From c3bd853079304a7f7fb695b6c5e0575840237b79 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sat, 8 Feb 2020 17:01:06 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2014/7xxx/CVE-2014-7863.json | 73 +++++++++++++++++++++++++++++++++++- 2014/9xxx/CVE-2014-9126.json | 48 +++++++++++++++++++++++- 2014/9xxx/CVE-2014-9127.json | 48 +++++++++++++++++++++++- 2014/9xxx/CVE-2014-9470.json | 73 +++++++++++++++++++++++++++++++++++- 2015/1xxx/CVE-2015-1394.json | 68 ++++++++++++++++++++++++++++++++- 5 files changed, 300 insertions(+), 10 deletions(-) diff --git a/2014/7xxx/CVE-2014-7863.json b/2014/7xxx/CVE-2014-7863.json index d02f8c34e6b..18ddd18ca7f 100644 --- a/2014/7xxx/CVE-2014-7863.json +++ b/2014/7xxx/CVE-2014-7863.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-7863", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,76 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The FailOverHelperServlet (aka FailServlet) servlet in ZOHO ManageEngine Applications Manager before 11.9 build 11912, OpManager 8 through 11.5 build 11400, and IT360 10.5 and earlier does not properly restrict access, which allows remote attackers and remote authenticated users to (1) read arbitrary files via the fileName parameter in a copyfile operation or (2) obtain sensitive information via a directory listing in a listdirectory operation to servlet/FailOverHelperServlet." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/130162/ManageEngine-File-Download-Content-Disclosure-SQL-Injection.html", + "url": "http://packetstormsecurity.com/files/130162/ManageEngine-File-Download-Content-Disclosure-SQL-Injection.html" + }, + { + "refsource": "MISC", + "name": "https://raw.githubusercontent.com/pedrib/PoC/master/ManageEngine/me_failservlet.txt", + "url": "https://raw.githubusercontent.com/pedrib/PoC/master/ManageEngine/me_failservlet.txt" + }, + { + "refsource": "MISC", + "name": "http://www.securityfocus.com/archive/1/archive/1/534575/100/0/threaded", + "url": "http://www.securityfocus.com/archive/1/archive/1/534575/100/0/threaded" + }, + { + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2015/Jan/114", + "url": "http://seclists.org/fulldisclosure/2015/Jan/114" + }, + { + "refsource": "MISC", + "name": "https://support.zoho.com/portal/manageengine/helpcenter/articles/vulnerabilities-in-failoverhelperservlet", + "url": "https://support.zoho.com/portal/manageengine/helpcenter/articles/vulnerabilities-in-failoverhelperservlet" + }, + { + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100554", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100554" } ] } diff --git a/2014/9xxx/CVE-2014-9126.json b/2014/9xxx/CVE-2014-9126.json index 245c53d3ee6..c924692370f 100644 --- a/2014/9xxx/CVE-2014-9126.json +++ b/2014/9xxx/CVE-2014-9126.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-9126", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,51 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Multiple cross-site scripting (XSS) vulnerabilities in Open-School Community Edition 2.2 allow remote attackers to inject arbitrary web script or HTML via the YII_CSRF_TOKEN HTTP cookie or the StudentDocument, StudentCategories, StudentPreviousDatas parameters to index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/130090/OpenSchool-Community-Edition-2.2-XSS-Access-Bypass.html", + "url": "http://packetstormsecurity.com/files/130090/OpenSchool-Community-Edition-2.2-XSS-Access-Bypass.html" } ] } diff --git a/2014/9xxx/CVE-2014-9127.json b/2014/9xxx/CVE-2014-9127.json index 254c5c06068..18d0d922bd2 100644 --- a/2014/9xxx/CVE-2014-9127.json +++ b/2014/9xxx/CVE-2014-9127.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-9127", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,51 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Open-School Community Edition 2.2 does not properly restrict access to the export functionality, which allows remote authenticated users to obtain sensitive information via the r parameter with the value export to index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/130090/OpenSchool-Community-Edition-2.2-XSS-Access-Bypass.html", + "url": "http://packetstormsecurity.com/files/130090/OpenSchool-Community-Edition-2.2-XSS-Access-Bypass.html" } ] } diff --git a/2014/9xxx/CVE-2014-9470.json b/2014/9xxx/CVE-2014-9470.json index 7c5a02ff9bb..9d962a2b3a2 100644 --- a/2014/9xxx/CVE-2014-9470.json +++ b/2014/9xxx/CVE-2014-9470.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-9470", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,76 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross-site scripting (XSS) vulnerability in the loadForm function in Frontend/Modules/Search/Actions/Index.php in Fork CMS before 3.8.4 allows remote attackers to inject arbitrary web script or HTML via the q_widget parameter to en/search." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://www.itas.vn/news/itas-team-found-out-a-cross-site-scripting-vulnerability-in-fork-cms-70.html", + "url": "http://www.itas.vn/news/itas-team-found-out-a-cross-site-scripting-vulnerability-in-fork-cms-70.html" + }, + { + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2015/Jan/38", + "url": "http://seclists.org/fulldisclosure/2015/Jan/38" + }, + { + "refsource": "MISC", + "name": "http://www.fork-cms.com/blog/detail/fork-3.8.4-released", + "url": "http://www.fork-cms.com/blog/detail/fork-3.8.4-released" + }, + { + "refsource": "MISC", + "name": "https://github.com/forkcms/forkcms/commit/4a7814762adf4f56f932d95146c7e4126d872114", + "url": "https://github.com/forkcms/forkcms/commit/4a7814762adf4f56f932d95146c7e4126d872114" + }, + { + "refsource": "MISC", + "name": "https://github.com/forkcms/forkcms/issues/1018s", + "url": "https://github.com/forkcms/forkcms/issues/1018s" + }, + { + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/72017", + "url": "http://www.securityfocus.com/bid/72017" } ] } diff --git a/2015/1xxx/CVE-2015-1394.json b/2015/1xxx/CVE-2015-1394.json index 7e57286d7ec..208a2002275 100644 --- a/2015/1xxx/CVE-2015-1394.json +++ b/2015/1xxx/CVE-2015-1394.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2015-1394", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,8 +11,72 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Multiple cross-site scripting (XSS) vulnerabilities in the Photo Gallery plugin before 1.2.11 for WordPress allow remote authenticated users to inject arbitrary web script or HTML via the (1) sort_by, (2) sort_order, (3) items_view, (4) dir, (5) clipboard_task, (6) clipboard_files, (7) clipboard_src, or (8) clipboard_dest parameters in an addImages action to wp-admin/admin-ajax.php." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://wordpress.org/plugins/photo-gallery/changelog/", + "url": "https://wordpress.org/plugins/photo-gallery/changelog/" + }, + { + "refsource": "MISC", + "name": "http://www.securityfocus.com/archive/1/archive/1/534568/100/0/threaded", + "url": "http://www.securityfocus.com/archive/1/archive/1/534568/100/0/threaded" + }, + { + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/changeset/1073334/", + "url": "https://plugins.trac.wordpress.org/changeset/1073334/" + }, + { + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/changeset/1076678/photo-gallery", + "url": "https://plugins.trac.wordpress.org/changeset/1076678/photo-gallery" + }, + { + "refsource": "MISC", + "name": "https://seclists.org/bugtraq/2015/Jan/140", + "url": "https://seclists.org/bugtraq/2015/Jan/140" + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } } } \ No newline at end of file