diff --git a/2018/16xxx/CVE-2018-16337.json b/2018/16xxx/CVE-2018-16337.json index c5db2aca6f4..33b1ca01a0b 100644 --- a/2018/16xxx/CVE-2018-16337.json +++ b/2018/16xxx/CVE-2018-16337.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2018-16337", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,28 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "An issue was discovered in Cscms V4.1.8. There is a CSRF vulnerability that can modify a website's basic configuration via upload/admin.php/setting/save." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://github.com/chshcms/cscms/issues/2", + "refsource" : "MISC", + "url" : "https://github.com/chshcms/cscms/issues/2" } ] } diff --git a/2018/16xxx/CVE-2018-16338.json b/2018/16xxx/CVE-2018-16338.json index c0c1def02b5..e9364425e57 100644 --- a/2018/16xxx/CVE-2018-16338.json +++ b/2018/16xxx/CVE-2018-16338.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2018-16338", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,28 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "An issue was discovered in AuraCMS 2.3. There is a CSRF vulnerability that can change the administrator's password via admin.php?mod=users and subsequently add a page or menu, or submit a topic." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://github.com/auracms/AuraCMS/issues/3", + "refsource" : "MISC", + "url" : "https://github.com/auracms/AuraCMS/issues/3" } ] } diff --git a/2018/16xxx/CVE-2018-16339.json b/2018/16xxx/CVE-2018-16339.json index 288ca88ce44..a657fc7fb32 100644 --- a/2018/16xxx/CVE-2018-16339.json +++ b/2018/16xxx/CVE-2018-16339.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2018-16339", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,28 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "An issue was discovered in EmpireCMS 7.0. There is a CSRF vulnerability that can add administrators via upload/e/admin/user/AddUser.php?enews=AddUser." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://github.com/sbmzhcn/EmpireCMS/issues/1", + "refsource" : "MISC", + "url" : "https://github.com/sbmzhcn/EmpireCMS/issues/1" } ] } diff --git a/2018/16xxx/CVE-2018-16342.json b/2018/16xxx/CVE-2018-16342.json index d4cddb63014..17e96fd5fc2 100644 --- a/2018/16xxx/CVE-2018-16342.json +++ b/2018/16xxx/CVE-2018-16342.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2018-16342", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,28 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "ShowDoc v1.8.0 has XSS via a new page." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://github.com/star7th/showdoc/issues/325", + "refsource" : "MISC", + "url" : "https://github.com/star7th/showdoc/issues/325" } ] } diff --git a/2018/16xxx/CVE-2018-16343.json b/2018/16xxx/CVE-2018-16343.json new file mode 100644 index 00000000000..70306360ac3 --- /dev/null +++ b/2018/16xxx/CVE-2018-16343.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-16343", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "SeaCMS 6.61 allows remote attackers to execute arbitrary code because parseIf() in include/main.class.php does not block use of $GLOBALS." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "http://zhinianyuxin.postach.io/post/seacms-v6-61-latest-version-backend-rce", + "refsource" : "MISC", + "url" : "http://zhinianyuxin.postach.io/post/seacms-v6-61-latest-version-backend-rce" + }, + { + "name" : "https://github.com/cumtxujiabin/CmsPoc/blob/master/Seacms_v6.61_backend_RCE.md", + "refsource" : "MISC", + "url" : "https://github.com/cumtxujiabin/CmsPoc/blob/master/Seacms_v6.61_backend_RCE.md" + } + ] + } +} diff --git a/2018/16xxx/CVE-2018-16344.json b/2018/16xxx/CVE-2018-16344.json new file mode 100644 index 00000000000..ca00ca701d7 --- /dev/null +++ b/2018/16xxx/CVE-2018-16344.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-16344", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "An issue was discovered in zzcms 8.3. It allows remote attackers to delete arbitrary files via directory traversal sequences in the flv parameter. This can be leveraged for database access by deleting install.lock." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://github.com/cumtxujiabin/CmsPoc/blob/master/zzcms_8.3_file_del.md", + "refsource" : "MISC", + "url" : "https://github.com/cumtxujiabin/CmsPoc/blob/master/zzcms_8.3_file_del.md" + } + ] + } +} diff --git a/2018/16xxx/CVE-2018-16345.json b/2018/16xxx/CVE-2018-16345.json new file mode 100644 index 00000000000..aec946ae29e --- /dev/null +++ b/2018/16xxx/CVE-2018-16345.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-16345", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "An issue was discovered in EasyCMS 1.5. There is a CSRF vulnerability that can update the admin password via index.php?s=/admin/rbacuser/update/navTabId/listusers/callbackType/closeCurrent." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://github.com/teameasy/EasyCMS/issues/5", + "refsource" : "MISC", + "url" : "https://github.com/teameasy/EasyCMS/issues/5" + } + ] + } +} diff --git a/2018/16xxx/CVE-2018-16346.json b/2018/16xxx/CVE-2018-16346.json new file mode 100644 index 00000000000..14fa3b0f9fa --- /dev/null +++ b/2018/16xxx/CVE-2018-16346.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-16346", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "ChemCMS 1.0.6 has XSS via the \"setting -> website information\" field." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://github.com/chemcms/ChemCMS/issues/2", + "refsource" : "MISC", + "url" : "https://github.com/chemcms/ChemCMS/issues/2" + } + ] + } +} diff --git a/2018/16xxx/CVE-2018-16347.json b/2018/16xxx/CVE-2018-16347.json new file mode 100644 index 00000000000..be3565fba79 --- /dev/null +++ b/2018/16xxx/CVE-2018-16347.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-16347", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "An issue was discovered in Gleez CMS v1.2.0. There is XSS via media/imagecache/resize." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://github.com/gleez/cms/issues/798", + "refsource" : "MISC", + "url" : "https://github.com/gleez/cms/issues/798" + } + ] + } +} diff --git a/2018/16xxx/CVE-2018-16348.json b/2018/16xxx/CVE-2018-16348.json new file mode 100644 index 00000000000..534e6ed7382 --- /dev/null +++ b/2018/16xxx/CVE-2018-16348.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-16348", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "SeaCMS V6.61 has XSS via the admin_video.php v_content parameter, related to the site name." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://github.com/Jas0nwhy/vulnerability/blob/master/Seacmsxss.md", + "refsource" : "MISC", + "url" : "https://github.com/Jas0nwhy/vulnerability/blob/master/Seacmsxss.md" + } + ] + } +} diff --git a/2018/16xxx/CVE-2018-16349.json b/2018/16xxx/CVE-2018-16349.json new file mode 100644 index 00000000000..b17baf8a437 --- /dev/null +++ b/2018/16xxx/CVE-2018-16349.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-16349", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "WUZHI CMS 4.1.0 has XSS via the index.php?m=link&f=index&v=add form[remark] parameter." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://github.com/wuzhicms/wuzhicms/issues/147", + "refsource" : "MISC", + "url" : "https://github.com/wuzhicms/wuzhicms/issues/147" + } + ] + } +} diff --git a/2018/16xxx/CVE-2018-16350.json b/2018/16xxx/CVE-2018-16350.json new file mode 100644 index 00000000000..c5c91709c62 --- /dev/null +++ b/2018/16xxx/CVE-2018-16350.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-16350", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "WUZHI CMS 4.1.0 has XSS via the index.php?m=core&f=set&v=basic form[statcode] parameter." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://github.com/wuzhicms/wuzhicms/issues/148", + "refsource" : "MISC", + "url" : "https://github.com/wuzhicms/wuzhicms/issues/148" + } + ] + } +}