admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 06:15:15 +00:00
parent 9a706400b5
commit eb151f2984
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
57 changed files with 4437 additions and 4437 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

170
2006/0xxx/CVE-2006-0251.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0251",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in fom.cgi in Faq-O-Matic 2.711 allows remote attackers to inject arbitrary web script or HTML via the (1) _duration, (2) file, and (3) cmd parameters."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0251",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://osvdb.org/ref/22/22439-faqomatic.txt",
"refsource" : "MISC",
"url" : "http://osvdb.org/ref/22/22439-faqomatic.txt"
},
{
"name" : "16251",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/16251"
},
{
"name" : "ADV-2006-0189",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/0189"
},
{
"name" : "22439",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/22439"
},
{
"name" : "18468",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18468"
},
{
"name" : "faqomatic-fom-xss(24165)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24165"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in fom.cgi in Faq-O-Matic 2.711 allows remote attackers to inject arbitrary web script or HTML via the (1) _duration, (2) file, and (3) cmd parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "18468",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18468"
},
{
"name": "faqomatic-fom-xss(24165)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24165"
},
{
"name": "22439",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22439"
},
{
"name": "ADV-2006-0189",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0189"
},
{
"name": "http://osvdb.org/ref/22/22439-faqomatic.txt",
"refsource": "MISC",
"url": "http://osvdb.org/ref/22/22439-faqomatic.txt"
},
{
"name": "16251",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16251"
}
]
}
}

200
2006/0xxx/CVE-2006-0282.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0282",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Oracle Database Server 8.1.7.4, 9.0.1.5, 9.0.1.5 FIPS, 9.2.0.7, and 10.1.0.5, Application Server 1.0.2.2, 9.0.4.2, and 10.1.2.0.2, and Collaboration Suite Release 2, version 9.0.4.2 (Oracle9i) has unspecified impact and attack vectors, as identified by Oracle Vuln# DBC01 in the Protocol Support component."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0282",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpujan2006-082403.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpujan2006-082403.html"
},
{
"name" : "VU#545804",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/545804"
},
{
"name" : "16287",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/16287"
},
{
"name" : "ADV-2006-0243",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/0243"
},
{
"name" : "ADV-2006-0323",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/0323"
},
{
"name" : "1015499",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1015499"
},
{
"name" : "18493",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18493"
},
{
"name" : "18608",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18608"
},
{
"name" : "oracle-january2006-update(24321)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24321"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Oracle Database Server 8.1.7.4, 9.0.1.5, 9.0.1.5 FIPS, 9.2.0.7, and 10.1.0.5, Application Server 1.0.2.2, 9.0.4.2, and 10.1.2.0.2, and Collaboration Suite Release 2, version 9.0.4.2 (Oracle9i) has unspecified impact and attack vectors, as identified by Oracle Vuln# DBC01 in the Protocol Support component."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oracle-january2006-update(24321)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24321"
},
{
"name": "18493",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18493"
},
{
"name": "ADV-2006-0323",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0323"
},
{
"name": "16287",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16287"
},
{
"name": "VU#545804",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/545804"
},
{
"name": "1015499",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015499"
},
{
"name": "ADV-2006-0243",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0243"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujan2006-082403.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2006-082403.html"
},
{
"name": "18608",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18608"
}
]
}
}

260
2006/0xxx/CVE-2006-0527.json
View File

@ -1,132 +1,132 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0527",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "BIND 4 (BIND4) and BIND 8 (BIND8), if used as a target forwarder, allows remote attackers to gain privileged access via a \"Kashpureff-style DNS cache corruption\" attack."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0527",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060216 Recent HP advisories outline BIND problems",
"refsource" : "VIM",
"url" : "http://attrition.org/pipermail/vim/2006-February/000551.html"
},
{
"name" : "http://computerworld.com/networkingtopics/networking/story/0,10801,103744,00.html",
"refsource" : "MISC",
"url" : "http://computerworld.com/networkingtopics/networking/story/0,10801,103744,00.html"
},
{
"name" : "HPSBTU02095",
"refsource" : "HP",
"url" : "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00595837"
},
{
"name" : "SSRT051007",
"refsource" : "HP",
"url" : "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00595837"
},
{
"name" : "HPSBUX02097",
"refsource" : "HP",
"url" : "http://www.securityfocus.com/archive/1/425083/100/0/threaded"
},
{
"name" : "SSRT051045",
"refsource" : "HP",
"url" : "http://www.securityfocus.com/archive/1/425083/100/0/threaded"
},
{
"name" : "16455",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/16455"
},
{
"name" : "ADV-2006-0399",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/0399"
},
{
"name" : "22888",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/22888"
},
{
"name" : "1015551",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1015551"
},
{
"name" : "1015606",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1015606"
},
{
"name" : "18690",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18690"
},
{
"name" : "438",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/438"
},
{
"name" : "748",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/748"
},
{
"name" : "tru64-dns-bind-unauth-access(24414)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24414"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "BIND 4 (BIND4) and BIND 8 (BIND8), if used as a target forwarder, allows remote attackers to gain privileged access via a \"Kashpureff-style DNS cache corruption\" attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://computerworld.com/networkingtopics/networking/story/0,10801,103744,00.html",
"refsource": "MISC",
"url": "http://computerworld.com/networkingtopics/networking/story/0,10801,103744,00.html"
},
{
"name": "22888",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22888"
},
{
"name": "HPSBTU02095",
"refsource": "HP",
"url": "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00595837"
},
{
"name": "ADV-2006-0399",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0399"
},
{
"name": "1015606",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015606"
},
{
"name": "SSRT051045",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/425083/100/0/threaded"
},
{
"name": "18690",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18690"
},
{
"name": "438",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/438"
},
{
"name": "HPSBUX02097",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/425083/100/0/threaded"
},
{
"name": "748",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/748"
},
{
"name": "1015551",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015551"
},
{
"name": "16455",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16455"
},
{
"name": "20060216 Recent HP advisories outline BIND problems",
"refsource": "VIM",
"url": "http://attrition.org/pipermail/vim/2006-February/000551.html"
},
{
"name": "SSRT051007",
"refsource": "HP",
"url": "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00595837"
},
{
"name": "tru64-dns-bind-unauth-access(24414)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24414"
}
]
}
}

140
2006/0xxx/CVE-2006-0697.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0697",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Zen Cart before 1.2.7 does not protect the admin/includes directory, which allows remote attackers to cause unknown impact via unspecified vectors, probably direct requests."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0697",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://sourceforge.net/project/shownotes.php?release_id=392886",
"refsource" : "CONFIRM",
"url" : "http://sourceforge.net/project/shownotes.php?release_id=392886"
},
{
"name" : "ADV-2006-0546",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/0546"
},
{
"name" : "18801",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18801"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Zen Cart before 1.2.7 does not protect the admin/includes directory, which allows remote attackers to cause unknown impact via unspecified vectors, probably direct requests."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-0546",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0546"
},
{
"name": "18801",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18801"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=392886",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=392886"
}
]
}
}

160
2006/0xxx/CVE-2006-0852.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0852",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Direct static code injection vulnerability in write.php in Admbook 1.2.2 and earlier allows remote attackers to execute arbitrary PHP code via the X-Forwarded-For HTTP header field, which is inserted into content-data.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0852",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "1512",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/1512"
},
{
"name" : "16753",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/16753"
},
{
"name" : "ADV-2006-0663",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/0663"
},
{
"name" : "18930",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18930"
},
{
"name" : "admbook-index-command-execution(24771)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24771"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Direct static code injection vulnerability in write.php in Admbook 1.2.2 and earlier allows remote attackers to execute arbitrary PHP code via the X-Forwarded-For HTTP header field, which is inserted into content-data.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "admbook-index-command-execution(24771)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24771"
},
{
"name": "16753",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16753"
},
{
"name": "18930",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18930"
},
{
"name": "ADV-2006-0663",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0663"
},
{
"name": "1512",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/1512"
}
]
}
}

34
2006/0xxx/CVE-2006-0954.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0954",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0954",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

170
2006/1xxx/CVE-2006-1272.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-1272",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in member.php in MyBulletin Board (MyBB) 1.0.3 allow remote attackers to inject arbitrary web script or HTML via the (1) aim, (2) yahoo, (3) msn, or (4) website field."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1272",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060314 [[KAPDA::#35] MyBB 1.0.3~member.php~XSS Attack in contact details",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/427746/100/0/threaded"
},
{
"name" : "http://community.mybboard.net/showthread.php?tid=7368",
"refsource" : "MISC",
"url" : "http://community.mybboard.net/showthread.php?tid=7368"
},
{
"name" : "http://kapda.ir/advisory-297.html",
"refsource" : "MISC",
"url" : "http://kapda.ir/advisory-297.html"
},
{
"name" : "17097",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/17097"
},
{
"name" : "23935",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/23935"
},
{
"name" : "mybb-member-xss(25263)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25263"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in member.php in MyBulletin Board (MyBB) 1.0.3 allow remote attackers to inject arbitrary web script or HTML via the (1) aim, (2) yahoo, (3) msn, or (4) website field."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "23935",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/23935"
},
{
"name": "http://kapda.ir/advisory-297.html",
"refsource": "MISC",
"url": "http://kapda.ir/advisory-297.html"
},
{
"name": "http://community.mybboard.net/showthread.php?tid=7368",
"refsource": "MISC",
"url": "http://community.mybboard.net/showthread.php?tid=7368"
},
{
"name": "17097",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17097"
},
{
"name": "20060314 [[KAPDA::#35] MyBB 1.0.3~member.php~XSS Attack in contact details",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/427746/100/0/threaded"
},
{
"name": "mybb-member-xss(25263)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25263"
}
]
}
}

170
2006/1xxx/CVE-2006-1416.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-1416",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in afmsearch.aspx in Absolute FAQ Manager .NET 4.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified search module parameters, possibly the question parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1416",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://pridels0.blogspot.com/2006/03/absolute-faq-manager-net-xss-vuln.html",
"refsource" : "MISC",
"url" : "http://pridels0.blogspot.com/2006/03/absolute-faq-manager-net-xss-vuln.html"
},
{
"name" : "17242",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/17242"
},
{
"name" : "ADV-2006-1096",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/1096"
},
{
"name" : "24127",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/24127"
},
{
"name" : "19396",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19396"
},
{
"name" : "absolutefaqmanager-search-xss(25463)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25463"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in afmsearch.aspx in Absolute FAQ Manager .NET 4.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified search module parameters, possibly the question parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://pridels0.blogspot.com/2006/03/absolute-faq-manager-net-xss-vuln.html",
"refsource": "MISC",
"url": "http://pridels0.blogspot.com/2006/03/absolute-faq-manager-net-xss-vuln.html"
},
{
"name": "absolutefaqmanager-search-xss(25463)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25463"
},
{
"name": "24127",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/24127"
},
{
"name": "17242",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17242"
},
{
"name": "19396",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19396"
},
{
"name": "ADV-2006-1096",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1096"
}
]
}
}

200
2006/1xxx/CVE-2006-1592.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-1592",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in the is_client_wad_ok function in w_wad.cpp for (1) Zdaemon 1.08.01 and (2) X-Doom allows remote attackers to execute arbitrary code via a long filename argument."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1592",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060331 Buffer-overflow and in-game crash in Zdaemon 1.08.01",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/429521/100/0/threaded"
},
{
"name" : "20060331 Buffer-overflow and in-game crash in Zdaemon 1.08.01",
"refsource" : "FULLDISC",
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2006-March/044775.html"
},
{
"name" : "http://aluigi.altervista.org/adv/zdaebof-adv.txt",
"refsource" : "MISC",
"url" : "http://aluigi.altervista.org/adv/zdaebof-adv.txt"
},
{
"name" : "17340",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/17340"
},
{
"name" : "ADV-2006-1199",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/1199"
},
{
"name" : "ADV-2006-1198",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/1198"
},
{
"name" : "19509",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19509"
},
{
"name" : "19496",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19496"
},
{
"name" : "zdaemon-isclientwadok-bo(25592)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25592"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the is_client_wad_ok function in w_wad.cpp for (1) Zdaemon 1.08.01 and (2) X-Doom allows remote attackers to execute arbitrary code via a long filename argument."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060331 Buffer-overflow and in-game crash in Zdaemon 1.08.01",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/429521/100/0/threaded"
},
{
"name": "ADV-2006-1198",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1198"
},
{
"name": "ADV-2006-1199",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1199"
},
{
"name": "17340",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17340"
},
{
"name": "http://aluigi.altervista.org/adv/zdaebof-adv.txt",
"refsource": "MISC",
"url": "http://aluigi.altervista.org/adv/zdaebof-adv.txt"
},
{
"name": "20060331 Buffer-overflow and in-game crash in Zdaemon 1.08.01",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-March/044775.html"
},
{
"name": "19509",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19509"
},
{
"name": "19496",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19496"
},
{
"name": "zdaemon-isclientwadok-bo(25592)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25592"
}
]
}
}

210
2006/4xxx/CVE-2006-4371.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4371",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple directory traversal vulnerabilities in Alt-N WebAdmin 3.2.3 and 3.2.4 running with MDaemon 9.0.5, and possibly earlier, allow remote authenticated global administrators to read arbitrary files via a .. (dot dot) in the file parameter to (1) logfile_view.wdm and (2) configfile_view.wdm."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4371",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060821 TTG0601 - Alt-N WebAdmin Multiple Vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/444012/100/0/threaded"
},
{
"name" : "20060821 TTG0601 - Alt-N WebAdmin Multiple Vulnerabilities",
"refsource" : "FULLDISC",
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2006-August/048959.html"
},
{
"name" : "http://files.altn.com/WebAdmin/Release/RelNotes_en.txt",
"refsource" : "CONFIRM",
"url" : "http://files.altn.com/WebAdmin/Release/RelNotes_en.txt"
},
{
"name" : "19620",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/19620"
},
{
"name" : "ADV-2006-3333",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3333"
},
{
"name" : "28122",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/28122"
},
{
"name" : "28123",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/28123"
},
{
"name" : "21558",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21558"
},
{
"name" : "1455",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1455"
},
{
"name" : "webadmin-multiple-directory-traversal(28488)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28488"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple directory traversal vulnerabilities in Alt-N WebAdmin 3.2.3 and 3.2.4 running with MDaemon 9.0.5, and possibly earlier, allow remote authenticated global administrators to read arbitrary files via a .. (dot dot) in the file parameter to (1) logfile_view.wdm and (2) configfile_view.wdm."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-3333",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3333"
},
{
"name": "19620",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19620"
},
{
"name": "28122",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/28122"
},
{
"name": "28123",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/28123"
},
{
"name": "20060821 TTG0601 - Alt-N WebAdmin Multiple Vulnerabilities",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-August/048959.html"
},
{
"name": "1455",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1455"
},
{
"name": "webadmin-multiple-directory-traversal(28488)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28488"
},
{
"name": "20060821 TTG0601 - Alt-N WebAdmin Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/444012/100/0/threaded"
},
{
"name": "http://files.altn.com/WebAdmin/Release/RelNotes_en.txt",
"refsource": "CONFIRM",
"url": "http://files.altn.com/WebAdmin/Release/RelNotes_en.txt"
},
{
"name": "21558",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21558"
}
]
}
}

190
2006/5xxx/CVE-2006-5011.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-5011",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Untrusted search path vulnerability in snappd in IBM AIX 5.2.0 and 5.3.0 allows local users to execute arbitrary commands via a Trojan horse program, involving the \"system subroutine\"."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5011",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "ftp://aix.software.ibm.com/aix/efixes/security/README",
"refsource" : "CONFIRM",
"url" : "ftp://aix.software.ibm.com/aix/efixes/security/README"
},
{
"name" : "IY88818",
"refsource" : "AIXAPAR",
"url" : "http://www-1.ibm.com/support/docview.wss?uid=isg1IY88818"
},
{
"name" : "IY88820",
"refsource" : "AIXAPAR",
"url" : "http://www-1.ibm.com/support/docview.wss?uid=isg1IY88820"
},
{
"name" : "20193",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/20193"
},
{
"name" : "ADV-2006-3770",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3770"
},
{
"name" : "1016919",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1016919"
},
{
"name" : "22108",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22108"
},
{
"name" : "aix-snappd-privilege-escalation(29157)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29157"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in snappd in IBM AIX 5.2.0 and 5.3.0 allows local users to execute arbitrary commands via a Trojan horse program, involving the \"system subroutine\"."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "22108",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22108"
},
{
"name": "aix-snappd-privilege-escalation(29157)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29157"
},
{
"name": "1016919",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016919"
},
{
"name": "20193",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20193"
},
{
"name": "IY88820",
"refsource": "AIXAPAR",
"url": "http://www-1.ibm.com/support/docview.wss?uid=isg1IY88820"
},
{
"name": "IY88818",
"refsource": "AIXAPAR",
"url": "http://www-1.ibm.com/support/docview.wss?uid=isg1IY88818"
},
{
"name": "ADV-2006-3770",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3770"
},
{
"name": "ftp://aix.software.ibm.com/aix/efixes/security/README",
"refsource": "CONFIRM",
"url": "ftp://aix.software.ibm.com/aix/efixes/security/README"
}
]
}
}

160
2006/5xxx/CVE-2006-5067.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-5067",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** DISPUTED ** PHP remote file inclusion vulnerability in loader.php in PHP System Administration Toolkit (PHPSaTK) allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[config] parameter. NOTE: this issue is disputed by CVE; analysis shows that the GLOBALS[config] variable is initialized before being used."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5067",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060924 phpstak <= Remote File Include Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/446882/100/0/threaded"
},
{
"name" : "20061108 phpsatk => Remote File Include Vulnerability EXploit",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/450936/100/0/threaded"
},
{
"name" : "20060926 PHPSaTK remote file inclusion - CVE dispute",
"refsource" : "VIM",
"url" : "http://www.attrition.org/pipermail/vim/2006-September/001054.html"
},
{
"name" : "1647",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1647"
},
{
"name" : "phpsatk-loader-file-include(29133)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29133"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** PHP remote file inclusion vulnerability in loader.php in PHP System Administration Toolkit (PHPSaTK) allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[config] parameter. NOTE: this issue is disputed by CVE; analysis shows that the GLOBALS[config] variable is initialized before being used."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060924 phpstak <= Remote File Include Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/446882/100/0/threaded"
},
{
"name": "phpsatk-loader-file-include(29133)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29133"
},
{
"name": "20061108 phpsatk => Remote File Include Vulnerability EXploit",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/450936/100/0/threaded"
},
{
"name": "20060926 PHPSaTK remote file inclusion - CVE dispute",
"refsource": "VIM",
"url": "http://www.attrition.org/pipermail/vim/2006-September/001054.html"
},
{
"name": "1647",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1647"
}
]
}
}

270
2006/5xxx/CVE-2006-5340.json
View File

@ -1,137 +1,137 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-5340",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple unspecified vulnerabilities in Oracle Spatial component in Oracle Database 8.1.7.4, 9.0.1.5, 9.2.0.8, 10.1.0.5, and 10.2.0.2 have unknown impact and remote authenticated attack vectors related to (1) mdsys.sdo_lrs, aka Vuln# DB13, and (2) Vuln# DB17. NOTE: as of 20061023, Oracle has not disputed reports from reliable third parties that DB13 is related to bypassing input validation for SQL injection related to convert_to_lrs_layer and dbms_assert, and DB17 is related to SQL injection in the trigger in the SDO_DROP_USER package."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5340",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060726 Bypassing Oracle dbms_assert",
"refsource" : "BUGTRAQ",
"url" : "http://archive.cert.uni-stuttgart.de/archive/bugtraq/2006/07/msg00489.html"
},
{
"name" : "20060726 Re: Bypassing Oracle dbms_assert",
"refsource" : "BUGTRAQ",
"url" : "http://archive.cert.uni-stuttgart.de/archive/bugtraq/2006/07/msg00500.html"
},
{
"name" : "20061018 Analysis of the Oracle October 2006 Critical Patch Update",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/449110/100/0/threaded"
},
{
"name" : "20061023 SQL Injection in Oracle package MDSYS.SDO_LRS",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/449512/100/0/threaded"
},
{
"name" : "http://www.databasesecurity.com/oracle/OracleOct2006-CPU-Analysis.pdf",
"refsource" : "MISC",
"url" : "http://www.databasesecurity.com/oracle/OracleOct2006-CPU-Analysis.pdf"
},
{
"name" : "http://www.red-database-security.com/wp/bypass_dbms_assert.pdf",
"refsource" : "MISC",
"url" : "http://www.red-database-security.com/wp/bypass_dbms_assert.pdf"
},
{
"name" : "http://www.red-database-security.com/advisory/oracle_cpu_oct_2006.html",
"refsource" : "MISC",
"url" : "http://www.red-database-security.com/advisory/oracle_cpu_oct_2006.html"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2006-095368.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2006-095368.html"
},
{
"name" : "HPSBMA02133",
"refsource" : "HP",
"url" : "http://www.securityfocus.com/archive/1/449711/100/0/threaded"
},
{
"name" : "SSRT061201",
"refsource" : "HP",
"url" : "http://www.securityfocus.com/archive/1/449711/100/0/threaded"
},
{
"name" : "TA06-291A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA06-291A.html"
},
{
"name" : "VU#869292",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/869292"
},
{
"name" : "20588",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/20588"
},
{
"name" : "ADV-2006-4065",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/4065"
},
{
"name" : "1017077",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1017077"
},
{
"name" : "22396",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22396"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple unspecified vulnerabilities in Oracle Spatial component in Oracle Database 8.1.7.4, 9.0.1.5, 9.2.0.8, 10.1.0.5, and 10.2.0.2 have unknown impact and remote authenticated attack vectors related to (1) mdsys.sdo_lrs, aka Vuln# DB13, and (2) Vuln# DB17. NOTE: as of 20061023, Oracle has not disputed reports from reliable third parties that DB13 is related to bypassing input validation for SQL injection related to convert_to_lrs_layer and dbms_assert, and DB17 is related to SQL injection in the trigger in the SDO_DROP_USER package."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.red-database-security.com/advisory/oracle_cpu_oct_2006.html",
"refsource": "MISC",
"url": "http://www.red-database-security.com/advisory/oracle_cpu_oct_2006.html"
},
{
"name": "20588",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20588"
},
{
"name": "20060726 Bypassing Oracle dbms_assert",
"refsource": "BUGTRAQ",
"url": "http://archive.cert.uni-stuttgart.de/archive/bugtraq/2006/07/msg00489.html"
},
{
"name": "HPSBMA02133",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/449711/100/0/threaded"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuoct2006-095368.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2006-095368.html"
},
{
"name": "http://www.databasesecurity.com/oracle/OracleOct2006-CPU-Analysis.pdf",
"refsource": "MISC",
"url": "http://www.databasesecurity.com/oracle/OracleOct2006-CPU-Analysis.pdf"
},
{
"name": "http://www.red-database-security.com/wp/bypass_dbms_assert.pdf",
"refsource": "MISC",
"url": "http://www.red-database-security.com/wp/bypass_dbms_assert.pdf"
},
{
"name": "20061018 Analysis of the Oracle October 2006 Critical Patch Update",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/449110/100/0/threaded"
},
{
"name": "SSRT061201",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/449711/100/0/threaded"
},
{
"name": "ADV-2006-4065",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4065"
},
{
"name": "22396",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22396"
},
{
"name": "1017077",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017077"
},
{
"name": "20061023 SQL Injection in Oracle package MDSYS.SDO_LRS",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/449512/100/0/threaded"
},
{
"name": "20060726 Re: Bypassing Oracle dbms_assert",
"refsource": "BUGTRAQ",
"url": "http://archive.cert.uni-stuttgart.de/archive/bugtraq/2006/07/msg00500.html"
},
{
"name": "TA06-291A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA06-291A.html"
},
{
"name": "VU#869292",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/869292"
}
]
}
}

220
2006/5xxx/CVE-2006-5629.json
View File

@ -1,112 +1,112 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-5629",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in Hosting Controller 6.1 before Hotfix 3.3 allow remote attackers to execute arbitrary SQL commands via the ForumID parameter in (1) DisableForum.asp and (2) enableForum.asp. NOTE: it was later reported that the vulnerability is present in 6.1 Hotfix 3.3 and earlier."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5629",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20071213 Hosting Controller - Multiple Security Bugs (Extremely Critical)",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/485028/100/0/threaded"
},
{
"name" : "4730",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/4730"
},
{
"name" : "http://www.kapda.ir/advisory-442.html",
"refsource" : "MISC",
"url" : "http://www.kapda.ir/advisory-442.html"
},
{
"name" : "http://hostingcontroller.com/english/logs/Post-Hotfix-3_3-sec-Patch-ReleaseNotes.html",
"refsource" : "CONFIRM",
"url" : "http://hostingcontroller.com/english/logs/Post-Hotfix-3_3-sec-Patch-ReleaseNotes.html"
},
{
"name" : "20661",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/20661"
},
{
"name" : "26862",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/26862"
},
{
"name" : "ADV-2006-4296",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/4296"
},
{
"name" : "1017103",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1017103"
},
{
"name" : "22607",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22607"
},
{
"name" : "28973",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/28973"
},
{
"name" : "hostingcontroller-multiple-sql-injection(39036)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/39036"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in Hosting Controller 6.1 before Hotfix 3.3 allow remote attackers to execute arbitrary SQL commands via the ForumID parameter in (1) DisableForum.asp and (2) enableForum.asp. NOTE: it was later reported that the vulnerability is present in 6.1 Hotfix 3.3 and earlier."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "28973",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28973"
},
{
"name": "http://www.kapda.ir/advisory-442.html",
"refsource": "MISC",
"url": "http://www.kapda.ir/advisory-442.html"
},
{
"name": "20071213 Hosting Controller - Multiple Security Bugs (Extremely Critical)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/485028/100/0/threaded"
},
{
"name": "1017103",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017103"
},
{
"name": "http://hostingcontroller.com/english/logs/Post-Hotfix-3_3-sec-Patch-ReleaseNotes.html",
"refsource": "CONFIRM",
"url": "http://hostingcontroller.com/english/logs/Post-Hotfix-3_3-sec-Patch-ReleaseNotes.html"
},
{
"name": "22607",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22607"
},
{
"name": "ADV-2006-4296",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4296"
},
{
"name": "4730",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/4730"
},
{
"name": "20661",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20661"
},
{
"name": "26862",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26862"
},
{
"name": "hostingcontroller-multiple-sql-injection(39036)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39036"
}
]
}
}

170
2006/5xxx/CVE-2006-5959.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-5959",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in browse.asp in A+ Store E-Commerce allows remote attackers to execute arbitrary SQL commands via the ParentID parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5959",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20061114 A+ Store E-Commerce[ injection sql & xss (post) ]",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2006-11/0248.html"
},
{
"name" : "21092",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/21092"
},
{
"name" : "30417",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/30417"
},
{
"name" : "22918",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22918/"
},
{
"name" : "1880",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1880"
},
{
"name" : "a+store-browse-sql-injection(30283)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30283"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in browse.asp in A+ Store E-Commerce allows remote attackers to execute arbitrary SQL commands via the ParentID parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "21092",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21092"
},
{
"name": "1880",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1880"
},
{
"name": "22918",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22918/"
},
{
"name": "a+store-browse-sql-injection(30283)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30283"
},
{
"name": "20061114 A+ Store E-Commerce[ injection sql & xss (post) ]",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2006-11/0248.html"
},
{
"name": "30417",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/30417"
}
]
}
}

240
2010/0xxx/CVE-2010-0041.json
View File

@ -1,122 +1,122 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-0041",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "ImageIO in Apple Safari before 4.0.5 and iTunes before 9.1 on Windows does not ensure that memory access is associated with initialized memory, which allows remote attackers to obtain potentially sensitive information from process memory via a crafted BMP image."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2010-0041",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://support.apple.com/kb/HT4070",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT4070"
},
{
"name" : "http://support.apple.com/kb/HT4077",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT4077"
},
{
"name" : "http://support.apple.com/kb/HT4225",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT4225"
},
{
"name" : "http://support.apple.com/kb/HT4105",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT4105"
},
{
"name" : "APPLE-SA-2010-03-11-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2010/Mar/msg00000.html"
},
{
"name" : "APPLE-SA-2010-03-29-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"
},
{
"name" : "APPLE-SA-2010-03-30-2",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2010//Mar/msg00003.html"
},
{
"name" : "APPLE-SA-2010-06-21-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html"
},
{
"name" : "38671",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/38671"
},
{
"name" : "38676",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/38676"
},
{
"name" : "oval:org.mitre.oval:def:6885",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6885"
},
{
"name" : "1023706",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1023706"
},
{
"name" : "39135",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/39135"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ImageIO in Apple Safari before 4.0.5 and iTunes before 9.1 on Windows does not ensure that memory access is associated with initialized memory, which allows remote attackers to obtain potentially sensitive information from process memory via a crafted BMP image."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "APPLE-SA-2010-03-11-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2010/Mar/msg00000.html"
},
{
"name": "38676",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/38676"
},
{
"name": "http://support.apple.com/kb/HT4225",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4225"
},
{
"name": "1023706",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1023706"
},
{
"name": "39135",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39135"
},
{
"name": "APPLE-SA-2010-03-29-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"
},
{
"name": "oval:org.mitre.oval:def:6885",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6885"
},
{
"name": "http://support.apple.com/kb/HT4105",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4105"
},
{
"name": "http://support.apple.com/kb/HT4070",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4070"
},
{
"name": "http://support.apple.com/kb/HT4077",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4077"
},
{
"name": "APPLE-SA-2010-03-30-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00003.html"
},
{
"name": "APPLE-SA-2010-06-21-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html"
},
{
"name": "38671",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/38671"
}
]
}
}

180
2010/0xxx/CVE-2010-0298.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-0298",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The x86 emulator in KVM 83 does not use the Current Privilege Level (CPL) and I/O Privilege Level (IOPL) in determining the memory access available to CPL3 code, which allows guest OS users to cause a denial of service (guest OS crash) or gain privileges on the guest OS by leveraging access to a (1) IO port or (2) MMIO region, a related issue to CVE-2010-0306."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-0298",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=559091",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=559091"
},
{
"name" : "DSA-1996",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2010/dsa-1996"
},
{
"name" : "RHSA-2010:0088",
"refsource" : "REDHAT",
"url" : "https://rhn.redhat.com/errata/RHSA-2010-0088.html"
},
{
"name" : "RHSA-2010:0095",
"refsource" : "REDHAT",
"url" : "https://rhn.redhat.com/errata/RHSA-2010-0095.html"
},
{
"name" : "38158",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/38158"
},
{
"name" : "oval:org.mitre.oval:def:11335",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11335"
},
{
"name" : "38492",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/38492"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The x86 emulator in KVM 83 does not use the Current Privilege Level (CPL) and I/O Privilege Level (IOPL) in determining the memory access available to CPL3 code, which allows guest OS users to cause a denial of service (guest OS crash) or gain privileges on the guest OS by leveraging access to a (1) IO port or (2) MMIO region, a related issue to CVE-2010-0306."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "38158",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/38158"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=559091",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=559091"
},
{
"name": "oval:org.mitre.oval:def:11335",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11335"
},
{
"name": "RHSA-2010:0088",
"refsource": "REDHAT",
"url": "https://rhn.redhat.com/errata/RHSA-2010-0088.html"
},
{
"name": "DSA-1996",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2010/dsa-1996"
},
{
"name": "RHSA-2010:0095",
"refsource": "REDHAT",
"url": "https://rhn.redhat.com/errata/RHSA-2010-0095.html"
},
{
"name": "38492",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38492"
}
]
}
}

160
2010/2xxx/CVE-2010-2018.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2018",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in downlot.php in Lokomedia CMS 1.4.1 and 2.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2018",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "12651",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/12651"
},
{
"name" : "http://packetstormsecurity.org/1005-exploits/lokomediacms-disclose.txt",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.org/1005-exploits/lokomediacms-disclose.txt"
},
{
"name" : "64747",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/64747"
},
{
"name" : "39863",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/39863"
},
{
"name" : "lokomedia-downlot-directory-traversal(58670)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/58670"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in downlot.php in Lokomedia CMS 1.4.1 and 2.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "39863",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39863"
},
{
"name": "http://packetstormsecurity.org/1005-exploits/lokomediacms-disclose.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/1005-exploits/lokomediacms-disclose.txt"
},
{
"name": "lokomedia-downlot-directory-traversal(58670)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58670"
},
{
"name": "64747",
"refsource": "OSVDB",
"url": "http://osvdb.org/64747"
},
{
"name": "12651",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/12651"
}
]
}
}

230
2010/2xxx/CVE-2010-2544.json
View File

@ -1,117 +1,117 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2544",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in utilities.php in Cacti before 0.8.7g, as used in Red Hat High Performance Computing (HPC) Solution and other products, allows remote attackers to inject arbitrary web script or HTML via the filter parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-2544",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20100722 Cacti XSS fixes in 0.8.7g",
"refsource" : "MLIST",
"url" : "http://marc.info/?l=oss-security&m=127978954522586&w=2"
},
{
"name" : "[oss-security] 20100726 Re: Cacti XSS fixes in 0.8.7g",
"refsource" : "MLIST",
"url" : "http://marc.info/?l=oss-security&m=128017203704299&w=2"
},
{
"name" : "http://cacti.net/release_notes_0_8_7g.php",
"refsource" : "CONFIRM",
"url" : "http://cacti.net/release_notes_0_8_7g.php"
},
{
"name" : "http://svn.cacti.net/viewvc/cacti/branches/0.8.7/utilities.php?r1=6025&r2=6024&pathrev=6025",
"refsource" : "CONFIRM",
"url" : "http://svn.cacti.net/viewvc/cacti/branches/0.8.7/utilities.php?r1=6025&r2=6024&pathrev=6025"
},
{
"name" : "http://svn.cacti.net/viewvc?view=rev&revision=6025",
"refsource" : "CONFIRM",
"url" : "http://svn.cacti.net/viewvc?view=rev&revision=6025"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=459105",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=459105"
},
{
"name" : "MDVSA-2010:160",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:160"
},
{
"name" : "RHSA-2010:0635",
"refsource" : "REDHAT",
"url" : "https://rhn.redhat.com/errata/RHSA-2010-0635.html"
},
{
"name" : "42575",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/42575"
},
{
"name" : "41041",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/41041"
},
{
"name" : "ADV-2010-2132",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/2132"
},
{
"name" : "cacti-utilities-xss(61226)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/61226"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in utilities.php in Cacti before 0.8.7g, as used in Red Hat High Performance Computing (HPC) Solution and other products, allows remote attackers to inject arbitrary web script or HTML via the filter parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://svn.cacti.net/viewvc/cacti/branches/0.8.7/utilities.php?r1=6025&r2=6024&pathrev=6025",
"refsource": "CONFIRM",
"url": "http://svn.cacti.net/viewvc/cacti/branches/0.8.7/utilities.php?r1=6025&r2=6024&pathrev=6025"
},
{
"name": "MDVSA-2010:160",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:160"
},
{
"name": "42575",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/42575"
},
{
"name": "41041",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/41041"
},
{
"name": "[oss-security] 20100722 Cacti XSS fixes in 0.8.7g",
"refsource": "MLIST",
"url": "http://marc.info/?l=oss-security&m=127978954522586&w=2"
},
{
"name": "RHSA-2010:0635",
"refsource": "REDHAT",
"url": "https://rhn.redhat.com/errata/RHSA-2010-0635.html"
},
{
"name": "http://cacti.net/release_notes_0_8_7g.php",
"refsource": "CONFIRM",
"url": "http://cacti.net/release_notes_0_8_7g.php"
},
{
"name": "[oss-security] 20100726 Re: Cacti XSS fixes in 0.8.7g",
"refsource": "MLIST",
"url": "http://marc.info/?l=oss-security&m=128017203704299&w=2"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=459105",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=459105"
},
{
"name": "ADV-2010-2132",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/2132"
},
{
"name": "http://svn.cacti.net/viewvc?view=rev&revision=6025",
"refsource": "CONFIRM",
"url": "http://svn.cacti.net/viewvc?view=rev&revision=6025"
},
{
"name": "cacti-utilities-xss(61226)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61226"
}
]
}
}

130
2010/2xxx/CVE-2010-2701.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2701",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple buffer overflows in the FathFTP ActiveX control 1.7 allow remote attackers to execute arbitrary code via (1) the GetFromURL member or (2) a long argument to the RasIsConnected method."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2701",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "14269",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/14269"
},
{
"name" : "fathftp-activex-bo(60200)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/60200"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple buffer overflows in the FathFTP ActiveX control 1.7 allow remote attackers to execute arbitrary code via (1) the GetFromURL member or (2) a long argument to the RasIsConnected method."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "14269",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/14269"
},
{
"name": "fathftp-activex-bo(60200)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/60200"
}
]
}
}

180
2010/2xxx/CVE-2010-2792.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2792",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Race condition in the SPICE (aka spice-xpi) plug-in 2.2 for Firefox allows local users to obtain sensitive information, and conduct man-in-the-middle attacks, by providing a UNIX socket for communication between this plug-in and the client (aka qspice-client) in qspice 0.3.0, and then accessing this socket."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-2792",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=620350",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=620350"
},
{
"name" : "RHSA-2010:0632",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0632.html"
},
{
"name" : "RHSA-2010:0651",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0651.html"
},
{
"name" : "42711",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/42711"
},
{
"name" : "67619",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/67619"
},
{
"name" : "41120",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/41120"
},
{
"name" : "ADV-2010-2181",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/2181"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Race condition in the SPICE (aka spice-xpi) plug-in 2.2 for Firefox allows local users to obtain sensitive information, and conduct man-in-the-middle attacks, by providing a UNIX socket for communication between this plug-in and the client (aka qspice-client) in qspice 0.3.0, and then accessing this socket."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "67619",
"refsource": "OSVDB",
"url": "http://osvdb.org/67619"
},
{
"name": "RHSA-2010:0651",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0651.html"
},
{
"name": "41120",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/41120"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=620350",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=620350"
},
{
"name": "ADV-2010-2181",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/2181"
},
{
"name": "RHSA-2010:0632",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0632.html"
},
{
"name": "42711",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/42711"
}
]
}
}

140
2010/3xxx/CVE-2010-3585.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3585",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the OracleVM component in Oracle VM 2.2.1 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to ovs-agent. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a third party researcher that this is related to the exposure of unspecified functions using XML-RPC."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2010-3585",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20101102 [Onapsis Security Advisory 2010-008] Oracle Virtual Server Agent Arbitrary File Access",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/514611/100/0/threaded"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html"
},
{
"name" : "TA10-287A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA10-287A.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the OracleVM component in Oracle VM 2.2.1 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to ovs-agent. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a third party researcher that this is related to the exposure of unspecified functions using XML-RPC."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html"
},
{
"name": "TA10-287A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA10-287A.html"
},
{
"name": "20101102 [Onapsis Security Advisory 2010-008] Oracle Virtual Server Agent Arbitrary File Access",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/514611/100/0/threaded"
}
]
}
}

140
2010/3xxx/CVE-2010-3715.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3715",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in TYPO3 4.2.x before 4.2.15, 4.3.x before 4.3.7, and 4.4.x before 4.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) the RemoveXSS function, and allow remote authenticated users to inject arbitrary web script or HTML via vectors related to (2) the backend."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-3715",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-020/",
"refsource" : "CONFIRM",
"url" : "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-020/"
},
{
"name" : "DSA-2121",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2010/dsa-2121"
},
{
"name" : "43786",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/43786"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in TYPO3 4.2.x before 4.2.15, 4.3.x before 4.3.7, and 4.4.x before 4.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) the RemoveXSS function, and allow remote authenticated users to inject arbitrary web script or HTML via vectors related to (2) the backend."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "43786",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/43786"
},
{
"name": "DSA-2121",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2010/dsa-2121"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-020/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-020/"
}
]
}
}

150
2010/3xxx/CVE-2010-3930.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3930",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in MODx Evolution 1.0.4 and earlier allows remote attackers to read arbitrary files via unspecified vectors related to AjaxSearch, a different vulnerability than CVE-2010-1427."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2010-3930",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://modxcms.com/forums/index.php/topic,60045.0.html",
"refsource" : "CONFIRM",
"url" : "http://modxcms.com/forums/index.php/topic,60045.0.html"
},
{
"name" : "JVN#95385972",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN95385972/index.html"
},
{
"name" : "JVNDB-2011-000009",
"refsource" : "JVNDB",
"url" : "http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-000009.html"
},
{
"name" : "70772",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/70772"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in MODx Evolution 1.0.4 and earlier allows remote attackers to read arbitrary files via unspecified vectors related to AjaxSearch, a different vulnerability than CVE-2010-1427."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "70772",
"refsource": "OSVDB",
"url": "http://osvdb.org/70772"
},
{
"name": "JVNDB-2011-000009",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-000009.html"
},
{
"name": "http://modxcms.com/forums/index.php/topic,60045.0.html",
"refsource": "CONFIRM",
"url": "http://modxcms.com/forums/index.php/topic,60045.0.html"
},
{
"name": "JVN#95385972",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN95385972/index.html"
}
]
}
}

150
2010/3xxx/CVE-2010-3944.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3944",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2008 R2 and Windows 7 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka \"Win32k Memory Corruption Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2010-3944",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "MS10-098",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-098"
},
{
"name" : "TA10-348A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA10-348A.html"
},
{
"name" : "oval:org.mitre.oval:def:12184",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12184"
},
{
"name" : "1024880",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1024880"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2008 R2 and Windows 7 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka \"Win32k Memory Corruption Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "TA10-348A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA10-348A.html"
},
{
"name": "MS10-098",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-098"
},
{
"name": "1024880",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1024880"
},
{
"name": "oval:org.mitre.oval:def:12184",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12184"
}
]
}
}

180
2010/4xxx/CVE-2010-4442.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-4442",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Oracle Solaris 10 and 11 Express allows local users to affect availability via unknown vectors related to the Kernel."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2010-4442",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html"
},
{
"name" : "45891",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/45891"
},
{
"name" : "70577",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/70577"
},
{
"name" : "1024975",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1024975"
},
{
"name" : "42984",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42984"
},
{
"name" : "ADV-2011-0151",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0151"
},
{
"name" : "solaris-kernel-dos(64801)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/64801"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Oracle Solaris 10 and 11 Express allows local users to affect availability via unknown vectors related to the Kernel."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "solaris-kernel-dos(64801)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64801"
},
{
"name": "70577",
"refsource": "OSVDB",
"url": "http://osvdb.org/70577"
},
{
"name": "45891",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/45891"
},
{
"name": "42984",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42984"
},
{
"name": "1024975",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1024975"
},
{
"name": "ADV-2011-0151",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0151"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html"
}
]
}
}

160
2010/4xxx/CVE-2010-4630.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-4630",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in pages/admin/surveys/create.php in the WP Survey And Quiz Tool plugin 1.2.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the action parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4630",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://packetstormsecurity.org/1011-exploits/wpsurvey-xss.txt",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.org/1011-exploits/wpsurvey-xss.txt"
},
{
"name" : "http://www.johnleitch.net/Vulnerabilities/WordPress.Survery.And.Quiz.Tool.1.2.1.Reflected.Cross-site.Scripting/57",
"refsource" : "MISC",
"url" : "http://www.johnleitch.net/Vulnerabilities/WordPress.Survery.And.Quiz.Tool.1.2.1.Reflected.Cross-site.Scripting/57"
},
{
"name" : "69074",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/69074"
},
{
"name" : "42196",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42196"
},
{
"name" : "wpsurvey-action-xss(63056)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/63056"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in pages/admin/surveys/create.php in the WP Survey And Quiz Tool plugin 1.2.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the action parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.johnleitch.net/Vulnerabilities/WordPress.Survery.And.Quiz.Tool.1.2.1.Reflected.Cross-site.Scripting/57",
"refsource": "MISC",
"url": "http://www.johnleitch.net/Vulnerabilities/WordPress.Survery.And.Quiz.Tool.1.2.1.Reflected.Cross-site.Scripting/57"
},
{
"name": "42196",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42196"
},
{
"name": "69074",
"refsource": "OSVDB",
"url": "http://osvdb.org/69074"
},
{
"name": "http://packetstormsecurity.org/1011-exploits/wpsurvey-xss.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/1011-exploits/wpsurvey-xss.txt"
},
{
"name": "wpsurvey-action-xss(63056)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/63056"
}
]
}
}

190
2010/4xxx/CVE-2010-4822.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-4822",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "core/model/MySQLDatabase.php in SilverStripe 2.4.x before 2.4.4, when the site is running in \"live mode,\" allows remote attackers to obtain the SQL queries for a page via the showqueries and ajax parameters."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-4822",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20110104 CVE request: silverstripe before 2.4.4",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2011/01/03/12"
},
{
"name" : "[oss-security] 20120430 CVE-request: SilverStripe before 2.4.4",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2012/04/30/1"
},
{
"name" : "[oss-security] 20120430 Re: CVE-request: SilverStripe before 2.4.4",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2012/04/30/3"
},
{
"name" : "[oss-security] 20120501 Re: CVE-request: SilverStripe before 2.4.4",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2012/05/01/3"
},
{
"name" : "http://doc.silverstripe.org/framework/en/trunk/changelogs//2.4.4",
"refsource" : "CONFIRM",
"url" : "http://doc.silverstripe.org/framework/en/trunk/changelogs//2.4.4"
},
{
"name" : "http://open.silverstripe.org/changeset/114783",
"refsource" : "CONFIRM",
"url" : "http://open.silverstripe.org/changeset/114783"
},
{
"name" : "69885",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/69885"
},
{
"name" : "42346",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42346"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "core/model/MySQLDatabase.php in SilverStripe 2.4.x before 2.4.4, when the site is running in \"live mode,\" allows remote attackers to obtain the SQL queries for a page via the showqueries and ajax parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20120501 Re: CVE-request: SilverStripe before 2.4.4",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/05/01/3"
},
{
"name": "42346",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42346"
},
{
"name": "69885",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/69885"
},
{
"name": "[oss-security] 20120430 CVE-request: SilverStripe before 2.4.4",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/04/30/1"
},
{
"name": "[oss-security] 20120430 Re: CVE-request: SilverStripe before 2.4.4",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/04/30/3"
},
{
"name": "[oss-security] 20110104 CVE request: silverstripe before 2.4.4",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/01/03/12"
},
{
"name": "http://doc.silverstripe.org/framework/en/trunk/changelogs//2.4.4",
"refsource": "CONFIRM",
"url": "http://doc.silverstripe.org/framework/en/trunk/changelogs//2.4.4"
},
{
"name": "http://open.silverstripe.org/changeset/114783",
"refsource": "CONFIRM",
"url": "http://open.silverstripe.org/changeset/114783"
}
]
}
}

150
2010/4xxx/CVE-2010-4845.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-4845",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in MH Products Projekt Shop allow remote attackers to execute arbitrary SQL commands via the (1) ts parameter to details.php and possibly the (2) ilceler parameter to index.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4845",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "15773",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/15773"
},
{
"name" : "45506",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/45506"
},
{
"name" : "42711",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42711"
},
{
"name" : "projektshop-details-sql-injection(64205)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/64205"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in MH Products Projekt Shop allow remote attackers to execute arbitrary SQL commands via the (1) ts parameter to details.php and possibly the (2) ilceler parameter to index.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "projektshop-details-sql-injection(64205)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64205"
},
{
"name": "42711",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42711"
},
{
"name": "45506",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/45506"
},
{
"name": "15773",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/15773"
}
]
}
}

180
2010/4xxx/CVE-2010-4980.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-4980",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in packagedetails.php in iScripts ReserveLogic 1.0 allows remote attackers to execute arbitrary SQL commands via the pid parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4980",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20100701 iScripts ReserveLogic 1.0 SQL Injection Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/512137/100/0/threaded"
},
{
"name" : "14163",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/14163"
},
{
"name" : "http://packetstormsecurity.org/1007-exploits/reservelogic-sql.txt",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.org/1007-exploits/reservelogic-sql.txt"
},
{
"name" : "http://www.salvatorefresta.net/files/adv/iScripts%20ReserveLogic%201.0%20SQL%20Injection%20Vulnerability-01072010.txt",
"refsource" : "MISC",
"url" : "http://www.salvatorefresta.net/files/adv/iScripts%20ReserveLogic%201.0%20SQL%20Injection%20Vulnerability-01072010.txt"
},
{
"name" : "40435",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/40435"
},
{
"name" : "8487",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/8487"
},
{
"name" : "reservelogic-pid-sql-injection(59985)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/59985"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in packagedetails.php in iScripts ReserveLogic 1.0 allows remote attackers to execute arbitrary SQL commands via the pid parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "8487",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8487"
},
{
"name": "http://www.salvatorefresta.net/files/adv/iScripts%20ReserveLogic%201.0%20SQL%20Injection%20Vulnerability-01072010.txt",
"refsource": "MISC",
"url": "http://www.salvatorefresta.net/files/adv/iScripts%20ReserveLogic%201.0%20SQL%20Injection%20Vulnerability-01072010.txt"
},
{
"name": "14163",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/14163"
},
{
"name": "20100701 iScripts ReserveLogic 1.0 SQL Injection Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/512137/100/0/threaded"
},
{
"name": "40435",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40435"
},
{
"name": "http://packetstormsecurity.org/1007-exploits/reservelogic-sql.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/1007-exploits/reservelogic-sql.txt"
},
{
"name": "reservelogic-pid-sql-injection(59985)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59985"
}
]
}
}

34
2014/3xxx/CVE-2014-3046.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3046",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-3046",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

170
2014/3xxx/CVE-2014-3995.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3995",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in gravatars/templatetags/gravatars.py in Djblets before 0.7.30 and 0.8.x before 0.8.3 for Django allows remote attackers to inject arbitrary web script or HTML via a user display name."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-3995",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20140606 Re: Requesting CVEs issued for two XSS vulnerabilities in Djblets (a set of Django helpers)",
"refsource" : "MLIST",
"url" : "http://seclists.org/oss-sec/2014/q2/498"
},
{
"name" : "[oss-security] 20140606 Requesting CVEs issued for two XSS vulnerabilities in Djblets (a set of Django helpers)",
"refsource" : "MLIST",
"url" : "http://seclists.org/oss-sec/2014/q2/494"
},
{
"name" : "https://github.com/djblets/djblets/commit/50000d0bbb983fa8c097b588d06b64df8df483bd",
"refsource" : "CONFIRM",
"url" : "https://github.com/djblets/djblets/commit/50000d0bbb983fa8c097b588d06b64df8df483bd"
},
{
"name" : "https://github.com/djblets/djblets/commit/77ac64642ad530bf69e390c51fc6fdcb8914c8e7",
"refsource" : "CONFIRM",
"url" : "https://github.com/djblets/djblets/commit/77ac64642ad530bf69e390c51fc6fdcb8914c8e7"
},
{
"name" : "https://github.com/djblets/djblets/commit/e2c79117efd925636acd871a5f473512602243cf",
"refsource" : "CONFIRM",
"url" : "https://github.com/djblets/djblets/commit/e2c79117efd925636acd871a5f473512602243cf"
},
{
"name" : "58691",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/58691"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in gravatars/templatetags/gravatars.py in Djblets before 0.7.30 and 0.8.x before 0.8.3 for Django allows remote attackers to inject arbitrary web script or HTML via a user display name."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20140606 Requesting CVEs issued for two XSS vulnerabilities in Djblets (a set of Django helpers)",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2014/q2/494"
},
{
"name": "[oss-security] 20140606 Re: Requesting CVEs issued for two XSS vulnerabilities in Djblets (a set of Django helpers)",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2014/q2/498"
},
{
"name": "https://github.com/djblets/djblets/commit/77ac64642ad530bf69e390c51fc6fdcb8914c8e7",
"refsource": "CONFIRM",
"url": "https://github.com/djblets/djblets/commit/77ac64642ad530bf69e390c51fc6fdcb8914c8e7"
},
{
"name": "58691",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/58691"
},
{
"name": "https://github.com/djblets/djblets/commit/e2c79117efd925636acd871a5f473512602243cf",
"refsource": "CONFIRM",
"url": "https://github.com/djblets/djblets/commit/e2c79117efd925636acd871a5f473512602243cf"
},
{
"name": "https://github.com/djblets/djblets/commit/50000d0bbb983fa8c097b588d06b64df8df483bd",
"refsource": "CONFIRM",
"url": "https://github.com/djblets/djblets/commit/50000d0bbb983fa8c097b588d06b64df8df483bd"
}
]
}
}

170
2014/4xxx/CVE-2014-4356.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-4356",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Apple iOS before 8 does not follow the intended configuration setting for text-message preview on the lock screen, which allows physically proximate attackers to obtain sensitive information by reading this screen."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2014-4356",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://support.apple.com/kb/HT6441",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT6441"
},
{
"name" : "APPLE-SA-2014-09-17-1",
"refsource" : "APPLE",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2014-09/0106.html"
},
{
"name" : "69882",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/69882"
},
{
"name" : "69922",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/69922"
},
{
"name" : "1030866",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1030866"
},
{
"name" : "appleios-cve20144356-info-disc(96081)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/96081"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Apple iOS before 8 does not follow the intended configuration setting for text-message preview on the lock screen, which allows physically proximate attackers to obtain sensitive information by reading this screen."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "69922",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/69922"
},
{
"name": "http://support.apple.com/kb/HT6441",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT6441"
},
{
"name": "1030866",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030866"
},
{
"name": "69882",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/69882"
},
{
"name": "appleios-cve20144356-info-disc(96081)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96081"
},
{
"name": "APPLE-SA-2014-09-17-1",
"refsource": "APPLE",
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-09/0106.html"
}
]
}
}

160
2014/4xxx/CVE-2014-4735.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-4735",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in MyWebSQL 3.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the table parameter to index.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-4735",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20140903 Reflected Cross-Site Scripting (XSS) in MyWebSQL",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/533337/100/0/threaded"
},
{
"name" : "http://packetstormsecurity.com/files/128140/MyWebSQL-3.4-Cross-Site-Scripting.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/128140/MyWebSQL-3.4-Cross-Site-Scripting.html"
},
{
"name" : "https://www.htbridge.com/advisory/HTB23221",
"refsource" : "MISC",
"url" : "https://www.htbridge.com/advisory/HTB23221"
},
{
"name" : "69553",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/69553"
},
{
"name" : "mywebsql-cve20144735-xss(95719)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/95719"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in MyWebSQL 3.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the table parameter to index.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "69553",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/69553"
},
{
"name": "http://packetstormsecurity.com/files/128140/MyWebSQL-3.4-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/128140/MyWebSQL-3.4-Cross-Site-Scripting.html"
},
{
"name": "https://www.htbridge.com/advisory/HTB23221",
"refsource": "MISC",
"url": "https://www.htbridge.com/advisory/HTB23221"
},
{
"name": "mywebsql-cve20144735-xss(95719)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95719"
},
{
"name": "20140903 Reflected Cross-Site Scripting (XSS) in MyWebSQL",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/533337/100/0/threaded"
}
]
}
}

140
2014/4xxx/CVE-2014-4885.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-4885",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The CPWORLD Close Protection World (aka com.tapatalk.closeprotectionworldcom) application 3.4.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-4885",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name" : "VU#582497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/582497"
},
{
"name" : "VU#918657",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/918657"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The CPWORLD Close Protection World (aka com.tapatalk.closeprotectionworldcom) application 3.4.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#918657",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/918657"
},
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}
}

34
2014/4xxx/CVE-2014-4967.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-4967",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-4967",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

260
2014/8xxx/CVE-2014-8129.json
View File

@ -1,132 +1,132 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-8129",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "LibTIFF 4.0.3 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via a crafted TIFF image, as demonstrated by failure of tif_next.c to verify that the BitsPerSample value is 2, and the t2p_sample_lab_signed_to_unsigned function in tiff2pdf.c."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-8129",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20150124 Multiple vulnerabilities in LibTIFF and associated tools",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2015/01/24/15"
},
{
"name" : "http://bugzilla.maptools.org/show_bug.cgi?id=2487",
"refsource" : "MISC",
"url" : "http://bugzilla.maptools.org/show_bug.cgi?id=2487"
},
{
"name" : "http://bugzilla.maptools.org/show_bug.cgi?id=2488",
"refsource" : "MISC",
"url" : "http://bugzilla.maptools.org/show_bug.cgi?id=2488"
},
{
"name" : "http://www.conostix.com/pub/adv/CVE-2014-8129-LibTIFF-Out-of-bounds_Reads_and_Writes.txt",
"refsource" : "MISC",
"url" : "http://www.conostix.com/pub/adv/CVE-2014-8129-LibTIFF-Out-of-bounds_Reads_and_Writes.txt"
},
{
"name" : "http://support.apple.com/kb/HT204941",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT204941"
},
{
"name" : "http://support.apple.com/kb/HT204942",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT204942"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1185815",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1185815"
},
{
"name" : "APPLE-SA-2015-06-30-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2015/Jun/msg00001.html"
},
{
"name" : "APPLE-SA-2015-06-30-2",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html"
},
{
"name" : "DSA-3273",
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2015/dsa-3273"
},
{
"name" : "GLSA-201701-16",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201701-16"
},
{
"name" : "RHSA-2016:1546",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2016-1546.html"
},
{
"name" : "RHSA-2016:1547",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2016-1547.html"
},
{
"name" : "72352",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/72352"
},
{
"name" : "1032760",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1032760"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "LibTIFF 4.0.3 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via a crafted TIFF image, as demonstrated by failure of tif_next.c to verify that the BitsPerSample value is 2, and the t2p_sample_lab_signed_to_unsigned function in tiff2pdf.c."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://support.apple.com/kb/HT204941",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT204941"
},
{
"name": "RHSA-2016:1547",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-1547.html"
},
{
"name": "http://bugzilla.maptools.org/show_bug.cgi?id=2488",
"refsource": "MISC",
"url": "http://bugzilla.maptools.org/show_bug.cgi?id=2488"
},
{
"name": "APPLE-SA-2015-06-30-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html"
},
{
"name": "[oss-security] 20150124 Multiple vulnerabilities in LibTIFF and associated tools",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2015/01/24/15"
},
{
"name": "72352",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/72352"
},
{
"name": "GLSA-201701-16",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201701-16"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1185815",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1185815"
},
{
"name": "1032760",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032760"
},
{
"name": "http://bugzilla.maptools.org/show_bug.cgi?id=2487",
"refsource": "MISC",
"url": "http://bugzilla.maptools.org/show_bug.cgi?id=2487"
},
{
"name": "http://support.apple.com/kb/HT204942",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT204942"
},
{
"name": "APPLE-SA-2015-06-30-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Jun/msg00001.html"
},
{
"name": "RHSA-2016:1546",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-1546.html"
},
{
"name": "DSA-3273",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2015/dsa-3273"
},
{
"name": "http://www.conostix.com/pub/adv/CVE-2014-8129-LibTIFF-Out-of-bounds_Reads_and_Writes.txt",
"refsource": "MISC",
"url": "http://www.conostix.com/pub/adv/CVE-2014-8129-LibTIFF-Out-of-bounds_Reads_and_Writes.txt"
}
]
}
}

34
2014/8xxx/CVE-2014-8206.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-8206",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2014-8206",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none."
}
]
}
}

34
2014/8xxx/CVE-2014-8259.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-8259",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-8259",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2014/9xxx/CVE-2014-9285.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-9285",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2014-9285",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none."
}
]
}
}

120
2014/9xxx/CVE-2014-9340.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-9340",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site request forgery (CSRF) vulnerabilities in the wpCommentTwit plugin 0.5 and earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) username or (2) password parameter in the wpCommentTwit.php page to wp-admin/options-general.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9340",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://packetstormsecurity.com/files/129581/WordPress-wpCommentTwit-0.5-CSRF-XSS.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/129581/WordPress-wpCommentTwit-0.5-CSRF-XSS.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in the wpCommentTwit plugin 0.5 and earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) username or (2) password parameter in the wpCommentTwit.php page to wp-admin/options-general.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/129581/WordPress-wpCommentTwit-0.5-CSRF-XSS.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/129581/WordPress-wpCommentTwit-0.5-CSRF-XSS.html"
}
]
}
}

140
2014/9xxx/CVE-2014-9413.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-9413",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site request forgery (CSRF) vulnerabilities in the IP Ban (simple-ip-ban) plugin 1.2.3 for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) ip_list, (2) user_agent_list, or (3) redirect_url parameter in the simple-ip-ban page to wp-admin/options-general.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9413",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://packetstormsecurity.com/files/129500/WordPress-IP-Ban-1.2.3-CSRF-XSS.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/129500/WordPress-IP-Ban-1.2.3-CSRF-XSS.html"
},
{
"name" : "https://wordpress.org/plugins/simple-ip-ban/changelog/",
"refsource" : "CONFIRM",
"url" : "https://wordpress.org/plugins/simple-ip-ban/changelog/"
},
{
"name" : "ipban-wordpress-multiple-csrf(99503)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/99503"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in the IP Ban (simple-ip-ban) plugin 1.2.3 for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) ip_list, (2) user_agent_list, or (3) redirect_url parameter in the simple-ip-ban page to wp-admin/options-general.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ipban-wordpress-multiple-csrf(99503)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99503"
},
{
"name": "https://wordpress.org/plugins/simple-ip-ban/changelog/",
"refsource": "CONFIRM",
"url": "https://wordpress.org/plugins/simple-ip-ban/changelog/"
},
{
"name": "http://packetstormsecurity.com/files/129500/WordPress-IP-Ban-1.2.3-CSRF-XSS.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/129500/WordPress-IP-Ban-1.2.3-CSRF-XSS.html"
}
]
}
}

140
2014/9xxx/CVE-2014-9739.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-9739",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the Node Field module 7.x-2.x before 7.x-2.45 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors involving internal fields."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9739",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.drupal.org/node/2378287",
"refsource" : "MISC",
"url" : "https://www.drupal.org/node/2378287"
},
{
"name" : "https://www.drupal.org/node/2373157",
"refsource" : "CONFIRM",
"url" : "https://www.drupal.org/node/2373157"
},
{
"name" : "71201",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/71201"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Node Field module 7.x-2.x before 7.x-2.45 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors involving internal fields."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.drupal.org/node/2378287",
"refsource": "MISC",
"url": "https://www.drupal.org/node/2378287"
},
{
"name": "71201",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/71201"
},
{
"name": "https://www.drupal.org/node/2373157",
"refsource": "CONFIRM",
"url": "https://www.drupal.org/node/2373157"
}
]
}
}

34
2016/2xxx/CVE-2016-2645.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-2645",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2016-2645",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}

130
2016/2xxx/CVE-2016-2783.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-2783",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Avaya Fabric Connect Virtual Services Platform (VSP) Operating System Software (VOSS) before 4.2.3.0 and 5.x before 5.0.1.0 does not properly handle VLAN and I-SIS indexes, which allows remote attackers to obtain unauthorized access via crafted Ethernet frames."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-2783",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://packetstormsecurity.com/files/138082/Avaya-VOSS-4.1.0.0-SPB-Traffic-Traversal.html",
"refsource" : "MISC",
"url" : "https://packetstormsecurity.com/files/138082/Avaya-VOSS-4.1.0.0-SPB-Traffic-Traversal.html"
},
{
"name" : "92157",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/92157"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Avaya Fabric Connect Virtual Services Platform (VSP) Operating System Software (VOSS) before 4.2.3.0 and 5.x before 5.0.1.0 does not properly handle VLAN and I-SIS indexes, which allows remote attackers to obtain unauthorized access via crafted Ethernet frames."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "92157",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92157"
},
{
"name": "https://packetstormsecurity.com/files/138082/Avaya-VOSS-4.1.0.0-SPB-Traffic-Traversal.html",
"refsource": "MISC",
"url": "https://packetstormsecurity.com/files/138082/Avaya-VOSS-4.1.0.0-SPB-Traffic-Traversal.html"
}
]
}
}

34
2016/2xxx/CVE-2016-2910.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-2910",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-2910",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

376
2016/2xxx/CVE-2016-2942.json
View File

@ -1,190 +1,190 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2016-2942",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "UrbanCode Deploy",
"version" : {
"version_data" : [
{
"version_value" : "6.1.0.2"
},
{
"version_value" : "6.0"
},
{
"version_value" : "6.0.1"
},
{
"version_value" : "6.0.1.1"
},
{
"version_value" : "6.0.1.2"
},
{
"version_value" : "6.0.1.3"
},
{
"version_value" : "6.0.1.4"
},
{
"version_value" : "6.0.1.5"
},
{
"version_value" : "6.0.1.6"
},
{
"version_value" : "6.1"
},
{
"version_value" : "6.1.0.1"
},
{
"version_value" : "6.1.0.3"
},
{
"version_value" : "6.0.1.7"
},
{
"version_value" : "6.0.1.8"
},
{
"version_value" : "6.1.0.4"
},
{
"version_value" : "6.1.1"
},
{
"version_value" : "6.1.1.1"
},
{
"version_value" : "6.1.1.2"
},
{
"version_value" : "6.1.1.3"
},
{
"version_value" : "6.1.1.4"
},
{
"version_value" : "6.1.1.5"
},
{
"version_value" : "6.0.1.9"
},
{
"version_value" : "6.1.1.6"
},
{
"version_value" : "6.1.1.7"
},
{
"version_value" : "6.1.2"
},
{
"version_value" : "6.0.1.10"
},
{
"version_value" : "6.0.1.11"
},
{
"version_value" : "6.1.1.8"
},
{
"version_value" : "6.1.3"
},
{
"version_value" : "6.1.3.1"
},
{
"version_value" : "6.2"
},
{
"version_value" : "6.2.0.1"
},
{
"version_value" : "6.0.1.12"
},
{
"version_value" : "6.1.3.2"
},
{
"version_value" : "6.2.0.2"
},
{
"version_value" : "6.2.1"
},
{
"version_value" : "6.0.1.13"
},
{
"version_value" : "6.2.1.1"
},
{
"version_value" : "6.0.1.14"
},
{
"version_value" : "6.1.3.3"
},
{
"version_value" : "6.2.1.2"
},
{
"version_value" : "6.2.2"
}
]
}
}
]
},
"vendor_name" : "IBM Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM UrbanCode Deploy could allow an authenticated attacker with special permissions to craft a script on the server in a way that will cause processes to run on a remote UCD agent machine."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Gain Privileges"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2016-2942",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "UrbanCode Deploy",
"version": {
"version_data": [
{
"version_value": "6.1.0.2"
},
{
"version_value": "6.0"
},
{
"version_value": "6.0.1"
},
{
"version_value": "6.0.1.1"
},
{
"version_value": "6.0.1.2"
},
{
"version_value": "6.0.1.3"
},
{
"version_value": "6.0.1.4"
},
{
"version_value": "6.0.1.5"
},
{
"version_value": "6.0.1.6"
},
{
"version_value": "6.1"
},
{
"version_value": "6.1.0.1"
},
{
"version_value": "6.1.0.3"
},
{
"version_value": "6.0.1.7"
},
{
"version_value": "6.0.1.8"
},
{
"version_value": "6.1.0.4"
},
{
"version_value": "6.1.1"
},
{
"version_value": "6.1.1.1"
},
{
"version_value": "6.1.1.2"
},
{
"version_value": "6.1.1.3"
},
{
"version_value": "6.1.1.4"
},
{
"version_value": "6.1.1.5"
},
{
"version_value": "6.0.1.9"
},
{
"version_value": "6.1.1.6"
},
{
"version_value": "6.1.1.7"
},
{
"version_value": "6.1.2"
},
{
"version_value": "6.0.1.10"
},
{
"version_value": "6.0.1.11"
},
{
"version_value": "6.1.1.8"
},
{
"version_value": "6.1.3"
},
{
"version_value": "6.1.3.1"
},
{
"version_value": "6.2"
},
{
"version_value": "6.2.0.1"
},
{
"version_value": "6.0.1.12"
},
{
"version_value": "6.1.3.2"
},
{
"version_value": "6.2.0.2"
},
{
"version_value": "6.2.1"
},
{
"version_value": "6.0.1.13"
},
{
"version_value": "6.2.1.1"
},
{
"version_value": "6.0.1.14"
},
{
"version_value": "6.1.3.3"
},
{
"version_value": "6.2.1.2"
},
{
"version_value": "6.2.2"
}
]
}
}
]
},
"vendor_name": "IBM Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.ibm.com/support/docview.wss?uid=swg2C1000218",
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/support/docview.wss?uid=swg2C1000218"
},
{
"name" : "95975",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/95975"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM UrbanCode Deploy could allow an authenticated attacker with special permissions to craft a script on the server in a way that will cause processes to run on a remote UCD agent machine."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Privileges"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "95975",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95975"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg2C1000218",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg2C1000218"
}
]
}
}

140
2016/2xxx/CVE-2016-2944.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-2944",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM BigFix Remote Control before 9.1.3 does not properly restrict failed login attempts, which makes it easier for remote attackers to obtain access via a brute-force approach."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2016-2944",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21991878",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21991878"
},
{
"name" : "IV89790",
"refsource" : "AIXAPAR",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IV89790"
},
{
"name" : "94623",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/94623"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM BigFix Remote Control before 9.1.3 does not properly restrict failed login attempts, which makes it easier for remote attackers to obtain access via a brute-force approach."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21991878",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21991878"
},
{
"name": "94623",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94623"
},
{
"name": "IV89790",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV89790"
}
]
}
}

140
2016/3xxx/CVE-2016-3056.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-3056",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Business Space in IBM Business Process Manager 7.5 through 7.5.1.2, 8.0 through 8.0.1.3, and 8.5 before 8.5.7.0 CF2016.09 allows remote authenticated users to inject arbitrary web script or HTML via crafted content."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2016-3056",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21990850",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21990850"
},
{
"name" : "JR56300",
"refsource" : "AIXAPAR",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1JR56300"
},
{
"name" : "93405",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/93405"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Business Space in IBM Business Process Manager 7.5 through 7.5.1.2, 8.0 through 8.0.1.3, and 8.5 before 8.5.7.0 CF2016.09 allows remote authenticated users to inject arbitrary web script or HTML via crafted content."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "93405",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93405"
},
{
"name": "JR56300",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1JR56300"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21990850",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21990850"
}
]
}
}

140
2016/3xxx/CVE-2016-3831.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-3831",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The telephony component in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 allows remote attackers to cause a denial of service (device crash) via a NITZ time value of 2038-01-19 or later that is mishandled by the system clock, aka internal bug 29083635, related to a \"Year 2038 problem.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"ID": "CVE-2016-3831",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://source.android.com/security/bulletin/2016-08-01.html",
"refsource" : "CONFIRM",
"url" : "http://source.android.com/security/bulletin/2016-08-01.html"
},
{
"name" : "https://android.googlesource.com/platform/frameworks/opt/telephony/+/f47bc301ccbc5e6d8110afab5a1e9bac1d4ef058",
"refsource" : "CONFIRM",
"url" : "https://android.googlesource.com/platform/frameworks/opt/telephony/+/f47bc301ccbc5e6d8110afab5a1e9bac1d4ef058"
},
{
"name" : "92230",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/92230"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The telephony component in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 allows remote attackers to cause a denial of service (device crash) via a NITZ time value of 2038-01-19 or later that is mishandled by the system clock, aka internal bug 29083635, related to a \"Year 2038 problem.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://source.android.com/security/bulletin/2016-08-01.html",
"refsource": "CONFIRM",
"url": "http://source.android.com/security/bulletin/2016-08-01.html"
},
{
"name": "92230",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92230"
},
{
"name": "https://android.googlesource.com/platform/frameworks/opt/telephony/+/f47bc301ccbc5e6d8110afab5a1e9bac1d4ef058",
"refsource": "CONFIRM",
"url": "https://android.googlesource.com/platform/frameworks/opt/telephony/+/f47bc301ccbc5e6d8110afab5a1e9bac1d4ef058"
}
]
}
}

154
2016/6xxx/CVE-2016-6703.json
View File

@ -1,79 +1,79 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@google.com",
"ID" : "CVE-2016-6703",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Android",
"version" : {
"version_data" : [
{
"version_value" : "Android-4.4.4"
},
{
"version_value" : "Android-5.0.2"
},
{
"version_value" : "Android-5.1.1"
},
{
"version_value" : "Android-6.0"
},
{
"version_value" : "Android-6.0.1"
}
]
}
}
]
},
"vendor_name" : "Google Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A remote code execution vulnerability in an Android runtime library in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-11-01 could enable an attacker using a specially crafted payload to execute arbitrary code in the context of an unprivileged process. This issue is rated as High due to the possibility of remote code execution in an application that uses the Android runtime. Android ID: A-30765246."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Remote code execution"
}
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"ID": "CVE-2016-6703",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_value": "Android-4.4.4"
},
{
"version_value": "Android-5.0.2"
},
{
"version_value": "Android-5.1.1"
},
{
"version_value": "Android-6.0"
},
{
"version_value": "Android-6.0.1"
}
]
}
}
]
},
"vendor_name": "Google Inc."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://source.android.com/security/bulletin/2016-11-01.html",
"refsource" : "CONFIRM",
"url" : "https://source.android.com/security/bulletin/2016-11-01.html"
},
{
"name" : "94161",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/94161"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote code execution vulnerability in an Android runtime library in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-11-01 could enable an attacker using a specially crafted payload to execute arbitrary code in the context of an unprivileged process. This issue is rated as High due to the possibility of remote code execution in an application that uses the Android runtime. Android ID: A-30765246."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote code execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "94161",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94161"
},
{
"name": "https://source.android.com/security/bulletin/2016-11-01.html",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2016-11-01.html"
}
]
}
}

150
2016/6xxx/CVE-2016-6837.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-6837",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in MantisBT Filter API in MantisBT versions before 1.2.19, and versions 2.0.0-beta1, 1.3.0-beta1 allows remote attackers to inject arbitrary web script or HTML via the 'view_type' parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-6837",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/mantisbt/mantisbt/commit/7086c2d8b4b20ac14013b36761ac04f0abf21a4e",
"refsource" : "CONFIRM",
"url" : "https://github.com/mantisbt/mantisbt/commit/7086c2d8b4b20ac14013b36761ac04f0abf21a4e"
},
{
"name" : "https://mantisbt.org/bugs/view.php?id=21611",
"refsource" : "CONFIRM",
"url" : "https://mantisbt.org/bugs/view.php?id=21611"
},
{
"name" : "92522",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/92522"
},
{
"name" : "1036655",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1036655"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in MantisBT Filter API in MantisBT versions before 1.2.19, and versions 2.0.0-beta1, 1.3.0-beta1 allows remote attackers to inject arbitrary web script or HTML via the 'view_type' parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/mantisbt/mantisbt/commit/7086c2d8b4b20ac14013b36761ac04f0abf21a4e",
"refsource": "CONFIRM",
"url": "https://github.com/mantisbt/mantisbt/commit/7086c2d8b4b20ac14013b36761ac04f0abf21a4e"
},
{
"name": "https://mantisbt.org/bugs/view.php?id=21611",
"refsource": "CONFIRM",
"url": "https://mantisbt.org/bugs/view.php?id=21611"
},
{
"name": "1036655",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036655"
},
{
"name": "92522",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92522"
}
]
}
}

130
2016/6xxx/CVE-2016-6910.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-6910",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The non-existent notification listener vulnerability was introduced in the initial Android 5.0.2 builds for the Samsung Galaxy S6 Edge devices, but the vulnerability can persist on the device even after the device has been upgraded to an Android 5.1.1 or 6.0.1 build. The vulnerable system app gives a non-existent app the ability to read the notifications from the device, which a third-party app can utilize if it uses a package name of com.samsung.android.app.portalservicewidget. This vulnerability allows an unprivileged third-party app to obtain the text of the user's notifications, which tend to contain personal data."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-6910",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.kryptowire.com/disclosures/CVE-2016-6910/Factory_Resets_and_Obtaining_Notifications_on_Samsung_Android_Devices.pdf",
"refsource" : "MISC",
"url" : "http://www.kryptowire.com/disclosures/CVE-2016-6910/Factory_Resets_and_Obtaining_Notifications_on_Samsung_Android_Devices.pdf"
},
{
"name" : "95092",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/95092"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The non-existent notification listener vulnerability was introduced in the initial Android 5.0.2 builds for the Samsung Galaxy S6 Edge devices, but the vulnerability can persist on the device even after the device has been upgraded to an Android 5.1.1 or 6.0.1 build. The vulnerable system app gives a non-existent app the ability to read the notifications from the device, which a third-party app can utilize if it uses a package name of com.samsung.android.app.portalservicewidget. This vulnerability allows an unprivileged third-party app to obtain the text of the user's notifications, which tend to contain personal data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "95092",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95092"
},
{
"name": "http://www.kryptowire.com/disclosures/CVE-2016-6910/Factory_Resets_and_Obtaining_Notifications_on_Samsung_Android_Devices.pdf",
"refsource": "MISC",
"url": "http://www.kryptowire.com/disclosures/CVE-2016-6910/Factory_Resets_and_Obtaining_Notifications_on_Samsung_Android_Devices.pdf"
}
]
}
}

192
2016/7xxx/CVE-2016-7076.json
View File

@ -1,98 +1,98 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "lpardo@redhat.com",
"ID" : "CVE-2016-7076",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "sudo",
"version" : {
"version_data" : [
{
"version_value" : "sudo 1.8.18p1"
}
]
}
}
]
},
"vendor_name" : "[UNKNOWN]"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "sudo before version 1.8.18p1 is vulnerable to a bypass in the sudo noexec restriction if application run via sudo executed wordexp() C library function with a user supplied argument. A local user permitted to run such application via sudo with noexec restriction could possibly use this flaw to execute arbitrary commands with elevated privileges."
}
]
},
"impact" : {
"cvss" : [
[
{
"vectorString" : "6.4/CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version" : "3.0"
}
],
[
{
"vectorString" : "6.6/AV:L/AC:M/Au:S/C:C/I:C/A:C",
"version" : "2.0"
}
]
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-184"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-7076",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "sudo",
"version": {
"version_data": [
{
"version_value": "sudo 1.8.18p1"
}
]
}
}
]
},
"vendor_name": "[UNKNOWN]"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7076",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7076"
},
{
"name" : "https://www.sudo.ws/alerts/noexec_wordexp.html",
"refsource" : "CONFIRM",
"url" : "https://www.sudo.ws/alerts/noexec_wordexp.html"
},
{
"name" : "https://security.netapp.com/advisory/ntap-20181127-0002/",
"refsource" : "CONFIRM",
"url" : "https://security.netapp.com/advisory/ntap-20181127-0002/"
},
{
"name" : "RHSA-2016:2872",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2016-2872.html"
},
{
"name" : "95778",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/95778"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "sudo before version 1.8.18p1 is vulnerable to a bypass in the sudo noexec restriction if application run via sudo executed wordexp() C library function with a user supplied argument. A local user permitted to run such application via sudo with noexec restriction could possibly use this flaw to execute arbitrary commands with elevated privileges."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "6.4/CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
[
{
"vectorString": "6.6/AV:L/AC:M/Au:S/C:C/I:C/A:C",
"version": "2.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-184"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.sudo.ws/alerts/noexec_wordexp.html",
"refsource": "CONFIRM",
"url": "https://www.sudo.ws/alerts/noexec_wordexp.html"
},
{
"name": "RHSA-2016:2872",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2872.html"
},
{
"name": "95778",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95778"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7076",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7076"
},
{
"name": "https://security.netapp.com/advisory/ntap-20181127-0002/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20181127-0002/"
}
]
}
}

190
2016/7xxx/CVE-2016-7424.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-7424",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The put_no_rnd_pixels8_xy2_mmx function in x86/rnd_template.c in libav 11.7 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted MP3 file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-7424",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20160916 Re: libav: NULL pointer dereference in put_no_rnd_pixels8_xy2_mmx (rnd_template.c)",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2016/09/17/1"
},
{
"name" : "[oss-security] 20160917 Re: Re: libav: NULL pointer dereference in put_no_rnd_pixels8_xy2_mmx (rnd_template.c)",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2016/09/17/4"
},
{
"name" : "[oss-security] 20160917 libav: NULL pointer dereference in put_no_rnd_pixels8_xy2_mmx (rnd_template.c)",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2016/09/16/17"
},
{
"name" : "https://blogs.gentoo.org/ago/2016/09/17/libav-null-pointer-dereference-in-put_no_rnd_pixels8_xy2_mmx-rnd_template-c/",
"refsource" : "MISC",
"url" : "https://blogs.gentoo.org/ago/2016/09/17/libav-null-pointer-dereference-in-put_no_rnd_pixels8_xy2_mmx-rnd_template-c/"
},
{
"name" : "https://bugzilla.libav.org/show_bug.cgi?id=962",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.libav.org/show_bug.cgi?id=962"
},
{
"name" : "https://git.libav.org/?p=libav.git;a=commit;h=136f55207521f0b03194ef5b55ba70f1635d6aee",
"refsource" : "CONFIRM",
"url" : "https://git.libav.org/?p=libav.git;a=commit;h=136f55207521f0b03194ef5b55ba70f1635d6aee"
},
{
"name" : "DSA-3685",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2016/dsa-3685"
},
{
"name" : "93038",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/93038"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The put_no_rnd_pixels8_xy2_mmx function in x86/rnd_template.c in libav 11.7 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted MP3 file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://git.libav.org/?p=libav.git;a=commit;h=136f55207521f0b03194ef5b55ba70f1635d6aee",
"refsource": "CONFIRM",
"url": "https://git.libav.org/?p=libav.git;a=commit;h=136f55207521f0b03194ef5b55ba70f1635d6aee"
},
{
"name": "DSA-3685",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3685"
},
{
"name": "93038",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93038"
},
{
"name": "[oss-security] 20160917 libav: NULL pointer dereference in put_no_rnd_pixels8_xy2_mmx (rnd_template.c)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/09/16/17"
},
{
"name": "[oss-security] 20160916 Re: libav: NULL pointer dereference in put_no_rnd_pixels8_xy2_mmx (rnd_template.c)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/09/17/1"
},
{
"name": "[oss-security] 20160917 Re: Re: libav: NULL pointer dereference in put_no_rnd_pixels8_xy2_mmx (rnd_template.c)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/09/17/4"
},
{
"name": "https://bugzilla.libav.org/show_bug.cgi?id=962",
"refsource": "CONFIRM",
"url": "https://bugzilla.libav.org/show_bug.cgi?id=962"
},
{
"name": "https://blogs.gentoo.org/ago/2016/09/17/libav-null-pointer-dereference-in-put_no_rnd_pixels8_xy2_mmx-rnd_template-c/",
"refsource": "MISC",
"url": "https://blogs.gentoo.org/ago/2016/09/17/libav-null-pointer-dereference-in-put_no_rnd_pixels8_xy2_mmx-rnd_template-c/"
}
]
}
}

170
2016/7xxx/CVE-2016-7478.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@checkpoint.com",
"ID" : "CVE-2016-7478",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "PHP before 5.6.28",
"version" : {
"version_data" : [
{
"version_value" : "PHP before 5.6.28"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Zend/zend_exceptions.c in PHP, possibly 5.x before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial of service (infinite loop) via a crafted Exception object in serialized data, a related issue to CVE-2015-8876."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "infinite loop"
}
"CVE_data_meta": {
"ASSIGNER": "cve@checkpoint.com",
"ID": "CVE-2016-7478",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PHP before 5.6.28",
"version": {
"version_data": [
{
"version_value": "PHP before 5.6.28"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://blog.checkpoint.com/2016/12/27/check-point-discovers-three-zero-day-vulnerabilities-web-programming-language-php-7",
"refsource" : "MISC",
"url" : "http://blog.checkpoint.com/2016/12/27/check-point-discovers-three-zero-day-vulnerabilities-web-programming-language-php-7"
},
{
"name" : "http://blog.checkpoint.com/wp-content/uploads/2016/12/PHP_Technical_Report.pdf",
"refsource" : "MISC",
"url" : "http://blog.checkpoint.com/wp-content/uploads/2016/12/PHP_Technical_Report.pdf"
},
{
"name" : "https://bugs.php.net/bug.php?id=73093",
"refsource" : "MISC",
"url" : "https://bugs.php.net/bug.php?id=73093"
},
{
"name" : "https://www.youtube.com/watch?v=LDcaPstAuPk",
"refsource" : "MISC",
"url" : "https://www.youtube.com/watch?v=LDcaPstAuPk"
},
{
"name" : "https://security.netapp.com/advisory/ntap-20180112-0001/",
"refsource" : "CONFIRM",
"url" : "https://security.netapp.com/advisory/ntap-20180112-0001/"
},
{
"name" : "95150",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/95150"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Zend/zend_exceptions.c in PHP, possibly 5.x before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial of service (infinite loop) via a crafted Exception object in serialized data, a related issue to CVE-2015-8876."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "infinite loop"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://blog.checkpoint.com/wp-content/uploads/2016/12/PHP_Technical_Report.pdf",
"refsource": "MISC",
"url": "http://blog.checkpoint.com/wp-content/uploads/2016/12/PHP_Technical_Report.pdf"
},
{
"name": "95150",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95150"
},
{
"name": "https://www.youtube.com/watch?v=LDcaPstAuPk",
"refsource": "MISC",
"url": "https://www.youtube.com/watch?v=LDcaPstAuPk"
},
{
"name": "https://security.netapp.com/advisory/ntap-20180112-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20180112-0001/"
},
{
"name": "http://blog.checkpoint.com/2016/12/27/check-point-discovers-three-zero-day-vulnerabilities-web-programming-language-php-7",
"refsource": "MISC",
"url": "http://blog.checkpoint.com/2016/12/27/check-point-discovers-three-zero-day-vulnerabilities-web-programming-language-php-7"
},
{
"name": "https://bugs.php.net/bug.php?id=73093",
"refsource": "MISC",
"url": "https://bugs.php.net/bug.php?id=73093"
}
]
}
}

140
2016/7xxx/CVE-2016-7782.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-7782",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in framework/core/models/expConfig.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the src parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-7782",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20161102 Disclose [10 * cve] in Exponent CMS",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2016/Nov/12"
},
{
"name" : "http://packetstormsecurity.com/files/139484/Exponent-CMS-2.3.9-SQL-Injection.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/139484/Exponent-CMS-2.3.9-SQL-Injection.html"
},
{
"name" : "97210",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/97210"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in framework/core/models/expConfig.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the src parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "97210",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97210"
},
{
"name": "http://packetstormsecurity.com/files/139484/Exponent-CMS-2.3.9-SQL-Injection.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/139484/Exponent-CMS-2.3.9-SQL-Injection.html"
},
{
"name": "20161102 Disclose [10 * cve] in Exponent CMS",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2016/Nov/12"
}
]
}
}