admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 07:05:48 +00:00
parent 5071688dba
commit b764904563
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
46 changed files with 3321 additions and 3321 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

140
2006/0xxx/CVE-2006-0073.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0073",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in DiscusWare Discus Freeware 3.10.5 and Professional 3.10.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in a URL, which is not properly sanitized from the resulting error message. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0073",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "16119",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/16119"
},
{
"name" : "22153",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/22153"
},
{
"name" : "18283",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18283"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in DiscusWare Discus Freeware 3.10.5 and Professional 3.10.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in a URL, which is not properly sanitized from the resulting error message. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "22153",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22153"
},
{
"name": "16119",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16119"
},
{
"name": "18283",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18283"
}
]
}
}

290
2006/0xxx/CVE-2006-0410.json
View File

@ -1,147 +1,147 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0410",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in ADOdb before 4.71, when using PostgreSQL, allows remote attackers to execute arbitrary SQL commands via unspecified attack vectors involving binary strings."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0410",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://sourceforge.net/project/shownotes.php?release_id=387862&group_id=42718",
"refsource" : "CONFIRM",
"url" : "http://sourceforge.net/project/shownotes.php?release_id=387862&group_id=42718"
},
{
"name" : "DSA-1029",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2006/dsa-1029"
},
{
"name" : "DSA-1030",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2006/dsa-1030"
},
{
"name" : "DSA-1031",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2006/dsa-1031"
},
{
"name" : "GLSA-200602-02",
"refsource" : "GENTOO",
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200602-02.xml"
},
{
"name" : "GLSA-200604-07",
"refsource" : "GENTOO",
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200604-07.xml"
},
{
"name" : "16364",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/16364"
},
{
"name" : "ADV-2006-0315",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/0315"
},
{
"name" : "ADV-2006-0448",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/0448"
},
{
"name" : "22705",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/22705"
},
{
"name" : "18575",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18575"
},
{
"name" : "18732",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18732"
},
{
"name" : "18745",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18745"
},
{
"name" : "19555",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19555"
},
{
"name" : "19590",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19590"
},
{
"name" : "19591",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19591"
},
{
"name" : "19691",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19691"
},
{
"name" : "adodb-postgresql-sql-injection(24314)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24314"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in ADOdb before 4.71, when using PostgreSQL, allows remote attackers to execute arbitrary SQL commands via unspecified attack vectors involving binary strings."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "19590",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19590"
},
{
"name": "19555",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19555"
},
{
"name": "DSA-1029",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1029"
},
{
"name": "ADV-2006-0448",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0448"
},
{
"name": "DSA-1030",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1030"
},
{
"name": "ADV-2006-0315",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0315"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=387862&group_id=42718",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=387862&group_id=42718"
},
{
"name": "18575",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18575"
},
{
"name": "19591",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19591"
},
{
"name": "18745",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18745"
},
{
"name": "adodb-postgresql-sql-injection(24314)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24314"
},
{
"name": "19691",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19691"
},
{
"name": "DSA-1031",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1031"
},
{
"name": "22705",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22705"
},
{
"name": "GLSA-200604-07",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200604-07.xml"
},
{
"name": "16364",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16364"
},
{
"name": "18732",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18732"
},
{
"name": "GLSA-200602-02",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200602-02.xml"
}
]
}
}

160
2006/0xxx/CVE-2006-0681.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0681",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Format string vulnerability in powerd.c in Power Daemon (powerd) 2.0.2 and earlier allows remote attackers to execute arbitrary code via format string specifiers in the WHATIDO variable."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0681",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://gotfault.net/research/advisory/gadv-powerd.txt",
"refsource" : "MISC",
"url" : "http://gotfault.net/research/advisory/gadv-powerd.txt"
},
{
"name" : "16582",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/16582"
},
{
"name" : "ADV-2006-0545",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/0545"
},
{
"name" : "18841",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18841"
},
{
"name" : "powerdaemon-syslog-format-string(24713)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24713"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Format string vulnerability in powerd.c in Power Daemon (powerd) 2.0.2 and earlier allows remote attackers to execute arbitrary code via format string specifiers in the WHATIDO variable."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "16582",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16582"
},
{
"name": "http://gotfault.net/research/advisory/gadv-powerd.txt",
"refsource": "MISC",
"url": "http://gotfault.net/research/advisory/gadv-powerd.txt"
},
{
"name": "powerdaemon-syslog-format-string(24713)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24713"
},
{
"name": "18841",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18841"
},
{
"name": "ADV-2006-0545",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0545"
}
]
}
}

150
2006/3xxx/CVE-2006-3076.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3076",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in software_upload/public_includes/pub_templates/vphptree/template.php in PhpBlueDragon CMS 2.9.1 allows remote attackers to execute arbitrary PHP code via a URL in the vsDragonRootPath parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3076",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060614 PhpBlueDragon CMS 2.9.1, File inclusion vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/437130/100/0/threaded"
},
{
"name" : "18440",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/18440"
},
{
"name" : "1109",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1109"
},
{
"name" : "phpbluedragon-template-file-include(27152)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27152"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in software_upload/public_includes/pub_templates/vphptree/template.php in PhpBlueDragon CMS 2.9.1 allows remote attackers to execute arbitrary PHP code via a URL in the vsDragonRootPath parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "phpbluedragon-template-file-include(27152)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27152"
},
{
"name": "18440",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18440"
},
{
"name": "1109",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1109"
},
{
"name": "20060614 PhpBlueDragon CMS 2.9.1, File inclusion vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/437130/100/0/threaded"
}
]
}
}

170
2006/3xxx/CVE-2006-3181.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3181",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in index.php in MobeScripts Mobile Space Community 2.0 allows remote attackers to execute arbitrary SQL commands via the browse parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3181",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060609 MobeSpace v2.0 - XSS",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2006-06/0115.html"
},
{
"name" : "ADV-2006-2312",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/2312"
},
{
"name" : "26420",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/26420"
},
{
"name" : "20611",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20611"
},
{
"name" : "1128",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1128"
},
{
"name" : "mobespace-index-sql-injection(27518)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27518"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in index.php in MobeScripts Mobile Space Community 2.0 allows remote attackers to execute arbitrary SQL commands via the browse parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060609 MobeSpace v2.0 - XSS",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2006-06/0115.html"
},
{
"name": "ADV-2006-2312",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2312"
},
{
"name": "1128",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1128"
},
{
"name": "mobespace-index-sql-injection(27518)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27518"
},
{
"name": "26420",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/26420"
},
{
"name": "20611",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20611"
}
]
}
}

160
2006/3xxx/CVE-2006-3189.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3189",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in administration/tblcontent/login1.php in HotPlug CMS 1.0 allows remote attackers to inject arbitrary web script or HTML via the msg parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3189",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060615 HotPlugCMS 1.0, Cross-Site Scripting Vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=115041611713385&w=2"
},
{
"name" : "18454",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/18454"
},
{
"name" : "ADV-2006-2403",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/2403"
},
{
"name" : "1016321",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1016321"
},
{
"name" : "hotplugcms-login1-xss(27201)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27201"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in administration/tblcontent/login1.php in HotPlug CMS 1.0 allows remote attackers to inject arbitrary web script or HTML via the msg parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1016321",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016321"
},
{
"name": "ADV-2006-2403",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2403"
},
{
"name": "18454",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18454"
},
{
"name": "hotplugcms-login1-xss(27201)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27201"
},
{
"name": "20060615 HotPlugCMS 1.0, Cross-Site Scripting Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=115041611713385&w=2"
}
]
}
}

160
2006/3xxx/CVE-2006-3245.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3245",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in activatemember in mvnForum 1.0 GA and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) member and (2) activatecode parameters."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3245",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://pridels0.blogspot.com/2006/06/mvnforum-xss-vuln.html",
"refsource" : "MISC",
"url" : "http://pridels0.blogspot.com/2006/06/mvnforum-xss-vuln.html"
},
{
"name" : "18663",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/18663"
},
{
"name" : "ADV-2006-2531",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/2531"
},
{
"name" : "20803",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20803"
},
{
"name" : "mvnforum-activatemember-xss(27370)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27370"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in activatemember in mvnForum 1.0 GA and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) member and (2) activatecode parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://pridels0.blogspot.com/2006/06/mvnforum-xss-vuln.html",
"refsource": "MISC",
"url": "http://pridels0.blogspot.com/2006/06/mvnforum-xss-vuln.html"
},
{
"name": "ADV-2006-2531",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2531"
},
{
"name": "18663",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18663"
},
{
"name": "mvnforum-activatemember-xss(27370)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27370"
},
{
"name": "20803",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20803"
}
]
}
}

190
2006/3xxx/CVE-2006-3337.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3337",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in frontend/x/files/select.html in cPanel 10.8.2-CURRENT 118 and earlier allows remote attackers to inject arbitrary web script or HTML via the file parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3337",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060626 XSS in Cpanel 10",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/438355/100/0/threaded"
},
{
"name" : "20060626 Re: XSS in Cpanel 10",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/438477/100/0/threaded"
},
{
"name" : "http://bugzilla.cpanel.net/show_bug.cgi?id=4282",
"refsource" : "MISC",
"url" : "http://bugzilla.cpanel.net/show_bug.cgi?id=4282"
},
{
"name" : "18655",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/18655"
},
{
"name" : "ADV-2006-2547",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/2547"
},
{
"name" : "1016383",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1016383"
},
{
"name" : "20840",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20840"
},
{
"name" : "cpanel-select-xss(27403)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27403"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in frontend/x/files/select.html in cPanel 10.8.2-CURRENT 118 and earlier allows remote attackers to inject arbitrary web script or HTML via the file parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://bugzilla.cpanel.net/show_bug.cgi?id=4282",
"refsource": "MISC",
"url": "http://bugzilla.cpanel.net/show_bug.cgi?id=4282"
},
{
"name": "20060626 Re: XSS in Cpanel 10",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/438477/100/0/threaded"
},
{
"name": "ADV-2006-2547",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2547"
},
{
"name": "20060626 XSS in Cpanel 10",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/438355/100/0/threaded"
},
{
"name": "cpanel-select-xss(27403)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27403"
},
{
"name": "20840",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20840"
},
{
"name": "1016383",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016383"
},
{
"name": "18655",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18655"
}
]
}
}

170
2006/3xxx/CVE-2006-3773.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3773",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in smf.php in the SMF-Forum 1.3.1.3 Bridge Component (com_smf) For Joomla! and Mambo 4.5.3+ allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3773",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://forum.mamboserver.com/showthread.php?t=83001",
"refsource" : "MISC",
"url" : "http://forum.mamboserver.com/showthread.php?t=83001"
},
{
"name" : "2021",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/2021"
},
{
"name" : "18924",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/18924"
},
{
"name" : "ADV-2006-2846",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/2846"
},
{
"name" : "21079",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21079"
},
{
"name" : "smf-forum-smf-file-include(27777)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27777"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in smf.php in the SMF-Forum 1.3.1.3 Bridge Component (com_smf) For Joomla! and Mambo 4.5.3+ allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "21079",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21079"
},
{
"name": "2021",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/2021"
},
{
"name": "smf-forum-smf-file-include(27777)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27777"
},
{
"name": "ADV-2006-2846",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2846"
},
{
"name": "18924",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18924"
},
{
"name": "http://forum.mamboserver.com/showthread.php?t=83001",
"refsource": "MISC",
"url": "http://forum.mamboserver.com/showthread.php?t=83001"
}
]
}
}

160
2006/4xxx/CVE-2006-4105.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4105",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Fill Threads Database (FTD) 3.7.3 allows remote attackers to inject arbitrary web script or HTML via the (1) search field or (2) an e-mail message."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4105",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060805 XSS Vulnerability in FTD v3.7.3",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/442419/100/0/threaded"
},
{
"name" : "19391",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/19391"
},
{
"name" : "1016642",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1016642"
},
{
"name" : "1371",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1371"
},
{
"name" : "ftd-search-mail-xss(28278)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28278"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Fill Threads Database (FTD) 3.7.3 allows remote attackers to inject arbitrary web script or HTML via the (1) search field or (2) an e-mail message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1016642",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016642"
},
{
"name": "19391",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19391"
},
{
"name": "ftd-search-mail-xss(28278)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28278"
},
{
"name": "1371",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1371"
},
{
"name": "20060805 XSS Vulnerability in FTD v3.7.3",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/442419/100/0/threaded"
}
]
}
}

160
2006/4xxx/CVE-2006-4218.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4218",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in Zen Cart 1.3.0.2 and earlier allows remote attackers to include and possibly execute arbitrary local files via directory traversal sequences in the typefilter parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4218",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.gulftech.org/?node=research&article_id=00109-08152006",
"refsource" : "MISC",
"url" : "http://www.gulftech.org/?node=research&article_id=00109-08152006"
},
{
"name" : "19543",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/19543"
},
{
"name" : "ADV-2006-3283",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3283"
},
{
"name" : "21484",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21484"
},
{
"name" : "zencart-typefilter-file-include(28395)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28395"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in Zen Cart 1.3.0.2 and earlier allows remote attackers to include and possibly execute arbitrary local files via directory traversal sequences in the typefilter parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-3283",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3283"
},
{
"name": "zencart-typefilter-file-include(28395)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28395"
},
{
"name": "19543",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19543"
},
{
"name": "http://www.gulftech.org/?node=research&article_id=00109-08152006",
"refsource": "MISC",
"url": "http://www.gulftech.org/?node=research&article_id=00109-08152006"
},
{
"name": "21484",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21484"
}
]
}
}

200
2006/4xxx/CVE-2006-4251.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4251",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in PowerDNS Recursor 3.1.3 and earlier might allow remote attackers to execute arbitrary code via a malformed TCP DNS query that prevents Recursor from properly calculating the TCP DNS query length."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2006-4251",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://doc.powerdns.com/powerdns-advisory-2006-01.html",
"refsource" : "CONFIRM",
"url" : "http://doc.powerdns.com/powerdns-advisory-2006-01.html"
},
{
"name" : "DSA-1211",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2006/dsa-1211"
},
{
"name" : "SUSE-SA:2006:070",
"refsource" : "SUSE",
"url" : "http://lists.suse.com/archive/suse-security-announce/2006-Nov/0007.html"
},
{
"name" : "21037",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/21037"
},
{
"name" : "ADV-2006-4484",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/4484"
},
{
"name" : "22824",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22824"
},
{
"name" : "22903",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22903"
},
{
"name" : "22976",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22976"
},
{
"name" : "powerdns-dns-bo(30270)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30270"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in PowerDNS Recursor 3.1.3 and earlier might allow remote attackers to execute arbitrary code via a malformed TCP DNS query that prevents Recursor from properly calculating the TCP DNS query length."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-4484",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4484"
},
{
"name": "DSA-1211",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1211"
},
{
"name": "22824",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22824"
},
{
"name": "SUSE-SA:2006:070",
"refsource": "SUSE",
"url": "http://lists.suse.com/archive/suse-security-announce/2006-Nov/0007.html"
},
{
"name": "21037",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21037"
},
{
"name": "22903",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22903"
},
{
"name": "http://doc.powerdns.com/powerdns-advisory-2006-01.html",
"refsource": "CONFIRM",
"url": "http://doc.powerdns.com/powerdns-advisory-2006-01.html"
},
{
"name": "22976",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22976"
},
{
"name": "powerdns-dns-bo(30270)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30270"
}
]
}
}

190
2006/4xxx/CVE-2006-4583.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4583",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple PHP remote file inclusion vulnerabilities in FlashChat before 4.6.2 allow remote attackers to execute arbitrary PHP code via a URL in the dir[inc] parameter in (1) inc/cmses/aedatingCMS.php, (2) inc/cmses/aedatingCMS2.php, or (3) inc/cmses/aedating4CMS.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4583",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060904 FlashChat <= 4.5.7 Remote File Include Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/445219/100/0/threaded"
},
{
"name" : "2293",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/2293"
},
{
"name" : "http://www.tufat.com/changeLog2.htm",
"refsource" : "MISC",
"url" : "http://www.tufat.com/changeLog2.htm"
},
{
"name" : "19826",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/19826"
},
{
"name" : "ADV-2006-3449",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3449"
},
{
"name" : "1016784",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1016784"
},
{
"name" : "21756",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21756"
},
{
"name" : "flashchat-dirinc-file-include(28706)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28706"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple PHP remote file inclusion vulnerabilities in FlashChat before 4.6.2 allow remote attackers to execute arbitrary PHP code via a URL in the dir[inc] parameter in (1) inc/cmses/aedatingCMS.php, (2) inc/cmses/aedatingCMS2.php, or (3) inc/cmses/aedating4CMS.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "2293",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/2293"
},
{
"name": "http://www.tufat.com/changeLog2.htm",
"refsource": "MISC",
"url": "http://www.tufat.com/changeLog2.htm"
},
{
"name": "flashchat-dirinc-file-include(28706)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28706"
},
{
"name": "ADV-2006-3449",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3449"
},
{
"name": "19826",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19826"
},
{
"name": "1016784",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016784"
},
{
"name": "21756",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21756"
},
{
"name": "20060904 FlashChat <= 4.5.7 Remote File Include Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/445219/100/0/threaded"
}
]
}
}

160
2010/2xxx/CVE-2010-2588.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2588",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The dirapi.dll module in Adobe Shockwave Player before 11.5.9.620 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-2587 and CVE-2010-4188."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID": "CVE-2010-2588",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.adobe.com/support/security/bulletins/apsb11-01.html",
"refsource" : "CONFIRM",
"url" : "http://www.adobe.com/support/security/bulletins/apsb11-01.html"
},
{
"name" : "46318",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/46318"
},
{
"name" : "1025056",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1025056"
},
{
"name" : "ADV-2011-0335",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0335"
},
{
"name" : "adobe-director-ce(65244)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/65244"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The dirapi.dll module in Adobe Shockwave Player before 11.5.9.620 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-2587 and CVE-2010-4188."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "46318",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/46318"
},
{
"name": "adobe-director-ce(65244)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65244"
},
{
"name": "ADV-2011-0335",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0335"
},
{
"name": "http://www.adobe.com/support/security/bulletins/apsb11-01.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb11-01.html"
},
{
"name": "1025056",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1025056"
}
]
}
}

160
2010/2xxx/CVE-2010-2630.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2630",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The TIFFReadDirectory function in LibTIFF 3.9.0 does not properly validate the data types of codec-specific tags that have an out-of-order position in a TIFF file, which allows remote attackers to cause a denial of service (application crash) via a crafted file, a different vulnerability than CVE-2010-2481."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2630",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://bugzilla.maptools.org/show_bug.cgi?id=2210",
"refsource" : "CONFIRM",
"url" : "http://bugzilla.maptools.org/show_bug.cgi?id=2210"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=554371",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=554371"
},
{
"name" : "DSA-2552",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2012/dsa-2552"
},
{
"name" : "GLSA-201209-02",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-201209-02.xml"
},
{
"name" : "50726",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/50726"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The TIFFReadDirectory function in LibTIFF 3.9.0 does not properly validate the data types of codec-specific tags that have an out-of-order position in a TIFF file, which allows remote attackers to cause a denial of service (application crash) via a crafted file, a different vulnerability than CVE-2010-2481."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=554371",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=554371"
},
{
"name": "http://bugzilla.maptools.org/show_bug.cgi?id=2210",
"refsource": "CONFIRM",
"url": "http://bugzilla.maptools.org/show_bug.cgi?id=2210"
},
{
"name": "DSA-2552",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2552"
},
{
"name": "GLSA-201209-02",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201209-02.xml"
},
{
"name": "50726",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50726"
}
]
}
}

180
2010/2xxx/CVE-2010-2753.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2753",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Integer overflow in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 allows remote attackers to execute arbitrary code via a large selection attribute in a XUL tree element, which triggers a use-after-free."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2753",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20100721 ZDI-10-131: Mozilla Firefox nsTreeSelection Dangling Pointer Remote Code Execution Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/512510"
},
{
"name" : "http://www.zerodayinitiative.com/advisories/ZDI-10-131/",
"refsource" : "MISC",
"url" : "http://www.zerodayinitiative.com/advisories/ZDI-10-131/"
},
{
"name" : "http://www.mozilla.org/security/announce/2010/mfsa2010-40.html",
"refsource" : "CONFIRM",
"url" : "http://www.mozilla.org/security/announce/2010/mfsa2010-40.html"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=571106",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=571106"
},
{
"name" : "SUSE-SA:2010:049",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00002.html"
},
{
"name" : "41853",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/41853"
},
{
"name" : "oval:org.mitre.oval:def:10958",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10958"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 allows remote attackers to execute arbitrary code via a large selection attribute in a XUL tree element, which triggers a use-after-free."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=571106",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=571106"
},
{
"name": "SUSE-SA:2010:049",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00002.html"
},
{
"name": "http://www.mozilla.org/security/announce/2010/mfsa2010-40.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/security/announce/2010/mfsa2010-40.html"
},
{
"name": "oval:org.mitre.oval:def:10958",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10958"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-10-131/",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-10-131/"
},
{
"name": "41853",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/41853"
},
{
"name": "20100721 ZDI-10-131: Mozilla Firefox nsTreeSelection Dangling Pointer Remote Code Execution Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/512510"
}
]
}
}

120
2010/2xxx/CVE-2010-2836.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2836",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Memory leak in the SSL VPN feature in Cisco IOS 12.4, 15.0, and 15.1, when HTTP port redirection is enabled, allows remote attackers to cause a denial of service (memory consumption) by improperly disconnecting SSL sessions, leading to connections that remain in the CLOSE-WAIT state, aka Bug ID CSCtg21685."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2010-2836",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20100922 Cisco IOS SSL VPN Vulnerability",
"refsource" : "CISCO",
"url" : "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b4a312.shtml"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Memory leak in the SSL VPN feature in Cisco IOS 12.4, 15.0, and 15.1, when HTTP port redirection is enabled, allows remote attackers to cause a denial of service (memory consumption) by improperly disconnecting SSL sessions, leading to connections that remain in the CLOSE-WAIT state, aka Bug ID CSCtg21685."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20100922 Cisco IOS SSL VPN Vulnerability",
"refsource": "CISCO",
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b4a312.shtml"
}
]
}
}

130
2010/2xxx/CVE-2010-2854.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2854",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in modfile.php in Event Horizon (EVH) 1.1.10, when magic_quotes_gpc is disabled, allow remote attackers to inject arbitrary web script or HTML via the (1) YourEmail and (2) VerificationNumber parameters, which are not properly handled in a forced SQL error message. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2854",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://freshmeat.net/projects/eventh/",
"refsource" : "CONFIRM",
"url" : "http://freshmeat.net/projects/eventh/"
},
{
"name" : "40517",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/40517"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in modfile.php in Event Horizon (EVH) 1.1.10, when magic_quotes_gpc is disabled, allow remote attackers to inject arbitrary web script or HTML via the (1) YourEmail and (2) VerificationNumber parameters, which are not properly handled in a forced SQL error message. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://freshmeat.net/projects/eventh/",
"refsource": "CONFIRM",
"url": "http://freshmeat.net/projects/eventh/"
},
{
"name": "40517",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40517"
}
]
}
}

160
2010/3xxx/CVE-2010-3064.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3064",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in the php_mysqlnd_auth_write function in the Mysqlnd extension in PHP 5.3 through 5.3.2 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long (1) username or (2) database name argument to the (a) mysql_connect or (b) mysqli_connect function."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-3064",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://php-security.org/2010/05/31/mops-2010-059-php-php_mysqlnd_auth_write-stack-buffer-overflow-vulnerability/index.html",
"refsource" : "MISC",
"url" : "http://php-security.org/2010/05/31/mops-2010-059-php-php_mysqlnd_auth_write-stack-buffer-overflow-vulnerability/index.html"
},
{
"name" : "http://svn.php.net/viewvc/php/php-src/branches/PHP_5_3/NEWS?r1=298701&r2=298703&pathrev=298703",
"refsource" : "CONFIRM",
"url" : "http://svn.php.net/viewvc/php/php-src/branches/PHP_5_3/NEWS?r1=298701&r2=298703&pathrev=298703"
},
{
"name" : "http://svn.php.net/viewvc?view=revision&revision=298703",
"refsource" : "CONFIRM",
"url" : "http://svn.php.net/viewvc?view=revision&revision=298703"
},
{
"name" : "SUSE-SR:2010:017",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html"
},
{
"name" : "SUSE-SR:2010:018",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00000.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the php_mysqlnd_auth_write function in the Mysqlnd extension in PHP 5.3 through 5.3.2 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long (1) username or (2) database name argument to the (a) mysql_connect or (b) mysqli_connect function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SUSE-SR:2010:017",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html"
},
{
"name": "http://svn.php.net/viewvc?view=revision&revision=298703",
"refsource": "CONFIRM",
"url": "http://svn.php.net/viewvc?view=revision&revision=298703"
},
{
"name": "http://php-security.org/2010/05/31/mops-2010-059-php-php_mysqlnd_auth_write-stack-buffer-overflow-vulnerability/index.html",
"refsource": "MISC",
"url": "http://php-security.org/2010/05/31/mops-2010-059-php-php_mysqlnd_auth_write-stack-buffer-overflow-vulnerability/index.html"
},
{
"name": "SUSE-SR:2010:018",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00000.html"
},
{
"name": "http://svn.php.net/viewvc/php/php-src/branches/PHP_5_3/NEWS?r1=298701&r2=298703&pathrev=298703",
"refsource": "CONFIRM",
"url": "http://svn.php.net/viewvc/php/php-src/branches/PHP_5_3/NEWS?r1=298701&r2=298703&pathrev=298703"
}
]
}
}

130
2010/3xxx/CVE-2010-3191.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3191",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Untrusted search path vulnerability in Adobe Captivate 5.0.0.596, and possibly other versions, allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the same folder as a .cptx file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-3191",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "oval:org.mitre.oval:def:7470",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7470"
},
{
"name" : "41233",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/41233"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in Adobe Captivate 5.0.0.596, and possibly other versions, allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the same folder as a .cptx file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:7470",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7470"
},
{
"name": "41233",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/41233"
}
]
}
}

120
2010/3xxx/CVE-2010-3322.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3322",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The XML parser in Splunk 4.0.0 through 4.1.4 allows remote authenticated users to obtain sensitive information and gain privileges via an XML External Entity (XXE) attack to unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-3322",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.splunk.com/view/SP-CAAAFQ6",
"refsource" : "CONFIRM",
"url" : "http://www.splunk.com/view/SP-CAAAFQ6"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The XML parser in Splunk 4.0.0 through 4.1.4 allows remote authenticated users to obtain sensitive information and gain privileges via an XML External Entity (XXE) attack to unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.splunk.com/view/SP-CAAAFQ6",
"refsource": "CONFIRM",
"url": "http://www.splunk.com/view/SP-CAAAFQ6"
}
]
}
}

130
2010/3xxx/CVE-2010-3511.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3511",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Oracle OpenSolaris allows local users to affect integrity and availability via unknown vectors related to Tooltalk."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2010-3511",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html"
},
{
"name" : "TA10-287A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA10-287A.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Oracle OpenSolaris allows local users to affect integrity and availability via unknown vectors related to Tooltalk."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html"
},
{
"name": "TA10-287A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA10-287A.html"
}
]
}
}

140
2011/0xxx/CVE-2011-0776.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-0776",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The sandbox implementation in Google Chrome before 9.0.597.84 on Mac OS X might allow remote attackers to obtain potentially sensitive information about local files via vectors related to the stat system call."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-0776",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://code.google.com/p/chromium/issues/detail?id=42989",
"refsource" : "CONFIRM",
"url" : "http://code.google.com/p/chromium/issues/detail?id=42989"
},
{
"name" : "http://googlechromereleases.blogspot.com/2011/02/stable-channel-update.html",
"refsource" : "CONFIRM",
"url" : "http://googlechromereleases.blogspot.com/2011/02/stable-channel-update.html"
},
{
"name" : "oval:org.mitre.oval:def:13895",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13895"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The sandbox implementation in Google Chrome before 9.0.597.84 on Mac OS X might allow remote attackers to obtain potentially sensitive information about local files via vectors related to the stat system call."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:13895",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13895"
},
{
"name": "http://code.google.com/p/chromium/issues/detail?id=42989",
"refsource": "CONFIRM",
"url": "http://code.google.com/p/chromium/issues/detail?id=42989"
},
{
"name": "http://googlechromereleases.blogspot.com/2011/02/stable-channel-update.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2011/02/stable-channel-update.html"
}
]
}
}

170
2011/1xxx/CVE-2011-1529.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-1529",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The lookup_lockout_policy function in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.8 through 1.8.4 and 1.9 through 1.9.1, when the db2 (aka Berkeley DB) or LDAP back end is used, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via vectors that trigger certain process_as_req errors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-1529",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-006.txt",
"refsource" : "CONFIRM",
"url" : "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-006.txt"
},
{
"name" : "MDVSA-2011:159",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:159"
},
{
"name" : "MDVSA-2011:160",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:160"
},
{
"name" : "RHSA-2011:1379",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2011-1379.html"
},
{
"name" : "openSUSE-SU-2011:1169",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2011-10/msg00009.html"
},
{
"name" : "VU#659251",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/659251"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The lookup_lockout_policy function in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.8 through 1.8.4 and 1.9 through 1.9.1, when the db2 (aka Berkeley DB) or LDAP back end is used, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via vectors that trigger certain process_as_req errors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MDVSA-2011:159",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:159"
},
{
"name": "MDVSA-2011:160",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:160"
},
{
"name": "openSUSE-SU-2011:1169",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-10/msg00009.html"
},
{
"name": "VU#659251",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/659251"
},
{
"name": "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-006.txt",
"refsource": "CONFIRM",
"url": "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-006.txt"
},
{
"name": "RHSA-2011:1379",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-1379.html"
}
]
}
}

130
2011/5xxx/CVE-2011-5101.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-5101",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Rumor technology in McAfee SaaS Endpoint Protection before 5.2.4 allows remote attackers to relay e-mail messages via unspecified vectors, as demonstrated by relaying spam."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-5101",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10018",
"refsource" : "CONFIRM",
"url" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10018"
},
{
"name" : "mcafee-saas-mail-relay(78274)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/78274"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Rumor technology in McAfee SaaS Endpoint Protection before 5.2.4 allows remote attackers to relay e-mail messages via unspecified vectors, as demonstrated by relaying spam."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10018",
"refsource": "CONFIRM",
"url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10018"
},
{
"name": "mcafee-saas-mail-relay(78274)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78274"
}
]
}
}

34
2014/3xxx/CVE-2014-3082.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3082",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-3082",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

150
2014/3xxx/CVE-2014-3307.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3307",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The DHCP client implementation in Universal Small Cell firmware on Cisco Small Cell products allows remote attackers to execute arbitrary commands via crafted DHCP messages, aka Bug ID CSCup47513."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2014-3307",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20140701 Cisco Small Cell Command Execution Vulnerability",
"refsource" : "CISCO",
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3307"
},
{
"name" : "68307",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/68307"
},
{
"name" : "1030509",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1030509"
},
{
"name" : "59024",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/59024"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The DHCP client implementation in Universal Small Cell firmware on Cisco Small Cell products allows remote attackers to execute arbitrary commands via crafted DHCP messages, aka Bug ID CSCup47513."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1030509",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030509"
},
{
"name": "68307",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/68307"
},
{
"name": "59024",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59024"
},
{
"name": "20140701 Cisco Small Cell Command Execution Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3307"
}
]
}
}

130
2014/3xxx/CVE-2014-3417.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3417",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "uPortal before 4.0.13.1 does not properly check the CONFIG permission, which allows remote authenticated users to configure portlets by leveraging the SUBSCRIBE permission for a portlet."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-3417",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.jasig.org/uportal/download/uportal-4-0-13-1",
"refsource" : "CONFIRM",
"url" : "http://www.jasig.org/uportal/download/uportal-4-0-13-1"
},
{
"name" : "https://issues.jasig.org/browse/UP-4106",
"refsource" : "CONFIRM",
"url" : "https://issues.jasig.org/browse/UP-4106"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "uPortal before 4.0.13.1 does not properly check the CONFIG permission, which allows remote authenticated users to configure portlets by leveraging the SUBSCRIBE permission for a portlet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.jasig.org/uportal/download/uportal-4-0-13-1",
"refsource": "CONFIRM",
"url": "http://www.jasig.org/uportal/download/uportal-4-0-13-1"
},
{
"name": "https://issues.jasig.org/browse/UP-4106",
"refsource": "CONFIRM",
"url": "https://issues.jasig.org/browse/UP-4106"
}
]
}
}

140
2014/6xxx/CVE-2014-6167.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-6167",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the URL rewriting feature in IBM WebSphere Application Server 7.x before 7.0.0.37, 8.0.x before 8.0.0.10, and 8.5.x before 8.5.5.4 allows remote attackers to inject arbitrary web script or HTML via a crafted URL."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-6167",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21690185",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21690185"
},
{
"name" : "PI23819",
"refsource" : "AIXAPAR",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1PI23819"
},
{
"name" : "ibm-websphere-cve20146167-xss(97748)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/97748"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the URL rewriting feature in IBM WebSphere Application Server 7.x before 7.0.0.37, 8.0.x before 8.0.0.10, and 8.5.x before 8.5.5.4 allows remote attackers to inject arbitrary web script or HTML via a crafted URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21690185",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21690185"
},
{
"name": "PI23819",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI23819"
},
{
"name": "ibm-websphere-cve20146167-xss(97748)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/97748"
}
]
}
}

120
2014/6xxx/CVE-2014-6364.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-6364",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Use-after-free vulnerability in Microsoft Office 2007 SP3; 2010 SP2; 2013 Gold, SP1, and SP2; and 2013 RT Gold and SP1 allows remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Office Component Use After Free Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2014-6364",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "MS14-082",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-082"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use-after-free vulnerability in Microsoft Office 2007 SP3; 2010 SP2; 2013 Gold, SP1, and SP2; and 2013 RT Gold and SP1 allows remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Office Component Use After Free Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MS14-082",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-082"
}
]
}
}

140
2014/7xxx/CVE-2014-7072.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-7072",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Venezia map (aka com.wVeneziamap) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-7072",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name" : "VU#562433",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/562433"
},
{
"name" : "VU#582497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/582497"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Venezia map (aka com.wVeneziamap) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name": "VU#562433",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/562433"
}
]
}
}

230
2014/7xxx/CVE-2014-7924.json
View File

@ -1,117 +1,117 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-7924",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Use-after-free vulnerability in the IndexedDB implementation in Google Chrome before 40.0.2214.91 allows remote attackers to cause a denial of service or possibly have unspecified other impact by triggering duplicate BLOB references, related to content/browser/indexed_db/indexed_db_callbacks.cc and content/browser/indexed_db/indexed_db_dispatcher_host.cc."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2014-7924",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://googlechromereleases.blogspot.com/2015/01/stable-update.html",
"refsource" : "CONFIRM",
"url" : "http://googlechromereleases.blogspot.com/2015/01/stable-update.html"
},
{
"name" : "https://code.google.com/p/chromium/issues/detail?id=435880",
"refsource" : "CONFIRM",
"url" : "https://code.google.com/p/chromium/issues/detail?id=435880"
},
{
"name" : "https://codereview.chromium.org/774593004",
"refsource" : "CONFIRM",
"url" : "https://codereview.chromium.org/774593004"
},
{
"name" : "GLSA-201502-13",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-201502-13.xml"
},
{
"name" : "RHSA-2015:0093",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-0093.html"
},
{
"name" : "openSUSE-SU-2015:0441",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00005.html"
},
{
"name" : "USN-2476-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2476-1"
},
{
"name" : "72288",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/72288"
},
{
"name" : "1031623",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1031623"
},
{
"name" : "62575",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/62575"
},
{
"name" : "62383",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/62383"
},
{
"name" : "62665",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/62665"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use-after-free vulnerability in the IndexedDB implementation in Google Chrome before 40.0.2214.91 allows remote attackers to cause a denial of service or possibly have unspecified other impact by triggering duplicate BLOB references, related to content/browser/indexed_db/indexed_db_callbacks.cc and content/browser/indexed_db/indexed_db_dispatcher_host.cc."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "62665",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62665"
},
{
"name": "http://googlechromereleases.blogspot.com/2015/01/stable-update.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2015/01/stable-update.html"
},
{
"name": "62575",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62575"
},
{
"name": "USN-2476-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2476-1"
},
{
"name": "72288",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/72288"
},
{
"name": "GLSA-201502-13",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201502-13.xml"
},
{
"name": "https://code.google.com/p/chromium/issues/detail?id=435880",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=435880"
},
{
"name": "https://codereview.chromium.org/774593004",
"refsource": "CONFIRM",
"url": "https://codereview.chromium.org/774593004"
},
{
"name": "1031623",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031623"
},
{
"name": "openSUSE-SU-2015:0441",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00005.html"
},
{
"name": "RHSA-2015:0093",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0093.html"
},
{
"name": "62383",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62383"
}
]
}
}

150
2014/7xxx/CVE-2014-7959.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-7959",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in admin/htaccess/bpsunlock.php in the BulletProof Security plugin before .51.1 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the tableprefix parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-7959",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20141105 Wordpress bulletproof-security <=.51 multiple vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/533904/100/0/threaded"
},
{
"name" : "http://packetstormsecurity.com/files/128977/WordPress-Bulletproof-Security-.51-XSS-SQL-Injection-SSRF.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/128977/WordPress-Bulletproof-Security-.51-XSS-SQL-Injection-SSRF.html"
},
{
"name" : "https://wordpress.org/plugins/bulletproof-security/changelog/",
"refsource" : "CONFIRM",
"url" : "https://wordpress.org/plugins/bulletproof-security/changelog/"
},
{
"name" : "70918",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/70918"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in admin/htaccess/bpsunlock.php in the BulletProof Security plugin before .51.1 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the tableprefix parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/128977/WordPress-Bulletproof-Security-.51-XSS-SQL-Injection-SSRF.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/128977/WordPress-Bulletproof-Security-.51-XSS-SQL-Injection-SSRF.html"
},
{
"name": "70918",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/70918"
},
{
"name": "20141105 Wordpress bulletproof-security <=.51 multiple vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/533904/100/0/threaded"
},
{
"name": "https://wordpress.org/plugins/bulletproof-security/changelog/",
"refsource": "CONFIRM",
"url": "https://wordpress.org/plugins/bulletproof-security/changelog/"
}
]
}
}

160
2014/8xxx/CVE-2014-8033.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-8033",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The play/modules component in Cisco WebEx Meetings Server allows remote attackers to obtain administrator access via crafted API requests, aka Bug ID CSCuj40421."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2014-8033",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20150108 Cisco WebEx Meetings Server Authentication Bypass Vulnerability",
"refsource" : "CISCO",
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8033"
},
{
"name" : "71950",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/71950"
},
{
"name" : "1031517",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1031517"
},
{
"name" : "60279",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/60279"
},
{
"name" : "cisco-webex-cve20148033-sec-bypass(100572)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/100572"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The play/modules component in Cisco WebEx Meetings Server allows remote attackers to obtain administrator access via crafted API requests, aka Bug ID CSCuj40421."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "71950",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/71950"
},
{
"name": "cisco-webex-cve20148033-sec-bypass(100572)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100572"
},
{
"name": "1031517",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031517"
},
{
"name": "60279",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60279"
},
{
"name": "20150108 Cisco WebEx Meetings Server Authentication Bypass Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8033"
}
]
}
}

170
2014/8xxx/CVE-2014-8079.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-8079",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the MAYO theme 7.x-1.x before 7.x-1.3 for Drupal allows remote authenticated users with the \"administer themes\" permission to inject arbitrary web script or HTML via vectors related to header background setting."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-8079",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://drupal.org/node/2194135",
"refsource" : "MISC",
"url" : "https://drupal.org/node/2194135"
},
{
"name" : "https://www.drupal.org/node/2193987",
"refsource" : "CONFIRM",
"url" : "https://www.drupal.org/node/2193987"
},
{
"name" : "65523",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/65523"
},
{
"name" : "103261",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/103261"
},
{
"name" : "56876",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/56876"
},
{
"name" : "mayo-theme-drupal-xss(91154)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/91154"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the MAYO theme 7.x-1.x before 7.x-1.3 for Drupal allows remote authenticated users with the \"administer themes\" permission to inject arbitrary web script or HTML via vectors related to header background setting."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://drupal.org/node/2194135",
"refsource": "MISC",
"url": "https://drupal.org/node/2194135"
},
{
"name": "103261",
"refsource": "OSVDB",
"url": "http://osvdb.org/103261"
},
{
"name": "mayo-theme-drupal-xss(91154)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91154"
},
{
"name": "https://www.drupal.org/node/2193987",
"refsource": "CONFIRM",
"url": "https://www.drupal.org/node/2193987"
},
{
"name": "65523",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/65523"
},
{
"name": "56876",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/56876"
}
]
}
}

160
2014/8xxx/CVE-2014-8586.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-8586",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in the CP Multi View Event Calendar plugin 1.01 for WordPress allows remote attackers to execute arbitrary SQL commands via the calid parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-8586",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "35073",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/35073"
},
{
"name" : "http://packetstormsecurity.com/files/128814/WordPress-CP-Multi-View-Event-Calendar-1.01-SQL-Injection.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/128814/WordPress-CP-Multi-View-Event-Calendar-1.01-SQL-Injection.html"
},
{
"name" : "70718",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/70718"
},
{
"name" : "113670",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/show/osvdb/113670"
},
{
"name" : "cpmultiview-wordpress-calid-sql-injection(97766)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/97766"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the CP Multi View Event Calendar plugin 1.01 for WordPress allows remote attackers to execute arbitrary SQL commands via the calid parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "70718",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/70718"
},
{
"name": "cpmultiview-wordpress-calid-sql-injection(97766)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/97766"
},
{
"name": "113670",
"refsource": "OSVDB",
"url": "http://osvdb.org/show/osvdb/113670"
},
{
"name": "35073",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/35073"
},
{
"name": "http://packetstormsecurity.com/files/128814/WordPress-CP-Multi-View-Event-Calendar-1.01-SQL-Injection.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/128814/WordPress-CP-Multi-View-Event-Calendar-1.01-SQL-Injection.html"
}
]
}
}

34
2014/8xxx/CVE-2014-8804.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-8804",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-8804",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

140
2016/2xxx/CVE-2016-2397.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-2397",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The cliserver implementation in Dell SonicWALL GMS, Analyzer, and UMA EM5000 7.2, 8.0, and 8.1 before Hotfix 168056 allows remote attackers to deserialize and execute arbitrary Java code via crafted XML data."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-2397",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.zerodayinitiative.com/advisories/ZDI-16-163",
"refsource" : "MISC",
"url" : "http://www.zerodayinitiative.com/advisories/ZDI-16-163"
},
{
"name" : "https://support.software.dell.com/product-notification/185943",
"refsource" : "CONFIRM",
"url" : "https://support.software.dell.com/product-notification/185943"
},
{
"name" : "1035015",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1035015"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The cliserver implementation in Dell SonicWALL GMS, Analyzer, and UMA EM5000 7.2, 8.0, and 8.1 before Hotfix 168056 allows remote attackers to deserialize and execute arbitrary Java code via crafted XML data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-16-163",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-16-163"
},
{
"name": "1035015",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035015"
},
{
"name": "https://support.software.dell.com/product-notification/185943",
"refsource": "CONFIRM",
"url": "https://support.software.dell.com/product-notification/185943"
}
]
}
}

34
2016/6xxx/CVE-2016-6005.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-6005",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-6005",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

190
2016/6xxx/CVE-2016-6366.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-6366",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in Cisco Adaptive Security Appliance (ASA) Software through 9.4.2.3 on ASA 5500, ASA 5500-X, ASA Services Module, ASA 1000V, ASAv, Firepower 9300 ASA Security Module, PIX, and FWSM devices allows remote authenticated users to execute arbitrary code via crafted IPv4 SNMP packets, aka Bug ID CSCva92151 or EXTRABACON."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2016-6366",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "40258",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/40258/"
},
{
"name" : "https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/40258.zip",
"refsource" : "MISC",
"url" : "https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/40258.zip"
},
{
"name" : "https://zerosum0x0.blogspot.com/2016/09/reverse-engineering-cisco-asa-for.html",
"refsource" : "MISC",
"url" : "https://zerosum0x0.blogspot.com/2016/09/reverse-engineering-cisco-asa-for.html"
},
{
"name" : "http://blogs.cisco.com/security/shadow-brokers",
"refsource" : "CONFIRM",
"url" : "http://blogs.cisco.com/security/shadow-brokers"
},
{
"name" : "http://tools.cisco.com/security/center/viewErp.x?alertId=ERP-56516",
"refsource" : "CONFIRM",
"url" : "http://tools.cisco.com/security/center/viewErp.x?alertId=ERP-56516"
},
{
"name" : "20160817 Cisco Adaptive Security Appliance SNMP Remote Code Execution Vulnerability",
"refsource" : "CISCO",
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-asa-snmp"
},
{
"name" : "92521",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/92521"
},
{
"name" : "1036637",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1036637"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in Cisco Adaptive Security Appliance (ASA) Software through 9.4.2.3 on ASA 5500, ASA 5500-X, ASA Services Module, ASA 1000V, ASAv, Firepower 9300 ASA Security Module, PIX, and FWSM devices allows remote authenticated users to execute arbitrary code via crafted IPv4 SNMP packets, aka Bug ID CSCva92151 or EXTRABACON."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "92521",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92521"
},
{
"name": "https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/40258.zip",
"refsource": "MISC",
"url": "https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/40258.zip"
},
{
"name": "http://blogs.cisco.com/security/shadow-brokers",
"refsource": "CONFIRM",
"url": "http://blogs.cisco.com/security/shadow-brokers"
},
{
"name": "20160817 Cisco Adaptive Security Appliance SNMP Remote Code Execution Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-asa-snmp"
},
{
"name": "http://tools.cisco.com/security/center/viewErp.x?alertId=ERP-56516",
"refsource": "CONFIRM",
"url": "http://tools.cisco.com/security/center/viewErp.x?alertId=ERP-56516"
},
{
"name": "https://zerosum0x0.blogspot.com/2016/09/reverse-engineering-cisco-asa-for.html",
"refsource": "MISC",
"url": "https://zerosum0x0.blogspot.com/2016/09/reverse-engineering-cisco-asa-for.html"
},
{
"name": "40258",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/40258/"
},
{
"name": "1036637",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036637"
}
]
}
}

130
2017/18xxx/CVE-2017-18175.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-18175",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Progress Sitefinity 9.1 has XSS via the Content Management Template Configuration (aka Templateconfiguration), as demonstrated by the src attribute of an IMG element. This is fixed in 10.1."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-18175",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://packetstormsecurity.com/files/143894/Progress-Sitefinity-9.1-XSS-Session-Management-Open-Redirect.html",
"refsource" : "MISC",
"url" : "https://packetstormsecurity.com/files/143894/Progress-Sitefinity-9.1-XSS-Session-Management-Open-Redirect.html"
},
{
"name" : "https://www.sec-consult.com/en/blog/advisories/multiple-vulnerabilities-in-progress-sitefinity/index.html",
"refsource" : "MISC",
"url" : "https://www.sec-consult.com/en/blog/advisories/multiple-vulnerabilities-in-progress-sitefinity/index.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Progress Sitefinity 9.1 has XSS via the Content Management Template Configuration (aka Templateconfiguration), as demonstrated by the src attribute of an IMG element. This is fixed in 10.1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.sec-consult.com/en/blog/advisories/multiple-vulnerabilities-in-progress-sitefinity/index.html",
"refsource": "MISC",
"url": "https://www.sec-consult.com/en/blog/advisories/multiple-vulnerabilities-in-progress-sitefinity/index.html"
},
{
"name": "https://packetstormsecurity.com/files/143894/Progress-Sitefinity-9.1-XSS-Session-Management-Open-Redirect.html",
"refsource": "MISC",
"url": "https://packetstormsecurity.com/files/143894/Progress-Sitefinity-9.1-XSS-Session-Management-Open-Redirect.html"
}
]
}
}

160
2017/18xxx/CVE-2017-18257.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-18257",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The __get_data_block function in fs/f2fs/data.c in the Linux kernel before 4.11 allows local users to cause a denial of service (integer overflow and loop) via crafted use of the open and fallocate system calls with an FS_IOC_FIEMAP ioctl."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-18257",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b86e33075ed1909d8002745b56ecf73b833db143",
"refsource" : "MISC",
"url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b86e33075ed1909d8002745b56ecf73b833db143"
},
{
"name" : "https://github.com/torvalds/linux/commit/b86e33075ed1909d8002745b56ecf73b833db143",
"refsource" : "MISC",
"url" : "https://github.com/torvalds/linux/commit/b86e33075ed1909d8002745b56ecf73b833db143"
},
{
"name" : "DSA-4188",
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2018/dsa-4188"
},
{
"name" : "USN-3696-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3696-1/"
},
{
"name" : "USN-3696-2",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3696-2/"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The __get_data_block function in fs/f2fs/data.c in the Linux kernel before 4.11 allows local users to cause a denial of service (integer overflow and loop) via crafted use of the open and fallocate system calls with an FS_IOC_FIEMAP ioctl."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-3696-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3696-1/"
},
{
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b86e33075ed1909d8002745b56ecf73b833db143",
"refsource": "MISC",
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b86e33075ed1909d8002745b56ecf73b833db143"
},
{
"name": "https://github.com/torvalds/linux/commit/b86e33075ed1909d8002745b56ecf73b833db143",
"refsource": "MISC",
"url": "https://github.com/torvalds/linux/commit/b86e33075ed1909d8002745b56ecf73b833db143"
},
{
"name": "DSA-4188",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4188"
},
{
"name": "USN-3696-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3696-2/"
}
]
}
}

34
2017/1xxx/CVE-2017-1983.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-1983",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2017-1983",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
}
]
}
}

34
2017/5xxx/CVE-2017-5776.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-5776",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-5776",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

132
2017/5xxx/CVE-2017-5819.json
View File

@ -1,68 +1,68 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security-alert@hpe.com",
"DATE_PUBLIC" : "2017-07-21T00:00:00",
"ID" : "CVE-2017-5819",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Intelligent Management Center (iMC) PLAT",
"version" : {
"version_data" : [
{
"version_value" : "PLAT 7.3 E0504P04"
}
]
}
}
]
},
"vendor_name" : "Hewlett Packard Enterprise"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P04 was found."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Remote Code Execution"
}
"CVE_data_meta": {
"ASSIGNER": "security-alert@hpe.com",
"DATE_PUBLIC": "2017-07-21T00:00:00",
"ID": "CVE-2017-5819",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Intelligent Management Center (iMC) PLAT",
"version": {
"version_data": [
{
"version_value": "PLAT 7.3 E0504P04"
}
]
}
}
]
},
"vendor_name": "Hewlett Packard Enterprise"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03745en_us",
"refsource" : "CONFIRM",
"url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03745en_us"
},
{
"name" : "1038478",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1038478"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P04 was found."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1038478",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038478"
},
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03745en_us",
"refsource": "CONFIRM",
"url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03745en_us"
}
]
}
}

140
2017/5xxx/CVE-2017-5868.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-5868",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "CRLF injection vulnerability in the web interface in OpenVPN Access Server 2.1.4 allows remote attackers to inject arbitrary HTTP headers and consequently conduct session fixation attacks and possibly HTTP response splitting attacks via \"%0A\" characters in the PATH_INFO to __session_start__/."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-5868",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20170523 [CVE-2017-5868] OpenVPN Access Server : CRLF injection with Session fixation",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2017/05/23/13"
},
{
"name" : "https://sysdream.com/news/lab/2017-05-05-cve-2017-5868-openvpn-access-server-crlf-injection-with-session-fixation/",
"refsource" : "MISC",
"url" : "https://sysdream.com/news/lab/2017-05-05-cve-2017-5868-openvpn-access-server-crlf-injection-with-session-fixation/"
},
{
"name" : "1038547",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1038547"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CRLF injection vulnerability in the web interface in OpenVPN Access Server 2.1.4 allows remote attackers to inject arbitrary HTTP headers and consequently conduct session fixation attacks and possibly HTTP response splitting attacks via \"%0A\" characters in the PATH_INFO to __session_start__/."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://sysdream.com/news/lab/2017-05-05-cve-2017-5868-openvpn-access-server-crlf-injection-with-session-fixation/",
"refsource": "MISC",
"url": "https://sysdream.com/news/lab/2017-05-05-cve-2017-5868-openvpn-access-server-crlf-injection-with-session-fixation/"
},
{
"name": "1038547",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038547"
},
{
"name": "[oss-security] 20170523 [CVE-2017-5868] OpenVPN Access Server : CRLF injection with Session fixation",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/05/23/13"
}
]
}
}