admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2020-02-08 18:01:06 +00:00
parent c3bd853079
commit ab6a27c1d6
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
6 changed files with 380 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

58
2012/4xxx/CVE-2012-4029.json
View File

@ -2,7 +2,7 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-4029",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +11,61 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Cross-site scripting (XSS) vulnerability in main/dropbox/index.php in Chamilo LMS before 1.8.8.6 allows remote attackers to inject arbitrary web script or HTML via the category_name parameter in an addsentcategory action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://packetstormsecurity.com/files/115927/Chamilo-1.8.8.4-XSS-File-Deletion.html",
"url": "https://packetstormsecurity.com/files/115927/Chamilo-1.8.8.4-XSS-File-Deletion.html"
},
{
"refsource": "MISC",
"name": "http://support.chamilo.org/attachments/download/2863/chamilo-1.8.8.4-to-1.8.8.6.patch",
"url": "http://support.chamilo.org/attachments/download/2863/chamilo-1.8.8.4-to-1.8.8.6.patch"
},
{
"refsource": "MISC",
"name": "https://support.chamilo.org/projects/chamilo-18/wiki/Security_issues#Issue-7-2012-07-16-Moderate-risk-Several-moderate-security-flaws",
"url": "https://support.chamilo.org/projects/chamilo-18/wiki/Security_issues#Issue-7-2012-07-16-Moderate-risk-Several-moderate-security-flaws"
}
]
}

83
2012/4xxx/CVE-2012-4381.json
View File

@ -1,8 +1,8 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-4381",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +11,84 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "MediaWiki before 1.18.5, and 1.19.x before 1.19.2 saves passwords in the local database, (1) which could make it easier for context-dependent attackers to obtain cleartext passwords via a brute-force attack or, (2) when an authentication plugin returns a false in the strict function, could allow remote attackers to use old passwords for non-existing accounts in an external authentication system via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Password"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "MediaWiki",
"version": {
"version_data": [
{
"version_value": "before 1.18.5"
},
{
"version_value": "1.19.x before 1.19.2"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=686330",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=686330"
},
{
"refsource": "MISC",
"name": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2012-August/000119.html",
"url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2012-August/000119.html"
},
{
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2012/08/31/6",
"url": "http://www.openwall.com/lists/oss-security/2012/08/31/6"
},
{
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2012/08/31/10",
"url": "http://www.openwall.com/lists/oss-security/2012/08/31/10"
},
{
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=853442",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=853442"
},
{
"refsource": "MISC",
"name": "https://phabricator.wikimedia.org/T41184",
"url": "https://phabricator.wikimedia.org/T41184"
},
{
"refsource": "MISC",
"name": "http://osvdb.org/show/osvdb/85106",
"url": "http://osvdb.org/show/osvdb/85106"
}
]
}

83
2014/8xxx/CVE-2014-8739.json
View File

@ -2,7 +2,7 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-8739",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +11,86 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Unrestricted file upload vulnerability in server/php/UploadHandler.php in the jQuery File Upload Plugin 6.4.4 for jQuery, as used in the Creative Solutions Creative Contact Form (formerly Sexy Contact Form) before 1.0.0 for WordPress and before 2.0.1 for Joomla!, allows remote attackers to execute arbitrary code by uploading a PHP file with an PHP extension, then accessing it via a direct request to the file in files/, as exploited in the wild in October 2014."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.exploit-db.com/exploits/35057/",
"url": "https://www.exploit-db.com/exploits/35057/"
},
{
"refsource": "MISC",
"name": "https://www.exploit-db.com/exploits/36811/",
"url": "https://www.exploit-db.com/exploits/36811/"
},
{
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2014/11/11/4",
"url": "http://www.openwall.com/lists/oss-security/2014/11/11/4"
},
{
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2014/11/11/5",
"url": "http://www.openwall.com/lists/oss-security/2014/11/11/5"
},
{
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2014/11/13/3",
"url": "http://www.openwall.com/lists/oss-security/2014/11/13/3"
},
{
"refsource": "MISC",
"name": "https://wordpress.org/plugins/sexy-contact-form/changelog/",
"url": "https://wordpress.org/plugins/sexy-contact-form/changelog/"
},
{
"refsource": "MISC",
"name": "http://osvdb.org/show/osvdb/113669",
"url": "http://osvdb.org/show/osvdb/113669"
},
{
"refsource": "MISC",
"name": "http://osvdb.org/show/osvdb/113673",
"url": "http://osvdb.org/show/osvdb/113673"
}
]
}

63
2015/2xxx/CVE-2015-2062.json
View File

@ -2,7 +2,7 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-2062",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +11,66 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Multiple SQL injection vulnerabilities in the Huge-IT Slider (slider-image) plugin before 2.7.0 for WordPress allow remote administrators to execute arbitrary SQL commands via the removeslide parameter in a popup_posts or edit_cat action in the sliders_huge_it_slider page to wp-admin/admin.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/130796/WordPress-Huge-IT-Slider-2.6.8-SQL-Injection.html",
"url": "http://packetstormsecurity.com/files/130796/WordPress-Huge-IT-Slider-2.6.8-SQL-Injection.html"
},
{
"refsource": "MISC",
"name": "https://www.htbridge.com/advisory/HTB23250",
"url": "https://www.htbridge.com/advisory/HTB23250"
},
{
"refsource": "MISC",
"name": "http://www.securityfocus.com/archive/1/archive/1/534852/100/0/threaded",
"url": "http://www.securityfocus.com/archive/1/archive/1/534852/100/0/threaded"
},
{
"refsource": "MISC",
"name": "https://wordpress.org/support/topic/huge-it-slider-security-vulnerability-notification-sql-injection",
"url": "https://wordpress.org/support/topic/huge-it-slider-security-vulnerability-notification-sql-injection"
}
]
}

53
2015/2xxx/CVE-2015-2207.json
View File

@ -2,7 +2,7 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-2207",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +11,56 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Multiple cross-site scripting (XSS) vulnerabilities in NetCracker Resource Management System before 8.2 allow remote authenticated users to inject arbitrary web script or HTML via the (1) ctrl, (2) t90001_0_theform_selection, (3) _scroll, (4) tableName, (5) parent, (6) circuit, (7) return, (8) xname, or (9) mpTransactionId parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/132807/NetCracker-Resource-Management-System-8.0-Cross-Site-Scripting.html",
"url": "http://packetstormsecurity.com/files/132807/NetCracker-Resource-Management-System-8.0-Cross-Site-Scripting.html"
},
{
"refsource": "MISC",
"name": "http://www.securityfocus.com/archive/1/archive/1/536053/100/0/threaded",
"url": "http://www.securityfocus.com/archive/1/archive/1/536053/100/0/threaded"
}
]
}

53
2015/3xxx/CVE-2015-3423.json
View File

@ -2,7 +2,7 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-3423",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +11,56 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Multiple SQL injection vulnerabilities in NetCracker Resource Management System before 8.2 allow remote authenticated users to execute arbitrary SQL commands via the (1) ctrl, (2) h____%2427, (3) h____%2439, (4) param0, (5) param1, (6) param2, (7) param3, (8) param4, (9) filter_INSERT_COUNT, (10) filter_MINOR_FALLOUT, (11) filter_UPDATE_COUNT, (12) sort, or (13) sessid parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/132808/NetCracker-Resource-Management-System-8.0-SQL-Injection.html",
"url": "http://packetstormsecurity.com/files/132808/NetCracker-Resource-Management-System-8.0-SQL-Injection.html"
},
{
"refsource": "MISC",
"name": "http://www.securityfocus.com/archive/1/archive/1/536054/100/0/threaded",
"url": "http://www.securityfocus.com/archive/1/archive/1/536054/100/0/threaded"
}
]
}