admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'October-CMS' of https://github.com/kurtseifried/cvelist

Browse Source
This commit is contained in:
CVE Team 2017-11-16 20:08:57 -05:00
commit bb5906a312
No known key found for this signature in database
GPG Key ID: 3504EC0FB4B2FE56
5 changed files with 310 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

62
2017/1000xxx/CVE-2017-1000193.json Normal file
View File

@ -0,0 +1,62 @@
{
"CVE_data_meta": {
"ASSIGNER": "kurt@seifried.org",
"DATE_ASSIGNED": "2017-08-22T17:29:33.417002",
"ID": "CVE-2017-1000193",
"REQUESTER": "antirais@gmail.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "October CMS",
"version": {
"version_data": [
{
"version_value": "1.0.412 (build 412)"
}
]
}
}
]
},
"vendor_name": "October CMS"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "October CMS build 412 is vulnerable to stored WCI (a.k.a XSS) in brand logo image name resulting in JavaScript code execution in the victim's browser."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross Site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/octobercms/october/compare/v1.0.412...v1.0.413#diff-66d6dfe5e11488e1afefcb69b8bdaabfR31"
}
]
}
}

62
2017/1000xxx/CVE-2017-1000194.json Normal file
View File

@ -0,0 +1,62 @@
{
"CVE_data_meta": {
"ASSIGNER": "kurt@seifried.org",
"DATE_ASSIGNED": "2017-08-22T17:29:33.418368",
"ID": "CVE-2017-1000194",
"REQUESTER": "antirais@gmail.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "October CMS",
"version": {
"version_data": [
{
"version_value": "1.0.412 (build 412)"
}
]
}
}
]
},
"vendor_name": "October CMS"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "October CMS build 412 is vulnerable to Apache configuration modification via file upload functionality resulting in site compromise and possibly other applications on the server."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Web server's configuration file upload"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/octobercms/october/compare/v1.0.412...v1.0.413#diff-c328b7b99eac0d17b3c71eb37038fd61R224"
}
]
}
}

62
2017/1000xxx/CVE-2017-1000195.json Normal file
View File

@ -0,0 +1,62 @@
{
"CVE_data_meta": {
"ASSIGNER": "kurt@seifried.org",
"DATE_ASSIGNED": "2017-08-22T17:29:33.419778",
"ID": "CVE-2017-1000195",
"REQUESTER": "antirais@gmail.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "October CMS",
"version": {
"version_data": [
{
"version_value": "1.0.412 (build 412)"
}
]
}
}
]
},
"vendor_name": "October CMS"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "October CMS build 412 is vulnerable to PHP object injection in asset move functionality resulting in ability to delete files limited by file permissions on the server."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "PHP object injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/octobercms/october/compare/v1.0.412...v1.0.413#diff-c328b7b99eac0d17b3c71eb37038fd61R317"
}
]
}
}

62
2017/1000xxx/CVE-2017-1000196.json Normal file
View File

@ -0,0 +1,62 @@
{
"CVE_data_meta": {
"ASSIGNER": "kurt@seifried.org",
"DATE_ASSIGNED": "2017-08-22T17:29:33.421306",
"ID": "CVE-2017-1000196",
"REQUESTER": "antirais@gmail.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "October CMS",
"version": {
"version_data": [
{
"version_value": "1.0.412 (build 412)"
}
]
}
}
]
},
"vendor_name": "October CMS"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "October CMS build 412 is vulnerable to PHP code execution in the asset manager functionality resulting in site compromise and possibly other applications on the server."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "File creation / upload"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/octobercms/october/compare/v1.0.412...v1.0.413#diff-c328b7b99eac0d17b3c71eb37038fd61R49"
}
]
}
}

62
2017/1000xxx/CVE-2017-1000197.json Normal file
View File

@ -0,0 +1,62 @@
{
"CVE_data_meta": {
"ASSIGNER": "kurt@seifried.org",
"DATE_ASSIGNED": "2017-08-22T17:29:33.423364",
"ID": "CVE-2017-1000197",
"REQUESTER": "antirais@gmail.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "October CMS",
"version": {
"version_data": [
{
"version_value": "1.0.412 (build 412)"
}
]
}
}
]
},
"vendor_name": "October CMS"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "October CMS build 412 is vulnerable to file path modification in asset move functionality resulting in creating creating malicious files on the server."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Directory Traversal"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/octobercms/october/compare/v1.0.412...v1.0.413#diff-eef90a4e3585febf6489916dc242d0ceR241"
}
]
}
}