diff --git a/2018/18xxx/CVE-2018-18903.json b/2018/18xxx/CVE-2018-18903.json index 7a08f731791..58e3c8f0d7b 100644 --- a/2018/18xxx/CVE-2018-18903.json +++ b/2018/18xxx/CVE-2018-18903.json @@ -61,6 +61,11 @@ "name" : "https://open.vanillaforums.com/discussion/36771/security-update-vanilla-2-6-4", "refsource" : "MISC", "url" : "https://open.vanillaforums.com/discussion/36771/security-update-vanilla-2-6-4" + }, + { + "name" : "https://srcincite.io/blog/2018/10/02/old-school-pwning-with-new-school-tricks-vanilla-forums-remote-code-execution.html", + "refsource" : "MISC", + "url" : "https://srcincite.io/blog/2018/10/02/old-school-pwning-with-new-school-tricks-vanilla-forums-remote-code-execution.html" } ] } diff --git a/2018/19xxx/CVE-2018-19089.json b/2018/19xxx/CVE-2018-19089.json new file mode 100644 index 00000000000..338eb90b555 --- /dev/null +++ b/2018/19xxx/CVE-2018-19089.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-19089", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "tianti 2.3 has stored XSS in the userlist module via the tianti-module-admin/user/ajax/save_role name parameter, which is mishandled in tianti-module-admin\\src\\main\\webapp\\WEB-INF\\views\\user\\user_list.jsp." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://github.com/xujeff/tianti/issues/27", + "refsource" : "MISC", + "url" : "https://github.com/xujeff/tianti/issues/27" + } + ] + } +} diff --git a/2018/19xxx/CVE-2018-19090.json b/2018/19xxx/CVE-2018-19090.json new file mode 100644 index 00000000000..ff95d40b9d5 --- /dev/null +++ b/2018/19xxx/CVE-2018-19090.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-19090", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "tianti 2.3 has stored XSS in the article management module via an article title." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://github.com/xujeff/tianti/issues/27", + "refsource" : "MISC", + "url" : "https://github.com/xujeff/tianti/issues/27" + } + ] + } +} diff --git a/2018/19xxx/CVE-2018-19091.json b/2018/19xxx/CVE-2018-19091.json new file mode 100644 index 00000000000..eca9da21a08 --- /dev/null +++ b/2018/19xxx/CVE-2018-19091.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-19091", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "tianti 2.3 has reflected XSS in the user management module via the tianti-module-admin/user/list userName parameter." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://github.com/xujeff/tianti/issues/27", + "refsource" : "MISC", + "url" : "https://github.com/xujeff/tianti/issues/27" + } + ] + } +} diff --git a/2018/19xxx/CVE-2018-19092.json b/2018/19xxx/CVE-2018-19092.json new file mode 100644 index 00000000000..d8adf76d286 --- /dev/null +++ b/2018/19xxx/CVE-2018-19092.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-19092", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "An issue was discovered in YzmCMS v5.2. It has XSS via a search/index/archives/pubtime/ query string, as demonstrated by the search/index/archives/pubtime/1526387722/page/1.html URI. NOTE: this does not obtain a user's cookie." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://github.com/yzmcms/yzmcms/issues/7", + "refsource" : "MISC", + "url" : "https://github.com/yzmcms/yzmcms/issues/7" + } + ] + } +} diff --git a/2018/19xxx/CVE-2018-19093.json b/2018/19xxx/CVE-2018-19093.json new file mode 100644 index 00000000000..5c156355f6f --- /dev/null +++ b/2018/19xxx/CVE-2018-19093.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-19093", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "** DISPUTED ** An issue has been found in libIEC61850 v1.3. It is a SEGV in ControlObjectClient_setCommandTerminationHandler in client/client_control.c. NOTE: the software maintainer disputes this because it requires incorrect usage of the client_example_control program." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://github.com/fouzhe/security/tree/master/libiec61850#segv-in-function-controlobjectclient_setcommandterminationhandler", + "refsource" : "MISC", + "url" : "https://github.com/fouzhe/security/tree/master/libiec61850#segv-in-function-controlobjectclient_setcommandterminationhandler" + }, + { + "name" : "https://github.com/mz-automation/libiec61850/issues/84", + "refsource" : "MISC", + "url" : "https://github.com/mz-automation/libiec61850/issues/84" + } + ] + } +}