From 64d0f0e0227e3556866f76f8ef33df1d5acbbbe6 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 22 Mar 2019 20:00:42 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2018/20xxx/CVE-2018-20165.json | 48 ++++++++++++++++++++++++-- 2019/9xxx/CVE-2019-9649.json | 63 ++++++++++++++++++++++++++++++++-- 2019/9xxx/CVE-2019-9911.json | 5 +++ 2019/9xxx/CVE-2019-9912.json | 5 +++ 2019/9xxx/CVE-2019-9913.json | 5 +++ 2019/9xxx/CVE-2019-9914.json | 5 +++ 6 files changed, 127 insertions(+), 4 deletions(-) diff --git a/2018/20xxx/CVE-2018-20165.json b/2018/20xxx/CVE-2018-20165.json index 724aa3c9506..56106d64c24 100644 --- a/2018/20xxx/CVE-2018-20165.json +++ b/2018/20xxx/CVE-2018-20165.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-20165", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,8 +11,52 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross-site scripting (XSS) vulnerability in OpenText Portal 7.4.4 allows remote attackers to inject arbitrary web script or HTML via the vgnextoid parameter to a menuitem URI." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/hect0rS/Reflected-XSS-on-Opentext-Portal-v7.4.4/blob/master/readme.md", + "url": "https://github.com/hect0rS/Reflected-XSS-on-Opentext-Portal-v7.4.4/blob/master/readme.md" + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } } } \ No newline at end of file diff --git a/2019/9xxx/CVE-2019-9649.json b/2019/9xxx/CVE-2019-9649.json index b578504a014..964a46f463e 100644 --- a/2019/9xxx/CVE-2019-9649.json +++ b/2019/9xxx/CVE-2019-9649.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-9649", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,66 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in the SFTP Server component in Core FTP 2.0 Build 674. Using the MDTM FTP command, a remote attacker can use a directory traversal technique (..\\..\\) to browse outside the root directory to determine the existence of a file on the operating system, and its last modified date." + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "BID", + "name": "107449", + "url": "http://www.securityfocus.com/bid/107449" + }, + { + "refsource": "CONFIRM", + "name": "http://www.coreftp.com/forums/viewtopic.php?f=15&t=4022509", + "url": "http://www.coreftp.com/forums/viewtopic.php?f=15&t=4022509" + }, + { + "refsource": "EXPLOIT-DB", + "name": "46534", + "url": "https://www.exploit-db.com/exploits/46534" + }, + { + "refsource": "FULLDISC", + "name": "20190311 CVE-2019-9649 CoreFTP FTP / SFTP Server v2 - Build 674 MDTM\tDirectory Traversal", + "url": "https://seclists.org/fulldisclosure/2019/Mar/25" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] } ] } diff --git a/2019/9xxx/CVE-2019-9911.json b/2019/9xxx/CVE-2019-9911.json index c76f99a749e..5d59863d244 100644 --- a/2019/9xxx/CVE-2019-9911.json +++ b/2019/9xxx/CVE-2019-9911.json @@ -61,6 +61,11 @@ "url": "https://security-consulting.icu/blog/2019/02/wordpress-social-networks-auto-poster-xss/", "refsource": "MISC", "name": "https://security-consulting.icu/blog/2019/02/wordpress-social-networks-auto-poster-xss/" + }, + { + "refsource": "FULLDISC", + "name": "20190322 Re: NextScripts: Social Networks Auto-Poster 4.2.7 - Reflected XSS (WordPress Plugin)", + "url": "http://seclists.org/fulldisclosure/2019/Mar/40" } ] } diff --git a/2019/9xxx/CVE-2019-9912.json b/2019/9xxx/CVE-2019-9912.json index b226943151b..b6fb22e6b04 100644 --- a/2019/9xxx/CVE-2019-9912.json +++ b/2019/9xxx/CVE-2019-9912.json @@ -61,6 +61,11 @@ "url": "https://security-consulting.icu/blog/2019/02/wordpress-wpgooglemaps-xss/", "refsource": "MISC", "name": "https://security-consulting.icu/blog/2019/02/wordpress-wpgooglemaps-xss/" + }, + { + "refsource": "FULLDISC", + "name": "20190322 Re: wpGoogleMaps 7.10.41 - Reflected XSS (WordPress Plugin)", + "url": "http://seclists.org/fulldisclosure/2019/Mar/41" } ] } diff --git a/2019/9xxx/CVE-2019-9913.json b/2019/9xxx/CVE-2019-9913.json index 43923d8feea..3865b68de92 100644 --- a/2019/9xxx/CVE-2019-9913.json +++ b/2019/9xxx/CVE-2019-9913.json @@ -61,6 +61,11 @@ "url": "https://security-consulting.icu/blog/2019/02/wordpress-wp-livechat-xss/", "refsource": "MISC", "name": "https://security-consulting.icu/blog/2019/02/wordpress-wp-livechat-xss/" + }, + { + "refsource": "FULLDISC", + "name": "20190322 Re: WP Live Chat Support 8.0.17 - Reflected XSS (WordPress Plugin)", + "url": "http://seclists.org/fulldisclosure/2019/Mar/42" } ] } diff --git a/2019/9xxx/CVE-2019-9914.json b/2019/9xxx/CVE-2019-9914.json index 74b319f152f..cdc8c91fd52 100644 --- a/2019/9xxx/CVE-2019-9914.json +++ b/2019/9xxx/CVE-2019-9914.json @@ -61,6 +61,11 @@ "url": "https://security-consulting.icu/blog/2019/02/wordpress-yop-poll-xss/", "refsource": "MISC", "name": "https://security-consulting.icu/blog/2019/02/wordpress-yop-poll-xss/" + }, + { + "refsource": "FULLDISC", + "name": "20190322 Re: YOP Poll 6.0.2 - Reflected XSS (WordPress Plugin)", + "url": "http://seclists.org/fulldisclosure/2019/Mar/43" } ] }