admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-29 05:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

CVE-2017-20104 - CVE-2017-20107

Browse Source
This commit is contained in:
Marc Ruef 2022-06-28 08:37:39 +02:00 committed by GitHub
parent 67fc694b58
commit 6ed3603ab9
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 236 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

62
2017/20xxx/CVE-2017-20104.json
View File

@ -4,14 +4,70 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2017-20104",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"TITLE": "Simplessus Cookie Time sql injection",
"REQUESTER": "cna@vuldb.com",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"generator": "vuldb.com",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "",
"product": {
"product_data": [
{
"product_name": "Simplessus",
"version": {
"version_data": [
{
"version_value": "3.7.7"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 SQL Injection"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability was found in Simplessus 3.7.7. It has been declared as critical. This vulnerability affects unknown code of the component Cookie Handler. The manipulation of the argument UWA_SID leads to sql injection (Time). The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 3.8.3 is able to address this issue. It is recommended to upgrade the affected component."
}
]
},
"credit": "Dr. Adrian Vollmer",
"impact": {
"cvss": {
"version": "3.1",
"baseScore": "7.3",
"vectorString": "CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:L\/I:L\/A:L"
}
},
"references": {
"reference_data": [
{
"url": "http:\/\/seclists.org\/bugtraq\/2017\/Feb\/39"
},
{
"url": "https:\/\/vuldb.com\/?id.97252"
}
]
}

62
2017/20xxx/CVE-2017-20105.json
View File

@ -4,14 +4,70 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2017-20105",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"TITLE": "Simplessus path traversal",
"REQUESTER": "cna@vuldb.com",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"generator": "vuldb.com",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "",
"product": {
"product_data": [
{
"product_name": "Simplessus",
"version": {
"version_data": [
{
"version_value": "3.7.7"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-22 Path Traversal"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability was found in Simplessus 3.7.7. It has been rated as critical. This issue affects some unknown processing. The manipulation of the argument path with the input ..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd leads to path traversal. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 3.8.3 is able to address this issue. It is recommended to upgrade the affected component."
}
]
},
"credit": "Dr. Adrian Vollmer",
"impact": {
"cvss": {
"version": "3.1",
"baseScore": "5.4",
"vectorString": "CVSS:3.1\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:L\/I:L\/A:N"
}
},
"references": {
"reference_data": [
{
"url": "http:\/\/seclists.org\/bugtraq\/2017\/Feb\/40"
},
{
"url": "https:\/\/vuldb.com\/?id.97253"
}
]
}

62
2017/20xxx/CVE-2017-20106.json
View File

@ -4,14 +4,70 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2017-20106",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"TITLE": "Lithium Forum Compose Message server-side request forgery",
"REQUESTER": "cna@vuldb.com",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"generator": "vuldb.com",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Lithium",
"product": {
"product_data": [
{
"product_name": "Forum",
"version": {
"version_data": [
{
"version_value": "2017 Q1"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-918 Server-Side Request Forgery"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability, which was classified as critical, has been found in Lithium Forum 2017 Q1. This issue affects some unknown processing of the component Compose Message Handler. The manipulation of the argument upload_url leads to server-side request forgery. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used."
}
]
},
"credit": "Vibhuti R V Nath",
"impact": {
"cvss": {
"version": "3.1",
"baseScore": "5.3",
"vectorString": "CVSS:3.1\/AV:L\/AC:L\/PR:L\/UI:N\/S:U\/C:L\/I:L\/A:L"
}
},
"references": {
"reference_data": [
{
"url": "https:\/\/www.vulnerability-lab.com\/get_content.php?id=2030"
},
{
"url": "https:\/\/vuldb.com\/?id.97265"
}
]
}

62
2017/20xxx/CVE-2017-20107.json
View File

@ -4,14 +4,70 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2017-20107",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"TITLE": "ShadeYouVPN.com Client privileges management",
"REQUESTER": "cna@vuldb.com",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"generator": "vuldb.com",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "ShadeYouVPN.com",
"product": {
"product_data": [
{
"product_name": "Client",
"version": {
"version_data": [
{
"version_value": "2.0.1.11"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-269 Improper Privilege Management"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability, which was classified as problematic, was found in ShadeYouVPN.com Client 2.0.1.11. Affected is an unknown function. The manipulation leads to improper privilege management. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. Upgrading to version 2.0.1.12 is able to address this issue. It is recommended to upgrade the affected component."
}
]
},
"credit": "Kacper Szurek",
"impact": {
"cvss": {
"version": "3.1",
"baseScore": "5.3",
"vectorString": "CVSS:3.1\/AV:L\/AC:L\/PR:L\/UI:N\/S:U\/C:L\/I:L\/A:L"
}
},
"references": {
"reference_data": [
{
"url": "http:\/\/seclists.org\/fulldisclosure\/2017\/Feb\/28"
},
{
"url": "https:\/\/vuldb.com\/?id.97122"
}
]
}