admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 00:58:02 +00:00
parent 401fb21af3
commit 6833ba124c
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
48 changed files with 3774 additions and 3774 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

180
2005/0xxx/CVE-2005-0023.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-0023",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "gnome-pty-helper in GNOME libzvt2 and libvte4 allows local users to spoof the logon hostname via a modified DISPLAY environment variable. NOTE: the severity of this issue has been disputed."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0023",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20051007 gnome-pty-helper writes arbitrary utmp records",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=112879572407250&w=2"
},
{
"name" : "http://bugzilla.gnome.org/show_bug.cgi?id=317312",
"refsource" : "MISC",
"url" : "http://bugzilla.gnome.org/show_bug.cgi?id=317312"
},
{
"name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=330907",
"refsource" : "MISC",
"url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=330907"
},
{
"name" : "15004",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/15004"
},
{
"name" : "ADV-2005-1931",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2005/1931"
},
{
"name" : "17023",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17023"
},
{
"name" : "libzvt-gnomeptyhelper-spoof(22496)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/22496"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "gnome-pty-helper in GNOME libzvt2 and libvte4 allows local users to spoof the logon hostname via a modified DISPLAY environment variable. NOTE: the severity of this issue has been disputed."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2005-1931",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/1931"
},
{
"name": "20051007 gnome-pty-helper writes arbitrary utmp records",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=112879572407250&w=2"
},
{
"name": "15004",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15004"
},
{
"name": "libzvt-gnomeptyhelper-spoof(22496)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22496"
},
{
"name": "17023",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17023"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=330907",
"refsource": "MISC",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=330907"
},
{
"name": "http://bugzilla.gnome.org/show_bug.cgi?id=317312",
"refsource": "MISC",
"url": "http://bugzilla.gnome.org/show_bug.cgi?id=317312"
}
]
}
}

290
2005/0xxx/CVE-2005-0085.json
View File

@ -1,147 +1,147 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-0085",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in ht://dig (htdig) before 3.1.6-r7 allows remote attackers to execute arbitrary web script or HTML via the config parameter, which is not properly sanitized before it is displayed in an error message."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0085",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "DSA-680",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2005/dsa-680"
},
{
"name" : "FLSA-2006:152907",
"refsource" : "FEDORA",
"url" : "http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00002.html"
},
{
"name" : "GLSA-200502-16",
"refsource" : "GENTOO",
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200502-16.xml"
},
{
"name" : "MDKSA-2005:063",
"refsource" : "MANDRAKE",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2005:063"
},
{
"name" : "RHSA-2005:073",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2005-073.html"
},
{
"name" : "RHSA-2005:090",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2005-090.html"
},
{
"name" : "SCOSA-2005.46",
"refsource" : "SCO",
"url" : "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.46/SCOSA-2005.46.txt"
},
{
"name" : "12442",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/12442"
},
{
"name" : "oval:org.mitre.oval:def:10878",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10878"
},
{
"name" : "1013078",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1013078"
},
{
"name" : "14255",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/14255"
},
{
"name" : "17414",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17414"
},
{
"name" : "17415",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17415"
},
{
"name" : "14276",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/14276"
},
{
"name" : "14303",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/14303"
},
{
"name" : "14795",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/14795"
},
{
"name" : "15007",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/15007"
},
{
"name" : "htdig-config-xss(19223)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19223"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in ht://dig (htdig) before 3.1.6-r7 allows remote attackers to execute arbitrary web script or HTML via the config parameter, which is not properly sanitized before it is displayed in an error message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "14795",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/14795"
},
{
"name": "oval:org.mitre.oval:def:10878",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10878"
},
{
"name": "RHSA-2005:073",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-073.html"
},
{
"name": "14255",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/14255"
},
{
"name": "MDKSA-2005:063",
"refsource": "MANDRAKE",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:063"
},
{
"name": "17415",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17415"
},
{
"name": "htdig-config-xss(19223)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19223"
},
{
"name": "14303",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/14303"
},
{
"name": "14276",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/14276"
},
{
"name": "12442",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/12442"
},
{
"name": "GLSA-200502-16",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200502-16.xml"
},
{
"name": "DSA-680",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-680"
},
{
"name": "17414",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17414"
},
{
"name": "RHSA-2005:090",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-090.html"
},
{
"name": "FLSA-2006:152907",
"refsource": "FEDORA",
"url": "http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00002.html"
},
{
"name": "15007",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/15007"
},
{
"name": "1013078",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1013078"
},
{
"name": "SCOSA-2005.46",
"refsource": "SCO",
"url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.46/SCOSA-2005.46.txt"
}
]
}
}

180
2005/0xxx/CVE-2005-0879.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-0879",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file include vulnerability in (1) content.php and (2) index.php for Vortex Portal allows remote attackers to execute arbitrary PHP code via a URL in the act parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0879",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20050323 Vortex Portal",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2005-03/0405.html"
},
{
"name" : "12878",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/12878"
},
{
"name" : "14958",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/14958"
},
{
"name" : "14959",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/14959"
},
{
"name" : "1013545",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1013545"
},
{
"name" : "14707",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/14707"
},
{
"name" : "vortexportal-act-file-include(19809)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19809"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file include vulnerability in (1) content.php and (2) index.php for Vortex Portal allows remote attackers to execute arbitrary PHP code via a URL in the act parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "14959",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/14959"
},
{
"name": "1013545",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1013545"
},
{
"name": "12878",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/12878"
},
{
"name": "14958",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/14958"
},
{
"name": "20050323 Vortex Portal",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2005-03/0405.html"
},
{
"name": "14707",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/14707"
},
{
"name": "vortexportal-act-file-include(19809)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19809"
}
]
}
}

130
2005/1xxx/CVE-2005-1449.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-1449",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unknown vulnerability in serendipity_config_local.inc.php for Serendipity before 0.8 has unknown impact."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1449",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.s9y.org/63.html#A9",
"refsource" : "CONFIRM",
"url" : "http://www.s9y.org/63.html#A9"
},
{
"name" : "15145",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/15145"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unknown vulnerability in serendipity_config_local.inc.php for Serendipity before 0.8 has unknown impact."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "15145",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/15145"
},
{
"name": "http://www.s9y.org/63.html#A9",
"refsource": "CONFIRM",
"url": "http://www.s9y.org/63.html#A9"
}
]
}
}

200
2005/1xxx/CVE-2005-1928.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-1928",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Trend Micro ServerProtect EarthAgent for Windows Management Console 5.58 and possibly earlier versions, when running with Trend Micro Control Manager 2.5 and 3.0, and Damage Cleanup Server 1.1, allows remote attackers to cause a denial of service (CPU consumption) via a flood of crafted packets with a certain \"magic value\" to port 5005, which also leads to a memory leak."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1928",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20051214 Trend Micro ServerProtect EarthAgent Remote DoS Vulnerability",
"refsource" : "IDEFENSE",
"url" : "http://www.idefense.com/application/poi/display?id=356&type=vulnerabilities"
},
{
"name" : "http://kb.trendmicro.com/solutions/search/main/search/solutionDetail.asp?solutionID=25254",
"refsource" : "MISC",
"url" : "http://kb.trendmicro.com/solutions/search/main/search/solutionDetail.asp?solutionID=25254"
},
{
"name" : "http://solutionfile.trendmicro.com/SolutionFile/25254/en/Hotfix_Readme_SPNT5_58_B1137.txt",
"refsource" : "MISC",
"url" : "http://solutionfile.trendmicro.com/SolutionFile/25254/en/Hotfix_Readme_SPNT5_58_B1137.txt"
},
{
"name" : "15868",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/15868"
},
{
"name" : "ADV-2005-2907",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2005/2907"
},
{
"name" : "21773",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/21773"
},
{
"name" : "1015358",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1015358"
},
{
"name" : "18038",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18038"
},
{
"name" : "259",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/259"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Trend Micro ServerProtect EarthAgent for Windows Management Console 5.58 and possibly earlier versions, when running with Trend Micro Control Manager 2.5 and 3.0, and Damage Cleanup Server 1.1, allows remote attackers to cause a denial of service (CPU consumption) via a flood of crafted packets with a certain \"magic value\" to port 5005, which also leads to a memory leak."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "18038",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18038"
},
{
"name": "1015358",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015358"
},
{
"name": "http://solutionfile.trendmicro.com/SolutionFile/25254/en/Hotfix_Readme_SPNT5_58_B1137.txt",
"refsource": "MISC",
"url": "http://solutionfile.trendmicro.com/SolutionFile/25254/en/Hotfix_Readme_SPNT5_58_B1137.txt"
},
{
"name": "http://kb.trendmicro.com/solutions/search/main/search/solutionDetail.asp?solutionID=25254",
"refsource": "MISC",
"url": "http://kb.trendmicro.com/solutions/search/main/search/solutionDetail.asp?solutionID=25254"
},
{
"name": "15868",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15868"
},
{
"name": "259",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/259"
},
{
"name": "21773",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/21773"
},
{
"name": "20051214 Trend Micro ServerProtect EarthAgent Remote DoS Vulnerability",
"refsource": "IDEFENSE",
"url": "http://www.idefense.com/application/poi/display?id=356&type=vulnerabilities"
},
{
"name": "ADV-2005-2907",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2907"
}
]
}
}

200
2005/3xxx/CVE-2005-3423.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-3423",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in Subdreamer 2.2.1 allow remote attackers to execute arbitrary SQL commands via (1) the loginusername parameter or (2) cookies to (a) subdreamer.php, (b) ipb2.php, (c) phpbb2.php, (d) vbulletin2.php, and (e) vbulletin3.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3423",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://rst.void.ru/papers/advisory35.txt",
"refsource" : "MISC",
"url" : "http://rst.void.ru/papers/advisory35.txt"
},
{
"name" : "15238",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/15238"
},
{
"name" : "20378",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/20378"
},
{
"name" : "20379",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/20379"
},
{
"name" : "20380",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/20380"
},
{
"name" : "20381",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/20381"
},
{
"name" : "20382",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/20382"
},
{
"name" : "20384",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/20384"
},
{
"name" : "17378",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17378"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in Subdreamer 2.2.1 allow remote attackers to execute arbitrary SQL commands via (1) the loginusername parameter or (2) cookies to (a) subdreamer.php, (b) ipb2.php, (c) phpbb2.php, (d) vbulletin2.php, and (e) vbulletin3.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://rst.void.ru/papers/advisory35.txt",
"refsource": "MISC",
"url": "http://rst.void.ru/papers/advisory35.txt"
},
{
"name": "20379",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/20379"
},
{
"name": "20380",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/20380"
},
{
"name": "20382",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/20382"
},
{
"name": "20378",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/20378"
},
{
"name": "20381",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/20381"
},
{
"name": "17378",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17378"
},
{
"name": "15238",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15238"
},
{
"name": "20384",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/20384"
}
]
}
}

170
2005/3xxx/CVE-2005-3496.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-3496",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in PHP Handicapper allows remote attackers to inject arbitrary web script or HTML via the msg parameter to msg.php. NOTE: some sources identify a second vector in the login parameter to process_signup.php, but the original source says that it is for CRLF injection (CVE-2005-4712). Also note: the vendor has disputed CVE-2005-3497, and it is possible that the dispute was intended to include this issue as well. If so, followup investigation strongly suggests that the original report is correct."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3496",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.zone-h.org/advisories/read/id=8360",
"refsource" : "MISC",
"url" : "http://www.zone-h.org/advisories/read/id=8360"
},
{
"name" : "15294",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/15294"
},
{
"name" : "ADV-2005-2292",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2005/2292"
},
{
"name" : "20479",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/20479"
},
{
"name" : "20480",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/20480"
},
{
"name" : "17412",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17412"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in PHP Handicapper allows remote attackers to inject arbitrary web script or HTML via the msg parameter to msg.php. NOTE: some sources identify a second vector in the login parameter to process_signup.php, but the original source says that it is for CRLF injection (CVE-2005-4712). Also note: the vendor has disputed CVE-2005-3497, and it is possible that the dispute was intended to include this issue as well. If so, followup investigation strongly suggests that the original report is correct."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20479",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/20479"
},
{
"name": "http://www.zone-h.org/advisories/read/id=8360",
"refsource": "MISC",
"url": "http://www.zone-h.org/advisories/read/id=8360"
},
{
"name": "15294",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15294"
},
{
"name": "ADV-2005-2292",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2292"
},
{
"name": "17412",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17412"
},
{
"name": "20480",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/20480"
}
]
}
}

140
2005/3xxx/CVE-2005-3799.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-3799",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "phpBB 2.0.18 allows remote attackers to obtain sensitive information via a large SQL query, which generates an error message that reveals SQL syntax or the full installation path."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3799",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20051111 phpBB 2.0.18 SQL Query problem",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=113200740718682&w=2"
},
{
"name" : "20051115 Re: phpBB 2.0.18 SQL Query problem",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=113210133012767&w=2"
},
{
"name" : "http://securityreason.com/achievement_exploitalert/4",
"refsource" : "MISC",
"url" : "http://securityreason.com/achievement_exploitalert/4"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "phpBB 2.0.18 allows remote attackers to obtain sensitive information via a large SQL query, which generates an error message that reveals SQL syntax or the full installation path."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20051111 phpBB 2.0.18 SQL Query problem",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=113200740718682&w=2"
},
{
"name": "20051115 Re: phpBB 2.0.18 SQL Query problem",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=113210133012767&w=2"
},
{
"name": "http://securityreason.com/achievement_exploitalert/4",
"refsource": "MISC",
"url": "http://securityreason.com/achievement_exploitalert/4"
}
]
}
}

190
2005/4xxx/CVE-2005-4034.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-4034",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in Web4Future eDating Professional 5 allow remote attackers to execute arbitrary SQL commands via the (1) s, (2) pg, and (3) sortb parameters to (a) index.php; (4) cid parameter to (b) gift.php and (c) fq.php; and (5) cat parameter to (d) articles.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4034",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://pridels0.blogspot.com/2005/12/web4future-edating-professional-v5-sql.html",
"refsource" : "MISC",
"url" : "http://pridels0.blogspot.com/2005/12/web4future-edating-professional-v5-sql.html"
},
{
"name" : "15715",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/15715"
},
{
"name" : "ADV-2005-2734",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2005/2734"
},
{
"name" : "21418",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/21418"
},
{
"name" : "21419",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/21419"
},
{
"name" : "21420",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/21420"
},
{
"name" : "21421",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/21421"
},
{
"name" : "17879",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17879"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in Web4Future eDating Professional 5 allow remote attackers to execute arbitrary SQL commands via the (1) s, (2) pg, and (3) sortb parameters to (a) index.php; (4) cid parameter to (b) gift.php and (c) fq.php; and (5) cat parameter to (d) articles.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://pridels0.blogspot.com/2005/12/web4future-edating-professional-v5-sql.html",
"refsource": "MISC",
"url": "http://pridels0.blogspot.com/2005/12/web4future-edating-professional-v5-sql.html"
},
{
"name": "17879",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17879"
},
{
"name": "ADV-2005-2734",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2734"
},
{
"name": "21419",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/21419"
},
{
"name": "21418",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/21418"
},
{
"name": "15715",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15715"
},
{
"name": "21421",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/21421"
},
{
"name": "21420",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/21420"
}
]
}
}

160
2005/4xxx/CVE-2005-4149.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-4149",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Lyris ListManager 8.8 through 8.9b allows remote attackers to obtain sensitive information by causing errors in TML scripts, such as via direct requests, which leaks the installation path, SQL queries, or product code in diagnostic messages."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4149",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20051208 PGP Wipe Free Space, Lyris ListManager Flaws, Windows Timestamps, Sam Juicer",
"refsource" : "FULLDISC",
"url" : "http://archives.neohapsis.com/archives/fulldisclosure/2005-12/0349.html"
},
{
"name" : "20051209 PGP Wipe Free Space, Lyris ListManager Flaws, Windows Timestamps, Sam Juicer",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/419077/100/0/threaded"
},
{
"name" : "http://metasploit.com/research/vulns/lyris_listmanager/",
"refsource" : "MISC",
"url" : "http://metasploit.com/research/vulns/lyris_listmanager/"
},
{
"name" : "ADV-2005-2820",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2005/2820"
},
{
"name" : "17943",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17943"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Lyris ListManager 8.8 through 8.9b allows remote attackers to obtain sensitive information by causing errors in TML scripts, such as via direct requests, which leaks the installation path, SQL queries, or product code in diagnostic messages."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20051209 PGP Wipe Free Space, Lyris ListManager Flaws, Windows Timestamps, Sam Juicer",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/419077/100/0/threaded"
},
{
"name": "http://metasploit.com/research/vulns/lyris_listmanager/",
"refsource": "MISC",
"url": "http://metasploit.com/research/vulns/lyris_listmanager/"
},
{
"name": "ADV-2005-2820",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2820"
},
{
"name": "20051208 PGP Wipe Free Space, Lyris ListManager Flaws, Windows Timestamps, Sam Juicer",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-12/0349.html"
},
{
"name": "17943",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17943"
}
]
}
}

180
2005/4xxx/CVE-2005-4212.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-4212",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in coin_includes/db.php in phpCOIN 1.2.2 allows remote attackers to read arbitrary local files via \"..\" (dot dot) sequences in the $_CCFG[_PKG_PATH_DBSE] variable."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4212",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20051213 phpCOIN 1.2.2 multiple vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/419382/100/0/threaded"
},
{
"name" : "http://forums.phpcoin.com/index.php?showtopic=5469",
"refsource" : "CONFIRM",
"url" : "http://forums.phpcoin.com/index.php?showtopic=5469"
},
{
"name" : "http://rgod.altervista.org/phpcoin122.html",
"refsource" : "MISC",
"url" : "http://rgod.altervista.org/phpcoin122.html"
},
{
"name" : "15831",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/15831"
},
{
"name" : "ADV-2005-2888",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2005/2888"
},
{
"name" : "1015345",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1015345"
},
{
"name" : "18030",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18030"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in coin_includes/db.php in phpCOIN 1.2.2 allows remote attackers to read arbitrary local files via \"..\" (dot dot) sequences in the $_CCFG[_PKG_PATH_DBSE] variable."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://rgod.altervista.org/phpcoin122.html",
"refsource": "MISC",
"url": "http://rgod.altervista.org/phpcoin122.html"
},
{
"name": "http://forums.phpcoin.com/index.php?showtopic=5469",
"refsource": "CONFIRM",
"url": "http://forums.phpcoin.com/index.php?showtopic=5469"
},
{
"name": "18030",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18030"
},
{
"name": "20051213 phpCOIN 1.2.2 multiple vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/419382/100/0/threaded"
},
{
"name": "ADV-2005-2888",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2888"
},
{
"name": "1015345",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015345"
},
{
"name": "15831",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15831"
}
]
}
}

150
2005/4xxx/CVE-2005-4509.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-4509",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in index.asp in pTools allows remote attackers to execute arbitrary SQL commands via the docID parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4509",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "15996",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/15996"
},
{
"name" : "21841",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/21841"
},
{
"name" : "18133",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18133"
},
{
"name" : "ptools-index-sql-injection(23837)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/23837"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in index.asp in pTools allows remote attackers to execute arbitrary SQL commands via the docID parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "21841",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/21841"
},
{
"name": "18133",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18133"
},
{
"name": "ptools-index-sql-injection(23837)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23837"
},
{
"name": "15996",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15996"
}
]
}
}

140
2009/0xxx/CVE-2009-0333.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-0333",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in the WebAmoeba (WA) Ticket System (com_waticketsystem) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a category action to index.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0333",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "7833",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/7833"
},
{
"name" : "33353",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/33353"
},
{
"name" : "33577",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/33577"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the WebAmoeba (WA) Ticket System (com_waticketsystem) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a category action to index.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "33577",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33577"
},
{
"name": "33353",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/33353"
},
{
"name": "7833",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/7833"
}
]
}
}

180
2009/0xxx/CVE-2009-0572.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-0572",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in include/flatnux.php in FlatnuX CMS (aka Flatnuke3) 2009-01-27 and 2009-02-04, when register_globals is enabled and magic_quotes_gpc disabled, allows remote attackers to execute arbitrary PHP code via a URL in the _FNROOTPATH parameter to (1) index.php and (2) filemanager.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0572",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20090202 flatnux Flatnux-2009-01-27 Remote File Include",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/500663/100/0/threaded"
},
{
"name" : "7969",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/7969"
},
{
"name" : "33599",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/33599"
},
{
"name" : "51728",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/51728"
},
{
"name" : "51729",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/51729"
},
{
"name" : "33721",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/33721"
},
{
"name" : "flatnuxcms-fnrootpath-file-include(48491)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/48491"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in include/flatnux.php in FlatnuX CMS (aka Flatnuke3) 2009-01-27 and 2009-02-04, when register_globals is enabled and magic_quotes_gpc disabled, allows remote attackers to execute arbitrary PHP code via a URL in the _FNROOTPATH parameter to (1) index.php and (2) filemanager.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "33599",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/33599"
},
{
"name": "51728",
"refsource": "OSVDB",
"url": "http://osvdb.org/51728"
},
{
"name": "20090202 flatnux Flatnux-2009-01-27 Remote File Include",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/500663/100/0/threaded"
},
{
"name": "33721",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33721"
},
{
"name": "51729",
"refsource": "OSVDB",
"url": "http://osvdb.org/51729"
},
{
"name": "flatnuxcms-fnrootpath-file-include(48491)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48491"
},
{
"name": "7969",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/7969"
}
]
}
}

160
2009/1xxx/CVE-2009-1525.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-1525",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "CMD_DB in JBMC Software DirectAdmin before 1.334 allows remote authenticated users to gain privileges via shell metacharacters in the name parameter during a restore action."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1525",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20090422 DirectAdmin < 1.33.4 Local file overwrite & Local root escalation",
"refsource" : "FULLDISC",
"url" : "http://archives.neohapsis.com/archives/fulldisclosure/2009-04/0228.html"
},
{
"name" : "http://www.directadmin.com/features.php?id=968",
"refsource" : "CONFIRM",
"url" : "http://www.directadmin.com/features.php?id=968"
},
{
"name" : "54015",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/54015"
},
{
"name" : "34861",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34861"
},
{
"name" : "directadmin-cmddb-command-execution(50167)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/50167"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CMD_DB in JBMC Software DirectAdmin before 1.334 allows remote authenticated users to gain privileges via shell metacharacters in the name parameter during a restore action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "54015",
"refsource": "OSVDB",
"url": "http://osvdb.org/54015"
},
{
"name": "20090422 DirectAdmin < 1.33.4 Local file overwrite & Local root escalation",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2009-04/0228.html"
},
{
"name": "directadmin-cmddb-command-execution(50167)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50167"
},
{
"name": "34861",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34861"
},
{
"name": "http://www.directadmin.com/features.php?id=968",
"refsource": "CONFIRM",
"url": "http://www.directadmin.com/features.php?id=968"
}
]
}
}

430
2009/1xxx/CVE-2009-1578.json
View File

@ -1,217 +1,217 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-1578",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail before 1.4.18 and NaSMail before 1.7 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) certain encrypted strings in e-mail headers, related to contrib/decrypt_headers.php; (2) PHP_SELF; and (3) the query string (aka QUERY_STRING)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1578",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/contrib/decrypt_headers.php?r1=13672&r2=13671&pathrev=13672",
"refsource" : "CONFIRM",
"url" : "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/contrib/decrypt_headers.php?r1=13672&r2=13671&pathrev=13672"
},
{
"name" : "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/doc/ChangeLog",
"refsource" : "CONFIRM",
"url" : "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/doc/ChangeLog"
},
{
"name" : "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/functions/global.php?r1=13670&r2=13669&pathrev=13670",
"refsource" : "CONFIRM",
"url" : "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/functions/global.php?r1=13670&r2=13669&pathrev=13670"
},
{
"name" : "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail?view=rev&revision=13670",
"refsource" : "CONFIRM",
"url" : "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail?view=rev&revision=13670"
},
{
"name" : "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail?view=rev&revision=13672",
"refsource" : "CONFIRM",
"url" : "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail?view=rev&revision=13672"
},
{
"name" : "http://www.squirrelmail.org/security/issue/2009-05-08",
"refsource" : "CONFIRM",
"url" : "http://www.squirrelmail.org/security/issue/2009-05-08"
},
{
"name" : "http://www.squirrelmail.org/security/issue/2009-05-09",
"refsource" : "CONFIRM",
"url" : "http://www.squirrelmail.org/security/issue/2009-05-09"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=500363",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=500363"
},
{
"name" : "http://download.gna.org/nasmail/nasmail-1.7.zip",
"refsource" : "CONFIRM",
"url" : "http://download.gna.org/nasmail/nasmail-1.7.zip"
},
{
"name" : "https://gna.org/forum/forum.php?forum_id=2146",
"refsource" : "CONFIRM",
"url" : "https://gna.org/forum/forum.php?forum_id=2146"
},
{
"name" : "http://support.apple.com/kb/HT4188",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT4188"
},
{
"name" : "APPLE-SA-2010-06-15-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html"
},
{
"name" : "DSA-1802",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2009/dsa-1802"
},
{
"name" : "FEDORA-2009-4870",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00566.html"
},
{
"name" : "FEDORA-2009-4880",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00577.html"
},
{
"name" : "FEDORA-2009-4875",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00572.html"
},
{
"name" : "MDVSA-2009:110",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:110"
},
{
"name" : "RHSA-2009:1066",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2009-1066.html"
},
{
"name" : "34916",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/34916"
},
{
"name" : "60468",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/60468"
},
{
"name" : "oval:org.mitre.oval:def:11624",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11624"
},
{
"name" : "35052",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35052"
},
{
"name" : "35073",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35073"
},
{
"name" : "35140",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35140"
},
{
"name" : "37415",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/37415"
},
{
"name" : "35259",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35259"
},
{
"name" : "40220",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/40220"
},
{
"name" : "ADV-2009-1296",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/1296"
},
{
"name" : "ADV-2009-3315",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/3315"
},
{
"name" : "ADV-2010-1481",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/1481"
},
{
"name" : "squirrelmail-decryptheaders-xss(50460)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/50460"
},
{
"name" : "squirrelmail-phpself-xss(50459)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/50459"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail before 1.4.18 and NaSMail before 1.7 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) certain encrypted strings in e-mail headers, related to contrib/decrypt_headers.php; (2) PHP_SELF; and (3) the query string (aka QUERY_STRING)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "APPLE-SA-2010-06-15-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html"
},
{
"name": "https://gna.org/forum/forum.php?forum_id=2146",
"refsource": "CONFIRM",
"url": "https://gna.org/forum/forum.php?forum_id=2146"
},
{
"name": "MDVSA-2009:110",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:110"
},
{
"name": "34916",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34916"
},
{
"name": "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/doc/ChangeLog",
"refsource": "CONFIRM",
"url": "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/doc/ChangeLog"
},
{
"name": "ADV-2010-1481",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1481"
},
{
"name": "http://www.squirrelmail.org/security/issue/2009-05-09",
"refsource": "CONFIRM",
"url": "http://www.squirrelmail.org/security/issue/2009-05-09"
},
{
"name": "FEDORA-2009-4870",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00566.html"
},
{
"name": "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail?view=rev&revision=13670",
"refsource": "CONFIRM",
"url": "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail?view=rev&revision=13670"
},
{
"name": "35140",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35140"
},
{
"name": "http://download.gna.org/nasmail/nasmail-1.7.zip",
"refsource": "CONFIRM",
"url": "http://download.gna.org/nasmail/nasmail-1.7.zip"
},
{
"name": "60468",
"refsource": "OSVDB",
"url": "http://osvdb.org/60468"
},
{
"name": "FEDORA-2009-4880",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00577.html"
},
{
"name": "oval:org.mitre.oval:def:11624",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11624"
},
{
"name": "http://support.apple.com/kb/HT4188",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4188"
},
{
"name": "squirrelmail-phpself-xss(50459)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50459"
},
{
"name": "40220",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40220"
},
{
"name": "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail?view=rev&revision=13672",
"refsource": "CONFIRM",
"url": "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail?view=rev&revision=13672"
},
{
"name": "ADV-2009-1296",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1296"
},
{
"name": "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/contrib/decrypt_headers.php?r1=13672&r2=13671&pathrev=13672",
"refsource": "CONFIRM",
"url": "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/contrib/decrypt_headers.php?r1=13672&r2=13671&pathrev=13672"
},
{
"name": "35259",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35259"
},
{
"name": "35052",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35052"
},
{
"name": "squirrelmail-decryptheaders-xss(50460)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50460"
},
{
"name": "FEDORA-2009-4875",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00572.html"
},
{
"name": "RHSA-2009:1066",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2009-1066.html"
},
{
"name": "37415",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37415"
},
{
"name": "35073",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35073"
},
{
"name": "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/functions/global.php?r1=13670&r2=13669&pathrev=13670",
"refsource": "CONFIRM",
"url": "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/functions/global.php?r1=13670&r2=13669&pathrev=13670"
},
{
"name": "http://www.squirrelmail.org/security/issue/2009-05-08",
"refsource": "CONFIRM",
"url": "http://www.squirrelmail.org/security/issue/2009-05-08"
},
{
"name": "ADV-2009-3315",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/3315"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=500363",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=500363"
},
{
"name": "DSA-1802",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2009/dsa-1802"
}
]
}
}

180
2009/1xxx/CVE-2009-1608.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-1608",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple buffer overflows in Microchip MPLAB IDE 8.30 and possibly earlier versions allow user-assisted remote attackers to execute arbitrary code via a .MCP project file with long (1) FILE_INFO, (2) CAT_FILTERS, and possibly other fields."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1608",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20090511 [Bkis-08-2009] Microchip MPLAB IDE Buffer Overflow Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/503400/100/0/threaded"
},
{
"name" : "http://security.bkis.vn/?p=654",
"refsource" : "MISC",
"url" : "http://security.bkis.vn/?p=654"
},
{
"name" : "34897",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/34897"
},
{
"name" : "54370",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/54370"
},
{
"name" : "35054",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35054"
},
{
"name" : "mplabide-catfilters-bo(50419)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/50419"
},
{
"name" : "mplabide-fileinfo-bo(50418)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/50418"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple buffer overflows in Microchip MPLAB IDE 8.30 and possibly earlier versions allow user-assisted remote attackers to execute arbitrary code via a .MCP project file with long (1) FILE_INFO, (2) CAT_FILTERS, and possibly other fields."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "54370",
"refsource": "OSVDB",
"url": "http://osvdb.org/54370"
},
{
"name": "mplabide-catfilters-bo(50419)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50419"
},
{
"name": "35054",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35054"
},
{
"name": "http://security.bkis.vn/?p=654",
"refsource": "MISC",
"url": "http://security.bkis.vn/?p=654"
},
{
"name": "mplabide-fileinfo-bo(50418)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50418"
},
{
"name": "34897",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34897"
},
{
"name": "20090511 [Bkis-08-2009] Microchip MPLAB IDE Buffer Overflow Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/503400/100/0/threaded"
}
]
}
}

170
2009/1xxx/CVE-2009-1683.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-1683",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Telephony component in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to cause a denial of service (device reset) via a crafted ICMP echo request, which triggers an assertion error related to a \"logic issue.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1683",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://support.apple.com/kb/HT3639",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT3639"
},
{
"name" : "APPLE-SA-2009-06-17-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html"
},
{
"name" : "JVN#87239696",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN87239696/index.html"
},
{
"name" : "JVNDB-2009-000040",
"refsource" : "JVNDB",
"url" : "http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000040.html"
},
{
"name" : "35414",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/35414"
},
{
"name" : "ADV-2009-1621",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/1621"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Telephony component in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to cause a denial of service (device reset) via a crafted ICMP echo request, which triggers an assertion error related to a \"logic issue.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://support.apple.com/kb/HT3639",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT3639"
},
{
"name": "ADV-2009-1621",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1621"
},
{
"name": "JVNDB-2009-000040",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000040.html"
},
{
"name": "35414",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35414"
},
{
"name": "APPLE-SA-2009-06-17-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html"
},
{
"name": "JVN#87239696",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN87239696/index.html"
}
]
}
}

150
2009/1xxx/CVE-2009-1783.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-1783",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple FRISK Software F-Prot anti-virus products, including Antivirus for Exchange, Linux on IBM zSeries, Linux x86 File Servers, Linux x86 Mail Servers, Linux x86 Workstations, Solaris Mail Servers, Antivirus for Windows, and others, allow remote attackers to bypass malware detection via a crafted CAB archive."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1783",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20090509 [TZO-21-2009] Fprot CAB bypass / evasion",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/503393/100/0/threaded"
},
{
"name" : "http://blog.zoller.lu/2009/04/advisory-f-prot-frisk-cab-bypass.html",
"refsource" : "MISC",
"url" : "http://blog.zoller.lu/2009/04/advisory-f-prot-frisk-cab-bypass.html"
},
{
"name" : "34896",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/34896"
},
{
"name" : "fprot-cab-security-bypass(50427)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/50427"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple FRISK Software F-Prot anti-virus products, including Antivirus for Exchange, Linux on IBM zSeries, Linux x86 File Servers, Linux x86 Mail Servers, Linux x86 Workstations, Solaris Mail Servers, Antivirus for Windows, and others, allow remote attackers to bypass malware detection via a crafted CAB archive."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://blog.zoller.lu/2009/04/advisory-f-prot-frisk-cab-bypass.html",
"refsource": "MISC",
"url": "http://blog.zoller.lu/2009/04/advisory-f-prot-frisk-cab-bypass.html"
},
{
"name": "34896",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34896"
},
{
"name": "20090509 [TZO-21-2009] Fprot CAB bypass / evasion",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/503393/100/0/threaded"
},
{
"name": "fprot-cab-security-bypass(50427)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50427"
}
]
}
}

240
2009/3xxx/CVE-2009-3238.json
View File

@ -1,122 +1,122 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-3238",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The get_random_int function in drivers/char/random.c in the Linux kernel before 2.6.30 produces insufficiently random numbers, which allows attackers to predict the return value, and possibly defeat protection mechanisms based on randomization, via vectors that leverage the function's tendency to \"return the same value over and over again for long stretches of time.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-3238",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=8a0a9bd4db63bc45e3017bedeafbd88d0eb84d02",
"refsource" : "CONFIRM",
"url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=8a0a9bd4db63bc45e3017bedeafbd88d0eb84d02"
},
{
"name" : "http://patchwork.kernel.org/patch/21766/",
"refsource" : "CONFIRM",
"url" : "http://patchwork.kernel.org/patch/21766/"
},
{
"name" : "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.30",
"refsource" : "CONFIRM",
"url" : "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.30"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=499785",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=499785"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=519692",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=519692"
},
{
"name" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03836en_us",
"refsource" : "CONFIRM",
"url" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03836en_us"
},
{
"name" : "RHSA-2009:1438",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2009-1438.html"
},
{
"name" : "SUSE-SA:2009:054",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00005.html"
},
{
"name" : "SUSE-SA:2010:012",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html"
},
{
"name" : "USN-852-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-852-1"
},
{
"name" : "oval:org.mitre.oval:def:11168",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11168"
},
{
"name" : "37351",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/37351"
},
{
"name" : "37105",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/37105"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The get_random_int function in drivers/char/random.c in the Linux kernel before 2.6.30 produces insufficiently random numbers, which allows attackers to predict the return value, and possibly defeat protection mechanisms based on randomization, via vectors that leverage the function's tendency to \"return the same value over and over again for long stretches of time.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03836en_us",
"refsource": "CONFIRM",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03836en_us"
},
{
"name": "USN-852-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-852-1"
},
{
"name": "http://patchwork.kernel.org/patch/21766/",
"refsource": "CONFIRM",
"url": "http://patchwork.kernel.org/patch/21766/"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=519692",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=519692"
},
{
"name": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.30",
"refsource": "CONFIRM",
"url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.30"
},
{
"name": "37351",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37351"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=499785",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=499785"
},
{
"name": "SUSE-SA:2010:012",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html"
},
{
"name": "oval:org.mitre.oval:def:11168",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11168"
},
{
"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=8a0a9bd4db63bc45e3017bedeafbd88d0eb84d02",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=8a0a9bd4db63bc45e3017bedeafbd88d0eb84d02"
},
{
"name": "RHSA-2009:1438",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2009-1438.html"
},
{
"name": "SUSE-SA:2009:054",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00005.html"
},
{
"name": "37105",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37105"
}
]
}
}

170
2009/3xxx/CVE-2009-3663.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-3663",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Format string vulnerability in the h_readrequest function in http.c in httpdx Web Server 1.4 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via format string specifiers in the Host header."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-3663",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "9657",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/9657"
},
{
"name" : "http://httpdx.sourceforge.net/downloads/changelog.log",
"refsource" : "CONFIRM",
"url" : "http://httpdx.sourceforge.net/downloads/changelog.log"
},
{
"name" : "58129",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/58129"
},
{
"name" : "36734",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/36734"
},
{
"name" : "ADV-2009-2654",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/2654"
},
{
"name" : "httpdx-hostheader-format-string(53205)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/53205"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Format string vulnerability in the h_readrequest function in http.c in httpdx Web Server 1.4 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via format string specifiers in the Host header."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "58129",
"refsource": "OSVDB",
"url": "http://osvdb.org/58129"
},
{
"name": "httpdx-hostheader-format-string(53205)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53205"
},
{
"name": "9657",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/9657"
},
{
"name": "36734",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36734"
},
{
"name": "ADV-2009-2654",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/2654"
},
{
"name": "http://httpdx.sourceforge.net/downloads/changelog.log",
"refsource": "CONFIRM",
"url": "http://httpdx.sourceforge.net/downloads/changelog.log"
}
]
}
}

160
2009/4xxx/CVE-2009-4692.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-4692",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in index.php in RadScripts RadLance Gold 7.5 allows remote attackers to inject arbitrary web script or HTML via the pr parameter in a ulist action."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4692",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "9195",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/9195"
},
{
"name" : "35730",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/35730"
},
{
"name" : "55949",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/55949"
},
{
"name" : "35826",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35826"
},
{
"name" : "radlance-index-xss(51835)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/51835"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in index.php in RadScripts RadLance Gold 7.5 allows remote attackers to inject arbitrary web script or HTML via the pr parameter in a ulist action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "35826",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35826"
},
{
"name": "55949",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/55949"
},
{
"name": "9195",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/9195"
},
{
"name": "35730",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35730"
},
{
"name": "radlance-index-xss(51835)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51835"
}
]
}
}

140
2009/4xxx/CVE-2009-4711.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-4711",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in the CoolURI (cooluri) extension before 1.0.16 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, a different vulnerability than CVE-2008-6686."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4711",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-010/",
"refsource" : "CONFIRM",
"url" : "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-010/"
},
{
"name" : "35872",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/35872"
},
{
"name" : "36082",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/36082"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the CoolURI (cooluri) extension before 1.0.16 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, a different vulnerability than CVE-2008-6686."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "35872",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35872"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-010/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-010/"
},
{
"name": "36082",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36082"
}
]
}
}

140
2009/4xxx/CVE-2009-4990.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-4990",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the Webform report module 5.x and 6.x for Drupal allows remote attackers to inject arbitrary web script or HTML via a submission."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4990",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://drupal.org/node/540980",
"refsource" : "CONFIRM",
"url" : "http://drupal.org/node/540980"
},
{
"name" : "35953",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/35953"
},
{
"name" : "36181",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/36181"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Webform report module 5.x and 6.x for Drupal allows remote attackers to inject arbitrary web script or HTML via a submission."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "35953",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35953"
},
{
"name": "http://drupal.org/node/540980",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/540980"
},
{
"name": "36181",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36181"
}
]
}
}

190
2012/2xxx/CVE-2012-2147.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-2147",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "munin-cgi-graph in Munin 2.0 rc4 allows remote attackers to cause a denial of service (disk or memory consumption) via many image requests with large values in the (1) size_x or (2) size_y parameters."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-2147",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20120417 RE: CVE Request (minor) -- Two Munin graphing framework flaws",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2012/04/18/2"
},
{
"name" : "[oss-security] 20120417 Re: CVE Request (minor) -- Two Munin graphing framework flaws",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2012/04/17/2"
},
{
"name" : "[oss-security] 20120418 Re: Bug#668667: CVE Request (minor) -- Two Munin graphing framework flaws",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2012/04/19/4"
},
{
"name" : "[oss-security] 20120418 Re: CVE Request (minor) -- Two Munin graphing framework flaws",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2012/04/19/3"
},
{
"name" : "[oss-security] 20120419 Re: [Packaging] Bug#668667: CVE Request (minor) -- Two Munin graphing framework flaws",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2012/04/19/5"
},
{
"name" : "[oss-security] 20120427 Re: Bug#668667: CVE Request (minor) -- Two Munin graphing framework flaws",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2012/04/27/7"
},
{
"name" : "[oss-security] 20120429 Re: Bug#668667: CVE Request (minor) -- Two Munin graphing framework flaws",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2012/04/29/2"
},
{
"name" : "munin-image-requests-dos(78924)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/78924"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "munin-cgi-graph in Munin 2.0 rc4 allows remote attackers to cause a denial of service (disk or memory consumption) via many image requests with large values in the (1) size_x or (2) size_y parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20120419 Re: [Packaging] Bug#668667: CVE Request (minor) -- Two Munin graphing framework flaws",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/04/19/5"
},
{
"name": "[oss-security] 20120417 Re: CVE Request (minor) -- Two Munin graphing framework flaws",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/04/17/2"
},
{
"name": "[oss-security] 20120427 Re: Bug#668667: CVE Request (minor) -- Two Munin graphing framework flaws",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/04/27/7"
},
{
"name": "munin-image-requests-dos(78924)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78924"
},
{
"name": "[oss-security] 20120418 Re: Bug#668667: CVE Request (minor) -- Two Munin graphing framework flaws",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/04/19/4"
},
{
"name": "[oss-security] 20120418 Re: CVE Request (minor) -- Two Munin graphing framework flaws",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/04/19/3"
},
{
"name": "[oss-security] 20120429 Re: Bug#668667: CVE Request (minor) -- Two Munin graphing framework flaws",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/04/29/2"
},
{
"name": "[oss-security] 20120417 RE: CVE Request (minor) -- Two Munin graphing framework flaws",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/04/18/2"
}
]
}
}

140
2012/2xxx/CVE-2012-2244.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-2244",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Mahara 1.4.x before 1.4.5 and 1.5.x before 1.5.4 allows remote authenticated administrators to execute arbitrary programs by modifying the path to clamav. NOTE: this can be exploited without authentication by leveraging CVE-2012-2243."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2012-2244",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugs.launchpad.net/mahara/+bug/1057238",
"refsource" : "CONFIRM",
"url" : "https://bugs.launchpad.net/mahara/+bug/1057238"
},
{
"name" : "https://mahara.org/interaction/forum/topic.php?id=4936",
"refsource" : "CONFIRM",
"url" : "https://mahara.org/interaction/forum/topic.php?id=4936"
},
{
"name" : "DSA-2591",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2012/dsa-2591"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mahara 1.4.x before 1.4.5 and 1.5.x before 1.5.4 allows remote authenticated administrators to execute arbitrary programs by modifying the path to clamav. NOTE: this can be exploited without authentication by leveraging CVE-2012-2243."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-2591",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2591"
},
{
"name": "https://bugs.launchpad.net/mahara/+bug/1057238",
"refsource": "CONFIRM",
"url": "https://bugs.launchpad.net/mahara/+bug/1057238"
},
{
"name": "https://mahara.org/interaction/forum/topic.php?id=4936",
"refsource": "CONFIRM",
"url": "https://mahara.org/interaction/forum/topic.php?id=4936"
}
]
}
}

150
2012/2xxx/CVE-2012-2915.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-2915",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in Lattice Semiconductor PAC-Designer 6.2.1344 allows remote attackers to execute arbitrary code via a long string in a Value tag in a SymbolicSchematicData definition tag in PAC Design (.pac) file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-2915",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "53566",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/53566"
},
{
"name" : "82001",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/82001"
},
{
"name" : "48741",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/48741"
},
{
"name" : "pacdesigner-pac-bo(75698)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/75698"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in Lattice Semiconductor PAC-Designer 6.2.1344 allows remote attackers to execute arbitrary code via a long string in a Value tag in a SymbolicSchematicData definition tag in PAC Design (.pac) file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "pacdesigner-pac-bo(75698)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75698"
},
{
"name": "48741",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48741"
},
{
"name": "82001",
"refsource": "OSVDB",
"url": "http://osvdb.org/82001"
},
{
"name": "53566",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/53566"
}
]
}
}

190
2015/1xxx/CVE-2015-1099.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-1099",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Race condition in the setreuid system-call implementation in the kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 allows attackers to cause a denial of service via a crafted app."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2015-1099",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://support.apple.com/HT204659",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT204659"
},
{
"name" : "https://support.apple.com/HT204661",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT204661"
},
{
"name" : "https://support.apple.com/HT204662",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT204662"
},
{
"name" : "https://support.apple.com/kb/HT204870",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/kb/HT204870"
},
{
"name" : "APPLE-SA-2015-04-08-2",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html"
},
{
"name" : "APPLE-SA-2015-04-08-3",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2015/Apr/msg00002.html"
},
{
"name" : "APPLE-SA-2015-04-08-4",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2015/Apr/msg00003.html"
},
{
"name" : "1032048",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1032048"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Race condition in the setreuid system-call implementation in the kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 allows attackers to cause a denial of service via a crafted app."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/HT204659",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT204659"
},
{
"name": "https://support.apple.com/kb/HT204870",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT204870"
},
{
"name": "APPLE-SA-2015-04-08-3",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00002.html"
},
{
"name": "1032048",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032048"
},
{
"name": "APPLE-SA-2015-04-08-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html"
},
{
"name": "https://support.apple.com/HT204662",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT204662"
},
{
"name": "APPLE-SA-2015-04-08-4",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00003.html"
},
{
"name": "https://support.apple.com/HT204661",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT204661"
}
]
}
}

180
2015/1xxx/CVE-2015-1338.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-1338",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "kernel_crashdump in Apport before 2.19 allows local users to cause a denial of service (disk consumption) or possibly gain privileges via a (1) symlink or (2) hard link attack on /var/crash/vmcore.log."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@ubuntu.com",
"ID": "CVE-2015-1338",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "38353",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/38353/"
},
{
"name" : "20150927 Apport kernel_crashdump symlink vulnerability exploitation",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2015/Sep/101"
},
{
"name" : "http://packetstormsecurity.com/files/133723/Ubuntu-Apport-kernel_crashdump-Symlink.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/133723/Ubuntu-Apport-kernel_crashdump-Symlink.html"
},
{
"name" : "http://www.halfdog.net/Security/2015/ApportKernelCrashdumpFileAccessVulnerabilities/",
"refsource" : "MISC",
"url" : "http://www.halfdog.net/Security/2015/ApportKernelCrashdumpFileAccessVulnerabilities/"
},
{
"name" : "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1492570",
"refsource" : "CONFIRM",
"url" : "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1492570"
},
{
"name" : "https://launchpad.net/apport/trunk/2.19",
"refsource" : "CONFIRM",
"url" : "https://launchpad.net/apport/trunk/2.19"
},
{
"name" : "USN-2744-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2744-1"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "kernel_crashdump in Apport before 2.19 allows local users to cause a denial of service (disk consumption) or possibly gain privileges via a (1) symlink or (2) hard link attack on /var/crash/vmcore.log."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-2744-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2744-1"
},
{
"name": "https://launchpad.net/apport/trunk/2.19",
"refsource": "CONFIRM",
"url": "https://launchpad.net/apport/trunk/2.19"
},
{
"name": "38353",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/38353/"
},
{
"name": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1492570",
"refsource": "CONFIRM",
"url": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1492570"
},
{
"name": "http://www.halfdog.net/Security/2015/ApportKernelCrashdumpFileAccessVulnerabilities/",
"refsource": "MISC",
"url": "http://www.halfdog.net/Security/2015/ApportKernelCrashdumpFileAccessVulnerabilities/"
},
{
"name": "20150927 Apport kernel_crashdump symlink vulnerability exploitation",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2015/Sep/101"
},
{
"name": "http://packetstormsecurity.com/files/133723/Ubuntu-Apport-kernel_crashdump-Symlink.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/133723/Ubuntu-Apport-kernel_crashdump-Symlink.html"
}
]
}
}

130
2015/1xxx/CVE-2015-1499.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-1499",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The ActiveMQ Broker in Samsung Security Manager (SSM) before 1.31 allows remote attackers to delete arbitrary files, and consequently cause a denial of service, via a DELETE request."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-1499",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.zerodayinitiative.com/advisories/ZDI-15-041/",
"refsource" : "MISC",
"url" : "http://www.zerodayinitiative.com/advisories/ZDI-15-041/"
},
{
"name" : "samsung-security-cve20151499-dos(100918)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/100918"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The ActiveMQ Broker in Samsung Security Manager (SSM) before 1.31 allows remote attackers to delete arbitrary files, and consequently cause a denial of service, via a DELETE request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "samsung-security-cve20151499-dos(100918)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100918"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-15-041/",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-15-041/"
}
]
}
}

130
2015/1xxx/CVE-2015-1632.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-1632",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in errorfe.aspx in Outlook Web App (OWA) in Microsoft Exchange Server 2013 SP1 and Cumulative Update 7 allows remote attackers to inject arbitrary web script or HTML via the msgParam parameter in an authError action, aka \"Exchange Error Message Cross Site Scripting Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2015-1632",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "MS15-026",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-026"
},
{
"name" : "1031900",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1031900"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in errorfe.aspx in Outlook Web App (OWA) in Microsoft Exchange Server 2013 SP1 and Cumulative Update 7 allows remote attackers to inject arbitrary web script or HTML via the msgParam parameter in an authError action, aka \"Exchange Error Message Cross Site Scripting Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MS15-026",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-026"
},
{
"name": "1031900",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031900"
}
]
}
}

130
2015/5xxx/CVE-2015-5054.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-5054",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Open redirect vulnerability in Ellucian (formerly SunGard) Banner Student 8.5.1.2 through 8.7 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in an unspecified parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-5054",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20151202 Ellucian Banner Student Vulnerability Disclosure",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/537029/100/0/threaded"
},
{
"name" : "http://packetstormsecurity.com/files/134622/Banner-Student-XSS-Information-Disclosure-Open-Redirect.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/134622/Banner-Student-XSS-Information-Disclosure-Open-Redirect.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Open redirect vulnerability in Ellucian (formerly SunGard) Banner Student 8.5.1.2 through 8.7 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in an unspecified parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/134622/Banner-Student-XSS-Information-Disclosure-Open-Redirect.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/134622/Banner-Student-XSS-Information-Disclosure-Open-Redirect.html"
},
{
"name": "20151202 Ellucian Banner Student Vulnerability Disclosure",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/537029/100/0/threaded"
}
]
}
}

34
2015/5xxx/CVE-2015-5984.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-5984",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2015-5984",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none."
}
]
}
}

120
2018/11xxx/CVE-2018-11025.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-11025",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "kernel/omap/drivers/mfd/twl6030-gpadc.c in the kernel component in Amazon Kindle Fire HD(3rd) Fire OS 4.5.5.3 allows attackers to inject a crafted argument via the argument of an ioctl on device /dev/twl6030-gpadc with the command 24832 and cause a kernel crash."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-11025",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/datadancer/HIAFuzz/blob/master/CVE-Advisory.md",
"refsource" : "MISC",
"url" : "https://github.com/datadancer/HIAFuzz/blob/master/CVE-Advisory.md"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "kernel/omap/drivers/mfd/twl6030-gpadc.c in the kernel component in Amazon Kindle Fire HD(3rd) Fire OS 4.5.5.3 allows attackers to inject a crafted argument via the argument of an ioctl on device /dev/twl6030-gpadc with the command 24832 and cause a kernel crash."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/datadancer/HIAFuzz/blob/master/CVE-Advisory.md",
"refsource": "MISC",
"url": "https://github.com/datadancer/HIAFuzz/blob/master/CVE-Advisory.md"
}
]
}
}

130
2018/11xxx/CVE-2018-11206.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-11206",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An out of bounds read was discovered in H5O_fill_new_decode and H5O_fill_old_decode in H5Ofill.c in the HDF HDF5 1.10.2 library. It could allow a remote denial of service or information disclosure attack."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-11206",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/TeamSeri0us/pocs/blob/master/hdf5/README2.md",
"refsource" : "MISC",
"url" : "https://github.com/TeamSeri0us/pocs/blob/master/hdf5/README2.md"
},
{
"name" : "https://github.com/Twi1ight/fuzzing-pocs/tree/master/hdf5",
"refsource" : "MISC",
"url" : "https://github.com/Twi1ight/fuzzing-pocs/tree/master/hdf5"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An out of bounds read was discovered in H5O_fill_new_decode and H5O_fill_old_decode in H5Ofill.c in the HDF HDF5 1.10.2 library. It could allow a remote denial of service or information disclosure attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/TeamSeri0us/pocs/blob/master/hdf5/README2.md",
"refsource": "MISC",
"url": "https://github.com/TeamSeri0us/pocs/blob/master/hdf5/README2.md"
},
{
"name": "https://github.com/Twi1ight/fuzzing-pocs/tree/master/hdf5",
"refsource": "MISC",
"url": "https://github.com/Twi1ight/fuzzing-pocs/tree/master/hdf5"
}
]
}
}

142
2018/11xxx/CVE-2018-11464.json
View File

@ -1,73 +1,73 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "productcert@siemens.com",
"ID" : "CVE-2018-11464",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "SINUMERIK 828D V4.7, SINUMERIK 840D sl V4.7, SINUMERIK 840D sl V4.8",
"version" : {
"version_data" : [
{
"version_value" : "SINUMERIK 828D V4.7 : All versions < V4.7 SP6 HF1"
},
{
"version_value" : "SINUMERIK 840D sl V4.7 : All versions < V4.7 SP6 HF5"
},
{
"version_value" : "SINUMERIK 840D sl V4.8 : All versions < V4.8 SP3"
}
]
}
}
]
},
"vendor_name" : "Siemens AG"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A vulnerability has been identified in SINUMERIK 828D V4.7 (All versions < V4.7 SP6 HF1), SINUMERIK 840D sl V4.7 (All versions < V4.7 SP6 HF5), SINUMERIK 840D sl V4.8 (All versions < V4.8 SP3). The integrated VNC server on port 5900/tcp of the affected products could allow a remote attacker to cause a Denial-of-Service condition of the VNC server. Please note that this vulnerability is only exploitable if port 5900/tcp is manually opened in the firewall configuration of network port X130. The security vulnerability could be exploited by an attacker with network access to the affected devices and port. Successful exploitation requires no privileges and no user interaction. The vulnerability could allow an attacker to compromise availability of the VNC server. At the time of advisory publication no public exploitation of this security vulnerability was known."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-248: Uncaught Exception"
}
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2018-11464",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SINUMERIK 828D V4.7, SINUMERIK 840D sl V4.7, SINUMERIK 840D sl V4.8",
"version": {
"version_data": [
{
"version_value": "SINUMERIK 828D V4.7 : All versions < V4.7 SP6 HF1"
},
{
"version_value": "SINUMERIK 840D sl V4.7 : All versions < V4.7 SP6 HF5"
},
{
"version_value": "SINUMERIK 840D sl V4.8 : All versions < V4.8 SP3"
}
]
}
}
]
},
"vendor_name": "Siemens AG"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://cert-portal.siemens.com/productcert/pdf/ssa-170881.pdf",
"refsource" : "CONFIRM",
"url" : "https://cert-portal.siemens.com/productcert/pdf/ssa-170881.pdf"
},
{
"name" : "106185",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/106185"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SINUMERIK 828D V4.7 (All versions < V4.7 SP6 HF1), SINUMERIK 840D sl V4.7 (All versions < V4.7 SP6 HF5), SINUMERIK 840D sl V4.8 (All versions < V4.8 SP3). The integrated VNC server on port 5900/tcp of the affected products could allow a remote attacker to cause a Denial-of-Service condition of the VNC server. Please note that this vulnerability is only exploitable if port 5900/tcp is manually opened in the firewall configuration of network port X130. The security vulnerability could be exploited by an attacker with network access to the affected devices and port. Successful exploitation requires no privileges and no user interaction. The vulnerability could allow an attacker to compromise availability of the VNC server. At the time of advisory publication no public exploitation of this security vulnerability was known."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-248: Uncaught Exception"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "106185",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106185"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-170881.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-170881.pdf"
}
]
}
}

34
2018/11xxx/CVE-2018-11667.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-11667",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-11667",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

130
2018/15xxx/CVE-2018-15192.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-15192",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An SSRF vulnerability in webhooks in Gitea through 1.5.0-rc2 and Gogs through 0.11.53 allows remote attackers to access intranet services."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-15192",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/go-gitea/gitea/issues/4624",
"refsource" : "MISC",
"url" : "https://github.com/go-gitea/gitea/issues/4624"
},
{
"name" : "https://github.com/gogs/gogs/issues/5366",
"refsource" : "MISC",
"url" : "https://github.com/gogs/gogs/issues/5366"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An SSRF vulnerability in webhooks in Gitea through 1.5.0-rc2 and Gogs through 0.11.53 allows remote attackers to access intranet services."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/gogs/gogs/issues/5366",
"refsource": "MISC",
"url": "https://github.com/gogs/gogs/issues/5366"
},
{
"name": "https://github.com/go-gitea/gitea/issues/4624",
"refsource": "MISC",
"url": "https://github.com/go-gitea/gitea/issues/4624"
}
]
}
}

188
2018/15xxx/CVE-2018-15465.json
View File

@ -1,96 +1,96 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@cisco.com",
"DATE_PUBLIC" : "2018-12-19T16:00:00-0800",
"ID" : "CVE-2018-15465",
"STATE" : "PUBLIC",
"TITLE" : "Cisco Adaptive Security Appliance Software Privilege Escalation Vulnerability"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Cisco Adaptive Security Appliance (ASA) Software ",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "Cisco"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A vulnerability in the authorization subsystem of Cisco Adaptive Security Appliance (ASA) Software could allow an authenticated, but unprivileged (levels 0 and 1), remote attacker to perform privileged actions by using the web management interface. The vulnerability is due to improper validation of user privileges when using the web management interface. An attacker could exploit this vulnerability by sending specific HTTP requests via HTTPS to an affected device as an unprivileged user. An exploit could allow the attacker to retrieve files (including the running configuration) from the device or to upload and replace software images on the device."
}
]
},
"exploit" : [
{
"lang" : "eng",
"value" : "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. "
}
],
"impact" : {
"cvss" : {
"baseScore" : "8.1",
"vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N ",
"version" : "3.0"
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-285"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC": "2018-12-19T16:00:00-0800",
"ID": "CVE-2018-15465",
"STATE": "PUBLIC",
"TITLE": "Cisco Adaptive Security Appliance Software Privilege Escalation Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco Adaptive Security Appliance (ASA) Software ",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "Cisco"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.tenable.com/security/research/tra-2018-46",
"refsource" : "MISC",
"url" : "https://www.tenable.com/security/research/tra-2018-46"
},
{
"name" : "20181219 Cisco Adaptive Security Appliance Software Privilege Escalation Vulnerability",
"refsource" : "CISCO",
"url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181219-asa-privesc"
},
{
"name" : "106256",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/106256"
}
]
},
"source" : {
"advisory" : "cisco-sa-20181219-asa-privesc",
"defect" : [
[
"CSCvm53531"
]
],
"discovery" : "INTERNAL"
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the authorization subsystem of Cisco Adaptive Security Appliance (ASA) Software could allow an authenticated, but unprivileged (levels 0 and 1), remote attacker to perform privileged actions by using the web management interface. The vulnerability is due to improper validation of user privileges when using the web management interface. An attacker could exploit this vulnerability by sending specific HTTP requests via HTTPS to an affected device as an unprivileged user. An exploit could allow the attacker to retrieve files (including the running configuration) from the device or to upload and replace software images on the device."
}
]
},
"exploit": [
{
"lang": "eng",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. "
}
],
"impact": {
"cvss": {
"baseScore": "8.1",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N ",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-285"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "106256",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106256"
},
{
"name": "https://www.tenable.com/security/research/tra-2018-46",
"refsource": "MISC",
"url": "https://www.tenable.com/security/research/tra-2018-46"
},
{
"name": "20181219 Cisco Adaptive Security Appliance Software Privilege Escalation Vulnerability",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181219-asa-privesc"
}
]
},
"source": {
"advisory": "cisco-sa-20181219-asa-privesc",
"defect": [
[
"CSCvm53531"
]
],
"discovery": "INTERNAL"
}
}

34
2018/15xxx/CVE-2018-15815.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-15815",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-15815",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

132
2018/3xxx/CVE-2018-3069.json
View File

@ -1,68 +1,68 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2018-3069",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Agile Product Lifecycle Management for Process",
"version" : {
"version_data" : [
{
"version_affected" : "=",
"version_value" : "6.2.0.0"
}
]
}
}
]
},
"vendor_name" : "Oracle Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in the Oracle Agile Product Lifecycle Management for Process component of Oracle Supply Chain Products Suite (subcomponent: Installation). The supported version that is affected is 6.2.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Agile Product Lifecycle Management for Process. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Agile Product Lifecycle Management for Process accessible data. CVSS 3.0 Base Score 2.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Agile Product Lifecycle Management for Process. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Agile Product Lifecycle Management for Process accessible data."
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2018-3069",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Agile Product Lifecycle Management for Process",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "6.2.0.0"
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"name" : "104770",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/104770"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the Oracle Agile Product Lifecycle Management for Process component of Oracle Supply Chain Products Suite (subcomponent: Installation). The supported version that is affected is 6.2.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Agile Product Lifecycle Management for Process. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Agile Product Lifecycle Management for Process accessible data. CVSS 3.0 Base Score 2.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Agile Product Lifecycle Management for Process. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Agile Product Lifecycle Management for Process accessible data."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"name": "104770",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104770"
}
]
}
}

34
2018/3xxx/CVE-2018-3375.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-3375",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-3375",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

122
2018/3xxx/CVE-2018-3880.json
View File

@ -1,63 +1,63 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "talos-cna@cisco.com",
"DATE_PUBLIC" : "2018-07-26T00:00:00",
"ID" : "CVE-2018-3880",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Samsung",
"version" : {
"version_data" : [
{
"version_value" : "Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17"
}
]
}
}
]
},
"vendor_name" : "Samsung"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An exploitable stack-based buffer overflow vulnerability exists in the database 'find-by-cameraId' functionality of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The video-core process incorrectly handles existing records inside its SQLite database, leading to a buffer overflow on the stack. An attacker can send an HTTP request to trigger this vulnerability."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Classic Buffer Overflow"
}
"CVE_data_meta": {
"ASSIGNER": "talos-cna@cisco.com",
"DATE_PUBLIC": "2018-07-26T00:00:00",
"ID": "CVE-2018-3880",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Samsung",
"version": {
"version_data": [
{
"version_value": "Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17"
}
]
}
}
]
},
"vendor_name": "Samsung"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0557",
"refsource" : "MISC",
"url" : "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0557"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An exploitable stack-based buffer overflow vulnerability exists in the database 'find-by-cameraId' functionality of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The video-core process incorrectly handles existing records inside its SQLite database, leading to a buffer overflow on the stack. An attacker can send an HTTP request to trigger this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Classic Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0557",
"refsource": "MISC",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0557"
}
]
}
}

120
2018/3xxx/CVE-2018-3934.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "talos-cna@cisco.com",
"ID" : "CVE-2018-3934",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Yi Technology",
"version" : {
"version_data" : [
{
"version_value" : "Yi Technology Home Camera 27US 1.8.7.0D"
}
]
}
}
]
},
"vendor_name" : "unknown"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An exploitable code execution vulnerability exists in the firmware update functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted set of UDP packets can cause a logic flaw, resulting in an authentication bypass. An attacker can sniff network traffic and send a set of packets to trigger this vulnerability."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "code execution"
}
"CVE_data_meta": {
"ASSIGNER": "talos-cna@cisco.com",
"ID": "CVE-2018-3934",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Yi Technology",
"version": {
"version_data": [
{
"version_value": "Yi Technology Home Camera 27US 1.8.7.0D"
}
]
}
}
]
},
"vendor_name": "unknown"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0601",
"refsource" : "MISC",
"url" : "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0601"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An exploitable code execution vulnerability exists in the firmware update functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted set of UDP packets can cause a logic flaw, resulting in an authentication bypass. An attacker can sniff network traffic and send a set of packets to trigger this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "code execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0601",
"refsource": "MISC",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0601"
}
]
}
}

140
2018/7xxx/CVE-2018-7171.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-7171",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in Twonky Server 7.0.11 through 8.5 allows remote attackers to share the contents of arbitrary directories via a .. (dot dot) in the contentbase parameter to rpc/set_all."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-7171",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "44350",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/44350/"
},
{
"name" : "http://packetstormsecurity.com/files/146938/TwonkyMedia-Server-7.0.11-8.5-Directory-Traversal.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/146938/TwonkyMedia-Server-7.0.11-8.5-Directory-Traversal.html"
},
{
"name" : "https://github.com/mechanico/sharingIsCaring/blob/master/twonky.py",
"refsource" : "MISC",
"url" : "https://github.com/mechanico/sharingIsCaring/blob/master/twonky.py"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in Twonky Server 7.0.11 through 8.5 allows remote attackers to share the contents of arbitrary directories via a .. (dot dot) in the contentbase parameter to rpc/set_all."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/mechanico/sharingIsCaring/blob/master/twonky.py",
"refsource": "MISC",
"url": "https://github.com/mechanico/sharingIsCaring/blob/master/twonky.py"
},
{
"name": "http://packetstormsecurity.com/files/146938/TwonkyMedia-Server-7.0.11-8.5-Directory-Traversal.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/146938/TwonkyMedia-Server-7.0.11-8.5-Directory-Traversal.html"
},
{
"name": "44350",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/44350/"
}
]
}
}

166
2018/8xxx/CVE-2018-8253.json
View File

@ -1,85 +1,85 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "Secure@Microsoft.com",
"ID" : "CVE-2018-8253",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Windows Server 2016",
"version" : {
"version_data" : [
{
"version_value" : "(Server Core installation)"
}
]
}
},
{
"product_name" : "Windows 10",
"version" : {
"version_data" : [
{
"version_value" : "Version 1607 for 32-bit Systems"
},
{
"version_value" : "Version 1607 for x64-based Systems"
}
]
}
}
]
},
"vendor_name" : "Microsoft"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An elevation of privilege vulnerability exists when Microsoft Cortana allows arbitrary website browsing on the lockscreen, aka \"Microsoft Cortana Elevation of Privilege Vulnerability.\" This affects Windows Server 2016, Windows 10."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Elevation of Privilege"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2018-8253",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Windows Server 2016",
"version": {
"version_data": [
{
"version_value": "(Server Core installation)"
}
]
}
},
{
"product_name": "Windows 10",
"version": {
"version_data": [
{
"version_value": "Version 1607 for 32-bit Systems"
},
{
"version_value": "Version 1607 for x64-based Systems"
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8253",
"refsource" : "CONFIRM",
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8253"
},
{
"name" : "105009",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/105009"
},
{
"name" : "1041477",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1041477"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An elevation of privilege vulnerability exists when Microsoft Cortana allows arbitrary website browsing on the lockscreen, aka \"Microsoft Cortana Elevation of Privilege Vulnerability.\" This affects Windows Server 2016, Windows 10."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of Privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1041477",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041477"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8253",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8253"
},
{
"name": "105009",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105009"
}
]
}
}

220
2018/8xxx/CVE-2018-8280.json
View File

@ -1,112 +1,112 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "Secure@Microsoft.com",
"ID" : "CVE-2018-8280",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Microsoft Edge",
"version" : {
"version_data" : [
{
"version_value" : "Windows 10 for 32-bit Systems"
},
{
"version_value" : "Windows 10 for x64-based Systems"
},
{
"version_value" : "Windows 10 Version 1607 for 32-bit Systems"
},
{
"version_value" : "Windows 10 Version 1607 for x64-based Systems"
},
{
"version_value" : "Windows 10 Version 1703 for 32-bit Systems"
},
{
"version_value" : "Windows 10 Version 1703 for x64-based Systems"
},
{
"version_value" : "Windows 10 Version 1709 for 32-bit Systems"
},
{
"version_value" : "Windows 10 Version 1709 for x64-based Systems"
},
{
"version_value" : "Windows 10 Version 1803 for 32-bit Systems"
},
{
"version_value" : "Windows 10 Version 1803 for x64-based Systems"
},
{
"version_value" : "Windows Server 2016"
}
]
}
},
{
"product_name" : "ChakraCore",
"version" : {
"version_data" : [
{
"version_value" : "ChakraCore"
}
]
}
}
]
},
"vendor_name" : "Microsoft"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka \"Chakra Scripting Engine Memory Corruption Vulnerability.\" This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8286, CVE-2018-8290, CVE-2018-8294."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Remote Code Execution"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2018-8280",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft Edge",
"version": {
"version_data": [
{
"version_value": "Windows 10 for 32-bit Systems"
},
{
"version_value": "Windows 10 for x64-based Systems"
},
{
"version_value": "Windows 10 Version 1607 for 32-bit Systems"
},
{
"version_value": "Windows 10 Version 1607 for x64-based Systems"
},
{
"version_value": "Windows 10 Version 1703 for 32-bit Systems"
},
{
"version_value": "Windows 10 Version 1703 for x64-based Systems"
},
{
"version_value": "Windows 10 Version 1709 for 32-bit Systems"
},
{
"version_value": "Windows 10 Version 1709 for x64-based Systems"
},
{
"version_value": "Windows 10 Version 1803 for 32-bit Systems"
},
{
"version_value": "Windows 10 Version 1803 for x64-based Systems"
},
{
"version_value": "Windows Server 2016"
}
]
}
},
{
"product_name": "ChakraCore",
"version": {
"version_data": [
{
"version_value": "ChakraCore"
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8280",
"refsource" : "CONFIRM",
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8280"
},
{
"name" : "104642",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/104642"
},
{
"name" : "1041256",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1041256"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka \"Chakra Scripting Engine Memory Corruption Vulnerability.\" This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8286, CVE-2018-8290, CVE-2018-8294."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1041256",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041256"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8280",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8280"
},
{
"name": "104642",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104642"
}
]
}
}

132
2018/8xxx/CVE-2018-8862.json
View File

@ -1,68 +1,68 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "ics-cert@hq.dhs.gov",
"DATE_PUBLIC" : "2018-04-10T00:00:00",
"ID" : "CVE-2018-8862",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Emergency Mass Notification Systems",
"version" : {
"version_data" : [
{
"version_value" : "The following ATI's Emergency Mass Notification Systems devices are affected: HPSS16, HPSS32, MHPSS, and ALERT4000."
}
]
}
}
]
},
"vendor_name" : "Acoustic Technology, Inc. (ATI Systems)"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In ATI Systems Emergency Mass Notification Systems (HPSS16, HPSS32, MHPSS, and ALERT4000) devices, an improper authentication vulnerability caused by specially crafted malicious radio transmissions may allow an attacker to remotely trigger false alarms."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "IMPROPER AUTHENTICATION CWE-287"
}
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2018-04-10T00:00:00",
"ID": "CVE-2018-8862",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Emergency Mass Notification Systems",
"version": {
"version_data": [
{
"version_value": "The following ATI's Emergency Mass Notification Systems devices are affected: HPSS16, HPSS32, MHPSS, and ALERT4000."
}
]
}
}
]
},
"vendor_name": "Acoustic Technology, Inc. (ATI Systems)"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-100-01",
"refsource" : "MISC",
"url" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-100-01"
},
{
"name" : "103721",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/103721"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In ATI Systems Emergency Mass Notification Systems (HPSS16, HPSS32, MHPSS, and ALERT4000) devices, an improper authentication vulnerability caused by specially crafted malicious radio transmissions may allow an attacker to remotely trigger false alarms."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "IMPROPER AUTHENTICATION CWE-287"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "103721",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103721"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-100-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-100-01"
}
]
}
}