admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2020-02-08 17:01:06 +00:00
parent 43f5468d52
commit c3bd853079
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
5 changed files with 300 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

73
2014/7xxx/CVE-2014-7863.json
View File

@ -2,7 +2,7 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-7863",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +11,76 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The FailOverHelperServlet (aka FailServlet) servlet in ZOHO ManageEngine Applications Manager before 11.9 build 11912, OpManager 8 through 11.5 build 11400, and IT360 10.5 and earlier does not properly restrict access, which allows remote attackers and remote authenticated users to (1) read arbitrary files via the fileName parameter in a copyfile operation or (2) obtain sensitive information via a directory listing in a listdirectory operation to servlet/FailOverHelperServlet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/130162/ManageEngine-File-Download-Content-Disclosure-SQL-Injection.html",
"url": "http://packetstormsecurity.com/files/130162/ManageEngine-File-Download-Content-Disclosure-SQL-Injection.html"
},
{
"refsource": "MISC",
"name": "https://raw.githubusercontent.com/pedrib/PoC/master/ManageEngine/me_failservlet.txt",
"url": "https://raw.githubusercontent.com/pedrib/PoC/master/ManageEngine/me_failservlet.txt"
},
{
"refsource": "MISC",
"name": "http://www.securityfocus.com/archive/1/archive/1/534575/100/0/threaded",
"url": "http://www.securityfocus.com/archive/1/archive/1/534575/100/0/threaded"
},
{
"refsource": "MISC",
"name": "http://seclists.org/fulldisclosure/2015/Jan/114",
"url": "http://seclists.org/fulldisclosure/2015/Jan/114"
},
{
"refsource": "MISC",
"name": "https://support.zoho.com/portal/manageengine/helpcenter/articles/vulnerabilities-in-failoverhelperservlet",
"url": "https://support.zoho.com/portal/manageengine/helpcenter/articles/vulnerabilities-in-failoverhelperservlet"
},
{
"refsource": "MISC",
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100554",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100554"
}
]
}

48
2014/9xxx/CVE-2014-9126.json
View File

@ -2,7 +2,7 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9126",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +11,51 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Open-School Community Edition 2.2 allow remote attackers to inject arbitrary web script or HTML via the YII_CSRF_TOKEN HTTP cookie or the StudentDocument, StudentCategories, StudentPreviousDatas parameters to index.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/130090/OpenSchool-Community-Edition-2.2-XSS-Access-Bypass.html",
"url": "http://packetstormsecurity.com/files/130090/OpenSchool-Community-Edition-2.2-XSS-Access-Bypass.html"
}
]
}

48
2014/9xxx/CVE-2014-9127.json
View File

@ -2,7 +2,7 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9127",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +11,51 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Open-School Community Edition 2.2 does not properly restrict access to the export functionality, which allows remote authenticated users to obtain sensitive information via the r parameter with the value export to index.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/130090/OpenSchool-Community-Edition-2.2-XSS-Access-Bypass.html",
"url": "http://packetstormsecurity.com/files/130090/OpenSchool-Community-Edition-2.2-XSS-Access-Bypass.html"
}
]
}

73
2014/9xxx/CVE-2014-9470.json
View File

@ -2,7 +2,7 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9470",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +11,76 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Cross-site scripting (XSS) vulnerability in the loadForm function in Frontend/Modules/Search/Actions/Index.php in Fork CMS before 3.8.4 allows remote attackers to inject arbitrary web script or HTML via the q_widget parameter to en/search."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "http://www.itas.vn/news/itas-team-found-out-a-cross-site-scripting-vulnerability-in-fork-cms-70.html",
"url": "http://www.itas.vn/news/itas-team-found-out-a-cross-site-scripting-vulnerability-in-fork-cms-70.html"
},
{
"refsource": "MISC",
"name": "http://seclists.org/fulldisclosure/2015/Jan/38",
"url": "http://seclists.org/fulldisclosure/2015/Jan/38"
},
{
"refsource": "MISC",
"name": "http://www.fork-cms.com/blog/detail/fork-3.8.4-released",
"url": "http://www.fork-cms.com/blog/detail/fork-3.8.4-released"
},
{
"refsource": "MISC",
"name": "https://github.com/forkcms/forkcms/commit/4a7814762adf4f56f932d95146c7e4126d872114",
"url": "https://github.com/forkcms/forkcms/commit/4a7814762adf4f56f932d95146c7e4126d872114"
},
{
"refsource": "MISC",
"name": "https://github.com/forkcms/forkcms/issues/1018s",
"url": "https://github.com/forkcms/forkcms/issues/1018s"
},
{
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/72017",
"url": "http://www.securityfocus.com/bid/72017"
}
]
}

68
2015/1xxx/CVE-2015-1394.json
View File

@ -2,7 +2,7 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-1394",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,8 +11,72 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the Photo Gallery plugin before 1.2.11 for WordPress allow remote authenticated users to inject arbitrary web script or HTML via the (1) sort_by, (2) sort_order, (3) items_view, (4) dir, (5) clipboard_task, (6) clipboard_files, (7) clipboard_src, or (8) clipboard_dest parameters in an addImages action to wp-admin/admin-ajax.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://wordpress.org/plugins/photo-gallery/changelog/",
"url": "https://wordpress.org/plugins/photo-gallery/changelog/"
},
{
"refsource": "MISC",
"name": "http://www.securityfocus.com/archive/1/archive/1/534568/100/0/threaded",
"url": "http://www.securityfocus.com/archive/1/archive/1/534568/100/0/threaded"
},
{
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/changeset/1073334/",
"url": "https://plugins.trac.wordpress.org/changeset/1073334/"
},
{
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/changeset/1076678/photo-gallery",
"url": "https://plugins.trac.wordpress.org/changeset/1076678/photo-gallery"
},
{
"refsource": "MISC",
"name": "https://seclists.org/bugtraq/2015/Jan/140",
"url": "https://seclists.org/bugtraq/2015/Jan/140"
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
}
}