diff --git a/2018/20xxx/CVE-2018-20123.json b/2018/20xxx/CVE-2018-20123.json new file mode 100644 index 00000000000..393945fde90 --- /dev/null +++ b/2018/20xxx/CVE-2018-20123.json @@ -0,0 +1,18 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-20123", + "STATE" : "RESERVED" + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} diff --git a/2018/20xxx/CVE-2018-20124.json b/2018/20xxx/CVE-2018-20124.json new file mode 100644 index 00000000000..ff1cf0b59d8 --- /dev/null +++ b/2018/20xxx/CVE-2018-20124.json @@ -0,0 +1,18 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-20124", + "STATE" : "RESERVED" + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} diff --git a/2018/20xxx/CVE-2018-20125.json b/2018/20xxx/CVE-2018-20125.json new file mode 100644 index 00000000000..e029c10bc09 --- /dev/null +++ b/2018/20xxx/CVE-2018-20125.json @@ -0,0 +1,18 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-20125", + "STATE" : "RESERVED" + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} diff --git a/2018/20xxx/CVE-2018-20126.json b/2018/20xxx/CVE-2018-20126.json new file mode 100644 index 00000000000..e06e687aacc --- /dev/null +++ b/2018/20xxx/CVE-2018-20126.json @@ -0,0 +1,18 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-20126", + "STATE" : "RESERVED" + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} diff --git a/2018/20xxx/CVE-2018-20127.json b/2018/20xxx/CVE-2018-20127.json new file mode 100644 index 00000000000..c50abf6c043 --- /dev/null +++ b/2018/20xxx/CVE-2018-20127.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-20127", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "An issue was discovered in zzzphp cms 1.5.8. del_file in /admin/save.php allows remote attackers to delete arbitrary files via a mixed-case extension and an extra '.' character, because (for example) \"php\" is blocked but path=F:/1.phP. succeeds." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "http://www.iwantacve.cn/index.php/archives/89/", + "refsource" : "MISC", + "url" : "http://www.iwantacve.cn/index.php/archives/89/" + } + ] + } +} diff --git a/2018/20xxx/CVE-2018-20128.json b/2018/20xxx/CVE-2018-20128.json new file mode 100644 index 00000000000..574ffbd19c9 --- /dev/null +++ b/2018/20xxx/CVE-2018-20128.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-20128", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "An issue was discovered in UsualToolCMS v8.0. cmsadmin\\a_sqlback.php allows remote attackers to delete arbitrary files via a backname[] directory-traversal pathname followed by a crafted substring." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "http://www.iwantacve.cn/index.php/archives/90/", + "refsource" : "MISC", + "url" : "http://www.iwantacve.cn/index.php/archives/90/" + } + ] + } +} diff --git a/2018/20xxx/CVE-2018-20129.json b/2018/20xxx/CVE-2018-20129.json new file mode 100644 index 00000000000..1f5c12445af --- /dev/null +++ b/2018/20xxx/CVE-2018-20129.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-20129", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "An issue was discovered in DedeCMS V5.7 SP2. uploads/include/dialog/select_images_post.php allows remote attackers to upload and execute arbitrary PHP code via a double extension and a modified \".php\" substring, in conjunction with the image/jpeg content type, as demonstrated by the filename=1.jpg.p*hp value." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "http://www.iwantacve.cn/index.php/archives/88/", + "refsource" : "MISC", + "url" : "http://www.iwantacve.cn/index.php/archives/88/" + } + ] + } +}