From b43919be27b06c1318186acb61a60950e6e73fb3 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 13 Sep 2019 12:00:59 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2016/10xxx/CVE-2016-10938.json | 72 ++++++++++++++++++++++++++++++++++ 2016/10xxx/CVE-2016-10939.json | 67 +++++++++++++++++++++++++++++++ 2016/10xxx/CVE-2016-10940.json | 67 +++++++++++++++++++++++++++++++ 2016/10xxx/CVE-2016-10941.json | 72 ++++++++++++++++++++++++++++++++++ 2016/10xxx/CVE-2016-10942.json | 72 ++++++++++++++++++++++++++++++++++ 2016/10xxx/CVE-2016-10943.json | 72 ++++++++++++++++++++++++++++++++++ 2016/10xxx/CVE-2016-10944.json | 67 +++++++++++++++++++++++++++++++ 2016/10xxx/CVE-2016-10945.json | 62 +++++++++++++++++++++++++++++ 2017/18xxx/CVE-2017-18612.json | 67 +++++++++++++++++++++++++++++++ 2017/18xxx/CVE-2017-18613.json | 67 +++++++++++++++++++++++++++++++ 2017/18xxx/CVE-2017-18614.json | 67 +++++++++++++++++++++++++++++++ 2017/18xxx/CVE-2017-18615.json | 62 +++++++++++++++++++++++++++++ 2019/16xxx/CVE-2019-16277.json | 62 +++++++++++++++++++++++++++++ 13 files changed, 876 insertions(+) create mode 100644 2016/10xxx/CVE-2016-10938.json create mode 100644 2016/10xxx/CVE-2016-10939.json create mode 100644 2016/10xxx/CVE-2016-10940.json create mode 100644 2016/10xxx/CVE-2016-10941.json create mode 100644 2016/10xxx/CVE-2016-10942.json create mode 100644 2016/10xxx/CVE-2016-10943.json create mode 100644 2016/10xxx/CVE-2016-10944.json create mode 100644 2016/10xxx/CVE-2016-10945.json create mode 100644 2017/18xxx/CVE-2017-18612.json create mode 100644 2017/18xxx/CVE-2017-18613.json create mode 100644 2017/18xxx/CVE-2017-18614.json create mode 100644 2017/18xxx/CVE-2017-18615.json create mode 100644 2019/16xxx/CVE-2019-16277.json diff --git a/2016/10xxx/CVE-2016-10938.json b/2016/10xxx/CVE-2016-10938.json new file mode 100644 index 00000000000..4c2fd25acee --- /dev/null +++ b/2016/10xxx/CVE-2016-10938.json @@ -0,0 +1,72 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-10938", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The copy-me plugin 1.0.0 for WordPress has CSRF for copying non-public posts to a public location." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://wpvulndb.com/vulnerabilities/8706", + "refsource": "MISC", + "name": "https://wpvulndb.com/vulnerabilities/8706" + }, + { + "url": "https://wordpress.org/plugins/copy-me/#developers", + "refsource": "MISC", + "name": "https://wordpress.org/plugins/copy-me/#developers" + }, + { + "url": "https://advisories.dxw.com/advisories/copy-me-vulnerable-to-csrf-allowing-unauthenticated-attacker-to-copy-posts/", + "refsource": "MISC", + "name": "https://advisories.dxw.com/advisories/copy-me-vulnerable-to-csrf-allowing-unauthenticated-attacker-to-copy-posts/" + } + ] + } +} \ No newline at end of file diff --git a/2016/10xxx/CVE-2016-10939.json b/2016/10xxx/CVE-2016-10939.json new file mode 100644 index 00000000000..bd0ba58ce55 --- /dev/null +++ b/2016/10xxx/CVE-2016-10939.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-10939", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The xtremelocator plugin 1.5 for WordPress has SQL injection via the id parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://wordpress.org/plugins/xtremelocator/#developers", + "refsource": "MISC", + "name": "https://wordpress.org/plugins/xtremelocator/#developers" + }, + { + "url": "http://lenonleite.com.br/en/blog/2016/12/16/xtreme-locator-dealer-locator-plugin-wordpress-sql-injection/", + "refsource": "MISC", + "name": "http://lenonleite.com.br/en/blog/2016/12/16/xtreme-locator-dealer-locator-plugin-wordpress-sql-injection/" + } + ] + } +} \ No newline at end of file diff --git a/2016/10xxx/CVE-2016-10940.json b/2016/10xxx/CVE-2016-10940.json new file mode 100644 index 00000000000..62984b5b1a2 --- /dev/null +++ b/2016/10xxx/CVE-2016-10940.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-10940", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The zm-gallery plugin 1.0 for WordPress has SQL injection via the order parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://wordpress.org/plugins/zm-gallery/#developers", + "refsource": "MISC", + "name": "https://wordpress.org/plugins/zm-gallery/#developers" + }, + { + "url": "http://lenonleite.com.br/en/2016/12/16/zm-gallery-1-plugin-wordpress-blind-injection/", + "refsource": "MISC", + "name": "http://lenonleite.com.br/en/2016/12/16/zm-gallery-1-plugin-wordpress-blind-injection/" + } + ] + } +} \ No newline at end of file diff --git a/2016/10xxx/CVE-2016-10941.json b/2016/10xxx/CVE-2016-10941.json new file mode 100644 index 00000000000..af01689a003 --- /dev/null +++ b/2016/10xxx/CVE-2016-10941.json @@ -0,0 +1,72 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-10941", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The podlove-podcasting-plugin-for-wordpress plugin before 2.3.16 for WordPress has XSS exploitable via CSRF." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://wordpress.org/plugins/podlove-podcasting-plugin-for-wordpress/#developers", + "refsource": "MISC", + "name": "https://wordpress.org/plugins/podlove-podcasting-plugin-for-wordpress/#developers" + }, + { + "url": "https://blog.ripstech.com/2016/the-state-of-wordpress-security/", + "refsource": "MISC", + "name": "https://blog.ripstech.com/2016/the-state-of-wordpress-security/" + }, + { + "url": "https://github.com/podlove/podlove-publisher/blob/master/changelog.txt", + "refsource": "MISC", + "name": "https://github.com/podlove/podlove-publisher/blob/master/changelog.txt" + } + ] + } +} \ No newline at end of file diff --git a/2016/10xxx/CVE-2016-10942.json b/2016/10xxx/CVE-2016-10942.json new file mode 100644 index 00000000000..5feaf690fac --- /dev/null +++ b/2016/10xxx/CVE-2016-10942.json @@ -0,0 +1,72 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-10942", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The podlove-podcasting-plugin-for-wordpress plugin before 2.3.16 for WordPress has SQL injection via the insert_id parameter exploitable via CSRF." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://wordpress.org/plugins/podlove-podcasting-plugin-for-wordpress/#developers", + "refsource": "MISC", + "name": "https://wordpress.org/plugins/podlove-podcasting-plugin-for-wordpress/#developers" + }, + { + "url": "https://blog.ripstech.com/2016/the-state-of-wordpress-security/", + "refsource": "MISC", + "name": "https://blog.ripstech.com/2016/the-state-of-wordpress-security/" + }, + { + "url": "https://github.com/podlove/podlove-publisher/blob/master/changelog.txt", + "refsource": "MISC", + "name": "https://github.com/podlove/podlove-publisher/blob/master/changelog.txt" + } + ] + } +} \ No newline at end of file diff --git a/2016/10xxx/CVE-2016-10943.json b/2016/10xxx/CVE-2016-10943.json new file mode 100644 index 00000000000..6cce01f2905 --- /dev/null +++ b/2016/10xxx/CVE-2016-10943.json @@ -0,0 +1,72 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-10943", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The zx-csv-upload plugin 1 for WordPress has SQL injection via the id parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://wpvulndb.com/vulnerabilities/8702", + "refsource": "MISC", + "name": "https://wpvulndb.com/vulnerabilities/8702" + }, + { + "url": "https://wordpress.org/plugins/zx-csv-upload/#developers", + "refsource": "MISC", + "name": "https://wordpress.org/plugins/zx-csv-upload/#developers" + }, + { + "url": "http://lenonleite.com.br/en/2016/12/16/english-zx_csv-upload-1-plugin-wordpress-sql-injection/", + "refsource": "MISC", + "name": "http://lenonleite.com.br/en/2016/12/16/english-zx_csv-upload-1-plugin-wordpress-sql-injection/" + } + ] + } +} \ No newline at end of file diff --git a/2016/10xxx/CVE-2016-10944.json b/2016/10xxx/CVE-2016-10944.json new file mode 100644 index 00000000000..46a39c15102 --- /dev/null +++ b/2016/10xxx/CVE-2016-10944.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-10944", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The multisite-post-duplicator plugin before 1.1.3 for WordPress has wp-admin/tools.php?page=mpd CSRF." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://wordpress.org/plugins/multisite-post-duplicator/#developers", + "refsource": "MISC", + "name": "https://wordpress.org/plugins/multisite-post-duplicator/#developers" + }, + { + "url": "https://advisories.dxw.com/advisories/csrf-vulnerability-in-multisite-post-duplicator-could-allow-an-attacker-to-do-almost-anything-an-admin-user-can-do/", + "refsource": "MISC", + "name": "https://advisories.dxw.com/advisories/csrf-vulnerability-in-multisite-post-duplicator-could-allow-an-attacker-to-do-almost-anything-an-admin-user-can-do/" + } + ] + } +} \ No newline at end of file diff --git a/2016/10xxx/CVE-2016-10945.json b/2016/10xxx/CVE-2016-10945.json new file mode 100644 index 00000000000..d8ec9eb48ee --- /dev/null +++ b/2016/10xxx/CVE-2016-10945.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-10945", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The PageLines theme 1.1.4 for WordPress has wp-admin/admin-post.php?page=pagelines CSRF." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://klikki.fi/adv/pagelines.html", + "refsource": "MISC", + "name": "https://klikki.fi/adv/pagelines.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/18xxx/CVE-2017-18612.json b/2017/18xxx/CVE-2017-18612.json new file mode 100644 index 00000000000..681bb71a449 --- /dev/null +++ b/2017/18xxx/CVE-2017-18612.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-18612", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The wp-whois-domain plugin 1.0.0 for WordPress has XSS via the pages/func-whois.php domain parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://wordpress.org/plugins/wp-whois-domain/#developers", + "refsource": "MISC", + "name": "https://wordpress.org/plugins/wp-whois-domain/#developers" + }, + { + "url": "https://rastating.github.io/wp-whois-domain-reflected-xss/", + "refsource": "MISC", + "name": "https://rastating.github.io/wp-whois-domain-reflected-xss/" + } + ] + } +} \ No newline at end of file diff --git a/2017/18xxx/CVE-2017-18613.json b/2017/18xxx/CVE-2017-18613.json new file mode 100644 index 00000000000..6ebf810e069 --- /dev/null +++ b/2017/18xxx/CVE-2017-18613.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-18613", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The trust-form plugin 2.0 for WordPress has XSS via the wp-admin/admin.php?page=trust-form-edit page parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://wordpress.org/plugins/trust-form/#developers", + "refsource": "MISC", + "name": "https://wordpress.org/plugins/trust-form/#developers" + }, + { + "url": "https://sumofpwn.nl/advisory/2016/cross_site_scripting_vulnerability_in_trust_form_wordpress_plugin.html", + "refsource": "MISC", + "name": "https://sumofpwn.nl/advisory/2016/cross_site_scripting_vulnerability_in_trust_form_wordpress_plugin.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/18xxx/CVE-2017-18614.json b/2017/18xxx/CVE-2017-18614.json new file mode 100644 index 00000000000..42bf0c14853 --- /dev/null +++ b/2017/18xxx/CVE-2017-18614.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-18614", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The kama-clic-counter plugin 3.4.9 for WordPress has SQL injection via the admin.php order parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://wordpress.org/plugins/kama-clic-counter/#developers", + "refsource": "MISC", + "name": "https://wordpress.org/plugins/kama-clic-counter/#developers" + }, + { + "url": "https://seclists.org/fulldisclosure/2017/Feb/67", + "refsource": "MISC", + "name": "https://seclists.org/fulldisclosure/2017/Feb/67" + } + ] + } +} \ No newline at end of file diff --git a/2017/18xxx/CVE-2017-18615.json b/2017/18xxx/CVE-2017-18615.json new file mode 100644 index 00000000000..7fc90ae0b51 --- /dev/null +++ b/2017/18xxx/CVE-2017-18615.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-18615", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The kama-clic-counter plugin before 3.5.0 for WordPress has XSS." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://wordpress.org/plugins/kama-clic-counter/#developers", + "refsource": "MISC", + "name": "https://wordpress.org/plugins/kama-clic-counter/#developers" + } + ] + } +} \ No newline at end of file diff --git a/2019/16xxx/CVE-2019-16277.json b/2019/16xxx/CVE-2019-16277.json new file mode 100644 index 00000000000..bce41d7c70e --- /dev/null +++ b/2019/16xxx/CVE-2019-16277.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-16277", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PicoC 2.1 has a heap-based buffer overflow in StringStrcpy in cstdlib/string.c when called from ExpressionParseFunctionCall in expression.c." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://gitlab.com/zsaleeba/picoc/issues/44", + "refsource": "MISC", + "name": "https://gitlab.com/zsaleeba/picoc/issues/44" + } + ] + } +} \ No newline at end of file