diff --git a/2005/0xxx/CVE-2005-0005.json b/2005/0xxx/CVE-2005-0005.json index be215cb39a9..9c73eed3c65 100644 --- a/2005/0xxx/CVE-2005-0005.json +++ b/2005/0xxx/CVE-2005-0005.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0005", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in psd.c for ImageMagick 6.1.0, 6.1.7, and possibly earlier versions allows remote attackers to execute arbitrary code via a .PSD image file with a large number of layers." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0005", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050117 Multiple Vendor ImageMagick .psd Image File Decode Heap Overflow Vulnerability", - "refsource" : "IDEFENSE", - "url" : "http://www.idefense.com/application/poi/display?id=184&type=vulnerabilities" - }, - { - "name" : "DSA-646", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2005/dsa-646" - }, - { - "name" : "GLSA-200501-37", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200501-37.xml" - }, - { - "name" : "RHSA-2005:071", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2005-071.html" - }, - { - "name" : "20050118 [USN-62-1] imagemagick vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=110608222117215&w=2" - }, - { - "name" : "RHSA-2005:070", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2005-070.html" - }, - { - "name" : "oval:org.mitre.oval:def:9925", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9925" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in psd.c for ImageMagick 6.1.0, 6.1.7, and possibly earlier versions allows remote attackers to execute arbitrary code via a .PSD image file with a large number of layers." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:9925", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9925" + }, + { + "name": "DSA-646", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2005/dsa-646" + }, + { + "name": "GLSA-200501-37", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200501-37.xml" + }, + { + "name": "20050118 [USN-62-1] imagemagick vulnerability", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=110608222117215&w=2" + }, + { + "name": "20050117 Multiple Vendor ImageMagick .psd Image File Decode Heap Overflow Vulnerability", + "refsource": "IDEFENSE", + "url": "http://www.idefense.com/application/poi/display?id=184&type=vulnerabilities" + }, + { + "name": "RHSA-2005:071", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2005-071.html" + }, + { + "name": "RHSA-2005:070", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2005-070.html" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0180.json b/2005/0xxx/CVE-2005-0180.json index 9333c67b2d9..17554f1e8f1 100644 --- a/2005/0xxx/CVE-2005-0180.json +++ b/2005/0xxx/CVE-2005-0180.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0180", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple integer signedness errors in the sg_scsi_ioctl function in scsi_ioctl.c for Linux 2.6.x allow local users to read or modify kernel memory via negative integers in arguments to the scsi ioctl, which bypass a maximum length check before calling the copy_from_user and copy_to_user functions." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0180", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050107 grsecurity 2.1.0 release / 5 Linux kernel advisories", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/386374" - }, - { - "name" : "20050107 grsecurity 2.1.0 release / 5 Linux kernel advisories", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2005-January/030660.html" - }, - { - "name" : "CLA-2005:930", - "refsource" : "CONECTIVA", - "url" : "http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000930" - }, - { - "name" : "MDKSA-2005:218", - "refsource" : "MANDRAKE", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2005:218" - }, - { - "name" : "MDKSA-2005:219", - "refsource" : "MANDRAKE", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2005:219" - }, - { - "name" : "RHSA-2005:092", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2005-092.html" - }, - { - "name" : "12198", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/12198" - }, - { - "name" : "oval:org.mitre.oval:def:10667", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10667" - }, - { - "name" : "17826", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17826" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple integer signedness errors in the sg_scsi_ioctl function in scsi_ioctl.c for Linux 2.6.x allow local users to read or modify kernel memory via negative integers in arguments to the scsi ioctl, which bypass a maximum length check before calling the copy_from_user and copy_to_user functions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "12198", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/12198" + }, + { + "name": "20050107 grsecurity 2.1.0 release / 5 Linux kernel advisories", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-January/030660.html" + }, + { + "name": "RHSA-2005:092", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2005-092.html" + }, + { + "name": "MDKSA-2005:218", + "refsource": "MANDRAKE", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:218" + }, + { + "name": "17826", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17826" + }, + { + "name": "CLA-2005:930", + "refsource": "CONECTIVA", + "url": "http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000930" + }, + { + "name": "MDKSA-2005:219", + "refsource": "MANDRAKE", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:219" + }, + { + "name": "20050107 grsecurity 2.1.0 release / 5 Linux kernel advisories", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/386374" + }, + { + "name": "oval:org.mitre.oval:def:10667", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10667" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0367.json b/2005/0xxx/CVE-2005-0367.json index 58cf5d917e8..38231b50f24 100644 --- a/2005/0xxx/CVE-2005-0367.json +++ b/2005/0xxx/CVE-2005-0367.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0367", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple directory traversal vulnerabilities in ArGoSoft Mail Server 1.8.7.3 allow remote authenticated users to read, delete, or upload arbitrary files via a .. (dot dot) in (1) the filename of an e-mail attachment, (2) the _msgatt.rec file, (3) and the /msg, /delete, /folderadd, and /folderdelete operations for the Folder parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0367", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050209 [SIG^2 G-TEC] ArGoSoft Mail Server Webmail Multiple Directory Traversal Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=110796956011699&w=2" - }, - { - "name" : "http://www.security.org.sg/vuln/argosoftmail1873.html", - "refsource" : "MISC", - "url" : "http://www.security.org.sg/vuln/argosoftmail1873.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple directory traversal vulnerabilities in ArGoSoft Mail Server 1.8.7.3 allow remote authenticated users to read, delete, or upload arbitrary files via a .. (dot dot) in (1) the filename of an e-mail attachment, (2) the _msgatt.rec file, (3) and the /msg, /delete, /folderadd, and /folderdelete operations for the Folder parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20050209 [SIG^2 G-TEC] ArGoSoft Mail Server Webmail Multiple Directory Traversal Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=110796956011699&w=2" + }, + { + "name": "http://www.security.org.sg/vuln/argosoftmail1873.html", + "refsource": "MISC", + "url": "http://www.security.org.sg/vuln/argosoftmail1873.html" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0514.json b/2005/0xxx/CVE-2005-0514.json index 418dc11b8e8..a0a259bb142 100644 --- a/2005/0xxx/CVE-2005-0514.json +++ b/2005/0xxx/CVE-2005-0514.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0514", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Verity Ultraseek before 5.3.3 allows remote attackers to inject arbitrary HTML and web script via search parameters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0514", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20041223 Cross-Site Scripting - an industry-wide problem", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2004-December/030222.html" - }, - { - "name" : "http://www.mikx.de/index.php?p=6", - "refsource" : "MISC", - "url" : "http://www.mikx.de/index.php?p=6" - }, - { - "name" : "VU#716144", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/716144" - }, - { - "name" : "14367", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/14367" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Verity Ultraseek before 5.3.3 allows remote attackers to inject arbitrary HTML and web script via search parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.mikx.de/index.php?p=6", + "refsource": "MISC", + "url": "http://www.mikx.de/index.php?p=6" + }, + { + "name": "14367", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/14367" + }, + { + "name": "20041223 Cross-Site Scripting - an industry-wide problem", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-December/030222.html" + }, + { + "name": "VU#716144", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/716144" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0862.json b/2005/0xxx/CVE-2005-0862.json index 327820e2ea2..0e7d9958a6f 100644 --- a/2005/0xxx/CVE-2005-0862.json +++ b/2005/0xxx/CVE-2005-0862.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0862", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple PHP remote file inclusion vulnerabilities in PHPOpenChat 3.0.1 and earlier allow remote attackers to execute arbitrary PHP code via the phpbb_root_path parameter to (1) poc_loginform.php or (2) phpbb/poc.php, the poc_root_path parameter to (3) phpbb/poc.php, (4) phpnuke/ENGLISH_poc.php, (5) phpnuke/poc.php, or (6) yabbse/poc.php, or (7) the sourcedir parameter to yabbse/poc.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0862", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070410 PhpOpenChat <= 3.0.1 (poc.php) Multiple Remote File Include Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/465237/100/0/threaded" - }, - { - "name" : "http://www.albanianhaxorz.org/advisory/phpopenchaten.txt", - "refsource" : "MISC", - "url" : "http://www.albanianhaxorz.org/advisory/phpopenchaten.txt" - }, - { - "name" : "http://www.zone-h.org/advisories/read/id=7310", - "refsource" : "MISC", - "url" : "http://www.zone-h.org/advisories/read/id=7310" - }, - { - "name" : "12817", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/12817" - }, - { - "name" : "14807", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/14807" - }, - { - "name" : "14808", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/14808" - }, - { - "name" : "14809", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/14809" - }, - { - "name" : "1013434", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1013434" - }, - { - "name" : "14600", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/14600" - }, - { - "name" : "phpopenchat-file-include(19721)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19721" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple PHP remote file inclusion vulnerabilities in PHPOpenChat 3.0.1 and earlier allow remote attackers to execute arbitrary PHP code via the phpbb_root_path parameter to (1) poc_loginform.php or (2) phpbb/poc.php, the poc_root_path parameter to (3) phpbb/poc.php, (4) phpnuke/ENGLISH_poc.php, (5) phpnuke/poc.php, or (6) yabbse/poc.php, or (7) the sourcedir parameter to yabbse/poc.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "14809", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/14809" + }, + { + "name": "http://www.albanianhaxorz.org/advisory/phpopenchaten.txt", + "refsource": "MISC", + "url": "http://www.albanianhaxorz.org/advisory/phpopenchaten.txt" + }, + { + "name": "20070410 PhpOpenChat <= 3.0.1 (poc.php) Multiple Remote File Include Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/465237/100/0/threaded" + }, + { + "name": "http://www.zone-h.org/advisories/read/id=7310", + "refsource": "MISC", + "url": "http://www.zone-h.org/advisories/read/id=7310" + }, + { + "name": "14808", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/14808" + }, + { + "name": "1013434", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1013434" + }, + { + "name": "phpopenchat-file-include(19721)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19721" + }, + { + "name": "14807", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/14807" + }, + { + "name": "12817", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/12817" + }, + { + "name": "14600", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/14600" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1699.json b/2005/1xxx/CVE-2005-1699.json index 3337855947c..3fa845a70a0 100644 --- a/2005/1xxx/CVE-2005-1699.json +++ b/2005/1xxx/CVE-2005-1699.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1699", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in pnadminapi.php in the Xanthia module in PostNuke 0.760-RC3 allows remote administrators to read arbitrary files via a .. (dot dot) in the skin parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1699", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050521 [SECURITYREASON.COM] PostNuke Non Critical SQL Injection and Include 0.760-RC3=>x cXIb8O3.10", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=111670586322172&w=2" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in pnadminapi.php in the Xanthia module in PostNuke 0.760-RC3 allows remote administrators to read arbitrary files via a .. (dot dot) in the skin parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20050521 [SECURITYREASON.COM] PostNuke Non Critical SQL Injection and Include 0.760-RC3=>x cXIb8O3.10", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=111670586322172&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3202.json b/2005/3xxx/CVE-2005-3202.json index bba5b4f6aef..3a836772408 100644 --- a/2005/3xxx/CVE-2005-3202.json +++ b/2005/3xxx/CVE-2005-3202.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3202", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in Oracle HTML DB (HTMLDB) 1.3 through 1.3.6 allow remote attackers to inject arbitrary web script or HTML, and subsequently execute SQL statements via the (1) p or (2) p_t02 parameters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3202", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20051007 Cross-Site-Scripting Vulnerabilities in Oracle HTMLDB", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=112870398418456&w=2" - }, - { - "name" : "20051007 Cross-Site-Scripting Vulnerabilities in Oracle HTMLDB", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0173.html" - }, - { - "name" : "http://www.red-database-security.com/advisory/oracle_htmldb_css.html", - "refsource" : "MISC", - "url" : "http://www.red-database-security.com/advisory/oracle_htmldb_css.html" - }, - { - "name" : "http://www.oracle.com/technology/deploy/security/pdf/cpuapr2005.pdf", - "refsource" : "MISC", - "url" : "http://www.oracle.com/technology/deploy/security/pdf/cpuapr2005.pdf" - }, - { - "name" : "15031", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15031" - }, - { - "name" : "20051", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/20051" - }, - { - "name" : "20052", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/20052" - }, - { - "name" : "14935", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/14935/" - }, - { - "name" : "62", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/62" - }, - { - "name" : "oracle-htmldb-xss(22540)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/22540" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in Oracle HTML DB (HTMLDB) 1.3 through 1.3.6 allow remote attackers to inject arbitrary web script or HTML, and subsequently execute SQL statements via the (1) p or (2) p_t02 parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.red-database-security.com/advisory/oracle_htmldb_css.html", + "refsource": "MISC", + "url": "http://www.red-database-security.com/advisory/oracle_htmldb_css.html" + }, + { + "name": "20052", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/20052" + }, + { + "name": "62", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/62" + }, + { + "name": "14935", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/14935/" + }, + { + "name": "20051007 Cross-Site-Scripting Vulnerabilities in Oracle HTMLDB", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=112870398418456&w=2" + }, + { + "name": "oracle-htmldb-xss(22540)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22540" + }, + { + "name": "20051", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/20051" + }, + { + "name": "http://www.oracle.com/technology/deploy/security/pdf/cpuapr2005.pdf", + "refsource": "MISC", + "url": "http://www.oracle.com/technology/deploy/security/pdf/cpuapr2005.pdf" + }, + { + "name": "20051007 Cross-Site-Scripting Vulnerabilities in Oracle HTMLDB", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0173.html" + }, + { + "name": "15031", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15031" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3902.json b/2005/3xxx/CVE-2005-3902.json index 28f0d59e236..00ffc56419d 100644 --- a/2005/3xxx/CVE-2005-3902.json +++ b/2005/3xxx/CVE-2005-3902.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3902", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in gui/errordocs/index.php in Virtual Hosting Control System (VHCS) 2.2.0 through 2.4.6.2 allows remote attackers to inject arbitrary web script or HTML via query strings that are included in an error message, as demonstrated using a parameter containing script." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3902", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20051122 VHCS 2.x HTTP Error Cross Site Scripting", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=113269811630139&w=2" - }, - { - "name" : "20051122 VHCS 2.x HTTP Error Cross Site Scripting", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2005-November/039000.html" - }, - { - "name" : "http://moritz-naumann.com/adv/0006/vhcsxss/0006.txt", - "refsource" : "MISC", - "url" : "http://moritz-naumann.com/adv/0006/vhcsxss/0006.txt" - }, - { - "name" : "15538", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15538" - }, - { - "name" : "21060", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/21060" - }, - { - "name" : "17704", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17704/" - }, - { - "name" : "202", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/202" - }, - { - "name" : "vhcs-http-error-xss(23209)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/23209" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in gui/errordocs/index.php in Virtual Hosting Control System (VHCS) 2.2.0 through 2.4.6.2 allows remote attackers to inject arbitrary web script or HTML via query strings that are included in an error message, as demonstrated using a parameter containing script." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "15538", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15538" + }, + { + "name": "202", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/202" + }, + { + "name": "20051122 VHCS 2.x HTTP Error Cross Site Scripting", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=113269811630139&w=2" + }, + { + "name": "http://moritz-naumann.com/adv/0006/vhcsxss/0006.txt", + "refsource": "MISC", + "url": "http://moritz-naumann.com/adv/0006/vhcsxss/0006.txt" + }, + { + "name": "21060", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/21060" + }, + { + "name": "vhcs-http-error-xss(23209)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23209" + }, + { + "name": "17704", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17704/" + }, + { + "name": "20051122 VHCS 2.x HTTP Error Cross Site Scripting", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-November/039000.html" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4355.json b/2005/4xxx/CVE-2005-4355.json index 93e4bfeb4dc..c754a207f58 100644 --- a/2005/4xxx/CVE-2005-4355.json +++ b/2005/4xxx/CVE-2005-4355.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4355", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in UStore allow remote attackers to inject arbitrary web script or HTML via the (1) Cat parameter in default.asp and the (2) accessdenied parameter in admin/default.asp. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4355", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "ADV-2005-2990", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2990" - }, - { - "name" : "21979", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/21979" - }, - { - "name" : "21980", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/21980" - }, - { - "name" : "18026", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18026" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in UStore allow remote attackers to inject arbitrary web script or HTML via the (1) Cat parameter in default.asp and the (2) accessdenied parameter in admin/default.asp. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "21980", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/21980" + }, + { + "name": "18026", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18026" + }, + { + "name": "21979", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/21979" + }, + { + "name": "ADV-2005-2990", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2990" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4533.json b/2005/4xxx/CVE-2005-4533.json index f572688642b..092c534c694 100644 --- a/2005/4xxx/CVE-2005-4533.json +++ b/2005/4xxx/CVE-2005-4533.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4533", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Argument injection vulnerability in scponlyc in scponly 4.1 and earlier, when both scp and rsync compatibility are enabled, allows local users to execute arbitrary applications via \"getopt\" style argument specifications, which are not filtered." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4533", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://sublimation.org/scponly/#relnotes", - "refsource" : "CONFIRM", - "url" : "http://sublimation.org/scponly/#relnotes" - }, - { - "name" : "GLSA-200512-17", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200512-17.xml" - }, - { - "name" : "16051", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16051" - }, - { - "name" : "18223", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18223" - }, - { - "name" : "18236", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18236" - }, - { - "name" : "scponly-escape-shell-restrictions(23875)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/23875" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Argument injection vulnerability in scponlyc in scponly 4.1 and earlier, when both scp and rsync compatibility are enabled, allows local users to execute arbitrary applications via \"getopt\" style argument specifications, which are not filtered." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "18223", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18223" + }, + { + "name": "16051", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16051" + }, + { + "name": "18236", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18236" + }, + { + "name": "http://sublimation.org/scponly/#relnotes", + "refsource": "CONFIRM", + "url": "http://sublimation.org/scponly/#relnotes" + }, + { + "name": "GLSA-200512-17", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200512-17.xml" + }, + { + "name": "scponly-escape-shell-restrictions(23875)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23875" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4580.json b/2005/4xxx/CVE-2005-4580.json index 01fe97b2e6a..609ce81d848 100644 --- a/2005/4xxx/CVE-2005-4580.json +++ b/2005/4xxx/CVE-2005-4580.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4580", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Day Communique 4 allows remote attackers to inject arbitrary web script or HTML via the query parameter in a search." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4580", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://pridels0.blogspot.com/2005/12/communiqu-4-xss-vuln.html", - "refsource" : "MISC", - "url" : "http://pridels0.blogspot.com/2005/12/communiqu-4-xss-vuln.html" - }, - { - "name" : "16072", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16072" - }, - { - "name" : "21930", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/21930" - }, - { - "name" : "18258", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18258" - }, - { - "name" : "Communiqué-search-xss(23860)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/23860" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Day Communique 4 allows remote attackers to inject arbitrary web script or HTML via the query parameter in a search." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "16072", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16072" + }, + { + "name": "21930", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/21930" + }, + { + "name": "Communiqu\u00e9-search-xss(23860)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23860" + }, + { + "name": "http://pridels0.blogspot.com/2005/12/communiqu-4-xss-vuln.html", + "refsource": "MISC", + "url": "http://pridels0.blogspot.com/2005/12/communiqu-4-xss-vuln.html" + }, + { + "name": "18258", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18258" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4655.json b/2005/4xxx/CVE-2005-4655.json index 18065655d3f..b4fb983ec80 100644 --- a/2005/4xxx/CVE-2005-4655.json +++ b/2005/4xxx/CVE-2005-4655.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4655", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in submit.php in PHP-Fusion 6.0.204 allows remote attackers to inject arbitrary web script or HTML via nested tags in the news_body parameter, as demonstrated by elements such as \"ta\" and \"ript>\"." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4655", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20051024 Possible Bug in PHP-Fusion 6.0.204", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2005-10/0272.html" - }, - { - "name" : "ADV-2005-2192", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2192" - }, - { - "name" : "17312", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17312" - }, - { - "name" : "106", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/106" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in submit.php in PHP-Fusion 6.0.204 allows remote attackers to inject arbitrary web script or HTML via nested tags in the news_body parameter, as demonstrated by elements such as \"ta\" and \"ript>\"." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2005-2192", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2192" + }, + { + "name": "106", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/106" + }, + { + "name": "17312", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17312" + }, + { + "name": "20051024 Possible Bug in PHP-Fusion 6.0.204", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2005-10/0272.html" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0115.json b/2009/0xxx/CVE-2009-0115.json index 2d48afd5e8b..70bbb97b5d0 100644 --- a/2009/0xxx/CVE-2009-0115.json +++ b/2009/0xxx/CVE-2009-0115.json @@ -1,152 +1,152 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0115", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Device Mapper multipathing driver (aka multipath-tools or device-mapper-multipath) 0.4.8, as used in SUSE openSUSE, SUSE Linux Enterprise Server (SLES), Fedora, and possibly other operating systems, uses world-writable permissions for the socket file (aka /var/run/multipathd.sock), which allows local users to send arbitrary commands to the multipath daemon." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0115", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[security-announce] 20100303 VMSA-2010-0004 ESX Service Console and vMA third party updates", - "refsource" : "MLIST", - "url" : "http://lists.vmware.com/pipermail/security-announce/2010/000082.html" - }, - { - "name" : "http://launchpad.net/bugs/cve/2009-0115", - "refsource" : "MISC", - "url" : "http://launchpad.net/bugs/cve/2009-0115" - }, - { - "name" : "http://download.opensuse.org/update/10.3-test/repodata/patch-kpartx-6082.xml", - "refsource" : "CONFIRM", - "url" : "http://download.opensuse.org/update/10.3-test/repodata/patch-kpartx-6082.xml" - }, - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2009-128.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2009-128.htm" - }, - { - "name" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10691", - "refsource" : "CONFIRM", - "url" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10691" - }, - { - "name" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705", - "refsource" : "CONFIRM", - "url" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705" - }, - { - "name" : "DSA-1767", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2009/dsa-1767" - }, - { - "name" : "FEDORA-2009-3449", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00231.html" - }, - { - "name" : "FEDORA-2009-3453", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00236.html" - }, - { - "name" : "SUSE-SR:2009:007", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html" - }, - { - "name" : "SUSE-SR:2009:008", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html" - }, - { - "name" : "oval:org.mitre.oval:def:9214", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9214" - }, - { - "name" : "34418", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34418" - }, - { - "name" : "34642", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34642" - }, - { - "name" : "34694", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34694" - }, - { - "name" : "34710", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34710" - }, - { - "name" : "34759", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34759" - }, - { - "name" : "38794", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38794" - }, - { - "name" : "ADV-2010-0528", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/0528" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Device Mapper multipathing driver (aka multipath-tools or device-mapper-multipath) 0.4.8, as used in SUSE openSUSE, SUSE Linux Enterprise Server (SLES), Fedora, and possibly other operating systems, uses world-writable permissions for the socket file (aka /var/run/multipathd.sock), which allows local users to send arbitrary commands to the multipath daemon." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SUSE-SR:2009:007", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html" + }, + { + "name": "34759", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34759" + }, + { + "name": "38794", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38794" + }, + { + "name": "[security-announce] 20100303 VMSA-2010-0004 ESX Service Console and vMA third party updates", + "refsource": "MLIST", + "url": "http://lists.vmware.com/pipermail/security-announce/2010/000082.html" + }, + { + "name": "DSA-1767", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2009/dsa-1767" + }, + { + "name": "34642", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34642" + }, + { + "name": "34694", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34694" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2009-128.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2009-128.htm" + }, + { + "name": "34418", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34418" + }, + { + "name": "34710", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34710" + }, + { + "name": "FEDORA-2009-3453", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00236.html" + }, + { + "name": "SUSE-SR:2009:008", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html" + }, + { + "name": "http://launchpad.net/bugs/cve/2009-0115", + "refsource": "MISC", + "url": "http://launchpad.net/bugs/cve/2009-0115" + }, + { + "name": "oval:org.mitre.oval:def:9214", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9214" + }, + { + "name": "FEDORA-2009-3449", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00231.html" + }, + { + "name": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10691", + "refsource": "CONFIRM", + "url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10691" + }, + { + "name": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705", + "refsource": "CONFIRM", + "url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705" + }, + { + "name": "http://download.opensuse.org/update/10.3-test/repodata/patch-kpartx-6082.xml", + "refsource": "CONFIRM", + "url": "http://download.opensuse.org/update/10.3-test/repodata/patch-kpartx-6082.xml" + }, + { + "name": "ADV-2010-0528", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/0528" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0186.json b/2009/0xxx/CVE-2009-0186.json index 02610dc878a..37d1cb1c36b 100644 --- a/2009/0xxx/CVE-2009-0186.json +++ b/2009/0xxx/CVE-2009-0186.json @@ -1,157 +1,157 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0186", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in libsndfile 1.0.18, as used in Winamp and other products, allows context-dependent attackers to execute arbitrary code via crafted description chunks in a CAF audio file, leading to a heap-based buffer overflow." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "PSIRT-CNA@flexerasoftware.com", + "ID": "CVE-2009-0186", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090303 Secunia Research: Winamp CAF Processing Integer Overflow Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/501399/100/0/threaded" - }, - { - "name" : "20090303 Secunia Research: libsndfile CAF Processing Integer Overflow Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/501413/100/0/threaded" - }, - { - "name" : "http://secunia.com/secunia_research/2009-7/", - "refsource" : "MISC", - "url" : "http://secunia.com/secunia_research/2009-7/" - }, - { - "name" : "http://secunia.com/secunia_research/2009-8/", - "refsource" : "MISC", - "url" : "http://secunia.com/secunia_research/2009-8/" - }, - { - "name" : "http://www.mega-nerd.com/libsndfile/NEWS", - "refsource" : "CONFIRM", - "url" : "http://www.mega-nerd.com/libsndfile/NEWS" - }, - { - "name" : "DSA-1742", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2009/dsa-1742" - }, - { - "name" : "GLSA-200904-16", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200904-16.xml" - }, - { - "name" : "SUSE-SR:2009:008", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html" - }, - { - "name" : "USN-749-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-749-1" - }, - { - "name" : "33963", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/33963" - }, - { - "name" : "1021784", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1021784" - }, - { - "name" : "33980", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33980" - }, - { - "name" : "33981", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33981" - }, - { - "name" : "34316", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34316" - }, - { - "name" : "34526", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34526" - }, - { - "name" : "34642", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34642" - }, - { - "name" : "34791", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34791" - }, - { - "name" : "ADV-2009-0584", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/0584" - }, - { - "name" : "ADV-2009-0585", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/0585" - }, - { - "name" : "libsndfile-caf-bo(49038)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/49038" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in libsndfile 1.0.18, as used in Winamp and other products, allows context-dependent attackers to execute arbitrary code via crafted description chunks in a CAF audio file, leading to a heap-based buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2009-0585", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/0585" + }, + { + "name": "GLSA-200904-16", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200904-16.xml" + }, + { + "name": "DSA-1742", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2009/dsa-1742" + }, + { + "name": "20090303 Secunia Research: libsndfile CAF Processing Integer Overflow Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/501413/100/0/threaded" + }, + { + "name": "33981", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33981" + }, + { + "name": "33980", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33980" + }, + { + "name": "34642", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34642" + }, + { + "name": "1021784", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1021784" + }, + { + "name": "34316", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34316" + }, + { + "name": "libsndfile-caf-bo(49038)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49038" + }, + { + "name": "34526", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34526" + }, + { + "name": "SUSE-SR:2009:008", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html" + }, + { + "name": "USN-749-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-749-1" + }, + { + "name": "http://www.mega-nerd.com/libsndfile/NEWS", + "refsource": "CONFIRM", + "url": "http://www.mega-nerd.com/libsndfile/NEWS" + }, + { + "name": "ADV-2009-0584", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/0584" + }, + { + "name": "http://secunia.com/secunia_research/2009-7/", + "refsource": "MISC", + "url": "http://secunia.com/secunia_research/2009-7/" + }, + { + "name": "33963", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/33963" + }, + { + "name": "20090303 Secunia Research: Winamp CAF Processing Integer Overflow Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/501399/100/0/threaded" + }, + { + "name": "http://secunia.com/secunia_research/2009-8/", + "refsource": "MISC", + "url": "http://secunia.com/secunia_research/2009-8/" + }, + { + "name": "34791", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34791" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0666.json b/2009/0xxx/CVE-2009-0666.json index 090eda52c9d..716b22c8477 100644 --- a/2009/0xxx/CVE-2009-0666.json +++ b/2009/0xxx/CVE-2009-0666.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0666", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0666", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1118.json b/2009/1xxx/CVE-2009-1118.json index 752598291a6..d11387f86b4 100644 --- a/2009/1xxx/CVE-2009-1118.json +++ b/2009/1xxx/CVE-2009-1118.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1118", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1118", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1590.json b/2009/1xxx/CVE-2009-1590.json index d5726a4c59e..5158f3173e9 100644 --- a/2009/1xxx/CVE-2009-1590.json +++ b/2009/1xxx/CVE-2009-1590.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1590", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in CGI RESCUE FORM2MAIL before 1.42 allows remote attackers to send email to arbitrary recipients via a web form." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1590", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.rescue.ne.jp/whatsnew/blog.cgi/permalink/20081213132937", - "refsource" : "CONFIRM", - "url" : "http://www.rescue.ne.jp/whatsnew/blog.cgi/permalink/20081213132937" - }, - { - "name" : "JVN#76370393", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN76370393/index.html" - }, - { - "name" : "JVNDB-2009-000023", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000023.html" - }, - { - "name" : "54097", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/54097" - }, - { - "name" : "34869", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34869" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in CGI RESCUE FORM2MAIL before 1.42 allows remote attackers to send email to arbitrary recipients via a web form." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVNDB-2009-000023", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000023.html" + }, + { + "name": "54097", + "refsource": "OSVDB", + "url": "http://osvdb.org/54097" + }, + { + "name": "http://www.rescue.ne.jp/whatsnew/blog.cgi/permalink/20081213132937", + "refsource": "CONFIRM", + "url": "http://www.rescue.ne.jp/whatsnew/blog.cgi/permalink/20081213132937" + }, + { + "name": "JVN#76370393", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN76370393/index.html" + }, + { + "name": "34869", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34869" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3323.json b/2009/3xxx/CVE-2009-3323.json index dc9cb88a2ec..29d2c1f0ca9 100644 --- a/2009/3xxx/CVE-2009-3323.json +++ b/2009/3xxx/CVE-2009-3323.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3323", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple PHP remote file inclusion vulnerabilities in BAnner ROtation System mini (BAROSmini) 0.32.595 allow remote attackers to execute arbitrary PHP code via a URL in the baros_path parameter to (1) include/common_functions.php, and the main_path parameter to (2) lib_users.php, (3) lib_stats.php, and (4) lib_slots.php in include/lib/." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3323", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "9724", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/9724" - }, - { - "name" : "barosmini-barospath-file-include(53378)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/53378" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple PHP remote file inclusion vulnerabilities in BAnner ROtation System mini (BAROSmini) 0.32.595 allow remote attackers to execute arbitrary PHP code via a URL in the baros_path parameter to (1) include/common_functions.php, and the main_path parameter to (2) lib_users.php, (3) lib_stats.php, and (4) lib_slots.php in include/lib/." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "barosmini-barospath-file-include(53378)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53378" + }, + { + "name": "9724", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/9724" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3595.json b/2009/3xxx/CVE-2009-3595.json index 6d058c59ee9..9c801c30513 100644 --- a/2009/3xxx/CVE-2009-3595.json +++ b/2009/3xxx/CVE-2009-3595.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3595", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in results.php in VS PANEL 7.5.5 allows remote attackers to execute arbitrary SQL commands via the Cat_ID parameter, a different vector than CVE-2009-3590." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3595", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "9171", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/9171" - }, - { - "name" : "56570", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/56570" - }, - { - "name" : "35953", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35953" - }, - { - "name" : "ADV-2009-2026", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/2026" - }, - { - "name" : "vspanel-results-sql-injection(51783)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/51783" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in results.php in VS PANEL 7.5.5 allows remote attackers to execute arbitrary SQL commands via the Cat_ID parameter, a different vector than CVE-2009-3590." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "vspanel-results-sql-injection(51783)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51783" + }, + { + "name": "9171", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/9171" + }, + { + "name": "ADV-2009-2026", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/2026" + }, + { + "name": "56570", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/56570" + }, + { + "name": "35953", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35953" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4393.json b/2009/4xxx/CVE-2009-4393.json index f23eb53f2b7..63b13d0c1f5 100644 --- a/2009/4xxx/CVE-2009-4393.json +++ b/2009/4xxx/CVE-2009-4393.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4393", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the Document Directorys (danp_documentdirs) extension 1.10.7 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4393", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/", - "refsource" : "CONFIRM", - "url" : "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the Document Directorys (danp_documentdirs) extension 1.10.7 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/", + "refsource": "CONFIRM", + "url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4398.json b/2009/4xxx/CVE-2009-4398.json index a2e440f52e1..4bf41d3b92a 100644 --- a/2009/4xxx/CVE-2009-4398.json +++ b/2009/4xxx/CVE-2009-4398.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4398", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the Parish of the Holy Spirit Religious Art Gallery (hs_religiousartgallery) extension 0.1.2 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4398", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/", - "refsource" : "CONFIRM", - "url" : "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the Parish of the Holy Spirit Religious Art Gallery (hs_religiousartgallery) extension 0.1.2 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/", + "refsource": "CONFIRM", + "url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4647.json b/2009/4xxx/CVE-2009-4647.json index dffadaea67d..0213d820b8e 100644 --- a/2009/4xxx/CVE-2009-4647.json +++ b/2009/4xxx/CVE-2009-4647.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4647", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Accellion Secure File Transfer Appliance before 7_0_296 allows remote attackers to inject arbitrary web script or HTML via the username parameter, which is not properly handled when the administrator views audit logs." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4647", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.portcullis-security.com/339.php", - "refsource" : "MISC", - "url" : "http://www.portcullis-security.com/339.php" - }, - { - "name" : "38176", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/38176" - }, - { - "name" : "38522", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38522" - }, - { - "name" : "fta-username-xss(56247)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/56247" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Accellion Secure File Transfer Appliance before 7_0_296 allows remote attackers to inject arbitrary web script or HTML via the username parameter, which is not properly handled when the administrator views audit logs." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "fta-username-xss(56247)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56247" + }, + { + "name": "http://www.portcullis-security.com/339.php", + "refsource": "MISC", + "url": "http://www.portcullis-security.com/339.php" + }, + { + "name": "38176", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/38176" + }, + { + "name": "38522", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38522" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4689.json b/2009/4xxx/CVE-2009-4689.json index 8d07e5a75dc..bdc48657948 100644 --- a/2009/4xxx/CVE-2009-4689.json +++ b/2009/4xxx/CVE-2009-4689.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4689", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in index.php in PHP Shopping Cart Selling Website Script allows remote attackers to execute arbitrary SQL commands via the cid parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4689", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.org/0907-exploits/scsc-sqlxss.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/0907-exploits/scsc-sqlxss.txt" - }, - { - "name" : "35894", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35894" - }, - { - "name" : "ADV-2009-1977", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1977" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in index.php in PHP Shopping Cart Selling Website Script allows remote attackers to execute arbitrary SQL commands via the cid parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.org/0907-exploits/scsc-sqlxss.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/0907-exploits/scsc-sqlxss.txt" + }, + { + "name": "35894", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35894" + }, + { + "name": "ADV-2009-1977", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1977" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2160.json b/2012/2xxx/CVE-2012-2160.json index efd3641211b..62165245d56 100644 --- a/2012/2xxx/CVE-2012-2160.json +++ b/2012/2xxx/CVE-2012-2160.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2160", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-2160", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2229.json b/2012/2xxx/CVE-2012-2229.json index 9da64a24098..76355684706 100644 --- a/2012/2xxx/CVE-2012-2229.json +++ b/2012/2xxx/CVE-2012-2229.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2229", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-2229", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2380.json b/2012/2xxx/CVE-2012-2380.json index 5d2652957f7..96cc6b8b55f 100644 --- a/2012/2xxx/CVE-2012-2380.json +++ b/2012/2xxx/CVE-2012-2380.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2380", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site request forgery (CSRF) vulnerabilities in the admin/editor console in Apache Roller before 5.0.1 allow remote attackers to hijack the authentication of admins or editors by leveraging the HTTP POST functionality." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-2380", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20120624 CVE-2012-2380: Apache Roller Cross-Site-Resource-Forgery (XSRF) vulnerability", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2012-06/0376.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site request forgery (CSRF) vulnerabilities in the admin/editor console in Apache Roller before 5.0.1 allow remote attackers to hijack the authentication of admins or editors by leveraging the HTTP POST functionality." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20120624 CVE-2012-2380: Apache Roller Cross-Site-Resource-Forgery (XSRF) vulnerability", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2012-06/0376.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2537.json b/2012/2xxx/CVE-2012-2537.json index bce68f8892b..97a8ce219e8 100644 --- a/2012/2xxx/CVE-2012-2537.json +++ b/2012/2xxx/CVE-2012-2537.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2537", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2012-2537", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2548.json b/2012/2xxx/CVE-2012-2548.json index 2a5c87a2a3c..a030fca32bf 100644 --- a/2012/2xxx/CVE-2012-2548.json +++ b/2012/2xxx/CVE-2012-2548.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2548", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka \"Layout Use After Free Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2012-2548", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS12-063", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-063" - }, - { - "name" : "TA12-255A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA12-255A.html" - }, - { - "name" : "55646", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/55646" - }, - { - "name" : "oval:org.mitre.oval:def:15449", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15449" - }, - { - "name" : "1027555", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1027555" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka \"Layout Use After Free Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "55646", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/55646" + }, + { + "name": "oval:org.mitre.oval:def:15449", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15449" + }, + { + "name": "1027555", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1027555" + }, + { + "name": "TA12-255A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA12-255A.html" + }, + { + "name": "MS12-063", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-063" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2581.json b/2012/2xxx/CVE-2012-2581.json index 739300c3b1e..a3ae0eb87c3 100644 --- a/2012/2xxx/CVE-2012-2581.json +++ b/2012/2xxx/CVE-2012-2581.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2581", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-2581", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/6xxx/CVE-2012-6230.json b/2012/6xxx/CVE-2012-6230.json index b7391305232..523bf3baf10 100644 --- a/2012/6xxx/CVE-2012-6230.json +++ b/2012/6xxx/CVE-2012-6230.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-6230", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2012-6230", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0250.json b/2015/0xxx/CVE-2015-0250.json index a94bf865083..ebd8581c181 100644 --- a/2015/0xxx/CVE-2015-0250.json +++ b/2015/0xxx/CVE-2015-0250.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0250", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "XML external entity (XXE) vulnerability in the SVG to (1) PNG and (2) JPG conversion classes in Apache Batik 1.x before 1.8 allows remote attackers to read arbitrary files or cause a denial of service via a crafted SVG file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2015-0250", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150322 [CVE-2015-0250] Apache Batik Information Disclosure Vulnerability (XXE Injection)", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2015/Mar/142" - }, - { - "name" : "http://packetstormsecurity.com/files/130964/Apache-Batik-XXE-Injection.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/130964/Apache-Batik-XXE-Injection.html" - }, - { - "name" : "http://xmlgraphics.apache.org/security.html", - "refsource" : "CONFIRM", - "url" : "http://xmlgraphics.apache.org/security.html" - }, - { - "name" : "http://advisories.mageia.org/MGASA-2015-0138.html", - "refsource" : "CONFIRM", - "url" : "http://advisories.mageia.org/MGASA-2015-0138.html" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21963275", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21963275" - }, - { - "name" : "DSA-3205", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2015/dsa-3205" - }, - { - "name" : "MDVSA-2015:203", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2015:203" - }, - { - "name" : "RHSA-2016:0041", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-0041.html" - }, - { - "name" : "RHSA-2016:0042", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-0042.html" - }, - { - "name" : "USN-2548-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2548-1" - }, - { - "name" : "1032781", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032781" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "XML external entity (XXE) vulnerability in the SVG to (1) PNG and (2) JPG conversion classes in Apache Batik 1.x before 1.8 allows remote attackers to read arbitrary files or cause a denial of service via a crafted SVG file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-2548-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2548-1" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21963275", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21963275" + }, + { + "name": "MDVSA-2015:203", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:203" + }, + { + "name": "DSA-3205", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2015/dsa-3205" + }, + { + "name": "1032781", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032781" + }, + { + "name": "http://advisories.mageia.org/MGASA-2015-0138.html", + "refsource": "CONFIRM", + "url": "http://advisories.mageia.org/MGASA-2015-0138.html" + }, + { + "name": "20150322 [CVE-2015-0250] Apache Batik Information Disclosure Vulnerability (XXE Injection)", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2015/Mar/142" + }, + { + "name": "RHSA-2016:0042", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-0042.html" + }, + { + "name": "http://xmlgraphics.apache.org/security.html", + "refsource": "CONFIRM", + "url": "http://xmlgraphics.apache.org/security.html" + }, + { + "name": "RHSA-2016:0041", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-0041.html" + }, + { + "name": "http://packetstormsecurity.com/files/130964/Apache-Batik-XXE-Injection.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/130964/Apache-Batik-XXE-Injection.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1017.json b/2015/1xxx/CVE-2015-1017.json index 1a5c5980264..31d2a7fec0b 100644 --- a/2015/1xxx/CVE-2015-1017.json +++ b/2015/1xxx/CVE-2015-1017.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1017", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-1017", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1541.json b/2015/1xxx/CVE-2015-1541.json index 477db162ba6..b778bd47ae8 100644 --- a/2015/1xxx/CVE-2015-1541.json +++ b/2015/1xxx/CVE-2015-1541.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1541", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The AppWidgetServiceImpl implementation in com/android/server/appwidget/AppWidgetServiceImpl.java in the Settings application in Android before 5.1.1 LMY48I allows attackers to obtain a URI permission via an application that sends an Intent with a (1) FLAG_GRANT_READ_URI_PERMISSION or (2) FLAG_GRANT_WRITE_URI_PERMISSION flag, as demonstrated by bypassing intended restrictions on reading contacts, aka internal bug 19618745." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-1541", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[android-security-updates] 20150812 Nexus Security Bulletin (August 2015)", - "refsource" : "MLIST", - "url" : "https://groups.google.com/forum/message/raw?msg=android-security-updates/Ugvu3fi6RQM/yzJvoTVrIQAJ" - }, - { - "name" : "https://android.googlesource.com/platform/frameworks/base/+/0b98d304c467184602b4c6bce76fda0b0274bc07", - "refsource" : "CONFIRM", - "url" : "https://android.googlesource.com/platform/frameworks/base/+/0b98d304c467184602b4c6bce76fda0b0274bc07" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The AppWidgetServiceImpl implementation in com/android/server/appwidget/AppWidgetServiceImpl.java in the Settings application in Android before 5.1.1 LMY48I allows attackers to obtain a URI permission via an application that sends an Intent with a (1) FLAG_GRANT_READ_URI_PERMISSION or (2) FLAG_GRANT_WRITE_URI_PERMISSION flag, as demonstrated by bypassing intended restrictions on reading contacts, aka internal bug 19618745." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://android.googlesource.com/platform/frameworks/base/+/0b98d304c467184602b4c6bce76fda0b0274bc07", + "refsource": "CONFIRM", + "url": "https://android.googlesource.com/platform/frameworks/base/+/0b98d304c467184602b4c6bce76fda0b0274bc07" + }, + { + "name": "[android-security-updates] 20150812 Nexus Security Bulletin (August 2015)", + "refsource": "MLIST", + "url": "https://groups.google.com/forum/message/raw?msg=android-security-updates/Ugvu3fi6RQM/yzJvoTVrIQAJ" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1960.json b/2015/1xxx/CVE-2015-1960.json index 5616b73ac6e..b8cde3a8eee 100644 --- a/2015/1xxx/CVE-2015-1960.json +++ b/2015/1xxx/CVE-2015-1960.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1960", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-1960", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1974.json b/2015/1xxx/CVE-2015-1974.json index cd1b651bacb..e9eae9243b7 100644 --- a/2015/1xxx/CVE-2015-1974.json +++ b/2015/1xxx/CVE-2015-1974.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1974", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The web administration tool in IBM Tivoli Security Directory Server 6.0 before iFix 75, 6.1 before iFix 68, 6.2 before iFix 44, 6.3 before iFix 37, 6.3.1 before iFix 11, and 6.4 before iFix 2 allows remote authenticated users to bypass intended command restrictions via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2015-1974", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21960659", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21960659" - }, - { - "name" : "75438", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/75438" - }, - { - "name" : "1032734", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032734" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The web administration tool in IBM Tivoli Security Directory Server 6.0 before iFix 75, 6.1 before iFix 68, 6.2 before iFix 44, 6.3 before iFix 37, 6.3.1 before iFix 11, and 6.4 before iFix 2 allows remote authenticated users to bypass intended command restrictions via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "75438", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/75438" + }, + { + "name": "1032734", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032734" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21960659", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21960659" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5181.json b/2015/5xxx/CVE-2015-5181.json index f60a22c6799..d67bfadeffa 100644 --- a/2015/5xxx/CVE-2015-5181.json +++ b/2015/5xxx/CVE-2015-5181.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5181", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The JBoss console in A-MQ allows remote attackers to execute arbitrary JavaScript." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2015-5181", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1248804", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1248804" - }, - { - "name" : "RHSA-2015:2556", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-2556.html" - }, - { - "name" : "RHSA-2015:2557", - "refsource" : "REDHAT", - "url" : "https://rhn.redhat.com/errata/RHSA-2015-2557.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The JBoss console in A-MQ allows remote attackers to execute arbitrary JavaScript." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1248804", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1248804" + }, + { + "name": "RHSA-2015:2557", + "refsource": "REDHAT", + "url": "https://rhn.redhat.com/errata/RHSA-2015-2557.html" + }, + { + "name": "RHSA-2015:2556", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-2556.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5347.json b/2015/5xxx/CVE-2015-5347.json index 7a1ed49b583..0f4a0c8584f 100644 --- a/2015/5xxx/CVE-2015-5347.json +++ b/2015/5xxx/CVE-2015-5347.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5347", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the getWindowOpenJavaScript function in org.apache.wicket.extensions.ajax.markup.html.modal.ModalWindow in Apache Wicket 1.5.x before 1.5.15, 6.x before 6.22.0, and 7.x before 7.2.0 might allow remote attackers to inject arbitrary web script or HTML via a ModalWindow title." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2015-5347", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://wicket.apache.org/news/2016/03/01/cve-2015-5347.html", - "refsource" : "CONFIRM", - "url" : "http://wicket.apache.org/news/2016/03/01/cve-2015-5347.html" - }, - { - "name" : "https://issues.apache.org/jira/browse/WICKET-6037", - "refsource" : "CONFIRM", - "url" : "https://issues.apache.org/jira/browse/WICKET-6037" - }, - { - "name" : "1035165", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1035165" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the getWindowOpenJavaScript function in org.apache.wicket.extensions.ajax.markup.html.modal.ModalWindow in Apache Wicket 1.5.x before 1.5.15, 6.x before 6.22.0, and 7.x before 7.2.0 might allow remote attackers to inject arbitrary web script or HTML via a ModalWindow title." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://wicket.apache.org/news/2016/03/01/cve-2015-5347.html", + "refsource": "CONFIRM", + "url": "http://wicket.apache.org/news/2016/03/01/cve-2015-5347.html" + }, + { + "name": "https://issues.apache.org/jira/browse/WICKET-6037", + "refsource": "CONFIRM", + "url": "https://issues.apache.org/jira/browse/WICKET-6037" + }, + { + "name": "1035165", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1035165" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5357.json b/2015/5xxx/CVE-2015-5357.json index 10528d461a4..40048750965 100644 --- a/2015/5xxx/CVE-2015-5357.json +++ b/2015/5xxx/CVE-2015-5357.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5357", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Juniper EX4600, QFX3500, QFX3600, and QFX5100 switches with Junos 13.2X51-D15 through 13.2X51-D25, 13.2X51 before 13.2X51-D30, and 14.1X53 before 14.1X53-D10 allows remote attackers to cause a denial of service (CPU consumption) via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-5357", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10684", - "refsource" : "CONFIRM", - "url" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10684" - }, - { - "name" : "1032847", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032847" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Juniper EX4600, QFX3500, QFX3600, and QFX5100 switches with Junos 13.2X51-D15 through 13.2X51-D25, 13.2X51 before 13.2X51-D30, and 14.1X53 before 14.1X53-D10 allows remote attackers to cause a denial of service (CPU consumption) via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1032847", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032847" + }, + { + "name": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10684", + "refsource": "CONFIRM", + "url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10684" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5450.json b/2015/5xxx/CVE-2015-5450.json index 0f9f1c286b0..03f7b42af93 100644 --- a/2015/5xxx/CVE-2015-5450.json +++ b/2015/5xxx/CVE-2015-5450.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5450", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2015-5450", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11036.json b/2018/11xxx/CVE-2018-11036.json index f1de723b5b4..43c8faee6e6 100644 --- a/2018/11xxx/CVE-2018-11036.json +++ b/2018/11xxx/CVE-2018-11036.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-11036", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Ruckus SmartZone (formerly Virtual SmartCell Gateway or vSCG) 3.5.0, 3.5.1, 3.6.0, and 3.6.1 (Essentials and High Scale) on vSZ, SZ-100, SZ-300, and SCG-200 devices allows remote attackers to obtain sensitive information or modify data." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-11036", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.ruckuswireless.com/security/279/view/txt", - "refsource" : "MISC", - "url" : "https://www.ruckuswireless.com/security/279/view/txt" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Ruckus SmartZone (formerly Virtual SmartCell Gateway or vSCG) 3.5.0, 3.5.1, 3.6.0, and 3.6.1 (Essentials and High Scale) on vSZ, SZ-100, SZ-300, and SCG-200 devices allows remote attackers to obtain sensitive information or modify data." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.ruckuswireless.com/security/279/view/txt", + "refsource": "MISC", + "url": "https://www.ruckuswireless.com/security/279/view/txt" + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11101.json b/2018/11xxx/CVE-2018-11101.json index 28065ea3b24..57bfafad517 100644 --- a/2018/11xxx/CVE-2018-11101.json +++ b/2018/11xxx/CVE-2018-11101.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-11101", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Open Whisper Signal (aka Signal-Desktop) through 1.10.1 allows XSS via a resource location specified in an attribute of a SCRIPT, IFRAME, or IMG element, leading to JavaScript execution after a reply, a different vulnerability than CVE-2018-10994. The attacker needs to send HTML code directly as a message, and then reply to that message to trigger this vulnerability. The Signal-Desktop software fails to sanitize specific HTML elements that can be used to inject HTML code into remote chat windows when replying to an HTML message. Specifically the IMG and IFRAME elements can be used to include remote or local resources. For example, the use of an IFRAME element enables full code execution, allowing an attacker to download/upload files, information, etc. The SCRIPT element was also found to be injectable. On the Windows operating system, the CSP fails to prevent remote inclusion of resources via the SMB protocol. In this case, remote execution of JavaScript can be achieved by referencing the script on an SMB share within an IFRAME element, for example: