admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-05 18:28:42 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-17 23:52:17 +00:00
parent 46ed23bf0d
commit 8b2b8ee27f
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
49 changed files with 3447 additions and 3447 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

190
2004/0xxx/CVE-2004-0218.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-0218",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "isakmpd in OpenBSD 3.4 and earlier allows remote attackers to cause a denial of service (infinite loop) via an ISAKMP packet with a zero-length payload, as demonstrated by the Striker ISAKMP Protocol Test Suite."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0218",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20040323 R7-0018: OpenBSD isakmpd payload handling denial-of-service vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=108008530028019&w=2"
},
{
"name" : "http://www.rapid7.com/advisories/R7-0018.html",
"refsource" : "MISC",
"url" : "http://www.rapid7.com/advisories/R7-0018.html"
},
{
"name" : "20040317 015: RELIABILITY FIX: March 17, 2004",
"refsource" : "OPENBSD",
"url" : "http://www.openbsd.org/errata.html"
},
{
"name" : "VU#349113",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/349113"
},
{
"name" : "10028",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/10028"
},
{
"name" : "1009468",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/alerts/2004/Mar/1009468.html"
},
{
"name" : "11156",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/11156"
},
{
"name" : "openbsd-isakmp-zerolength-dos(15518)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15518"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "isakmpd in OpenBSD 3.4 and earlier allows remote attackers to cause a denial of service (infinite loop) via an ISAKMP packet with a zero-length payload, as demonstrated by the Striker ISAKMP Protocol Test Suite."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1009468",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/alerts/2004/Mar/1009468.html"
},
{
"name": "20040317 015: RELIABILITY FIX: March 17, 2004",
"refsource": "OPENBSD",
"url": "http://www.openbsd.org/errata.html"
},
{
"name": "openbsd-isakmp-zerolength-dos(15518)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15518"
},
{
"name": "10028",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10028"
},
{
"name": "20040323 R7-0018: OpenBSD isakmpd payload handling denial-of-service vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=108008530028019&w=2"
},
{
"name": "11156",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/11156"
},
{
"name": "http://www.rapid7.com/advisories/R7-0018.html",
"refsource": "MISC",
"url": "http://www.rapid7.com/advisories/R7-0018.html"
},
{
"name": "VU#349113",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/349113"
}
]
}
}

140
2004/0xxx/CVE-2004-0349.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-0349",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in GWeb HTTP Server 0.6 allows remote attackers to view arbitrary files via a .. (dot dot) in the URL."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0349",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20040303 directory traversal in GWeb 0.6",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=107833161617397&w=2"
},
{
"name" : "gweb-dotdot-directory-traversal(15381)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15381"
},
{
"name" : "9742",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/9742"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in GWeb HTTP Server 0.6 allows remote attackers to view arbitrary files via a .. (dot dot) in the URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20040303 directory traversal in GWeb 0.6",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=107833161617397&w=2"
},
{
"name": "gweb-dotdot-directory-traversal(15381)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15381"
},
{
"name": "9742",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/9742"
}
]
}
}

34
2004/0xxx/CVE-2004-0446.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-0446",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0446",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

140
2004/0xxx/CVE-2004-0479.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-0479",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Internet Explorer 6 allows remote attackers to cause a denial of service (crash) via Javascript that creates a new popup window and disables the imagetoolbar functionality with a META tag, which triggers a null dereference."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0479",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20040514 IE Crash - Anyone Seen This Before?",
"refsource" : "FULLDISC",
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2004-May/021500.html"
},
{
"name" : "20040514 IE Crash - Anyone Seen This Before?",
"refsource" : "VULN-DEV",
"url" : "http://marc.info/?l=vuln-dev&m=108457938412310&w=2"
},
{
"name" : "20040516 Re: IE Crash - Anyone Seen This Before?",
"refsource" : "VULN-DEV",
"url" : "http://marc.info/?l=vuln-dev&m=108476938219070&w=2"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Internet Explorer 6 allows remote attackers to cause a denial of service (crash) via Javascript that creates a new popup window and disables the imagetoolbar functionality with a META tag, which triggers a null dereference."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20040514 IE Crash - Anyone Seen This Before?",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-May/021500.html"
},
{
"name": "20040516 Re: IE Crash - Anyone Seen This Before?",
"refsource": "VULN-DEV",
"url": "http://marc.info/?l=vuln-dev&m=108476938219070&w=2"
},
{
"name": "20040514 IE Crash - Anyone Seen This Before?",
"refsource": "VULN-DEV",
"url": "http://marc.info/?l=vuln-dev&m=108457938412310&w=2"
}
]
}
}

210
2004/0xxx/CVE-2004-0771.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-0771",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in the extract_one function from lhext.c in LHA may allow attackers to execute arbitrary code via a long w (working directory) command line option, a different issue than CVE-2004-0769. NOTE: this issue may be REJECTED if there are not any cases in which LHA is setuid or is otherwise used across security boundaries."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0771",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20040515 lha buffer overflow(s) again",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/363418"
},
{
"name" : "20040606 Re: [SECURITY] [DSA 515-1] New lha packages fix several",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=108668791510153"
},
{
"name" : "http://bugs.gentoo.org/show_bug.cgi?id=51285",
"refsource" : "MISC",
"url" : "http://bugs.gentoo.org/show_bug.cgi?id=51285"
},
{
"name" : "FLSA:1833",
"refsource" : "FEDORA",
"url" : "https://bugzilla.fedora.us/show_bug.cgi?id=1833"
},
{
"name" : "GLSA-200409-13",
"refsource" : "GENTOO",
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200409-13.xml"
},
{
"name" : "RHSA-2004:440",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2004-440.html"
},
{
"name" : "RHSA-2004:323",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2004-323.html"
},
{
"name" : "oval:org.mitre.oval:def:9595",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9595"
},
{
"name" : "lha-extractone-bo(16196)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16196"
},
{
"name" : "10354",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/10354"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the extract_one function from lhext.c in LHA may allow attackers to execute arbitrary code via a long w (working directory) command line option, a different issue than CVE-2004-0769. NOTE: this issue may be REJECTED if there are not any cases in which LHA is setuid or is otherwise used across security boundaries."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2004:323",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2004-323.html"
},
{
"name": "10354",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10354"
},
{
"name": "http://bugs.gentoo.org/show_bug.cgi?id=51285",
"refsource": "MISC",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=51285"
},
{
"name": "oval:org.mitre.oval:def:9595",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9595"
},
{
"name": "lha-extractone-bo(16196)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16196"
},
{
"name": "20040515 lha buffer overflow(s) again",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/363418"
},
{
"name": "FLSA:1833",
"refsource": "FEDORA",
"url": "https://bugzilla.fedora.us/show_bug.cgi?id=1833"
},
{
"name": "GLSA-200409-13",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200409-13.xml"
},
{
"name": "RHSA-2004:440",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2004-440.html"
},
{
"name": "20040606 Re: [SECURITY] [DSA 515-1] New lha packages fix several",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=108668791510153"
}
]
}
}

170
2004/1xxx/CVE-2004-1367.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-1367",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Oracle 10g Database Server, when installed with a password that contains an exclamation point (\"!\") for the (1) DBSNMP or (2) SYSMAN user, generates an error that logs the password in the world-readable postDBCreation.log file, which could allow local users to obtain that password and use it against SYS or SYSTEM accounts, which may have been installed with the same password."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1367",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20041223 Oracle clear text passwords (#NISR2122004D)",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=110382247308064&w=2"
},
{
"name" : "http://www.ngssoftware.com/advisories/oracle23122004D.txt",
"refsource" : "MISC",
"url" : "http://www.ngssoftware.com/advisories/oracle23122004D.txt"
},
{
"name" : "http://www.oracle.com/technology/deploy/security/pdf/2004alert68.pdf",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technology/deploy/security/pdf/2004alert68.pdf"
},
{
"name" : "101782",
"refsource" : "SUNALERT",
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101782-1"
},
{
"name" : "TA04-245A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA04-245A.html"
},
{
"name" : "VU#316206",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/316206"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Oracle 10g Database Server, when installed with a password that contains an exclamation point (\"!\") for the (1) DBSNMP or (2) SYSMAN user, generates an error that logs the password in the world-readable postDBCreation.log file, which could allow local users to obtain that password and use it against SYS or SYSTEM accounts, which may have been installed with the same password."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20041223 Oracle clear text passwords (#NISR2122004D)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=110382247308064&w=2"
},
{
"name": "VU#316206",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/316206"
},
{
"name": "TA04-245A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA04-245A.html"
},
{
"name": "http://www.ngssoftware.com/advisories/oracle23122004D.txt",
"refsource": "MISC",
"url": "http://www.ngssoftware.com/advisories/oracle23122004D.txt"
},
{
"name": "http://www.oracle.com/technology/deploy/security/pdf/2004alert68.pdf",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technology/deploy/security/pdf/2004alert68.pdf"
},
{
"name": "101782",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101782-1"
}
]
}
}

150
2004/1xxx/CVE-2004-1676.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-1676",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Heap-based buffer overflow in the image sending feature in Gadu-Gadu 6.0 build 149 allows remote attackers to execute arbitrary code via a crafted GG_MSG_IMAGE_REPLY message."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1676",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20040912 Gadu-Gadu (all versions with image-send feature) Heap Overflow",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=109508834910733&w=2"
},
{
"name" : "11158",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/11158"
},
{
"name" : "12510",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/12510"
},
{
"name" : "gadu-gadu-image-bo(17324)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17324"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in the image sending feature in Gadu-Gadu 6.0 build 149 allows remote attackers to execute arbitrary code via a crafted GG_MSG_IMAGE_REPLY message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "11158",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11158"
},
{
"name": "20040912 Gadu-Gadu (all versions with image-send feature) Heap Overflow",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=109508834910733&w=2"
},
{
"name": "12510",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/12510"
},
{
"name": "gadu-gadu-image-bo(17324)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17324"
}
]
}
}

130
2004/1xxx/CVE-2004-1712.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-1712",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in TypePad allows remote attackers to inject arbitrary Javascript via the name parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1712",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20040806 Type xxs",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=109189453302959&w=2"
},
{
"name" : "typepad-name-xss(19664)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19664"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in TypePad allows remote attackers to inject arbitrary Javascript via the name parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20040806 Type xxs",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=109189453302959&w=2"
},
{
"name": "typepad-name-xss(19664)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19664"
}
]
}
}

170
2004/1xxx/CVE-2004-1915.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-1915",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in the parse_all_client_messages function in LCDproc 0.4.x up to 0.4.4 allows remote attackers to execute arbitrary code via a large number of arguments."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1915",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20040408 PSR - #2004-001 Remote - LCDProc",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=108145722229810&w=2"
},
{
"name" : "http://lists.omnipotent.net/pipermail/lcdproc/2004-April/008884.html",
"refsource" : "CONFIRM",
"url" : "http://lists.omnipotent.net/pipermail/lcdproc/2004-April/008884.html"
},
{
"name" : "GLSA-200404-19",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-200404-19.xml"
},
{
"name" : "10085",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/10085"
},
{
"name" : "11333",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/11333"
},
{
"name" : "lcdproc-parseallclientmessages-bo(15803)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15803"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the parse_all_client_messages function in LCDproc 0.4.x up to 0.4.4 allows remote attackers to execute arbitrary code via a large number of arguments."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20040408 PSR - #2004-001 Remote - LCDProc",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=108145722229810&w=2"
},
{
"name": "http://lists.omnipotent.net/pipermail/lcdproc/2004-April/008884.html",
"refsource": "CONFIRM",
"url": "http://lists.omnipotent.net/pipermail/lcdproc/2004-April/008884.html"
},
{
"name": "GLSA-200404-19",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200404-19.xml"
},
{
"name": "lcdproc-parseallclientmessages-bo(15803)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15803"
},
{
"name": "10085",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10085"
},
{
"name": "11333",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/11333"
}
]
}
}

200
2004/1xxx/CVE-2004-1951.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-1951",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "xine 1.x alpha, 1.x beta, and 1.0rc through 1.0rc3a, and xine-ui 0.9.21 to 0.9.23 allows remote attackers to overwrite arbitrary files via the (1) audio.sun_audio_device or (2) dxr3.devicename options in an MRL link."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1951",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.xinehq.de/index.php/security/XSA-2004-1",
"refsource" : "CONFIRM",
"url" : "http://www.xinehq.de/index.php/security/XSA-2004-1"
},
{
"name" : "http://www.xinehq.de/index.php/security/XSA-2004-2",
"refsource" : "CONFIRM",
"url" : "http://www.xinehq.de/index.php/security/XSA-2004-2"
},
{
"name" : "GLSA-200404-20",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-200404-20.xml"
},
{
"name" : "SSA:2004-111",
"refsource" : "SLACKWARE",
"url" : "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.372791"
},
{
"name" : "10193",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/10193"
},
{
"name" : "5594",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/5594"
},
{
"name" : "5739",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/5739"
},
{
"name" : "11433",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/11433"
},
{
"name" : "xine-mrl-file-overwrite(15939)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15939"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "xine 1.x alpha, 1.x beta, and 1.0rc through 1.0rc3a, and xine-ui 0.9.21 to 0.9.23 allows remote attackers to overwrite arbitrary files via the (1) audio.sun_audio_device or (2) dxr3.devicename options in an MRL link."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "11433",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/11433"
},
{
"name": "http://www.xinehq.de/index.php/security/XSA-2004-1",
"refsource": "CONFIRM",
"url": "http://www.xinehq.de/index.php/security/XSA-2004-1"
},
{
"name": "10193",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10193"
},
{
"name": "xine-mrl-file-overwrite(15939)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15939"
},
{
"name": "SSA:2004-111",
"refsource": "SLACKWARE",
"url": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.372791"
},
{
"name": "http://www.xinehq.de/index.php/security/XSA-2004-2",
"refsource": "CONFIRM",
"url": "http://www.xinehq.de/index.php/security/XSA-2004-2"
},
{
"name": "GLSA-200404-20",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200404-20.xml"
},
{
"name": "5739",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/5739"
},
{
"name": "5594",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/5594"
}
]
}
}

150
2004/2xxx/CVE-2004-2054.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-2054",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "CRLF injection vulnerability in PhpBB 2.0.4 and 2.0.9 allows remote attackers to perform HTTP Response Splitting attacks to modify expected HTML content from the server via (1) the mode parameter to privmsg.php or (2) the redirect parameter to login.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2054",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20040720 PhpBB HTTP Response Splitting & Cross Site Scripting vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=109034476122723&w=2"
},
{
"name" : "10753",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/10753"
},
{
"name" : "12114",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/12114"
},
{
"name" : "phpbb-search-response-splitting(16759)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16759"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CRLF injection vulnerability in PhpBB 2.0.4 and 2.0.9 allows remote attackers to perform HTTP Response Splitting attacks to modify expected HTML content from the server via (1) the mode parameter to privmsg.php or (2) the redirect parameter to login.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20040720 PhpBB HTTP Response Splitting & Cross Site Scripting vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=109034476122723&w=2"
},
{
"name": "10753",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10753"
},
{
"name": "phpbb-search-response-splitting(16759)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16759"
},
{
"name": "12114",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/12114"
}
]
}
}

160
2004/2xxx/CVE-2004-2366.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-2366",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in GlobalSCAPE Secure FTP Server 2.0 B03.11.2004.2 allows remote attackers to cause a denial of service (crash) via a SITE command with a long argument."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2366",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.securiteam.com/windowsntfocus/5KP0C20CAC.html",
"refsource" : "MISC",
"url" : "http://www.securiteam.com/windowsntfocus/5KP0C20CAC.html"
},
{
"name" : "http://www.cuteftp.com/gsftps/history.asp",
"refsource" : "CONFIRM",
"url" : "http://www.cuteftp.com/gsftps/history.asp"
},
{
"name" : "9904",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/9904"
},
{
"name" : "11159",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/11159/"
},
{
"name" : "secureftp-site-command-bo(15511)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15511"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in GlobalSCAPE Secure FTP Server 2.0 B03.11.2004.2 allows remote attackers to cause a denial of service (crash) via a SITE command with a long argument."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.securiteam.com/windowsntfocus/5KP0C20CAC.html",
"refsource": "MISC",
"url": "http://www.securiteam.com/windowsntfocus/5KP0C20CAC.html"
},
{
"name": "http://www.cuteftp.com/gsftps/history.asp",
"refsource": "CONFIRM",
"url": "http://www.cuteftp.com/gsftps/history.asp"
},
{
"name": "9904",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/9904"
},
{
"name": "11159",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/11159/"
},
{
"name": "secureftp-site-command-bo(15511)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15511"
}
]
}
}

140
2008/2xxx/CVE-2008-2143.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-2143",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified versions of Microsoft Outlook Web Access (OWA) use the Cache-Control: no-cache HTTP directive instead of no-store, which might cause web browsers that follow RFC-2616 to cache sensitive information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-2143",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "VU#829876",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/829876"
},
{
"name" : "29121",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/29121"
},
{
"name" : "microsoft-owa-nostore-info-disclosure(42301)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42301"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified versions of Microsoft Outlook Web Access (OWA) use the Cache-Control: no-cache HTTP directive instead of no-store, which might cause web browsers that follow RFC-2616 to cache sensitive information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "29121",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29121"
},
{
"name": "microsoft-owa-nostore-info-disclosure(42301)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42301"
},
{
"name": "VU#829876",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/829876"
}
]
}
}

140
2008/2xxx/CVE-2008-2282.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-2282",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "admin.php in Internet Photoshow and Internet Photoshow Special Edition (SE) allows remote attackers to bypass authentication by setting the login_admin cookie to true."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-2282",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "5617",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/5617"
},
{
"name" : "29227",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/29227"
},
{
"name" : "internetphotoshow-cookie-auth-bypass(42422)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42422"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "admin.php in Internet Photoshow and Internet Photoshow Special Edition (SE) allows remote attackers to bypass authentication by setting the login_admin cookie to true."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "5617",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5617"
},
{
"name": "internetphotoshow-cookie-auth-bypass(42422)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42422"
},
{
"name": "29227",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29227"
}
]
}
}

380
2008/2xxx/CVE-2008-2935.json
View File

@ -1,192 +1,192 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-2935",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple heap-based buffer overflows in the rc4 (1) encryption (aka exsltCryptoRc4EncryptFunction) and (2) decryption (aka exsltCryptoRc4DecryptFunction) functions in crypto.c in libexslt in libxslt 1.1.8 through 1.1.24 allow context-dependent attackers to execute arbitrary code via an XML file containing a long string as \"an argument in the XSL input.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2008-2935",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20080731 [oCERT-2008-009] libxslt heap overflow",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/494976/100/0/threaded"
},
{
"name" : "20080801 libxslt heap overflow",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/495018/100/0/threaded"
},
{
"name" : "20081027 rPSA-2008-0306-1 libxslt",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/497829/100/0/threaded"
},
{
"name" : "http://www.ocert.org/advisories/ocert-2008-009.html",
"refsource" : "MISC",
"url" : "http://www.ocert.org/advisories/ocert-2008-009.html"
},
{
"name" : "http://www.ocert.org/patches/exslt_crypt.patch",
"refsource" : "MISC",
"url" : "http://www.ocert.org/patches/exslt_crypt.patch"
},
{
"name" : "http://www.scary.beasts.org/security/CESA-2008-003.html",
"refsource" : "MISC",
"url" : "http://www.scary.beasts.org/security/CESA-2008-003.html"
},
{
"name" : "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0306",
"refsource" : "CONFIRM",
"url" : "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0306"
},
{
"name" : "DSA-1624",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2008/dsa-1624"
},
{
"name" : "FEDORA-2008-7029",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00092.html"
},
{
"name" : "FEDORA-2008-7062",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00118.html"
},
{
"name" : "GLSA-200808-06",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-200808-06.xml"
},
{
"name" : "MDVSA-2008:160",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:160"
},
{
"name" : "RHSA-2008:0649",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2008-0649.html"
},
{
"name" : "USN-633-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/usn-633-1"
},
{
"name" : "30467",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/30467"
},
{
"name" : "oval:org.mitre.oval:def:10827",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10827"
},
{
"name" : "ADV-2008-2266",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/2266/references"
},
{
"name" : "1020596",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1020596"
},
{
"name" : "31230",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/31230"
},
{
"name" : "31310",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/31310"
},
{
"name" : "31331",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/31331"
},
{
"name" : "31395",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/31395"
},
{
"name" : "31399",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/31399"
},
{
"name" : "31363",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/31363"
},
{
"name" : "32453",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/32453"
},
{
"name" : "4078",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/4078"
},
{
"name" : "libxslt-multiple-crypto-bo(44141)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44141"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple heap-based buffer overflows in the rc4 (1) encryption (aka exsltCryptoRc4EncryptFunction) and (2) decryption (aka exsltCryptoRc4DecryptFunction) functions in crypto.c in libexslt in libxslt 1.1.8 through 1.1.24 allow context-dependent attackers to execute arbitrary code via an XML file containing a long string as \"an argument in the XSL input.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2008:0649",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0649.html"
},
{
"name": "oval:org.mitre.oval:def:10827",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10827"
},
{
"name": "libxslt-multiple-crypto-bo(44141)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44141"
},
{
"name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0306",
"refsource": "CONFIRM",
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0306"
},
{
"name": "32453",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32453"
},
{
"name": "31399",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31399"
},
{
"name": "31363",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31363"
},
{
"name": "http://www.scary.beasts.org/security/CESA-2008-003.html",
"refsource": "MISC",
"url": "http://www.scary.beasts.org/security/CESA-2008-003.html"
},
{
"name": "FEDORA-2008-7029",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00092.html"
},
{
"name": "20080731 [oCERT-2008-009] libxslt heap overflow",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/494976/100/0/threaded"
},
{
"name": "30467",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30467"
},
{
"name": "http://www.ocert.org/patches/exslt_crypt.patch",
"refsource": "MISC",
"url": "http://www.ocert.org/patches/exslt_crypt.patch"
},
{
"name": "4078",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4078"
},
{
"name": "GLSA-200808-06",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200808-06.xml"
},
{
"name": "31310",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31310"
},
{
"name": "MDVSA-2008:160",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:160"
},
{
"name": "USN-633-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-633-1"
},
{
"name": "31331",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31331"
},
{
"name": "20081027 rPSA-2008-0306-1 libxslt",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/497829/100/0/threaded"
},
{
"name": "20080801 libxslt heap overflow",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/495018/100/0/threaded"
},
{
"name": "31230",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31230"
},
{
"name": "FEDORA-2008-7062",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00118.html"
},
{
"name": "ADV-2008-2266",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2266/references"
},
{
"name": "1020596",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020596"
},
{
"name": "DSA-1624",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1624"
},
{
"name": "31395",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31395"
},
{
"name": "http://www.ocert.org/advisories/ocert-2008-009.html",
"refsource": "MISC",
"url": "http://www.ocert.org/advisories/ocert-2008-009.html"
}
]
}
}

140
2008/2xxx/CVE-2008-2973.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-2973",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in chathead.php in MM Chat 1.5 allow remote attackers to inject arbitrary web script or HTML via the (1) sitename and (2) wmessage parameters."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-2973",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "5919",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/5919"
},
{
"name" : "29910",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/29910"
},
{
"name" : "mmchat-chathead-xss(43331)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43331"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in chathead.php in MM Chat 1.5 allow remote attackers to inject arbitrary web script or HTML via the (1) sitename and (2) wmessage parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "5919",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5919"
},
{
"name": "29910",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29910"
},
{
"name": "mmchat-chathead-xss(43331)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43331"
}
]
}
}

240
2008/3xxx/CVE-2008-3273.json
View File

@ -1,122 +1,122 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-3273",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "JBoss Enterprise Application Platform (aka JBossEAP or EAP) before 4.2.0.CP03, and 4.3.0 before 4.3.0.CP01, allows remote attackers to obtain sensitive information about \"deployed web contexts\" via a request to the status servlet, as demonstrated by a full=true query string."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2008-3273",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.redhat.com/docs/en-US/JBoss_Enterprise_Application_Platform/4.2.0.cp03/html-single/readme/index.html",
"refsource" : "CONFIRM",
"url" : "http://www.redhat.com/docs/en-US/JBoss_Enterprise_Application_Platform/4.2.0.cp03/html-single/readme/index.html"
},
{
"name" : "http://www.redhat.com/docs/en-US/JBoss_Enterprise_Application_Platform/4.3.0.cp01/html-single/readme/",
"refsource" : "CONFIRM",
"url" : "http://www.redhat.com/docs/en-US/JBoss_Enterprise_Application_Platform/4.3.0.cp01/html-single/readme/"
},
{
"name" : "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=457757",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=457757"
},
{
"name" : "https://jira.jboss.org/jira/browse/JBPAPP-544",
"refsource" : "CONFIRM",
"url" : "https://jira.jboss.org/jira/browse/JBPAPP-544"
},
{
"name" : "HPSBMU02736",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=132698550418872&w=2"
},
{
"name" : "SSRT100699",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=132698550418872&w=2"
},
{
"name" : "RHSA-2008:0825",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2008-0825.html"
},
{
"name" : "RHSA-2008:0826",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2008-0826.html"
},
{
"name" : "RHSA-2008:0827",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2008-0827.html"
},
{
"name" : "RHSA-2008:0828",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2008-0828.html"
},
{
"name" : "30540",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/30540"
},
{
"name" : "1020628",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1020628"
},
{
"name" : "jbosseap-statusservlet-info-disclosure(44235)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44235"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "JBoss Enterprise Application Platform (aka JBossEAP or EAP) before 4.2.0.CP03, and 4.3.0 before 4.3.0.CP01, allows remote attackers to obtain sensitive information about \"deployed web contexts\" via a request to the status servlet, as demonstrated by a full=true query string."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2008:0828",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2008-0828.html"
},
{
"name": "RHSA-2008:0826",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2008-0826.html"
},
{
"name": "HPSBMU02736",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=132698550418872&w=2"
},
{
"name": "http://www.redhat.com/docs/en-US/JBoss_Enterprise_Application_Platform/4.2.0.cp03/html-single/readme/index.html",
"refsource": "CONFIRM",
"url": "http://www.redhat.com/docs/en-US/JBoss_Enterprise_Application_Platform/4.2.0.cp03/html-single/readme/index.html"
},
{
"name": "jbosseap-statusservlet-info-disclosure(44235)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44235"
},
{
"name": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=457757",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=457757"
},
{
"name": "http://www.redhat.com/docs/en-US/JBoss_Enterprise_Application_Platform/4.3.0.cp01/html-single/readme/",
"refsource": "CONFIRM",
"url": "http://www.redhat.com/docs/en-US/JBoss_Enterprise_Application_Platform/4.3.0.cp01/html-single/readme/"
},
{
"name": "RHSA-2008:0827",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2008-0827.html"
},
{
"name": "SSRT100699",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=132698550418872&w=2"
},
{
"name": "https://jira.jboss.org/jira/browse/JBPAPP-544",
"refsource": "CONFIRM",
"url": "https://jira.jboss.org/jira/browse/JBPAPP-544"
},
{
"name": "RHSA-2008:0825",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2008-0825.html"
},
{
"name": "1020628",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020628"
},
{
"name": "30540",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30540"
}
]
}
}

150
2008/3xxx/CVE-2008-3585.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-3585",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in PozScripts GreenCart PHP Shopping Cart allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) product_desc.php and (2) store_info.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3585",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "6189",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/6189"
},
{
"name" : "30506",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/30506"
},
{
"name" : "4133",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/4133"
},
{
"name" : "greencart-id-sql-injection(44164)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44164"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in PozScripts GreenCart PHP Shopping Cart allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) product_desc.php and (2) store_info.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "4133",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4133"
},
{
"name": "6189",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/6189"
},
{
"name": "greencart-id-sql-injection(44164)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44164"
},
{
"name": "30506",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30506"
}
]
}
}

190
2008/3xxx/CVE-2008-3647.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-3647",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in PSNormalizer in Mac OS X 10.4.11 and 10.5.5 allows remote attackers to cause a denial of service (application termination) and execute arbitrary code via a PostScript file with a crafted bounding box comment."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3647",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://support.apple.com/kb/HT3216",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT3216"
},
{
"name" : "APPLE-SA-2008-10-09",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html"
},
{
"name" : "31681",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/31681"
},
{
"name" : "31719",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/31719"
},
{
"name" : "ADV-2008-2780",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/2780"
},
{
"name" : "1021026",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1021026"
},
{
"name" : "32222",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/32222"
},
{
"name" : "macosx-psnormalizer-bo(45783)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45783"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in PSNormalizer in Mac OS X 10.4.11 and 10.5.5 allows remote attackers to cause a denial of service (application termination) and execute arbitrary code via a PostScript file with a crafted bounding box comment."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1021026",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1021026"
},
{
"name": "macosx-psnormalizer-bo(45783)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45783"
},
{
"name": "31719",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31719"
},
{
"name": "31681",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31681"
},
{
"name": "32222",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32222"
},
{
"name": "ADV-2008-2780",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2780"
},
{
"name": "APPLE-SA-2008-10-09",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html"
},
{
"name": "http://support.apple.com/kb/HT3216",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT3216"
}
]
}
}

230
2008/3xxx/CVE-2008-3821.json
View File

@ -1,117 +1,117 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-3821",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in the HTTP server in Cisco IOS 11.0 through 12.4 allow remote attackers to inject arbitrary web script or HTML via (1) the query string to the ping program or (2) unspecified other aspects of the URI."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2008-3821",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20090114 PR08-19: XSS on Cisco IOS HTTP Server",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/500063/100/0/threaded"
},
{
"name" : "http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr08-19",
"refsource" : "MISC",
"url" : "http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr08-19"
},
{
"name" : "20090114 Cisco IOS Cross-Site Scripting Vulnerabilities",
"refsource" : "CISCO",
"url" : "http://www.cisco.com/en/US/products/products_security_response09186a0080a5c501.html"
},
{
"name" : "JVN#28344798",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN28344798/index.html"
},
{
"name" : "33260",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/33260"
},
{
"name" : "ADV-2009-0138",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/0138"
},
{
"name" : "51393",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/51393"
},
{
"name" : "51394",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/51394"
},
{
"name" : "1021598",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1021598"
},
{
"name" : "33461",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/33461"
},
{
"name" : "4916",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/4916"
},
{
"name" : "cisco-ios-httpserver-ping-xss(47947)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/47947"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the HTTP server in Cisco IOS 11.0 through 12.4 allow remote attackers to inject arbitrary web script or HTML via (1) the query string to the ping program or (2) unspecified other aspects of the URI."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#28344798",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN28344798/index.html"
},
{
"name": "51393",
"refsource": "OSVDB",
"url": "http://osvdb.org/51393"
},
{
"name": "1021598",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1021598"
},
{
"name": "4916",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4916"
},
{
"name": "http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr08-19",
"refsource": "MISC",
"url": "http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr08-19"
},
{
"name": "33260",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/33260"
},
{
"name": "cisco-ios-httpserver-ping-xss(47947)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47947"
},
{
"name": "ADV-2009-0138",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/0138"
},
{
"name": "20090114 Cisco IOS Cross-Site Scripting Vulnerabilities",
"refsource": "CISCO",
"url": "http://www.cisco.com/en/US/products/products_security_response09186a0080a5c501.html"
},
{
"name": "33461",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33461"
},
{
"name": "51394",
"refsource": "OSVDB",
"url": "http://osvdb.org/51394"
},
{
"name": "20090114 PR08-19: XSS on Cisco IOS HTTP Server",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/500063/100/0/threaded"
}
]
}
}

160
2008/6xxx/CVE-2008-6074.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-6074",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in frame.php in phpcrs 2.06 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the importFunction parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6074",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20081022 phpcrs <= 2.06 / Local File Inclusion Vulnerability (this is the correct :)",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/497742/100/0/threaded"
},
{
"name" : "6806",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/6806"
},
{
"name" : "31876",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/31876"
},
{
"name" : "32379",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/32379"
},
{
"name" : "phpcrs-frame-file-include(46043)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46043"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in frame.php in phpcrs 2.06 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the importFunction parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "6806",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/6806"
},
{
"name": "phpcrs-frame-file-include(46043)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46043"
},
{
"name": "32379",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32379"
},
{
"name": "20081022 phpcrs <= 2.06 / Local File Inclusion Vulnerability (this is the correct :)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/497742/100/0/threaded"
},
{
"name": "31876",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31876"
}
]
}
}

160
2008/6xxx/CVE-2008-6332.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-6332",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in login.php in Simple Customer 1.2 allows remote attackers to execute arbitrary SQL commands via the password parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6332",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "7146",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/7146"
},
{
"name" : "32339",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/32339"
},
{
"name" : "49916",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/49916"
},
{
"name" : "32727",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/32727"
},
{
"name" : "simplecustomer-login-sql-injection(46675)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46675"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in login.php in Simple Customer 1.2 allows remote attackers to execute arbitrary SQL commands via the password parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "32339",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32339"
},
{
"name": "49916",
"refsource": "OSVDB",
"url": "http://osvdb.org/49916"
},
{
"name": "32727",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32727"
},
{
"name": "simplecustomer-login-sql-injection(46675)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46675"
},
{
"name": "7146",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/7146"
}
]
}
}

150
2008/6xxx/CVE-2008-6460.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-6460",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in the Simple Random Objects (mw_random_objects) extension 1.0.3 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6460",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://typo3.org/teams/security/security-bulletins/typo3-20080919-1/",
"refsource" : "CONFIRM",
"url" : "http://typo3.org/teams/security/security-bulletins/typo3-20080919-1/"
},
{
"name" : "31254",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/31254"
},
{
"name" : "48277",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/48277"
},
{
"name" : "mwrandomobjects-unspecified-sql-injection(45261)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45261"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the Simple Random Objects (mw_random_objects) extension 1.0.3 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "mwrandomobjects-unspecified-sql-injection(45261)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45261"
},
{
"name": "48277",
"refsource": "OSVDB",
"url": "http://osvdb.org/48277"
},
{
"name": "31254",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31254"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-20080919-1/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20080919-1/"
}
]
}
}

170
2008/6xxx/CVE-2008-6528.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-6528",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "NTFS TmaxSoft JEUS 5 before Fix 26 allows remote attackers to read the source code for scripts by appending ::$DATA to the URL, which accesses the alternate data stream."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6528",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20081212 TmaxSoft JEUS Alternate Data Streams Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/499235/100/0/threaded"
},
{
"name" : "20081214 Fwd: TmaxSoft JEUS Alternate Data Streams Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/499236/100/0/threaded"
},
{
"name" : "7442",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/7442"
},
{
"name" : "32804",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/32804"
},
{
"name" : "33123",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/33123"
},
{
"name" : "jeus-ads-file-disclosure(47303)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/47303"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "NTFS TmaxSoft JEUS 5 before Fix 26 allows remote attackers to read the source code for scripts by appending ::$DATA to the URL, which accesses the alternate data stream."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "jeus-ads-file-disclosure(47303)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47303"
},
{
"name": "32804",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32804"
},
{
"name": "7442",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/7442"
},
{
"name": "20081212 TmaxSoft JEUS Alternate Data Streams Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/499235/100/0/threaded"
},
{
"name": "33123",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33123"
},
{
"name": "20081214 Fwd: TmaxSoft JEUS Alternate Data Streams Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/499236/100/0/threaded"
}
]
}
}

180
2008/6xxx/CVE-2008-6805.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-6805",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in Mic_Blog 0.0.3, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) cat parameter to category.php, the (2) user parameter to login.php, and the (3) site parameter to register.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6805",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "6764",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/6764"
},
{
"name" : "31787",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/31787"
},
{
"name" : "49186",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/49186"
},
{
"name" : "49187",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/49187"
},
{
"name" : "49188",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/49188"
},
{
"name" : "32310",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/32310"
},
{
"name" : "micblog-category-sql-injection(45932)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45932"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in Mic_Blog 0.0.3, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) cat parameter to category.php, the (2) user parameter to login.php, and the (3) site parameter to register.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "49188",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/49188"
},
{
"name": "31787",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31787"
},
{
"name": "49187",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/49187"
},
{
"name": "micblog-category-sql-injection(45932)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45932"
},
{
"name": "6764",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/6764"
},
{
"name": "32310",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32310"
},
{
"name": "49186",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/49186"
}
]
}
}

130
2008/7xxx/CVE-2008-7200.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-7200",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Double free vulnerability in Deliantra server engine before 2.4 has unknown impact and attack vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-7200",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://cvs.schmorp.de/cf.schmorp.de/server/Changes",
"refsource" : "CONFIRM",
"url" : "http://cvs.schmorp.de/cf.schmorp.de/server/Changes"
},
{
"name" : "48898",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/48898"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Double free vulnerability in Deliantra server engine before 2.4 has unknown impact and attack vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "48898",
"refsource": "OSVDB",
"url": "http://osvdb.org/48898"
},
{
"name": "http://cvs.schmorp.de/cf.schmorp.de/server/Changes",
"refsource": "CONFIRM",
"url": "http://cvs.schmorp.de/cf.schmorp.de/server/Changes"
}
]
}
}

34
2008/7xxx/CVE-2008-7307.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-7307",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-7307",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

160
2013/2xxx/CVE-2013-2121.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-2121",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Eval injection vulnerability in the create method in the Bookmarks controller in Foreman before 1.2.0-RC2 allows remote authenticated users with permissions to create bookmarks to execute arbitrary code via a controller name attribute."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-2121",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "27045",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/27045"
},
{
"name" : "http://projects.theforeman.org/issues/2631",
"refsource" : "CONFIRM",
"url" : "http://projects.theforeman.org/issues/2631"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=966804",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=966804"
},
{
"name" : "https://groups.google.com/forum/#!topic/foreman-users/6WpO_3ugiXU",
"refsource" : "CONFIRM",
"url" : "https://groups.google.com/forum/#!topic/foreman-users/6WpO_3ugiXU"
},
{
"name" : "RHSA-2013:0995",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0995.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Eval injection vulnerability in the create method in the Bookmarks controller in Foreman before 1.2.0-RC2 allows remote authenticated users with permissions to create bookmarks to execute arbitrary code via a controller name attribute."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://projects.theforeman.org/issues/2631",
"refsource": "CONFIRM",
"url": "http://projects.theforeman.org/issues/2631"
},
{
"name": "RHSA-2013:0995",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0995.html"
},
{
"name": "https://groups.google.com/forum/#!topic/foreman-users/6WpO_3ugiXU",
"refsource": "CONFIRM",
"url": "https://groups.google.com/forum/#!topic/foreman-users/6WpO_3ugiXU"
},
{
"name": "27045",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/27045"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=966804",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=966804"
}
]
}
}

230
2013/2xxx/CVE-2013-2487.json
View File

@ -1,117 +1,117 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-2487",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "epan/dissectors/packet-reload.c in the REsource LOcation And Discovery (aka RELOAD) dissector in Wireshark 1.8.x before 1.8.6 uses incorrect integer data types, which allows remote attackers to cause a denial of service (infinite loop) via crafted integer values in a packet, related to the (1) dissect_icecandidates, (2) dissect_kinddata, (3) dissect_nodeid_list, (4) dissect_storeans, (5) dissect_storereq, (6) dissect_storeddataspecifier, (7) dissect_fetchreq, (8) dissect_findans, (9) dissect_diagnosticinfo, (10) dissect_diagnosticresponse, (11) dissect_reload_messagecontents, and (12) dissect_reload_message functions, a different vulnerability than CVE-2013-2486."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-2487",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-reload.c?r1=47808&r2=47807&pathrev=47808",
"refsource" : "CONFIRM",
"url" : "http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-reload.c?r1=47808&r2=47807&pathrev=47808"
},
{
"name" : "http://anonsvn.wireshark.org/viewvc?view=revision&revision=47808",
"refsource" : "CONFIRM",
"url" : "http://anonsvn.wireshark.org/viewvc?view=revision&revision=47808"
},
{
"name" : "http://www.wireshark.org/docs/relnotes/wireshark-1.8.6.html",
"refsource" : "CONFIRM",
"url" : "http://www.wireshark.org/docs/relnotes/wireshark-1.8.6.html"
},
{
"name" : "http://www.wireshark.org/security/wnpa-sec-2013-21.html",
"refsource" : "CONFIRM",
"url" : "http://www.wireshark.org/security/wnpa-sec-2013-21.html"
},
{
"name" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8364",
"refsource" : "CONFIRM",
"url" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8364"
},
{
"name" : "openSUSE-SU-2013:0494",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2013-03/msg00065.html"
},
{
"name" : "openSUSE-SU-2013:0506",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2013-03/msg00077.html"
},
{
"name" : "openSUSE-SU-2013:0911",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2013-06/msg00048.html"
},
{
"name" : "openSUSE-SU-2013:0947",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2013-06/msg00083.html"
},
{
"name" : "oval:org.mitre.oval:def:16593",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16593"
},
{
"name" : "52471",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/52471"
},
{
"name" : "53425",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/53425"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "epan/dissectors/packet-reload.c in the REsource LOcation And Discovery (aka RELOAD) dissector in Wireshark 1.8.x before 1.8.6 uses incorrect integer data types, which allows remote attackers to cause a denial of service (infinite loop) via crafted integer values in a packet, related to the (1) dissect_icecandidates, (2) dissect_kinddata, (3) dissect_nodeid_list, (4) dissect_storeans, (5) dissect_storereq, (6) dissect_storeddataspecifier, (7) dissect_fetchreq, (8) dissect_findans, (9) dissect_diagnosticinfo, (10) dissect_diagnosticresponse, (11) dissect_reload_messagecontents, and (12) dissect_reload_message functions, a different vulnerability than CVE-2013-2486."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "openSUSE-SU-2013:0494",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-03/msg00065.html"
},
{
"name": "53425",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/53425"
},
{
"name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8364",
"refsource": "CONFIRM",
"url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8364"
},
{
"name": "http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-reload.c?r1=47808&r2=47807&pathrev=47808",
"refsource": "CONFIRM",
"url": "http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-reload.c?r1=47808&r2=47807&pathrev=47808"
},
{
"name": "openSUSE-SU-2013:0911",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00048.html"
},
{
"name": "http://www.wireshark.org/security/wnpa-sec-2013-21.html",
"refsource": "CONFIRM",
"url": "http://www.wireshark.org/security/wnpa-sec-2013-21.html"
},
{
"name": "52471",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/52471"
},
{
"name": "http://www.wireshark.org/docs/relnotes/wireshark-1.8.6.html",
"refsource": "CONFIRM",
"url": "http://www.wireshark.org/docs/relnotes/wireshark-1.8.6.html"
},
{
"name": "oval:org.mitre.oval:def:16593",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16593"
},
{
"name": "openSUSE-SU-2013:0506",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-03/msg00077.html"
},
{
"name": "http://anonsvn.wireshark.org/viewvc?view=revision&revision=47808",
"refsource": "CONFIRM",
"url": "http://anonsvn.wireshark.org/viewvc?view=revision&revision=47808"
},
{
"name": "openSUSE-SU-2013:0947",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00083.html"
}
]
}
}

132
2017/11xxx/CVE-2017-11046.json
View File

@ -1,68 +1,68 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "product-security@qualcomm.com",
"DATE_PUBLIC" : "2017-10-02T00:00:00",
"ID" : "CVE-2017-11046",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, when an audio driver ioctl handler is called, a kernel out-of-bounds write can potentially occur."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@qualcomm.com",
"DATE_PUBLIC": "2017-10-02T00:00:00",
"ID": "CVE-2017-11046",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://source.android.com/security/bulletin/pixel/2017-10-01",
"refsource" : "CONFIRM",
"url" : "https://source.android.com/security/bulletin/pixel/2017-10-01"
},
{
"name" : "101160",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/101160"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, when an audio driver ioctl handler is called, a kernel out-of-bounds write can potentially occur."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/pixel/2017-10-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/pixel/2017-10-01"
},
{
"name": "101160",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101160"
}
]
}
}

148
2017/11xxx/CVE-2017-11395.json
View File

@ -1,76 +1,76 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@trendmicro.com",
"DATE_PUBLIC" : "2017-08-23T00:00:00",
"ID" : "CVE-2017-11395",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Smart Protection Server (Standalone)",
"version" : {
"version_data" : [
{
"version_value" : "3.1"
},
{
"version_value" : "3.2"
}
]
}
}
]
},
"vendor_name" : "Trend Micro"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Command injection vulnerability in Trend Micro Smart Protection Server (Standalone) 3.1 and 3.2 server administration UI allows attackers with authenticated access to execute arbitrary code on vulnerable installations."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "OS Command Injection"
}
"CVE_data_meta": {
"ASSIGNER": "security@trendmicro.com",
"DATE_PUBLIC": "2017-08-23T00:00:00",
"ID": "CVE-2017-11395",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Smart Protection Server (Standalone)",
"version": {
"version_data": [
{
"version_value": "3.1"
},
{
"version_value": "3.2"
}
]
}
}
]
},
"vendor_name": "Trend Micro"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.coresecurity.com/advisories/trend-micro-smart-protection-os-command-injection",
"refsource" : "MISC",
"url" : "http://www.coresecurity.com/advisories/trend-micro-smart-protection-os-command-injection"
},
{
"name" : "https://success.trendmicro.com/solution/1117933",
"refsource" : "CONFIRM",
"url" : "https://success.trendmicro.com/solution/1117933"
},
{
"name" : "100461",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/100461"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Command injection vulnerability in Trend Micro Smart Protection Server (Standalone) 3.1 and 3.2 server administration UI allows attackers with authenticated access to execute arbitrary code on vulnerable installations."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "OS Command Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.coresecurity.com/advisories/trend-micro-smart-protection-os-command-injection",
"refsource": "MISC",
"url": "http://www.coresecurity.com/advisories/trend-micro-smart-protection-os-command-injection"
},
{
"name": "100461",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100461"
},
{
"name": "https://success.trendmicro.com/solution/1117933",
"refsource": "CONFIRM",
"url": "https://success.trendmicro.com/solution/1117933"
}
]
}
}

130
2017/14xxx/CVE-2017-14390.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security_alert@emc.com",
"ID" : "CVE-2017-14390",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "cf-deployment cf-deployment v0.35.0",
"version" : {
"version_data" : [
{
"version_value" : "cf-deployment cf-deployment v0.35.0"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In Cloud Foundry Foundation cf-deployment v0.35.0, a misconfiguration with Loggregator and syslog-drain causes logs to be drained to unintended locations."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "syslog misconfiguration"
}
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2017-14390",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "cf-deployment cf-deployment v0.35.0",
"version": {
"version_data": [
{
"version_value": "cf-deployment cf-deployment v0.35.0"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.cloudfoundry.org/cve-2017-14390/",
"refsource" : "CONFIRM",
"url" : "https://www.cloudfoundry.org/cve-2017-14390/"
},
{
"name" : "101972",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/101972"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Cloud Foundry Foundation cf-deployment v0.35.0, a misconfiguration with Loggregator and syslog-drain causes logs to be drained to unintended locations."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "syslog misconfiguration"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "101972",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101972"
},
{
"name": "https://www.cloudfoundry.org/cve-2017-14390/",
"refsource": "CONFIRM",
"url": "https://www.cloudfoundry.org/cve-2017-14390/"
}
]
}
}

122
2017/14xxx/CVE-2017-14438.json
View File

@ -1,63 +1,63 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "talos-cna@cisco.com",
"DATE_PUBLIC" : "2018-04-13T00:00:00",
"ID" : "CVE-2017-14438",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Moxa",
"version" : {
"version_data" : [
{
"version_value" : "Moxa EDR-810 V4.1 build 17030317"
}
]
}
}
]
},
"vendor_name" : "Talos"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Exploitable denial of service vulnerabilities exists in the Service Agent functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted packet can cause a denial of service. An attacker can send a large packet to 4000/tcp to trigger this vulnerability."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "denial of service"
}
"CVE_data_meta": {
"ASSIGNER": "talos-cna@cisco.com",
"DATE_PUBLIC": "2018-04-13T00:00:00",
"ID": "CVE-2017-14438",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Moxa",
"version": {
"version_data": [
{
"version_value": "Moxa EDR-810 V4.1 build 17030317"
}
]
}
}
]
},
"vendor_name": "Talos"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0487",
"refsource" : "MISC",
"url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0487"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Exploitable denial of service vulnerabilities exists in the Service Agent functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted packet can cause a denial of service. An attacker can send a large packet to 4000/tcp to trigger this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "denial of service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0487",
"refsource": "MISC",
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0487"
}
]
}
}

122
2017/14xxx/CVE-2017-14468.json
View File

@ -1,63 +1,63 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "talos-cna@cisco.com",
"DATE_PUBLIC" : "2018-03-28T00:00:00",
"ID" : "CVE-2017-14468",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Allen Bradley",
"version" : {
"version_data" : [
{
"version_value" : "Allen Bradley Micrologix 1400 Series B FRN 21.2, Allen Bradley Micrologix 1400 Series B FRN 21.0, Allen Bradley Micrologix 1400 Series B FRN 15"
}
]
}
}
]
},
"vendor_name" : "Talos"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An exploitable access control vulnerability exists in the data, program, and function file permissions functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a read or write operation resulting in disclosure of sensitive information, modification of settings, or modification of ladder logic. An attacker can send unauthenticated packets to trigger this vulnerability. Required Keyswitch State: REMOTE or PROG Description: This ability is leveraged in a larger exploit to flash custom firmware."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "denial of service"
}
"CVE_data_meta": {
"ASSIGNER": "talos-cna@cisco.com",
"DATE_PUBLIC": "2018-03-28T00:00:00",
"ID": "CVE-2017-14468",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Allen Bradley",
"version": {
"version_data": [
{
"version_value": "Allen Bradley Micrologix 1400 Series B FRN 21.2, Allen Bradley Micrologix 1400 Series B FRN 21.0, Allen Bradley Micrologix 1400 Series B FRN 15"
}
]
}
}
]
},
"vendor_name": "Talos"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0443",
"refsource" : "MISC",
"url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0443"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An exploitable access control vulnerability exists in the data, program, and function file permissions functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a read or write operation resulting in disclosure of sensitive information, modification of settings, or modification of ladder logic. An attacker can send unauthenticated packets to trigger this vulnerability. Required Keyswitch State: REMOTE or PROG Description: This ability is leveraged in a larger exploit to flash custom firmware."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "denial of service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0443",
"refsource": "MISC",
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0443"
}
]
}
}

34
2017/15xxx/CVE-2017-15927.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-15927",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-15927",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

142
2017/8xxx/CVE-2017-8594.json
View File

@ -1,73 +1,73 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secure@microsoft.com",
"DATE_PUBLIC" : "2017-07-11T00:00:00",
"ID" : "CVE-2017-8594",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Windows 8.1 and Windows RT 8.1, and Windows Server 2012 R2",
"version" : {
"version_data" : [
{
"version_value" : "Internet Explorer"
}
]
}
}
]
},
"vendor_name" : "Microsoft Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Internet Explorer on Microsoft Windows 8.1 and Windows RT 8.1, and Windows Server 2012 R2 allows an attacker to execute arbitrary code in the context of the current user when Internet Explorer improperly accesses objects in memory, aka \"Internet Explorer Memory Corruption Vulnerability\"."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Remote Code Execution"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"DATE_PUBLIC": "2017-07-11T00:00:00",
"ID": "CVE-2017-8594",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Windows 8.1 and Windows RT 8.1, and Windows Server 2012 R2",
"version": {
"version_data": [
{
"version_value": "Internet Explorer"
}
]
}
}
]
},
"vendor_name": "Microsoft Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "42336",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/42336/"
},
{
"name" : "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8594",
"refsource" : "CONFIRM",
"url" : "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8594"
},
{
"name" : "99401",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/99401"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Internet Explorer on Microsoft Windows 8.1 and Windows RT 8.1, and Windows Server 2012 R2 allows an attacker to execute arbitrary code in the context of the current user when Internet Explorer improperly accesses objects in memory, aka \"Internet Explorer Memory Corruption Vulnerability\"."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8594",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8594"
},
{
"name": "99401",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99401"
},
{
"name": "42336",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/42336/"
}
]
}
}

126
2018/1000xxx/CVE-2018-1000552.json
View File

@ -1,65 +1,65 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "kurt@seifried.org",
"DATE_ASSIGNED" : "2018-06-23T11:22:33.076459",
"DATE_REQUESTED" : "2018-04-30T09:00:12",
"ID" : "CVE-2018-1000552",
"REQUESTER" : "robin.verton@telekom.de",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Trovebox",
"version" : {
"version_data" : [
{
"version_value" : "<= 4.0.0-rc6"
}
]
}
}
]
},
"vendor_name" : "Trovebox"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Trovebox version <= 4.0.0-rc6 contains a SQL Injection vulnerability in album component that can result in SQL code injection. This attack appear to be exploitable via HTTP request. This vulnerability appears to have been fixed in after commit 742b8ed."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "SQL Injection"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "2018-06-23T11:22:33.076459",
"DATE_REQUESTED": "2018-04-30T09:00:12",
"ID": "CVE-2018-1000552",
"REQUESTER": "robin.verton@telekom.de",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://telekomsecurity.github.io/2018/04/trovebox-vulnerabilities.html",
"refsource" : "MISC",
"url" : "https://telekomsecurity.github.io/2018/04/trovebox-vulnerabilities.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Trovebox version <= 4.0.0-rc6 contains a SQL Injection vulnerability in album component that can result in SQL code injection. This attack appear to be exploitable via HTTP request. This vulnerability appears to have been fixed in after commit 742b8ed."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://telekomsecurity.github.io/2018/04/trovebox-vulnerabilities.html",
"refsource": "MISC",
"url": "https://telekomsecurity.github.io/2018/04/trovebox-vulnerabilities.html"
}
]
}
}

120
2018/12xxx/CVE-2018-12043.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-12043",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "content/content.blueprintspages.php in Symphony 2.7.6 has XSS via the pages content page."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-12043",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/symphonycms/symphony-2/commit/1ace6b31867cc83267b3550686271c9c65ac3ec0",
"refsource" : "MISC",
"url" : "https://github.com/symphonycms/symphony-2/commit/1ace6b31867cc83267b3550686271c9c65ac3ec0"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "content/content.blueprintspages.php in Symphony 2.7.6 has XSS via the pages content page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/symphonycms/symphony-2/commit/1ace6b31867cc83267b3550686271c9c65ac3ec0",
"refsource": "MISC",
"url": "https://github.com/symphonycms/symphony-2/commit/1ace6b31867cc83267b3550686271c9c65ac3ec0"
}
]
}
}

34
2018/12xxx/CVE-2018-12724.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-12724",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-12724",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

120
2018/12xxx/CVE-2018-12889.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-12889",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in CCN-lite 2.0.1. There is a heap-based buffer overflow in mkAddToRelayCacheRequest and in ccnl_populate_cache for an array lacking '\\0' termination when reading a binary CCNx or NDN file. This can result in Heap Corruption. This was addressed by fixing the memory management in mkAddToRelayCacheRequest in ccn-lite-ctrl.c."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-12889",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/cn-uofbasel/ccn-lite/issues/279",
"refsource" : "MISC",
"url" : "https://github.com/cn-uofbasel/ccn-lite/issues/279"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in CCN-lite 2.0.1. There is a heap-based buffer overflow in mkAddToRelayCacheRequest and in ccnl_populate_cache for an array lacking '\\0' termination when reading a binary CCNx or NDN file. This can result in Heap Corruption. This was addressed by fixing the memory management in mkAddToRelayCacheRequest in ccn-lite-ctrl.c."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/cn-uofbasel/ccn-lite/issues/279",
"refsource": "MISC",
"url": "https://github.com/cn-uofbasel/ccn-lite/issues/279"
}
]
}
}

120
2018/13xxx/CVE-2018-13101.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-13101",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "KioskSimpleService.exe in RedSwimmer KioskSimple 1.4.7.0 suffers from a privilege escalation vulnerability in the WCF endpoint. The exposed methods allow read and write access to the Windows registry and control of services. These methods may be abused to achieve privilege escalation via execution of attacker controlled binaries."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-13101",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/VerSprite/research/blob/master/advisories/VS-2018-026.md",
"refsource" : "MISC",
"url" : "https://github.com/VerSprite/research/blob/master/advisories/VS-2018-026.md"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "KioskSimpleService.exe in RedSwimmer KioskSimple 1.4.7.0 suffers from a privilege escalation vulnerability in the WCF endpoint. The exposed methods allow read and write access to the Windows registry and control of services. These methods may be abused to achieve privilege escalation via execution of attacker controlled binaries."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/VerSprite/research/blob/master/advisories/VS-2018-026.md",
"refsource": "MISC",
"url": "https://github.com/VerSprite/research/blob/master/advisories/VS-2018-026.md"
}
]
}
}

130
2018/13xxx/CVE-2018-13577.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-13577",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The mintToken function of a smart contract implementation for ShitCoin (SHITC) (Contract Name: AdvancedShit), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-13577",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md",
"refsource" : "MISC",
"url" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md"
},
{
"name" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/AdvancedShit",
"refsource" : "MISC",
"url" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/AdvancedShit"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The mintToken function of a smart contract implementation for ShitCoin (SHITC) (Contract Name: AdvancedShit), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md",
"refsource": "MISC",
"url": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md"
},
{
"name": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/AdvancedShit",
"refsource": "MISC",
"url": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/AdvancedShit"
}
]
}
}

120
2018/16xxx/CVE-2018-16278.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-16278",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "phpkaiyuancms PhpOpenSourceCMS (POSCMS) V3.2.0 allows an unauthenticated user to execute arbitrary SQL commands via the diy/module/member/controllers/Api.php ajax_save_draft function with the dir parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-16278",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/howchen/howchen/issues/3",
"refsource" : "MISC",
"url" : "https://github.com/howchen/howchen/issues/3"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "phpkaiyuancms PhpOpenSourceCMS (POSCMS) V3.2.0 allows an unauthenticated user to execute arbitrary SQL commands via the diy/module/member/controllers/Api.php ajax_save_draft function with the dir parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/howchen/howchen/issues/3",
"refsource": "MISC",
"url": "https://github.com/howchen/howchen/issues/3"
}
]
}
}

34
2018/16xxx/CVE-2018-16906.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-16906",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-16906",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2018/16xxx/CVE-2018-16919.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-16919",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-16919",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

190
2018/4xxx/CVE-2018-4090.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "product-security@apple.com",
"ID" : "CVE-2018-4090",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in certain Apple products. iOS before 11.2.5 is affected. macOS before 10.13.3 is affected. tvOS before 11.2.5 is affected. watchOS before 4.2.2 is affected. The issue involves the \"Kernel\" component. It allows attackers to bypass intended memory-read restrictions via a crafted app."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2018-4090",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "43923",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/43923/"
},
{
"name" : "https://support.apple.com/HT208462",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT208462"
},
{
"name" : "https://support.apple.com/HT208463",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT208463"
},
{
"name" : "https://support.apple.com/HT208464",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT208464"
},
{
"name" : "https://support.apple.com/HT208465",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT208465"
},
{
"name" : "102782",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/102782"
},
{
"name" : "1040265",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1040265"
},
{
"name" : "1040267",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1040267"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in certain Apple products. iOS before 11.2.5 is affected. macOS before 10.13.3 is affected. tvOS before 11.2.5 is affected. watchOS before 4.2.2 is affected. The issue involves the \"Kernel\" component. It allows attackers to bypass intended memory-read restrictions via a crafted app."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/HT208462",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT208462"
},
{
"name": "https://support.apple.com/HT208465",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT208465"
},
{
"name": "1040265",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040265"
},
{
"name": "43923",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/43923/"
},
{
"name": "102782",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102782"
},
{
"name": "https://support.apple.com/HT208464",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT208464"
},
{
"name": "1040267",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040267"
},
{
"name": "https://support.apple.com/HT208463",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT208463"
}
]
}
}

140
2018/4xxx/CVE-2018-4242.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "product-security@apple.com",
"ID" : "CVE-2018-4242",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the \"Hypervisor\" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2018-4242",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://support.apple.com/HT208849",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT208849"
},
{
"name" : "1041027",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1041027"
},
{
"name" : "1042004",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1042004"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the \"Hypervisor\" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1042004",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1042004"
},
{
"name": "1041027",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041027"
},
{
"name": "https://support.apple.com/HT208849",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT208849"
}
]
}
}

34
2018/4xxx/CVE-2018-4516.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-4516",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-4516",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2018/4xxx/CVE-2018-4922.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-4922",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2018. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2018-4922",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2018. Notes: none."
}
]
}
}