diff --git a/2016/10xxx/CVE-2016-10865.json b/2016/10xxx/CVE-2016-10865.json new file mode 100644 index 00000000000..a5a85eb09ff --- /dev/null +++ b/2016/10xxx/CVE-2016-10865.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-10865", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Lightbox Plus Colorbox plugin through 2.7.2 for WordPress has cross-site request forgery (CSRF) via wp-admin/admin.php?page=lightboxplus, as demonstrated by resultant width XSS." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://wordpress.org/plugins/lightbox-plus/#developers", + "refsource": "MISC", + "name": "https://wordpress.org/plugins/lightbox-plus/#developers" + }, + { + "url": "https://www.pluginvulnerabilities.com/2016/04/05/cross-site-request-forgery-csrfcross-site-scripting-xss-vulnerability-in-lightbox-plus-colorbox/", + "refsource": "MISC", + "name": "https://www.pluginvulnerabilities.com/2016/04/05/cross-site-request-forgery-csrfcross-site-scripting-xss-vulnerability-in-lightbox-plus-colorbox/" + } + ] + } +} \ No newline at end of file diff --git a/2019/14xxx/CVE-2019-14234.json b/2019/14xxx/CVE-2019-14234.json new file mode 100644 index 00000000000..98dccd6ed75 --- /dev/null +++ b/2019/14xxx/CVE-2019-14234.json @@ -0,0 +1,72 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-14234", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. Due to an error in shallow key transformation, key and index lookups for django.contrib.postgres.fields.JSONField, and key lookups for django.contrib.postgres.fields.HStoreField, were subject to SQL injection. This could, for example, be exploited via crafted use of \"OR 1=1\" in a key or index name to return all records, using a suitably crafted dictionary, with dictionary expansion, as the **kwargs passed to the QuerySet.filter() function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://docs.djangoproject.com/en/dev/releases/security/", + "refsource": "MISC", + "name": "https://docs.djangoproject.com/en/dev/releases/security/" + }, + { + "refsource": "MISC", + "name": "https://groups.google.com/forum/#!topic/django-announce/jIoju2-KLDs", + "url": "https://groups.google.com/forum/#!topic/django-announce/jIoju2-KLDs" + }, + { + "refsource": "CONFIRM", + "name": "https://www.djangoproject.com/weblog/2019/aug/01/security-releases/", + "url": "https://www.djangoproject.com/weblog/2019/aug/01/security-releases/" + } + ] + } +} \ No newline at end of file diff --git a/2019/14xxx/CVE-2019-14312.json b/2019/14xxx/CVE-2019-14312.json new file mode 100644 index 00000000000..86d7249219f --- /dev/null +++ b/2019/14xxx/CVE-2019-14312.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-14312", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Aptana Jaxer 1.0.3.4547 is vulnerable to a local file inclusion vulnerability in the wikilite source code viewer. This vulnerability allows a remote attacker to read internal files on the server via a tools/sourceViewer/index.html?filename=../ URI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/aptana/Jaxer/commits/master", + "refsource": "MISC", + "name": "https://github.com/aptana/Jaxer/commits/master" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/153985/Aptana-Jaxer-1.0.3.4547-Local-File-Inclusion.html", + "url": "http://packetstormsecurity.com/files/153985/Aptana-Jaxer-1.0.3.4547-Local-File-Inclusion.html" + } + ] + } +} \ No newline at end of file diff --git a/2019/14xxx/CVE-2019-14537.json b/2019/14xxx/CVE-2019-14537.json index 53e6ba4959e..a4f52a9fb8d 100644 --- a/2019/14xxx/CVE-2019-14537.json +++ b/2019/14xxx/CVE-2019-14537.json @@ -71,6 +71,11 @@ "refsource": "MISC", "name": "https://github.com/Wocanilo/CVE-2019-14537", "url": "https://github.com/Wocanilo/CVE-2019-14537" + }, + { + "refsource": "MISC", + "name": "https://security-garage.com/index.php/cves/cve-2019-14537-api-authentication-bypass-via-type-juggling", + "url": "https://security-garage.com/index.php/cves/cve-2019-14537-api-authentication-bypass-via-type-juggling" } ] } diff --git a/2019/14xxx/CVE-2019-14785.json b/2019/14xxx/CVE-2019-14785.json new file mode 100644 index 00000000000..26ab9a18abc --- /dev/null +++ b/2019/14xxx/CVE-2019-14785.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-14785", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The \"CP Contact Form with PayPal\" plugin before 1.2.99 for WordPress has XSS in the publishing wizard via the wp-admin/admin.php?page=cp_contact_form_paypal.php&pwizard=1 cp_contactformpp_id parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://wordpress.org/plugins/cp-contact-form-with-paypal/#developers", + "refsource": "MISC", + "name": "https://wordpress.org/plugins/cp-contact-form-with-paypal/#developers" + }, + { + "url": "https://www.pluginvulnerabilities.com/2019/06/24/reflected-cross-site-scripting-xss-vulnerability-in-cp-contact-form-with-paypal/", + "refsource": "MISC", + "name": "https://www.pluginvulnerabilities.com/2019/06/24/reflected-cross-site-scripting-xss-vulnerability-in-cp-contact-form-with-paypal/" + } + ] + } +} \ No newline at end of file diff --git a/2019/14xxx/CVE-2019-14787.json b/2019/14xxx/CVE-2019-14787.json new file mode 100644 index 00000000000..95001acf3e0 --- /dev/null +++ b/2019/14xxx/CVE-2019-14787.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-14787", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Tribulant Newsletters plugin before 4.6.19 for WordPress allows XSS via the wp-admin/admin-ajax.php?action=newsletters_load_new_editor contentarea parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.pluginvulnerabilities.com/2019/07/01/reflected-cross-site-scripting-xss-vulnerability-in-newsletters/", + "refsource": "MISC", + "name": "https://www.pluginvulnerabilities.com/2019/07/01/reflected-cross-site-scripting-xss-vulnerability-in-newsletters/" + }, + { + "url": "https://wordpress.org/plugins/newsletters-lite/#developers", + "refsource": "MISC", + "name": "https://wordpress.org/plugins/newsletters-lite/#developers" + } + ] + } +} \ No newline at end of file diff --git a/2019/14xxx/CVE-2019-14792.json b/2019/14xxx/CVE-2019-14792.json new file mode 100644 index 00000000000..be60b44f1a4 --- /dev/null +++ b/2019/14xxx/CVE-2019-14792.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-14792", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The WP Google Maps plugin before 7.11.35 for WordPress allows XSS via the wp-admin/ rectangle_name or rectangle_opacity parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://wordpress.org/plugins/wp-google-maps/#developers", + "refsource": "MISC", + "name": "https://wordpress.org/plugins/wp-google-maps/#developers" + }, + { + "url": "https://www.pluginvulnerabilities.com/2019/07/08/recently-closed-wordpress-plugin-with-400000-installs-contains-another-authenticated-persistent-xss-vulnerability/", + "refsource": "MISC", + "name": "https://www.pluginvulnerabilities.com/2019/07/08/recently-closed-wordpress-plugin-with-400000-installs-contains-another-authenticated-persistent-xss-vulnerability/" + } + ] + } +} \ No newline at end of file diff --git a/2019/14xxx/CVE-2019-14793.json b/2019/14xxx/CVE-2019-14793.json new file mode 100644 index 00000000000..179116678d4 --- /dev/null +++ b/2019/14xxx/CVE-2019-14793.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-14793", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Meta Box plugin before 4.16.3 for WordPress allows file deletion via ajax, with the wp-admin/admin-ajax.php?action=rwmb_delete_file attachment_id parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://metabox.io/changelog/", + "refsource": "MISC", + "name": "https://metabox.io/changelog/" + }, + { + "url": "https://www.pluginvulnerabilities.com/2019/02/01/full-disclosure-of-authenticated-arbitrary-file-deletion-vulnerability-in-wordpress-plugin-with-300000-installs/", + "refsource": "MISC", + "name": "https://www.pluginvulnerabilities.com/2019/02/01/full-disclosure-of-authenticated-arbitrary-file-deletion-vulnerability-in-wordpress-plugin-with-300000-installs/" + } + ] + } +} \ No newline at end of file diff --git a/2019/14xxx/CVE-2019-14799.json b/2019/14xxx/CVE-2019-14799.json new file mode 100644 index 00000000000..4e503a69c63 --- /dev/null +++ b/2019/14xxx/CVE-2019-14799.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-14799", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The FV Flowplayer Video Player plugin before 7.3.14.727 for WordPress allows email subscription XSS." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://wordpress.org/plugins/fv-wordpress-flowplayer/#developers", + "refsource": "MISC", + "name": "https://wordpress.org/plugins/fv-wordpress-flowplayer/#developers" + }, + { + "url": "https://www.pluginvulnerabilities.com/2019/05/15/information-disclosure-vulnerability-in-fv-player-fv-flowplayer-video-player/", + "refsource": "MISC", + "name": "https://www.pluginvulnerabilities.com/2019/05/15/information-disclosure-vulnerability-in-fv-player-fv-flowplayer-video-player/" + } + ] + } +} \ No newline at end of file