From ab6a27c1d67e56af548e8632cf76e22d5bb1acb9 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sat, 8 Feb 2020 18:01:06 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2012/4xxx/CVE-2012-4029.json | 58 ++++++++++++++++++++++++- 2012/4xxx/CVE-2012-4381.json | 83 ++++++++++++++++++++++++++++++++++-- 2014/8xxx/CVE-2014-8739.json | 83 +++++++++++++++++++++++++++++++++++- 2015/2xxx/CVE-2015-2062.json | 63 ++++++++++++++++++++++++++- 2015/2xxx/CVE-2015-2207.json | 53 ++++++++++++++++++++++- 2015/3xxx/CVE-2015-3423.json | 53 ++++++++++++++++++++++- 6 files changed, 380 insertions(+), 13 deletions(-) diff --git a/2012/4xxx/CVE-2012-4029.json b/2012/4xxx/CVE-2012-4029.json index d57907d727f..9a86572160f 100644 --- a/2012/4xxx/CVE-2012-4029.json +++ b/2012/4xxx/CVE-2012-4029.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2012-4029", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,61 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross-site scripting (XSS) vulnerability in main/dropbox/index.php in Chamilo LMS before 1.8.8.6 allows remote attackers to inject arbitrary web script or HTML via the category_name parameter in an addsentcategory action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://packetstormsecurity.com/files/115927/Chamilo-1.8.8.4-XSS-File-Deletion.html", + "url": "https://packetstormsecurity.com/files/115927/Chamilo-1.8.8.4-XSS-File-Deletion.html" + }, + { + "refsource": "MISC", + "name": "http://support.chamilo.org/attachments/download/2863/chamilo-1.8.8.4-to-1.8.8.6.patch", + "url": "http://support.chamilo.org/attachments/download/2863/chamilo-1.8.8.4-to-1.8.8.6.patch" + }, + { + "refsource": "MISC", + "name": "https://support.chamilo.org/projects/chamilo-18/wiki/Security_issues#Issue-7-2012-07-16-Moderate-risk-Several-moderate-security-flaws", + "url": "https://support.chamilo.org/projects/chamilo-18/wiki/Security_issues#Issue-7-2012-07-16-Moderate-risk-Several-moderate-security-flaws" } ] } diff --git a/2012/4xxx/CVE-2012-4381.json b/2012/4xxx/CVE-2012-4381.json index b746e97fcfa..2037ea091eb 100644 --- a/2012/4xxx/CVE-2012-4381.json +++ b/2012/4xxx/CVE-2012-4381.json @@ -1,8 +1,8 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2012-4381", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,84 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "MediaWiki before 1.18.5, and 1.19.x before 1.19.2 saves passwords in the local database, (1) which could make it easier for context-dependent attackers to obtain cleartext passwords via a brute-force attack or, (2) when an authentication plugin returns a false in the strict function, could allow remote attackers to use old passwords for non-existing accounts in an external authentication system via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Password" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "MediaWiki", + "version": { + "version_data": [ + { + "version_value": "before 1.18.5" + }, + { + "version_value": "1.19.x before 1.19.2" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=686330", + "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=686330" + }, + { + "refsource": "MISC", + "name": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2012-August/000119.html", + "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2012-August/000119.html" + }, + { + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2012/08/31/6", + "url": "http://www.openwall.com/lists/oss-security/2012/08/31/6" + }, + { + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2012/08/31/10", + "url": "http://www.openwall.com/lists/oss-security/2012/08/31/10" + }, + { + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=853442", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=853442" + }, + { + "refsource": "MISC", + "name": "https://phabricator.wikimedia.org/T41184", + "url": "https://phabricator.wikimedia.org/T41184" + }, + { + "refsource": "MISC", + "name": "http://osvdb.org/show/osvdb/85106", + "url": "http://osvdb.org/show/osvdb/85106" } ] } diff --git a/2014/8xxx/CVE-2014-8739.json b/2014/8xxx/CVE-2014-8739.json index 5a15dd3e255..472a863b8c1 100644 --- a/2014/8xxx/CVE-2014-8739.json +++ b/2014/8xxx/CVE-2014-8739.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-8739", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,86 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Unrestricted file upload vulnerability in server/php/UploadHandler.php in the jQuery File Upload Plugin 6.4.4 for jQuery, as used in the Creative Solutions Creative Contact Form (formerly Sexy Contact Form) before 1.0.0 for WordPress and before 2.0.1 for Joomla!, allows remote attackers to execute arbitrary code by uploading a PHP file with an PHP extension, then accessing it via a direct request to the file in files/, as exploited in the wild in October 2014." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.exploit-db.com/exploits/35057/", + "url": "https://www.exploit-db.com/exploits/35057/" + }, + { + "refsource": "MISC", + "name": "https://www.exploit-db.com/exploits/36811/", + "url": "https://www.exploit-db.com/exploits/36811/" + }, + { + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2014/11/11/4", + "url": "http://www.openwall.com/lists/oss-security/2014/11/11/4" + }, + { + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2014/11/11/5", + "url": "http://www.openwall.com/lists/oss-security/2014/11/11/5" + }, + { + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2014/11/13/3", + "url": "http://www.openwall.com/lists/oss-security/2014/11/13/3" + }, + { + "refsource": "MISC", + "name": "https://wordpress.org/plugins/sexy-contact-form/changelog/", + "url": "https://wordpress.org/plugins/sexy-contact-form/changelog/" + }, + { + "refsource": "MISC", + "name": "http://osvdb.org/show/osvdb/113669", + "url": "http://osvdb.org/show/osvdb/113669" + }, + { + "refsource": "MISC", + "name": "http://osvdb.org/show/osvdb/113673", + "url": "http://osvdb.org/show/osvdb/113673" } ] } diff --git a/2015/2xxx/CVE-2015-2062.json b/2015/2xxx/CVE-2015-2062.json index 490c2db0fd2..74fbfca4268 100644 --- a/2015/2xxx/CVE-2015-2062.json +++ b/2015/2xxx/CVE-2015-2062.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2015-2062", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,66 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Multiple SQL injection vulnerabilities in the Huge-IT Slider (slider-image) plugin before 2.7.0 for WordPress allow remote administrators to execute arbitrary SQL commands via the removeslide parameter in a popup_posts or edit_cat action in the sliders_huge_it_slider page to wp-admin/admin.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/130796/WordPress-Huge-IT-Slider-2.6.8-SQL-Injection.html", + "url": "http://packetstormsecurity.com/files/130796/WordPress-Huge-IT-Slider-2.6.8-SQL-Injection.html" + }, + { + "refsource": "MISC", + "name": "https://www.htbridge.com/advisory/HTB23250", + "url": "https://www.htbridge.com/advisory/HTB23250" + }, + { + "refsource": "MISC", + "name": "http://www.securityfocus.com/archive/1/archive/1/534852/100/0/threaded", + "url": "http://www.securityfocus.com/archive/1/archive/1/534852/100/0/threaded" + }, + { + "refsource": "MISC", + "name": "https://wordpress.org/support/topic/huge-it-slider-security-vulnerability-notification-sql-injection", + "url": "https://wordpress.org/support/topic/huge-it-slider-security-vulnerability-notification-sql-injection" } ] } diff --git a/2015/2xxx/CVE-2015-2207.json b/2015/2xxx/CVE-2015-2207.json index ecb71b2883a..a6139061030 100644 --- a/2015/2xxx/CVE-2015-2207.json +++ b/2015/2xxx/CVE-2015-2207.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2015-2207", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,56 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Multiple cross-site scripting (XSS) vulnerabilities in NetCracker Resource Management System before 8.2 allow remote authenticated users to inject arbitrary web script or HTML via the (1) ctrl, (2) t90001_0_theform_selection, (3) _scroll, (4) tableName, (5) parent, (6) circuit, (7) return, (8) xname, or (9) mpTransactionId parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/132807/NetCracker-Resource-Management-System-8.0-Cross-Site-Scripting.html", + "url": "http://packetstormsecurity.com/files/132807/NetCracker-Resource-Management-System-8.0-Cross-Site-Scripting.html" + }, + { + "refsource": "MISC", + "name": "http://www.securityfocus.com/archive/1/archive/1/536053/100/0/threaded", + "url": "http://www.securityfocus.com/archive/1/archive/1/536053/100/0/threaded" } ] } diff --git a/2015/3xxx/CVE-2015-3423.json b/2015/3xxx/CVE-2015-3423.json index 59bc2088c8e..00c2902d305 100644 --- a/2015/3xxx/CVE-2015-3423.json +++ b/2015/3xxx/CVE-2015-3423.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2015-3423", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,56 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Multiple SQL injection vulnerabilities in NetCracker Resource Management System before 8.2 allow remote authenticated users to execute arbitrary SQL commands via the (1) ctrl, (2) h____%2427, (3) h____%2439, (4) param0, (5) param1, (6) param2, (7) param3, (8) param4, (9) filter_INSERT_COUNT, (10) filter_MINOR_FALLOUT, (11) filter_UPDATE_COUNT, (12) sort, or (13) sessid parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/132808/NetCracker-Resource-Management-System-8.0-SQL-Injection.html", + "url": "http://packetstormsecurity.com/files/132808/NetCracker-Resource-Management-System-8.0-SQL-Injection.html" + }, + { + "refsource": "MISC", + "name": "http://www.securityfocus.com/archive/1/archive/1/536054/100/0/threaded", + "url": "http://www.securityfocus.com/archive/1/archive/1/536054/100/0/threaded" } ] }