admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-07 03:02:46 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-08-09 13:00:53 +00:00
parent 1bdd6cb027
commit 765ce0a66e
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
9 changed files with 546 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

67
2016/10xxx/CVE-2016-10865.json Normal file
View File

@ -0,0 +1,67 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-10865",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Lightbox Plus Colorbox plugin through 2.7.2 for WordPress has cross-site request forgery (CSRF) via wp-admin/admin.php?page=lightboxplus, as demonstrated by resultant width XSS."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://wordpress.org/plugins/lightbox-plus/#developers",
"refsource": "MISC",
"name": "https://wordpress.org/plugins/lightbox-plus/#developers"
},
{
"url": "https://www.pluginvulnerabilities.com/2016/04/05/cross-site-request-forgery-csrfcross-site-scripting-xss-vulnerability-in-lightbox-plus-colorbox/",
"refsource": "MISC",
"name": "https://www.pluginvulnerabilities.com/2016/04/05/cross-site-request-forgery-csrfcross-site-scripting-xss-vulnerability-in-lightbox-plus-colorbox/"
}
]
}
}

72
2019/14xxx/CVE-2019-14234.json Normal file
View File

@ -0,0 +1,72 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-14234",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. Due to an error in shallow key transformation, key and index lookups for django.contrib.postgres.fields.JSONField, and key lookups for django.contrib.postgres.fields.HStoreField, were subject to SQL injection. This could, for example, be exploited via crafted use of \"OR 1=1\" in a key or index name to return all records, using a suitably crafted dictionary, with dictionary expansion, as the **kwargs passed to the QuerySet.filter() function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://docs.djangoproject.com/en/dev/releases/security/",
"refsource": "MISC",
"name": "https://docs.djangoproject.com/en/dev/releases/security/"
},
{
"refsource": "MISC",
"name": "https://groups.google.com/forum/#!topic/django-announce/jIoju2-KLDs",
"url": "https://groups.google.com/forum/#!topic/django-announce/jIoju2-KLDs"
},
{
"refsource": "CONFIRM",
"name": "https://www.djangoproject.com/weblog/2019/aug/01/security-releases/",
"url": "https://www.djangoproject.com/weblog/2019/aug/01/security-releases/"
}
]
}
}

67
2019/14xxx/CVE-2019-14312.json Normal file
View File

@ -0,0 +1,67 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-14312",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Aptana Jaxer 1.0.3.4547 is vulnerable to a local file inclusion vulnerability in the wikilite source code viewer. This vulnerability allows a remote attacker to read internal files on the server via a tools/sourceViewer/index.html?filename=../ URI."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/aptana/Jaxer/commits/master",
"refsource": "MISC",
"name": "https://github.com/aptana/Jaxer/commits/master"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/153985/Aptana-Jaxer-1.0.3.4547-Local-File-Inclusion.html",
"url": "http://packetstormsecurity.com/files/153985/Aptana-Jaxer-1.0.3.4547-Local-File-Inclusion.html"
}
]
}
}

5
2019/14xxx/CVE-2019-14537.json
View File

@ -71,6 +71,11 @@
"refsource": "MISC",
"name": "https://github.com/Wocanilo/CVE-2019-14537",
"url": "https://github.com/Wocanilo/CVE-2019-14537"
},
{
"refsource": "MISC",
"name": "https://security-garage.com/index.php/cves/cve-2019-14537-api-authentication-bypass-via-type-juggling",
"url": "https://security-garage.com/index.php/cves/cve-2019-14537-api-authentication-bypass-via-type-juggling"
}
]
}

67
2019/14xxx/CVE-2019-14785.json Normal file
View File

@ -0,0 +1,67 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-14785",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The \"CP Contact Form with PayPal\" plugin before 1.2.99 for WordPress has XSS in the publishing wizard via the wp-admin/admin.php?page=cp_contact_form_paypal.php&pwizard=1 cp_contactformpp_id parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://wordpress.org/plugins/cp-contact-form-with-paypal/#developers",
"refsource": "MISC",
"name": "https://wordpress.org/plugins/cp-contact-form-with-paypal/#developers"
},
{
"url": "https://www.pluginvulnerabilities.com/2019/06/24/reflected-cross-site-scripting-xss-vulnerability-in-cp-contact-form-with-paypal/",
"refsource": "MISC",
"name": "https://www.pluginvulnerabilities.com/2019/06/24/reflected-cross-site-scripting-xss-vulnerability-in-cp-contact-form-with-paypal/"
}
]
}
}

67
2019/14xxx/CVE-2019-14787.json Normal file
View File

@ -0,0 +1,67 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-14787",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Tribulant Newsletters plugin before 4.6.19 for WordPress allows XSS via the wp-admin/admin-ajax.php?action=newsletters_load_new_editor contentarea parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.pluginvulnerabilities.com/2019/07/01/reflected-cross-site-scripting-xss-vulnerability-in-newsletters/",
"refsource": "MISC",
"name": "https://www.pluginvulnerabilities.com/2019/07/01/reflected-cross-site-scripting-xss-vulnerability-in-newsletters/"
},
{
"url": "https://wordpress.org/plugins/newsletters-lite/#developers",
"refsource": "MISC",
"name": "https://wordpress.org/plugins/newsletters-lite/#developers"
}
]
}
}

67
2019/14xxx/CVE-2019-14792.json Normal file
View File

@ -0,0 +1,67 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-14792",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The WP Google Maps plugin before 7.11.35 for WordPress allows XSS via the wp-admin/ rectangle_name or rectangle_opacity parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://wordpress.org/plugins/wp-google-maps/#developers",
"refsource": "MISC",
"name": "https://wordpress.org/plugins/wp-google-maps/#developers"
},
{
"url": "https://www.pluginvulnerabilities.com/2019/07/08/recently-closed-wordpress-plugin-with-400000-installs-contains-another-authenticated-persistent-xss-vulnerability/",
"refsource": "MISC",
"name": "https://www.pluginvulnerabilities.com/2019/07/08/recently-closed-wordpress-plugin-with-400000-installs-contains-another-authenticated-persistent-xss-vulnerability/"
}
]
}
}

67
2019/14xxx/CVE-2019-14793.json Normal file
View File

@ -0,0 +1,67 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-14793",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Meta Box plugin before 4.16.3 for WordPress allows file deletion via ajax, with the wp-admin/admin-ajax.php?action=rwmb_delete_file attachment_id parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://metabox.io/changelog/",
"refsource": "MISC",
"name": "https://metabox.io/changelog/"
},
{
"url": "https://www.pluginvulnerabilities.com/2019/02/01/full-disclosure-of-authenticated-arbitrary-file-deletion-vulnerability-in-wordpress-plugin-with-300000-installs/",
"refsource": "MISC",
"name": "https://www.pluginvulnerabilities.com/2019/02/01/full-disclosure-of-authenticated-arbitrary-file-deletion-vulnerability-in-wordpress-plugin-with-300000-installs/"
}
]
}
}

67
2019/14xxx/CVE-2019-14799.json Normal file
View File

@ -0,0 +1,67 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-14799",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The FV Flowplayer Video Player plugin before 7.3.14.727 for WordPress allows email subscription XSS."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://wordpress.org/plugins/fv-wordpress-flowplayer/#developers",
"refsource": "MISC",
"name": "https://wordpress.org/plugins/fv-wordpress-flowplayer/#developers"
},
{
"url": "https://www.pluginvulnerabilities.com/2019/05/15/information-disclosure-vulnerability-in-fv-player-fv-flowplayer-video-player/",
"refsource": "MISC",
"name": "https://www.pluginvulnerabilities.com/2019/05/15/information-disclosure-vulnerability-in-fv-player-fv-flowplayer-video-player/"
}
]
}
}