From 44b693724852661c307ae61a22bc5b374b714aee Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 04:17:14 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2004/1xxx/CVE-2004-1154.json | 270 ++++++++--------- 2008/3xxx/CVE-2008-3228.json | 150 ++++----- 2008/3xxx/CVE-2008-3527.json | 220 +++++++------- 2008/3xxx/CVE-2008-3725.json | 160 +++++----- 2008/3xxx/CVE-2008-3739.json | 200 ++++++------ 2008/4xxx/CVE-2008-4102.json | 210 ++++++------- 2008/4xxx/CVE-2008-4511.json | 140 ++++----- 2008/4xxx/CVE-2008-4559.json | 140 ++++----- 2008/4xxx/CVE-2008-4674.json | 160 +++++----- 2008/4xxx/CVE-2008-4756.json | 140 ++++----- 2008/6xxx/CVE-2008-6733.json | 160 +++++----- 2008/6xxx/CVE-2008-6761.json | 130 ++++---- 2008/6xxx/CVE-2008-6950.json | 140 ++++----- 2008/6xxx/CVE-2008-6962.json | 150 ++++----- 2008/7xxx/CVE-2008-7111.json | 150 ++++----- 2008/7xxx/CVE-2008-7292.json | 130 ++++---- 2013/2xxx/CVE-2013-2034.json | 130 ++++---- 2013/2xxx/CVE-2013-2335.json | 140 ++++----- 2013/2xxx/CVE-2013-2419.json | 470 ++++++++++++++--------------- 2013/6xxx/CVE-2013-6913.json | 160 +++++----- 2013/6xxx/CVE-2013-6988.json | 34 +-- 2017/10xxx/CVE-2017-10163.json | 166 +++++----- 2017/10xxx/CVE-2017-10251.json | 150 ++++----- 2017/11xxx/CVE-2017-11852.json | 142 ++++----- 2017/14xxx/CVE-2017-14141.json | 140 ++++----- 2017/14xxx/CVE-2017-14231.json | 130 ++++---- 2017/14xxx/CVE-2017-14290.json | 120 ++++---- 2017/14xxx/CVE-2017-14545.json | 120 ++++---- 2017/15xxx/CVE-2017-15084.json | 120 ++++---- 2017/15xxx/CVE-2017-15104.json | 152 +++++----- 2017/15xxx/CVE-2017-15297.json | 140 ++++----- 2017/15xxx/CVE-2017-15507.json | 34 +-- 2017/15xxx/CVE-2017-15573.json | 140 ++++----- 2017/9xxx/CVE-2017-9632.json | 120 ++++---- 2017/9xxx/CVE-2017-9740.json | 150 ++++----- 2017/9xxx/CVE-2017-9953.json | 120 ++++---- 2018/0xxx/CVE-2018-0291.json | 130 ++++---- 2018/0xxx/CVE-2018-0808.json | 142 ++++----- 2018/0xxx/CVE-2018-0945.json | 166 +++++----- 2018/1000xxx/CVE-2018-1000035.json | 124 ++++---- 2018/1000xxx/CVE-2018-1000555.json | 35 ++- 2018/1000xxx/CVE-2018-1000841.json | 126 ++++---- 2018/12xxx/CVE-2018-12480.json | 168 +++++------ 2018/12xxx/CVE-2018-12890.json | 34 +-- 2018/16xxx/CVE-2018-16081.json | 162 +++++----- 2018/16xxx/CVE-2018-16518.json | 120 ++++---- 2018/16xxx/CVE-2018-16960.json | 34 +-- 2018/4xxx/CVE-2018-4654.json | 34 +-- 2018/4xxx/CVE-2018-4809.json | 34 +-- 2018/4xxx/CVE-2018-4902.json | 140 ++++----- 2019/7xxx/CVE-2019-7384.json | 73 ++++- 51 files changed, 3559 insertions(+), 3491 deletions(-) diff --git a/2004/1xxx/CVE-2004-1154.json b/2004/1xxx/CVE-2004-1154.json index a46010cafef..ffa0ec28014 100644 --- a/2004/1xxx/CVE-2004-1154.json +++ b/2004/1xxx/CVE-2004-1154.json @@ -1,137 +1,137 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1154", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in the Samba daemon (smbd) in Samba 2.x and 3.0.x through 3.0.9 allows remote authenticated users to cause a denial of service (application crash) and possibly execute arbitrary code via a Samba request with a large number of security descriptors that triggers a heap-based buffer overflow." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1154", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20041216 Samba smbd Security Descriptor Integer Overflow Vulnerability", - "refsource" : "IDEFENSE", - "url" : "http://www.idefense.com/application/poi/display?id=165&type=vulnerabilities" - }, - { - "name" : "http://www.samba.org/samba/security/CAN-2004-1154.html", - "refsource" : "CONFIRM", - "url" : "http://www.samba.org/samba/security/CAN-2004-1154.html" - }, - { - "name" : "APPLE-SA-2005-03-21", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2005/Mar/msg00000.html" - }, - { - "name" : "DSA-701", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2005/dsa-701" - }, - { - "name" : "RHSA-2005:020", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2005-020.html" - }, - { - "name" : "SCOSA-2005.17", - "refsource" : "SCO", - "url" : "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.17/SCOSA-2005.17.txt" - }, - { - "name" : "101643", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101643-1" - }, - { - "name" : "57730", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57730-1" - }, - { - "name" : "SUSE-SA:2004:045", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2004_45_samba.html" - }, - { - "name" : "VU#226184", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/226184" - }, - { - "name" : "11973", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/11973" - }, - { - "name" : "oval:org.mitre.oval:def:1459", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1459" - }, - { - "name" : "oval:org.mitre.oval:def:642", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A642" - }, - { - "name" : "oval:org.mitre.oval:def:10236", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10236" - }, - { - "name" : "13453", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/13453/" - }, - { - "name" : "samba-msrpc-heap-corruption(18519)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18519" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in the Samba daemon (smbd) in Samba 2.x and 3.0.x through 3.0.9 allows remote authenticated users to cause a denial of service (application crash) and possibly execute arbitrary code via a Samba request with a large number of security descriptors that triggers a heap-based buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.samba.org/samba/security/CAN-2004-1154.html", + "refsource": "CONFIRM", + "url": "http://www.samba.org/samba/security/CAN-2004-1154.html" + }, + { + "name": "101643", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101643-1" + }, + { + "name": "oval:org.mitre.oval:def:10236", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10236" + }, + { + "name": "11973", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/11973" + }, + { + "name": "samba-msrpc-heap-corruption(18519)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18519" + }, + { + "name": "RHSA-2005:020", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2005-020.html" + }, + { + "name": "oval:org.mitre.oval:def:642", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A642" + }, + { + "name": "13453", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/13453/" + }, + { + "name": "DSA-701", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2005/dsa-701" + }, + { + "name": "APPLE-SA-2005-03-21", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2005/Mar/msg00000.html" + }, + { + "name": "57730", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57730-1" + }, + { + "name": "20041216 Samba smbd Security Descriptor Integer Overflow Vulnerability", + "refsource": "IDEFENSE", + "url": "http://www.idefense.com/application/poi/display?id=165&type=vulnerabilities" + }, + { + "name": "SUSE-SA:2004:045", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2004_45_samba.html" + }, + { + "name": "oval:org.mitre.oval:def:1459", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1459" + }, + { + "name": "SCOSA-2005.17", + "refsource": "SCO", + "url": "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.17/SCOSA-2005.17.txt" + }, + { + "name": "VU#226184", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/226184" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3228.json b/2008/3xxx/CVE-2008-3228.json index 2a688f91914..c3080c2fc28 100644 --- a/2008/3xxx/CVE-2008-3228.json +++ b/2008/3xxx/CVE-2008-3228.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3228", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Joomla! before 1.5.4 does not configure .htaccess to apply certain security checks that \"block common exploits\" to SEF URLs, which has unknown impact and remote attack vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3228", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20080712 CVE requests: joomla <1.5.4", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2008/07/12/2" - }, - { - "name" : "http://www.joomla.org/content/view/5180/1/", - "refsource" : "CONFIRM", - "url" : "http://www.joomla.org/content/view/5180/1/" - }, - { - "name" : "http://www.joomla.org/content/view/5180/1/1/1/#htaccess", - "refsource" : "CONFIRM", - "url" : "http://www.joomla.org/content/view/5180/1/1/1/#htaccess" - }, - { - "name" : "joomla-block-common-unspecified(44206)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44206" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Joomla! before 1.5.4 does not configure .htaccess to apply certain security checks that \"block common exploits\" to SEF URLs, which has unknown impact and remote attack vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20080712 CVE requests: joomla <1.5.4", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2008/07/12/2" + }, + { + "name": "http://www.joomla.org/content/view/5180/1/", + "refsource": "CONFIRM", + "url": "http://www.joomla.org/content/view/5180/1/" + }, + { + "name": "http://www.joomla.org/content/view/5180/1/1/1/#htaccess", + "refsource": "CONFIRM", + "url": "http://www.joomla.org/content/view/5180/1/1/1/#htaccess" + }, + { + "name": "joomla-block-common-unspecified(44206)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44206" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3527.json b/2008/3xxx/CVE-2008-3527.json index b8ed34d6b86..48c06358b53 100644 --- a/2008/3xxx/CVE-2008-3527.json +++ b/2008/3xxx/CVE-2008-3527.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3527", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "arch/i386/kernel/sysenter.c in the Virtual Dynamic Shared Objects (vDSO) implementation in the Linux kernel before 2.6.21 does not properly check boundaries, which allows local users to gain privileges or cause a denial of service via unspecified vectors, related to the install_special_mapping, syscall, and syscall32_nopage functions." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2008-3527", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=7d91d531900bfa1165d445390b3b13a8013f98f7", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=7d91d531900bfa1165d445390b3b13a8013f98f7" - }, - { - "name" : "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.21", - "refsource" : "CONFIRM", - "url" : "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.21" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=460251", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=460251" - }, - { - "name" : "DSA-1687", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2008/dsa-1687" - }, - { - "name" : "RHSA-2008:0957", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2008-0957.html" - }, - { - "name" : "SUSE-SR:2008:025", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html" - }, - { - "name" : "oval:org.mitre.oval:def:10602", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10602" - }, - { - "name" : "1021137", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1021137" - }, - { - "name" : "32485", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32485" - }, - { - "name" : "32759", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32759" - }, - { - "name" : "33180", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33180" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "arch/i386/kernel/sysenter.c in the Virtual Dynamic Shared Objects (vDSO) implementation in the Linux kernel before 2.6.21 does not properly check boundaries, which allows local users to gain privileges or cause a denial of service via unspecified vectors, related to the install_special_mapping, syscall, and syscall32_nopage functions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "32485", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32485" + }, + { + "name": "oval:org.mitre.oval:def:10602", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10602" + }, + { + "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=7d91d531900bfa1165d445390b3b13a8013f98f7", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=7d91d531900bfa1165d445390b3b13a8013f98f7" + }, + { + "name": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.21", + "refsource": "CONFIRM", + "url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.21" + }, + { + "name": "RHSA-2008:0957", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2008-0957.html" + }, + { + "name": "1021137", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1021137" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=460251", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=460251" + }, + { + "name": "DSA-1687", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2008/dsa-1687" + }, + { + "name": "32759", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32759" + }, + { + "name": "33180", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33180" + }, + { + "name": "SUSE-SR:2008:025", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3725.json b/2008/3xxx/CVE-2008-3725.json index 5b092930f86..bd10bce5f9b 100644 --- a/2008/3xxx/CVE-2008-3725.json +++ b/2008/3xxx/CVE-2008-3725.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3725", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in trr.php in YourFreeWorld Ad Board Script allows remote attackers to execute arbitrary SQL commands via the id parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3725", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "6271", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6271" - }, - { - "name" : "http://packetstorm.linuxsecurity.com/0808-exploits/adboard-sql.txt", - "refsource" : "MISC", - "url" : "http://packetstorm.linuxsecurity.com/0808-exploits/adboard-sql.txt" - }, - { - "name" : "30742", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30742" - }, - { - "name" : "31491", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31491" - }, - { - "name" : "adboard-trr-sql-injection(44532)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44532" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in trr.php in YourFreeWorld Ad Board Script allows remote attackers to execute arbitrary SQL commands via the id parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "6271", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6271" + }, + { + "name": "31491", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31491" + }, + { + "name": "http://packetstorm.linuxsecurity.com/0808-exploits/adboard-sql.txt", + "refsource": "MISC", + "url": "http://packetstorm.linuxsecurity.com/0808-exploits/adboard-sql.txt" + }, + { + "name": "30742", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30742" + }, + { + "name": "adboard-trr-sql-injection(44532)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44532" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3739.json b/2008/3xxx/CVE-2008-3739.json index eb8915be727..52005a91984 100644 --- a/2008/3xxx/CVE-2008-3739.json +++ b/2008/3xxx/CVE-2008-3739.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3739", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in (1) System Consultants La!Cooda WIZ 1.4.0 and earlier and (2) SpaceTag LacoodaST 2.1.3 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly involving upload of files containing XSS sequences." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3739", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://wiz.syscon.co.jp/Details.htm", - "refsource" : "CONFIRM", - "url" : "http://wiz.syscon.co.jp/Details.htm" - }, - { - "name" : "http://www.spacetag.jp/modules/products/index.php?id=54", - "refsource" : "CONFIRM", - "url" : "http://www.spacetag.jp/modules/products/index.php?id=54" - }, - { - "name" : "JVN#27417220", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN27417220/index.html" - }, - { - "name" : "JVN#52557009", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN52557009/index.html" - }, - { - "name" : "JVNDB-2008-000048", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000048.html" - }, - { - "name" : "30791", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30791" - }, - { - "name" : "31574", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31574" - }, - { - "name" : "31582", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31582" - }, - { - "name" : "lacooda-unspecified-xss(44593)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44593" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in (1) System Consultants La!Cooda WIZ 1.4.0 and earlier and (2) SpaceTag LacoodaST 2.1.3 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly involving upload of files containing XSS sequences." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVN#52557009", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN52557009/index.html" + }, + { + "name": "30791", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30791" + }, + { + "name": "JVN#27417220", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN27417220/index.html" + }, + { + "name": "31574", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31574" + }, + { + "name": "lacooda-unspecified-xss(44593)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44593" + }, + { + "name": "JVNDB-2008-000048", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000048.html" + }, + { + "name": "http://wiz.syscon.co.jp/Details.htm", + "refsource": "CONFIRM", + "url": "http://wiz.syscon.co.jp/Details.htm" + }, + { + "name": "31582", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31582" + }, + { + "name": "http://www.spacetag.jp/modules/products/index.php?id=54", + "refsource": "CONFIRM", + "url": "http://www.spacetag.jp/modules/products/index.php?id=54" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4102.json b/2008/4xxx/CVE-2008-4102.json index 5edb710e944..88efd358eb6 100644 --- a/2008/4xxx/CVE-2008-4102.json +++ b/2008/4xxx/CVE-2008-4102.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4102", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Joomla! 1.5 before 1.5.7 initializes PHP's PRNG with a weak seed, which makes it easier for attackers to guess the pseudo-random values produced by PHP's mt_rand function, as demonstrated by guessing password reset tokens, a different vulnerability than CVE-2008-3681." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-4102", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080911 Advisory 04/2008: Joomla Weak Random Password Reset Token Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/496237/100/0/threaded" - }, - { - "name" : "[oss-security] 20080911 CVE request for Joomla multiple vuln.", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=oss-security&m=122118210029084&w=2" - }, - { - "name" : "[oss-security] 20080911 CVE request: joomla < 1.5.7", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=oss-security&m=122115344915232&w=2" - }, - { - "name" : "[oss-security] 20080916 Re: CVE request: joomla < 1.5.7", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=oss-security&m=122152798516853&w=2" - }, - { - "name" : "http://www.sektioneins.de/advisories/SE-2008-04.txt", - "refsource" : "MISC", - "url" : "http://www.sektioneins.de/advisories/SE-2008-04.txt" - }, - { - "name" : "http://www.suspekt.org/2008/08/17/mt_srand-and-not-so-random-numbers/", - "refsource" : "MISC", - "url" : "http://www.suspekt.org/2008/08/17/mt_srand-and-not-so-random-numbers/" - }, - { - "name" : "http://developer.joomla.org/security/news/272-20080902-core-random-number-generation-flaw.html", - "refsource" : "CONFIRM", - "url" : "http://developer.joomla.org/security/news/272-20080902-core-random-number-generation-flaw.html" - }, - { - "name" : "31789", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31789" - }, - { - "name" : "4271", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4271" - }, - { - "name" : "joomla-randomnumbers-info-disclosure(45068)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45068" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Joomla! 1.5 before 1.5.7 initializes PHP's PRNG with a weak seed, which makes it easier for attackers to guess the pseudo-random values produced by PHP's mt_rand function, as demonstrated by guessing password reset tokens, a different vulnerability than CVE-2008-3681." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20080916 Re: CVE request: joomla < 1.5.7", + "refsource": "MLIST", + "url": "http://marc.info/?l=oss-security&m=122152798516853&w=2" + }, + { + "name": "4271", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4271" + }, + { + "name": "20080911 Advisory 04/2008: Joomla Weak Random Password Reset Token Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/496237/100/0/threaded" + }, + { + "name": "31789", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31789" + }, + { + "name": "http://www.suspekt.org/2008/08/17/mt_srand-and-not-so-random-numbers/", + "refsource": "MISC", + "url": "http://www.suspekt.org/2008/08/17/mt_srand-and-not-so-random-numbers/" + }, + { + "name": "joomla-randomnumbers-info-disclosure(45068)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45068" + }, + { + "name": "[oss-security] 20080911 CVE request: joomla < 1.5.7", + "refsource": "MLIST", + "url": "http://marc.info/?l=oss-security&m=122115344915232&w=2" + }, + { + "name": "[oss-security] 20080911 CVE request for Joomla multiple vuln.", + "refsource": "MLIST", + "url": "http://marc.info/?l=oss-security&m=122118210029084&w=2" + }, + { + "name": "http://developer.joomla.org/security/news/272-20080902-core-random-number-generation-flaw.html", + "refsource": "CONFIRM", + "url": "http://developer.joomla.org/security/news/272-20080902-core-random-number-generation-flaw.html" + }, + { + "name": "http://www.sektioneins.de/advisories/SE-2008-04.txt", + "refsource": "MISC", + "url": "http://www.sektioneins.de/advisories/SE-2008-04.txt" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4511.json b/2008/4xxx/CVE-2008-4511.json index 4563210c407..5edc39e726b 100644 --- a/2008/4xxx/CVE-2008-4511.json +++ b/2008/4xxx/CVE-2008-4511.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4511", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Todd Woolums ASP News Management, possibly 2.21, stores db/news.mdb under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-4511", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080927 ASP News Remote Password Disclouse Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/496787/100/0/threaded" - }, - { - "name" : "4380", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4380" - }, - { - "name" : "aspnewsmanagement-news-info-disclosure(45838)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45838" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Todd Woolums ASP News Management, possibly 2.21, stores db/news.mdb under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "aspnewsmanagement-news-info-disclosure(45838)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45838" + }, + { + "name": "4380", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4380" + }, + { + "name": "20080927 ASP News Remote Password Disclouse Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/496787/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4559.json b/2008/4xxx/CVE-2008-4559.json index e69416e4e22..a97c0d18ff1 100644 --- a/2008/4xxx/CVE-2008-4559.json +++ b/2008/4xxx/CVE-2008-4559.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4559", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via shell metacharacters in argument fields to the (1) webappmon.exe or (2) OpenView5.exe CGI program. NOTE: this issue may be partially covered by CVE-2009-0205." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-4559", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090206 HP Network Node Manager Multiple Command Injection Vulnerabilities", - "refsource" : "IDEFENSE", - "url" : "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=770" - }, - { - "name" : "HPSBMA02406", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01661610" - }, - { - "name" : "SSRT080100", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01661610" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via shell metacharacters in argument fields to the (1) webappmon.exe or (2) OpenView5.exe CGI program. NOTE: this issue may be partially covered by CVE-2009-0205." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SSRT080100", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01661610" + }, + { + "name": "20090206 HP Network Node Manager Multiple Command Injection Vulnerabilities", + "refsource": "IDEFENSE", + "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=770" + }, + { + "name": "HPSBMA02406", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01661610" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4674.json b/2008/4xxx/CVE-2008-4674.json index 5f86933de96..669c96176ad 100644 --- a/2008/4xxx/CVE-2008-4674.json +++ b/2008/4xxx/CVE-2008-4674.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4674", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in realestate-index.php in Conkurent Real Estate Manager 1.01 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in browse mode." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-4674", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "6599", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6599" - }, - { - "name" : "31443", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31443" - }, - { - "name" : "32049", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32049" - }, - { - "name" : "4469", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4469" - }, - { - "name" : "realestatemanager-catid-sql-injection(45499)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45499" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in realestate-index.php in Conkurent Real Estate Manager 1.01 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in browse mode." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "4469", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4469" + }, + { + "name": "31443", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31443" + }, + { + "name": "32049", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32049" + }, + { + "name": "6599", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6599" + }, + { + "name": "realestatemanager-catid-sql-injection(45499)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45499" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4756.json b/2008/4xxx/CVE-2008-4756.json index 5864c74258b..c01c36dd4a9 100644 --- a/2008/4xxx/CVE-2008-4756.json +++ b/2008/4xxx/CVE-2008-4756.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4756", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in add_prest_date.php in PHP-Daily allows remote attackers to inject arbitrary web script or HTML via the date parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-4756", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "6833", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6833" - }, - { - "name" : "31915", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31915" - }, - { - "name" : "phpdaily-date-xss(46128)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46128" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in add_prest_date.php in PHP-Daily allows remote attackers to inject arbitrary web script or HTML via the date parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "31915", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31915" + }, + { + "name": "phpdaily-date-xss(46128)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46128" + }, + { + "name": "6833", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6833" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6733.json b/2008/6xxx/CVE-2008-6733.json index ed8ed18fd21..8bc87e29b01 100644 --- a/2008/6xxx/CVE-2008-6733.json +++ b/2008/6xxx/CVE-2008-6733.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6733", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the error handling page in DotNetNuke 4.6.2 through 4.8.3 allows remote attackers to inject arbitrary web script or HTML via the querystring parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6733", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.dotnetnuke.com/News/SecurityPolicy/SecurityBulletinno18/tabid/1165/Default.aspx", - "refsource" : "CONFIRM", - "url" : "http://www.dotnetnuke.com/News/SecurityPolicy/SecurityBulletinno18/tabid/1165/Default.aspx" - }, - { - "name" : "29686", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29686" - }, - { - "name" : "46323", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/46323" - }, - { - "name" : "30617", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30617" - }, - { - "name" : "dotnetnuke-errorpage-xss(43026)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43026" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the error handling page in DotNetNuke 4.6.2 through 4.8.3 allows remote attackers to inject arbitrary web script or HTML via the querystring parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.dotnetnuke.com/News/SecurityPolicy/SecurityBulletinno18/tabid/1165/Default.aspx", + "refsource": "CONFIRM", + "url": "http://www.dotnetnuke.com/News/SecurityPolicy/SecurityBulletinno18/tabid/1165/Default.aspx" + }, + { + "name": "29686", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29686" + }, + { + "name": "46323", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/46323" + }, + { + "name": "30617", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30617" + }, + { + "name": "dotnetnuke-errorpage-xss(43026)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43026" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6761.json b/2008/6xxx/CVE-2008-6761.json index 82c9065c22a..689f7fc7031 100644 --- a/2008/6xxx/CVE-2008-6761.json +++ b/2008/6xxx/CVE-2008-6761.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6761", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Static code injection vulnerability in admin/install.php in Flexcustomer 0.0.6 might allow remote attackers to inject arbitrary PHP code into const.inc.php via the installdbname parameter (aka the Database Name field). NOTE: the installation instructions specify deleting admin/install.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6761", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "7622", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/7622" - }, - { - "name" : "flexcustomer-install-code-execution(47652)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/47652" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Static code injection vulnerability in admin/install.php in Flexcustomer 0.0.6 might allow remote attackers to inject arbitrary PHP code into const.inc.php via the installdbname parameter (aka the Database Name field). NOTE: the installation instructions specify deleting admin/install.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "flexcustomer-install-code-execution(47652)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47652" + }, + { + "name": "7622", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/7622" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6950.json b/2008/6xxx/CVE-2008-6950.json index 85f18944ee2..5d1a5133ae7 100644 --- a/2008/6xxx/CVE-2008-6950.json +++ b/2008/6xxx/CVE-2008-6950.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6950", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in login.asp in Bankoi WebHosting Control Panel 1.20 allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password field." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6950", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "7120", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/7120" - }, - { - "name" : "32299", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/32299" - }, - { - "name" : "webhostpanel-login-sql-injection(46637)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46637" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in login.asp in Bankoi WebHosting Control Panel 1.20 allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password field." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "webhostpanel-login-sql-injection(46637)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46637" + }, + { + "name": "32299", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/32299" + }, + { + "name": "7120", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/7120" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6962.json b/2008/6xxx/CVE-2008-6962.json index a56b0927e3e..be35132d0b1 100644 --- a/2008/6xxx/CVE-2008-6962.json +++ b/2008/6xxx/CVE-2008-6962.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6962", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Avira AntiVir Premium, Premium Security Suite, AntiVir Professional, and AntiVir Personal - FREE allows local users to execute arbitrary code via a crafted IOCTL request that overwrites a kernel pointer." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6962", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.vupen.com/english/VUPEN-Security-Advisory-20081112.txt", - "refsource" : "MISC", - "url" : "http://www.vupen.com/english/VUPEN-Security-Advisory-20081112.txt" - }, - { - "name" : "32269", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/32269" - }, - { - "name" : "ADV-2008-3130", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/3130" - }, - { - "name" : "avira-ioctl-privilege-escalation(46567)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46567" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Avira AntiVir Premium, Premium Security Suite, AntiVir Professional, and AntiVir Personal - FREE allows local users to execute arbitrary code via a crafted IOCTL request that overwrites a kernel pointer." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "avira-ioctl-privilege-escalation(46567)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46567" + }, + { + "name": "http://www.vupen.com/english/VUPEN-Security-Advisory-20081112.txt", + "refsource": "MISC", + "url": "http://www.vupen.com/english/VUPEN-Security-Advisory-20081112.txt" + }, + { + "name": "ADV-2008-3130", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/3130" + }, + { + "name": "32269", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/32269" + } + ] + } +} \ No newline at end of file diff --git a/2008/7xxx/CVE-2008-7111.json b/2008/7xxx/CVE-2008-7111.json index 62c582ce37c..019a4eb39b7 100644 --- a/2008/7xxx/CVE-2008-7111.json +++ b/2008/7xxx/CVE-2008-7111.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-7111", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Scanner File Utility (aka listener) in Kyocera Mita (KM) 3.3.0.1 does not restrict the filenames or extensions of uploaded files, which makes it easier for remote attackers to execute arbitrary code or overwrite files by leveraging CVE-2008-7110 and CVE-2008-7109." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-7111", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080826 White Wolf Labs #080826-1: Kyocera Mita Scanner File Utility (Multiple)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/495772/100/0/threaded" - }, - { - "name" : "http://www.informit.com/guides/content.aspx?g=security&seqNum=320", - "refsource" : "MISC", - "url" : "http://www.informit.com/guides/content.aspx?g=security&seqNum=320" - }, - { - "name" : "31631", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31631" - }, - { - "name" : "kyocera-utility-code-execution(53003)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/53003" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Scanner File Utility (aka listener) in Kyocera Mita (KM) 3.3.0.1 does not restrict the filenames or extensions of uploaded files, which makes it easier for remote attackers to execute arbitrary code or overwrite files by leveraging CVE-2008-7110 and CVE-2008-7109." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "kyocera-utility-code-execution(53003)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53003" + }, + { + "name": "20080826 White Wolf Labs #080826-1: Kyocera Mita Scanner File Utility (Multiple)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/495772/100/0/threaded" + }, + { + "name": "http://www.informit.com/guides/content.aspx?g=security&seqNum=320", + "refsource": "MISC", + "url": "http://www.informit.com/guides/content.aspx?g=security&seqNum=320" + }, + { + "name": "31631", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31631" + } + ] + } +} \ No newline at end of file diff --git a/2008/7xxx/CVE-2008-7292.json b/2008/7xxx/CVE-2008-7292.json index a4af21bac87..4ab72ab7d0e 100644 --- a/2008/7xxx/CVE-2008-7292.json +++ b/2008/7xxx/CVE-2008-7292.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-7292", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Bugzilla 2.20.x before 2.20.5, 2.22.x before 2.22.3, and 3.0.x before 3.0.3 on Windows does not delete the temporary files associated with uploaded attachments, which allows local users to obtain sensitive information by reading these files, a different vulnerability than CVE-2011-2977." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-7292", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=414002", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=414002" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=660502", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=660502" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Bugzilla 2.20.x before 2.20.5, 2.22.x before 2.22.3, and 3.0.x before 3.0.3 on Windows does not delete the temporary files associated with uploaded attachments, which allows local users to obtain sensitive information by reading these files, a different vulnerability than CVE-2011-2977." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=414002", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=414002" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=660502", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=660502" + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2034.json b/2013/2xxx/CVE-2013-2034.json index 5fe1a455794..18341720b74 100644 --- a/2013/2xxx/CVE-2013-2034.json +++ b/2013/2xxx/CVE-2013-2034.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2034", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site request forgery (CSRF) vulnerabilities in Jenkins before 1.514, LTS before 1.509.1, and Enterprise 1.466.x before 1.466.14.1 and 1.480.x before 1.480.4.1 allow remote attackers to hijack the authentication of administrators for requests that (1) execute arbitrary code or (2) initiate deployment of binaries to a Maven repository via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-2034", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2013-05-02.cb", - "refsource" : "CONFIRM", - "url" : "http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2013-05-02.cb" - }, - { - "name" : "92981", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/92981" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site request forgery (CSRF) vulnerabilities in Jenkins before 1.514, LTS before 1.509.1, and Enterprise 1.466.x before 1.466.14.1 and 1.480.x before 1.480.4.1 allow remote attackers to hijack the authentication of administrators for requests that (1) execute arbitrary code or (2) initiate deployment of binaries to a Maven repository via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2013-05-02.cb", + "refsource": "CONFIRM", + "url": "http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2013-05-02.cb" + }, + { + "name": "92981", + "refsource": "OSVDB", + "url": "http://osvdb.org/92981" + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2335.json b/2013/2xxx/CVE-2013-2335.json index 044274419a0..4c998b73fd0 100644 --- a/2013/2xxx/CVE-2013-2335.json +++ b/2013/2xxx/CVE-2013-2335.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2335", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21, 7.00, and 7.01 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1733." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "hp-security-alert@hp.com", + "ID": "CVE-2013-2335", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBMU02883", - "refsource" : "HP", - "url" : "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03781657" - }, - { - "name" : "SSRT101075", - "refsource" : "HP", - "url" : "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03781657" - }, - { - "name" : "SSRT101227", - "refsource" : "HP", - "url" : "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03781657" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21, 7.00, and 7.01 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1733." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SSRT101227", + "refsource": "HP", + "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03781657" + }, + { + "name": "SSRT101075", + "refsource": "HP", + "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03781657" + }, + { + "name": "HPSBMU02883", + "refsource": "HP", + "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03781657" + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2419.json b/2013/2xxx/CVE-2013-2419.json index e0c895005ec..236bf9a4adf 100644 --- a/2013/2xxx/CVE-2013-2419.json +++ b/2013/2xxx/CVE-2013-2419.json @@ -1,237 +1,237 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2419", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect availability via unknown vectors related to 2D. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to \"font processing errors\" in the International Components for Unicode (ICU) Layout Engine before 51.2." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2013-2419", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[distro-pkg-dev] 20130417 [SECURITY] IcedTea 1.11.10 for OpenJDK 6 Released!", - "refsource" : "MLIST", - "url" : "http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2013-April/022796.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/javacpuapr2013-1928497.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/javacpuapr2013-1928497.html" - }, - { - "name" : "http://blog.fuseyism.com/index.php/2013/04/22/security-icedtea-2-3-9-for-openjdk-7-released/", - "refsource" : "CONFIRM", - "url" : "http://blog.fuseyism.com/index.php/2013/04/22/security-icedtea-2-3-9-for-openjdk-7-released/" - }, - { - "name" : "http://blog.fuseyism.com/index.php/2013/04/25/security-icedtea-1-11-11-1-12-5-for-openjdk-6-released/", - "refsource" : "CONFIRM", - "url" : "http://blog.fuseyism.com/index.php/2013/04/25/security-icedtea-1-11-11-1-12-5-for-openjdk-6-released/" - }, - { - "name" : "http://bugs.icu-project.org/trac/ticket/10107", - "refsource" : "CONFIRM", - "url" : "http://bugs.icu-project.org/trac/ticket/10107" - }, - { - "name" : "http://site.icu-project.org/download/51#TOC-Known-Issues", - "refsource" : "CONFIRM", - "url" : "http://site.icu-project.org/download/51#TOC-Known-Issues" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=952656", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=952656" - }, - { - "name" : "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0124", - "refsource" : "CONFIRM", - "url" : "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0124" - }, - { - "name" : "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0130", - "refsource" : "CONFIRM", - "url" : "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0130" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html" - }, - { - "name" : "APPLE-SA-2013-04-16-2", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2013/Apr/msg00001.html" - }, - { - "name" : "GLSA-201406-32", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201406-32.xml" - }, - { - "name" : "HPSBUX02889", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=137283787217316&w=2" - }, - { - "name" : "SSRT101252", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=137283787217316&w=2" - }, - { - "name" : "HPSBUX02922", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03898880" - }, - { - "name" : "SSRT101305", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03898880" - }, - { - "name" : "MDVSA-2013:145", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:145" - }, - { - "name" : "MDVSA-2013:161", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:161" - }, - { - "name" : "RHSA-2013:0752", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0752.html" - }, - { - "name" : "RHSA-2013:0757", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0757.html" - }, - { - "name" : "RHSA-2013:0758", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0758.html" - }, - { - "name" : "RHSA-2013:1455", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1455.html" - }, - { - "name" : "RHSA-2013:1456", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1456.html" - }, - { - "name" : "SUSE-SU-2013:0814", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00007.html" - }, - { - "name" : "openSUSE-SU-2013:0777", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-05/msg00017.html" - }, - { - "name" : "SUSE-SU-2013:0835", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00013.html" - }, - { - "name" : "SUSE-SU-2013:0871", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00001.html" - }, - { - "name" : "SUSE-SU-2013:0934", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00007.html" - }, - { - "name" : "openSUSE-SU-2013:0964", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-06/msg00099.html" - }, - { - "name" : "USN-1806-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1806-1" - }, - { - "name" : "TA13-107A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/ncas/alerts/TA13-107A" - }, - { - "name" : "59131", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/59131" - }, - { - "name" : "oval:org.mitre.oval:def:16527", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16527" - }, - { - "name" : "oval:org.mitre.oval:def:19386", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19386" - }, - { - "name" : "oval:org.mitre.oval:def:19526", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19526" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect availability via unknown vectors related to 2D. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to \"font processing errors\" in the International Components for Unicode (ICU) Layout Engine before 51.2." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:16527", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16527" + }, + { + "name": "SUSE-SU-2013:0835", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00013.html" + }, + { + "name": "GLSA-201406-32", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml" + }, + { + "name": "[distro-pkg-dev] 20130417 [SECURITY] IcedTea 1.11.10 for OpenJDK 6 Released!", + "refsource": "MLIST", + "url": "http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2013-April/022796.html" + }, + { + "name": "SUSE-SU-2013:0871", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00001.html" + }, + { + "name": "RHSA-2013:0758", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0758.html" + }, + { + "name": "59131", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/59131" + }, + { + "name": "http://site.icu-project.org/download/51#TOC-Known-Issues", + "refsource": "CONFIRM", + "url": "http://site.icu-project.org/download/51#TOC-Known-Issues" + }, + { + "name": "APPLE-SA-2013-04-16-2", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2013/Apr/msg00001.html" + }, + { + "name": "MDVSA-2013:145", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:145" + }, + { + "name": "TA13-107A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/ncas/alerts/TA13-107A" + }, + { + "name": "http://blog.fuseyism.com/index.php/2013/04/25/security-icedtea-1-11-11-1-12-5-for-openjdk-6-released/", + "refsource": "CONFIRM", + "url": "http://blog.fuseyism.com/index.php/2013/04/25/security-icedtea-1-11-11-1-12-5-for-openjdk-6-released/" + }, + { + "name": "SSRT101252", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=137283787217316&w=2" + }, + { + "name": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0130", + "refsource": "CONFIRM", + "url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0130" + }, + { + "name": "RHSA-2013:1455", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1455.html" + }, + { + "name": "SSRT101305", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03898880" + }, + { + "name": "RHSA-2013:0757", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0757.html" + }, + { + "name": "HPSBUX02922", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03898880" + }, + { + "name": "oval:org.mitre.oval:def:19386", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19386" + }, + { + "name": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0124", + "refsource": "CONFIRM", + "url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0124" + }, + { + "name": "openSUSE-SU-2013:0777", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-05/msg00017.html" + }, + { + "name": "MDVSA-2013:161", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:161" + }, + { + "name": "openSUSE-SU-2013:0964", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00099.html" + }, + { + "name": "RHSA-2013:0752", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0752.html" + }, + { + "name": "http://bugs.icu-project.org/trac/ticket/10107", + "refsource": "CONFIRM", + "url": "http://bugs.icu-project.org/trac/ticket/10107" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html" + }, + { + "name": "USN-1806-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1806-1" + }, + { + "name": "oval:org.mitre.oval:def:19526", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19526" + }, + { + "name": "RHSA-2013:1456", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1456.html" + }, + { + "name": "SUSE-SU-2013:0814", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00007.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=952656", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=952656" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/javacpuapr2013-1928497.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/javacpuapr2013-1928497.html" + }, + { + "name": "http://blog.fuseyism.com/index.php/2013/04/22/security-icedtea-2-3-9-for-openjdk-7-released/", + "refsource": "CONFIRM", + "url": "http://blog.fuseyism.com/index.php/2013/04/22/security-icedtea-2-3-9-for-openjdk-7-released/" + }, + { + "name": "SUSE-SU-2013:0934", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00007.html" + }, + { + "name": "HPSBUX02889", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=137283787217316&w=2" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6913.json b/2013/6xxx/CVE-2013-6913.json index 959b9b60ad8..be02d202ba4 100644 --- a/2013/6xxx/CVE-2013-6913.json +++ b/2013/6xxx/CVE-2013-6913.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6913", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in a search component in Cybozu Garoon before 3.7.2, when Internet Explorer is used, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2013-6913", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://cs.cybozu.co.jp/information/20131202up01.php", - "refsource" : "MISC", - "url" : "http://cs.cybozu.co.jp/information/20131202up01.php" - }, - { - "name" : "https://support.cybozu.com/ja-jp/article/6928", - "refsource" : "CONFIRM", - "url" : "https://support.cybozu.com/ja-jp/article/6928" - }, - { - "name" : "JVN#23981867", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN23981867/index.html" - }, - { - "name" : "JVNDB-2013-000113", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000113" - }, - { - "name" : "100559", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/100559" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in a search component in Cybozu Garoon before 3.7.2, when Internet Explorer is used, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://cs.cybozu.co.jp/information/20131202up01.php", + "refsource": "MISC", + "url": "http://cs.cybozu.co.jp/information/20131202up01.php" + }, + { + "name": "100559", + "refsource": "OSVDB", + "url": "http://osvdb.org/100559" + }, + { + "name": "https://support.cybozu.com/ja-jp/article/6928", + "refsource": "CONFIRM", + "url": "https://support.cybozu.com/ja-jp/article/6928" + }, + { + "name": "JVNDB-2013-000113", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000113" + }, + { + "name": "JVN#23981867", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN23981867/index.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6988.json b/2013/6xxx/CVE-2013-6988.json index 103516f088c..dd943c0ef67 100644 --- a/2013/6xxx/CVE-2013-6988.json +++ b/2013/6xxx/CVE-2013-6988.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6988", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-6988", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10163.json b/2017/10xxx/CVE-2017-10163.json index c6886517d5c..a4a6e081258 100644 --- a/2017/10xxx/CVE-2017-10163.json +++ b/2017/10xxx/CVE-2017-10163.json @@ -1,85 +1,85 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2017-10163", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Business Intelligence Enterprise Edition", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "11.1.1.7.0" - }, - { - "version_affected" : "=", - "version_value" : "11.1.1.9.0" - }, - { - "version_affected" : "=", - "version_value" : "12.2.1.1.0" - }, - { - "version_affected" : "=", - "version_value" : "12.2.1.2.0" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Oracle Business Intelligence Enterprise Edition component of Oracle Fusion Middleware (subcomponent: Analytics Web General). Supported versions that are affected are 11.1.1.7.0, 11.1.1.9.0, 12.2.1.1.0 and 12.2.1.2.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Business Intelligence Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Business Intelligence Enterprise Edition accessible data. Note: Please refer to Doc ID My Oracle Support Note 2310021.1 for instructions on how to address this issue. CVSS 3.0 Base Score 6.3 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Business Intelligence Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Business Intelligence Enterprise Edition accessible data." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2017-10163", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Business Intelligence Enterprise Edition", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "11.1.1.7.0" + }, + { + "version_affected": "=", + "version_value": "11.1.1.9.0" + }, + { + "version_affected": "=", + "version_value": "12.2.1.1.0" + }, + { + "version_affected": "=", + "version_value": "12.2.1.2.0" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" - }, - { - "name" : "101357", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101357" - }, - { - "name" : "1039602", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039602" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Business Intelligence Enterprise Edition component of Oracle Fusion Middleware (subcomponent: Analytics Web General). Supported versions that are affected are 11.1.1.7.0, 11.1.1.9.0, 12.2.1.1.0 and 12.2.1.2.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Business Intelligence Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Business Intelligence Enterprise Edition accessible data. Note: Please refer to Doc ID My Oracle Support Note 2310021.1 for instructions on how to address this issue. CVSS 3.0 Base Score 6.3 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Business Intelligence Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Business Intelligence Enterprise Edition accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1039602", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039602" + }, + { + "name": "101357", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101357" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10251.json b/2017/10xxx/CVE-2017-10251.json index 48e67163bb8..d8e1242bc0b 100644 --- a/2017/10xxx/CVE-2017-10251.json +++ b/2017/10xxx/CVE-2017-10251.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2017-10251", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "PeopleSoft Enterprise PT PeopleTools", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "8.54" - }, - { - "version_affected" : "=", - "version_value" : "8.55" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Test Framework). Supported versions that are affected are 8.54 and 8.55. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where PeopleSoft Enterprise PeopleTools executes to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 4.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where PeopleSoft Enterprise PeopleTools executes to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all PeopleSoft Enterprise PeopleTools accessible data." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2017-10251", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "PeopleSoft Enterprise PT PeopleTools", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "8.54" + }, + { + "version_affected": "=", + "version_value": "8.55" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" - }, - { - "name" : "99822", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99822" - }, - { - "name" : "1038932", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038932" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Test Framework). Supported versions that are affected are 8.54 and 8.55. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where PeopleSoft Enterprise PeopleTools executes to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 4.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where PeopleSoft Enterprise PeopleTools executes to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all PeopleSoft Enterprise PeopleTools accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "99822", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99822" + }, + { + "name": "1038932", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038932" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11852.json b/2017/11xxx/CVE-2017-11852.json index 09e60247c8a..ba23ec7c019 100644 --- a/2017/11xxx/CVE-2017-11852.json +++ b/2017/11xxx/CVE-2017-11852.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "DATE_PUBLIC" : "2017-11-14T00:00:00", - "ID" : "CVE-2017-11852", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "GDI", - "version" : { - "version_data" : [ - { - "version_value" : "Windows 7 SP1 and Windows Server 2008 SP2 and R2 SP1." - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft GDI Component in Windows 7 SP1 and Windows Server 2008 SP2 and R2 SP1 allows an attacker to log on to an affected system and run a specially crafted application to compromise the user's system, due improperly disclosing kernel memory addresses, aka \"Windows GDI Information Disclosure Vulnerability\"." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information Disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "DATE_PUBLIC": "2017-11-14T00:00:00", + "ID": "CVE-2017-11852", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "GDI", + "version": { + "version_data": [ + { + "version_value": "Windows 7 SP1 and Windows Server 2008 SP2 and R2 SP1." + } + ] + } + } + ] + }, + "vendor_name": "Microsoft Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11852", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11852" - }, - { - "name" : "101739", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101739" - }, - { - "name" : "1039782", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039782" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft GDI Component in Windows 7 SP1 and Windows Server 2008 SP2 and R2 SP1 allows an attacker to log on to an affected system and run a specially crafted application to compromise the user's system, due improperly disclosing kernel memory addresses, aka \"Windows GDI Information Disclosure Vulnerability\"." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11852", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11852" + }, + { + "name": "101739", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101739" + }, + { + "name": "1039782", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039782" + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14141.json b/2017/14xxx/CVE-2017-14141.json index 65bc3b9f09d..37c62bc884c 100644 --- a/2017/14xxx/CVE-2017-14141.json +++ b/2017/14xxx/CVE-2017-14141.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-14141", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The wiki_decode Developer System Helper function in the admin panel in Kaltura before 13.2.0 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-14141", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://telekomsecurity.github.io/assets/advisories/20170912_kaltura-advisory.txt", - "refsource" : "MISC", - "url" : "https://telekomsecurity.github.io/assets/advisories/20170912_kaltura-advisory.txt" - }, - { - "name" : "https://github.com/kaltura/server/commit/6a6d14328b7a1493e8c47f9565461e5f88be20c9#diff-0770640cc76112cbf77bebc604852682", - "refsource" : "CONFIRM", - "url" : "https://github.com/kaltura/server/commit/6a6d14328b7a1493e8c47f9565461e5f88be20c9#diff-0770640cc76112cbf77bebc604852682" - }, - { - "name" : "100976", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100976" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The wiki_decode Developer System Helper function in the admin panel in Kaltura before 13.2.0 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/kaltura/server/commit/6a6d14328b7a1493e8c47f9565461e5f88be20c9#diff-0770640cc76112cbf77bebc604852682", + "refsource": "CONFIRM", + "url": "https://github.com/kaltura/server/commit/6a6d14328b7a1493e8c47f9565461e5f88be20c9#diff-0770640cc76112cbf77bebc604852682" + }, + { + "name": "https://telekomsecurity.github.io/assets/advisories/20170912_kaltura-advisory.txt", + "refsource": "MISC", + "url": "https://telekomsecurity.github.io/assets/advisories/20170912_kaltura-advisory.txt" + }, + { + "name": "100976", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100976" + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14231.json b/2017/14xxx/CVE-2017-14231.json index 10a5212e8a1..819d036e067 100644 --- a/2017/14xxx/CVE-2017-14231.json +++ b/2017/14xxx/CVE-2017-14231.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-14231", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "GeniXCMS before 1.1.0 allows remote attackers to cause a denial of service (account blockage) by leveraging the mishandling of certain username substring relationships, such as the admin