diff --git a/2018/17xxx/CVE-2018-17034.json b/2018/17xxx/CVE-2018-17034.json index d7896f8c9f4..4a1662eefc1 100644 --- a/2018/17xxx/CVE-2018-17034.json +++ b/2018/17xxx/CVE-2018-17034.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2018-17034", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,28 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "UCMS 1.4.6 has XSS via the install/index.php mysql_dbname parameter." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://github.com/blackstar24/UCMS/blob/master/xss.md", + "refsource" : "MISC", + "url" : "https://github.com/blackstar24/UCMS/blob/master/xss.md" } ] } diff --git a/2018/17xxx/CVE-2018-17035.json b/2018/17xxx/CVE-2018-17035.json index 68df8a8d6d4..69d2780b696 100644 --- a/2018/17xxx/CVE-2018-17035.json +++ b/2018/17xxx/CVE-2018-17035.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2018-17035", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,28 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "UCMS 1.4.6 has SQL injection during installation via the install/index.php mysql_dbname parameter." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://github.com/blackstar24/UCMS/blob/master/README.md", + "refsource" : "MISC", + "url" : "https://github.com/blackstar24/UCMS/blob/master/README.md" } ] } diff --git a/2018/17xxx/CVE-2018-17036.json b/2018/17xxx/CVE-2018-17036.json index ccd704db5ca..d9c1e1fe440 100644 --- a/2018/17xxx/CVE-2018-17036.json +++ b/2018/17xxx/CVE-2018-17036.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2018-17036", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,28 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "An issue was discovered in UCMS 1.4.6. It allows PHP code injection during installation via the systemdomain parameter to install/index.php, as demonstrated by injecting a phpinfo() call into /inc/config.php." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://github.com/blackstar24/UCMS/blob/master/phpinfo.md", + "refsource" : "MISC", + "url" : "https://github.com/blackstar24/UCMS/blob/master/phpinfo.md" } ] } diff --git a/2018/17xxx/CVE-2018-17037.json b/2018/17xxx/CVE-2018-17037.json index 87599362026..e07782f3687 100644 --- a/2018/17xxx/CVE-2018-17037.json +++ b/2018/17xxx/CVE-2018-17037.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2018-17037", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,28 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "user/editpost.php in UCMS 1.4.6 mishandles levels, which allows escalation from the normal user level of 1 to the superuser level of 3." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://github.com/blackstar24/UCMS/blob/master/level.md", + "refsource" : "MISC", + "url" : "https://github.com/blackstar24/UCMS/blob/master/level.md" } ] } diff --git a/2018/17xxx/CVE-2018-17039.json b/2018/17xxx/CVE-2018-17039.json index 263095c2080..7168fe26516 100644 --- a/2018/17xxx/CVE-2018-17039.json +++ b/2018/17xxx/CVE-2018-17039.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2018-17039", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,28 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "MiniCMS 1.10, when Internet Explorer is used, allows XSS via a crafted URI because $_SERVER['REQUEST_URI'] is mishandled." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://github.com/bg5sbk/MiniCMS/issues/24", + "refsource" : "MISC", + "url" : "https://github.com/bg5sbk/MiniCMS/issues/24" } ] } diff --git a/2018/17xxx/CVE-2018-17042.json b/2018/17xxx/CVE-2018-17042.json index 916754fb5ce..201f372303f 100644 --- a/2018/17xxx/CVE-2018-17042.json +++ b/2018/17xxx/CVE-2018-17042.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2018-17042", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,33 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "An issue has been found in dbf2txt through 2012-07-19. It is a infinite loop." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://github.com/bcsanches/dbf2txt/issues/2", + "refsource" : "MISC", + "url" : "https://github.com/bcsanches/dbf2txt/issues/2" + }, + { + "name" : "https://github.com/grandnew/software-vulnerabilities/tree/master/dbf2txt#infinite-loop", + "refsource" : "MISC", + "url" : "https://github.com/grandnew/software-vulnerabilities/tree/master/dbf2txt#infinite-loop" } ] } diff --git a/2018/17xxx/CVE-2018-17043.json b/2018/17xxx/CVE-2018-17043.json index 27942b01e66..2205fd49655 100644 --- a/2018/17xxx/CVE-2018-17043.json +++ b/2018/17xxx/CVE-2018-17043.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2018-17043", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,33 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "An issue has been found in doc2txt through 2014-03-19. It is a heap-based buffer overflow in the function Storage::init in Storage.cpp, called from parse_doc in parse_doc.cpp." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://github.com/grandnew/software-vulnerabilities/tree/master/doc2txt#heap-buffer-overflow-in-function-storageinit", + "refsource" : "MISC", + "url" : "https://github.com/grandnew/software-vulnerabilities/tree/master/doc2txt#heap-buffer-overflow-in-function-storageinit" + }, + { + "name" : "https://github.com/tsfn/doc2txt/issues/1", + "refsource" : "MISC", + "url" : "https://github.com/tsfn/doc2txt/issues/1" } ] } diff --git a/2018/17xxx/CVE-2018-17044.json b/2018/17xxx/CVE-2018-17044.json index fc05d564861..0ab1139c2ea 100644 --- a/2018/17xxx/CVE-2018-17044.json +++ b/2018/17xxx/CVE-2018-17044.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2018-17044", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,28 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "In YzmCMS 5.1, stored XSS exists via the admin/system_manage/user_config_add.html title parameter." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://github.com/yzmcms/yzmcms/issues/3", + "refsource" : "MISC", + "url" : "https://github.com/yzmcms/yzmcms/issues/3" } ] } diff --git a/2018/17xxx/CVE-2018-17045.json b/2018/17xxx/CVE-2018-17045.json index f79f6d40dfa..09585f19659 100644 --- a/2018/17xxx/CVE-2018-17045.json +++ b/2018/17xxx/CVE-2018-17045.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2018-17045", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,28 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "An issue was discovered in CMS MaeloStore V.1.5.0. There is a CSRF vulnerability that can change the administrator password via admin/modul/users/aksi_users.php?act=update." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://github.com/maelosoki/MaeloStore/issues/1", + "refsource" : "MISC", + "url" : "https://github.com/maelosoki/MaeloStore/issues/1" } ] } diff --git a/2018/17xxx/CVE-2018-17046.json b/2018/17xxx/CVE-2018-17046.json index b9ffd9ee035..537945afd3c 100644 --- a/2018/17xxx/CVE-2018-17046.json +++ b/2018/17xxx/CVE-2018-17046.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2018-17046", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,28 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "translate man before 2018-08-21 has XSS via containers/outputBox/outputBox.vue and store/index.js." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://github.com/magic-FE/translate-man/issues/49", + "refsource" : "MISC", + "url" : "https://github.com/magic-FE/translate-man/issues/49" } ] } diff --git a/2018/17xxx/CVE-2018-17049.json b/2018/17xxx/CVE-2018-17049.json index 08640e2850a..6d1466409d4 100644 --- a/2018/17xxx/CVE-2018-17049.json +++ b/2018/17xxx/CVE-2018-17049.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2018-17049", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,28 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "CQU-LANKERS through 2017-11-02 has XSS via the public/api.php callback parameter in an uploadpic action." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://github.com/TREYWANGCQU/LANKERS/issues/1", + "refsource" : "MISC", + "url" : "https://github.com/TREYWANGCQU/LANKERS/issues/1" } ] } diff --git a/2018/17xxx/CVE-2018-17051.json b/2018/17xxx/CVE-2018-17051.json index 7d113fe0281..7c030b1a954 100644 --- a/2018/17xxx/CVE-2018-17051.json +++ b/2018/17xxx/CVE-2018-17051.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2018-17051", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,28 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "K-Net Cisco Configuration Manager through 2014-11-19 has XSS via devices.php." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://github.com/adilinden/cisco-config-manager/issues/3", + "refsource" : "MISC", + "url" : "https://github.com/adilinden/cisco-config-manager/issues/3" } ] }