diff --git a/2019/16xxx/CVE-2019-16130.json b/2019/16xxx/CVE-2019-16130.json new file mode 100644 index 00000000000..f5b16bf6b5d --- /dev/null +++ b/2019/16xxx/CVE-2019-16130.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-16130", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "YII2-CMS v1.0 has XSS in protected\\core\\modules\\home\\models\\Contact.php via a name field to /contact.html." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://www.iwantacve.cn/index.php/archives/277/", + "refsource": "MISC", + "name": "http://www.iwantacve.cn/index.php/archives/277/" + }, + { + "url": "https://github.com/weison-tech/yii2-cms/issues/2", + "refsource": "MISC", + "name": "https://github.com/weison-tech/yii2-cms/issues/2" + } + ] + } +} \ No newline at end of file diff --git a/2019/16xxx/CVE-2019-16131.json b/2019/16xxx/CVE-2019-16131.json new file mode 100644 index 00000000000..6e6449ee1c5 --- /dev/null +++ b/2019/16xxx/CVE-2019-16131.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-16131", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "framework/admin/modulec_control.php in OKLite v1.2.25 has an Arbitrary File Upload Vulnerability because a .php file from a ZIP archive can be written to /data/cache/." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://www.iwantacve.cn/index.php/archives/289/", + "refsource": "MISC", + "name": "http://www.iwantacve.cn/index.php/archives/289/" + } + ] + } +} \ No newline at end of file diff --git a/2019/16xxx/CVE-2019-16132.json b/2019/16xxx/CVE-2019-16132.json new file mode 100644 index 00000000000..91a10b93169 --- /dev/null +++ b/2019/16xxx/CVE-2019-16132.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-16132", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in OKLite v1.2.25. framework/admin/tpl_control.php allows remote attackers to delete arbitrary files via a title directory-traversal pathname followed by a crafted substring." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://www.iwantacve.cn/index.php/archives/296/", + "refsource": "MISC", + "name": "http://www.iwantacve.cn/index.php/archives/296/" + } + ] + } +} \ No newline at end of file diff --git a/2019/16xxx/CVE-2019-16133.json b/2019/16xxx/CVE-2019-16133.json new file mode 100644 index 00000000000..cc8820f5d61 --- /dev/null +++ b/2019/16xxx/CVE-2019-16133.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-16133", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in eteams OA v4.0.34. Because the session is not strictly checked, the account names and passwords of all employees in the company can be obtained by an ordinary account. Specifically, the attacker sends a jsessionid value for URIs under app/profile/summary/." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://www.iwantacve.cn/index.php/archives/271/", + "refsource": "MISC", + "name": "http://www.iwantacve.cn/index.php/archives/271/" + } + ] + } +} \ No newline at end of file