admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 05:39:45 +00:00
parent ed99f91e46
commit 6782526dad
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
56 changed files with 4552 additions and 4552 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
2006/0xxx/CVE-2006-0062.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0062",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0062",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

98
2006/0xxx/CVE-2006-0528.json
View File

@ -1,91 +1,91 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0528",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0528",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The cairo library (libcairo), as used in GNOME Evolution and possibly other products, allows remote attackers to cause a denial of service (persistent client crash) via an attached text file that contains \"Content-Disposition: inline\" in the header, and a very long line in the body, which causes the client to repeatedly crash until the e-mail message is manually removed, possibly due to a buffer overflow, as demonstrated using an XML attachment."
"lang": "eng",
"value": "The cairo library (libcairo), as used in GNOME Evolution and possibly other products, allows remote attackers to cause a denial of service (persistent client crash) via an attached text file that contains \"Content-Disposition: inline\" in the header, and a very long line in the body, which causes the client to repeatedly crash until the e-mail message is manually removed, possibly due to a buffer overflow, as demonstrated using an XML attachment."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20060128 gnome evolution mail client inline text file DoS issue",
"refsource" : "FULLDISC",
"url" : "http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0925.html"
"name": "16408",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16408"
},
{
"name" : "MDKSA-2006:057",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:057"
"name": "USN-265-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/265-1/"
},
{
"name" : "SUSE-SR:2006:007",
"refsource" : "SUSE",
"url" : "http://www.novell.com/linux/security/advisories/2006_07_sr.html"
"name": "SUSE-SR:2006:007",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2006_07_sr.html"
},
{
"name" : "USN-265-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/265-1/"
"name": "610",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/610"
},
{
"name" : "16408",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/16408"
"name": "MDKSA-2006:057",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:057"
},
{
"name" : "19504",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19504"
"name": "20060128 gnome evolution mail client inline text file DoS issue",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0925.html"
},
{
"name" : "610",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/610"
"name": "19504",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19504"
}
]
}

140
2006/0xxx/CVE-2006-0554.json
View File

@ -1,126 +1,126 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0554",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "security-info@sgi.com",
"ID": "CVE-2006-0554",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Linux kernel 2.6 before 2.6.15.5 allows local users to obtain sensitive information via a crafted XFS ftruncate call, which may return stale data."
"lang": "eng",
"value": "Linux kernel 2.6 before 2.6.15.5 allows local users to obtain sensitive information via a crafted XFS ftruncate call, which may return stale data."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.15.5",
"refsource" : "CONFIRM",
"url" : "http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.15.5"
"name": "kernel-ftruncate-information-disclosure(24999)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24999"
},
{
"name" : "DSA-1103",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2006/dsa-1103"
"name": "ADV-2006-2554",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2554"
},
{
"name" : "MDKSA-2006:059",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:059"
"name": "19220",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19220"
},
{
"name" : "MDKSA-2006:150",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:150"
"name": "MDKSA-2006:150",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:150"
},
{
"name" : "SUSE-SA:2006:028",
"refsource" : "SUSE",
"url" : "http://www.novell.com/linux/security/advisories/2006-05-31.html"
"name": "ADV-2006-0804",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0804"
},
{
"name" : "USN-263-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/263-1/"
"name": "SUSE-SA:2006:028",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2006-05-31.html"
},
{
"name" : "16921",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/16921"
"name": "DSA-1103",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1103"
},
{
"name" : "ADV-2006-0804",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/0804"
"name": "http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.15.5",
"refsource": "CONFIRM",
"url": "http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.15.5"
},
{
"name" : "ADV-2006-2554",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/2554"
"name": "20398",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20398"
},
{
"name" : "19083",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19083"
"name": "MDKSA-2006:059",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:059"
},
{
"name" : "19220",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19220"
"name": "19083",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19083"
},
{
"name" : "20914",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20914"
"name": "USN-263-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/263-1/"
},
{
"name" : "20398",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20398"
"name": "16921",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16921"
},
{
"name" : "kernel-ftruncate-information-disclosure(24999)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24999"
"name": "20914",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20914"
}
]
}

74
2006/0xxx/CVE-2006-0785.json
View File

@ -1,71 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0785",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0785",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Absolute path traversal vulnerability in include.php in PHPKIT 1.6.1 Release 2 and earlier allows remote attackers to include and execute arbitrary local files via a direct request with a path parameter with a null character and beginning with (1) '/' (slash) for an absolute pathname or (2) a drive letter (such as \"C:\"), which bypasses checks for \"..\" sequences and trailing \".php\" extensions."
"lang": "eng",
"value": "Absolute path traversal vulnerability in include.php in PHPKIT 1.6.1 Release 2 and earlier allows remote attackers to include and execute arbitrary local files via a direct request with a path parameter with a null character and beginning with (1) '/' (slash) for an absolute pathname or (2) a drive letter (such as \"C:\"), which bypasses checks for \"..\" sequences and trailing \".php\" extensions."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20060216 PHPKIT >= 1.6.1r2 arbitrary local/remote inclusion (unproperly patched in previous versions)",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/425196/100/0/threaded"
"name": "1015640",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015640"
},
{
"name" : "http://retrogod.altervista.org/phpkit_161r2_incl_xpl.html",
"refsource" : "MISC",
"url" : "http://retrogod.altervista.org/phpkit_161r2_incl_xpl.html"
"name": "http://retrogod.altervista.org/phpkit_161r2_incl_xpl.html",
"refsource": "MISC",
"url": "http://retrogod.altervista.org/phpkit_161r2_incl_xpl.html"
},
{
"name" : "1015640",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1015640"
"name": "20060216 PHPKIT >= 1.6.1r2 arbitrary local/remote inclusion (unproperly patched in previous versions)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/425196/100/0/threaded"
}
]
}

104
2006/0xxx/CVE-2006-0823.json
View File

@ -1,96 +1,96 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0823",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0823",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in Geeklog 1.4.0 before 1.4.0sr1 and 1.3.11 before 1.3.11sr4 allow remote attackers to inject arbitrary SQL commands via the (1) userid variable to users.php or (2) sessid variable to lib-sessions.php."
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in Geeklog 1.4.0 before 1.4.0sr1 and 1.3.11 before 1.3.11sr4 allow remote attackers to inject arbitrary SQL commands via the (1) userid variable to users.php or (2) sessid variable to lib-sessions.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20060219 Geeklog Remote Code Execution",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/425506/100/0/threaded"
"name": "ADV-2006-0661",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0661"
},
{
"name" : "http://www.gulftech.org/?node=research&article_id=00102-02192006",
"refsource" : "MISC",
"url" : "http://www.gulftech.org/?node=research&article_id=00102-02192006"
"name": "http://www.geeklog.net/article.php/geeklog-1.4.0sr1",
"refsource": "CONFIRM",
"url": "http://www.geeklog.net/article.php/geeklog-1.4.0sr1"
},
{
"name" : "http://www.geeklog.net/article.php/geeklog-1.4.0sr1",
"refsource" : "CONFIRM",
"url" : "http://www.geeklog.net/article.php/geeklog-1.4.0sr1"
"name": "23348",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/23348"
},
{
"name" : "16755",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/16755"
"name": "16755",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16755"
},
{
"name" : "ADV-2006-0661",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/0661"
"name": "20060219 Geeklog Remote Code Execution",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/425506/100/0/threaded"
},
{
"name" : "23348",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/23348"
"name": "geeklog-users-sessions-sql-injection(24775)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24775"
},
{
"name" : "18920",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18920"
"name": "18920",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18920"
},
{
"name" : "geeklog-users-sessions-sql-injection(24775)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24775"
"name": "http://www.gulftech.org/?node=research&article_id=00102-02192006",
"refsource": "MISC",
"url": "http://www.gulftech.org/?node=research&article_id=00102-02192006"
}
]
}

22
2006/0xxx/CVE-2006-0902.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0902",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0902",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

104
2006/1xxx/CVE-2006-1668.json
View File

@ -1,96 +1,96 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-1668",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1668",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "newimage.php in Eric Gerdes Crafty Syntax Image Gallery (CSIG) (aka PHP thumbnail Photo Gallery) 3.1g and earlier allows remote authenticated users to upload and execute arbitrary PHP code via a multipart/form-data POST with a .jpg filename in the fullimage parameter and the ext parameter set to .php."
"lang": "eng",
"value": "newimage.php in Eric Gerdes Crafty Syntax Image Gallery (CSIG) (aka PHP thumbnail Photo Gallery) 3.1g and earlier allows remote authenticated users to upload and execute arbitrary PHP code via a multipart/form-data POST with a .jpg filename in the fullimage parameter and the ext parameter set to .php."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://bash-x.net/undef/adv/craftygallery.html",
"refsource" : "MISC",
"url" : "http://bash-x.net/undef/adv/craftygallery.html"
"name": "ADV-2006-1239",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1239"
},
{
"name" : "http://bash-x.net/undef/exploits/crappy_syntax.txt",
"refsource" : "MISC",
"url" : "http://bash-x.net/undef/exploits/crappy_syntax.txt"
"name": "17379",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17379"
},
{
"name" : "1645",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/1645"
"name": "24387",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/24387"
},
{
"name" : "17379",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/17379"
"name": "crafty-http-post-code-execution(25655)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25655"
},
{
"name" : "ADV-2006-1239",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/1239"
"name": "http://bash-x.net/undef/exploits/crappy_syntax.txt",
"refsource": "MISC",
"url": "http://bash-x.net/undef/exploits/crappy_syntax.txt"
},
{
"name" : "24387",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/24387"
"name": "http://bash-x.net/undef/adv/craftygallery.html",
"refsource": "MISC",
"url": "http://bash-x.net/undef/adv/craftygallery.html"
},
{
"name" : "19478",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19478"
"name": "1645",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/1645"
},
{
"name" : "crafty-http-post-code-execution(25655)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25655"
"name": "19478",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19478"
}
]
}

104
2006/3xxx/CVE-2006-3163.json
View File

@ -1,96 +1,96 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3163",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3163",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in galeria.php in IMGallery 2.4 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) start or (2) sort parameters."
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in galeria.php in IMGallery 2.4 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) start or (2) sort parameters."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://pridels0.blogspot.com/2006/06/imgallery-vuln.html",
"refsource" : "MISC",
"url" : "http://pridels0.blogspot.com/2006/06/imgallery-vuln.html"
"name": "http://pridels0.blogspot.com/2006/06/imgallery-vuln.html",
"refsource": "MISC",
"url": "http://pridels0.blogspot.com/2006/06/imgallery-vuln.html"
},
{
"name" : "20060630 IMGallery - \"galeria.php\" not \"galerie.php\"",
"refsource" : "VIM",
"url" : "http://www.attrition.org/pipermail/vim/2006-June/000909.html"
"name": "20763",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20763"
},
{
"name" : "18566",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/18566"
"name": "20060630 IMGallery - \"galeria.php\" not \"galerie.php\"",
"refsource": "VIM",
"url": "http://www.attrition.org/pipermail/vim/2006-June/000909.html"
},
{
"name" : "ADV-2006-2471",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/2471"
"name": "1016349",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016349"
},
{
"name" : "26695",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/26695"
"name": "ADV-2006-2471",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2471"
},
{
"name" : "1016349",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1016349"
"name": "imgallery-galeria-sql-injection(27277)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27277"
},
{
"name" : "20763",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20763"
"name": "26695",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/26695"
},
{
"name" : "imgallery-galeria-sql-injection(27277)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27277"
"name": "18566",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18566"
}
]
}

74
2006/3xxx/CVE-2006-3204.json
View File

@ -1,71 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3204",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3204",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Ultimate PHP Board (UPB) 1.9.6 and earlier uses a cryptographically weak block cipher with a large key collision space, which allows remote attackers to determine a suitable decryption key given the plaintext and ciphertext by obtaining the plaintext password, which is sent when logging in, and the ciphertext, which is set in the pass_env cookie."
"lang": "eng",
"value": "Ultimate PHP Board (UPB) 1.9.6 and earlier uses a cryptographically weak block cipher with a large key collision space, which allows remote attackers to determine a suitable decryption key given the plaintext and ciphertext by obtaining the plaintext password, which is sent when logging in, and the ciphertext, which is set in the pass_env cookie."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20060620 ULtimate PHP Board <= 1.96 GOLD Code Execution (exploit code)",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/437875/100/0/threaded"
"name": "http://www.kliconsulting.com/users/mbrooks/UPB_0-day.txt",
"refsource": "MISC",
"url": "http://www.kliconsulting.com/users/mbrooks/UPB_0-day.txt"
},
{
"name" : "http://www.kliconsulting.com/users/mbrooks/UPB_0-day.txt",
"refsource" : "MISC",
"url" : "http://www.kliconsulting.com/users/mbrooks/UPB_0-day.txt"
"name": "1138",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1138"
},
{
"name" : "1138",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1138"
"name": "20060620 ULtimate PHP Board <= 1.96 GOLD Code Execution (exploit code)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/437875/100/0/threaded"
}
]
}

80
2006/3xxx/CVE-2006-3512.json
View File

@ -1,76 +1,76 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3512",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3512",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Internet Explorer 6 on Windows XP allows remote attackers to cause a denial of service (crash) by setting the Enabled property of a DXTFilter ActiveX object to true, which triggers a null dereference."
"lang": "eng",
"value": "Internet Explorer 6 on Windows XP allows remote attackers to cause a denial of service (crash) by setting the Enabled property of a DXTFilter ActiveX object to true, which triggers a null dereference."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "18903",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/18903"
"name": "ie-dxtfilter-dos(27623)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27623"
},
{
"name" : "ADV-2006-2732",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/2732"
"name": "18903",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18903"
},
{
"name" : "27014",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/27014"
"name": "ADV-2006-2732",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2732"
},
{
"name" : "ie-dxtfilter-dos(27623)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27623"
"name": "27014",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/27014"
}
]
}

110
2006/3xxx/CVE-2006-3735.json
View File

@ -1,101 +1,101 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3735",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3735",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Multiple PHP remote file inclusion vulnerabilities in Mail2Forum (module for phpBB) 1.2 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the m2f_root_path parameter to (1) m2f/m2f_phpbb204.php, (2) m2f/m2f_forum.php, (3) m2f/m2f_mailinglist.php or (4) m2f/m2f_cron.php."
"lang": "eng",
"value": "Multiple PHP remote file inclusion vulnerabilities in Mail2Forum (module for phpBB) 1.2 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the m2f_root_path parameter to (1) m2f/m2f_phpbb204.php, (2) m2f/m2f_forum.php, (3) m2f/m2f_mailinglist.php or (4) m2f/m2f_cron.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "2019",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/2019"
"name": "19038",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19038"
},
{
"name" : "19038",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/19038"
"name": "27355",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/27355"
},
{
"name" : "ADV-2006-2847",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/2847"
"name": "2019",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/2019"
},
{
"name" : "27354",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/27354"
"name": "mail2forum-m2frootpath-file-include(27788)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27788"
},
{
"name" : "27355",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/27355"
"name": "27354",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/27354"
},
{
"name" : "27356",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/27356"
"name": "27356",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/27356"
},
{
"name" : "27357",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/27357"
"name": "ADV-2006-2847",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2847"
},
{
"name" : "21083",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21083"
"name": "21083",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21083"
},
{
"name" : "mail2forum-m2frootpath-file-include(27788)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27788"
"name": "27357",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/27357"
}
]
}

542
2006/3xxx/CVE-2006-3747.json
View File

@ -1,461 +1,461 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3747",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2006-3747",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Off-by-one error in the ldap scheme handling in the Rewrite module (mod_rewrite) in Apache 1.3 from 1.3.28, 2.0.46 and other versions before 2.0.59, and 2.2, when RewriteEngine is enabled, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted URLs that are not properly handled using certain rewrite rules."
"lang": "eng",
"value": "Off-by-one error in the ldap scheme handling in the Rewrite module (mod_rewrite) in Apache 1.3 from 1.3.28, 2.0.46 and other versions before 2.0.59, and 2.2, when RewriteEngine is enabled, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted URLs that are not properly handled using certain rewrite rules."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20060728 Apache mod_rewrite Buffer Overflow Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/441487/100/0/threaded"
"name": "21266",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21266"
},
{
"name" : "20060728 [Announcement] Apache HTTP Server 2.2.3 (2.0.59, 1.3.37) Released",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/441485/100/0/threaded"
"name": "21307",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21307"
},
{
"name" : "20060728 rPSA-2006-0139-1 httpd mod_ssl",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/441526/100/200/threaded"
"name": "HPSBMA02250",
"refsource": "HP",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01118771"
},
{
"name" : "20060820 POC & exploit for Apache mod_rewrite off-by-one",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/443870/100/0/threaded"
"name": "ADV-2006-3995",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3995"
},
{
"name" : "20060728 Apache 1.3.29/2.X mod_rewrite Buffer Overflow Vulnerability CVE-2006-3747",
"refsource" : "FULLDISC",
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2006-July/048267.html"
"name": "apache-modrewrite-offbyone-bo(28063)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28063"
},
{
"name" : "20060728 [Announcement] Apache HTTP Server 2.2.3 (2.0.59, 1.3.37) Released",
"refsource" : "FULLDISC",
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2006-July/048271.html"
"name": "102662",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102662-1"
},
{
"name" : "http://kbase.redhat.com/faq/FAQ_68_8653.shtm",
"refsource" : "MISC",
"url" : "http://kbase.redhat.com/faq/FAQ_68_8653.shtm"
"name": "SSRT071293",
"refsource": "HP",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01428449"
},
{
"name" : "http://svn.apache.org/viewvc?view=rev&revision=426144",
"refsource" : "MISC",
"url" : "http://svn.apache.org/viewvc?view=rev&revision=426144"
"name": "http://www-1.ibm.com/support/docview.wss?uid=swg27007951",
"refsource": "CONFIRM",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg27007951"
},
{
"name" : "http://www.apache.org/dist/httpd/Announcement2.0.html",
"refsource" : "CONFIRM",
"url" : "http://www.apache.org/dist/httpd/Announcement2.0.html"
"name": "SSRT061265",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/450321/100/0/threaded"
},
{
"name" : "https://issues.rpath.com/browse/RPL-538",
"refsource" : "CONFIRM",
"url" : "https://issues.rpath.com/browse/RPL-538"
"name": "ADV-2006-4300",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4300"
},
{
"name" : "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=3117",
"refsource" : "CONFIRM",
"url" : "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=3117"
"name": "20060728 [Announcement] Apache HTTP Server 2.2.3 (2.0.59, 1.3.37) Released",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-July/048271.html"
},
{
"name" : "http://www-1.ibm.com/support/docview.wss?uid=swg27007951",
"refsource" : "CONFIRM",
"url" : "http://www-1.ibm.com/support/docview.wss?uid=swg27007951"
"name": "23028",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23028"
},
{
"name" : "http://docs.info.apple.com/article.html?artnum=307562",
"refsource" : "CONFIRM",
"url" : "http://docs.info.apple.com/article.html?artnum=307562"
"name": "http://svn.apache.org/viewvc?view=rev&revision=426144",
"refsource": "MISC",
"url": "http://svn.apache.org/viewvc?view=rev&revision=426144"
},
{
"name" : "APPLE-SA-2008-03-18",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
"name": "ADV-2006-3282",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3282"
},
{
"name" : "APPLE-SA-2008-05-28",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2008//May/msg00001.html"
"name": "21284",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21284"
},
{
"name" : "HPSBMA02250",
"refsource" : "HP",
"url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01118771"
"name": "PK29156",
"refsource": "AIXAPAR",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1PK29156"
},
{
"name" : "SSRT061275",
"refsource" : "HP",
"url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01118771"
"name": "http://kbase.redhat.com/faq/FAQ_68_8653.shtm",
"refsource": "MISC",
"url": "http://kbase.redhat.com/faq/FAQ_68_8653.shtm"
},
{
"name" : "HPSBMA02328",
"refsource" : "HP",
"url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01428449"
"name": "22523",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22523"
},
{
"name" : "SSRT071293",
"refsource" : "HP",
"url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01428449"
"name": "ADV-2008-1246",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1246/references"
},
{
"name" : "HPSBOV02683",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=130497311408250&w=2"
"name": "HPSBUX02164",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/450321/100/0/threaded"
},
{
"name" : "SSRT090208",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=130497311408250&w=2"
"name": "SSRT090208",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=130497311408250&w=2"
},
{
"name" : "TA08-150A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA08-150A.html"
"name": "23260",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23260"
},
{
"name" : "VU#395412",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/395412"
"name": "ADV-2006-3264",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3264"
},
{
"name" : "PK27875",
"refsource" : "AIXAPAR",
"url" : "http://www-1.ibm.com/support/docview.wss?uid=swg24013080"
"name": "SUSE-SA:2006:043",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2006_43_apache.html"
},
{
"name" : "PK29154",
"refsource" : "AIXAPAR",
"url" : "http://www-1.ibm.com/support/docview.wss?uid=swg1PK29154"
"name": "ADV-2008-0924",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0924/references"
},
{
"name" : "PK29156",
"refsource" : "AIXAPAR",
"url" : "http://www-1.ibm.com/support/docview.wss?uid=swg1PK29156"
"name": "21313",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21313"
},
{
"name" : "DSA-1131",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2006/dsa-1131"
"name": "29849",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29849"
},
{
"name" : "DSA-1132",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2006/dsa-1132"
"name": "ADV-2006-4015",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4015"
},
{
"name" : "GLSA-200608-01",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-200608-01.xml"
"name": "21273",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21273"
},
{
"name" : "HPSBUX02145",
"refsource" : "HP",
"url" : "http://www.securityfocus.com/archive/1/445206/100/0/threaded"
"name": "TA08-150A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA08-150A.html"
},
{
"name" : "SSRT061202",
"refsource" : "HP",
"url" : "http://www.securityfocus.com/archive/1/445206/100/0/threaded"
"name": "21478",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21478"
},
{
"name" : "HPSBUX02164",
"refsource" : "HP",
"url" : "http://www.securityfocus.com/archive/1/450321/100/0/threaded"
"name": "20060728 Apache mod_rewrite Buffer Overflow Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/441487/100/0/threaded"
},
{
"name" : "SSRT061265",
"refsource" : "HP",
"url" : "http://www.securityfocus.com/archive/1/450321/100/0/threaded"
"name": "GLSA-200608-01",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200608-01.xml"
},
{
"name" : "MDKSA-2006:133",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:133"
"name": "20060728 [Announcement] Apache HTTP Server 2.2.3 (2.0.59, 1.3.37) Released",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/441485/100/0/threaded"
},
{
"name" : "OpenPKG-SA-2006.015",
"refsource" : "OPENPKG",
"url" : "http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.015-apache.html"
"name": "22368",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22368"
},
{
"name" : "102662",
"refsource" : "SUNALERT",
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102662-1"
"name": "26329",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26329"
},
{
"name" : "102663",
"refsource" : "SUNALERT",
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102663-1"
"name": "HPSBUX02145",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/445206/100/0/threaded"
},
{
"name" : "SUSE-SA:2006:043",
"refsource" : "SUSE",
"url" : "http://www.novell.com/linux/security/advisories/2006_43_apache.html"
"name": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=3117",
"refsource": "CONFIRM",
"url": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=3117"
},
{
"name" : "2006-0044",
"refsource" : "TRUSTIX",
"url" : "http://lwn.net/Alerts/194228/"
"name": "102663",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102663-1"
},
{
"name" : "USN-328-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/usn-328-1"
"name": "29420",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29420"
},
{
"name" : "19204",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/19204"
"name": "http://www.apache.org/dist/httpd/Announcement2.0.html",
"refsource": "CONFIRM",
"url": "http://www.apache.org/dist/httpd/Announcement2.0.html"
},
{
"name" : "ADV-2006-3017",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3017"
"name": "19204",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19204"
},
{
"name" : "ADV-2006-3264",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3264"
"name": "21245",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21245"
},
{
"name" : "ADV-2006-3282",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3282"
"name": "ADV-2006-4868",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4868"
},
{
"name" : "ADV-2006-3884",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3884"
"name": "APPLE-SA-2008-03-18",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
},
{
"name" : "ADV-2006-3995",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3995"
"name": "HPSBMA02328",
"refsource": "HP",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01428449"
},
{
"name" : "ADV-2006-4015",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/4015"
"name": "30430",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30430"
},
{
"name" : "ADV-2006-4207",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/4207"
"name": "ADV-2006-4207",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4207"
},
{
"name" : "ADV-2006-4300",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/4300"
"name": "APPLE-SA-2008-05-28",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2008//May/msg00001.html"
},
{
"name" : "ADV-2006-4868",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/4868"
"name": "MDKSA-2006:133",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:133"
},
{
"name" : "ADV-2007-2783",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/2783"
"name": "HPSBOV02683",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=130497311408250&w=2"
},
{
"name" : "ADV-2008-0924",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/0924/references"
"name": "21315",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21315"
},
{
"name" : "ADV-2008-1246",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/1246/references"
"name": "VU#395412",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/395412"
},
{
"name" : "ADV-2008-1697",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/1697"
"name": "21509",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21509"
},
{
"name" : "27588",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/27588"
"name": "21346",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21346"
},
{
"name" : "1016601",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1016601"
"name": "SSRT061202",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/445206/100/0/threaded"
},
{
"name" : "21197",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21197"
"name": "1016601",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016601"
},
{
"name" : "21241",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21241"
"name": "http://docs.info.apple.com/article.html?artnum=307562",
"refsource": "CONFIRM",
"url": "http://docs.info.apple.com/article.html?artnum=307562"
},
{
"name" : "21245",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21245"
"name": "20060728 rPSA-2006-0139-1 httpd mod_ssl",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/441526/100/200/threaded"
},
{
"name" : "21266",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21266"
"name": "DSA-1131",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1131"
},
{
"name" : "21273",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21273"
"name": "21247",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21247"
},
{
"name" : "21284",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21284"
"name": "SSRT061275",
"refsource": "HP",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01118771"
},
{
"name" : "21313",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21313"
"name": "ADV-2006-3884",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3884"
},
{
"name" : "21307",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21307"
"name": "ADV-2008-1697",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1697"
},
{
"name" : "21315",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21315"
"name": "20060820 POC & exploit for Apache mod_rewrite off-by-one",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/443870/100/0/threaded"
},
{
"name" : "21247",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21247"
"name": "https://issues.rpath.com/browse/RPL-538",
"refsource": "CONFIRM",
"url": "https://issues.rpath.com/browse/RPL-538"
},
{
"name" : "21478",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21478"
"name": "22262",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22262"
},
{
"name" : "21509",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21509"
"name": "OpenPKG-SA-2006.015",
"refsource": "OPENPKG",
"url": "http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.015-apache.html"
},
{
"name" : "22262",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22262"
"name": "1312",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1312"
},
{
"name" : "22368",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22368"
"name": "DSA-1132",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1132"
},
{
"name" : "22388",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22388"
"name": "PK29154",
"refsource": "AIXAPAR",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1PK29154"
},
{
"name" : "22523",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22523"
"name": "21241",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21241"
},
{
"name" : "23028",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/23028"
"name": "ADV-2006-3017",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3017"
},
{
"name" : "23260",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/23260"
"name": "ADV-2007-2783",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2783"
},
{
"name" : "21346",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21346"
"name": "20060728 Apache 1.3.29/2.X mod_rewrite Buffer Overflow Vulnerability CVE-2006-3747",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-July/048267.html"
},
{
"name" : "26329",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/26329"
"name": "USN-328-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-328-1"
},
{
"name" : "29420",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/29420"
"name": "PK27875",
"refsource": "AIXAPAR",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg24013080"
},
{
"name" : "29849",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/29849"
"name": "27588",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/27588"
},
{
"name" : "30430",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/30430"
"name": "2006-0044",
"refsource": "TRUSTIX",
"url": "http://lwn.net/Alerts/194228/"
},
{
"name" : "1312",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1312"
"name": "22388",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22388"
},
{
"name" : "apache-modrewrite-offbyone-bo(28063)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28063"
"name": "21197",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21197"
}
]
}

98
2006/4xxx/CVE-2006-4633.json
View File

@ -1,91 +1,91 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4633",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4633",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "index.php in SoftBB 0.1, and possibly earlier, allows remote attackers to obtain the installation path via a null or invalid page[] parameter."
"lang": "eng",
"value": "index.php in SoftBB 0.1, and possibly earlier, allows remote attackers to obtain the installation path via a null or invalid page[] parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20060904 SoftBB 0.1 Remote PHP Code Execution Exploit",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/445087/100/0/threaded"
"name": "2300",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/2300"
},
{
"name" : "http://acid-root.new.fr/advisories/10060904.txt",
"refsource" : "MISC",
"url" : "http://acid-root.new.fr/advisories/10060904.txt"
"name": "ADV-2006-3478",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3478"
},
{
"name" : "2300",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/2300"
"name": "1016785",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016785"
},
{
"name" : "ADV-2006-3478",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3478"
"name": "softbb-index-path-disclosure(28748)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28748"
},
{
"name" : "1016785",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1016785"
"name": "1521",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1521"
},
{
"name" : "1521",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1521"
"name": "http://acid-root.new.fr/advisories/10060904.txt",
"refsource": "MISC",
"url": "http://acid-root.new.fr/advisories/10060904.txt"
},
{
"name" : "softbb-index-path-disclosure(28748)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28748"
"name": "20060904 SoftBB 0.1 Remote PHP Code Execution Exploit",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/445087/100/0/threaded"
}
]
}

74
2010/2xxx/CVE-2010-2078.json
View File

@ -1,71 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2078",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2078",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "DataTrack System 3.5 allows remote attackers to list the root directory via a (1) /%u0085/ or (2) /%u00A0/ URI."
"lang": "eng",
"value": "DataTrack System 3.5 allows remote attackers to list the root directory via a (1) /%u0085/ or (2) /%u00A0/ URI."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://cross-site-scripting.blogspot.com/2010/05/datatrack-system-35-persistent-xss.html",
"refsource" : "MISC",
"url" : "http://cross-site-scripting.blogspot.com/2010/05/datatrack-system-35-persistent-xss.html"
"name": "datatrack-unicode-info-disc(58734)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58734"
},
{
"name" : "http://packetstormsecurity.org/1005-exploits/datatrackserver35-xss.txt",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.org/1005-exploits/datatrackserver35-xss.txt"
"name": "http://cross-site-scripting.blogspot.com/2010/05/datatrack-system-35-persistent-xss.html",
"refsource": "MISC",
"url": "http://cross-site-scripting.blogspot.com/2010/05/datatrack-system-35-persistent-xss.html"
},
{
"name" : "datatrack-unicode-info-disc(58734)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/58734"
"name": "http://packetstormsecurity.org/1005-exploits/datatrackserver35-xss.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/1005-exploits/datatrackserver35-xss.txt"
}
]
}

86
2010/2xxx/CVE-2010-2116.json
View File

@ -1,81 +1,81 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2116",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2116",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The web interface in McAfee Email Gateway (formerly IronMail) 6.7.1 allows remote authenticated users, with only Read privileges, to gain Write privileges to modify configuration via the save action in a direct request to admin/systemWebAdminConfig.do."
"lang": "eng",
"value": "The web interface in McAfee Email Gateway (formerly IronMail) 6.7.1 allows remote authenticated users, with only Read privileges, to gain Write privileges to modify configuration via the save action in a direct request to admin/systemWebAdminConfig.do."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://www.cybsec.com/vuln/cybsec_advisory_2010_0501_Ironmail_Advisory_Web_Access_Broken.pdf",
"refsource" : "MISC",
"url" : "http://www.cybsec.com/vuln/cybsec_advisory_2010_0501_Ironmail_Advisory_Web_Access_Broken.pdf"
"name": "39881",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39881"
},
{
"name" : "64832",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/64832"
"name": "1024018",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1024018"
},
{
"name" : "1024018",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1024018"
"name": "64832",
"refsource": "OSVDB",
"url": "http://osvdb.org/64832"
},
{
"name" : "39881",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/39881"
"name": "ADV-2010-1239",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1239"
},
{
"name" : "ADV-2010-1239",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/1239"
"name": "http://www.cybsec.com/vuln/cybsec_advisory_2010_0501_Ironmail_Advisory_Web_Access_Broken.pdf",
"refsource": "MISC",
"url": "http://www.cybsec.com/vuln/cybsec_advisory_2010_0501_Ironmail_Advisory_Web_Access_Broken.pdf"
}
]
}

80
2010/2xxx/CVE-2010-2143.json
View File

@ -1,76 +1,76 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2143",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2143",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in index.php in Symphony CMS 2.0.7 allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the mode parameter."
"lang": "eng",
"value": "Directory traversal vulnerability in index.php in Symphony CMS 2.0.7 allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the mode parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "12809",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/12809"
"name": "ADV-2010-1286",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1286"
},
{
"name" : "http://packetstormsecurity.org/1005-exploits/symphony-lfi.txt",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.org/1005-exploits/symphony-lfi.txt"
"name": "12809",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/12809"
},
{
"name" : "40441",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/40441"
"name": "40441",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/40441"
},
{
"name" : "ADV-2010-1286",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/1286"
"name": "http://packetstormsecurity.org/1005-exploits/symphony-lfi.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/1005-exploits/symphony-lfi.txt"
}
]
}

116
2010/2xxx/CVE-2010-2265.json
View File

@ -1,106 +1,106 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2265",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2265",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the GetServerName function in sysinfo/commonFunc.js in Microsoft Windows Help and Support Center for Windows XP and Windows Server 2003 allows remote attackers to inject arbitrary web script or HTML via the svr parameter to sysinfo/sysinfomain.htm. NOTE: this can be leveraged with CVE-2010-1885 to execute arbitrary commands without user interaction."
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the GetServerName function in sysinfo/commonFunc.js in Microsoft Windows Help and Support Center for Windows XP and Windows Server 2003 allows remote attackers to inject arbitrary web script or HTML via the svr parameter to sysinfo/sysinfomain.htm. NOTE: this can be leveraged with CVE-2010-1885 to execute arbitrary commands without user interaction."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20100609 Microsoft Windows Help Centre Handles Malformed Escape Sequences Incorrectly",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/511774/100/0/threaded"
"name": "VU#578319",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/578319"
},
{
"name" : "20100609 Microsoft Windows Help Centre Handles Malformed Escape Sequences Incorrectly",
"refsource" : "FULLDISC",
"url" : "http://archives.neohapsis.com/archives/fulldisclosure/2010-06/0197.html"
"name": "20100609 Microsoft Windows Help Centre Handles Malformed Escape Sequences Incorrectly",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/511774/100/0/threaded"
},
{
"name" : "http://blogs.technet.com/b/msrc/archive/2010/06/10/windows-help-vulnerability-disclosure.aspx",
"refsource" : "MISC",
"url" : "http://blogs.technet.com/b/msrc/archive/2010/06/10/windows-help-vulnerability-disclosure.aspx"
"name": "ms-win-helpctr-command-execution(59267)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59267"
},
{
"name" : "http://blogs.technet.com/b/srd/archive/2010/06/10/help-and-support-center-vulnerability-full-disclosure-posting.aspx",
"refsource" : "MISC",
"url" : "http://blogs.technet.com/b/srd/archive/2010/06/10/help-and-support-center-vulnerability-full-disclosure-posting.aspx"
"name": "20100609 Microsoft Windows Help Centre Handles Malformed Escape Sequences Incorrectly",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-06/0197.html"
},
{
"name" : "http://www.microsoft.com/technet/security/advisory/2219475.mspx",
"refsource" : "MISC",
"url" : "http://www.microsoft.com/technet/security/advisory/2219475.mspx"
"name": "http://www.microsoft.com/technet/security/advisory/2219475.mspx",
"refsource": "MISC",
"url": "http://www.microsoft.com/technet/security/advisory/2219475.mspx"
},
{
"name" : "VU#578319",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/578319"
"name": "http://blogs.technet.com/b/msrc/archive/2010/06/10/windows-help-vulnerability-disclosure.aspx",
"refsource": "MISC",
"url": "http://blogs.technet.com/b/msrc/archive/2010/06/10/windows-help-vulnerability-disclosure.aspx"
},
{
"name" : "40721",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/40721"
"name": "http://blogs.technet.com/b/srd/archive/2010/06/10/help-and-support-center-vulnerability-full-disclosure-posting.aspx",
"refsource": "MISC",
"url": "http://blogs.technet.com/b/srd/archive/2010/06/10/help-and-support-center-vulnerability-full-disclosure-posting.aspx"
},
{
"name" : "40076",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/40076"
"name": "40721",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/40721"
},
{
"name" : "ADV-2010-1417",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/1417"
"name": "ADV-2010-1417",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1417"
},
{
"name" : "ms-win-helpctr-command-execution(59267)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/59267"
"name": "40076",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40076"
}
]
}

86
2010/2xxx/CVE-2010-2848.json
View File

@ -1,81 +1,81 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2848",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2848",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in assets/captcha/includes/alikon/playcode.php in the InterJoomla ArtForms (com_artforms) component 2.1b7.2 RC2 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the l parameter."
"lang": "eng",
"value": "Directory traversal vulnerability in assets/captcha/includes/alikon/playcode.php in the InterJoomla ArtForms (com_artforms) component 2.1b7.2 RC2 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the l parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20100707 ArtForms 2.1b7.2 RC2 Joomla Component Multiple Remote Vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/512215/100/0/threaded"
"name": "41457",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/41457"
},
{
"name" : "14263",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/14263"
"name": "artforms-playcode-dir-traversal(60161)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/60161"
},
{
"name" : "http://packetstormsecurity.org/1007-exploits/joomlaartforms-sqltraversalxss.txt",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.org/1007-exploits/joomlaartforms-sqltraversalxss.txt"
"name": "20100707 ArtForms 2.1b7.2 RC2 Joomla Component Multiple Remote Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/512215/100/0/threaded"
},
{
"name" : "41457",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/41457"
"name": "14263",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/14263"
},
{
"name" : "artforms-playcode-dir-traversal(60161)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/60161"
"name": "http://packetstormsecurity.org/1007-exploits/joomlaartforms-sqltraversalxss.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/1007-exploits/joomlaartforms-sqltraversalxss.txt"
}
]
}

86
2010/3xxx/CVE-2010-3028.json
View File

@ -1,81 +1,81 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3028",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-3028",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The Aardvertiser component before 2.2.1 for Joomla! uses insecure permissions (777) in unspecified folders, which allows local users to modify, create, or delete certain files."
"lang": "eng",
"value": "The Aardvertiser component before 2.2.1 for Joomla! uses insecure permissions (777) in unspecified folders, which allows local users to modify, create, or delete certain files."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://sourceforge.net/projects/aardvertiser/forums/forum/989030/topic/3788365",
"refsource" : "CONFIRM",
"url" : "http://sourceforge.net/projects/aardvertiser/forums/forum/989030/topic/3788365"
"name": "66924",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/66924"
},
{
"name" : "42239",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/42239"
"name": "aardvertiser-joomla-insecure-permissions(60927)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/60927"
},
{
"name" : "66924",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/66924"
"name": "40882",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40882"
},
{
"name" : "40882",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/40882"
"name": "http://sourceforge.net/projects/aardvertiser/forums/forum/989030/topic/3788365",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/projects/aardvertiser/forums/forum/989030/topic/3788365"
},
{
"name" : "aardvertiser-joomla-insecure-permissions(60927)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/60927"
"name": "42239",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/42239"
}
]
}

74
2010/3xxx/CVE-2010-3223.json
View File

@ -1,71 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3223",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2010-3223",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The user interface in Microsoft Cluster Service (MSCS) in Microsoft Windows Server 2008 R2 does not properly set administrative-share permissions for new cluster disks that are shared as part of a failover cluster, which allows remote attackers to read or modify data on these disks via requests to the associated share, aka \"Permissions on New Cluster Disks Vulnerability.\""
"lang": "eng",
"value": "The user interface in Microsoft Cluster Service (MSCS) in Microsoft Windows Server 2008 R2 does not properly set administrative-share permissions for new cluster disks that are shared as part of a failover cluster, which allows remote attackers to read or modify data on these disks via requests to the associated share, aka \"Permissions on New Cluster Disks Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "MS10-086",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-086"
"name": "MS10-086",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-086"
},
{
"name" : "oval:org.mitre.oval:def:6789",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6789"
"name": "oval:org.mitre.oval:def:6789",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6789"
},
{
"name" : "1024558",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1024558"
"name": "1024558",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1024558"
}
]
}

86
2010/3xxx/CVE-2010-3486.json
View File

@ -1,81 +1,81 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3486",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-3486",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in FileStorageUpload.ashx in SmarterMail 7.1.3876 allows remote attackers to read arbitrary files via a (1) ../ (dot dot slash), (2) %5C (encoded backslash), or (3) %255c (double-encoded backslash) in the name parameter."
"lang": "eng",
"value": "Directory traversal vulnerability in FileStorageUpload.ashx in SmarterMail 7.1.3876 allows remote attackers to read arbitrary files via a (1) ../ (dot dot slash), (2) %5C (encoded backslash), or (3) %255c (double-encoded backslash) in the name parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "15048",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/15048"
"name": "43324",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/43324"
},
{
"name" : "http://cloudscan.blogspot.com/2010/09/smarter-stats-533819-file-fuzzing.html",
"refsource" : "MISC",
"url" : "http://cloudscan.blogspot.com/2010/09/smarter-stats-533819-file-fuzzing.html"
"name": "http://cloudscan.blogspot.com/2010/09/smarter-stats-533819-file-fuzzing.html",
"refsource": "MISC",
"url": "http://cloudscan.blogspot.com/2010/09/smarter-stats-533819-file-fuzzing.html"
},
{
"name" : "http://packetstormsecurity.org/1009-exploits/smartermail-traversal.txt",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.org/1009-exploits/smartermail-traversal.txt"
"name": "smartermail-get-directory-traversal(61910)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61910"
},
{
"name" : "43324",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/43324"
"name": "15048",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/15048"
},
{
"name" : "smartermail-get-directory-traversal(61910)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/61910"
"name": "http://packetstormsecurity.org/1009-exploits/smartermail-traversal.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/1009-exploits/smartermail-traversal.txt"
}
]
}

68
2010/3xxx/CVE-2010-3530.json
View File

@ -1,66 +1,66 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3530",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2010-3530",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the PeopleSoft Enterprise HCM - HR component in Oracle PeopleSoft and JDEdwards Suite 9.0 Bundle #13 and 9.1 Bundle #3 allows remote authenticated users to affect confidentiality and integrity via unknown vectors."
"lang": "eng",
"value": "Unspecified vulnerability in the PeopleSoft Enterprise HCM - HR component in Oracle PeopleSoft and JDEdwards Suite 9.0 Bundle #13 and 9.1 Bundle #3 allows remote authenticated users to affect confidentiality and integrity via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html"
"name": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html"
},
{
"name" : "TA10-287A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA10-287A.html"
"name": "TA10-287A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA10-287A.html"
}
]
}

86
2010/3xxx/CVE-2010-3913.json
View File

@ -1,81 +1,81 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3913",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2010-3913",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "CRLF injection vulnerability in TransWARE Active! mail 6 build 6.40.010047750 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors."
"lang": "eng",
"value": "CRLF injection vulnerability in TransWARE Active! mail 6 build 6.40.010047750 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://www.transware.co.jp/security/am0610001.html",
"refsource" : "CONFIRM",
"url" : "http://www.transware.co.jp/security/am0610001.html"
"name": "68943",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/68943"
},
{
"name" : "JVN#72541530",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN72541530/index.html"
"name": "42039",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42039"
},
{
"name" : "JVNDB-2010-000050",
"refsource" : "JVNDB",
"url" : "http://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-000050.html"
"name": "JVN#72541530",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN72541530/index.html"
},
{
"name" : "68943",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/68943"
"name": "http://www.transware.co.jp/security/am0610001.html",
"refsource": "CONFIRM",
"url": "http://www.transware.co.jp/security/am0610001.html"
},
{
"name" : "42039",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42039"
"name": "JVNDB-2010-000050",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-000050.html"
}
]
}

68
2010/3xxx/CVE-2010-3981.json
View File

@ -1,66 +1,66 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3981",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-3981",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in SAP BusinessObjects Enterprise XI 3.2 allows remote attackers to inject arbitrary web script or HTML via the ServiceClass field to the Edit Service Parameters page."
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in SAP BusinessObjects Enterprise XI 3.2 allows remote attackers to inject arbitrary web script or HTML via the ServiceClass field to the Edit Service Parameters page."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://spl0it.org/files/talks/source_barcelona10/Hacking%20SAP%20BusinessObjects.pdf",
"refsource" : "MISC",
"url" : "http://spl0it.org/files/talks/source_barcelona10/Hacking%20SAP%20BusinessObjects.pdf"
"name": "http://spl0it.org/files/talks/source_barcelona10/Hacking%20SAP%20BusinessObjects.pdf",
"refsource": "MISC",
"url": "http://spl0it.org/files/talks/source_barcelona10/Hacking%20SAP%20BusinessObjects.pdf"
},
{
"name" : "68680",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/68680"
"name": "68680",
"refsource": "OSVDB",
"url": "http://osvdb.org/68680"
}
]
}

22
2011/0xxx/CVE-2011-0366.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-0366",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-0366",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

206
2011/1xxx/CVE-2011-1290.json
View File

@ -1,181 +1,181 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-1290",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-1290",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Integer overflow in WebKit, as used on the Research In Motion (RIM) BlackBerry Torch 9800 with firmware 6.0.0.246, in Google Chrome before 10.0.648.133, and in Apple Safari before 5.0.5, allows remote attackers to execute arbitrary code via unknown vectors related to CSS \"style handling,\" nodesets, and a length value, as demonstrated by Vincenzo Iozzo, Willem Pinckaers, and Ralf-Philipp Weinmann during a Pwn2Own competition at CanSecWest 2011."
"lang": "eng",
"value": "Integer overflow in WebKit, as used on the Research In Motion (RIM) BlackBerry Torch 9800 with firmware 6.0.0.246, in Google Chrome before 10.0.648.133, and in Apple Safari before 5.0.5, allows remote attackers to execute arbitrary code via unknown vectors related to CSS \"style handling,\" nodesets, and a length value, as demonstrated by Vincenzo Iozzo, Willem Pinckaers, and Ralf-Philipp Weinmann during a Pwn2Own competition at CanSecWest 2011."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20110414 ZDI-11-104: (Pwn2Own) Webkit CSS Text Element Count Remote Code Execution Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/517513/100/0/threaded"
"name": "ADV-2011-0654",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0654"
},
{
"name" : "http://dvlabs.tippingpoint.com/blog/2011/02/02/pwn2own-2011",
"refsource" : "MISC",
"url" : "http://dvlabs.tippingpoint.com/blog/2011/02/02/pwn2own-2011"
"name": "http://googlechromereleases.blogspot.com/2011/03/stable-and-beta-channel-updates.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2011/03/stable-and-beta-channel-updates.html"
},
{
"name" : "http://www.zdnet.com/blog/security/pwn2own-2011-blackberry-falls-to-webkit-browser-attack/8401",
"refsource" : "MISC",
"url" : "http://www.zdnet.com/blog/security/pwn2own-2011-blackberry-falls-to-webkit-browser-attack/8401"
"name": "44151",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44151"
},
{
"name" : "http://www.zerodayinitiative.com/advisories/ZDI-11-104",
"refsource" : "MISC",
"url" : "http://www.zerodayinitiative.com/advisories/ZDI-11-104"
"name": "46849",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/46849"
},
{
"name" : "http://googlechromereleases.blogspot.com/2011/03/stable-and-beta-channel-updates.html",
"refsource" : "CONFIRM",
"url" : "http://googlechromereleases.blogspot.com/2011/03/stable-and-beta-channel-updates.html"
"name": "1025212",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1025212"
},
{
"name" : "http://www.blackberry.com/btsc/KB26132",
"refsource" : "CONFIRM",
"url" : "http://www.blackberry.com/btsc/KB26132"
"name": "http://support.apple.com/kb/HT4596",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4596"
},
{
"name" : "http://support.apple.com/kb/HT4596",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT4596"
"name": "71182",
"refsource": "OSVDB",
"url": "http://osvdb.org/71182"
},
{
"name" : "http://support.apple.com/kb/HT4607",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT4607"
"name": "DSA-2192",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2192"
},
{
"name" : "APPLE-SA-2011-04-14-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2011//Apr/msg00000.html"
"name": "APPLE-SA-2011-04-14-3",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2011//Apr/msg00002.html"
},
{
"name" : "APPLE-SA-2011-04-14-2",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2011//Apr/msg00001.html"
"name": "APPLE-SA-2011-04-14-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2011//Apr/msg00001.html"
},
{
"name" : "APPLE-SA-2011-04-14-3",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2011//Apr/msg00002.html"
"name": "http://www.zerodayinitiative.com/advisories/ZDI-11-104",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-11-104"
},
{
"name" : "DSA-2192",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2011/dsa-2192"
"name": "http://www.blackberry.com/btsc/KB26132",
"refsource": "CONFIRM",
"url": "http://www.blackberry.com/btsc/KB26132"
},
{
"name" : "46849",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/46849"
"name": "ADV-2011-0984",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0984"
},
{
"name" : "71182",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/71182"
"name": "ADV-2011-0645",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0645"
},
{
"name" : "1025212",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1025212"
"name": "http://dvlabs.tippingpoint.com/blog/2011/02/02/pwn2own-2011",
"refsource": "MISC",
"url": "http://dvlabs.tippingpoint.com/blog/2011/02/02/pwn2own-2011"
},
{
"name" : "43748",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/43748"
"name": "43782",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43782"
},
{
"name" : "43735",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/43735"
"name": "http://support.apple.com/kb/HT4607",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4607"
},
{
"name" : "43782",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/43782"
"name": "ADV-2011-0671",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0671"
},
{
"name" : "44151",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/44151"
"name": "APPLE-SA-2011-04-14-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2011//Apr/msg00000.html"
},
{
"name" : "44154",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/44154"
"name": "http://www.zdnet.com/blog/security/pwn2own-2011-blackberry-falls-to-webkit-browser-attack/8401",
"refsource": "MISC",
"url": "http://www.zdnet.com/blog/security/pwn2own-2011-blackberry-falls-to-webkit-browser-attack/8401"
},
{
"name" : "ADV-2011-0645",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0645"
"name": "43748",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43748"
},
{
"name" : "ADV-2011-0654",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0654"
"name": "20110414 ZDI-11-104: (Pwn2Own) Webkit CSS Text Element Count Remote Code Execution Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/517513/100/0/threaded"
},
{
"name" : "ADV-2011-0671",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0671"
"name": "44154",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44154"
},
{
"name" : "ADV-2011-0984",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0984"
"name": "google-webkit-style-code-execution(66052)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66052"
},
{
"name" : "google-webkit-style-code-execution(66052)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/66052"
"name": "43735",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43735"
}
]
}

68
2011/1xxx/CVE-2011-1322.json
View File

@ -1,66 +1,66 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-1322",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-1322",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The SOAP with Attachments API for Java (SAAJ) implementation in the Web Services component in IBM WebSphere Application Server (WAS) 6.1.0.x before 6.1.0.37 and 7.x before 7.0.0.15 allows remote attackers to cause a denial of service (memory consumption) via encrypted SOAP messages."
"lang": "eng",
"value": "The SOAP with Attachments API for Java (SAAJ) implementation in the Web Services component in IBM WebSphere Application Server (WAS) 6.1.0.x before 6.1.0.37 and 7.x before 7.0.0.15 allows remote attackers to cause a denial of service (memory consumption) via encrypted SOAP messages."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg27014463",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg27014463"
"name": "PM19534",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM19534"
},
{
"name" : "PM19534",
"refsource" : "AIXAPAR",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1PM19534"
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg27014463",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg27014463"
}
]
}

86
2011/1xxx/CVE-2011-1325.json
View File

@ -1,81 +1,81 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-1325",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2011-1325",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Cross-site request forgery (CSRF) vulnerability in EC-CUBE before 2.11.0 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors."
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in EC-CUBE before 2.11.0 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://www.ec-cube.net/press/detail.php?press_id=114",
"refsource" : "MISC",
"url" : "http://www.ec-cube.net/press/detail.php?press_id=114"
"name": "JVNDB-2011-000029",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2011-000029"
},
{
"name" : "JVN#37878530",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN37878530/index.html"
"name": "44487",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44487"
},
{
"name" : "JVNDB-2011-000029",
"refsource" : "JVNDB",
"url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2011-000029"
"name": "JVN#37878530",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN37878530/index.html"
},
{
"name" : "72239",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/72239"
"name": "72239",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/72239"
},
{
"name" : "44487",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/44487"
"name": "http://www.ec-cube.net/press/detail.php?press_id=114",
"refsource": "MISC",
"url": "http://www.ec-cube.net/press/detail.php?press_id=114"
}
]
}

128
2011/1xxx/CVE-2011-1345.json
View File

@ -1,116 +1,116 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-1345",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-1345",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, as demonstrated by Stephen Fewer as the first of three chained vulnerabilities during a Pwn2Own competition at CanSecWest 2011, aka \"Object Management Memory Corruption Vulnerability.\""
"lang": "eng",
"value": "Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, as demonstrated by Stephen Fewer as the first of three chained vulnerabilities during a Pwn2Own competition at CanSecWest 2011, aka \"Object Management Memory Corruption Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://dvlabs.tippingpoint.com/blog/2011/02/02/pwn2own-2011",
"refsource" : "MISC",
"url" : "http://dvlabs.tippingpoint.com/blog/2011/02/02/pwn2own-2011"
"name": "TA11-102A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA11-102A.html"
},
{
"name" : "http://twitter.com/aaronportnoy/statuses/45642180118855680",
"refsource" : "MISC",
"url" : "http://twitter.com/aaronportnoy/statuses/45642180118855680"
"name": "http://twitter.com/msftsecresponse/statuses/45646985998516224",
"refsource": "MISC",
"url": "http://twitter.com/msftsecresponse/statuses/45646985998516224"
},
{
"name" : "http://twitter.com/msftsecresponse/statuses/45646985998516224",
"refsource" : "MISC",
"url" : "http://twitter.com/msftsecresponse/statuses/45646985998516224"
"name": "http://twitter.com/aaronportnoy/statuses/45642180118855680",
"refsource": "MISC",
"url": "http://twitter.com/aaronportnoy/statuses/45642180118855680"
},
{
"name" : "http://www.computerworld.com/s/article/9214002/Safari_IE_hacked_first_at_Pwn2Own",
"refsource" : "MISC",
"url" : "http://www.computerworld.com/s/article/9214002/Safari_IE_hacked_first_at_Pwn2Own"
"name": "1025327",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1025327"
},
{
"name" : "http://www.zdnet.com/blog/security/pwn2own-2011-ie8-on-windows-7-hijacked-with-3-vulnerabilities/8367",
"refsource" : "MISC",
"url" : "http://www.zdnet.com/blog/security/pwn2own-2011-ie8-on-windows-7-hijacked-with-3-vulnerabilities/8367"
"name": "MS11-018",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-018"
},
{
"name" : "https://threatpost.com/en_us/blogs/pwn2own-winner-stephen-fewer-031011",
"refsource" : "MISC",
"url" : "https://threatpost.com/en_us/blogs/pwn2own-winner-stephen-fewer-031011"
"name": "http://dvlabs.tippingpoint.com/blog/2011/02/02/pwn2own-2011",
"refsource": "MISC",
"url": "http://dvlabs.tippingpoint.com/blog/2011/02/02/pwn2own-2011"
},
{
"name" : "MS11-018",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-018"
"name": "http://www.computerworld.com/s/article/9214002/Safari_IE_hacked_first_at_Pwn2Own",
"refsource": "MISC",
"url": "http://www.computerworld.com/s/article/9214002/Safari_IE_hacked_first_at_Pwn2Own"
},
{
"name" : "TA11-102A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA11-102A.html"
"name": "46821",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/46821"
},
{
"name" : "46821",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/46821"
"name": "oval:org.mitre.oval:def:12228",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12228"
},
{
"name" : "oval:org.mitre.oval:def:12228",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12228"
"name": "https://threatpost.com/en_us/blogs/pwn2own-winner-stephen-fewer-031011",
"refsource": "MISC",
"url": "https://threatpost.com/en_us/blogs/pwn2own-winner-stephen-fewer-031011"
},
{
"name" : "1025327",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1025327"
"name": "ms-ie-unspec-code-exec(66062)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66062"
},
{
"name" : "ms-ie-unspec-code-exec(66062)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/66062"
"name": "http://www.zdnet.com/blog/security/pwn2own-2011-ie8-on-windows-7-hijacked-with-3-vulnerabilities/8367",
"refsource": "MISC",
"url": "http://www.zdnet.com/blog/security/pwn2own-2011-ie8-on-windows-7-hijacked-with-3-vulnerabilities/8367"
}
]
}

98
2011/1xxx/CVE-2011-1568.json
View File

@ -1,91 +1,91 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-1568",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-1568",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Format string vulnerability in the logText function in shmemmgr9.dll in IGSSdataServer.exe 9.00.00.11074, and 9.00.00.11063 and earlier, in 7-Technologies Interactive Graphical SCADA System (IGSS) allows remote attackers to cause a denial of service and possibly execute arbitrary code, as demonstrated using the RMS Reports Delete command, related to the logging of messages to GSST.LOG. NOTE: some of these details are obtained from third party information."
"lang": "eng",
"value": "Format string vulnerability in the logText function in shmemmgr9.dll in IGSSdataServer.exe 9.00.00.11074, and 9.00.00.11063 and earlier, in 7-Technologies Interactive Graphical SCADA System (IGSS) allows remote attackers to cause a denial of service and possibly execute arbitrary code, as demonstrated using the RMS Reports Delete command, related to the logging of messages to GSST.LOG. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "17024",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/17024"
"name": "46936",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/46936"
},
{
"name" : "http://aluigi.org/adv/igss_6-adv.txt",
"refsource" : "MISC",
"url" : "http://aluigi.org/adv/igss_6-adv.txt"
"name": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-080-03.pdf",
"refsource": "MISC",
"url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-080-03.pdf"
},
{
"name" : "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-080-03.pdf",
"refsource" : "MISC",
"url" : "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-080-03.pdf"
"name": "43849",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43849"
},
{
"name" : "46936",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/46936"
"name": "ADV-2011-0741",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0741"
},
{
"name" : "43849",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/43849"
"name": "17024",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/17024"
},
{
"name" : "8182",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/8182"
"name": "http://aluigi.org/adv/igss_6-adv.txt",
"refsource": "MISC",
"url": "http://aluigi.org/adv/igss_6-adv.txt"
},
{
"name" : "ADV-2011-0741",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0741"
"name": "8182",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8182"
}
]
}

74
2011/1xxx/CVE-2011-1645.json
View File

@ -1,71 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-1645",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2011-1645",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The web management interface on the Cisco RVS4000 Gigabit Security Router with software 1.x before 1.3.3.4 and 2.x before 2.0.2.7, and the WRVS4400N Gigabit Security Router with software before 2.0.2.1, allows remote attackers to read the backup configuration file, and consequently execute arbitrary code, via unspecified vectors, aka Bug ID CSCtn23871."
"lang": "eng",
"value": "The web management interface on the Cisco RVS4000 Gigabit Security Router with software 1.x before 1.3.3.4 and 2.x before 2.0.2.7, and the WRVS4400N Gigabit Security Router with software before 2.0.2.1, allows remote attackers to read the backup configuration file, and consequently execute arbitrary code, via unspecified vectors, aka Bug ID CSCtn23871."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20110525 Cisco RVS4000 and WRVS4400N Web Management Interface Vulnerabilities",
"refsource" : "CISCO",
"url" : "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b7f190.shtml"
"name": "47988",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/47988"
},
{
"name" : "47988",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/47988"
"name": "20110525 Cisco RVS4000 and WRVS4400N Web Management Interface Vulnerabilities",
"refsource": "CISCO",
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b7f190.shtml"
},
{
"name" : "1025565",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1025565"
"name": "1025565",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1025565"
}
]
}

122
2011/1xxx/CVE-2011-1784.json
View File

@ -1,111 +1,111 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-1784",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-1784",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The pidfile_write function in core/pidfile.c in keepalived 1.2.2 and earlier uses 0666 permissions for the (1) keepalived.pid, (2) checkers.pid, and (3) vrrp.pid files in /var/run/, which allows local users to kill arbitrary processes by writing a PID to one of these files."
"lang": "eng",
"value": "The pidfile_write function in core/pidfile.c in keepalived 1.2.2 and earlier uses 0666 permissions for the (1) keepalived.pid, (2) checkers.pid, and (3) vrrp.pid files in /var/run/, which allows local users to kill arbitrary processes by writing a PID to one of these files."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "[debian-security] 20110510 Re: World writable pid and lock files.",
"refsource" : "MLIST",
"url" : "http://lists.debian.org/debian-security/2011/05/msg00013.html"
"name": "keepalived-pid-dos(67477)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67477"
},
{
"name" : "[debian-security] 20110510 World writable pid and lock files.",
"refsource" : "MLIST",
"url" : "http://lists.debian.org/debian-security/2011/05/msg00012.html"
"name": "[debian-security] 20110511 Re: World writable pid and lock files.",
"refsource": "MLIST",
"url": "http://lists.debian.org/debian-security/2011/05/msg00018.html"
},
{
"name" : "[debian-security] 20110511 Re: World writable pid and lock files.",
"refsource" : "MLIST",
"url" : "http://lists.debian.org/debian-security/2011/05/msg00018.html"
"name": "[debian-security] 20110510 World writable pid and lock files.",
"refsource": "MLIST",
"url": "http://lists.debian.org/debian-security/2011/05/msg00012.html"
},
{
"name" : "[oss-security] 20110510 CVE request: keepalived pid file permissions issue",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2011/05/10/5"
"name": "[oss-security] 20110510 CVE request: keepalived pid file permissions issue",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/05/10/5"
},
{
"name" : "[oss-security] 20110516 Re: CVE request: keepalived pid file permissions issue",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2011/05/16/7"
"name": "47859",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/47859"
},
{
"name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=626281",
"refsource" : "CONFIRM",
"url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=626281"
"name": "72380",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/72380"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=704039",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=704039"
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=626281",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=626281"
},
{
"name" : "47859",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/47859"
"name": "44460",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44460"
},
{
"name" : "72380",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/72380"
"name": "[oss-security] 20110516 Re: CVE request: keepalived pid file permissions issue",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/05/16/7"
},
{
"name" : "44460",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/44460"
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=704039",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=704039"
},
{
"name" : "keepalived-pid-dos(67477)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/67477"
"name": "[debian-security] 20110510 Re: World writable pid and lock files.",
"refsource": "MLIST",
"url": "http://lists.debian.org/debian-security/2011/05/msg00013.html"
}
]
}

92
2011/5xxx/CVE-2011-5051.json
View File

@ -1,86 +1,86 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-5051",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-5051",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Multiple unrestricted file upload vulnerabilities in the WP Symposium plugin before 11.12.24 for WordPress allow remote attackers to execute arbitrary code by uploading a file with an executable extension using (1) uploadify/upload_admin_avatar.php or (2) uploadify/upload_profile_avatar.php, then accessing it via a direct request to the file in an unspecified directory inside the webroot."
"lang": "eng",
"value": "Multiple unrestricted file upload vulnerabilities in the WP Symposium plugin before 11.12.24 for WordPress allow remote attackers to execute arbitrary code by uploading a file with an executable extension using (1) uploadify/upload_admin_avatar.php or (2) uploadify/upload_profile_avatar.php, then accessing it via a direct request to the file in an unspecified directory inside the webroot."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://secunia.com/secunia_research/2011-91/",
"refsource" : "MISC",
"url" : "http://secunia.com/secunia_research/2011-91/"
"name": "78041",
"refsource": "OSVDB",
"url": "http://osvdb.org/78041"
},
{
"name" : "https://wpsymposium-trac.sourcerepo.com/wpsymposium_trac/ticket/265",
"refsource" : "CONFIRM",
"url" : "https://wpsymposium-trac.sourcerepo.com/wpsymposium_trac/ticket/265"
"name": "46097",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/46097"
},
{
"name" : "78041",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/78041"
"name": "https://wpsymposium-trac.sourcerepo.com/wpsymposium_trac/ticket/265",
"refsource": "CONFIRM",
"url": "https://wpsymposium-trac.sourcerepo.com/wpsymposium_trac/ticket/265"
},
{
"name" : "78042",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/78042"
"name": "http://secunia.com/secunia_research/2011-91/",
"refsource": "MISC",
"url": "http://secunia.com/secunia_research/2011-91/"
},
{
"name" : "46097",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/46097"
"name": "78042",
"refsource": "OSVDB",
"url": "http://osvdb.org/78042"
},
{
"name" : "wpsymposium-admin-profile-file-upload(72012)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/72012"
"name": "wpsymposium-admin-profile-file-upload(72012)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72012"
}
]
}

22
2014/3xxx/CVE-2014-3116.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3116",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-3116",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

116
2014/3xxx/CVE-2014-3635.json
View File

@ -1,106 +1,106 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3635",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-3635",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Off-by-one error in D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8, when running on a 64-bit system and the max_message_unix_fds limit is set to an odd number, allows local users to cause a denial of service (dbus-daemon crash) or possibly execute arbitrary code by sending one more file descriptor than the limit, which triggers a heap-based buffer overflow or an assertion failure."
"lang": "eng",
"value": "Off-by-one error in D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8, when running on a 64-bit system and the max_message_unix_fds limit is set to an odd number, allows local users to cause a denial of service (dbus-daemon crash) or possibly execute arbitrary code by sending one more file descriptor than the limit, which triggers a heap-based buffer overflow or an assertion failure."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "[oss-security] 20140916 CVE-2014-3635 to 3639: security issues in D-Bus < 1.8.8",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2014/09/16/9"
"name": "USN-2352-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2352-1"
},
{
"name" : "https://bugs.freedesktop.org/show_bug.cgi?id=83622",
"refsource" : "CONFIRM",
"url" : "https://bugs.freedesktop.org/show_bug.cgi?id=83622"
"name": "openSUSE-SU-2014:1239",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html"
},
{
"name" : "http://advisories.mageia.org/MGASA-2014-0395.html",
"refsource" : "CONFIRM",
"url" : "http://advisories.mageia.org/MGASA-2014-0395.html"
"name": "https://bugs.freedesktop.org/show_bug.cgi?id=83622",
"refsource": "CONFIRM",
"url": "https://bugs.freedesktop.org/show_bug.cgi?id=83622"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
"name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"name" : "DSA-3026",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2014/dsa-3026"
"name": "61378",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61378"
},
{
"name" : "MDVSA-2015:176",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176"
"name": "[oss-security] 20140916 CVE-2014-3635 to 3639: security issues in D-Bus < 1.8.8",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/09/16/9"
},
{
"name" : "openSUSE-SU-2014:1239",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html"
"name": "1030864",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030864"
},
{
"name" : "USN-2352-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2352-1"
"name": "http://advisories.mageia.org/MGASA-2014-0395.html",
"refsource": "CONFIRM",
"url": "http://advisories.mageia.org/MGASA-2014-0395.html"
},
{
"name" : "1030864",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1030864"
"name": "DSA-3026",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-3026"
},
{
"name" : "61378",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/61378"
"name": "MDVSA-2015:176",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176"
}
]
}

80
2014/3xxx/CVE-2014-3653.json
View File

@ -1,76 +1,76 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3653",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-3653",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the template preview function in Foreman before 1.6.1 allows remote attackers to inject arbitrary web script or HTML via a crafted provisioning template."
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the template preview function in Foreman before 1.6.1 allows remote attackers to inject arbitrary web script or HTML via a crafted provisioning template."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://projects.theforeman.org/issues/7483",
"refsource" : "CONFIRM",
"url" : "http://projects.theforeman.org/issues/7483"
"name": "http://theforeman.org/security.html#2014-3653",
"refsource": "CONFIRM",
"url": "http://theforeman.org/security.html#2014-3653"
},
{
"name" : "http://theforeman.org/security.html#2014-3653",
"refsource" : "CONFIRM",
"url" : "http://theforeman.org/security.html#2014-3653"
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1145398",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1145398"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1145398",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1145398"
"name": "70046",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/70046"
},
{
"name" : "70046",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/70046"
"name": "http://projects.theforeman.org/issues/7483",
"refsource": "CONFIRM",
"url": "http://projects.theforeman.org/issues/7483"
}
]
}

122
2014/6xxx/CVE-2014-6054.json
View File

@ -1,111 +1,111 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-6054",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-6054",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The rfbProcessClientNormalMessage function in libvncserver/rfbserver.c in LibVNCServer 0.9.9 and earlier allows remote attackers to cause a denial of service (divide-by-zero error and server crash) via a zero value in the scaling factor in a (1) PalmVNCSetScaleFactor or (2) SetScale message."
"lang": "eng",
"value": "The rfbProcessClientNormalMessage function in libvncserver/rfbserver.c in LibVNCServer 0.9.9 and earlier allows remote attackers to cause a denial of service (divide-by-zero error and server crash) via a zero value in the scaling factor in a (1) PalmVNCSetScaleFactor or (2) SetScale message."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "[oss-security] 20140923 Multiple issues in libVNCserver",
"refsource" : "MLIST",
"url" : "http://seclists.org/oss-sec/2014/q3/639"
"name": "http://www.ocert.org/advisories/ocert-2014-007.html",
"refsource": "MISC",
"url": "http://www.ocert.org/advisories/ocert-2014-007.html"
},
{
"name" : "[oss-security] 20140925 [oCERT-2014-007] libvncserver multiple issues",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2014/09/25/11"
"name": "70094",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/70094"
},
{
"name" : "http://www.ocert.org/advisories/ocert-2014-007.html",
"refsource" : "MISC",
"url" : "http://www.ocert.org/advisories/ocert-2014-007.html"
"name": "61682",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61682"
},
{
"name" : "https://github.com/newsoft/libvncserver/commit/05a9bd41a8ec0a9d580a8f420f41718bdd235446",
"refsource" : "CONFIRM",
"url" : "https://github.com/newsoft/libvncserver/commit/05a9bd41a8ec0a9d580a8f420f41718bdd235446"
"name": "openSUSE-SU-2015:2207",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00022.html"
},
{
"name" : "DSA-3081",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2014/dsa-3081"
"name": "https://github.com/newsoft/libvncserver/commit/05a9bd41a8ec0a9d580a8f420f41718bdd235446",
"refsource": "CONFIRM",
"url": "https://github.com/newsoft/libvncserver/commit/05a9bd41a8ec0a9d580a8f420f41718bdd235446"
},
{
"name" : "GLSA-201507-07",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201507-07"
"name": "61506",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61506"
},
{
"name" : "openSUSE-SU-2015:2207",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2015-12/msg00022.html"
"name": "[oss-security] 20140925 [oCERT-2014-007] libvncserver multiple issues",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/09/25/11"
},
{
"name" : "USN-2365-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2365-1"
"name": "[oss-security] 20140923 Multiple issues in libVNCserver",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2014/q3/639"
},
{
"name" : "70094",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/70094"
"name": "GLSA-201507-07",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201507-07"
},
{
"name" : "61506",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/61506"
"name": "USN-2365-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2365-1"
},
{
"name" : "61682",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/61682"
"name": "DSA-3081",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-3081"
}
]
}

74
2014/7xxx/CVE-2014-7035.json
View File

@ -1,71 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-7035",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-7035",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The Harmonizers Planet (aka uk.co.pixelkicks.fifthharmony) application 2.3.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
"lang": "eng",
"value": "The Harmonizers Planet (aka uk.co.pixelkicks.fifthharmony) application 2.3.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
"name": "VU#862425",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/862425"
},
{
"name" : "VU#582497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/582497"
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name" : "VU#862425",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/862425"
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}

74
2014/7xxx/CVE-2014-7638.json
View File

@ -1,71 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-7638",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-7638",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The Fabuestereo 88.1 FM (aka com.nobexinc.wls_27892411.rc) application 3.2.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
"lang": "eng",
"value": "The Fabuestereo 88.1 FM (aka com.nobexinc.wls_27892411.rc) application 3.2.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
"name": "VU#734385",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/734385"
},
{
"name" : "VU#582497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/582497"
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name" : "VU#734385",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/734385"
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}

74
2014/7xxx/CVE-2014-7764.json
View File

@ -1,71 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-7764",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-7764",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The Semper Invicta Fitness (aka com.semper.invicta.fitness) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
"lang": "eng",
"value": "The Semper Invicta Fitness (aka com.semper.invicta.fitness) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
"name": "VU#247041",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/247041"
},
{
"name" : "VU#247041",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/247041"
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name" : "VU#582497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/582497"
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}

74
2014/7xxx/CVE-2014-7769.json
View File

@ -1,71 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-7769",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-7769",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The Accurate Lending (aka com.soln.S7B193908AEA1937C7CBB4E889A46D3C0) application 1.0021.b0021 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
"lang": "eng",
"value": "The Accurate Lending (aka com.soln.S7B193908AEA1937C7CBB4E889A46D3C0) application 1.0021.b0021 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name" : "VU#506729",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/506729"
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name" : "VU#582497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/582497"
"name": "VU#506729",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/506729"
}
]
}

80
2014/7xxx/CVE-2014-7884.json
View File

@ -1,76 +1,76 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-7884",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "hp-security-alert@hp.com",
"ID": "CVE-2014-7884",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Multiple unspecified vulnerabilities in HP ArcSight Logger before 6.0P1 have unknown impact and remote authenticated attack vectors."
"lang": "eng",
"value": "Multiple unspecified vulnerabilities in HP ArcSight Logger before 6.0P1 have unknown impact and remote authenticated attack vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "HPSBGN03249",
"refsource" : "HP",
"url" : "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04562193"
"name": "SSRT101697",
"refsource": "HP",
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04562193"
},
{
"name" : "SSRT101697",
"refsource" : "HP",
"url" : "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04562193"
"name": "VU#868948",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/868948"
},
{
"name" : "VU#868948",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/868948"
"name": "HPSBGN03249",
"refsource": "HP",
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04562193"
},
{
"name" : "1031921",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1031921"
"name": "1031921",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031921"
}
]
}

92
2014/8xxx/CVE-2014-8601.json
View File

@ -1,86 +1,86 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-8601",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-8601",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "PowerDNS Recursor before 3.6.2 does not limit delegation chaining, which allows remote attackers to cause a denial of service (\"performance degradations\") via a large or infinite number of referrals, as demonstrated by resolving domains hosted by ezdns.it."
"lang": "eng",
"value": "PowerDNS Recursor before 3.6.2 does not limit delegation chaining, which allows remote attackers to cause a denial of service (\"performance degradations\") via a large or infinite number of referrals, as demonstrated by resolving domains hosted by ezdns.it."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://cert.ssi.gouv.fr/site/CERTFR-2014-AVI-512/index.html",
"refsource" : "MISC",
"url" : "http://cert.ssi.gouv.fr/site/CERTFR-2014-AVI-512/index.html"
"name": "http://doc.powerdns.com/md/security/powerdns-advisory-2014-02/",
"refsource": "CONFIRM",
"url": "http://doc.powerdns.com/md/security/powerdns-advisory-2014-02/"
},
{
"name" : "http://doc.powerdns.com/md/security/powerdns-advisory-2014-02/",
"refsource" : "CONFIRM",
"url" : "http://doc.powerdns.com/md/security/powerdns-advisory-2014-02/"
"name": "DSA-3096",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-3096"
},
{
"name" : "DSA-3096",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2014/dsa-3096"
"name": "1031310",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031310"
},
{
"name" : "VU#264212",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/264212"
"name": "http://cert.ssi.gouv.fr/site/CERTFR-2014-AVI-512/index.html",
"refsource": "MISC",
"url": "http://cert.ssi.gouv.fr/site/CERTFR-2014-AVI-512/index.html"
},
{
"name" : "71545",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/71545"
"name": "71545",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/71545"
},
{
"name" : "1031310",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1031310"
"name": "VU#264212",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/264212"
}
]
}

22
2014/8xxx/CVE-2014-8811.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-8811",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-8811",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

140
2014/8xxx/CVE-2014-8892.json
View File

@ -1,126 +1,126 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-8892",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-8892",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Java Virtual Machine (JVM) in IBM SDK, Java Technology Edition 5.0 before SR16-FP9, 6 before SR16-FP3, 6R1 before SR8-FP3, 7 before SR8-FP10, and 7R1 before SR2-FP10 allows remote attackers to bypass intended access permissions and obtain sensitive information via unspecified vectors related to the security manager."
"lang": "eng",
"value": "Unspecified vulnerability in the Java Virtual Machine (JVM) in IBM SDK, Java Technology Edition 5.0 before SR16-FP9, 6 before SR16-FP3, 6R1 before SR8-FP3, 7 before SR8-FP10, and 7R1 before SR2-FP10 allows remote attackers to bypass intended access permissions and obtain sensitive information via unspecified vectors related to the security manager."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_February_2015",
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_February_2015"
"name": "http://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_February_2015",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_February_2015"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1189145",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1189145"
"name": "RHSA-2015:0136",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0136.html"
},
{
"name" : "https://www-304.ibm.com/support/docview.wss?uid=swg21695474",
"refsource" : "CONFIRM",
"url" : "https://www-304.ibm.com/support/docview.wss?uid=swg21695474"
"name": "73259",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/73259"
},
{
"name" : "RHSA-2015:0136",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-0136.html"
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1189145",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1189145"
},
{
"name" : "RHSA-2015:0264",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-0264.html"
"name": "SUSE-SU-2015:0376",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00033.html"
},
{
"name" : "SUSE-SU-2015:0304",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00021.html"
"name": "RHSA-2015:0264",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0264.html"
},
{
"name" : "SUSE-SU-2015:0306",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00022.html"
"name": "SUSE-SU-2015:0392",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00036.html"
},
{
"name" : "SUSE-SU-2015:0343",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00025.html"
"name": "SUSE-SU-2015:0345",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00027.html"
},
{
"name" : "SUSE-SU-2015:0344",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00026.html"
"name": "SUSE-SU-2015:0343",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00025.html"
},
{
"name" : "SUSE-SU-2015:0345",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00027.html"
"name": "https://www-304.ibm.com/support/docview.wss?uid=swg21695474",
"refsource": "CONFIRM",
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg21695474"
},
{
"name" : "SUSE-SU-2015:0376",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00033.html"
"name": "SUSE-SU-2015:0306",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00022.html"
},
{
"name" : "SUSE-SU-2015:0392",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00036.html"
"name": "SUSE-SU-2015:1073",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00013.html"
},
{
"name" : "SUSE-SU-2015:1073",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00013.html"
"name": "SUSE-SU-2015:0344",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00026.html"
},
{
"name" : "73259",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/73259"
"name": "SUSE-SU-2015:0304",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00021.html"
}
]
}

68
2016/2xxx/CVE-2016-2202.json
View File

@ -1,66 +1,66 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-2202",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secure@symantec.com",
"ID": "CVE-2016-2202",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The Inventory Solution component in the Management Agent in the client in Symantec Altiris IT Management Suite (ITMS) through 7.6 HF7 allows local users to bypass intended application-blacklist restrictions via unspecified vectors."
"lang": "eng",
"value": "The Inventory Solution component in the Management Agent in the client in Symantec Altiris IT Management Suite (ITMS) through 7.6 HF7 allows local users to bypass intended application-blacklist restrictions via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160407_00",
"refsource" : "CONFIRM",
"url" : "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160407_00"
"name": "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160407_00",
"refsource": "CONFIRM",
"url": "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160407_00"
},
{
"name" : "85778",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/85778"
"name": "85778",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/85778"
}
]
}

86
2016/2xxx/CVE-2016-2242.json
View File

@ -1,81 +1,81 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-2242",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-2242",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Exponent CMS 2.x before 2.3.7 Patch 3 allows remote attackers to execute arbitrary code via the sc parameter to install/index.php."
"lang": "eng",
"value": "Exponent CMS 2.x before 2.3.7 Patch 3 allows remote attackers to execute arbitrary code via the sc parameter to install/index.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20160210 Remote Code Execution in Exponent",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/537499/100/0/threaded"
"name": "http://www.exponentcms.org/news/show/title/security-notice-closing-an-exponent-security-vulnerability",
"refsource": "CONFIRM",
"url": "http://www.exponentcms.org/news/show/title/security-notice-closing-an-exponent-security-vulnerability"
},
{
"name" : "http://packetstormsecurity.com/files/135721/Exponent-2.3.7-PHP-Code-Execution.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/135721/Exponent-2.3.7-PHP-Code-Execution.html"
"name": "http://www.exponentcms.org/news/patch-3-released-for-v2-3-7",
"refsource": "CONFIRM",
"url": "http://www.exponentcms.org/news/patch-3-released-for-v2-3-7"
},
{
"name" : "https://www.htbridge.com/advisory/HTB23290",
"refsource" : "MISC",
"url" : "https://www.htbridge.com/advisory/HTB23290"
"name": "20160210 Remote Code Execution in Exponent",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/537499/100/0/threaded"
},
{
"name" : "http://www.exponentcms.org/news/patch-3-released-for-v2-3-7",
"refsource" : "CONFIRM",
"url" : "http://www.exponentcms.org/news/patch-3-released-for-v2-3-7"
"name": "http://packetstormsecurity.com/files/135721/Exponent-2.3.7-PHP-Code-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/135721/Exponent-2.3.7-PHP-Code-Execution.html"
},
{
"name" : "http://www.exponentcms.org/news/show/title/security-notice-closing-an-exponent-security-vulnerability",
"refsource" : "CONFIRM",
"url" : "http://www.exponentcms.org/news/show/title/security-notice-closing-an-exponent-security-vulnerability"
"name": "https://www.htbridge.com/advisory/HTB23290",
"refsource": "MISC",
"url": "https://www.htbridge.com/advisory/HTB23290"
}
]
}

62
2016/2xxx/CVE-2016-2293.json
View File

@ -1,61 +1,61 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-2293",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2016-2293",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The AXM-NET module in Accuenergy Acuvim II NET Firmware 3.08 and Acuvim IIR NET Firmware 3.08 allows remote attackers to discover settings via a direct request to an unspecified URL."
"lang": "eng",
"value": "The AXM-NET module in Accuenergy Acuvim II NET Firmware 3.08 and Acuvim IIR NET Firmware 3.08 allows remote attackers to discover settings via a direct request to an unspecified URL."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://ics-cert.us-cert.gov/advisories/ICSA-16-105-02",
"refsource" : "MISC",
"url" : "https://ics-cert.us-cert.gov/advisories/ICSA-16-105-02"
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-16-105-02",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-105-02"
}
]
}

22
2016/2xxx/CVE-2016-2685.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-2685",
"STATE" : "REJECT"
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2016-2685",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}

74
2016/6xxx/CVE-2016-6457.json
View File

@ -1,71 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@cisco.com",
"ID" : "CVE-2016-6457",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2016-6457",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "Cisco Nexus 9000 Series Platform Leaf Switches for Application Centric Infrastructure (ACI) 11.2(2x) through 12.0(1x)",
"version" : {
"version_data" : [
"product_name": "Cisco Nexus 9000 Series Platform Leaf Switches for Application Centric Infrastructure (ACI) 11.2(2x) through 12.0(1x)",
"version": {
"version_data": [
{
"version_value" : "Cisco Nexus 9000 Series Platform Leaf Switches for Application Centric Infrastructure (ACI) 11.2(2x) through 12.0(1x)"
"version_value": "Cisco Nexus 9000 Series Platform Leaf Switches for Application Centric Infrastructure (ACI) 11.2(2x) through 12.0(1x)"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "A vulnerability in the Cisco Nexus 9000 Series Platform Leaf Switches for Application Centric Infrastructure (ACI) could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on the affected device. This vulnerability affects Cisco Nexus 9000 Series Leaf Switches (TOR) - ACI Mode and Cisco Application Policy Infrastructure Controller (APIC). More Information: CSCuy93241. Known Affected Releases: 11.2(2x) 11.2(3x) 11.3(1x) 11.3(2x) 12.0(1x). Known Fixed Releases: 11.2(2i) 11.2(2j) 11.2(3f) 11.2(3g) 11.2(3h) 11.2(3l) 11.3(0.236) 11.3(1j) 11.3(2i) 11.3(2j) 12.0(1r)."
"lang": "eng",
"value": "A vulnerability in the Cisco Nexus 9000 Series Platform Leaf Switches for Application Centric Infrastructure (ACI) could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on the affected device. This vulnerability affects Cisco Nexus 9000 Series Leaf Switches (TOR) - ACI Mode and Cisco Application Policy Infrastructure Controller (APIC). More Information: CSCuy93241. Known Affected Releases: 11.2(2x) 11.2(3x) 11.3(1x) 11.3(2x) 12.0(1x). Known Fixed Releases: 11.2(2i) 11.2(2j) 11.2(3f) 11.2(3g) 11.2(3h) 11.2(3l) 11.3(0.236) 11.3(1j) 11.3(2i) 11.3(2j) 12.0(1r)."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "unspecified"
"lang": "eng",
"value": "unspecified"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161102-n9kapic",
"refsource" : "CONFIRM",
"url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161102-n9kapic"
"name": "94077",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94077"
},
{
"name" : "94077",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/94077"
"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161102-n9kapic",
"refsource": "CONFIRM",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161102-n9kapic"
},
{
"name" : "1037185",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1037185"
"name": "1037185",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037185"
}
]
}

92
2016/6xxx/CVE-2016-6720.json
View File

@ -1,86 +1,86 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-6720",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"ID": "CVE-2016-6720",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "An information disclosure vulnerability in libstagefright in Mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-11-01, and 7.0 before 2016-11-01 could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Android ID: A-29422020."
"lang": "eng",
"value": "An information disclosure vulnerability in libstagefright in Mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-11-01, and 7.0 before 2016-11-01 could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Android ID: A-29422020."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://android.googlesource.com/platform/frameworks/av/+/0f177948ae2640bfe4d70f8e4248e106406b3b0a",
"refsource" : "CONFIRM",
"url" : "https://android.googlesource.com/platform/frameworks/av/+/0f177948ae2640bfe4d70f8e4248e106406b3b0a"
"name": "https://android.googlesource.com/platform/frameworks/av/+/7c88b498fda1c2b608a9dd73960a2fd4d7b7e3f7",
"refsource": "CONFIRM",
"url": "https://android.googlesource.com/platform/frameworks/av/+/7c88b498fda1c2b608a9dd73960a2fd4d7b7e3f7"
},
{
"name" : "https://android.googlesource.com/platform/frameworks/av/+/2c75e1c3b98e4e94f50c63e2b7694be5f948477c",
"refsource" : "CONFIRM",
"url" : "https://android.googlesource.com/platform/frameworks/av/+/2c75e1c3b98e4e94f50c63e2b7694be5f948477c"
"name": "https://android.googlesource.com/platform/frameworks/av/+/640b04121d7cd2cac90e2f7c82b97fce05f074a5",
"refsource": "CONFIRM",
"url": "https://android.googlesource.com/platform/frameworks/av/+/640b04121d7cd2cac90e2f7c82b97fce05f074a5"
},
{
"name" : "https://android.googlesource.com/platform/frameworks/av/+/640b04121d7cd2cac90e2f7c82b97fce05f074a5",
"refsource" : "CONFIRM",
"url" : "https://android.googlesource.com/platform/frameworks/av/+/640b04121d7cd2cac90e2f7c82b97fce05f074a5"
"name": "94143",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94143"
},
{
"name" : "https://android.googlesource.com/platform/frameworks/av/+/7c88b498fda1c2b608a9dd73960a2fd4d7b7e3f7",
"refsource" : "CONFIRM",
"url" : "https://android.googlesource.com/platform/frameworks/av/+/7c88b498fda1c2b608a9dd73960a2fd4d7b7e3f7"
"name": "https://source.android.com/security/bulletin/2016-11-01.html",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2016-11-01.html"
},
{
"name" : "https://source.android.com/security/bulletin/2016-11-01.html",
"refsource" : "CONFIRM",
"url" : "https://source.android.com/security/bulletin/2016-11-01.html"
"name": "https://android.googlesource.com/platform/frameworks/av/+/2c75e1c3b98e4e94f50c63e2b7694be5f948477c",
"refsource": "CONFIRM",
"url": "https://android.googlesource.com/platform/frameworks/av/+/2c75e1c3b98e4e94f50c63e2b7694be5f948477c"
},
{
"name" : "94143",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/94143"
"name": "https://android.googlesource.com/platform/frameworks/av/+/0f177948ae2640bfe4d70f8e4248e106406b3b0a",
"refsource": "CONFIRM",
"url": "https://android.googlesource.com/platform/frameworks/av/+/0f177948ae2640bfe4d70f8e4248e106406b3b0a"
}
]
}

70
2017/18xxx/CVE-2017-18125.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "product-security@qualcomm.com",
"DATE_PUBLIC" : "2018-04-02T00:00:00",
"ID" : "CVE-2017-18125",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "product-security@qualcomm.com",
"DATE_PUBLIC": "2018-04-02T00:00:00",
"ID": "CVE-2017-18125",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "Snapdragon Mobile, Snapdragon Wear",
"version" : {
"version_data" : [
"product_name": "Snapdragon Mobile, Snapdragon Wear",
"version": {
"version_data": [
{
"version_value" : "MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 835, SD 845, SD 850"
"version_value": "MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 835, SD 845, SD 850"
}
]
}
}
]
},
"vendor_name" : "Qualcomm, Inc."
"vendor_name": "Qualcomm, Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 835, SD 845, SD 850, when secure camera is activated it stores captured data in protected buffers. The TEE application which uses secure camera expects those buffers to contain data captured during the current camera session. It is possible though for HLOS to put aside and reuse one or more of the protected buffers with previously captured data during next camera session. Such data reuse must be prevented as the TEE applications expects to receive valid data captured during the current session only."
"lang": "eng",
"value": "In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 835, SD 845, SD 850, when secure camera is activated it stores captured data in protected buffers. The TEE application which uses secure camera expects those buffers to contain data captured during the current camera session. It is possible though for HLOS to put aside and reuse one or more of the protected buffers with previously captured data during next camera session. Such data reuse must be prevented as the TEE applications expects to receive valid data captured during the current session only."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "Improper Input Validation in TrustZone"
"lang": "eng",
"value": "Improper Input Validation in TrustZone"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://source.android.com/security/bulletin/2018-04-01",
"refsource" : "CONFIRM",
"url" : "https://source.android.com/security/bulletin/2018-04-01"
"name": "https://source.android.com/security/bulletin/2018-04-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2018-04-01"
},
{
"name" : "103671",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/103671"
"name": "103671",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103671"
}
]
}

22
2017/18xxx/CVE-2017-18161.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-18161",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-18161",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

22
2017/5xxx/CVE-2017-5300.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-5300",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-5300",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

68
2017/5xxx/CVE-2017-5685.json
View File

@ -1,66 +1,66 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secure@intel.com",
"ID" : "CVE-2017-5685",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secure@intel.com",
"ID": "CVE-2017-5685",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "Intel NUC NUC6i7KYK",
"version" : {
"version_data" : [
"product_name": "Intel NUC NUC6i7KYK",
"version": {
"version_data": [
{
"version_value" : "Before KY0045"
"version_value": "Before KY0045"
}
]
}
}
]
},
"vendor_name" : "Intel"
"vendor_name": "Intel"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The BIOS in Intel NUC systems based on 6th Gen Intel Core processors prior to version KY0045 may allow may allow an attacker with physical access to the system to gain access to personal information."
"lang": "eng",
"value": "The BIOS in Intel NUC systems based on 6th Gen Intel Core processors prior to version KY0045 may allow may allow an attacker with physical access to the system to gain access to personal information."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "Information Disclosure"
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00073&languageid=en-fr",
"refsource" : "CONFIRM",
"url" : "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00073&languageid=en-fr"
"name": "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00073&languageid=en-fr",
"refsource": "CONFIRM",
"url": "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00073&languageid=en-fr"
},
{
"name" : "97408",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/97408"
"name": "97408",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97408"
}
]
}

62
2017/5xxx/CVE-2017-5965.json
View File

@ -1,61 +1,61 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-5965",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-5965",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The package manager in Sitecore CRM 8.1 Rev 151207 allows remote authenticated administrators to execute arbitrary ASP code by creating a ZIP archive in which a .asp file has a ..\\ in its pathname, visiting sitecore/shell/applications/install/dialogs/Upload%20Package/UploadPackage2.aspx to upload this archive and extract its contents, and visiting a URI under sitecore/ to execute the .asp file."
"lang": "eng",
"value": "The package manager in Sitecore CRM 8.1 Rev 151207 allows remote authenticated administrators to execute arbitrary ASP code by creating a ZIP archive in which a .asp file has a ..\\ in its pathname, visiting sitecore/shell/applications/install/dialogs/Upload%20Package/UploadPackage2.aspx to upload this archive and extract its contents, and visiting a URI under sitecore/ to execute the .asp file."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://research.aurainfosec.io/disclosures/2017-05-18-sitecore/",
"refsource" : "MISC",
"url" : "http://research.aurainfosec.io/disclosures/2017-05-18-sitecore/"
"name": "http://research.aurainfosec.io/disclosures/2017-05-18-sitecore/",
"refsource": "MISC",
"url": "http://research.aurainfosec.io/disclosures/2017-05-18-sitecore/"
}
]
}