mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-08-04 08:44:25 +00:00
"-Synchronized-Data."
This commit is contained in:
parent
85f540d4b5
commit
4b0aad357e
@ -1,87 +1,87 @@
|
|||||||
{
|
{
|
||||||
"CVE_data_meta" : {
|
"CVE_data_meta": {
|
||||||
"ASSIGNER" : "cve@mitre.org",
|
"ASSIGNER": "cve@mitre.org",
|
||||||
"ID" : "CVE-2003-1160",
|
"ID": "CVE-2003-1160",
|
||||||
"STATE" : "PUBLIC"
|
"STATE": "PUBLIC"
|
||||||
},
|
},
|
||||||
"affects" : {
|
"affects": {
|
||||||
"vendor" : {
|
"vendor": {
|
||||||
"vendor_data" : [
|
"vendor_data": [
|
||||||
{
|
{
|
||||||
"product" : {
|
"product": {
|
||||||
"product_data" : [
|
"product_data": [
|
||||||
{
|
{
|
||||||
"product_name" : "n/a",
|
"product_name": "n/a",
|
||||||
"version" : {
|
"version": {
|
||||||
"version_data" : [
|
"version_data": [
|
||||||
{
|
{
|
||||||
"version_value" : "n/a"
|
"version_value": "n/a"
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"vendor_name" : "n/a"
|
"vendor_name": "n/a"
|
||||||
}
|
}
|
||||||
]
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"data_format" : "MITRE",
|
|
||||||
"data_type" : "CVE",
|
|
||||||
"data_version" : "4.0",
|
|
||||||
"description" : {
|
|
||||||
"description_data" : [
|
|
||||||
{
|
|
||||||
"lang" : "eng",
|
|
||||||
"value" : "FlexWATCH Network video server 132 allows remote attackers to bypass authentication and gain administrative privileges via an HTTP request to aindex.htm that contains double leading slashes (//)."
|
|
||||||
}
|
|
||||||
]
|
|
||||||
},
|
|
||||||
"problemtype" : {
|
|
||||||
"problemtype_data" : [
|
|
||||||
{
|
|
||||||
"description" : [
|
|
||||||
{
|
|
||||||
"lang" : "eng",
|
|
||||||
"value" : "n/a"
|
|
||||||
}
|
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
]
|
},
|
||||||
},
|
"data_format": "MITRE",
|
||||||
"references" : {
|
"data_type": "CVE",
|
||||||
"reference_data" : [
|
"data_version": "4.0",
|
||||||
{
|
"description": {
|
||||||
"name" : "http://packetstormsecurity.nl/0310-exploits/FlexWATCH.txt",
|
"description_data": [
|
||||||
"refsource" : "MISC",
|
{
|
||||||
"url" : "http://packetstormsecurity.nl/0310-exploits/FlexWATCH.txt"
|
"lang": "eng",
|
||||||
},
|
"value": "FlexWATCH Network video server 132 allows remote attackers to bypass authentication and gain administrative privileges via an HTTP request to aindex.htm that contains double leading slashes (//)."
|
||||||
{
|
}
|
||||||
"name" : "8942",
|
]
|
||||||
"refsource" : "BID",
|
},
|
||||||
"url" : "http://www.securityfocus.com/bid/8942"
|
"problemtype": {
|
||||||
},
|
"problemtype_data": [
|
||||||
{
|
{
|
||||||
"name" : "2842",
|
"description": [
|
||||||
"refsource" : "OSVDB",
|
{
|
||||||
"url" : "http://www.osvdb.org/2842"
|
"lang": "eng",
|
||||||
},
|
"value": "n/a"
|
||||||
{
|
}
|
||||||
"name" : "1008049",
|
]
|
||||||
"refsource" : "SECTRACK",
|
}
|
||||||
"url" : "http://securitytracker.com/id?1008049"
|
]
|
||||||
},
|
},
|
||||||
{
|
"references": {
|
||||||
"name" : "10132",
|
"reference_data": [
|
||||||
"refsource" : "SECUNIA",
|
{
|
||||||
"url" : "http://secunia.com/advisories/10132"
|
"name": "10132",
|
||||||
},
|
"refsource": "SECUNIA",
|
||||||
{
|
"url": "http://secunia.com/advisories/10132"
|
||||||
"name" : "flexwatch-slash-admin-access(13567)",
|
},
|
||||||
"refsource" : "XF",
|
{
|
||||||
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13567"
|
"name": "flexwatch-slash-admin-access(13567)",
|
||||||
}
|
"refsource": "XF",
|
||||||
]
|
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13567"
|
||||||
}
|
},
|
||||||
}
|
{
|
||||||
|
"name": "http://packetstormsecurity.nl/0310-exploits/FlexWATCH.txt",
|
||||||
|
"refsource": "MISC",
|
||||||
|
"url": "http://packetstormsecurity.nl/0310-exploits/FlexWATCH.txt"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "8942",
|
||||||
|
"refsource": "BID",
|
||||||
|
"url": "http://www.securityfocus.com/bid/8942"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "1008049",
|
||||||
|
"refsource": "SECTRACK",
|
||||||
|
"url": "http://securitytracker.com/id?1008049"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "2842",
|
||||||
|
"refsource": "OSVDB",
|
||||||
|
"url": "http://www.osvdb.org/2842"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
}
|
@ -1,102 +1,102 @@
|
|||||||
{
|
{
|
||||||
"CVE_data_meta" : {
|
"CVE_data_meta": {
|
||||||
"ASSIGNER" : "cve@mitre.org",
|
"ASSIGNER": "cve@mitre.org",
|
||||||
"ID" : "CVE-2003-1292",
|
"ID": "CVE-2003-1292",
|
||||||
"STATE" : "PUBLIC"
|
"STATE": "PUBLIC"
|
||||||
},
|
},
|
||||||
"affects" : {
|
"affects": {
|
||||||
"vendor" : {
|
"vendor": {
|
||||||
"vendor_data" : [
|
"vendor_data": [
|
||||||
{
|
{
|
||||||
"product" : {
|
"product": {
|
||||||
"product_data" : [
|
"product_data": [
|
||||||
{
|
{
|
||||||
"product_name" : "n/a",
|
"product_name": "n/a",
|
||||||
"version" : {
|
"version": {
|
||||||
"version_data" : [
|
"version_data": [
|
||||||
{
|
{
|
||||||
"version_value" : "n/a"
|
"version_value": "n/a"
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"vendor_name" : "n/a"
|
"vendor_name": "n/a"
|
||||||
}
|
}
|
||||||
]
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"data_format" : "MITRE",
|
|
||||||
"data_type" : "CVE",
|
|
||||||
"data_version" : "4.0",
|
|
||||||
"description" : {
|
|
||||||
"description_data" : [
|
|
||||||
{
|
|
||||||
"lang" : "eng",
|
|
||||||
"value" : "PHP remote file include vulnerability in Derek Ashauer ashNews 0.83 allows remote attackers to include and execute arbitrary remote files via a URL in the pathtoashnews parameter to (1) ashnews.php and (2) ashheadlines.php."
|
|
||||||
}
|
|
||||||
]
|
|
||||||
},
|
|
||||||
"problemtype" : {
|
|
||||||
"problemtype_data" : [
|
|
||||||
{
|
|
||||||
"description" : [
|
|
||||||
{
|
|
||||||
"lang" : "eng",
|
|
||||||
"value" : "n/a"
|
|
||||||
}
|
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
]
|
},
|
||||||
},
|
"data_format": "MITRE",
|
||||||
"references" : {
|
"data_type": "CVE",
|
||||||
"reference_data" : [
|
"data_version": "4.0",
|
||||||
{
|
"description": {
|
||||||
"name" : "20030720 sorry, wrong file",
|
"description_data": [
|
||||||
"refsource" : "BUGTRAQ",
|
{
|
||||||
"url" : "http://www.securityfocus.com/archive/1/329910"
|
"lang": "eng",
|
||||||
},
|
"value": "PHP remote file include vulnerability in Derek Ashauer ashNews 0.83 allows remote attackers to include and execute arbitrary remote files via a URL in the pathtoashnews parameter to (1) ashnews.php and (2) ashheadlines.php."
|
||||||
{
|
}
|
||||||
"name" : "20060130 Re: ashnews Cross-Site Scripting Vulnerability",
|
]
|
||||||
"refsource" : "FULLDISC",
|
},
|
||||||
"url" : "http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0969.html"
|
"problemtype": {
|
||||||
},
|
"problemtype_data": [
|
||||||
{
|
{
|
||||||
"name" : "20060131 Re: ashnews Cross-Site Scripting Vulnerability",
|
"description": [
|
||||||
"refsource" : "FULLDISC",
|
{
|
||||||
"url" : "http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0979.html"
|
"lang": "eng",
|
||||||
},
|
"value": "n/a"
|
||||||
{
|
}
|
||||||
"name" : "20060131 Re: ashnews Cross-Site Scripting Vulnerability",
|
]
|
||||||
"refsource" : "FULLDISC",
|
}
|
||||||
"url" : "http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0980.html"
|
]
|
||||||
},
|
},
|
||||||
{
|
"references": {
|
||||||
"name" : "1864",
|
"reference_data": [
|
||||||
"refsource" : "EXPLOIT-DB",
|
{
|
||||||
"url" : "https://www.exploit-db.com/exploits/1864"
|
"name": "1864",
|
||||||
},
|
"refsource": "EXPLOIT-DB",
|
||||||
{
|
"url": "https://www.exploit-db.com/exploits/1864"
|
||||||
"name" : "http://forums.ashwebstudio.com/viewtopic.php?t=353&start=0",
|
},
|
||||||
"refsource" : "CONFIRM",
|
{
|
||||||
"url" : "http://forums.ashwebstudio.com/viewtopic.php?t=353&start=0"
|
"name": "18248",
|
||||||
},
|
"refsource": "BID",
|
||||||
{
|
"url": "http://www.securityfocus.com/bid/18248"
|
||||||
"name" : "16436",
|
},
|
||||||
"refsource" : "BID",
|
{
|
||||||
"url" : "http://www.securityfocus.com/bid/16436"
|
"name": "20060131 Re: ashnews Cross-Site Scripting Vulnerability",
|
||||||
},
|
"refsource": "FULLDISC",
|
||||||
{
|
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0980.html"
|
||||||
"name" : "18248",
|
},
|
||||||
"refsource" : "BID",
|
{
|
||||||
"url" : "http://www.securityfocus.com/bid/18248"
|
"name": "9331",
|
||||||
},
|
"refsource": "SECUNIA",
|
||||||
{
|
"url": "http://secunia.com/advisories/9331"
|
||||||
"name" : "9331",
|
},
|
||||||
"refsource" : "SECUNIA",
|
{
|
||||||
"url" : "http://secunia.com/advisories/9331"
|
"name": "http://forums.ashwebstudio.com/viewtopic.php?t=353&start=0",
|
||||||
}
|
"refsource": "CONFIRM",
|
||||||
]
|
"url": "http://forums.ashwebstudio.com/viewtopic.php?t=353&start=0"
|
||||||
}
|
},
|
||||||
}
|
{
|
||||||
|
"name": "20030720 sorry, wrong file",
|
||||||
|
"refsource": "BUGTRAQ",
|
||||||
|
"url": "http://www.securityfocus.com/archive/1/329910"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "20060131 Re: ashnews Cross-Site Scripting Vulnerability",
|
||||||
|
"refsource": "FULLDISC",
|
||||||
|
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0979.html"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "20060130 Re: ashnews Cross-Site Scripting Vulnerability",
|
||||||
|
"refsource": "FULLDISC",
|
||||||
|
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0969.html"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "16436",
|
||||||
|
"refsource": "BID",
|
||||||
|
"url": "http://www.securityfocus.com/bid/16436"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
}
|
@ -1,67 +1,67 @@
|
|||||||
{
|
{
|
||||||
"CVE_data_meta" : {
|
"CVE_data_meta": {
|
||||||
"ASSIGNER" : "cve@mitre.org",
|
"ASSIGNER": "cve@mitre.org",
|
||||||
"ID" : "CVE-2003-1311",
|
"ID": "CVE-2003-1311",
|
||||||
"STATE" : "PUBLIC"
|
"STATE": "PUBLIC"
|
||||||
},
|
},
|
||||||
"affects" : {
|
"affects": {
|
||||||
"vendor" : {
|
"vendor": {
|
||||||
"vendor_data" : [
|
"vendor_data": [
|
||||||
{
|
{
|
||||||
"product" : {
|
"product": {
|
||||||
"product_data" : [
|
"product_data": [
|
||||||
{
|
{
|
||||||
"product_name" : "n/a",
|
"product_name": "n/a",
|
||||||
"version" : {
|
"version": {
|
||||||
"version_data" : [
|
"version_data": [
|
||||||
{
|
{
|
||||||
"version_value" : "n/a"
|
"version_value": "n/a"
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"vendor_name" : "n/a"
|
"vendor_name": "n/a"
|
||||||
}
|
}
|
||||||
]
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"data_format" : "MITRE",
|
|
||||||
"data_type" : "CVE",
|
|
||||||
"data_version" : "4.0",
|
|
||||||
"description" : {
|
|
||||||
"description_data" : [
|
|
||||||
{
|
|
||||||
"lang" : "eng",
|
|
||||||
"value" : "siteminderagent/SmMakeCookie.ccc in Netegrity SiteMinder does not ensure that the TARGET parameter names a valid redirection resource, which allows remote attackers to construct a URL that might trick users into visiting an arbitrary web site referenced by this parameter."
|
|
||||||
}
|
|
||||||
]
|
|
||||||
},
|
|
||||||
"problemtype" : {
|
|
||||||
"problemtype_data" : [
|
|
||||||
{
|
|
||||||
"description" : [
|
|
||||||
{
|
|
||||||
"lang" : "eng",
|
|
||||||
"value" : "n/a"
|
|
||||||
}
|
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
]
|
},
|
||||||
},
|
"data_format": "MITRE",
|
||||||
"references" : {
|
"data_type": "CVE",
|
||||||
"reference_data" : [
|
"data_version": "4.0",
|
||||||
{
|
"description": {
|
||||||
"name" : "[curl-users] 20030529 Re: https, redirection and authentication using POST",
|
"description_data": [
|
||||||
"refsource" : "MLIST",
|
{
|
||||||
"url" : "http://curl.haxx.se/mail/archive-2003-05/0172.html"
|
"lang": "eng",
|
||||||
},
|
"value": "siteminderagent/SmMakeCookie.ccc in Netegrity SiteMinder does not ensure that the TARGET parameter names a valid redirection resource, which allows remote attackers to construct a URL that might trick users into visiting an arbitrary web site referenced by this parameter."
|
||||||
{
|
}
|
||||||
"name" : "30741",
|
]
|
||||||
"refsource" : "OSVDB",
|
},
|
||||||
"url" : "http://www.osvdb.org/30741"
|
"problemtype": {
|
||||||
}
|
"problemtype_data": [
|
||||||
]
|
{
|
||||||
}
|
"description": [
|
||||||
}
|
{
|
||||||
|
"lang": "eng",
|
||||||
|
"value": "n/a"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"references": {
|
||||||
|
"reference_data": [
|
||||||
|
{
|
||||||
|
"name": "[curl-users] 20030529 Re: https, redirection and authentication using POST",
|
||||||
|
"refsource": "MLIST",
|
||||||
|
"url": "http://curl.haxx.se/mail/archive-2003-05/0172.html"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "30741",
|
||||||
|
"refsource": "OSVDB",
|
||||||
|
"url": "http://www.osvdb.org/30741"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
}
|
@ -1,18 +1,18 @@
|
|||||||
{
|
{
|
||||||
"CVE_data_meta" : {
|
"data_type": "CVE",
|
||||||
"ASSIGNER" : "cve@mitre.org",
|
"data_format": "MITRE",
|
||||||
"ID" : "CVE-2004-0141",
|
"data_version": "4.0",
|
||||||
"STATE" : "REJECT"
|
"CVE_data_meta": {
|
||||||
},
|
"ID": "CVE-2004-0141",
|
||||||
"data_format" : "MITRE",
|
"ASSIGNER": "cve@mitre.org",
|
||||||
"data_type" : "CVE",
|
"STATE": "REJECT"
|
||||||
"data_version" : "4.0",
|
},
|
||||||
"description" : {
|
"description": {
|
||||||
"description_data" : [
|
"description_data": [
|
||||||
{
|
{
|
||||||
"lang" : "eng",
|
"lang": "eng",
|
||||||
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2004. Notes: none."
|
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2004. Notes: none."
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
}
|
}
|
@ -1,77 +1,77 @@
|
|||||||
{
|
{
|
||||||
"CVE_data_meta" : {
|
"CVE_data_meta": {
|
||||||
"ASSIGNER" : "cve@mitre.org",
|
"ASSIGNER": "cve@mitre.org",
|
||||||
"ID" : "CVE-2004-0312",
|
"ID": "CVE-2004-0312",
|
||||||
"STATE" : "PUBLIC"
|
"STATE": "PUBLIC"
|
||||||
},
|
},
|
||||||
"affects" : {
|
"affects": {
|
||||||
"vendor" : {
|
"vendor": {
|
||||||
"vendor_data" : [
|
"vendor_data": [
|
||||||
{
|
{
|
||||||
"product" : {
|
"product": {
|
||||||
"product_data" : [
|
"product_data": [
|
||||||
{
|
{
|
||||||
"product_name" : "n/a",
|
"product_name": "n/a",
|
||||||
"version" : {
|
"version": {
|
||||||
"version_data" : [
|
"version_data": [
|
||||||
{
|
{
|
||||||
"version_value" : "n/a"
|
"version_value": "n/a"
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"vendor_name" : "n/a"
|
"vendor_name": "n/a"
|
||||||
}
|
}
|
||||||
]
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"data_format" : "MITRE",
|
|
||||||
"data_type" : "CVE",
|
|
||||||
"data_version" : "4.0",
|
|
||||||
"description" : {
|
|
||||||
"description_data" : [
|
|
||||||
{
|
|
||||||
"lang" : "eng",
|
|
||||||
"value" : "Linksys WAP55AG 1.07 allows remote attackers with access to an SNMP read only community string to gain access to read/write communtiy strings via a query for OID 1.3.6.1.4.1.3955.2.1.13.1.2."
|
|
||||||
}
|
|
||||||
]
|
|
||||||
},
|
|
||||||
"problemtype" : {
|
|
||||||
"problemtype_data" : [
|
|
||||||
{
|
|
||||||
"description" : [
|
|
||||||
{
|
|
||||||
"lang" : "eng",
|
|
||||||
"value" : "n/a"
|
|
||||||
}
|
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
]
|
},
|
||||||
},
|
"data_format": "MITRE",
|
||||||
"references" : {
|
"data_type": "CVE",
|
||||||
"reference_data" : [
|
"data_version": "4.0",
|
||||||
{
|
"description": {
|
||||||
"name" : "20040217 SNMP community string disclosure in Linksys WAP55AG",
|
"description_data": [
|
||||||
"refsource" : "BUGTRAQ",
|
{
|
||||||
"url" : "http://marc.info/?l=bugtraq&m=107712101324233&w=2"
|
"lang": "eng",
|
||||||
},
|
"value": "Linksys WAP55AG 1.07 allows remote attackers with access to an SNMP read only community string to gain access to read/write communtiy strings via a query for OID 1.3.6.1.4.1.3955.2.1.13.1.2."
|
||||||
{
|
}
|
||||||
"name" : "20040219 Re: SNMP community string disclosure in Linksys WAP55AG",
|
]
|
||||||
"refsource" : "BUGTRAQ",
|
},
|
||||||
"url" : "http://marc.info/?l=bugtraq&m=107730681012131&w=2"
|
"problemtype": {
|
||||||
},
|
"problemtype_data": [
|
||||||
{
|
{
|
||||||
"name" : "linksys-snmp-strings-disclosure(15257)",
|
"description": [
|
||||||
"refsource" : "XF",
|
{
|
||||||
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15257"
|
"lang": "eng",
|
||||||
},
|
"value": "n/a"
|
||||||
{
|
}
|
||||||
"name" : "9688",
|
]
|
||||||
"refsource" : "BID",
|
}
|
||||||
"url" : "http://www.securityfocus.com/bid/9688"
|
]
|
||||||
}
|
},
|
||||||
]
|
"references": {
|
||||||
}
|
"reference_data": [
|
||||||
}
|
{
|
||||||
|
"name": "20040219 Re: SNMP community string disclosure in Linksys WAP55AG",
|
||||||
|
"refsource": "BUGTRAQ",
|
||||||
|
"url": "http://marc.info/?l=bugtraq&m=107730681012131&w=2"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "20040217 SNMP community string disclosure in Linksys WAP55AG",
|
||||||
|
"refsource": "BUGTRAQ",
|
||||||
|
"url": "http://marc.info/?l=bugtraq&m=107712101324233&w=2"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "linksys-snmp-strings-disclosure(15257)",
|
||||||
|
"refsource": "XF",
|
||||||
|
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15257"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "9688",
|
||||||
|
"refsource": "BID",
|
||||||
|
"url": "http://www.securityfocus.com/bid/9688"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
}
|
@ -1,72 +1,72 @@
|
|||||||
{
|
{
|
||||||
"CVE_data_meta" : {
|
"CVE_data_meta": {
|
||||||
"ASSIGNER" : "cve@mitre.org",
|
"ASSIGNER": "cve@mitre.org",
|
||||||
"ID" : "CVE-2004-0606",
|
"ID": "CVE-2004-0606",
|
||||||
"STATE" : "PUBLIC"
|
"STATE": "PUBLIC"
|
||||||
},
|
},
|
||||||
"affects" : {
|
"affects": {
|
||||||
"vendor" : {
|
"vendor": {
|
||||||
"vendor_data" : [
|
"vendor_data": [
|
||||||
{
|
{
|
||||||
"product" : {
|
"product": {
|
||||||
"product_data" : [
|
"product_data": [
|
||||||
{
|
{
|
||||||
"product_name" : "n/a",
|
"product_name": "n/a",
|
||||||
"version" : {
|
"version": {
|
||||||
"version_data" : [
|
"version_data": [
|
||||||
{
|
{
|
||||||
"version_value" : "n/a"
|
"version_value": "n/a"
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"vendor_name" : "n/a"
|
"vendor_name": "n/a"
|
||||||
}
|
}
|
||||||
]
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"data_format" : "MITRE",
|
|
||||||
"data_type" : "CVE",
|
|
||||||
"data_version" : "4.0",
|
|
||||||
"description" : {
|
|
||||||
"description_data" : [
|
|
||||||
{
|
|
||||||
"lang" : "eng",
|
|
||||||
"value" : "Cross-site scripting (XSS) vulnerability in Infoblox DNS One running firmware 2.4.0-8 and earlier allows remote attackers to execute arbitrary scripts as other users via the (1) CLIENTID or (2) HOSTNAME option of a DHCP request."
|
|
||||||
}
|
|
||||||
]
|
|
||||||
},
|
|
||||||
"problemtype" : {
|
|
||||||
"problemtype_data" : [
|
|
||||||
{
|
|
||||||
"description" : [
|
|
||||||
{
|
|
||||||
"lang" : "eng",
|
|
||||||
"value" : "n/a"
|
|
||||||
}
|
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
]
|
},
|
||||||
},
|
"data_format": "MITRE",
|
||||||
"references" : {
|
"data_type": "CVE",
|
||||||
"reference_data" : [
|
"data_version": "4.0",
|
||||||
{
|
"description": {
|
||||||
"name" : "20040619 Script injection in DNSONE appliance",
|
"description_data": [
|
||||||
"refsource" : "BUGTRAQ",
|
{
|
||||||
"url" : "http://marc.info/?l=bugtraq&m=108769996925349&w=2"
|
"lang": "eng",
|
||||||
},
|
"value": "Cross-site scripting (XSS) vulnerability in Infoblox DNS One running firmware 2.4.0-8 and earlier allows remote attackers to execute arbitrary scripts as other users via the (1) CLIENTID or (2) HOSTNAME option of a DHCP request."
|
||||||
{
|
}
|
||||||
"name" : "10573",
|
]
|
||||||
"refsource" : "BID",
|
},
|
||||||
"url" : "http://www.securityfocus.com/bid/10573"
|
"problemtype": {
|
||||||
},
|
"problemtype_data": [
|
||||||
{
|
{
|
||||||
"name" : "dnsone-dhcp-report-xss(16456)",
|
"description": [
|
||||||
"refsource" : "XF",
|
{
|
||||||
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16456"
|
"lang": "eng",
|
||||||
}
|
"value": "n/a"
|
||||||
]
|
}
|
||||||
}
|
]
|
||||||
}
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"references": {
|
||||||
|
"reference_data": [
|
||||||
|
{
|
||||||
|
"name": "dnsone-dhcp-report-xss(16456)",
|
||||||
|
"refsource": "XF",
|
||||||
|
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16456"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "10573",
|
||||||
|
"refsource": "BID",
|
||||||
|
"url": "http://www.securityfocus.com/bid/10573"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "20040619 Script injection in DNSONE appliance",
|
||||||
|
"refsource": "BUGTRAQ",
|
||||||
|
"url": "http://marc.info/?l=bugtraq&m=108769996925349&w=2"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
}
|
@ -1,122 +1,122 @@
|
|||||||
{
|
{
|
||||||
"CVE_data_meta" : {
|
"CVE_data_meta": {
|
||||||
"ASSIGNER" : "cve@mitre.org",
|
"ASSIGNER": "cve@mitre.org",
|
||||||
"ID" : "CVE-2004-0845",
|
"ID": "CVE-2004-0845",
|
||||||
"STATE" : "PUBLIC"
|
"STATE": "PUBLIC"
|
||||||
},
|
},
|
||||||
"affects" : {
|
"affects": {
|
||||||
"vendor" : {
|
"vendor": {
|
||||||
"vendor_data" : [
|
"vendor_data": [
|
||||||
{
|
{
|
||||||
"product" : {
|
"product": {
|
||||||
"product_data" : [
|
"product_data": [
|
||||||
{
|
{
|
||||||
"product_name" : "n/a",
|
"product_name": "n/a",
|
||||||
"version" : {
|
"version": {
|
||||||
"version_data" : [
|
"version_data": [
|
||||||
{
|
{
|
||||||
"version_value" : "n/a"
|
"version_value": "n/a"
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"vendor_name" : "n/a"
|
"vendor_name": "n/a"
|
||||||
}
|
}
|
||||||
]
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"data_format" : "MITRE",
|
|
||||||
"data_type" : "CVE",
|
|
||||||
"data_version" : "4.0",
|
|
||||||
"description" : {
|
|
||||||
"description_data" : [
|
|
||||||
{
|
|
||||||
"lang" : "eng",
|
|
||||||
"value" : "Internet Explorer 5.01, 5.5, and 6 does not properly cache SSL content, which allows remote attackers to obtain information or spoof content via a web site with the same host name as the target web site, whose content is cached and reused when the user visits the target web site."
|
|
||||||
}
|
|
||||||
]
|
|
||||||
},
|
|
||||||
"problemtype" : {
|
|
||||||
"problemtype_data" : [
|
|
||||||
{
|
|
||||||
"description" : [
|
|
||||||
{
|
|
||||||
"lang" : "eng",
|
|
||||||
"value" : "n/a"
|
|
||||||
}
|
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
]
|
},
|
||||||
},
|
"data_format": "MITRE",
|
||||||
"references" : {
|
"data_type": "CVE",
|
||||||
"reference_data" : [
|
"data_version": "4.0",
|
||||||
{
|
"description": {
|
||||||
"name" : "20041013 ACROS Security: Poisoning Cached HTTPS Documents in Internet Explorer",
|
"description_data": [
|
||||||
"refsource" : "BUGTRAQ",
|
{
|
||||||
"url" : "http://marc.info/?l=bugtraq&m=109770364504803&w=2"
|
"lang": "eng",
|
||||||
},
|
"value": "Internet Explorer 5.01, 5.5, and 6 does not properly cache SSL content, which allows remote attackers to obtain information or spoof content via a web site with the same host name as the target web site, whose content is cached and reused when the user visits the target web site."
|
||||||
{
|
}
|
||||||
"name" : "http://www.acrossecurity.com/aspr/ASPR-2004-10-13-1-PUB.txt",
|
]
|
||||||
"refsource" : "MISC",
|
},
|
||||||
"url" : "http://www.acrossecurity.com/aspr/ASPR-2004-10-13-1-PUB.txt"
|
"problemtype": {
|
||||||
},
|
"problemtype_data": [
|
||||||
{
|
{
|
||||||
"name" : "MS04-038",
|
"description": [
|
||||||
"refsource" : "MS",
|
{
|
||||||
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-038"
|
"lang": "eng",
|
||||||
},
|
"value": "n/a"
|
||||||
{
|
}
|
||||||
"name" : "TA04-293A",
|
]
|
||||||
"refsource" : "CERT",
|
}
|
||||||
"url" : "http://www.us-cert.gov/cas/techalerts/TA04-293A.html"
|
]
|
||||||
},
|
},
|
||||||
{
|
"references": {
|
||||||
"name" : "VU#795720",
|
"reference_data": [
|
||||||
"refsource" : "CERT-VN",
|
{
|
||||||
"url" : "http://www.kb.cert.org/vuls/id/795720"
|
"name": "oval:org.mitre.oval:def:2219",
|
||||||
},
|
"refsource": "OVAL",
|
||||||
{
|
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2219"
|
||||||
"name" : "oval:org.mitre.oval:def:2219",
|
},
|
||||||
"refsource" : "OVAL",
|
{
|
||||||
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2219"
|
"name": "oval:org.mitre.oval:def:5150",
|
||||||
},
|
"refsource": "OVAL",
|
||||||
{
|
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5150"
|
||||||
"name" : "oval:org.mitre.oval:def:3872",
|
},
|
||||||
"refsource" : "OVAL",
|
{
|
||||||
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3872"
|
"name": "ie-cache-ssl-obtain-information(17654)",
|
||||||
},
|
"refsource": "XF",
|
||||||
{
|
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17654"
|
||||||
"name" : "oval:org.mitre.oval:def:5150",
|
},
|
||||||
"refsource" : "OVAL",
|
{
|
||||||
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5150"
|
"name": "oval:org.mitre.oval:def:5740",
|
||||||
},
|
"refsource": "OVAL",
|
||||||
{
|
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5740"
|
||||||
"name" : "oval:org.mitre.oval:def:5520",
|
},
|
||||||
"refsource" : "OVAL",
|
{
|
||||||
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5520"
|
"name": "MS04-038",
|
||||||
},
|
"refsource": "MS",
|
||||||
{
|
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-038"
|
||||||
"name" : "oval:org.mitre.oval:def:5740",
|
},
|
||||||
"refsource" : "OVAL",
|
{
|
||||||
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5740"
|
"name": "oval:org.mitre.oval:def:5520",
|
||||||
},
|
"refsource": "OVAL",
|
||||||
{
|
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5520"
|
||||||
"name" : "oval:org.mitre.oval:def:7611",
|
},
|
||||||
"refsource" : "OVAL",
|
{
|
||||||
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7611"
|
"name": "oval:org.mitre.oval:def:3872",
|
||||||
},
|
"refsource": "OVAL",
|
||||||
{
|
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3872"
|
||||||
"name" : "ie-cache-ssl-obtain-information(17654)",
|
},
|
||||||
"refsource" : "XF",
|
{
|
||||||
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17654"
|
"name": "20041013 ACROS Security: Poisoning Cached HTTPS Documents in Internet Explorer",
|
||||||
},
|
"refsource": "BUGTRAQ",
|
||||||
{
|
"url": "http://marc.info/?l=bugtraq&m=109770364504803&w=2"
|
||||||
"name" : "ie-ms04038-patch(17651)",
|
},
|
||||||
"refsource" : "XF",
|
{
|
||||||
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17651"
|
"name": "TA04-293A",
|
||||||
}
|
"refsource": "CERT",
|
||||||
]
|
"url": "http://www.us-cert.gov/cas/techalerts/TA04-293A.html"
|
||||||
}
|
},
|
||||||
}
|
{
|
||||||
|
"name": "ie-ms04038-patch(17651)",
|
||||||
|
"refsource": "XF",
|
||||||
|
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17651"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "VU#795720",
|
||||||
|
"refsource": "CERT-VN",
|
||||||
|
"url": "http://www.kb.cert.org/vuls/id/795720"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "http://www.acrossecurity.com/aspr/ASPR-2004-10-13-1-PUB.txt",
|
||||||
|
"refsource": "MISC",
|
||||||
|
"url": "http://www.acrossecurity.com/aspr/ASPR-2004-10-13-1-PUB.txt"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "oval:org.mitre.oval:def:7611",
|
||||||
|
"refsource": "OVAL",
|
||||||
|
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7611"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
}
|
@ -1,82 +1,82 @@
|
|||||||
{
|
{
|
||||||
"CVE_data_meta" : {
|
"CVE_data_meta": {
|
||||||
"ASSIGNER" : "cve@mitre.org",
|
"ASSIGNER": "cve@mitre.org",
|
||||||
"ID" : "CVE-2004-0960",
|
"ID": "CVE-2004-0960",
|
||||||
"STATE" : "PUBLIC"
|
"STATE": "PUBLIC"
|
||||||
},
|
},
|
||||||
"affects" : {
|
"affects": {
|
||||||
"vendor" : {
|
"vendor": {
|
||||||
"vendor_data" : [
|
"vendor_data": [
|
||||||
{
|
{
|
||||||
"product" : {
|
"product": {
|
||||||
"product_data" : [
|
"product_data": [
|
||||||
{
|
{
|
||||||
"product_name" : "n/a",
|
"product_name": "n/a",
|
||||||
"version" : {
|
"version": {
|
||||||
"version_data" : [
|
"version_data": [
|
||||||
{
|
{
|
||||||
"version_value" : "n/a"
|
"version_value": "n/a"
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"vendor_name" : "n/a"
|
"vendor_name": "n/a"
|
||||||
}
|
}
|
||||||
]
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"data_format" : "MITRE",
|
|
||||||
"data_type" : "CVE",
|
|
||||||
"data_version" : "4.0",
|
|
||||||
"description" : {
|
|
||||||
"description_data" : [
|
|
||||||
{
|
|
||||||
"lang" : "eng",
|
|
||||||
"value" : "FreeRADIUS before 1.0.1 allows remote attackers to cause a denial of service (core dump) via malformed USR vendor-specific attributes (VSA) that cause a memcpy operation with a -1 argument."
|
|
||||||
}
|
|
||||||
]
|
|
||||||
},
|
|
||||||
"problemtype" : {
|
|
||||||
"problemtype_data" : [
|
|
||||||
{
|
|
||||||
"description" : [
|
|
||||||
{
|
|
||||||
"lang" : "eng",
|
|
||||||
"value" : "n/a"
|
|
||||||
}
|
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
]
|
},
|
||||||
},
|
"data_format": "MITRE",
|
||||||
"references" : {
|
"data_type": "CVE",
|
||||||
"reference_data" : [
|
"data_version": "4.0",
|
||||||
{
|
"description": {
|
||||||
"name" : "GLSA-200409-29",
|
"description_data": [
|
||||||
"refsource" : "GENTOO",
|
{
|
||||||
"url" : "http://security.gentoo.org/glsa/glsa-200409-29.xml"
|
"lang": "eng",
|
||||||
},
|
"value": "FreeRADIUS before 1.0.1 allows remote attackers to cause a denial of service (core dump) via malformed USR vendor-specific attributes (VSA) that cause a memcpy operation with a -1 argument."
|
||||||
{
|
}
|
||||||
"name" : "VU#541574",
|
]
|
||||||
"refsource" : "CERT-VN",
|
},
|
||||||
"url" : "http://www.kb.cert.org/vuls/id/541574"
|
"problemtype": {
|
||||||
},
|
"problemtype_data": [
|
||||||
{
|
{
|
||||||
"name" : "11222",
|
"description": [
|
||||||
"refsource" : "BID",
|
{
|
||||||
"url" : "http://www.securityfocus.com/bid/11222"
|
"lang": "eng",
|
||||||
},
|
"value": "n/a"
|
||||||
{
|
}
|
||||||
"name" : "oval:org.mitre.oval:def:11023",
|
]
|
||||||
"refsource" : "OVAL",
|
}
|
||||||
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11023"
|
]
|
||||||
},
|
},
|
||||||
{
|
"references": {
|
||||||
"name" : "freeradius-dos(17440)",
|
"reference_data": [
|
||||||
"refsource" : "XF",
|
{
|
||||||
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17440"
|
"name": "GLSA-200409-29",
|
||||||
}
|
"refsource": "GENTOO",
|
||||||
]
|
"url": "http://security.gentoo.org/glsa/glsa-200409-29.xml"
|
||||||
}
|
},
|
||||||
}
|
{
|
||||||
|
"name": "11222",
|
||||||
|
"refsource": "BID",
|
||||||
|
"url": "http://www.securityfocus.com/bid/11222"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "freeradius-dos(17440)",
|
||||||
|
"refsource": "XF",
|
||||||
|
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17440"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "VU#541574",
|
||||||
|
"refsource": "CERT-VN",
|
||||||
|
"url": "http://www.kb.cert.org/vuls/id/541574"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "oval:org.mitre.oval:def:11023",
|
||||||
|
"refsource": "OVAL",
|
||||||
|
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11023"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
}
|
@ -1,77 +1,77 @@
|
|||||||
{
|
{
|
||||||
"CVE_data_meta" : {
|
"CVE_data_meta": {
|
||||||
"ASSIGNER" : "cve@mitre.org",
|
"ASSIGNER": "cve@mitre.org",
|
||||||
"ID" : "CVE-2004-1857",
|
"ID": "CVE-2004-1857",
|
||||||
"STATE" : "PUBLIC"
|
"STATE": "PUBLIC"
|
||||||
},
|
},
|
||||||
"affects" : {
|
"affects": {
|
||||||
"vendor" : {
|
"vendor": {
|
||||||
"vendor_data" : [
|
"vendor_data": [
|
||||||
{
|
{
|
||||||
"product" : {
|
"product": {
|
||||||
"product_data" : [
|
"product_data": [
|
||||||
{
|
{
|
||||||
"product_name" : "n/a",
|
"product_name": "n/a",
|
||||||
"version" : {
|
"version": {
|
||||||
"version_data" : [
|
"version_data": [
|
||||||
{
|
{
|
||||||
"version_value" : "n/a"
|
"version_value": "n/a"
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"vendor_name" : "n/a"
|
"vendor_name": "n/a"
|
||||||
}
|
}
|
||||||
]
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"data_format" : "MITRE",
|
|
||||||
"data_type" : "CVE",
|
|
||||||
"data_version" : "4.0",
|
|
||||||
"description" : {
|
|
||||||
"description_data" : [
|
|
||||||
{
|
|
||||||
"lang" : "eng",
|
|
||||||
"value" : "Directory traversal vulnerability in setinfo.hts in HP Web Jetadmin 7.5.2546 allows remote authenticated attackers to read arbitrary files via a .. (dot dot) in the setinclude parameter."
|
|
||||||
}
|
|
||||||
]
|
|
||||||
},
|
|
||||||
"problemtype" : {
|
|
||||||
"problemtype_data" : [
|
|
||||||
{
|
|
||||||
"description" : [
|
|
||||||
{
|
|
||||||
"lang" : "eng",
|
|
||||||
"value" : "n/a"
|
|
||||||
}
|
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
]
|
},
|
||||||
},
|
"data_format": "MITRE",
|
||||||
"references" : {
|
"data_type": "CVE",
|
||||||
"reference_data" : [
|
"data_version": "4.0",
|
||||||
{
|
"description": {
|
||||||
"name" : "20040324 HP Web JetAdmin vulnerabilities.",
|
"description_data": [
|
||||||
"refsource" : "BUGTRAQ",
|
{
|
||||||
"url" : "http://marc.info/?l=bugtraq&m=108016019623003&w=2"
|
"lang": "eng",
|
||||||
},
|
"value": "Directory traversal vulnerability in setinfo.hts in HP Web Jetadmin 7.5.2546 allows remote authenticated attackers to read arbitrary files via a .. (dot dot) in the setinclude parameter."
|
||||||
{
|
}
|
||||||
"name" : "SSRT4700",
|
]
|
||||||
"refsource" : "HP",
|
},
|
||||||
"url" : "http://www.securityfocus.com/advisories/6492"
|
"problemtype": {
|
||||||
},
|
"problemtype_data": [
|
||||||
{
|
{
|
||||||
"name" : "9972",
|
"description": [
|
||||||
"refsource" : "BID",
|
{
|
||||||
"url" : "http://www.securityfocus.com/bid/9972"
|
"lang": "eng",
|
||||||
},
|
"value": "n/a"
|
||||||
{
|
}
|
||||||
"name" : "hp-jetadmin-setinfo-directory-traversal(15606)",
|
]
|
||||||
"refsource" : "XF",
|
}
|
||||||
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15606"
|
]
|
||||||
}
|
},
|
||||||
]
|
"references": {
|
||||||
}
|
"reference_data": [
|
||||||
}
|
{
|
||||||
|
"name": "SSRT4700",
|
||||||
|
"refsource": "HP",
|
||||||
|
"url": "http://www.securityfocus.com/advisories/6492"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "20040324 HP Web JetAdmin vulnerabilities.",
|
||||||
|
"refsource": "BUGTRAQ",
|
||||||
|
"url": "http://marc.info/?l=bugtraq&m=108016019623003&w=2"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "9972",
|
||||||
|
"refsource": "BID",
|
||||||
|
"url": "http://www.securityfocus.com/bid/9972"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "hp-jetadmin-setinfo-directory-traversal(15606)",
|
||||||
|
"refsource": "XF",
|
||||||
|
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15606"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
}
|
@ -1,92 +1,92 @@
|
|||||||
{
|
{
|
||||||
"CVE_data_meta" : {
|
"CVE_data_meta": {
|
||||||
"ASSIGNER" : "cve@mitre.org",
|
"ASSIGNER": "cve@mitre.org",
|
||||||
"ID" : "CVE-2004-2036",
|
"ID": "CVE-2004-2036",
|
||||||
"STATE" : "PUBLIC"
|
"STATE": "PUBLIC"
|
||||||
},
|
},
|
||||||
"affects" : {
|
"affects": {
|
||||||
"vendor" : {
|
"vendor": {
|
||||||
"vendor_data" : [
|
"vendor_data": [
|
||||||
{
|
{
|
||||||
"product" : {
|
"product": {
|
||||||
"product_data" : [
|
"product_data": [
|
||||||
{
|
{
|
||||||
"product_name" : "n/a",
|
"product_name": "n/a",
|
||||||
"version" : {
|
"version": {
|
||||||
"version_data" : [
|
"version_data": [
|
||||||
{
|
{
|
||||||
"version_value" : "n/a"
|
"version_value": "n/a"
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"vendor_name" : "n/a"
|
"vendor_name": "n/a"
|
||||||
}
|
}
|
||||||
]
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"data_format" : "MITRE",
|
|
||||||
"data_type" : "CVE",
|
|
||||||
"data_version" : "4.0",
|
|
||||||
"description" : {
|
|
||||||
"description_data" : [
|
|
||||||
{
|
|
||||||
"lang" : "eng",
|
|
||||||
"value" : "SQL injection vulnerability in the art_print function in print.inc.php in unknown versions of jPortal before 2.3.1 allows remote attackers to inject arbitrary SQL commands via the id parameter."
|
|
||||||
}
|
|
||||||
]
|
|
||||||
},
|
|
||||||
"problemtype" : {
|
|
||||||
"problemtype_data" : [
|
|
||||||
{
|
|
||||||
"description" : [
|
|
||||||
{
|
|
||||||
"lang" : "eng",
|
|
||||||
"value" : "n/a"
|
|
||||||
}
|
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
]
|
},
|
||||||
},
|
"data_format": "MITRE",
|
||||||
"references" : {
|
"data_type": "CVE",
|
||||||
"reference_data" : [
|
"data_version": "4.0",
|
||||||
{
|
"description": {
|
||||||
"name" : "20040528 JPortal SQL Injects",
|
"description_data": [
|
||||||
"refsource" : "BUGTRAQ",
|
{
|
||||||
"url" : "http://marc.info/?l=bugtraq&m=108577011129476&w=2"
|
"lang": "eng",
|
||||||
},
|
"value": "SQL injection vulnerability in the art_print function in print.inc.php in unknown versions of jPortal before 2.3.1 allows remote attackers to inject arbitrary SQL commands via the id parameter."
|
||||||
{
|
}
|
||||||
"name" : "http://www.securiteam.com/unixfocus/5HP020KD5K.html",
|
]
|
||||||
"refsource" : "MISC",
|
},
|
||||||
"url" : "http://www.securiteam.com/unixfocus/5HP020KD5K.html"
|
"problemtype": {
|
||||||
},
|
"problemtype_data": [
|
||||||
{
|
{
|
||||||
"name" : "10430",
|
"description": [
|
||||||
"refsource" : "BID",
|
{
|
||||||
"url" : "http://www.securityfocus.com/bid/10430"
|
"lang": "eng",
|
||||||
},
|
"value": "n/a"
|
||||||
{
|
}
|
||||||
"name" : "6503",
|
]
|
||||||
"refsource" : "OSVDB",
|
}
|
||||||
"url" : "http://www.osvdb.org/6503"
|
]
|
||||||
},
|
},
|
||||||
{
|
"references": {
|
||||||
"name" : "1010327",
|
"reference_data": [
|
||||||
"refsource" : "SECTRACK",
|
{
|
||||||
"url" : "http://securitytracker.com/id?1010327"
|
"name": "10430",
|
||||||
},
|
"refsource": "BID",
|
||||||
{
|
"url": "http://www.securityfocus.com/bid/10430"
|
||||||
"name" : "11737",
|
},
|
||||||
"refsource" : "SECUNIA",
|
{
|
||||||
"url" : "http://secunia.com/advisories/11737"
|
"name": "http://www.securiteam.com/unixfocus/5HP020KD5K.html",
|
||||||
},
|
"refsource": "MISC",
|
||||||
{
|
"url": "http://www.securiteam.com/unixfocus/5HP020KD5K.html"
|
||||||
"name" : "jportal-printincphp-sql-injection(16272)",
|
},
|
||||||
"refsource" : "XF",
|
{
|
||||||
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16272"
|
"name": "20040528 JPortal SQL Injects",
|
||||||
}
|
"refsource": "BUGTRAQ",
|
||||||
]
|
"url": "http://marc.info/?l=bugtraq&m=108577011129476&w=2"
|
||||||
}
|
},
|
||||||
}
|
{
|
||||||
|
"name": "1010327",
|
||||||
|
"refsource": "SECTRACK",
|
||||||
|
"url": "http://securitytracker.com/id?1010327"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "jportal-printincphp-sql-injection(16272)",
|
||||||
|
"refsource": "XF",
|
||||||
|
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16272"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "11737",
|
||||||
|
"refsource": "SECUNIA",
|
||||||
|
"url": "http://secunia.com/advisories/11737"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "6503",
|
||||||
|
"refsource": "OSVDB",
|
||||||
|
"url": "http://www.osvdb.org/6503"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
}
|
@ -1,92 +1,92 @@
|
|||||||
{
|
{
|
||||||
"CVE_data_meta" : {
|
"CVE_data_meta": {
|
||||||
"ASSIGNER" : "cve@mitre.org",
|
"ASSIGNER": "cve@mitre.org",
|
||||||
"ID" : "CVE-2004-2415",
|
"ID": "CVE-2004-2415",
|
||||||
"STATE" : "PUBLIC"
|
"STATE": "PUBLIC"
|
||||||
},
|
},
|
||||||
"affects" : {
|
"affects": {
|
||||||
"vendor" : {
|
"vendor": {
|
||||||
"vendor_data" : [
|
"vendor_data": [
|
||||||
{
|
{
|
||||||
"product" : {
|
"product": {
|
||||||
"product_data" : [
|
"product_data": [
|
||||||
{
|
{
|
||||||
"product_name" : "n/a",
|
"product_name": "n/a",
|
||||||
"version" : {
|
"version": {
|
||||||
"version_data" : [
|
"version_data": [
|
||||||
{
|
{
|
||||||
"version_value" : "n/a"
|
"version_value": "n/a"
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"vendor_name" : "n/a"
|
"vendor_name": "n/a"
|
||||||
}
|
}
|
||||||
]
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"data_format" : "MITRE",
|
|
||||||
"data_type" : "CVE",
|
|
||||||
"data_version" : "4.0",
|
|
||||||
"description" : {
|
|
||||||
"description_data" : [
|
|
||||||
{
|
|
||||||
"lang" : "eng",
|
|
||||||
"value" : "Davenport before 0.9.10 allows attackers to cause a denial of service (resource consumption) via (1) a very large XML file or (2) entity expansion attacks."
|
|
||||||
}
|
|
||||||
]
|
|
||||||
},
|
|
||||||
"problemtype" : {
|
|
||||||
"problemtype_data" : [
|
|
||||||
{
|
|
||||||
"description" : [
|
|
||||||
{
|
|
||||||
"lang" : "eng",
|
|
||||||
"value" : "n/a"
|
|
||||||
}
|
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
]
|
},
|
||||||
},
|
"data_format": "MITRE",
|
||||||
"references" : {
|
"data_type": "CVE",
|
||||||
"reference_data" : [
|
"data_version": "4.0",
|
||||||
{
|
"description": {
|
||||||
"name" : "http://sourceforge.net/project/shownotes.php?release_id=262497",
|
"description_data": [
|
||||||
"refsource" : "CONFIRM",
|
{
|
||||||
"url" : "http://sourceforge.net/project/shownotes.php?release_id=262497"
|
"lang": "eng",
|
||||||
},
|
"value": "Davenport before 0.9.10 allows attackers to cause a denial of service (resource consumption) via (1) a very large XML file or (2) entity expansion attacks."
|
||||||
{
|
}
|
||||||
"name" : "http://sourceforge.net/mailarchive/forum.php?thread_id=5385243&forum_id=33977",
|
]
|
||||||
"refsource" : "CONFIRM",
|
},
|
||||||
"url" : "http://sourceforge.net/mailarchive/forum.php?thread_id=5385243&forum_id=33977"
|
"problemtype": {
|
||||||
},
|
"problemtype_data": [
|
||||||
{
|
{
|
||||||
"name" : "11001",
|
"description": [
|
||||||
"refsource" : "BID",
|
{
|
||||||
"url" : "http://www.securityfocus.com/bid/11001"
|
"lang": "eng",
|
||||||
},
|
"value": "n/a"
|
||||||
{
|
}
|
||||||
"name" : "9105",
|
]
|
||||||
"refsource" : "OSVDB",
|
}
|
||||||
"url" : "http://www.osvdb.org/9105"
|
]
|
||||||
},
|
},
|
||||||
{
|
"references": {
|
||||||
"name" : "1011030",
|
"reference_data": [
|
||||||
"refsource" : "SECTRACK",
|
{
|
||||||
"url" : "http://securitytracker.com/id?1011030"
|
"name": "9105",
|
||||||
},
|
"refsource": "OSVDB",
|
||||||
{
|
"url": "http://www.osvdb.org/9105"
|
||||||
"name" : "12337",
|
},
|
||||||
"refsource" : "SECUNIA",
|
{
|
||||||
"url" : "http://secunia.com/advisories/12337"
|
"name": "11001",
|
||||||
},
|
"refsource": "BID",
|
||||||
{
|
"url": "http://www.securityfocus.com/bid/11001"
|
||||||
"name" : "davenport-long-xml-dos(17062)",
|
},
|
||||||
"refsource" : "XF",
|
{
|
||||||
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17062"
|
"name": "http://sourceforge.net/project/shownotes.php?release_id=262497",
|
||||||
}
|
"refsource": "CONFIRM",
|
||||||
]
|
"url": "http://sourceforge.net/project/shownotes.php?release_id=262497"
|
||||||
}
|
},
|
||||||
}
|
{
|
||||||
|
"name": "1011030",
|
||||||
|
"refsource": "SECTRACK",
|
||||||
|
"url": "http://securitytracker.com/id?1011030"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "12337",
|
||||||
|
"refsource": "SECUNIA",
|
||||||
|
"url": "http://secunia.com/advisories/12337"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "http://sourceforge.net/mailarchive/forum.php?thread_id=5385243&forum_id=33977",
|
||||||
|
"refsource": "CONFIRM",
|
||||||
|
"url": "http://sourceforge.net/mailarchive/forum.php?thread_id=5385243&forum_id=33977"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "davenport-long-xml-dos(17062)",
|
||||||
|
"refsource": "XF",
|
||||||
|
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17062"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
}
|
@ -1,82 +1,82 @@
|
|||||||
{
|
{
|
||||||
"CVE_data_meta" : {
|
"CVE_data_meta": {
|
||||||
"ASSIGNER" : "cve@mitre.org",
|
"ASSIGNER": "cve@mitre.org",
|
||||||
"ID" : "CVE-2004-2636",
|
"ID": "CVE-2004-2636",
|
||||||
"STATE" : "PUBLIC"
|
"STATE": "PUBLIC"
|
||||||
},
|
},
|
||||||
"affects" : {
|
"affects": {
|
||||||
"vendor" : {
|
"vendor": {
|
||||||
"vendor_data" : [
|
"vendor_data": [
|
||||||
{
|
{
|
||||||
"product" : {
|
"product": {
|
||||||
"product_data" : [
|
"product_data": [
|
||||||
{
|
{
|
||||||
"product_name" : "n/a",
|
"product_name": "n/a",
|
||||||
"version" : {
|
"version": {
|
||||||
"version_data" : [
|
"version_data": [
|
||||||
{
|
{
|
||||||
"version_value" : "n/a"
|
"version_value": "n/a"
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"vendor_name" : "n/a"
|
"vendor_name": "n/a"
|
||||||
}
|
}
|
||||||
]
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"data_format" : "MITRE",
|
|
||||||
"data_type" : "CVE",
|
|
||||||
"data_version" : "4.0",
|
|
||||||
"description" : {
|
|
||||||
"description_data" : [
|
|
||||||
{
|
|
||||||
"lang" : "eng",
|
|
||||||
"value" : "TinyWeb 1.9 allows remote attackers to read source code of scripts via \"/./\" in the URL."
|
|
||||||
}
|
|
||||||
]
|
|
||||||
},
|
|
||||||
"problemtype" : {
|
|
||||||
"problemtype_data" : [
|
|
||||||
{
|
|
||||||
"description" : [
|
|
||||||
{
|
|
||||||
"lang" : "eng",
|
|
||||||
"value" : "n/a"
|
|
||||||
}
|
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
]
|
},
|
||||||
},
|
"data_format": "MITRE",
|
||||||
"references" : {
|
"data_type": "CVE",
|
||||||
"reference_data" : [
|
"data_version": "4.0",
|
||||||
{
|
"description": {
|
||||||
"name" : "10445",
|
"description_data": [
|
||||||
"refsource" : "BID",
|
{
|
||||||
"url" : "http://www.securityfocus.com/bid/10445/info"
|
"lang": "eng",
|
||||||
},
|
"value": "TinyWeb 1.9 allows remote attackers to read source code of scripts via \"/./\" in the URL."
|
||||||
{
|
}
|
||||||
"name" : "6517",
|
]
|
||||||
"refsource" : "OSVDB",
|
},
|
||||||
"url" : "http://www.osvdb.org/6517"
|
"problemtype": {
|
||||||
},
|
"problemtype_data": [
|
||||||
{
|
{
|
||||||
"name" : "1010346",
|
"description": [
|
||||||
"refsource" : "SECTRACK",
|
{
|
||||||
"url" : "http://securitytracker.com/alerts/2004/May/1010346.html"
|
"lang": "eng",
|
||||||
},
|
"value": "n/a"
|
||||||
{
|
}
|
||||||
"name" : "11731",
|
]
|
||||||
"refsource" : "SECUNIA",
|
}
|
||||||
"url" : "http://secunia.com/advisories/11731"
|
]
|
||||||
},
|
},
|
||||||
{
|
"references": {
|
||||||
"name" : "tinyweb-get-download-scripts(16275)",
|
"reference_data": [
|
||||||
"refsource" : "XF",
|
{
|
||||||
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16275"
|
"name": "6517",
|
||||||
}
|
"refsource": "OSVDB",
|
||||||
]
|
"url": "http://www.osvdb.org/6517"
|
||||||
}
|
},
|
||||||
}
|
{
|
||||||
|
"name": "10445",
|
||||||
|
"refsource": "BID",
|
||||||
|
"url": "http://www.securityfocus.com/bid/10445/info"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "11731",
|
||||||
|
"refsource": "SECUNIA",
|
||||||
|
"url": "http://secunia.com/advisories/11731"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "1010346",
|
||||||
|
"refsource": "SECTRACK",
|
||||||
|
"url": "http://securitytracker.com/alerts/2004/May/1010346.html"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "tinyweb-get-download-scripts(16275)",
|
||||||
|
"refsource": "XF",
|
||||||
|
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16275"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
}
|
@ -1,92 +1,92 @@
|
|||||||
{
|
{
|
||||||
"CVE_data_meta" : {
|
"CVE_data_meta": {
|
||||||
"ASSIGNER" : "cve@mitre.org",
|
"ASSIGNER": "cve@mitre.org",
|
||||||
"ID" : "CVE-2008-2189",
|
"ID": "CVE-2008-2189",
|
||||||
"STATE" : "PUBLIC"
|
"STATE": "PUBLIC"
|
||||||
},
|
},
|
||||||
"affects" : {
|
"affects": {
|
||||||
"vendor" : {
|
"vendor": {
|
||||||
"vendor_data" : [
|
"vendor_data": [
|
||||||
{
|
{
|
||||||
"product" : {
|
"product": {
|
||||||
"product_data" : [
|
"product_data": [
|
||||||
{
|
{
|
||||||
"product_name" : "n/a",
|
"product_name": "n/a",
|
||||||
"version" : {
|
"version": {
|
||||||
"version_data" : [
|
"version_data": [
|
||||||
{
|
{
|
||||||
"version_value" : "n/a"
|
"version_value": "n/a"
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"vendor_name" : "n/a"
|
"vendor_name": "n/a"
|
||||||
}
|
}
|
||||||
]
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"data_format" : "MITRE",
|
|
||||||
"data_type" : "CVE",
|
|
||||||
"data_version" : "4.0",
|
|
||||||
"description" : {
|
|
||||||
"description_data" : [
|
|
||||||
{
|
|
||||||
"lang" : "eng",
|
|
||||||
"value" : "SQL injection vulnerability in viewfaqs.php in AnServ Auction XL allows remote attackers to execute arbitrary SQL commands via the cat parameter."
|
|
||||||
}
|
|
||||||
]
|
|
||||||
},
|
|
||||||
"problemtype" : {
|
|
||||||
"problemtype_data" : [
|
|
||||||
{
|
|
||||||
"description" : [
|
|
||||||
{
|
|
||||||
"lang" : "eng",
|
|
||||||
"value" : "n/a"
|
|
||||||
}
|
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
]
|
},
|
||||||
},
|
"data_format": "MITRE",
|
||||||
"references" : {
|
"data_type": "CVE",
|
||||||
"reference_data" : [
|
"data_version": "4.0",
|
||||||
{
|
"description": {
|
||||||
"name" : "20080505 [ECHO_ADV_92$2008] Anserv Auction XL (viewfaqs.php cat) Blind Sql Injection Vulnerability",
|
"description_data": [
|
||||||
"refsource" : "BUGTRAQ",
|
{
|
||||||
"url" : "http://www.securityfocus.com/archive/1/491608/100/0/threaded"
|
"lang": "eng",
|
||||||
},
|
"value": "SQL injection vulnerability in viewfaqs.php in AnServ Auction XL allows remote attackers to execute arbitrary SQL commands via the cat parameter."
|
||||||
{
|
}
|
||||||
"name" : "5543",
|
]
|
||||||
"refsource" : "EXPLOIT-DB",
|
},
|
||||||
"url" : "https://www.exploit-db.com/exploits/5543"
|
"problemtype": {
|
||||||
},
|
"problemtype_data": [
|
||||||
{
|
{
|
||||||
"name" : "http://advisories.echo.or.id/adv/adv92-K-159-2008.txt",
|
"description": [
|
||||||
"refsource" : "MISC",
|
{
|
||||||
"url" : "http://advisories.echo.or.id/adv/adv92-K-159-2008.txt"
|
"lang": "eng",
|
||||||
},
|
"value": "n/a"
|
||||||
{
|
}
|
||||||
"name" : "29053",
|
]
|
||||||
"refsource" : "BID",
|
}
|
||||||
"url" : "http://www.securityfocus.com/bid/29053"
|
]
|
||||||
},
|
},
|
||||||
{
|
"references": {
|
||||||
"name" : "30089",
|
"reference_data": [
|
||||||
"refsource" : "SECUNIA",
|
{
|
||||||
"url" : "http://secunia.com/advisories/30089"
|
"name": "auctionxl-viewfaqs-sql-injection(42214)",
|
||||||
},
|
"refsource": "XF",
|
||||||
{
|
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42214"
|
||||||
"name" : "3874",
|
},
|
||||||
"refsource" : "SREASON",
|
{
|
||||||
"url" : "http://securityreason.com/securityalert/3874"
|
"name": "20080505 [ECHO_ADV_92$2008] Anserv Auction XL (viewfaqs.php cat) Blind Sql Injection Vulnerability",
|
||||||
},
|
"refsource": "BUGTRAQ",
|
||||||
{
|
"url": "http://www.securityfocus.com/archive/1/491608/100/0/threaded"
|
||||||
"name" : "auctionxl-viewfaqs-sql-injection(42214)",
|
},
|
||||||
"refsource" : "XF",
|
{
|
||||||
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42214"
|
"name": "30089",
|
||||||
}
|
"refsource": "SECUNIA",
|
||||||
]
|
"url": "http://secunia.com/advisories/30089"
|
||||||
}
|
},
|
||||||
}
|
{
|
||||||
|
"name": "3874",
|
||||||
|
"refsource": "SREASON",
|
||||||
|
"url": "http://securityreason.com/securityalert/3874"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "http://advisories.echo.or.id/adv/adv92-K-159-2008.txt",
|
||||||
|
"refsource": "MISC",
|
||||||
|
"url": "http://advisories.echo.or.id/adv/adv92-K-159-2008.txt"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "29053",
|
||||||
|
"refsource": "BID",
|
||||||
|
"url": "http://www.securityfocus.com/bid/29053"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "5543",
|
||||||
|
"refsource": "EXPLOIT-DB",
|
||||||
|
"url": "https://www.exploit-db.com/exploits/5543"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
}
|
@ -1,67 +1,67 @@
|
|||||||
{
|
{
|
||||||
"CVE_data_meta" : {
|
"CVE_data_meta": {
|
||||||
"ASSIGNER" : "cve@mitre.org",
|
"ASSIGNER": "cve@mitre.org",
|
||||||
"ID" : "CVE-2008-2556",
|
"ID": "CVE-2008-2556",
|
||||||
"STATE" : "PUBLIC"
|
"STATE": "PUBLIC"
|
||||||
},
|
},
|
||||||
"affects" : {
|
"affects": {
|
||||||
"vendor" : {
|
"vendor": {
|
||||||
"vendor_data" : [
|
"vendor_data": [
|
||||||
{
|
{
|
||||||
"product" : {
|
"product": {
|
||||||
"product_data" : [
|
"product_data": [
|
||||||
{
|
{
|
||||||
"product_name" : "n/a",
|
"product_name": "n/a",
|
||||||
"version" : {
|
"version": {
|
||||||
"version_data" : [
|
"version_data": [
|
||||||
{
|
{
|
||||||
"version_value" : "n/a"
|
"version_value": "n/a"
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"vendor_name" : "n/a"
|
"vendor_name": "n/a"
|
||||||
}
|
}
|
||||||
]
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"data_format" : "MITRE",
|
|
||||||
"data_type" : "CVE",
|
|
||||||
"data_version" : "4.0",
|
|
||||||
"description" : {
|
|
||||||
"description_data" : [
|
|
||||||
{
|
|
||||||
"lang" : "eng",
|
|
||||||
"value" : "SQL injection vulnerability in read.php in PHP Visit Counter 0.4 and earlier allows remote attackers to execute arbitrary SQL commands via the datespan parameter in a read action."
|
|
||||||
}
|
|
||||||
]
|
|
||||||
},
|
|
||||||
"problemtype" : {
|
|
||||||
"problemtype_data" : [
|
|
||||||
{
|
|
||||||
"description" : [
|
|
||||||
{
|
|
||||||
"lang" : "eng",
|
|
||||||
"value" : "n/a"
|
|
||||||
}
|
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
]
|
},
|
||||||
},
|
"data_format": "MITRE",
|
||||||
"references" : {
|
"data_type": "CVE",
|
||||||
"reference_data" : [
|
"data_version": "4.0",
|
||||||
{
|
"description": {
|
||||||
"name" : "5703",
|
"description_data": [
|
||||||
"refsource" : "EXPLOIT-DB",
|
{
|
||||||
"url" : "https://www.exploit-db.com/exploits/5703"
|
"lang": "eng",
|
||||||
},
|
"value": "SQL injection vulnerability in read.php in PHP Visit Counter 0.4 and earlier allows remote attackers to execute arbitrary SQL commands via the datespan parameter in a read action."
|
||||||
{
|
}
|
||||||
"name" : "phpvisitcounter-read-sql-injection(42789)",
|
]
|
||||||
"refsource" : "XF",
|
},
|
||||||
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42789"
|
"problemtype": {
|
||||||
}
|
"problemtype_data": [
|
||||||
]
|
{
|
||||||
}
|
"description": [
|
||||||
}
|
{
|
||||||
|
"lang": "eng",
|
||||||
|
"value": "n/a"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"references": {
|
||||||
|
"reference_data": [
|
||||||
|
{
|
||||||
|
"name": "5703",
|
||||||
|
"refsource": "EXPLOIT-DB",
|
||||||
|
"url": "https://www.exploit-db.com/exploits/5703"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "phpvisitcounter-read-sql-injection(42789)",
|
||||||
|
"refsource": "XF",
|
||||||
|
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42789"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
}
|
@ -1,77 +1,77 @@
|
|||||||
{
|
{
|
||||||
"CVE_data_meta" : {
|
"CVE_data_meta": {
|
||||||
"ASSIGNER" : "cve@mitre.org",
|
"ASSIGNER": "cve@mitre.org",
|
||||||
"ID" : "CVE-2008-2885",
|
"ID": "CVE-2008-2885",
|
||||||
"STATE" : "PUBLIC"
|
"STATE": "PUBLIC"
|
||||||
},
|
},
|
||||||
"affects" : {
|
"affects": {
|
||||||
"vendor" : {
|
"vendor": {
|
||||||
"vendor_data" : [
|
"vendor_data": [
|
||||||
{
|
{
|
||||||
"product" : {
|
"product": {
|
||||||
"product_data" : [
|
"product_data": [
|
||||||
{
|
{
|
||||||
"product_name" : "n/a",
|
"product_name": "n/a",
|
||||||
"version" : {
|
"version": {
|
||||||
"version_data" : [
|
"version_data": [
|
||||||
{
|
{
|
||||||
"version_value" : "n/a"
|
"version_value": "n/a"
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"vendor_name" : "n/a"
|
"vendor_name": "n/a"
|
||||||
}
|
}
|
||||||
]
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"data_format" : "MITRE",
|
|
||||||
"data_type" : "CVE",
|
|
||||||
"data_version" : "4.0",
|
|
||||||
"description" : {
|
|
||||||
"description_data" : [
|
|
||||||
{
|
|
||||||
"lang" : "eng",
|
|
||||||
"value" : "PHP remote file inclusion vulnerability in src/browser/resource/categories/resource_categories_view.php in Open Digital Assets Repository System (ODARS) 1.0.2, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the CLASSES_ROOT parameter."
|
|
||||||
}
|
|
||||||
]
|
|
||||||
},
|
|
||||||
"problemtype" : {
|
|
||||||
"problemtype_data" : [
|
|
||||||
{
|
|
||||||
"description" : [
|
|
||||||
{
|
|
||||||
"lang" : "eng",
|
|
||||||
"value" : "n/a"
|
|
||||||
}
|
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
]
|
},
|
||||||
},
|
"data_format": "MITRE",
|
||||||
"references" : {
|
"data_type": "CVE",
|
||||||
"reference_data" : [
|
"data_version": "4.0",
|
||||||
{
|
"description": {
|
||||||
"name" : "5906",
|
"description_data": [
|
||||||
"refsource" : "EXPLOIT-DB",
|
{
|
||||||
"url" : "https://www.exploit-db.com/exploits/5906"
|
"lang": "eng",
|
||||||
},
|
"value": "PHP remote file inclusion vulnerability in src/browser/resource/categories/resource_categories_view.php in Open Digital Assets Repository System (ODARS) 1.0.2, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the CLASSES_ROOT parameter."
|
||||||
{
|
}
|
||||||
"name" : "29881",
|
]
|
||||||
"refsource" : "BID",
|
},
|
||||||
"url" : "http://www.securityfocus.com/bid/29881"
|
"problemtype": {
|
||||||
},
|
"problemtype_data": [
|
||||||
{
|
{
|
||||||
"name" : "30784",
|
"description": [
|
||||||
"refsource" : "SECUNIA",
|
{
|
||||||
"url" : "http://secunia.com/advisories/30784"
|
"lang": "eng",
|
||||||
},
|
"value": "n/a"
|
||||||
{
|
}
|
||||||
"name" : "odars-classesroot-file-include(43285)",
|
]
|
||||||
"refsource" : "XF",
|
}
|
||||||
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43285"
|
]
|
||||||
}
|
},
|
||||||
]
|
"references": {
|
||||||
}
|
"reference_data": [
|
||||||
}
|
{
|
||||||
|
"name": "30784",
|
||||||
|
"refsource": "SECUNIA",
|
||||||
|
"url": "http://secunia.com/advisories/30784"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "5906",
|
||||||
|
"refsource": "EXPLOIT-DB",
|
||||||
|
"url": "https://www.exploit-db.com/exploits/5906"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "29881",
|
||||||
|
"refsource": "BID",
|
||||||
|
"url": "http://www.securityfocus.com/bid/29881"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "odars-classesroot-file-include(43285)",
|
||||||
|
"refsource": "XF",
|
||||||
|
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43285"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
}
|
@ -1,72 +1,72 @@
|
|||||||
{
|
{
|
||||||
"CVE_data_meta" : {
|
"CVE_data_meta": {
|
||||||
"ASSIGNER" : "cve@mitre.org",
|
"ASSIGNER": "cve@mitre.org",
|
||||||
"ID" : "CVE-2008-6053",
|
"ID": "CVE-2008-6053",
|
||||||
"STATE" : "PUBLIC"
|
"STATE": "PUBLIC"
|
||||||
},
|
},
|
||||||
"affects" : {
|
"affects": {
|
||||||
"vendor" : {
|
"vendor": {
|
||||||
"vendor_data" : [
|
"vendor_data": [
|
||||||
{
|
{
|
||||||
"product" : {
|
"product": {
|
||||||
"product_data" : [
|
"product_data": [
|
||||||
{
|
{
|
||||||
"product_name" : "n/a",
|
"product_name": "n/a",
|
||||||
"version" : {
|
"version": {
|
||||||
"version_data" : [
|
"version_data": [
|
||||||
{
|
{
|
||||||
"version_value" : "n/a"
|
"version_value": "n/a"
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"vendor_name" : "n/a"
|
"vendor_name": "n/a"
|
||||||
}
|
}
|
||||||
]
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"data_format" : "MITRE",
|
|
||||||
"data_type" : "CVE",
|
|
||||||
"data_version" : "4.0",
|
|
||||||
"description" : {
|
|
||||||
"description_data" : [
|
|
||||||
{
|
|
||||||
"lang" : "eng",
|
|
||||||
"value" : "PreProjects Pre Resume Submitter stores onlineresume.mdb under the web root with insufficient access control, which allows remote attackers to obtain passwords via a direct request."
|
|
||||||
}
|
|
||||||
]
|
|
||||||
},
|
|
||||||
"problemtype" : {
|
|
||||||
"problemtype_data" : [
|
|
||||||
{
|
|
||||||
"description" : [
|
|
||||||
{
|
|
||||||
"lang" : "eng",
|
|
||||||
"value" : "n/a"
|
|
||||||
}
|
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
]
|
},
|
||||||
},
|
"data_format": "MITRE",
|
||||||
"references" : {
|
"data_type": "CVE",
|
||||||
"reference_data" : [
|
"data_version": "4.0",
|
||||||
{
|
"description": {
|
||||||
"name" : "http://packetstorm.linuxsecurity.com/0812-exploits/preresume-disclose.txt",
|
"description_data": [
|
||||||
"refsource" : "MISC",
|
{
|
||||||
"url" : "http://packetstorm.linuxsecurity.com/0812-exploits/preresume-disclose.txt"
|
"lang": "eng",
|
||||||
},
|
"value": "PreProjects Pre Resume Submitter stores onlineresume.mdb under the web root with insufficient access control, which allows remote attackers to obtain passwords via a direct request."
|
||||||
{
|
}
|
||||||
"name" : "33197",
|
]
|
||||||
"refsource" : "SECUNIA",
|
},
|
||||||
"url" : "http://secunia.com/advisories/33197"
|
"problemtype": {
|
||||||
},
|
"problemtype_data": [
|
||||||
{
|
{
|
||||||
"name" : "preresumesub-onlineresume-info-disclosure(47438)",
|
"description": [
|
||||||
"refsource" : "XF",
|
{
|
||||||
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/47438"
|
"lang": "eng",
|
||||||
}
|
"value": "n/a"
|
||||||
]
|
}
|
||||||
}
|
]
|
||||||
}
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"references": {
|
||||||
|
"reference_data": [
|
||||||
|
{
|
||||||
|
"name": "preresumesub-onlineresume-info-disclosure(47438)",
|
||||||
|
"refsource": "XF",
|
||||||
|
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47438"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "http://packetstorm.linuxsecurity.com/0812-exploits/preresume-disclose.txt",
|
||||||
|
"refsource": "MISC",
|
||||||
|
"url": "http://packetstorm.linuxsecurity.com/0812-exploits/preresume-disclose.txt"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "33197",
|
||||||
|
"refsource": "SECUNIA",
|
||||||
|
"url": "http://secunia.com/advisories/33197"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
}
|
@ -1,77 +1,77 @@
|
|||||||
{
|
{
|
||||||
"CVE_data_meta" : {
|
"CVE_data_meta": {
|
||||||
"ASSIGNER" : "cve@mitre.org",
|
"ASSIGNER": "cve@mitre.org",
|
||||||
"ID" : "CVE-2008-6699",
|
"ID": "CVE-2008-6699",
|
||||||
"STATE" : "PUBLIC"
|
"STATE": "PUBLIC"
|
||||||
},
|
},
|
||||||
"affects" : {
|
"affects": {
|
||||||
"vendor" : {
|
"vendor": {
|
||||||
"vendor_data" : [
|
"vendor_data": [
|
||||||
{
|
{
|
||||||
"product" : {
|
"product": {
|
||||||
"product_data" : [
|
"product_data": [
|
||||||
{
|
{
|
||||||
"product_name" : "n/a",
|
"product_name": "n/a",
|
||||||
"version" : {
|
"version": {
|
||||||
"version_data" : [
|
"version_data": [
|
||||||
{
|
{
|
||||||
"version_value" : "n/a"
|
"version_value": "n/a"
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"vendor_name" : "n/a"
|
"vendor_name": "n/a"
|
||||||
}
|
}
|
||||||
]
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"data_format" : "MITRE",
|
|
||||||
"data_type" : "CVE",
|
|
||||||
"data_version" : "4.0",
|
|
||||||
"description" : {
|
|
||||||
"description_data" : [
|
|
||||||
{
|
|
||||||
"lang" : "eng",
|
|
||||||
"value" : "Cross-site scripting (XSS) vulnerability in Resource Library (tjs_reslib) 0.1.0 and earlier extension for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unknown vectors."
|
|
||||||
}
|
|
||||||
]
|
|
||||||
},
|
|
||||||
"problemtype" : {
|
|
||||||
"problemtype_data" : [
|
|
||||||
{
|
|
||||||
"description" : [
|
|
||||||
{
|
|
||||||
"lang" : "eng",
|
|
||||||
"value" : "n/a"
|
|
||||||
}
|
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
]
|
},
|
||||||
},
|
"data_format": "MITRE",
|
||||||
"references" : {
|
"data_type": "CVE",
|
||||||
"reference_data" : [
|
"data_version": "4.0",
|
||||||
{
|
"description": {
|
||||||
"name" : "http://typo3.org/teams/security/security-bulletins/typo3-20080619-1/",
|
"description_data": [
|
||||||
"refsource" : "CONFIRM",
|
{
|
||||||
"url" : "http://typo3.org/teams/security/security-bulletins/typo3-20080619-1/"
|
"lang": "eng",
|
||||||
},
|
"value": "Cross-site scripting (XSS) vulnerability in Resource Library (tjs_reslib) 0.1.0 and earlier extension for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unknown vectors."
|
||||||
{
|
}
|
||||||
"name" : "29832",
|
]
|
||||||
"refsource" : "BID",
|
},
|
||||||
"url" : "http://www.securityfocus.com/bid/29832"
|
"problemtype": {
|
||||||
},
|
"problemtype_data": [
|
||||||
{
|
{
|
||||||
"name" : "46393",
|
"description": [
|
||||||
"refsource" : "OSVDB",
|
{
|
||||||
"url" : "http://osvdb.org/46393"
|
"lang": "eng",
|
||||||
},
|
"value": "n/a"
|
||||||
{
|
}
|
||||||
"name" : "tjsreslib-unspecified-xss(43211)",
|
]
|
||||||
"refsource" : "XF",
|
}
|
||||||
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43211"
|
]
|
||||||
}
|
},
|
||||||
]
|
"references": {
|
||||||
}
|
"reference_data": [
|
||||||
}
|
{
|
||||||
|
"name": "46393",
|
||||||
|
"refsource": "OSVDB",
|
||||||
|
"url": "http://osvdb.org/46393"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "tjsreslib-unspecified-xss(43211)",
|
||||||
|
"refsource": "XF",
|
||||||
|
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43211"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "29832",
|
||||||
|
"refsource": "BID",
|
||||||
|
"url": "http://www.securityfocus.com/bid/29832"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "http://typo3.org/teams/security/security-bulletins/typo3-20080619-1/",
|
||||||
|
"refsource": "CONFIRM",
|
||||||
|
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20080619-1/"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
}
|
@ -1,102 +1,102 @@
|
|||||||
{
|
{
|
||||||
"CVE_data_meta" : {
|
"CVE_data_meta": {
|
||||||
"ASSIGNER" : "cve@mitre.org",
|
"ASSIGNER": "cve@mitre.org",
|
||||||
"ID" : "CVE-2008-6827",
|
"ID": "CVE-2008-6827",
|
||||||
"STATE" : "PUBLIC"
|
"STATE": "PUBLIC"
|
||||||
},
|
},
|
||||||
"affects" : {
|
"affects": {
|
||||||
"vendor" : {
|
"vendor": {
|
||||||
"vendor_data" : [
|
"vendor_data": [
|
||||||
{
|
{
|
||||||
"product" : {
|
"product": {
|
||||||
"product_data" : [
|
"product_data": [
|
||||||
{
|
{
|
||||||
"product_name" : "n/a",
|
"product_name": "n/a",
|
||||||
"version" : {
|
"version": {
|
||||||
"version_data" : [
|
"version_data": [
|
||||||
{
|
{
|
||||||
"version_value" : "n/a"
|
"version_value": "n/a"
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"vendor_name" : "n/a"
|
"vendor_name": "n/a"
|
||||||
}
|
}
|
||||||
]
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"data_format" : "MITRE",
|
|
||||||
"data_type" : "CVE",
|
|
||||||
"data_version" : "4.0",
|
|
||||||
"description" : {
|
|
||||||
"description_data" : [
|
|
||||||
{
|
|
||||||
"lang" : "eng",
|
|
||||||
"value" : "The ListView control in the Client GUI (AClient.exe) in Symantec Altiris Deployment Solution 6.x before 6.9.355 SP1 allows local users to gain SYSTEM privileges and execute arbitrary commands via a \"Shatter\" style attack on the \"command prompt\" hidden GUI button to (1) overwrite the CommandLine parameter to cmd.exe to use SYSTEM privileges and (2) modify the DLL that is loaded using the LoadLibrary API function."
|
|
||||||
}
|
|
||||||
]
|
|
||||||
},
|
|
||||||
"problemtype" : {
|
|
||||||
"problemtype_data" : [
|
|
||||||
{
|
|
||||||
"description" : [
|
|
||||||
{
|
|
||||||
"lang" : "eng",
|
|
||||||
"value" : "n/a"
|
|
||||||
}
|
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
]
|
},
|
||||||
},
|
"data_format": "MITRE",
|
||||||
"references" : {
|
"data_type": "CVE",
|
||||||
"reference_data" : [
|
"data_version": "4.0",
|
||||||
{
|
"description": {
|
||||||
"name" : "20081020 Insomnia : ISVA-081020.1 - Altiris Deployment Server Agent - Privilege Escalation",
|
"description_data": [
|
||||||
"refsource" : "BUGTRAQ",
|
{
|
||||||
"url" : "http://marc.info/?l=bugtraq&m=122460544316205&w=2"
|
"lang": "eng",
|
||||||
},
|
"value": "The ListView control in the Client GUI (AClient.exe) in Symantec Altiris Deployment Solution 6.x before 6.9.355 SP1 allows local users to gain SYSTEM privileges and execute arbitrary commands via a \"Shatter\" style attack on the \"command prompt\" hidden GUI button to (1) overwrite the CommandLine parameter to cmd.exe to use SYSTEM privileges and (2) modify the DLL that is loaded using the LoadLibrary API function."
|
||||||
{
|
}
|
||||||
"name" : "http://www.insomniasec.com/advisories/ISVA-081020.1.htm",
|
]
|
||||||
"refsource" : "MISC",
|
},
|
||||||
"url" : "http://www.insomniasec.com/advisories/ISVA-081020.1.htm"
|
"problemtype": {
|
||||||
},
|
"problemtype_data": [
|
||||||
{
|
{
|
||||||
"name" : "http://www.symantec.com/avcenter/security/Content/2008.10.20a.html",
|
"description": [
|
||||||
"refsource" : "CONFIRM",
|
{
|
||||||
"url" : "http://www.symantec.com/avcenter/security/Content/2008.10.20a.html"
|
"lang": "eng",
|
||||||
},
|
"value": "n/a"
|
||||||
{
|
}
|
||||||
"name" : "31766",
|
]
|
||||||
"refsource" : "BID",
|
}
|
||||||
"url" : "http://www.securityfocus.com/bid/31766"
|
]
|
||||||
},
|
},
|
||||||
{
|
"references": {
|
||||||
"name" : "49426",
|
"reference_data": [
|
||||||
"refsource" : "OSVDB",
|
{
|
||||||
"url" : "http://osvdb.org/49426"
|
"name": "1021071",
|
||||||
},
|
"refsource": "SECTRACK",
|
||||||
{
|
"url": "http://www.securitytracker.com/id?1021071"
|
||||||
"name" : "1021071",
|
},
|
||||||
"refsource" : "SECTRACK",
|
{
|
||||||
"url" : "http://www.securitytracker.com/id?1021071"
|
"name": "20081020 Insomnia : ISVA-081020.1 - Altiris Deployment Server Agent - Privilege Escalation",
|
||||||
},
|
"refsource": "BUGTRAQ",
|
||||||
{
|
"url": "http://marc.info/?l=bugtraq&m=122460544316205&w=2"
|
||||||
"name" : "31773",
|
},
|
||||||
"refsource" : "SECUNIA",
|
{
|
||||||
"url" : "http://secunia.com/advisories/31773"
|
"name": "http://www.symantec.com/avcenter/security/Content/2008.10.20a.html",
|
||||||
},
|
"refsource": "CONFIRM",
|
||||||
{
|
"url": "http://www.symantec.com/avcenter/security/Content/2008.10.20a.html"
|
||||||
"name" : "ADV-2008-2876",
|
},
|
||||||
"refsource" : "VUPEN",
|
{
|
||||||
"url" : "http://www.vupen.com/english/advisories/2008/2876"
|
"name": "31773",
|
||||||
},
|
"refsource": "SECUNIA",
|
||||||
{
|
"url": "http://secunia.com/advisories/31773"
|
||||||
"name" : "symantec-ads-clientgui-command-execution(46006)",
|
},
|
||||||
"refsource" : "XF",
|
{
|
||||||
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46006"
|
"name": "symantec-ads-clientgui-command-execution(46006)",
|
||||||
}
|
"refsource": "XF",
|
||||||
]
|
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46006"
|
||||||
}
|
},
|
||||||
}
|
{
|
||||||
|
"name": "ADV-2008-2876",
|
||||||
|
"refsource": "VUPEN",
|
||||||
|
"url": "http://www.vupen.com/english/advisories/2008/2876"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "49426",
|
||||||
|
"refsource": "OSVDB",
|
||||||
|
"url": "http://osvdb.org/49426"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "http://www.insomniasec.com/advisories/ISVA-081020.1.htm",
|
||||||
|
"refsource": "MISC",
|
||||||
|
"url": "http://www.insomniasec.com/advisories/ISVA-081020.1.htm"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "31766",
|
||||||
|
"refsource": "BID",
|
||||||
|
"url": "http://www.securityfocus.com/bid/31766"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
}
|
@ -1,87 +1,87 @@
|
|||||||
{
|
{
|
||||||
"CVE_data_meta" : {
|
"CVE_data_meta": {
|
||||||
"ASSIGNER" : "cve@mitre.org",
|
"ASSIGNER": "cve@mitre.org",
|
||||||
"ID" : "CVE-2008-6848",
|
"ID": "CVE-2008-6848",
|
||||||
"STATE" : "PUBLIC"
|
"STATE": "PUBLIC"
|
||||||
},
|
},
|
||||||
"affects" : {
|
"affects": {
|
||||||
"vendor" : {
|
"vendor": {
|
||||||
"vendor_data" : [
|
"vendor_data": [
|
||||||
{
|
{
|
||||||
"product" : {
|
"product": {
|
||||||
"product_data" : [
|
"product_data": [
|
||||||
{
|
{
|
||||||
"product_name" : "n/a",
|
"product_name": "n/a",
|
||||||
"version" : {
|
"version": {
|
||||||
"version_data" : [
|
"version_data": [
|
||||||
{
|
{
|
||||||
"version_value" : "n/a"
|
"version_value": "n/a"
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"vendor_name" : "n/a"
|
"vendor_name": "n/a"
|
||||||
}
|
}
|
||||||
]
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"data_format" : "MITRE",
|
|
||||||
"data_type" : "CVE",
|
|
||||||
"data_version" : "4.0",
|
|
||||||
"description" : {
|
|
||||||
"description_data" : [
|
|
||||||
{
|
|
||||||
"lang" : "eng",
|
|
||||||
"value" : "Cross-site scripting (XSS) vulnerability in index.php in phpGreetCards 3.7 allows remote attackers to inject arbitrary web script or HTML via the category parameter in a select action."
|
|
||||||
}
|
|
||||||
]
|
|
||||||
},
|
|
||||||
"problemtype" : {
|
|
||||||
"problemtype_data" : [
|
|
||||||
{
|
|
||||||
"description" : [
|
|
||||||
{
|
|
||||||
"lang" : "eng",
|
|
||||||
"value" : "n/a"
|
|
||||||
}
|
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
]
|
},
|
||||||
},
|
"data_format": "MITRE",
|
||||||
"references" : {
|
"data_type": "CVE",
|
||||||
"reference_data" : [
|
"data_version": "4.0",
|
||||||
{
|
"description": {
|
||||||
"name" : "7561",
|
"description_data": [
|
||||||
"refsource" : "EXPLOIT-DB",
|
{
|
||||||
"url" : "https://www.exploit-db.com/exploits/7561"
|
"lang": "eng",
|
||||||
},
|
"value": "Cross-site scripting (XSS) vulnerability in index.php in phpGreetCards 3.7 allows remote attackers to inject arbitrary web script or HTML via the category parameter in a select action."
|
||||||
{
|
}
|
||||||
"name" : "33001",
|
]
|
||||||
"refsource" : "BID",
|
},
|
||||||
"url" : "http://www.securityfocus.com/bid/33001"
|
"problemtype": {
|
||||||
},
|
"problemtype_data": [
|
||||||
{
|
{
|
||||||
"name" : "50989",
|
"description": [
|
||||||
"refsource" : "OSVDB",
|
{
|
||||||
"url" : "http://osvdb.org/50989"
|
"lang": "eng",
|
||||||
},
|
"value": "n/a"
|
||||||
{
|
}
|
||||||
"name" : "33304",
|
]
|
||||||
"refsource" : "SECUNIA",
|
}
|
||||||
"url" : "http://secunia.com/advisories/33304"
|
]
|
||||||
},
|
},
|
||||||
{
|
"references": {
|
||||||
"name" : "ADV-2008-3510",
|
"reference_data": [
|
||||||
"refsource" : "VUPEN",
|
{
|
||||||
"url" : "http://www.vupen.com/english/advisories/2008/3510"
|
"name": "phpgreetcards-index-xss(47590)",
|
||||||
},
|
"refsource": "XF",
|
||||||
{
|
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47590"
|
||||||
"name" : "phpgreetcards-index-xss(47590)",
|
},
|
||||||
"refsource" : "XF",
|
{
|
||||||
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/47590"
|
"name": "7561",
|
||||||
}
|
"refsource": "EXPLOIT-DB",
|
||||||
]
|
"url": "https://www.exploit-db.com/exploits/7561"
|
||||||
}
|
},
|
||||||
}
|
{
|
||||||
|
"name": "50989",
|
||||||
|
"refsource": "OSVDB",
|
||||||
|
"url": "http://osvdb.org/50989"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "33001",
|
||||||
|
"refsource": "BID",
|
||||||
|
"url": "http://www.securityfocus.com/bid/33001"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "33304",
|
||||||
|
"refsource": "SECUNIA",
|
||||||
|
"url": "http://secunia.com/advisories/33304"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "ADV-2008-3510",
|
||||||
|
"refsource": "VUPEN",
|
||||||
|
"url": "http://www.vupen.com/english/advisories/2008/3510"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
}
|
@ -1,107 +1,107 @@
|
|||||||
{
|
{
|
||||||
"CVE_data_meta" : {
|
"CVE_data_meta": {
|
||||||
"ASSIGNER" : "cve@mitre.org",
|
"ASSIGNER": "cve@mitre.org",
|
||||||
"ID" : "CVE-2008-7054",
|
"ID": "CVE-2008-7054",
|
||||||
"STATE" : "PUBLIC"
|
"STATE": "PUBLIC"
|
||||||
},
|
},
|
||||||
"affects" : {
|
"affects": {
|
||||||
"vendor" : {
|
"vendor": {
|
||||||
"vendor_data" : [
|
"vendor_data": [
|
||||||
{
|
{
|
||||||
"product" : {
|
"product": {
|
||||||
"product_data" : [
|
"product_data": [
|
||||||
{
|
{
|
||||||
"product_name" : "n/a",
|
"product_name": "n/a",
|
||||||
"version" : {
|
"version": {
|
||||||
"version_data" : [
|
"version_data": [
|
||||||
{
|
{
|
||||||
"version_value" : "n/a"
|
"version_value": "n/a"
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"vendor_name" : "n/a"
|
"vendor_name": "n/a"
|
||||||
}
|
}
|
||||||
]
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"data_format" : "MITRE",
|
|
||||||
"data_type" : "CVE",
|
|
||||||
"data_version" : "4.0",
|
|
||||||
"description" : {
|
|
||||||
"description_data" : [
|
|
||||||
{
|
|
||||||
"lang" : "eng",
|
|
||||||
"value" : "Multiple directory traversal vulnerabilities in ezContents 2.0.3 allow remote attackers to include and execute arbitrary local files via the (1) gsLanguage and (2) language_home parameters to modules/diary/showdiary.php; (3) admin_home, (4) gsLanguage, and (5) language_home parameters to modules/diary/showdiarydetail.php; (6) gsLanguage and (7) language_home parameters to modules/diary/submit_diary.php; (8) admin_home parameter to modules/news/news_summary.php; (9) nLink, (10) gsLanguage, and (11) language_home parameters to modules/news/inlinenews.php; and possibly other unspecified vectors in (12) diary/showeventlist.php, (13) gallery/showgallery.php, (14) reviews/showreviews.php, (15) gallery/showgallerydetails.php, (16) reviews/showreviewsdetails.php, (17) news/shownewsdetails.php, (18) gallery/submit_gallery.php, (19) guestbook/submit_guestbook.php, (20) reviews/submit_reviews.php, (21) news/submit_news.php, (22) diary/inlineeventlist.php, and (23) news/archivednews_summary.php in modules/, related to the lack of directory traversal protection in modules/moduleSec.php."
|
|
||||||
}
|
|
||||||
]
|
|
||||||
},
|
|
||||||
"problemtype" : {
|
|
||||||
"problemtype_data" : [
|
|
||||||
{
|
|
||||||
"description" : [
|
|
||||||
{
|
|
||||||
"lang" : "eng",
|
|
||||||
"value" : "n/a"
|
|
||||||
}
|
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
]
|
},
|
||||||
},
|
"data_format": "MITRE",
|
||||||
"references" : {
|
"data_type": "CVE",
|
||||||
"reference_data" : [
|
"data_version": "4.0",
|
||||||
{
|
"description": {
|
||||||
"name" : "20080825 [DSECRG-08-038] Multiple Local File Include Vulnerabilities in ezContents CMS 2.0.3",
|
"description_data": [
|
||||||
"refsource" : "BUGTRAQ",
|
{
|
||||||
"url" : "http://www.securityfocus.com/archive/1/495705/100/100/threaded"
|
"lang": "eng",
|
||||||
},
|
"value": "Multiple directory traversal vulnerabilities in ezContents 2.0.3 allow remote attackers to include and execute arbitrary local files via the (1) gsLanguage and (2) language_home parameters to modules/diary/showdiary.php; (3) admin_home, (4) gsLanguage, and (5) language_home parameters to modules/diary/showdiarydetail.php; (6) gsLanguage and (7) language_home parameters to modules/diary/submit_diary.php; (8) admin_home parameter to modules/news/news_summary.php; (9) nLink, (10) gsLanguage, and (11) language_home parameters to modules/news/inlinenews.php; and possibly other unspecified vectors in (12) diary/showeventlist.php, (13) gallery/showgallery.php, (14) reviews/showreviews.php, (15) gallery/showgallerydetails.php, (16) reviews/showreviewsdetails.php, (17) news/shownewsdetails.php, (18) gallery/submit_gallery.php, (19) guestbook/submit_guestbook.php, (20) reviews/submit_reviews.php, (21) news/submit_news.php, (22) diary/inlineeventlist.php, and (23) news/archivednews_summary.php in modules/, related to the lack of directory traversal protection in modules/moduleSec.php."
|
||||||
{
|
}
|
||||||
"name" : "6301",
|
]
|
||||||
"refsource" : "EXPLOIT-DB",
|
},
|
||||||
"url" : "https://www.exploit-db.com/exploits/6301"
|
"problemtype": {
|
||||||
},
|
"problemtype_data": [
|
||||||
{
|
{
|
||||||
"name" : "30821",
|
"description": [
|
||||||
"refsource" : "BID",
|
{
|
||||||
"url" : "http://www.securityfocus.com/bid/30821"
|
"lang": "eng",
|
||||||
},
|
"value": "n/a"
|
||||||
{
|
}
|
||||||
"name" : "47773",
|
]
|
||||||
"refsource" : "OSVDB",
|
}
|
||||||
"url" : "http://www.osvdb.org/47773"
|
]
|
||||||
},
|
},
|
||||||
{
|
"references": {
|
||||||
"name" : "47774",
|
"reference_data": [
|
||||||
"refsource" : "OSVDB",
|
{
|
||||||
"url" : "http://www.osvdb.org/47774"
|
"name": "20080825 [DSECRG-08-038] Multiple Local File Include Vulnerabilities in ezContents CMS 2.0.3",
|
||||||
},
|
"refsource": "BUGTRAQ",
|
||||||
{
|
"url": "http://www.securityfocus.com/archive/1/495705/100/100/threaded"
|
||||||
"name" : "47775",
|
},
|
||||||
"refsource" : "OSVDB",
|
{
|
||||||
"url" : "http://www.osvdb.org/47775"
|
"name": "47777",
|
||||||
},
|
"refsource": "OSVDB",
|
||||||
{
|
"url": "http://www.osvdb.org/47777"
|
||||||
"name" : "47776",
|
},
|
||||||
"refsource" : "OSVDB",
|
{
|
||||||
"url" : "http://www.osvdb.org/47776"
|
"name": "47773",
|
||||||
},
|
"refsource": "OSVDB",
|
||||||
{
|
"url": "http://www.osvdb.org/47773"
|
||||||
"name" : "47777",
|
},
|
||||||
"refsource" : "OSVDB",
|
{
|
||||||
"url" : "http://www.osvdb.org/47777"
|
"name": "6301",
|
||||||
},
|
"refsource": "EXPLOIT-DB",
|
||||||
{
|
"url": "https://www.exploit-db.com/exploits/6301"
|
||||||
"name" : "31606",
|
},
|
||||||
"refsource" : "SECUNIA",
|
{
|
||||||
"url" : "http://secunia.com/advisories/31606"
|
"name": "31606",
|
||||||
},
|
"refsource": "SECUNIA",
|
||||||
{
|
"url": "http://secunia.com/advisories/31606"
|
||||||
"name" : "ezcontents-showdiary-file-include(44665)",
|
},
|
||||||
"refsource" : "XF",
|
{
|
||||||
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44665"
|
"name": "ezcontents-showdiary-file-include(44665)",
|
||||||
}
|
"refsource": "XF",
|
||||||
]
|
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44665"
|
||||||
}
|
},
|
||||||
}
|
{
|
||||||
|
"name": "47776",
|
||||||
|
"refsource": "OSVDB",
|
||||||
|
"url": "http://www.osvdb.org/47776"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "47775",
|
||||||
|
"refsource": "OSVDB",
|
||||||
|
"url": "http://www.osvdb.org/47775"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "30821",
|
||||||
|
"refsource": "BID",
|
||||||
|
"url": "http://www.securityfocus.com/bid/30821"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "47774",
|
||||||
|
"refsource": "OSVDB",
|
||||||
|
"url": "http://www.osvdb.org/47774"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
}
|
@ -1,82 +1,82 @@
|
|||||||
{
|
{
|
||||||
"CVE_data_meta" : {
|
"CVE_data_meta": {
|
||||||
"ASSIGNER" : "cve@mitre.org",
|
"ASSIGNER": "cve@mitre.org",
|
||||||
"ID" : "CVE-2012-1020",
|
"ID": "CVE-2012-1020",
|
||||||
"STATE" : "PUBLIC"
|
"STATE": "PUBLIC"
|
||||||
},
|
},
|
||||||
"affects" : {
|
"affects": {
|
||||||
"vendor" : {
|
"vendor": {
|
||||||
"vendor_data" : [
|
"vendor_data": [
|
||||||
{
|
{
|
||||||
"product" : {
|
"product": {
|
||||||
"product_data" : [
|
"product_data": [
|
||||||
{
|
{
|
||||||
"product_name" : "n/a",
|
"product_name": "n/a",
|
||||||
"version" : {
|
"version": {
|
||||||
"version_data" : [
|
"version_data": [
|
||||||
{
|
{
|
||||||
"version_value" : "n/a"
|
"version_value": "n/a"
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"vendor_name" : "n/a"
|
"vendor_name": "n/a"
|
||||||
}
|
}
|
||||||
]
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"data_format" : "MITRE",
|
|
||||||
"data_type" : "CVE",
|
|
||||||
"data_version" : "4.0",
|
|
||||||
"description" : {
|
|
||||||
"description_data" : [
|
|
||||||
{
|
|
||||||
"lang" : "eng",
|
|
||||||
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in login.php in NexorONE Online Banking allow remote attackers to inject arbitrary web script or HTML via the (1) visitor_language parameter to register.php or (2) message parameter."
|
|
||||||
}
|
|
||||||
]
|
|
||||||
},
|
|
||||||
"problemtype" : {
|
|
||||||
"problemtype_data" : [
|
|
||||||
{
|
|
||||||
"description" : [
|
|
||||||
{
|
|
||||||
"lang" : "eng",
|
|
||||||
"value" : "n/a"
|
|
||||||
}
|
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
]
|
},
|
||||||
},
|
"data_format": "MITRE",
|
||||||
"references" : {
|
"data_type": "CVE",
|
||||||
"reference_data" : [
|
"data_version": "4.0",
|
||||||
{
|
"description": {
|
||||||
"name" : "20120205 NexorONE Online Banking - Multiple Cross Site Vulnerabilities",
|
"description_data": [
|
||||||
"refsource" : "FULLDISC",
|
{
|
||||||
"url" : "http://marc.info/?l=full-disclosure&m=132852645911072&w=2"
|
"lang": "eng",
|
||||||
},
|
"value": "Multiple cross-site scripting (XSS) vulnerabilities in login.php in NexorONE Online Banking allow remote attackers to inject arbitrary web script or HTML via the (1) visitor_language parameter to register.php or (2) message parameter."
|
||||||
{
|
}
|
||||||
"name" : "http://www.vulnerability-lab.com/get_content.php?id=304",
|
]
|
||||||
"refsource" : "MISC",
|
},
|
||||||
"url" : "http://www.vulnerability-lab.com/get_content.php?id=304"
|
"problemtype": {
|
||||||
},
|
"problemtype_data": [
|
||||||
{
|
{
|
||||||
"name" : "51876",
|
"description": [
|
||||||
"refsource" : "BID",
|
{
|
||||||
"url" : "http://www.securityfocus.com/bid/51876"
|
"lang": "eng",
|
||||||
},
|
"value": "n/a"
|
||||||
{
|
}
|
||||||
"name" : "47897",
|
]
|
||||||
"refsource" : "SECUNIA",
|
}
|
||||||
"url" : "http://secunia.com/advisories/47897"
|
]
|
||||||
},
|
},
|
||||||
{
|
"references": {
|
||||||
"name" : "nexorone-login-xss(73001)",
|
"reference_data": [
|
||||||
"refsource" : "XF",
|
{
|
||||||
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/73001"
|
"name": "nexorone-login-xss(73001)",
|
||||||
}
|
"refsource": "XF",
|
||||||
]
|
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73001"
|
||||||
}
|
},
|
||||||
}
|
{
|
||||||
|
"name": "http://www.vulnerability-lab.com/get_content.php?id=304",
|
||||||
|
"refsource": "MISC",
|
||||||
|
"url": "http://www.vulnerability-lab.com/get_content.php?id=304"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "51876",
|
||||||
|
"refsource": "BID",
|
||||||
|
"url": "http://www.securityfocus.com/bid/51876"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "47897",
|
||||||
|
"refsource": "SECUNIA",
|
||||||
|
"url": "http://secunia.com/advisories/47897"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "20120205 NexorONE Online Banking - Multiple Cross Site Vulnerabilities",
|
||||||
|
"refsource": "FULLDISC",
|
||||||
|
"url": "http://marc.info/?l=full-disclosure&m=132852645911072&w=2"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
}
|
@ -1,72 +1,72 @@
|
|||||||
{
|
{
|
||||||
"CVE_data_meta" : {
|
"CVE_data_meta": {
|
||||||
"ASSIGNER" : "cve@mitre.org",
|
"ASSIGNER": "cve@mitre.org",
|
||||||
"ID" : "CVE-2012-5358",
|
"ID": "CVE-2012-5358",
|
||||||
"STATE" : "PUBLIC"
|
"STATE": "PUBLIC"
|
||||||
},
|
},
|
||||||
"affects" : {
|
"affects": {
|
||||||
"vendor" : {
|
"vendor": {
|
||||||
"vendor_data" : [
|
"vendor_data": [
|
||||||
{
|
{
|
||||||
"product" : {
|
"product": {
|
||||||
"product_data" : [
|
"product_data": [
|
||||||
{
|
{
|
||||||
"product_name" : "n/a",
|
"product_name": "n/a",
|
||||||
"version" : {
|
"version": {
|
||||||
"version_data" : [
|
"version_data": [
|
||||||
{
|
{
|
||||||
"version_value" : "n/a"
|
"version_value": "n/a"
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"vendor_name" : "n/a"
|
"vendor_name": "n/a"
|
||||||
}
|
}
|
||||||
]
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"data_format" : "MITRE",
|
|
||||||
"data_type" : "CVE",
|
|
||||||
"data_version" : "4.0",
|
|
||||||
"description" : {
|
|
||||||
"description_data" : [
|
|
||||||
{
|
|
||||||
"lang" : "eng",
|
|
||||||
"value" : "The XSLTCompiledTransform function in Ektron Content Management System (CMS) before 8.02 SP5 configures the XSL with enableDocumentFunction set to true, which allows remote attackers to read arbitrary files and consequently bypass authentication, modify viewstate, cause a denial of service, or possibly have unspecified other impact via crafted XSL data."
|
|
||||||
}
|
|
||||||
]
|
|
||||||
},
|
|
||||||
"problemtype" : {
|
|
||||||
"problemtype_data" : [
|
|
||||||
{
|
|
||||||
"description" : [
|
|
||||||
{
|
|
||||||
"lang" : "eng",
|
|
||||||
"value" : "n/a"
|
|
||||||
}
|
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
]
|
},
|
||||||
},
|
"data_format": "MITRE",
|
||||||
"references" : {
|
"data_type": "CVE",
|
||||||
"reference_data" : [
|
"data_version": "4.0",
|
||||||
{
|
"description": {
|
||||||
"name" : "https://technet.microsoft.com/library/security/msvr12-016",
|
"description_data": [
|
||||||
"refsource" : "MISC",
|
{
|
||||||
"url" : "https://technet.microsoft.com/library/security/msvr12-016"
|
"lang": "eng",
|
||||||
},
|
"value": "The XSLTCompiledTransform function in Ektron Content Management System (CMS) before 8.02 SP5 configures the XSL with enableDocumentFunction set to true, which allows remote attackers to read arbitrary files and consequently bypass authentication, modify viewstate, cause a denial of service, or possibly have unspecified other impact via crafted XSL data."
|
||||||
{
|
}
|
||||||
"name" : "https://webstersprodigy.net/2012/10/25/cve-2012-5357cve-1012-5358-cool-ektron-xslt-rce-bugs/",
|
]
|
||||||
"refsource" : "MISC",
|
},
|
||||||
"url" : "https://webstersprodigy.net/2012/10/25/cve-2012-5357cve-1012-5358-cool-ektron-xslt-rce-bugs/"
|
"problemtype": {
|
||||||
},
|
"problemtype_data": [
|
||||||
{
|
{
|
||||||
"name" : "http://documentation.ektron.com/current/ReleaseNotes/Release8/8.02SP5.htm",
|
"description": [
|
||||||
"refsource" : "CONFIRM",
|
{
|
||||||
"url" : "http://documentation.ektron.com/current/ReleaseNotes/Release8/8.02SP5.htm"
|
"lang": "eng",
|
||||||
}
|
"value": "n/a"
|
||||||
]
|
}
|
||||||
}
|
]
|
||||||
}
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"references": {
|
||||||
|
"reference_data": [
|
||||||
|
{
|
||||||
|
"name": "https://webstersprodigy.net/2012/10/25/cve-2012-5357cve-1012-5358-cool-ektron-xslt-rce-bugs/",
|
||||||
|
"refsource": "MISC",
|
||||||
|
"url": "https://webstersprodigy.net/2012/10/25/cve-2012-5357cve-1012-5358-cool-ektron-xslt-rce-bugs/"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "http://documentation.ektron.com/current/ReleaseNotes/Release8/8.02SP5.htm",
|
||||||
|
"refsource": "CONFIRM",
|
||||||
|
"url": "http://documentation.ektron.com/current/ReleaseNotes/Release8/8.02SP5.htm"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "https://technet.microsoft.com/library/security/msvr12-016",
|
||||||
|
"refsource": "MISC",
|
||||||
|
"url": "https://technet.microsoft.com/library/security/msvr12-016"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
}
|
@ -1,72 +1,72 @@
|
|||||||
{
|
{
|
||||||
"CVE_data_meta" : {
|
"CVE_data_meta": {
|
||||||
"ASSIGNER" : "cve@mitre.org",
|
"ASSIGNER": "psirt@cisco.com",
|
||||||
"ID" : "CVE-2012-5416",
|
"ID": "CVE-2012-5416",
|
||||||
"STATE" : "PUBLIC"
|
"STATE": "PUBLIC"
|
||||||
},
|
},
|
||||||
"affects" : {
|
"affects": {
|
||||||
"vendor" : {
|
"vendor": {
|
||||||
"vendor_data" : [
|
"vendor_data": [
|
||||||
{
|
{
|
||||||
"product" : {
|
"product": {
|
||||||
"product_data" : [
|
"product_data": [
|
||||||
{
|
{
|
||||||
"product_name" : "n/a",
|
"product_name": "n/a",
|
||||||
"version" : {
|
"version": {
|
||||||
"version_data" : [
|
"version_data": [
|
||||||
{
|
{
|
||||||
"version_value" : "n/a"
|
"version_value": "n/a"
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"vendor_name" : "n/a"
|
"vendor_name": "n/a"
|
||||||
}
|
}
|
||||||
]
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"data_format" : "MITRE",
|
|
||||||
"data_type" : "CVE",
|
|
||||||
"data_version" : "4.0",
|
|
||||||
"description" : {
|
|
||||||
"description_data" : [
|
|
||||||
{
|
|
||||||
"lang" : "eng",
|
|
||||||
"value" : "Buffer overflow in Cisco Unified MeetingPlace Web Conferencing before 7.1MR1 Patch 1, 8.0 before 8.0MR1 Patch 1, and 8.5 before 8.5MR3 allows remote attackers to cause a denial of service (daemon hang) via unspecified parameters in a POST request, aka Bug ID CSCua66341."
|
|
||||||
}
|
|
||||||
]
|
|
||||||
},
|
|
||||||
"problemtype" : {
|
|
||||||
"problemtype_data" : [
|
|
||||||
{
|
|
||||||
"description" : [
|
|
||||||
{
|
|
||||||
"lang" : "eng",
|
|
||||||
"value" : "n/a"
|
|
||||||
}
|
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
]
|
},
|
||||||
},
|
"data_format": "MITRE",
|
||||||
"references" : {
|
"data_type": "CVE",
|
||||||
"reference_data" : [
|
"data_version": "4.0",
|
||||||
{
|
"description": {
|
||||||
"name" : "20121031 Multiple Vulnerabilities in Cisco Unified MeetingPlace Web Conferencing",
|
"description_data": [
|
||||||
"refsource" : "CISCO",
|
{
|
||||||
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20121031-mp"
|
"lang": "eng",
|
||||||
},
|
"value": "Buffer overflow in Cisco Unified MeetingPlace Web Conferencing before 7.1MR1 Patch 1, 8.0 before 8.0MR1 Patch 1, and 8.5 before 8.5MR3 allows remote attackers to cause a denial of service (daemon hang) via unspecified parameters in a POST request, aka Bug ID CSCua66341."
|
||||||
{
|
}
|
||||||
"name" : "86859",
|
]
|
||||||
"refsource" : "OSVDB",
|
},
|
||||||
"url" : "http://osvdb.org/86859"
|
"problemtype": {
|
||||||
},
|
"problemtype_data": [
|
||||||
{
|
{
|
||||||
"name" : "cisco-meetingplace-dos(79721)",
|
"description": [
|
||||||
"refsource" : "XF",
|
{
|
||||||
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/79721"
|
"lang": "eng",
|
||||||
}
|
"value": "n/a"
|
||||||
]
|
}
|
||||||
}
|
]
|
||||||
}
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"references": {
|
||||||
|
"reference_data": [
|
||||||
|
{
|
||||||
|
"name": "86859",
|
||||||
|
"refsource": "OSVDB",
|
||||||
|
"url": "http://osvdb.org/86859"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "20121031 Multiple Vulnerabilities in Cisco Unified MeetingPlace Web Conferencing",
|
||||||
|
"refsource": "CISCO",
|
||||||
|
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20121031-mp"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "cisco-meetingplace-dos(79721)",
|
||||||
|
"refsource": "XF",
|
||||||
|
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79721"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
}
|
@ -1,18 +1,18 @@
|
|||||||
{
|
{
|
||||||
"CVE_data_meta" : {
|
"data_type": "CVE",
|
||||||
"ASSIGNER" : "cve@mitre.org",
|
"data_format": "MITRE",
|
||||||
"ID" : "CVE-2012-5594",
|
"data_version": "4.0",
|
||||||
"STATE" : "REJECT"
|
"CVE_data_meta": {
|
||||||
},
|
"ID": "CVE-2012-5594",
|
||||||
"data_format" : "MITRE",
|
"ASSIGNER": "cve@mitre.org",
|
||||||
"data_type" : "CVE",
|
"STATE": "REJECT"
|
||||||
"data_version" : "4.0",
|
},
|
||||||
"description" : {
|
"description": {
|
||||||
"description_data" : [
|
"description_data": [
|
||||||
{
|
{
|
||||||
"lang" : "eng",
|
"lang": "eng",
|
||||||
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-6054. Reason: This candidate is a reservation duplicate of CVE-2012-6054. Notes: All CVE users should reference CVE-2012-6054 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
|
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-6054. Reason: This candidate is a reservation duplicate of CVE-2012-6054. Notes: All CVE users should reference CVE-2012-6054 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
}
|
}
|
@ -1,18 +1,18 @@
|
|||||||
{
|
{
|
||||||
"CVE_data_meta" : {
|
"CVE_data_meta": {
|
||||||
"ASSIGNER" : "cve@mitre.org",
|
"ASSIGNER": "cve@mitre.org",
|
||||||
"ID" : "CVE-2012-5747",
|
"ID": "CVE-2012-5747",
|
||||||
"STATE" : "RESERVED"
|
"STATE": "RESERVED"
|
||||||
},
|
},
|
||||||
"data_format" : "MITRE",
|
"data_format": "MITRE",
|
||||||
"data_type" : "CVE",
|
"data_type": "CVE",
|
||||||
"data_version" : "4.0",
|
"data_version": "4.0",
|
||||||
"description" : {
|
"description": {
|
||||||
"description_data" : [
|
"description_data": [
|
||||||
{
|
{
|
||||||
"lang" : "eng",
|
"lang": "eng",
|
||||||
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
}
|
}
|
@ -1,72 +1,72 @@
|
|||||||
{
|
{
|
||||||
"CVE_data_meta" : {
|
"CVE_data_meta": {
|
||||||
"ASSIGNER" : "cve@mitre.org",
|
"ASSIGNER": "psirt@us.ibm.com",
|
||||||
"ID" : "CVE-2012-5757",
|
"ID": "CVE-2012-5757",
|
||||||
"STATE" : "PUBLIC"
|
"STATE": "PUBLIC"
|
||||||
},
|
},
|
||||||
"affects" : {
|
"affects": {
|
||||||
"vendor" : {
|
"vendor": {
|
||||||
"vendor_data" : [
|
"vendor_data": [
|
||||||
{
|
{
|
||||||
"product" : {
|
"product": {
|
||||||
"product_data" : [
|
"product_data": [
|
||||||
{
|
{
|
||||||
"product_name" : "n/a",
|
"product_name": "n/a",
|
||||||
"version" : {
|
"version": {
|
||||||
"version_data" : [
|
"version_data": [
|
||||||
{
|
{
|
||||||
"version_value" : "n/a"
|
"version_value": "n/a"
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"vendor_name" : "n/a"
|
"vendor_name": "n/a"
|
||||||
}
|
}
|
||||||
]
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"data_format" : "MITRE",
|
|
||||||
"data_type" : "CVE",
|
|
||||||
"data_version" : "4.0",
|
|
||||||
"description" : {
|
|
||||||
"description_data" : [
|
|
||||||
{
|
|
||||||
"lang" : "eng",
|
|
||||||
"value" : "Cross-site scripting (XSS) vulnerability in the Web Client in IBM Rational ClearQuest 7.1.x before 7.1.2.10 and 8.x before 8.0.0.6 allows remote attackers to inject arbitrary web script or HTML via a crafted URL."
|
|
||||||
}
|
|
||||||
]
|
|
||||||
},
|
|
||||||
"problemtype" : {
|
|
||||||
"problemtype_data" : [
|
|
||||||
{
|
|
||||||
"description" : [
|
|
||||||
{
|
|
||||||
"lang" : "eng",
|
|
||||||
"value" : "n/a"
|
|
||||||
}
|
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
]
|
},
|
||||||
},
|
"data_format": "MITRE",
|
||||||
"references" : {
|
"data_type": "CVE",
|
||||||
"reference_data" : [
|
"data_version": "4.0",
|
||||||
{
|
"description": {
|
||||||
"name" : "http://www.ibm.com/support/docview.wss?uid=swg21619993",
|
"description_data": [
|
||||||
"refsource" : "CONFIRM",
|
{
|
||||||
"url" : "http://www.ibm.com/support/docview.wss?uid=swg21619993"
|
"lang": "eng",
|
||||||
},
|
"value": "Cross-site scripting (XSS) vulnerability in the Web Client in IBM Rational ClearQuest 7.1.x before 7.1.2.10 and 8.x before 8.0.0.6 allows remote attackers to inject arbitrary web script or HTML via a crafted URL."
|
||||||
{
|
}
|
||||||
"name" : "PM77153",
|
]
|
||||||
"refsource" : "AIXAPAR",
|
},
|
||||||
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1PM77153"
|
"problemtype": {
|
||||||
},
|
"problemtype_data": [
|
||||||
{
|
{
|
||||||
"name" : "rcq-reflected-xss(80061)",
|
"description": [
|
||||||
"refsource" : "XF",
|
{
|
||||||
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/80061"
|
"lang": "eng",
|
||||||
}
|
"value": "n/a"
|
||||||
]
|
}
|
||||||
}
|
]
|
||||||
}
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"references": {
|
||||||
|
"reference_data": [
|
||||||
|
{
|
||||||
|
"name": "PM77153",
|
||||||
|
"refsource": "AIXAPAR",
|
||||||
|
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM77153"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "rcq-reflected-xss(80061)",
|
||||||
|
"refsource": "XF",
|
||||||
|
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80061"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "http://www.ibm.com/support/docview.wss?uid=swg21619993",
|
||||||
|
"refsource": "CONFIRM",
|
||||||
|
"url": "http://www.ibm.com/support/docview.wss?uid=swg21619993"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
}
|
@ -1,62 +1,62 @@
|
|||||||
{
|
{
|
||||||
"CVE_data_meta" : {
|
"CVE_data_meta": {
|
||||||
"ASSIGNER" : "cve@mitre.org",
|
"ASSIGNER": "cve@mitre.org",
|
||||||
"ID" : "CVE-2012-5807",
|
"ID": "CVE-2012-5807",
|
||||||
"STATE" : "PUBLIC"
|
"STATE": "PUBLIC"
|
||||||
},
|
},
|
||||||
"affects" : {
|
"affects": {
|
||||||
"vendor" : {
|
"vendor": {
|
||||||
"vendor_data" : [
|
"vendor_data": [
|
||||||
{
|
{
|
||||||
"product" : {
|
"product": {
|
||||||
"product_data" : [
|
"product_data": [
|
||||||
{
|
{
|
||||||
"product_name" : "n/a",
|
"product_name": "n/a",
|
||||||
"version" : {
|
"version": {
|
||||||
"version_data" : [
|
"version_data": [
|
||||||
{
|
{
|
||||||
"version_value" : "n/a"
|
"version_value": "n/a"
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"vendor_name" : "n/a"
|
"vendor_name": "n/a"
|
||||||
}
|
}
|
||||||
]
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"data_format" : "MITRE",
|
|
||||||
"data_type" : "CVE",
|
|
||||||
"data_version" : "4.0",
|
|
||||||
"description" : {
|
|
||||||
"description_data" : [
|
|
||||||
{
|
|
||||||
"lang" : "eng",
|
|
||||||
"value" : "The Authorize.Net eCheck module in Zen Cart does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate."
|
|
||||||
}
|
|
||||||
]
|
|
||||||
},
|
|
||||||
"problemtype" : {
|
|
||||||
"problemtype_data" : [
|
|
||||||
{
|
|
||||||
"description" : [
|
|
||||||
{
|
|
||||||
"lang" : "eng",
|
|
||||||
"value" : "n/a"
|
|
||||||
}
|
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
]
|
},
|
||||||
},
|
"data_format": "MITRE",
|
||||||
"references" : {
|
"data_type": "CVE",
|
||||||
"reference_data" : [
|
"data_version": "4.0",
|
||||||
{
|
"description": {
|
||||||
"name" : "http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf",
|
"description_data": [
|
||||||
"refsource" : "MISC",
|
{
|
||||||
"url" : "http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf"
|
"lang": "eng",
|
||||||
}
|
"value": "The Authorize.Net eCheck module in Zen Cart does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate."
|
||||||
]
|
}
|
||||||
}
|
]
|
||||||
}
|
},
|
||||||
|
"problemtype": {
|
||||||
|
"problemtype_data": [
|
||||||
|
{
|
||||||
|
"description": [
|
||||||
|
{
|
||||||
|
"lang": "eng",
|
||||||
|
"value": "n/a"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"references": {
|
||||||
|
"reference_data": [
|
||||||
|
{
|
||||||
|
"name": "http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf",
|
||||||
|
"refsource": "MISC",
|
||||||
|
"url": "http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
}
|
@ -1,67 +1,67 @@
|
|||||||
{
|
{
|
||||||
"CVE_data_meta" : {
|
"CVE_data_meta": {
|
||||||
"ASSIGNER" : "cve@mitre.org",
|
"ASSIGNER": "cve@mitre.org",
|
||||||
"ID" : "CVE-2017-11346",
|
"ID": "CVE-2017-11346",
|
||||||
"STATE" : "PUBLIC"
|
"STATE": "PUBLIC"
|
||||||
},
|
},
|
||||||
"affects" : {
|
"affects": {
|
||||||
"vendor" : {
|
"vendor": {
|
||||||
"vendor_data" : [
|
"vendor_data": [
|
||||||
{
|
{
|
||||||
"product" : {
|
"product": {
|
||||||
"product_data" : [
|
"product_data": [
|
||||||
{
|
{
|
||||||
"product_name" : "n/a",
|
"product_name": "n/a",
|
||||||
"version" : {
|
"version": {
|
||||||
"version_data" : [
|
"version_data": [
|
||||||
{
|
{
|
||||||
"version_value" : "n/a"
|
"version_value": "n/a"
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"vendor_name" : "n/a"
|
"vendor_name": "n/a"
|
||||||
}
|
}
|
||||||
]
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"data_format" : "MITRE",
|
|
||||||
"data_type" : "CVE",
|
|
||||||
"data_version" : "4.0",
|
|
||||||
"description" : {
|
|
||||||
"description_data" : [
|
|
||||||
{
|
|
||||||
"lang" : "eng",
|
|
||||||
"value" : "Zoho ManageEngine Desktop Central before build 100092 allows remote attackers to execute arbitrary code via vectors involving the upload of help desk videos."
|
|
||||||
}
|
|
||||||
]
|
|
||||||
},
|
|
||||||
"problemtype" : {
|
|
||||||
"problemtype_data" : [
|
|
||||||
{
|
|
||||||
"description" : [
|
|
||||||
{
|
|
||||||
"lang" : "eng",
|
|
||||||
"value" : "n/a"
|
|
||||||
}
|
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
]
|
},
|
||||||
},
|
"data_format": "MITRE",
|
||||||
"references" : {
|
"data_type": "CVE",
|
||||||
"reference_data" : [
|
"data_version": "4.0",
|
||||||
{
|
"description": {
|
||||||
"name" : "42358",
|
"description_data": [
|
||||||
"refsource" : "EXPLOIT-DB",
|
{
|
||||||
"url" : "https://www.exploit-db.com/exploits/42358/"
|
"lang": "eng",
|
||||||
},
|
"value": "Zoho ManageEngine Desktop Central before build 100092 allows remote attackers to execute arbitrary code via vectors involving the upload of help desk videos."
|
||||||
{
|
}
|
||||||
"name" : "https://www.manageengine.com/products/desktop-central/remote-code-execution.html",
|
]
|
||||||
"refsource" : "CONFIRM",
|
},
|
||||||
"url" : "https://www.manageengine.com/products/desktop-central/remote-code-execution.html"
|
"problemtype": {
|
||||||
}
|
"problemtype_data": [
|
||||||
]
|
{
|
||||||
}
|
"description": [
|
||||||
}
|
{
|
||||||
|
"lang": "eng",
|
||||||
|
"value": "n/a"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"references": {
|
||||||
|
"reference_data": [
|
||||||
|
{
|
||||||
|
"name": "https://www.manageengine.com/products/desktop-central/remote-code-execution.html",
|
||||||
|
"refsource": "CONFIRM",
|
||||||
|
"url": "https://www.manageengine.com/products/desktop-central/remote-code-execution.html"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "42358",
|
||||||
|
"refsource": "EXPLOIT-DB",
|
||||||
|
"url": "https://www.exploit-db.com/exploits/42358/"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
}
|
@ -1,72 +1,72 @@
|
|||||||
{
|
{
|
||||||
"CVE_data_meta" : {
|
"CVE_data_meta": {
|
||||||
"ASSIGNER" : "cve@mitre.org",
|
"ASSIGNER": "cve@mitre.org",
|
||||||
"ID" : "CVE-2017-11466",
|
"ID": "CVE-2017-11466",
|
||||||
"STATE" : "PUBLIC"
|
"STATE": "PUBLIC"
|
||||||
},
|
},
|
||||||
"affects" : {
|
"affects": {
|
||||||
"vendor" : {
|
"vendor": {
|
||||||
"vendor_data" : [
|
"vendor_data": [
|
||||||
{
|
{
|
||||||
"product" : {
|
"product": {
|
||||||
"product_data" : [
|
"product_data": [
|
||||||
{
|
{
|
||||||
"product_name" : "n/a",
|
"product_name": "n/a",
|
||||||
"version" : {
|
"version": {
|
||||||
"version_data" : [
|
"version_data": [
|
||||||
{
|
{
|
||||||
"version_value" : "n/a"
|
"version_value": "n/a"
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"vendor_name" : "n/a"
|
"vendor_name": "n/a"
|
||||||
}
|
}
|
||||||
]
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"data_format" : "MITRE",
|
|
||||||
"data_type" : "CVE",
|
|
||||||
"data_version" : "4.0",
|
|
||||||
"description" : {
|
|
||||||
"description_data" : [
|
|
||||||
{
|
|
||||||
"lang" : "eng",
|
|
||||||
"value" : "Arbitrary file upload vulnerability in com/dotmarketing/servlets/AjaxFileUploadServlet.class in dotCMS 4.1.1 allows remote authenticated administrators to upload .jsp files to arbitrary locations via directory traversal sequences in the fieldName parameter to servlets/ajax_file_upload. This results in arbitrary code execution by requesting the .jsp file at a /assets URI."
|
|
||||||
}
|
|
||||||
]
|
|
||||||
},
|
|
||||||
"problemtype" : {
|
|
||||||
"problemtype_data" : [
|
|
||||||
{
|
|
||||||
"description" : [
|
|
||||||
{
|
|
||||||
"lang" : "eng",
|
|
||||||
"value" : "n/a"
|
|
||||||
}
|
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
]
|
},
|
||||||
},
|
"data_format": "MITRE",
|
||||||
"references" : {
|
"data_type": "CVE",
|
||||||
"reference_data" : [
|
"data_version": "4.0",
|
||||||
{
|
"description": {
|
||||||
"name" : "http://seclists.org/fulldisclosure/2017/Jul/33",
|
"description_data": [
|
||||||
"refsource" : "MISC",
|
{
|
||||||
"url" : "http://seclists.org/fulldisclosure/2017/Jul/33"
|
"lang": "eng",
|
||||||
},
|
"value": "Arbitrary file upload vulnerability in com/dotmarketing/servlets/AjaxFileUploadServlet.class in dotCMS 4.1.1 allows remote authenticated administrators to upload .jsp files to arbitrary locations via directory traversal sequences in the fieldName parameter to servlets/ajax_file_upload. This results in arbitrary code execution by requesting the .jsp file at a /assets URI."
|
||||||
{
|
}
|
||||||
"name" : "https://github.com/dotCMS/core/issues/12131",
|
]
|
||||||
"refsource" : "MISC",
|
},
|
||||||
"url" : "https://github.com/dotCMS/core/issues/12131"
|
"problemtype": {
|
||||||
},
|
"problemtype_data": [
|
||||||
{
|
{
|
||||||
"name" : "https://packetstormsecurity.com/files/143383/dotcms411-shell.txt",
|
"description": [
|
||||||
"refsource" : "MISC",
|
{
|
||||||
"url" : "https://packetstormsecurity.com/files/143383/dotcms411-shell.txt"
|
"lang": "eng",
|
||||||
}
|
"value": "n/a"
|
||||||
]
|
}
|
||||||
}
|
]
|
||||||
}
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"references": {
|
||||||
|
"reference_data": [
|
||||||
|
{
|
||||||
|
"name": "http://seclists.org/fulldisclosure/2017/Jul/33",
|
||||||
|
"refsource": "MISC",
|
||||||
|
"url": "http://seclists.org/fulldisclosure/2017/Jul/33"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "https://github.com/dotCMS/core/issues/12131",
|
||||||
|
"refsource": "MISC",
|
||||||
|
"url": "https://github.com/dotCMS/core/issues/12131"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "https://packetstormsecurity.com/files/143383/dotcms411-shell.txt",
|
||||||
|
"refsource": "MISC",
|
||||||
|
"url": "https://packetstormsecurity.com/files/143383/dotcms411-shell.txt"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
}
|
@ -1,73 +1,73 @@
|
|||||||
{
|
{
|
||||||
"CVE_data_meta" : {
|
"CVE_data_meta": {
|
||||||
"ASSIGNER" : "secure@microsoft.com",
|
"ASSIGNER": "secure@microsoft.com",
|
||||||
"DATE_PUBLIC" : "2017-11-14T00:00:00",
|
"DATE_PUBLIC": "2017-11-14T00:00:00",
|
||||||
"ID" : "CVE-2017-11847",
|
"ID": "CVE-2017-11847",
|
||||||
"STATE" : "PUBLIC"
|
"STATE": "PUBLIC"
|
||||||
},
|
},
|
||||||
"affects" : {
|
"affects": {
|
||||||
"vendor" : {
|
"vendor": {
|
||||||
"vendor_data" : [
|
"vendor_data": [
|
||||||
{
|
{
|
||||||
"product" : {
|
"product": {
|
||||||
"product_data" : [
|
"product_data": [
|
||||||
{
|
{
|
||||||
"product_name" : "Windows kernel",
|
"product_name": "Windows kernel",
|
||||||
"version" : {
|
"version": {
|
||||||
"version_data" : [
|
"version_data": [
|
||||||
{
|
{
|
||||||
"version_value" : "Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and RT1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016, and Windows Server, version 1709"
|
"version_value": "Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and RT1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016, and Windows Server, version 1709"
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"vendor_name" : "Microsoft Corporation"
|
"vendor_name": "Microsoft Corporation"
|
||||||
}
|
}
|
||||||
]
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"data_format" : "MITRE",
|
|
||||||
"data_type" : "CVE",
|
|
||||||
"data_version" : "4.0",
|
|
||||||
"description" : {
|
|
||||||
"description_data" : [
|
|
||||||
{
|
|
||||||
"lang" : "eng",
|
|
||||||
"value" : "Windows kernel in Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and RT1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016, and Windows Server, version 1709 allows an attacker to run arbitrary code in kernel mode, install programs, view, change or delete data, and create new accounts with full user rights due to improperly handing objects in memory, aka \"Windows Kernel Elevation of Privilege Vulnerability\"."
|
|
||||||
}
|
|
||||||
]
|
|
||||||
},
|
|
||||||
"problemtype" : {
|
|
||||||
"problemtype_data" : [
|
|
||||||
{
|
|
||||||
"description" : [
|
|
||||||
{
|
|
||||||
"lang" : "eng",
|
|
||||||
"value" : "Elevation of Privilege"
|
|
||||||
}
|
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
]
|
},
|
||||||
},
|
"data_format": "MITRE",
|
||||||
"references" : {
|
"data_type": "CVE",
|
||||||
"reference_data" : [
|
"data_version": "4.0",
|
||||||
{
|
"description": {
|
||||||
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11847",
|
"description_data": [
|
||||||
"refsource" : "CONFIRM",
|
{
|
||||||
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11847"
|
"lang": "eng",
|
||||||
},
|
"value": "Windows kernel in Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and RT1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016, and Windows Server, version 1709 allows an attacker to run arbitrary code in kernel mode, install programs, view, change or delete data, and create new accounts with full user rights due to improperly handing objects in memory, aka \"Windows Kernel Elevation of Privilege Vulnerability\"."
|
||||||
{
|
}
|
||||||
"name" : "101729",
|
]
|
||||||
"refsource" : "BID",
|
},
|
||||||
"url" : "http://www.securityfocus.com/bid/101729"
|
"problemtype": {
|
||||||
},
|
"problemtype_data": [
|
||||||
{
|
{
|
||||||
"name" : "1039782",
|
"description": [
|
||||||
"refsource" : "SECTRACK",
|
{
|
||||||
"url" : "http://www.securitytracker.com/id/1039782"
|
"lang": "eng",
|
||||||
}
|
"value": "Elevation of Privilege"
|
||||||
]
|
}
|
||||||
}
|
]
|
||||||
}
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"references": {
|
||||||
|
"reference_data": [
|
||||||
|
{
|
||||||
|
"name": "1039782",
|
||||||
|
"refsource": "SECTRACK",
|
||||||
|
"url": "http://www.securitytracker.com/id/1039782"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "101729",
|
||||||
|
"refsource": "BID",
|
||||||
|
"url": "http://www.securityfocus.com/bid/101729"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11847",
|
||||||
|
"refsource": "CONFIRM",
|
||||||
|
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11847"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
}
|
@ -1,73 +1,73 @@
|
|||||||
{
|
{
|
||||||
"CVE_data_meta" : {
|
"CVE_data_meta": {
|
||||||
"ASSIGNER" : "secure@microsoft.com",
|
"ASSIGNER": "secure@microsoft.com",
|
||||||
"DATE_PUBLIC" : "2017-11-14T00:00:00",
|
"DATE_PUBLIC": "2017-11-14T00:00:00",
|
||||||
"ID" : "CVE-2017-11877",
|
"ID": "CVE-2017-11877",
|
||||||
"STATE" : "PUBLIC"
|
"STATE": "PUBLIC"
|
||||||
},
|
},
|
||||||
"affects" : {
|
"affects": {
|
||||||
"vendor" : {
|
"vendor": {
|
||||||
"vendor_data" : [
|
"vendor_data": [
|
||||||
{
|
{
|
||||||
"product" : {
|
"product": {
|
||||||
"product_data" : [
|
"product_data": [
|
||||||
{
|
{
|
||||||
"product_name" : "Microsoft Office",
|
"product_name": "Microsoft Office",
|
||||||
"version" : {
|
"version": {
|
||||||
"version_data" : [
|
"version_data": [
|
||||||
{
|
{
|
||||||
"version_value" : "Microsoft Excel 2007 Service Pack 3, Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Service Pack 1, Microsoft Excel 2013 RT Service Pack 1, Microsoft Excel 2016, Microsoft Office Compatibility Pack Service Pack 3, Microsoft Excel Viewer 2007 Service Pack 3, and Microsoft Excel 2016 for Mac"
|
"version_value": "Microsoft Excel 2007 Service Pack 3, Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Service Pack 1, Microsoft Excel 2013 RT Service Pack 1, Microsoft Excel 2016, Microsoft Office Compatibility Pack Service Pack 3, Microsoft Excel Viewer 2007 Service Pack 3, and Microsoft Excel 2016 for Mac"
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"vendor_name" : "Microsoft Corporation"
|
"vendor_name": "Microsoft Corporation"
|
||||||
}
|
}
|
||||||
]
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"data_format" : "MITRE",
|
|
||||||
"data_type" : "CVE",
|
|
||||||
"data_version" : "4.0",
|
|
||||||
"description" : {
|
|
||||||
"description_data" : [
|
|
||||||
{
|
|
||||||
"lang" : "eng",
|
|
||||||
"value" : "Microsoft Excel 2007 Service Pack 3, Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Service Pack 1, Microsoft Excel 2013 RT Service Pack 1, Microsoft Excel 2016, Microsoft Office Compatibility Pack Service Pack 3, Microsoft Excel Viewer 2007 Service Pack 3, and Microsoft Excel 2016 for Mac allow a security feature bypass by not enforcing macro settings on an Excel document, aka \"Microsoft Excel Security Feature Bypass Vulnerability\"."
|
|
||||||
}
|
|
||||||
]
|
|
||||||
},
|
|
||||||
"problemtype" : {
|
|
||||||
"problemtype_data" : [
|
|
||||||
{
|
|
||||||
"description" : [
|
|
||||||
{
|
|
||||||
"lang" : "eng",
|
|
||||||
"value" : "Security Feature Bypass"
|
|
||||||
}
|
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
]
|
},
|
||||||
},
|
"data_format": "MITRE",
|
||||||
"references" : {
|
"data_type": "CVE",
|
||||||
"reference_data" : [
|
"data_version": "4.0",
|
||||||
{
|
"description": {
|
||||||
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11877",
|
"description_data": [
|
||||||
"refsource" : "CONFIRM",
|
{
|
||||||
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11877"
|
"lang": "eng",
|
||||||
},
|
"value": "Microsoft Excel 2007 Service Pack 3, Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Service Pack 1, Microsoft Excel 2013 RT Service Pack 1, Microsoft Excel 2016, Microsoft Office Compatibility Pack Service Pack 3, Microsoft Excel Viewer 2007 Service Pack 3, and Microsoft Excel 2016 for Mac allow a security feature bypass by not enforcing macro settings on an Excel document, aka \"Microsoft Excel Security Feature Bypass Vulnerability\"."
|
||||||
{
|
}
|
||||||
"name" : "101747",
|
]
|
||||||
"refsource" : "BID",
|
},
|
||||||
"url" : "http://www.securityfocus.com/bid/101747"
|
"problemtype": {
|
||||||
},
|
"problemtype_data": [
|
||||||
{
|
{
|
||||||
"name" : "1039783",
|
"description": [
|
||||||
"refsource" : "SECTRACK",
|
{
|
||||||
"url" : "http://www.securitytracker.com/id/1039783"
|
"lang": "eng",
|
||||||
}
|
"value": "Security Feature Bypass"
|
||||||
]
|
}
|
||||||
}
|
]
|
||||||
}
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"references": {
|
||||||
|
"reference_data": [
|
||||||
|
{
|
||||||
|
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11877",
|
||||||
|
"refsource": "CONFIRM",
|
||||||
|
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11877"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "1039783",
|
||||||
|
"refsource": "SECTRACK",
|
||||||
|
"url": "http://www.securitytracker.com/id/1039783"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "101747",
|
||||||
|
"refsource": "BID",
|
||||||
|
"url": "http://www.securityfocus.com/bid/101747"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
}
|
@ -1,72 +1,72 @@
|
|||||||
{
|
{
|
||||||
"CVE_data_meta" : {
|
"CVE_data_meta": {
|
||||||
"ASSIGNER" : "cve@mitre.org",
|
"ASSIGNER": "cve@mitre.org",
|
||||||
"ID" : "CVE-2017-15012",
|
"ID": "CVE-2017-15012",
|
||||||
"STATE" : "PUBLIC"
|
"STATE": "PUBLIC"
|
||||||
},
|
},
|
||||||
"affects" : {
|
"affects": {
|
||||||
"vendor" : {
|
"vendor": {
|
||||||
"vendor_data" : [
|
"vendor_data": [
|
||||||
{
|
{
|
||||||
"product" : {
|
"product": {
|
||||||
"product_data" : [
|
"product_data": [
|
||||||
{
|
{
|
||||||
"product_name" : "n/a",
|
"product_name": "n/a",
|
||||||
"version" : {
|
"version": {
|
||||||
"version_data" : [
|
"version_data": [
|
||||||
{
|
{
|
||||||
"version_value" : "n/a"
|
"version_value": "n/a"
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"vendor_name" : "n/a"
|
"vendor_name": "n/a"
|
||||||
}
|
}
|
||||||
]
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"data_format" : "MITRE",
|
|
||||||
"data_type" : "CVE",
|
|
||||||
"data_version" : "4.0",
|
|
||||||
"description" : {
|
|
||||||
"description_data" : [
|
|
||||||
{
|
|
||||||
"lang" : "eng",
|
|
||||||
"value" : "OpenText Documentum Content Server (formerly EMC Documentum Content Server) through 7.3 does not properly validate the input of the PUT_FILE RPC-command, which allows any authenticated user to hijack an arbitrary file from the Content Server filesystem; because some files on the Content Server filesystem are security-sensitive, this leads to privilege escalation."
|
|
||||||
}
|
|
||||||
]
|
|
||||||
},
|
|
||||||
"problemtype" : {
|
|
||||||
"problemtype_data" : [
|
|
||||||
{
|
|
||||||
"description" : [
|
|
||||||
{
|
|
||||||
"lang" : "eng",
|
|
||||||
"value" : "n/a"
|
|
||||||
}
|
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
]
|
},
|
||||||
},
|
"data_format": "MITRE",
|
||||||
"references" : {
|
"data_type": "CVE",
|
||||||
"reference_data" : [
|
"data_version": "4.0",
|
||||||
{
|
"description": {
|
||||||
"name" : "43003",
|
"description_data": [
|
||||||
"refsource" : "EXPLOIT-DB",
|
{
|
||||||
"url" : "https://www.exploit-db.com/exploits/43003/"
|
"lang": "eng",
|
||||||
},
|
"value": "OpenText Documentum Content Server (formerly EMC Documentum Content Server) through 7.3 does not properly validate the input of the PUT_FILE RPC-command, which allows any authenticated user to hijack an arbitrary file from the Content Server filesystem; because some files on the Content Server filesystem are security-sensitive, this leads to privilege escalation."
|
||||||
{
|
}
|
||||||
"name" : "http://seclists.org/bugtraq/2017/Oct/19",
|
]
|
||||||
"refsource" : "MISC",
|
},
|
||||||
"url" : "http://seclists.org/bugtraq/2017/Oct/19"
|
"problemtype": {
|
||||||
},
|
"problemtype_data": [
|
||||||
{
|
{
|
||||||
"name" : "101639",
|
"description": [
|
||||||
"refsource" : "BID",
|
{
|
||||||
"url" : "http://www.securityfocus.com/bid/101639"
|
"lang": "eng",
|
||||||
}
|
"value": "n/a"
|
||||||
]
|
}
|
||||||
}
|
]
|
||||||
}
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"references": {
|
||||||
|
"reference_data": [
|
||||||
|
{
|
||||||
|
"name": "43003",
|
||||||
|
"refsource": "EXPLOIT-DB",
|
||||||
|
"url": "https://www.exploit-db.com/exploits/43003/"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "101639",
|
||||||
|
"refsource": "BID",
|
||||||
|
"url": "http://www.securityfocus.com/bid/101639"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "http://seclists.org/bugtraq/2017/Oct/19",
|
||||||
|
"refsource": "MISC",
|
||||||
|
"url": "http://seclists.org/bugtraq/2017/Oct/19"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
}
|
@ -1,67 +1,67 @@
|
|||||||
{
|
{
|
||||||
"CVE_data_meta" : {
|
"CVE_data_meta": {
|
||||||
"ASSIGNER" : "cve@mitre.org",
|
"ASSIGNER": "cve@mitre.org",
|
||||||
"ID" : "CVE-2017-15628",
|
"ID": "CVE-2017-15628",
|
||||||
"STATE" : "PUBLIC"
|
"STATE": "PUBLIC"
|
||||||
},
|
},
|
||||||
"affects" : {
|
"affects": {
|
||||||
"vendor" : {
|
"vendor": {
|
||||||
"vendor_data" : [
|
"vendor_data": [
|
||||||
{
|
{
|
||||||
"product" : {
|
"product": {
|
||||||
"product_data" : [
|
"product_data": [
|
||||||
{
|
{
|
||||||
"product_name" : "n/a",
|
"product_name": "n/a",
|
||||||
"version" : {
|
"version": {
|
||||||
"version_data" : [
|
"version_data": [
|
||||||
{
|
{
|
||||||
"version_value" : "n/a"
|
"version_value": "n/a"
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"vendor_name" : "n/a"
|
"vendor_name": "n/a"
|
||||||
}
|
}
|
||||||
]
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"data_format" : "MITRE",
|
|
||||||
"data_type" : "CVE",
|
|
||||||
"data_version" : "4.0",
|
|
||||||
"description" : {
|
|
||||||
"description_data" : [
|
|
||||||
{
|
|
||||||
"lang" : "eng",
|
|
||||||
"value" : "TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the lcpechointerval variable in the pptp_server.lua file."
|
|
||||||
}
|
|
||||||
]
|
|
||||||
},
|
|
||||||
"problemtype" : {
|
|
||||||
"problemtype_data" : [
|
|
||||||
{
|
|
||||||
"description" : [
|
|
||||||
{
|
|
||||||
"lang" : "eng",
|
|
||||||
"value" : "n/a"
|
|
||||||
}
|
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
]
|
},
|
||||||
},
|
"data_format": "MITRE",
|
||||||
"references" : {
|
"data_type": "CVE",
|
||||||
"reference_data" : [
|
"data_version": "4.0",
|
||||||
{
|
"description": {
|
||||||
"name" : "20180110 Multiple vulnerabilities in TP-Link products(CVE-2017-15613 to CVE-2017-15637)",
|
"description_data": [
|
||||||
"refsource" : "BUGTRAQ",
|
{
|
||||||
"url" : "http://www.securityfocus.com/archive/1/541655/100/0/threaded"
|
"lang": "eng",
|
||||||
},
|
"value": "TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the lcpechointerval variable in the pptp_server.lua file."
|
||||||
{
|
}
|
||||||
"name" : "https://github.com/chunibalon/Vulnerability/blob/master/CVE-2017-15613_to_CVE-2017-15637.txt",
|
]
|
||||||
"refsource" : "MISC",
|
},
|
||||||
"url" : "https://github.com/chunibalon/Vulnerability/blob/master/CVE-2017-15613_to_CVE-2017-15637.txt"
|
"problemtype": {
|
||||||
}
|
"problemtype_data": [
|
||||||
]
|
{
|
||||||
}
|
"description": [
|
||||||
}
|
{
|
||||||
|
"lang": "eng",
|
||||||
|
"value": "n/a"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"references": {
|
||||||
|
"reference_data": [
|
||||||
|
{
|
||||||
|
"name": "https://github.com/chunibalon/Vulnerability/blob/master/CVE-2017-15613_to_CVE-2017-15637.txt",
|
||||||
|
"refsource": "MISC",
|
||||||
|
"url": "https://github.com/chunibalon/Vulnerability/blob/master/CVE-2017-15613_to_CVE-2017-15637.txt"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "20180110 Multiple vulnerabilities in TP-Link products(CVE-2017-15613 to CVE-2017-15637)",
|
||||||
|
"refsource": "BUGTRAQ",
|
||||||
|
"url": "http://www.securityfocus.com/archive/1/541655/100/0/threaded"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
}
|
@ -1,62 +1,62 @@
|
|||||||
{
|
{
|
||||||
"CVE_data_meta" : {
|
"CVE_data_meta": {
|
||||||
"ASSIGNER" : "cve@mitre.org",
|
"ASSIGNER": "cve@mitre.org",
|
||||||
"ID" : "CVE-2017-15987",
|
"ID": "CVE-2017-15987",
|
||||||
"STATE" : "PUBLIC"
|
"STATE": "PUBLIC"
|
||||||
},
|
},
|
||||||
"affects" : {
|
"affects": {
|
||||||
"vendor" : {
|
"vendor": {
|
||||||
"vendor_data" : [
|
"vendor_data": [
|
||||||
{
|
{
|
||||||
"product" : {
|
"product": {
|
||||||
"product_data" : [
|
"product_data": [
|
||||||
{
|
{
|
||||||
"product_name" : "n/a",
|
"product_name": "n/a",
|
||||||
"version" : {
|
"version": {
|
||||||
"version_data" : [
|
"version_data": [
|
||||||
{
|
{
|
||||||
"version_value" : "n/a"
|
"version_value": "n/a"
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"vendor_name" : "n/a"
|
"vendor_name": "n/a"
|
||||||
}
|
}
|
||||||
]
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"data_format" : "MITRE",
|
|
||||||
"data_type" : "CVE",
|
|
||||||
"data_version" : "4.0",
|
|
||||||
"description" : {
|
|
||||||
"description_data" : [
|
|
||||||
{
|
|
||||||
"lang" : "eng",
|
|
||||||
"value" : "Fake Magazine Cover Script allows SQL Injection via the rate.php value parameter or the content.php id parameter."
|
|
||||||
}
|
|
||||||
]
|
|
||||||
},
|
|
||||||
"problemtype" : {
|
|
||||||
"problemtype_data" : [
|
|
||||||
{
|
|
||||||
"description" : [
|
|
||||||
{
|
|
||||||
"lang" : "eng",
|
|
||||||
"value" : "n/a"
|
|
||||||
}
|
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
]
|
},
|
||||||
},
|
"data_format": "MITRE",
|
||||||
"references" : {
|
"data_type": "CVE",
|
||||||
"reference_data" : [
|
"data_version": "4.0",
|
||||||
{
|
"description": {
|
||||||
"name" : "43072",
|
"description_data": [
|
||||||
"refsource" : "EXPLOIT-DB",
|
{
|
||||||
"url" : "https://www.exploit-db.com/exploits/43072/"
|
"lang": "eng",
|
||||||
}
|
"value": "Fake Magazine Cover Script allows SQL Injection via the rate.php value parameter or the content.php id parameter."
|
||||||
]
|
}
|
||||||
}
|
]
|
||||||
}
|
},
|
||||||
|
"problemtype": {
|
||||||
|
"problemtype_data": [
|
||||||
|
{
|
||||||
|
"description": [
|
||||||
|
{
|
||||||
|
"lang": "eng",
|
||||||
|
"value": "n/a"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"references": {
|
||||||
|
"reference_data": [
|
||||||
|
{
|
||||||
|
"name": "43072",
|
||||||
|
"refsource": "EXPLOIT-DB",
|
||||||
|
"url": "https://www.exploit-db.com/exploits/43072/"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
}
|
@ -1,90 +1,90 @@
|
|||||||
{
|
{
|
||||||
"CVE_data_meta" : {
|
"CVE_data_meta": {
|
||||||
"ASSIGNER" : "secalert_us@oracle.com",
|
"ASSIGNER": "secalert_us@oracle.com",
|
||||||
"ID" : "CVE-2017-3415",
|
"ID": "CVE-2017-3415",
|
||||||
"STATE" : "PUBLIC"
|
"STATE": "PUBLIC"
|
||||||
},
|
},
|
||||||
"affects" : {
|
"affects": {
|
||||||
"vendor" : {
|
"vendor": {
|
||||||
"vendor_data" : [
|
"vendor_data": [
|
||||||
{
|
{
|
||||||
"product" : {
|
"product": {
|
||||||
"product_data" : [
|
"product_data": [
|
||||||
{
|
{
|
||||||
"product_name" : "Universal Work Queue",
|
"product_name": "Universal Work Queue",
|
||||||
"version" : {
|
"version": {
|
||||||
"version_data" : [
|
"version_data": [
|
||||||
{
|
{
|
||||||
"version_value" : "12.1.1"
|
"version_value": "12.1.1"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"version_value" : "12.1.2"
|
"version_value": "12.1.2"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"version_value" : "12.1.3"
|
"version_value": "12.1.3"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"version_value" : "12.2.3"
|
"version_value": "12.2.3"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"version_value" : "12.2.4"
|
"version_value": "12.2.4"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"version_value" : "12.2.5"
|
"version_value": "12.2.5"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"version_value" : "12.2.6"
|
"version_value": "12.2.6"
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"vendor_name" : "Oracle"
|
"vendor_name": "Oracle"
|
||||||
}
|
}
|
||||||
]
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"data_format" : "MITRE",
|
|
||||||
"data_type" : "CVE",
|
|
||||||
"data_version" : "4.0",
|
|
||||||
"description" : {
|
|
||||||
"description_data" : [
|
|
||||||
{
|
|
||||||
"lang" : "eng",
|
|
||||||
"value" : "Vulnerability in the Oracle Universal Work Queue component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Universal Work Queue. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Universal Work Queue, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Universal Work Queue accessible data as well as unauthorized update, insert or delete access to some of Oracle Universal Work Queue accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts)."
|
|
||||||
}
|
|
||||||
]
|
|
||||||
},
|
|
||||||
"problemtype" : {
|
|
||||||
"problemtype_data" : [
|
|
||||||
{
|
|
||||||
"description" : [
|
|
||||||
{
|
|
||||||
"lang" : "eng",
|
|
||||||
"value" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N"
|
|
||||||
}
|
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
]
|
},
|
||||||
},
|
"data_format": "MITRE",
|
||||||
"references" : {
|
"data_type": "CVE",
|
||||||
"reference_data" : [
|
"data_version": "4.0",
|
||||||
{
|
"description": {
|
||||||
"name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html",
|
"description_data": [
|
||||||
"refsource" : "CONFIRM",
|
{
|
||||||
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html"
|
"lang": "eng",
|
||||||
},
|
"value": "Vulnerability in the Oracle Universal Work Queue component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Universal Work Queue. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Universal Work Queue, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Universal Work Queue accessible data as well as unauthorized update, insert or delete access to some of Oracle Universal Work Queue accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts)."
|
||||||
{
|
}
|
||||||
"name" : "95487",
|
]
|
||||||
"refsource" : "BID",
|
},
|
||||||
"url" : "http://www.securityfocus.com/bid/95487"
|
"problemtype": {
|
||||||
},
|
"problemtype_data": [
|
||||||
{
|
{
|
||||||
"name" : "1037639",
|
"description": [
|
||||||
"refsource" : "SECTRACK",
|
{
|
||||||
"url" : "http://www.securitytracker.com/id/1037639"
|
"lang": "eng",
|
||||||
}
|
"value": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N"
|
||||||
]
|
}
|
||||||
}
|
]
|
||||||
}
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"references": {
|
||||||
|
"reference_data": [
|
||||||
|
{
|
||||||
|
"name": "95487",
|
||||||
|
"refsource": "BID",
|
||||||
|
"url": "http://www.securityfocus.com/bid/95487"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "1037639",
|
||||||
|
"refsource": "SECTRACK",
|
||||||
|
"url": "http://www.securitytracker.com/id/1037639"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html",
|
||||||
|
"refsource": "CONFIRM",
|
||||||
|
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
}
|
@ -1,63 +1,63 @@
|
|||||||
{
|
{
|
||||||
"CVE_data_meta" : {
|
"CVE_data_meta": {
|
||||||
"ASSIGNER" : "psirt@huawei.com",
|
"ASSIGNER": "psirt@huawei.com",
|
||||||
"DATE_PUBLIC" : "2017-11-15T00:00:00",
|
"DATE_PUBLIC": "2017-11-15T00:00:00",
|
||||||
"ID" : "CVE-2017-8167",
|
"ID": "CVE-2017-8167",
|
||||||
"STATE" : "PUBLIC"
|
"STATE": "PUBLIC"
|
||||||
},
|
},
|
||||||
"affects" : {
|
"affects": {
|
||||||
"vendor" : {
|
"vendor": {
|
||||||
"vendor_data" : [
|
"vendor_data": [
|
||||||
{
|
{
|
||||||
"product" : {
|
"product": {
|
||||||
"product_data" : [
|
"product_data": [
|
||||||
{
|
{
|
||||||
"product_name" : "USG9500",
|
"product_name": "USG9500",
|
||||||
"version" : {
|
"version": {
|
||||||
"version_data" : [
|
"version_data": [
|
||||||
{
|
{
|
||||||
"version_value" : "V500R001C50"
|
"version_value": "V500R001C50"
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"vendor_name" : "Huawei Technologies Co., Ltd."
|
"vendor_name": "Huawei Technologies Co., Ltd."
|
||||||
}
|
}
|
||||||
]
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"data_format" : "MITRE",
|
|
||||||
"data_type" : "CVE",
|
|
||||||
"data_version" : "4.0",
|
|
||||||
"description" : {
|
|
||||||
"description_data" : [
|
|
||||||
{
|
|
||||||
"lang" : "eng",
|
|
||||||
"value" : "Huawei firewall products USG9500 V500R001C50 has a DoS vulnerability.A remote attacker who controls the peer device could exploit the vulnerability by sending malformed IKE packets to the target device. Successful exploit of the vulnerability could cause the device to restart."
|
|
||||||
}
|
|
||||||
]
|
|
||||||
},
|
|
||||||
"problemtype" : {
|
|
||||||
"problemtype_data" : [
|
|
||||||
{
|
|
||||||
"description" : [
|
|
||||||
{
|
|
||||||
"lang" : "eng",
|
|
||||||
"value" : "DoS"
|
|
||||||
}
|
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
]
|
},
|
||||||
},
|
"data_format": "MITRE",
|
||||||
"references" : {
|
"data_type": "CVE",
|
||||||
"reference_data" : [
|
"data_version": "4.0",
|
||||||
{
|
"description": {
|
||||||
"name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171025-01-firewall-en",
|
"description_data": [
|
||||||
"refsource" : "CONFIRM",
|
{
|
||||||
"url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171025-01-firewall-en"
|
"lang": "eng",
|
||||||
}
|
"value": "Huawei firewall products USG9500 V500R001C50 has a DoS vulnerability.A remote attacker who controls the peer device could exploit the vulnerability by sending malformed IKE packets to the target device. Successful exploit of the vulnerability could cause the device to restart."
|
||||||
]
|
}
|
||||||
}
|
]
|
||||||
}
|
},
|
||||||
|
"problemtype": {
|
||||||
|
"problemtype_data": [
|
||||||
|
{
|
||||||
|
"description": [
|
||||||
|
{
|
||||||
|
"lang": "eng",
|
||||||
|
"value": "DoS"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"references": {
|
||||||
|
"reference_data": [
|
||||||
|
{
|
||||||
|
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171025-01-firewall-en",
|
||||||
|
"refsource": "CONFIRM",
|
||||||
|
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171025-01-firewall-en"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
}
|
@ -1,18 +1,18 @@
|
|||||||
{
|
{
|
||||||
"CVE_data_meta" : {
|
"CVE_data_meta": {
|
||||||
"ASSIGNER" : "cve@mitre.org",
|
"ASSIGNER": "cve@mitre.org",
|
||||||
"ID" : "CVE-2017-8249",
|
"ID": "CVE-2017-8249",
|
||||||
"STATE" : "RESERVED"
|
"STATE": "RESERVED"
|
||||||
},
|
},
|
||||||
"data_format" : "MITRE",
|
"data_format": "MITRE",
|
||||||
"data_type" : "CVE",
|
"data_type": "CVE",
|
||||||
"data_version" : "4.0",
|
"data_version": "4.0",
|
||||||
"description" : {
|
"description": {
|
||||||
"description_data" : [
|
"description_data": [
|
||||||
{
|
{
|
||||||
"lang" : "eng",
|
"lang": "eng",
|
||||||
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
}
|
}
|
@ -1,68 +1,68 @@
|
|||||||
{
|
{
|
||||||
"CVE_data_meta" : {
|
"CVE_data_meta": {
|
||||||
"ASSIGNER" : "product-security@qualcomm.com",
|
"ASSIGNER": "product-security@qualcomm.com",
|
||||||
"DATE_PUBLIC" : "2017-07-01T00:00:00",
|
"DATE_PUBLIC": "2017-07-01T00:00:00",
|
||||||
"ID" : "CVE-2017-8270",
|
"ID": "CVE-2017-8270",
|
||||||
"STATE" : "PUBLIC"
|
"STATE": "PUBLIC"
|
||||||
},
|
},
|
||||||
"affects" : {
|
"affects": {
|
||||||
"vendor" : {
|
"vendor": {
|
||||||
"vendor_data" : [
|
"vendor_data": [
|
||||||
{
|
{
|
||||||
"product" : {
|
"product": {
|
||||||
"product_data" : [
|
"product_data": [
|
||||||
{
|
{
|
||||||
"product_name" : "All Qualcomm products",
|
"product_name": "All Qualcomm products",
|
||||||
"version" : {
|
"version": {
|
||||||
"version_data" : [
|
"version_data": [
|
||||||
{
|
{
|
||||||
"version_value" : "All Android releases from CAF using the Linux kernel"
|
"version_value": "All Android releases from CAF using the Linux kernel"
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"vendor_name" : "Qualcomm, Inc."
|
"vendor_name": "Qualcomm, Inc."
|
||||||
}
|
}
|
||||||
]
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"data_format" : "MITRE",
|
|
||||||
"data_type" : "CVE",
|
|
||||||
"data_version" : "4.0",
|
|
||||||
"description" : {
|
|
||||||
"description_data" : [
|
|
||||||
{
|
|
||||||
"lang" : "eng",
|
|
||||||
"value" : "In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition exists in a driver potentially leading to a use-after-free condition."
|
|
||||||
}
|
|
||||||
]
|
|
||||||
},
|
|
||||||
"problemtype" : {
|
|
||||||
"problemtype_data" : [
|
|
||||||
{
|
|
||||||
"description" : [
|
|
||||||
{
|
|
||||||
"lang" : "eng",
|
|
||||||
"value" : "Use After Free in WLAN"
|
|
||||||
}
|
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
]
|
},
|
||||||
},
|
"data_format": "MITRE",
|
||||||
"references" : {
|
"data_type": "CVE",
|
||||||
"reference_data" : [
|
"data_version": "4.0",
|
||||||
{
|
"description": {
|
||||||
"name" : "https://source.android.com/security/bulletin/2017-07-01",
|
"description_data": [
|
||||||
"refsource" : "CONFIRM",
|
{
|
||||||
"url" : "https://source.android.com/security/bulletin/2017-07-01"
|
"lang": "eng",
|
||||||
},
|
"value": "In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition exists in a driver potentially leading to a use-after-free condition."
|
||||||
{
|
}
|
||||||
"name" : "99465",
|
]
|
||||||
"refsource" : "BID",
|
},
|
||||||
"url" : "http://www.securityfocus.com/bid/99465"
|
"problemtype": {
|
||||||
}
|
"problemtype_data": [
|
||||||
]
|
{
|
||||||
}
|
"description": [
|
||||||
}
|
{
|
||||||
|
"lang": "eng",
|
||||||
|
"value": "Use After Free in WLAN"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"references": {
|
||||||
|
"reference_data": [
|
||||||
|
{
|
||||||
|
"name": "https://source.android.com/security/bulletin/2017-07-01",
|
||||||
|
"refsource": "CONFIRM",
|
||||||
|
"url": "https://source.android.com/security/bulletin/2017-07-01"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "99465",
|
||||||
|
"refsource": "BID",
|
||||||
|
"url": "http://www.securityfocus.com/bid/99465"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
}
|
@ -1,18 +1,18 @@
|
|||||||
{
|
{
|
||||||
"CVE_data_meta" : {
|
"CVE_data_meta": {
|
||||||
"ASSIGNER" : "cve@mitre.org",
|
"ASSIGNER": "cve@mitre.org",
|
||||||
"ID" : "CVE-2017-8500",
|
"ID": "CVE-2017-8500",
|
||||||
"STATE" : "RESERVED"
|
"STATE": "RESERVED"
|
||||||
},
|
},
|
||||||
"data_format" : "MITRE",
|
"data_format": "MITRE",
|
||||||
"data_type" : "CVE",
|
"data_type": "CVE",
|
||||||
"data_version" : "4.0",
|
"data_version": "4.0",
|
||||||
"description" : {
|
"description": {
|
||||||
"description_data" : [
|
"description_data": [
|
||||||
{
|
{
|
||||||
"lang" : "eng",
|
"lang": "eng",
|
||||||
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
}
|
}
|
@ -1,78 +1,78 @@
|
|||||||
{
|
{
|
||||||
"CVE_data_meta" : {
|
"CVE_data_meta": {
|
||||||
"ASSIGNER" : "secure@microsoft.com",
|
"ASSIGNER": "secure@microsoft.com",
|
||||||
"DATE_PUBLIC" : "2017-09-12T00:00:00",
|
"DATE_PUBLIC": "2017-09-12T00:00:00",
|
||||||
"ID" : "CVE-2017-8680",
|
"ID": "CVE-2017-8680",
|
||||||
"STATE" : "PUBLIC"
|
"STATE": "PUBLIC"
|
||||||
},
|
},
|
||||||
"affects" : {
|
"affects": {
|
||||||
"vendor" : {
|
"vendor": {
|
||||||
"vendor_data" : [
|
"vendor_data": [
|
||||||
{
|
{
|
||||||
"product" : {
|
"product": {
|
||||||
"product_data" : [
|
"product_data": [
|
||||||
{
|
{
|
||||||
"product_name" : "Windows kernel",
|
"product_name": "Windows kernel",
|
||||||
"version" : {
|
"version": {
|
||||||
"version_data" : [
|
"version_data": [
|
||||||
{
|
{
|
||||||
"version_value" : "Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT 8.1"
|
"version_value": "Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT 8.1"
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"vendor_name" : "Microsoft Corporation"
|
"vendor_name": "Microsoft Corporation"
|
||||||
}
|
}
|
||||||
]
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"data_format" : "MITRE",
|
|
||||||
"data_type" : "CVE",
|
|
||||||
"data_version" : "4.0",
|
|
||||||
"description" : {
|
|
||||||
"description_data" : [
|
|
||||||
{
|
|
||||||
"lang" : "eng",
|
|
||||||
"value" : "The Windows kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT 8.1 allows an information disclosure vulnerability when it improperly handles objects in memory, aka \"Win32k Information Disclosure Vulnerability\". This CVE ID is unique from CVE-2017-8678, CVE-2017-8677, CVE-2017-8681, and CVE-2017-8687."
|
|
||||||
}
|
|
||||||
]
|
|
||||||
},
|
|
||||||
"problemtype" : {
|
|
||||||
"problemtype_data" : [
|
|
||||||
{
|
|
||||||
"description" : [
|
|
||||||
{
|
|
||||||
"lang" : "eng",
|
|
||||||
"value" : "Remote Code Execution"
|
|
||||||
}
|
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
]
|
},
|
||||||
},
|
"data_format": "MITRE",
|
||||||
"references" : {
|
"data_type": "CVE",
|
||||||
"reference_data" : [
|
"data_version": "4.0",
|
||||||
{
|
"description": {
|
||||||
"name" : "42741",
|
"description_data": [
|
||||||
"refsource" : "EXPLOIT-DB",
|
{
|
||||||
"url" : "https://www.exploit-db.com/exploits/42741/"
|
"lang": "eng",
|
||||||
},
|
"value": "The Windows kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT 8.1 allows an information disclosure vulnerability when it improperly handles objects in memory, aka \"Win32k Information Disclosure Vulnerability\". This CVE ID is unique from CVE-2017-8678, CVE-2017-8677, CVE-2017-8681, and CVE-2017-8687."
|
||||||
{
|
}
|
||||||
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8680",
|
]
|
||||||
"refsource" : "CONFIRM",
|
},
|
||||||
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8680"
|
"problemtype": {
|
||||||
},
|
"problemtype_data": [
|
||||||
{
|
{
|
||||||
"name" : "100722",
|
"description": [
|
||||||
"refsource" : "BID",
|
{
|
||||||
"url" : "http://www.securityfocus.com/bid/100722"
|
"lang": "eng",
|
||||||
},
|
"value": "Remote Code Execution"
|
||||||
{
|
}
|
||||||
"name" : "1039338",
|
]
|
||||||
"refsource" : "SECTRACK",
|
}
|
||||||
"url" : "http://www.securitytracker.com/id/1039338"
|
]
|
||||||
}
|
},
|
||||||
]
|
"references": {
|
||||||
}
|
"reference_data": [
|
||||||
}
|
{
|
||||||
|
"name": "100722",
|
||||||
|
"refsource": "BID",
|
||||||
|
"url": "http://www.securityfocus.com/bid/100722"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "1039338",
|
||||||
|
"refsource": "SECTRACK",
|
||||||
|
"url": "http://www.securitytracker.com/id/1039338"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "42741",
|
||||||
|
"refsource": "EXPLOIT-DB",
|
||||||
|
"url": "https://www.exploit-db.com/exploits/42741/"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8680",
|
||||||
|
"refsource": "CONFIRM",
|
||||||
|
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8680"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
}
|
@ -1,68 +1,68 @@
|
|||||||
{
|
{
|
||||||
"CVE_data_meta" : {
|
"CVE_data_meta": {
|
||||||
"ASSIGNER" : "security-alert@hpe.com",
|
"ASSIGNER": "security-alert@hpe.com",
|
||||||
"DATE_PUBLIC" : "2017-11-13T00:00:00",
|
"DATE_PUBLIC": "2017-11-13T00:00:00",
|
||||||
"ID" : "CVE-2017-8969",
|
"ID": "CVE-2017-8969",
|
||||||
"STATE" : "PUBLIC"
|
"STATE": "PUBLIC"
|
||||||
},
|
},
|
||||||
"affects" : {
|
"affects": {
|
||||||
"vendor" : {
|
"vendor": {
|
||||||
"vendor_data" : [
|
"vendor_data": [
|
||||||
{
|
{
|
||||||
"product" : {
|
"product": {
|
||||||
"product_data" : [
|
"product_data": [
|
||||||
{
|
{
|
||||||
"product_name" : "Insight Control",
|
"product_name": "Insight Control",
|
||||||
"version" : {
|
"version": {
|
||||||
"version_data" : [
|
"version_data": [
|
||||||
{
|
{
|
||||||
"version_value" : "7.6 LR1"
|
"version_value": "7.6 LR1"
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"vendor_name" : "Hewlett Packard Enterprise"
|
"vendor_name": "Hewlett Packard Enterprise"
|
||||||
}
|
}
|
||||||
]
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"data_format" : "MITRE",
|
|
||||||
"data_type" : "CVE",
|
|
||||||
"data_version" : "4.0",
|
|
||||||
"description" : {
|
|
||||||
"description_data" : [
|
|
||||||
{
|
|
||||||
"lang" : "eng",
|
|
||||||
"value" : "An improper input validation vulnerability in HPE Insight Control version 7.6 LR1 was found."
|
|
||||||
}
|
|
||||||
]
|
|
||||||
},
|
|
||||||
"problemtype" : {
|
|
||||||
"problemtype_data" : [
|
|
||||||
{
|
|
||||||
"description" : [
|
|
||||||
{
|
|
||||||
"lang" : "eng",
|
|
||||||
"value" : "Improper Input Validation"
|
|
||||||
}
|
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
]
|
},
|
||||||
},
|
"data_format": "MITRE",
|
||||||
"references" : {
|
"data_type": "CVE",
|
||||||
"reference_data" : [
|
"data_version": "4.0",
|
||||||
{
|
"description": {
|
||||||
"name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbmu03794en_us",
|
"description_data": [
|
||||||
"refsource" : "CONFIRM",
|
{
|
||||||
"url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbmu03794en_us"
|
"lang": "eng",
|
||||||
},
|
"value": "An improper input validation vulnerability in HPE Insight Control version 7.6 LR1 was found."
|
||||||
{
|
}
|
||||||
"name" : "101883",
|
]
|
||||||
"refsource" : "BID",
|
},
|
||||||
"url" : "http://www.securityfocus.com/bid/101883"
|
"problemtype": {
|
||||||
}
|
"problemtype_data": [
|
||||||
]
|
{
|
||||||
}
|
"description": [
|
||||||
}
|
{
|
||||||
|
"lang": "eng",
|
||||||
|
"value": "Improper Input Validation"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"references": {
|
||||||
|
"reference_data": [
|
||||||
|
{
|
||||||
|
"name": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbmu03794en_us",
|
||||||
|
"refsource": "CONFIRM",
|
||||||
|
"url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbmu03794en_us"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "101883",
|
||||||
|
"refsource": "BID",
|
||||||
|
"url": "http://www.securityfocus.com/bid/101883"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
}
|
@ -1,72 +1,72 @@
|
|||||||
{
|
{
|
||||||
"CVE_data_meta" : {
|
"CVE_data_meta": {
|
||||||
"ASSIGNER" : "cve@mitre.org",
|
"ASSIGNER": "cve@mitre.org",
|
||||||
"ID" : "CVE-2018-10184",
|
"ID": "CVE-2018-10184",
|
||||||
"STATE" : "PUBLIC"
|
"STATE": "PUBLIC"
|
||||||
},
|
},
|
||||||
"affects" : {
|
"affects": {
|
||||||
"vendor" : {
|
"vendor": {
|
||||||
"vendor_data" : [
|
"vendor_data": [
|
||||||
{
|
{
|
||||||
"product" : {
|
"product": {
|
||||||
"product_data" : [
|
"product_data": [
|
||||||
{
|
{
|
||||||
"product_name" : "n/a",
|
"product_name": "n/a",
|
||||||
"version" : {
|
"version": {
|
||||||
"version_data" : [
|
"version_data": [
|
||||||
{
|
{
|
||||||
"version_value" : "n/a"
|
"version_value": "n/a"
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"vendor_name" : "n/a"
|
"vendor_name": "n/a"
|
||||||
}
|
}
|
||||||
]
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"data_format" : "MITRE",
|
|
||||||
"data_type" : "CVE",
|
|
||||||
"data_version" : "4.0",
|
|
||||||
"description" : {
|
|
||||||
"description_data" : [
|
|
||||||
{
|
|
||||||
"lang" : "eng",
|
|
||||||
"value" : "An issue was discovered in HAProxy before 1.8.8. The incoming H2 frame length was checked against the max_frame_size setting instead of being checked against the bufsize. The max_frame_size only applies to outgoing traffic and not to incoming, so if a large enough frame size is advertised in the SETTINGS frame, a wrapped frame will be defragmented into a temporary allocated buffer where the second fragment may overflow the heap by up to 16 kB. It is very unlikely that this can be exploited for code execution given that buffers are very short lived and their addresses not realistically predictable in production, but the likelihood of an immediate crash is absolutely certain."
|
|
||||||
}
|
|
||||||
]
|
|
||||||
},
|
|
||||||
"problemtype" : {
|
|
||||||
"problemtype_data" : [
|
|
||||||
{
|
|
||||||
"description" : [
|
|
||||||
{
|
|
||||||
"lang" : "eng",
|
|
||||||
"value" : "n/a"
|
|
||||||
}
|
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
]
|
},
|
||||||
},
|
"data_format": "MITRE",
|
||||||
"references" : {
|
"data_type": "CVE",
|
||||||
"reference_data" : [
|
"data_version": "4.0",
|
||||||
{
|
"description": {
|
||||||
"name" : "http://git.haproxy.org/?p=haproxy-1.8.git;a=commit;h=cd117685f0cff4f2f5577ef6a21eaae96ebd9f28",
|
"description_data": [
|
||||||
"refsource" : "CONFIRM",
|
{
|
||||||
"url" : "http://git.haproxy.org/?p=haproxy-1.8.git;a=commit;h=cd117685f0cff4f2f5577ef6a21eaae96ebd9f28"
|
"lang": "eng",
|
||||||
},
|
"value": "An issue was discovered in HAProxy before 1.8.8. The incoming H2 frame length was checked against the max_frame_size setting instead of being checked against the bufsize. The max_frame_size only applies to outgoing traffic and not to incoming, so if a large enough frame size is advertised in the SETTINGS frame, a wrapped frame will be defragmented into a temporary allocated buffer where the second fragment may overflow the heap by up to 16 kB. It is very unlikely that this can be exploited for code execution given that buffers are very short lived and their addresses not realistically predictable in production, but the likelihood of an immediate crash is absolutely certain."
|
||||||
{
|
}
|
||||||
"name" : "http://git.haproxy.org/?p=haproxy.git;a=commit;h=3f0e1ec70173593f4c2b3681b26c04a4ed5fc588",
|
]
|
||||||
"refsource" : "CONFIRM",
|
},
|
||||||
"url" : "http://git.haproxy.org/?p=haproxy.git;a=commit;h=3f0e1ec70173593f4c2b3681b26c04a4ed5fc588"
|
"problemtype": {
|
||||||
},
|
"problemtype_data": [
|
||||||
{
|
{
|
||||||
"name" : "RHSA-2018:1372",
|
"description": [
|
||||||
"refsource" : "REDHAT",
|
{
|
||||||
"url" : "https://access.redhat.com/errata/RHSA-2018:1372"
|
"lang": "eng",
|
||||||
}
|
"value": "n/a"
|
||||||
]
|
}
|
||||||
}
|
]
|
||||||
}
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"references": {
|
||||||
|
"reference_data": [
|
||||||
|
{
|
||||||
|
"name": "http://git.haproxy.org/?p=haproxy-1.8.git;a=commit;h=cd117685f0cff4f2f5577ef6a21eaae96ebd9f28",
|
||||||
|
"refsource": "CONFIRM",
|
||||||
|
"url": "http://git.haproxy.org/?p=haproxy-1.8.git;a=commit;h=cd117685f0cff4f2f5577ef6a21eaae96ebd9f28"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "RHSA-2018:1372",
|
||||||
|
"refsource": "REDHAT",
|
||||||
|
"url": "https://access.redhat.com/errata/RHSA-2018:1372"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "http://git.haproxy.org/?p=haproxy.git;a=commit;h=3f0e1ec70173593f4c2b3681b26c04a4ed5fc588",
|
||||||
|
"refsource": "CONFIRM",
|
||||||
|
"url": "http://git.haproxy.org/?p=haproxy.git;a=commit;h=3f0e1ec70173593f4c2b3681b26c04a4ed5fc588"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
}
|
@ -1,62 +1,62 @@
|
|||||||
{
|
{
|
||||||
"CVE_data_meta" : {
|
"CVE_data_meta": {
|
||||||
"ASSIGNER" : "cve@mitre.org",
|
"ASSIGNER": "cve@mitre.org",
|
||||||
"ID" : "CVE-2018-12039",
|
"ID": "CVE-2018-12039",
|
||||||
"STATE" : "PUBLIC"
|
"STATE": "PUBLIC"
|
||||||
},
|
},
|
||||||
"affects" : {
|
"affects": {
|
||||||
"vendor" : {
|
"vendor": {
|
||||||
"vendor_data" : [
|
"vendor_data": [
|
||||||
{
|
{
|
||||||
"product" : {
|
"product": {
|
||||||
"product_data" : [
|
"product_data": [
|
||||||
{
|
{
|
||||||
"product_name" : "n/a",
|
"product_name": "n/a",
|
||||||
"version" : {
|
"version": {
|
||||||
"version_data" : [
|
"version_data": [
|
||||||
{
|
{
|
||||||
"version_value" : "n/a"
|
"version_value": "n/a"
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"vendor_name" : "n/a"
|
"vendor_name": "n/a"
|
||||||
}
|
}
|
||||||
]
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"data_format" : "MITRE",
|
|
||||||
"data_type" : "CVE",
|
|
||||||
"data_version" : "4.0",
|
|
||||||
"description" : {
|
|
||||||
"description_data" : [
|
|
||||||
{
|
|
||||||
"lang" : "eng",
|
|
||||||
"value" : "joyplus-cms 1.6.0 allows Remote Code Execution because of an Arbitrary SQL command execution issue in manager/index.php involving use of a \"/!select/\" substring in place of a select substring."
|
|
||||||
}
|
|
||||||
]
|
|
||||||
},
|
|
||||||
"problemtype" : {
|
|
||||||
"problemtype_data" : [
|
|
||||||
{
|
|
||||||
"description" : [
|
|
||||||
{
|
|
||||||
"lang" : "eng",
|
|
||||||
"value" : "n/a"
|
|
||||||
}
|
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
]
|
},
|
||||||
},
|
"data_format": "MITRE",
|
||||||
"references" : {
|
"data_type": "CVE",
|
||||||
"reference_data" : [
|
"data_version": "4.0",
|
||||||
{
|
"description": {
|
||||||
"name" : "https://github.com/joyplus/joyplus-cms/issues/425",
|
"description_data": [
|
||||||
"refsource" : "MISC",
|
{
|
||||||
"url" : "https://github.com/joyplus/joyplus-cms/issues/425"
|
"lang": "eng",
|
||||||
}
|
"value": "joyplus-cms 1.6.0 allows Remote Code Execution because of an Arbitrary SQL command execution issue in manager/index.php involving use of a \"/!select/\" substring in place of a select substring."
|
||||||
]
|
}
|
||||||
}
|
]
|
||||||
}
|
},
|
||||||
|
"problemtype": {
|
||||||
|
"problemtype_data": [
|
||||||
|
{
|
||||||
|
"description": [
|
||||||
|
{
|
||||||
|
"lang": "eng",
|
||||||
|
"value": "n/a"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"references": {
|
||||||
|
"reference_data": [
|
||||||
|
{
|
||||||
|
"name": "https://github.com/joyplus/joyplus-cms/issues/425",
|
||||||
|
"refsource": "MISC",
|
||||||
|
"url": "https://github.com/joyplus/joyplus-cms/issues/425"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
}
|
@ -1,63 +1,63 @@
|
|||||||
{
|
{
|
||||||
"CVE_data_meta" : {
|
"CVE_data_meta": {
|
||||||
"ASSIGNER" : "secure@intel.com",
|
"ASSIGNER": "secure@intel.com",
|
||||||
"DATE_PUBLIC" : "2019-03-12T00:00:00",
|
"DATE_PUBLIC": "2019-03-12T00:00:00",
|
||||||
"ID" : "CVE-2018-12204",
|
"ID": "CVE-2018-12204",
|
||||||
"STATE" : "PUBLIC"
|
"STATE": "PUBLIC"
|
||||||
},
|
},
|
||||||
"affects" : {
|
"affects": {
|
||||||
"vendor" : {
|
"vendor": {
|
||||||
"vendor_data" : [
|
"vendor_data": [
|
||||||
{
|
{
|
||||||
"product" : {
|
"product": {
|
||||||
"product_data" : [
|
"product_data": [
|
||||||
{
|
{
|
||||||
"product_name" : "Intel Platform Sample / Silicon Reference firmware",
|
"product_name": "Intel Platform Sample / Silicon Reference firmware",
|
||||||
"version" : {
|
"version": {
|
||||||
"version_data" : [
|
"version_data": [
|
||||||
{
|
{
|
||||||
"version_value" : "Multiple versions."
|
"version_value": "Multiple versions."
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"vendor_name" : "Intel Corporation"
|
"vendor_name": "Intel Corporation"
|
||||||
}
|
}
|
||||||
]
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"data_format" : "MITRE",
|
|
||||||
"data_type" : "CVE",
|
|
||||||
"data_version" : "4.0",
|
|
||||||
"description" : {
|
|
||||||
"description_data" : [
|
|
||||||
{
|
|
||||||
"lang" : "eng",
|
|
||||||
"value" : "Privilege escalation vulnerability in Platform Sample/ Silicon Reference firmware Intel(R) Server Board, Intel(R) Server System and Intel(R) Compute Module may allow privileged user to potentially execute arbitrary code via local access."
|
|
||||||
}
|
|
||||||
]
|
|
||||||
},
|
|
||||||
"problemtype" : {
|
|
||||||
"problemtype_data" : [
|
|
||||||
{
|
|
||||||
"description" : [
|
|
||||||
{
|
|
||||||
"lang" : "eng",
|
|
||||||
"value" : "Escalation of privilege"
|
|
||||||
}
|
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
]
|
},
|
||||||
},
|
"data_format": "MITRE",
|
||||||
"references" : {
|
"data_type": "CVE",
|
||||||
"reference_data" : [
|
"data_version": "4.0",
|
||||||
{
|
"description": {
|
||||||
"name" : "https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00191.html",
|
"description_data": [
|
||||||
"refsource" : "CONFIRM",
|
{
|
||||||
"url" : "https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00191.html"
|
"lang": "eng",
|
||||||
}
|
"value": "Privilege escalation vulnerability in Platform Sample/ Silicon Reference firmware Intel(R) Server Board, Intel(R) Server System and Intel(R) Compute Module may allow privileged user to potentially execute arbitrary code via local access."
|
||||||
]
|
}
|
||||||
}
|
]
|
||||||
}
|
},
|
||||||
|
"problemtype": {
|
||||||
|
"problemtype_data": [
|
||||||
|
{
|
||||||
|
"description": [
|
||||||
|
{
|
||||||
|
"lang": "eng",
|
||||||
|
"value": "Escalation of privilege"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"references": {
|
||||||
|
"reference_data": [
|
||||||
|
{
|
||||||
|
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00191.html",
|
||||||
|
"refsource": "CONFIRM",
|
||||||
|
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00191.html"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
}
|
@ -1,18 +1,18 @@
|
|||||||
{
|
{
|
||||||
"CVE_data_meta" : {
|
"CVE_data_meta": {
|
||||||
"ASSIGNER" : "cve@mitre.org",
|
"ASSIGNER": "cve@mitre.org",
|
||||||
"ID" : "CVE-2018-12643",
|
"ID": "CVE-2018-12643",
|
||||||
"STATE" : "RESERVED"
|
"STATE": "RESERVED"
|
||||||
},
|
},
|
||||||
"data_format" : "MITRE",
|
"data_format": "MITRE",
|
||||||
"data_type" : "CVE",
|
"data_type": "CVE",
|
||||||
"data_version" : "4.0",
|
"data_version": "4.0",
|
||||||
"description" : {
|
"description": {
|
||||||
"description_data" : [
|
"description_data": [
|
||||||
{
|
{
|
||||||
"lang" : "eng",
|
"lang": "eng",
|
||||||
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
}
|
}
|
@ -1,18 +1,18 @@
|
|||||||
{
|
{
|
||||||
"CVE_data_meta" : {
|
"CVE_data_meta": {
|
||||||
"ASSIGNER" : "cve@mitre.org",
|
"ASSIGNER": "cve@mitre.org",
|
||||||
"ID" : "CVE-2018-12991",
|
"ID": "CVE-2018-12991",
|
||||||
"STATE" : "RESERVED"
|
"STATE": "RESERVED"
|
||||||
},
|
},
|
||||||
"data_format" : "MITRE",
|
"data_format": "MITRE",
|
||||||
"data_type" : "CVE",
|
"data_type": "CVE",
|
||||||
"data_version" : "4.0",
|
"data_version": "4.0",
|
||||||
"description" : {
|
"description": {
|
||||||
"description_data" : [
|
"description_data": [
|
||||||
{
|
{
|
||||||
"lang" : "eng",
|
"lang": "eng",
|
||||||
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
}
|
}
|
@ -1,62 +1,62 @@
|
|||||||
{
|
{
|
||||||
"CVE_data_meta" : {
|
"CVE_data_meta": {
|
||||||
"ASSIGNER" : "cve@mitre.org",
|
"ASSIGNER": "cve@mitre.org",
|
||||||
"ID" : "CVE-2018-13049",
|
"ID": "CVE-2018-13049",
|
||||||
"STATE" : "PUBLIC"
|
"STATE": "PUBLIC"
|
||||||
},
|
},
|
||||||
"affects" : {
|
"affects": {
|
||||||
"vendor" : {
|
"vendor": {
|
||||||
"vendor_data" : [
|
"vendor_data": [
|
||||||
{
|
{
|
||||||
"product" : {
|
"product": {
|
||||||
"product_data" : [
|
"product_data": [
|
||||||
{
|
{
|
||||||
"product_name" : "n/a",
|
"product_name": "n/a",
|
||||||
"version" : {
|
"version": {
|
||||||
"version_data" : [
|
"version_data": [
|
||||||
{
|
{
|
||||||
"version_value" : "n/a"
|
"version_value": "n/a"
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"vendor_name" : "n/a"
|
"vendor_name": "n/a"
|
||||||
}
|
}
|
||||||
]
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"data_format" : "MITRE",
|
|
||||||
"data_type" : "CVE",
|
|
||||||
"data_version" : "4.0",
|
|
||||||
"description" : {
|
|
||||||
"description_data" : [
|
|
||||||
{
|
|
||||||
"lang" : "eng",
|
|
||||||
"value" : "The constructSQL function in inc/search.class.php in GLPI 9.2.x through 9.3.0 allows SQL Injection, as demonstrated by triggering a crafted LIMIT clause to front/computer.php."
|
|
||||||
}
|
|
||||||
]
|
|
||||||
},
|
|
||||||
"problemtype" : {
|
|
||||||
"problemtype_data" : [
|
|
||||||
{
|
|
||||||
"description" : [
|
|
||||||
{
|
|
||||||
"lang" : "eng",
|
|
||||||
"value" : "n/a"
|
|
||||||
}
|
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
]
|
},
|
||||||
},
|
"data_format": "MITRE",
|
||||||
"references" : {
|
"data_type": "CVE",
|
||||||
"reference_data" : [
|
"data_version": "4.0",
|
||||||
{
|
"description": {
|
||||||
"name" : "https://github.com/glpi-project/glpi/issues/4270",
|
"description_data": [
|
||||||
"refsource" : "CONFIRM",
|
{
|
||||||
"url" : "https://github.com/glpi-project/glpi/issues/4270"
|
"lang": "eng",
|
||||||
}
|
"value": "The constructSQL function in inc/search.class.php in GLPI 9.2.x through 9.3.0 allows SQL Injection, as demonstrated by triggering a crafted LIMIT clause to front/computer.php."
|
||||||
]
|
}
|
||||||
}
|
]
|
||||||
}
|
},
|
||||||
|
"problemtype": {
|
||||||
|
"problemtype_data": [
|
||||||
|
{
|
||||||
|
"description": [
|
||||||
|
{
|
||||||
|
"lang": "eng",
|
||||||
|
"value": "n/a"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"references": {
|
||||||
|
"reference_data": [
|
||||||
|
{
|
||||||
|
"name": "https://github.com/glpi-project/glpi/issues/4270",
|
||||||
|
"refsource": "CONFIRM",
|
||||||
|
"url": "https://github.com/glpi-project/glpi/issues/4270"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
}
|
@ -1,18 +1,18 @@
|
|||||||
{
|
{
|
||||||
"CVE_data_meta" : {
|
"CVE_data_meta": {
|
||||||
"ASSIGNER" : "cve@mitre.org",
|
"ASSIGNER": "cve@mitre.org",
|
||||||
"ID" : "CVE-2018-13283",
|
"ID": "CVE-2018-13283",
|
||||||
"STATE" : "RESERVED"
|
"STATE": "RESERVED"
|
||||||
},
|
},
|
||||||
"data_format" : "MITRE",
|
"data_format": "MITRE",
|
||||||
"data_type" : "CVE",
|
"data_type": "CVE",
|
||||||
"data_version" : "4.0",
|
"data_version": "4.0",
|
||||||
"description" : {
|
"description": {
|
||||||
"description_data" : [
|
"description_data": [
|
||||||
{
|
{
|
||||||
"lang" : "eng",
|
"lang": "eng",
|
||||||
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
}
|
}
|
@ -1,67 +1,67 @@
|
|||||||
{
|
{
|
||||||
"CVE_data_meta" : {
|
"CVE_data_meta": {
|
||||||
"ASSIGNER" : "cve@mitre.org",
|
"ASSIGNER": "cve@mitre.org",
|
||||||
"ID" : "CVE-2018-13525",
|
"ID": "CVE-2018-13525",
|
||||||
"STATE" : "PUBLIC"
|
"STATE": "PUBLIC"
|
||||||
},
|
},
|
||||||
"affects" : {
|
"affects": {
|
||||||
"vendor" : {
|
"vendor": {
|
||||||
"vendor_data" : [
|
"vendor_data": [
|
||||||
{
|
{
|
||||||
"product" : {
|
"product": {
|
||||||
"product_data" : [
|
"product_data": [
|
||||||
{
|
{
|
||||||
"product_name" : "n/a",
|
"product_name": "n/a",
|
||||||
"version" : {
|
"version": {
|
||||||
"version_data" : [
|
"version_data": [
|
||||||
{
|
{
|
||||||
"version_value" : "n/a"
|
"version_value": "n/a"
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"vendor_name" : "n/a"
|
"vendor_name": "n/a"
|
||||||
}
|
}
|
||||||
]
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"data_format" : "MITRE",
|
|
||||||
"data_type" : "CVE",
|
|
||||||
"data_version" : "4.0",
|
|
||||||
"description" : {
|
|
||||||
"description_data" : [
|
|
||||||
{
|
|
||||||
"lang" : "eng",
|
|
||||||
"value" : "The mintToken function of a smart contract implementation for Flow, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value."
|
|
||||||
}
|
|
||||||
]
|
|
||||||
},
|
|
||||||
"problemtype" : {
|
|
||||||
"problemtype_data" : [
|
|
||||||
{
|
|
||||||
"description" : [
|
|
||||||
{
|
|
||||||
"lang" : "eng",
|
|
||||||
"value" : "n/a"
|
|
||||||
}
|
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
]
|
},
|
||||||
},
|
"data_format": "MITRE",
|
||||||
"references" : {
|
"data_type": "CVE",
|
||||||
"reference_data" : [
|
"data_version": "4.0",
|
||||||
{
|
"description": {
|
||||||
"name" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md",
|
"description_data": [
|
||||||
"refsource" : "MISC",
|
{
|
||||||
"url" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md"
|
"lang": "eng",
|
||||||
},
|
"value": "The mintToken function of a smart contract implementation for Flow, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value."
|
||||||
{
|
}
|
||||||
"name" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/Flow",
|
]
|
||||||
"refsource" : "MISC",
|
},
|
||||||
"url" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/Flow"
|
"problemtype": {
|
||||||
}
|
"problemtype_data": [
|
||||||
]
|
{
|
||||||
}
|
"description": [
|
||||||
}
|
{
|
||||||
|
"lang": "eng",
|
||||||
|
"value": "n/a"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"references": {
|
||||||
|
"reference_data": [
|
||||||
|
{
|
||||||
|
"name": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md",
|
||||||
|
"refsource": "MISC",
|
||||||
|
"url": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/Flow",
|
||||||
|
"refsource": "MISC",
|
||||||
|
"url": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/Flow"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
}
|
@ -1,18 +1,18 @@
|
|||||||
{
|
{
|
||||||
"CVE_data_meta" : {
|
"CVE_data_meta": {
|
||||||
"ASSIGNER" : "cve@mitre.org",
|
"ASSIGNER": "cve@mitre.org",
|
||||||
"ID" : "CVE-2018-13922",
|
"ID": "CVE-2018-13922",
|
||||||
"STATE" : "RESERVED"
|
"STATE": "RESERVED"
|
||||||
},
|
},
|
||||||
"data_format" : "MITRE",
|
"data_format": "MITRE",
|
||||||
"data_type" : "CVE",
|
"data_type": "CVE",
|
||||||
"data_version" : "4.0",
|
"data_version": "4.0",
|
||||||
"description" : {
|
"description": {
|
||||||
"description_data" : [
|
"description_data": [
|
||||||
{
|
{
|
||||||
"lang" : "eng",
|
"lang": "eng",
|
||||||
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
}
|
}
|
@ -1,18 +1,18 @@
|
|||||||
{
|
{
|
||||||
"CVE_data_meta" : {
|
"CVE_data_meta": {
|
||||||
"ASSIGNER" : "cve@mitre.org",
|
"ASSIGNER": "cve@mitre.org",
|
||||||
"ID" : "CVE-2018-13976",
|
"ID": "CVE-2018-13976",
|
||||||
"STATE" : "RESERVED"
|
"STATE": "RESERVED"
|
||||||
},
|
},
|
||||||
"data_format" : "MITRE",
|
"data_format": "MITRE",
|
||||||
"data_type" : "CVE",
|
"data_type": "CVE",
|
||||||
"data_version" : "4.0",
|
"data_version": "4.0",
|
||||||
"description" : {
|
"description": {
|
||||||
"description_data" : [
|
"description_data": [
|
||||||
{
|
{
|
||||||
"lang" : "eng",
|
"lang": "eng",
|
||||||
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
}
|
}
|
@ -1,18 +1,18 @@
|
|||||||
{
|
{
|
||||||
"CVE_data_meta" : {
|
"CVE_data_meta": {
|
||||||
"ASSIGNER" : "cve@mitre.org",
|
"ASSIGNER": "cve@mitre.org",
|
||||||
"ID" : "CVE-2018-16063",
|
"ID": "CVE-2018-16063",
|
||||||
"STATE" : "RESERVED"
|
"STATE": "RESERVED"
|
||||||
},
|
},
|
||||||
"data_format" : "MITRE",
|
"data_format": "MITRE",
|
||||||
"data_type" : "CVE",
|
"data_type": "CVE",
|
||||||
"data_version" : "4.0",
|
"data_version": "4.0",
|
||||||
"description" : {
|
"description": {
|
||||||
"description_data" : [
|
"description_data": [
|
||||||
{
|
{
|
||||||
"lang" : "eng",
|
"lang": "eng",
|
||||||
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
}
|
}
|
@ -1,18 +1,18 @@
|
|||||||
{
|
{
|
||||||
"CVE_data_meta" : {
|
"CVE_data_meta": {
|
||||||
"ASSIGNER" : "cve@mitre.org",
|
"ASSIGNER": "cve@mitre.org",
|
||||||
"ID" : "CVE-2018-16153",
|
"ID": "CVE-2018-16153",
|
||||||
"STATE" : "RESERVED"
|
"STATE": "RESERVED"
|
||||||
},
|
},
|
||||||
"data_format" : "MITRE",
|
"data_format": "MITRE",
|
||||||
"data_type" : "CVE",
|
"data_type": "CVE",
|
||||||
"data_version" : "4.0",
|
"data_version": "4.0",
|
||||||
"description" : {
|
"description": {
|
||||||
"description_data" : [
|
"description_data": [
|
||||||
{
|
{
|
||||||
"lang" : "eng",
|
"lang": "eng",
|
||||||
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
}
|
}
|
@ -1,18 +1,18 @@
|
|||||||
{
|
{
|
||||||
"CVE_data_meta" : {
|
"CVE_data_meta": {
|
||||||
"ASSIGNER" : "cve@mitre.org",
|
"ASSIGNER": "cve@mitre.org",
|
||||||
"ID" : "CVE-2018-16717",
|
"ID": "CVE-2018-16717",
|
||||||
"STATE" : "RESERVED"
|
"STATE": "RESERVED"
|
||||||
},
|
},
|
||||||
"data_format" : "MITRE",
|
"data_format": "MITRE",
|
||||||
"data_type" : "CVE",
|
"data_type": "CVE",
|
||||||
"data_version" : "4.0",
|
"data_version": "4.0",
|
||||||
"description" : {
|
"description": {
|
||||||
"description_data" : [
|
"description_data": [
|
||||||
{
|
{
|
||||||
"lang" : "eng",
|
"lang": "eng",
|
||||||
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
}
|
}
|
@ -1,62 +1,62 @@
|
|||||||
{
|
{
|
||||||
"CVE_data_meta" : {
|
"CVE_data_meta": {
|
||||||
"ASSIGNER" : "cve@mitre.org",
|
"ASSIGNER": "cve@mitre.org",
|
||||||
"ID" : "CVE-2018-16774",
|
"ID": "CVE-2018-16774",
|
||||||
"STATE" : "PUBLIC"
|
"STATE": "PUBLIC"
|
||||||
},
|
},
|
||||||
"affects" : {
|
"affects": {
|
||||||
"vendor" : {
|
"vendor": {
|
||||||
"vendor_data" : [
|
"vendor_data": [
|
||||||
{
|
{
|
||||||
"product" : {
|
"product": {
|
||||||
"product_data" : [
|
"product_data": [
|
||||||
{
|
{
|
||||||
"product_name" : "n/a",
|
"product_name": "n/a",
|
||||||
"version" : {
|
"version": {
|
||||||
"version_data" : [
|
"version_data": [
|
||||||
{
|
{
|
||||||
"version_value" : "n/a"
|
"version_value": "n/a"
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"vendor_name" : "n/a"
|
"vendor_name": "n/a"
|
||||||
}
|
}
|
||||||
]
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"data_format" : "MITRE",
|
|
||||||
"data_type" : "CVE",
|
|
||||||
"data_version" : "4.0",
|
|
||||||
"description" : {
|
|
||||||
"description_data" : [
|
|
||||||
{
|
|
||||||
"lang" : "eng",
|
|
||||||
"value" : "HongCMS 3.0.0 allows arbitrary file deletion via a ../ in the file parameter to admin/index.php/language/ajax?action=delete."
|
|
||||||
}
|
|
||||||
]
|
|
||||||
},
|
|
||||||
"problemtype" : {
|
|
||||||
"problemtype_data" : [
|
|
||||||
{
|
|
||||||
"description" : [
|
|
||||||
{
|
|
||||||
"lang" : "eng",
|
|
||||||
"value" : "n/a"
|
|
||||||
}
|
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
]
|
},
|
||||||
},
|
"data_format": "MITRE",
|
||||||
"references" : {
|
"data_type": "CVE",
|
||||||
"reference_data" : [
|
"data_version": "4.0",
|
||||||
{
|
"description": {
|
||||||
"name" : "https://github.com/Neeke/HongCMS/issues/6",
|
"description_data": [
|
||||||
"refsource" : "MISC",
|
{
|
||||||
"url" : "https://github.com/Neeke/HongCMS/issues/6"
|
"lang": "eng",
|
||||||
}
|
"value": "HongCMS 3.0.0 allows arbitrary file deletion via a ../ in the file parameter to admin/index.php/language/ajax?action=delete."
|
||||||
]
|
}
|
||||||
}
|
]
|
||||||
}
|
},
|
||||||
|
"problemtype": {
|
||||||
|
"problemtype_data": [
|
||||||
|
{
|
||||||
|
"description": [
|
||||||
|
{
|
||||||
|
"lang": "eng",
|
||||||
|
"value": "n/a"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"references": {
|
||||||
|
"reference_data": [
|
||||||
|
{
|
||||||
|
"name": "https://github.com/Neeke/HongCMS/issues/6",
|
||||||
|
"refsource": "MISC",
|
||||||
|
"url": "https://github.com/Neeke/HongCMS/issues/6"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
}
|
@ -1,67 +1,67 @@
|
|||||||
{
|
{
|
||||||
"CVE_data_meta" : {
|
"CVE_data_meta": {
|
||||||
"ASSIGNER" : "cve@mitre.org",
|
"ASSIGNER": "cve@mitre.org",
|
||||||
"ID" : "CVE-2018-17054",
|
"ID": "CVE-2018-17054",
|
||||||
"STATE" : "PUBLIC"
|
"STATE": "PUBLIC"
|
||||||
},
|
},
|
||||||
"affects" : {
|
"affects": {
|
||||||
"vendor" : {
|
"vendor": {
|
||||||
"vendor_data" : [
|
"vendor_data": [
|
||||||
{
|
{
|
||||||
"product" : {
|
"product": {
|
||||||
"product_data" : [
|
"product_data": [
|
||||||
{
|
{
|
||||||
"product_name" : "n/a",
|
"product_name": "n/a",
|
||||||
"version" : {
|
"version": {
|
||||||
"version_data" : [
|
"version_data": [
|
||||||
{
|
{
|
||||||
"version_value" : "n/a"
|
"version_value": "n/a"
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"vendor_name" : "n/a"
|
"vendor_name": "n/a"
|
||||||
}
|
}
|
||||||
]
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"data_format" : "MITRE",
|
|
||||||
"data_type" : "CVE",
|
|
||||||
"data_version" : "4.0",
|
|
||||||
"description" : {
|
|
||||||
"description_data" : [
|
|
||||||
{
|
|
||||||
"lang" : "eng",
|
|
||||||
"value" : "Cross-site scripting (XSS) vulnerability in Identity Server in Progress Sitefinity CMS versions 10.0 through 11.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to login request parameters, a different vulnerability than CVE-2018-17053."
|
|
||||||
}
|
|
||||||
]
|
|
||||||
},
|
|
||||||
"problemtype" : {
|
|
||||||
"problemtype_data" : [
|
|
||||||
{
|
|
||||||
"description" : [
|
|
||||||
{
|
|
||||||
"lang" : "eng",
|
|
||||||
"value" : "n/a"
|
|
||||||
}
|
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
]
|
},
|
||||||
},
|
"data_format": "MITRE",
|
||||||
"references" : {
|
"data_type": "CVE",
|
||||||
"reference_data" : [
|
"data_version": "4.0",
|
||||||
{
|
"description": {
|
||||||
"name" : "https://insinuator.net/2018/10/vulnerabilities-in-sitefinity-wcms-a-success-story-of-a-responsible-disclosure-process/",
|
"description_data": [
|
||||||
"refsource" : "MISC",
|
{
|
||||||
"url" : "https://insinuator.net/2018/10/vulnerabilities-in-sitefinity-wcms-a-success-story-of-a-responsible-disclosure-process/"
|
"lang": "eng",
|
||||||
},
|
"value": "Cross-site scripting (XSS) vulnerability in Identity Server in Progress Sitefinity CMS versions 10.0 through 11.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to login request parameters, a different vulnerability than CVE-2018-17053."
|
||||||
{
|
}
|
||||||
"name" : "https://knowledgebase.progress.com/articles/Article/Security-Advisory-for-Resolving-Security-vulnerabilities-September-2018",
|
]
|
||||||
"refsource" : "CONFIRM",
|
},
|
||||||
"url" : "https://knowledgebase.progress.com/articles/Article/Security-Advisory-for-Resolving-Security-vulnerabilities-September-2018"
|
"problemtype": {
|
||||||
}
|
"problemtype_data": [
|
||||||
]
|
{
|
||||||
}
|
"description": [
|
||||||
}
|
{
|
||||||
|
"lang": "eng",
|
||||||
|
"value": "n/a"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"references": {
|
||||||
|
"reference_data": [
|
||||||
|
{
|
||||||
|
"name": "https://insinuator.net/2018/10/vulnerabilities-in-sitefinity-wcms-a-success-story-of-a-responsible-disclosure-process/",
|
||||||
|
"refsource": "MISC",
|
||||||
|
"url": "https://insinuator.net/2018/10/vulnerabilities-in-sitefinity-wcms-a-success-story-of-a-responsible-disclosure-process/"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "https://knowledgebase.progress.com/articles/Article/Security-Advisory-for-Resolving-Security-vulnerabilities-September-2018",
|
||||||
|
"refsource": "CONFIRM",
|
||||||
|
"url": "https://knowledgebase.progress.com/articles/Article/Security-Advisory-for-Resolving-Security-vulnerabilities-September-2018"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
}
|
@ -1,18 +1,18 @@
|
|||||||
{
|
{
|
||||||
"CVE_data_meta" : {
|
"data_type": "CVE",
|
||||||
"ASSIGNER" : "cve@mitre.org",
|
"data_format": "MITRE",
|
||||||
"ID" : "CVE-2018-17250",
|
"data_version": "4.0",
|
||||||
"STATE" : "REJECT"
|
"CVE_data_meta": {
|
||||||
},
|
"ID": "CVE-2018-17250",
|
||||||
"data_format" : "MITRE",
|
"ASSIGNER": "cve@mitre.org",
|
||||||
"data_type" : "CVE",
|
"STATE": "REJECT"
|
||||||
"data_version" : "4.0",
|
},
|
||||||
"description" : {
|
"description": {
|
||||||
"description_data" : [
|
"description_data": [
|
||||||
{
|
{
|
||||||
"lang" : "eng",
|
"lang": "eng",
|
||||||
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2018. Notes: none."
|
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2018. Notes: none."
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
}
|
}
|
@ -1,18 +1,18 @@
|
|||||||
{
|
{
|
||||||
"CVE_data_meta" : {
|
"CVE_data_meta": {
|
||||||
"ASSIGNER" : "cve@mitre.org",
|
"ASSIGNER": "cve@mitre.org",
|
||||||
"ID" : "CVE-2018-17387",
|
"ID": "CVE-2018-17387",
|
||||||
"STATE" : "RESERVED"
|
"STATE": "RESERVED"
|
||||||
},
|
},
|
||||||
"data_format" : "MITRE",
|
"data_format": "MITRE",
|
||||||
"data_type" : "CVE",
|
"data_type": "CVE",
|
||||||
"data_version" : "4.0",
|
"data_version": "4.0",
|
||||||
"description" : {
|
"description": {
|
||||||
"description_data" : [
|
"description_data": [
|
||||||
{
|
{
|
||||||
"lang" : "eng",
|
"lang": "eng",
|
||||||
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
}
|
}
|
@ -1,67 +1,67 @@
|
|||||||
{
|
{
|
||||||
"CVE_data_meta" : {
|
"CVE_data_meta": {
|
||||||
"ASSIGNER" : "cve@mitre.org",
|
"ASSIGNER": "cve@mitre.org",
|
||||||
"ID" : "CVE-2018-17448",
|
"ID": "CVE-2018-17448",
|
||||||
"STATE" : "PUBLIC"
|
"STATE": "PUBLIC"
|
||||||
},
|
},
|
||||||
"affects" : {
|
"affects": {
|
||||||
"vendor" : {
|
"vendor": {
|
||||||
"vendor_data" : [
|
"vendor_data": [
|
||||||
{
|
{
|
||||||
"product" : {
|
"product": {
|
||||||
"product_data" : [
|
"product_data": [
|
||||||
{
|
{
|
||||||
"product_name" : "n/a",
|
"product_name": "n/a",
|
||||||
"version" : {
|
"version": {
|
||||||
"version_data" : [
|
"version_data": [
|
||||||
{
|
{
|
||||||
"version_value" : "n/a"
|
"version_value": "n/a"
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"vendor_name" : "n/a"
|
"vendor_name": "n/a"
|
||||||
}
|
}
|
||||||
]
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"data_format" : "MITRE",
|
|
||||||
"data_type" : "CVE",
|
|
||||||
"data_version" : "4.0",
|
|
||||||
"description" : {
|
|
||||||
"description_data" : [
|
|
||||||
{
|
|
||||||
"lang" : "eng",
|
|
||||||
"value" : "An Incorrect Access Control issue was discovered in Citrix SD-WAN 10.1.0 and NetScaler SD-WAN 9.3.x before 9.3.6 and 10.0.x before 10.0.4."
|
|
||||||
}
|
|
||||||
]
|
|
||||||
},
|
|
||||||
"problemtype" : {
|
|
||||||
"problemtype_data" : [
|
|
||||||
{
|
|
||||||
"description" : [
|
|
||||||
{
|
|
||||||
"lang" : "eng",
|
|
||||||
"value" : "n/a"
|
|
||||||
}
|
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
]
|
},
|
||||||
},
|
"data_format": "MITRE",
|
||||||
"references" : {
|
"data_type": "CVE",
|
||||||
"reference_data" : [
|
"data_version": "4.0",
|
||||||
{
|
"description": {
|
||||||
"name" : "https://support.citrix.com/article/CTX236992",
|
"description_data": [
|
||||||
"refsource" : "CONFIRM",
|
{
|
||||||
"url" : "https://support.citrix.com/article/CTX236992"
|
"lang": "eng",
|
||||||
},
|
"value": "An Incorrect Access Control issue was discovered in Citrix SD-WAN 10.1.0 and NetScaler SD-WAN 9.3.x before 9.3.6 and 10.0.x before 10.0.4."
|
||||||
{
|
}
|
||||||
"name" : "105711",
|
]
|
||||||
"refsource" : "BID",
|
},
|
||||||
"url" : "http://www.securityfocus.com/bid/105711"
|
"problemtype": {
|
||||||
}
|
"problemtype_data": [
|
||||||
]
|
{
|
||||||
}
|
"description": [
|
||||||
}
|
{
|
||||||
|
"lang": "eng",
|
||||||
|
"value": "n/a"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"references": {
|
||||||
|
"reference_data": [
|
||||||
|
{
|
||||||
|
"name": "https://support.citrix.com/article/CTX236992",
|
||||||
|
"refsource": "CONFIRM",
|
||||||
|
"url": "https://support.citrix.com/article/CTX236992"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "105711",
|
||||||
|
"refsource": "BID",
|
||||||
|
"url": "http://www.securityfocus.com/bid/105711"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
}
|
@ -1,94 +1,94 @@
|
|||||||
{
|
{
|
||||||
"CVE_data_meta" : {
|
"CVE_data_meta": {
|
||||||
"ASSIGNER" : "meissner@suse.de",
|
"ASSIGNER": "security@suse.com",
|
||||||
"DATE_PUBLIC" : "2018-11-15T00:00:00.000Z",
|
"DATE_PUBLIC": "2018-11-15T00:00:00.000Z",
|
||||||
"ID" : "CVE-2018-17953",
|
"ID": "CVE-2018-17953",
|
||||||
"STATE" : "PUBLIC",
|
"STATE": "PUBLIC",
|
||||||
"TITLE" : "pam_access does not handle netmask matches correctly"
|
"TITLE": "pam_access does not handle netmask matches correctly"
|
||||||
},
|
},
|
||||||
"affects" : {
|
"affects": {
|
||||||
"vendor" : {
|
"vendor": {
|
||||||
"vendor_data" : [
|
"vendor_data": [
|
||||||
{
|
{
|
||||||
"product" : {
|
"product": {
|
||||||
"product_data" : [
|
"product_data": [
|
||||||
{
|
{
|
||||||
"product_name" : "pam",
|
"product_name": "pam",
|
||||||
"version" : {
|
"version": {
|
||||||
"version_data" : [
|
"version_data": [
|
||||||
{
|
{
|
||||||
"affected" : "<",
|
"affected": "<",
|
||||||
"version_name" : "1.3.0",
|
"version_name": "1.3.0",
|
||||||
"version_value" : "1.3.0 before 2018-11-30"
|
"version_value": "1.3.0 before 2018-11-30"
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"vendor_name" : "SUSE"
|
"vendor_name": "SUSE"
|
||||||
}
|
}
|
||||||
]
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"credit" : [
|
|
||||||
{
|
|
||||||
"lang" : "eng",
|
|
||||||
"value" : "Daniel Pecka"
|
|
||||||
}
|
|
||||||
],
|
|
||||||
"data_format" : "MITRE",
|
|
||||||
"data_type" : "CVE",
|
|
||||||
"data_version" : "4.0",
|
|
||||||
"description" : {
|
|
||||||
"description_data" : [
|
|
||||||
{
|
|
||||||
"lang" : "eng",
|
|
||||||
"value" : "A incorrect variable in a SUSE specific patch for pam_access rule matching in PAM 1.3.0 in openSUSE Leap 15.0 and SUSE Linux Enterprise 15 could lead to pam_access rules not being applied (fail open)."
|
|
||||||
}
|
|
||||||
]
|
|
||||||
},
|
|
||||||
"impact" : {
|
|
||||||
"cvss" : {
|
|
||||||
"attackComplexity" : "LOW",
|
|
||||||
"attackVector" : "NETWORK",
|
|
||||||
"availabilityImpact" : "NONE",
|
|
||||||
"baseScore" : 7.5,
|
|
||||||
"baseSeverity" : "HIGH",
|
|
||||||
"confidentialityImpact" : "NONE",
|
|
||||||
"integrityImpact" : "HIGH",
|
|
||||||
"privilegesRequired" : "NONE",
|
|
||||||
"scope" : "UNCHANGED",
|
|
||||||
"userInteraction" : "NONE",
|
|
||||||
"vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
|
|
||||||
"version" : "3.0"
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"problemtype" : {
|
|
||||||
"problemtype_data" : [
|
|
||||||
{
|
|
||||||
"description" : [
|
|
||||||
{
|
|
||||||
"lang" : "eng",
|
|
||||||
"value" : "CWE-284"
|
|
||||||
}
|
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
]
|
},
|
||||||
},
|
"credit": [
|
||||||
"references" : {
|
{
|
||||||
"reference_data" : [
|
"lang": "eng",
|
||||||
{
|
"value": "Daniel Pecka"
|
||||||
"name" : "https://bugzilla.suse.com/show_bug.cgi?id=1115640",
|
}
|
||||||
"refsource" : "CONFIRM",
|
],
|
||||||
"url" : "https://bugzilla.suse.com/show_bug.cgi?id=1115640"
|
"data_format": "MITRE",
|
||||||
}
|
"data_type": "CVE",
|
||||||
]
|
"data_version": "4.0",
|
||||||
},
|
"description": {
|
||||||
"source" : {
|
"description_data": [
|
||||||
"defect" : [
|
{
|
||||||
"1115640"
|
"lang": "eng",
|
||||||
],
|
"value": "A incorrect variable in a SUSE specific patch for pam_access rule matching in PAM 1.3.0 in openSUSE Leap 15.0 and SUSE Linux Enterprise 15 could lead to pam_access rules not being applied (fail open)."
|
||||||
"discovery" : "INTERNAL"
|
}
|
||||||
}
|
]
|
||||||
}
|
},
|
||||||
|
"impact": {
|
||||||
|
"cvss": {
|
||||||
|
"attackComplexity": "LOW",
|
||||||
|
"attackVector": "NETWORK",
|
||||||
|
"availabilityImpact": "NONE",
|
||||||
|
"baseScore": 7.5,
|
||||||
|
"baseSeverity": "HIGH",
|
||||||
|
"confidentialityImpact": "NONE",
|
||||||
|
"integrityImpact": "HIGH",
|
||||||
|
"privilegesRequired": "NONE",
|
||||||
|
"scope": "UNCHANGED",
|
||||||
|
"userInteraction": "NONE",
|
||||||
|
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
|
||||||
|
"version": "3.0"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"problemtype": {
|
||||||
|
"problemtype_data": [
|
||||||
|
{
|
||||||
|
"description": [
|
||||||
|
{
|
||||||
|
"lang": "eng",
|
||||||
|
"value": "CWE-284"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"references": {
|
||||||
|
"reference_data": [
|
||||||
|
{
|
||||||
|
"name": "https://bugzilla.suse.com/show_bug.cgi?id=1115640",
|
||||||
|
"refsource": "CONFIRM",
|
||||||
|
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1115640"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"source": {
|
||||||
|
"defect": [
|
||||||
|
"1115640"
|
||||||
|
],
|
||||||
|
"discovery": "INTERNAL"
|
||||||
|
}
|
||||||
|
}
|
Loading…
x
Reference in New Issue
Block a user