3.2 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to System Management."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2015-4915",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"
},
{
"name" : "1033882",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1033882"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Integrated Lights Out Manager (ILOM) component in Oracle Sun Systems Products Suite 3.0, 3.1, and 3.2 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to System Management."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"
},
{
"name": "1033882",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033882"
}
]
}
}

140
2015/4xxx/CVE-2015-4934.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-4934",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in the server in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12.1 allows remote attackers to execute arbitrary code via a crafted packet, a different vulnerability than CVE-2015-4931, CVE-2015-4932, CVE-2015-4933, and CVE-2015-4935."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2015-4934",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.zerodayinitiative.com/advisories/ZDI-15-376",
"refsource" : "MISC",
"url" : "http://www.zerodayinitiative.com/advisories/ZDI-15-376"
},
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21961928",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21961928"
},
{
"name" : "76109",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/76109"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the server in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12.1 allows remote attackers to execute arbitrary code via a crafted packet, a different vulnerability than CVE-2015-4931, CVE-2015-4932, CVE-2015-4933, and CVE-2015-4935."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "76109",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/76109"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21961928",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21961928"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-15-376",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-15-376"
}
]
}
}

34
2015/5xxx/CVE-2015-5483.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-5483",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-5483",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

170
2015/5xxx/CVE-2015-5924.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-5924",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The OpenGL implementation in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2015-5924",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://support.apple.com/HT205370",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT205370"
},
{
"name" : "https://support.apple.com/HT205375",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT205375"
},
{
"name" : "APPLE-SA-2015-10-21-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2015/Oct/msg00002.html"
},
{
"name" : "APPLE-SA-2015-10-21-4",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2015/Oct/msg00005.html"
},
{
"name" : "77263",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/77263"
},
{
"name" : "1033929",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1033929"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The OpenGL implementation in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "APPLE-SA-2015-10-21-4",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Oct/msg00005.html"
},
{
"name": "APPLE-SA-2015-10-21-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Oct/msg00002.html"
},
{
"name": "https://support.apple.com/HT205375",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT205375"
},
{
"name": "https://support.apple.com/HT205370",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT205370"
},
{
"name": "77263",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/77263"
},
{
"name": "1033929",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033929"
}
]
}
}

120
2015/9xxx/CVE-2015-9281.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-9281",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Logon Manager in SAS Web Infrastructure Platform before 9.4M3 allows reflected XSS on the Timeout page."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-9281",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://support.sas.com/kb/55/537.html",
"refsource" : "MISC",
"url" : "http://support.sas.com/kb/55/537.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Logon Manager in SAS Web Infrastructure Platform before 9.4M3 allows reflected XSS on the Timeout page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://support.sas.com/kb/55/537.html",
"refsource": "MISC",
"url": "http://support.sas.com/kb/55/537.html"
}
]
}
}

34
2018/2xxx/CVE-2018-2027.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-2027",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-2027",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2018/2xxx/CVE-2018-2551.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-2551",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-2551",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

150
2018/2xxx/CVE-2018-2563.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2018-2563",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Solaris Operating System",
"version" : {
"version_data" : [
{
"version_affected" : "=",
"version_value" : "10"
},
{
"version_affected" : "=",
"version_value" : "11.3"
}
]
}
}
]
},
"vendor_name" : "Oracle Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: LDAP Library). Supported versions that are affected are 10 and 11.3. Difficult to exploit vulnerability allows low privileged attacker with network access via LDAP to compromise Solaris. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Solaris accessible data as well as unauthorized read access to a subset of Solaris accessible data. CVSS 3.0 Base Score 4.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Difficult to exploit vulnerability allows low privileged attacker with network access via LDAP to compromise Solaris. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Solaris accessible data as well as unauthorized read access to a subset of Solaris accessible data."
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2018-2563",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Solaris Operating System",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "10"
},
{
"version_affected": "=",
"version_value": "11.3"
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
},
{
"name" : "103888",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/103888"
},
{
"name" : "1040702",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1040702"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: LDAP Library). Supported versions that are affected are 10 and 11.3. Difficult to exploit vulnerability allows low privileged attacker with network access via LDAP to compromise Solaris. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Solaris accessible data as well as unauthorized read access to a subset of Solaris accessible data. CVSS 3.0 Base Score 4.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Difficult to exploit vulnerability allows low privileged attacker with network access via LDAP to compromise Solaris. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Solaris accessible data as well as unauthorized read access to a subset of Solaris accessible data."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1040702",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040702"
},
{
"name": "103888",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103888"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
}
]
}
}

142
2018/2xxx/CVE-2018-2900.json
View File

@ -1,73 +1,73 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2018-2900",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "BI Publisher (formerly XML Publisher)",
"version" : {
"version_data" : [
{
"version_affected" : "=",
"version_value" : "11.1.1.7.0"
}
]
}
}
]
},
"vendor_name" : "Oracle Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in the BI Publisher component of Oracle Fusion Middleware (subcomponent: Layout Tools). The supported version that is affected is 11.1.1.7.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise BI Publisher. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all BI Publisher accessible data as well as unauthorized read access to a subset of BI Publisher accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise BI Publisher. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all BI Publisher accessible data as well as unauthorized read access to a subset of BI Publisher accessible data."
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2018-2900",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BI Publisher (formerly XML Publisher)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "11.1.1.7.0"
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"name" : "104767",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/104767"
},
{
"name" : "1041310",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1041310"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the BI Publisher component of Oracle Fusion Middleware (subcomponent: Layout Tools). The supported version that is affected is 11.1.1.7.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise BI Publisher. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all BI Publisher accessible data as well as unauthorized read access to a subset of BI Publisher accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise BI Publisher. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all BI Publisher accessible data as well as unauthorized read access to a subset of BI Publisher accessible data."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"name": "1041310",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041310"
},
{
"name": "104767",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104767"
}
]
}
}

166
2018/3xxx/CVE-2018-3030.json
View File

@ -1,85 +1,85 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2018-3030",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "FLEXCUBE Investor Servicing",
"version" : {
"version_data" : [
{
"version_affected" : "=",
"version_value" : "12.0.4"
},
{
"version_affected" : "=",
"version_value" : "12.1.0"
},
{
"version_affected" : "=",
"version_value" : "12.3.0"
},
{
"version_affected" : "=",
"version_value" : "12.4.0"
}
]
}
}
]
},
"vendor_name" : "Oracle Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in the Oracle FLEXCUBE Investor Servicing component of Oracle Financial Services Applications (subcomponent: Infrastructure). Supported versions that are affected are 12.0.4, 12.1.0, 12.3.0 and 12.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle FLEXCUBE Investor Servicing. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle FLEXCUBE Investor Servicing."
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2018-3030",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "FLEXCUBE Investor Servicing",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "12.0.4"
},
{
"version_affected": "=",
"version_value": "12.1.0"
},
{
"version_affected": "=",
"version_value": "12.3.0"
},
{
"version_affected": "=",
"version_value": "12.4.0"
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"name" : "104793",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/104793"
},
{
"name" : "1041307",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1041307"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the Oracle FLEXCUBE Investor Servicing component of Oracle Financial Services Applications (subcomponent: Infrastructure). Supported versions that are affected are 12.0.4, 12.1.0, 12.3.0 and 12.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle FLEXCUBE Investor Servicing. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle FLEXCUBE Investor Servicing."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"name": "1041307",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041307"
},
{
"name": "104793",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104793"
}
]
}
}

142
2018/3xxx/CVE-2018-3130.json
View File

@ -1,73 +1,73 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2018-3130",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "PeopleSoft Enterprise PRTL Interaction Hub",
"version" : {
"version_data" : [
{
"version_affected" : "=",
"version_value" : "9.1.0.0"
}
]
}
}
]
},
"vendor_name" : "Oracle Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in the PeopleSoft Enterprise Interaction Hub component of Oracle PeopleSoft Products (subcomponent: Application Portal). The supported version that is affected is 9.1.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise Interaction Hub. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise Interaction Hub accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise Interaction Hub accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise Interaction Hub. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise Interaction Hub accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise Interaction Hub accessible data."
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2018-3130",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PeopleSoft Enterprise PRTL Interaction Hub",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "9.1.0.0"
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"name" : "105614",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/105614"
},
{
"name" : "1041891",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1041891"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the PeopleSoft Enterprise Interaction Hub component of Oracle PeopleSoft Products (subcomponent: Application Portal). The supported version that is affected is 9.1.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise Interaction Hub. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise Interaction Hub accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise Interaction Hub accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise Interaction Hub. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise Interaction Hub accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise Interaction Hub accessible data."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "105614",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105614"
},
{
"name": "1041891",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041891"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
}
]
}
}

132
2018/3xxx/CVE-2018-3168.json
View File

@ -1,68 +1,68 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2018-3168",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Identity Analytics",
"version" : {
"version_data" : [
{
"version_affected" : "=",
"version_value" : "11.1.1.5.8"
}
]
}
}
]
},
"vendor_name" : "Oracle Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in the Oracle Identity Analytics component of Oracle Fusion Middleware (subcomponent: Core Components). The supported version that is affected is 11.1.1.5.8. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Identity Analytics. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Identity Analytics accessible data as well as unauthorized read access to a subset of Oracle Identity Analytics accessible data. CVSS 3.0 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Identity Analytics. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Identity Analytics accessible data as well as unauthorized read access to a subset of Oracle Identity Analytics accessible data."
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2018-3168",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Identity Analytics",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "11.1.1.5.8"
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"name" : "105638",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/105638"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the Oracle Identity Analytics component of Oracle Fusion Middleware (subcomponent: Core Components). The supported version that is affected is 11.1.1.5.8. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Identity Analytics. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Identity Analytics accessible data as well as unauthorized read access to a subset of Oracle Identity Analytics accessible data. CVSS 3.0 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Identity Analytics. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Identity Analytics accessible data as well as unauthorized read access to a subset of Oracle Identity Analytics accessible data."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "105638",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105638"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
}
]
}
}

140
2018/6xxx/CVE-2018-6377.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-6377",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In Joomla! before 3.8.4, inadequate input filtering in com_fields leads to an XSS vulnerability in multiple field types, i.e., list, radio, and checkbox"
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-6377",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://developer.joomla.org/security-centre/720-20180103-core-xss-vulnerability.html",
"refsource" : "CONFIRM",
"url" : "https://developer.joomla.org/security-centre/720-20180103-core-xss-vulnerability.html"
},
{
"name" : "102917",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/102917"
},
{
"name" : "1040316",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1040316"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Joomla! before 3.8.4, inadequate input filtering in com_fields leads to an XSS vulnerability in multiple field types, i.e., list, radio, and checkbox"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://developer.joomla.org/security-centre/720-20180103-core-xss-vulnerability.html",
"refsource": "CONFIRM",
"url": "https://developer.joomla.org/security-centre/720-20180103-core-xss-vulnerability.html"
},
{
"name": "1040316",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040316"
},
{
"name": "102917",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102917"
}
]
}
}

130
2018/6xxx/CVE-2018-6550.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-6550",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Monstra CMS through 3.0.4 has XSS in the title function in plugins/box/pages/pages.plugin.php via a page title to admin/index.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-6550",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/monstra-cms/monstra/commit/388ab412035474068758df6b07e7e06852f3747b",
"refsource" : "CONFIRM",
"url" : "https://github.com/monstra-cms/monstra/commit/388ab412035474068758df6b07e7e06852f3747b"
},
{
"name" : "https://github.com/monstra-cms/monstra/issues/427",
"refsource" : "CONFIRM",
"url" : "https://github.com/monstra-cms/monstra/issues/427"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Monstra CMS through 3.0.4 has XSS in the title function in plugins/box/pages/pages.plugin.php via a page title to admin/index.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/monstra-cms/monstra/commit/388ab412035474068758df6b07e7e06852f3747b",
"refsource": "CONFIRM",
"url": "https://github.com/monstra-cms/monstra/commit/388ab412035474068758df6b07e7e06852f3747b"
},
{
"name": "https://github.com/monstra-cms/monstra/issues/427",
"refsource": "CONFIRM",
"url": "https://github.com/monstra-cms/monstra/issues/427"
}
]
}
}

120
2018/6xxx/CVE-2018-6628.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-6628",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In Micropoint proactive defense software 2.0.20266.0146, the driver file (mp110005.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x8000010c."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-6628",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/ZhiyuanWang-Chengdu-Qihoo360/Micropoint_POC/tree/master/mp110005/8000010c",
"refsource" : "MISC",
"url" : "https://github.com/ZhiyuanWang-Chengdu-Qihoo360/Micropoint_POC/tree/master/mp110005/8000010c"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Micropoint proactive defense software 2.0.20266.0146, the driver file (mp110005.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x8000010c."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/ZhiyuanWang-Chengdu-Qihoo360/Micropoint_POC/tree/master/mp110005/8000010c",
"refsource": "MISC",
"url": "https://github.com/ZhiyuanWang-Chengdu-Qihoo360/Micropoint_POC/tree/master/mp110005/8000010c"
}
]
}
}

34
2018/6xxx/CVE-2018-6714.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-6714",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-6714",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2018/7xxx/CVE-2018-7151.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-7151",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-7151",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2018/7xxx/CVE-2018-7416.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-7416",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-7416",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}