admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 04:09:46 +00:00
parent da37711555
commit f01fd78ee5
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
50 changed files with 3045 additions and 2996 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

160
2004/0xxx/CVE-2004-0400.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-0400",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in Exim 4 before 4.33, when the headers_check_syntax option is enabled, allows remote attackers to cause a denial of service and possibly execute arbitrary code during the header check."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0400",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20040506 Buffer overflows in exim, yet still exim much better than windows",
"refsource" : "FULLDISC",
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2004-May/021015.html"
},
{
"name" : "http://www.guninski.com/exim1.html",
"refsource" : "MISC",
"url" : "http://www.guninski.com/exim1.html"
},
{
"name" : "DSA-501",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2004/dsa-501"
},
{
"name" : "DSA-502",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2004/dsa-502"
},
{
"name" : "exim-headerschecksyntax-bo(16077)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16077"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in Exim 4 before 4.33, when the headers_check_syntax option is enabled, allows remote attackers to cause a denial of service and possibly execute arbitrary code during the header check."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-502",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2004/dsa-502"
},
{
"name": "DSA-501",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2004/dsa-501"
},
{
"name": "20040506 Buffer overflows in exim, yet still exim much better than windows",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-May/021015.html"
},
{
"name": "http://www.guninski.com/exim1.html",
"refsource": "MISC",
"url": "http://www.guninski.com/exim1.html"
},
{
"name": "exim-headerschecksyntax-bo(16077)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16077"
}
]
}
}

140
2004/0xxx/CVE-2004-0475.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-0475",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The showHelp function in Internet Explorer 6 on Windows XP Pro allows remote attackers to execute arbitrary local .CHM files via a double backward slash (\"\\\\\") before the target CHM file, as demonstrated using an \"ms-its\" URL to ntshared.chm. NOTE: this bug may overlap CVE-2003-1041."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0475",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20040513 Showhelp() local CHM file execution",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/363202"
},
{
"name" : "ie-showhelp-chm-execution(16147)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16147"
},
{
"name" : "10348",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/10348"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The showHelp function in Internet Explorer 6 on Windows XP Pro allows remote attackers to execute arbitrary local .CHM files via a double backward slash (\"\\\\\") before the target CHM file, as demonstrated using an \"ms-its\" URL to ntshared.chm. NOTE: this bug may overlap CVE-2003-1041."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "10348",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10348"
},
{
"name": "20040513 Showhelp() local CHM file execution",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/363202"
},
{
"name": "ie-showhelp-chm-execution(16147)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16147"
}
]
}
}

160
2004/0xxx/CVE-2004-0749.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-0749",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The mod_authz_svn module in Subversion 1.0.7 and earlier does not properly restrict access to all metadata on unreadable paths, which could allow remote attackers to gain sensitive information via (1) svn log -v, (2) svn propget, or (3) svn blame, and other commands that follow renames."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0749",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "FEDORA-2004-318",
"refsource" : "FEDORA",
"url" : "http://fedoranews.org/updates/FEDORA-2004-318.shtml"
},
{
"name" : "GLSA-200409-35",
"refsource" : "GENTOO",
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200409-35.xml"
},
{
"name" : "http://subversion.tigris.org/security/CAN-2004-0749-advisory.txt",
"refsource" : "CONFIRM",
"url" : "http://subversion.tigris.org/security/CAN-2004-0749-advisory.txt"
},
{
"name" : "11243",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/11243"
},
{
"name" : "subversion-information-disclosure(17472)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17472"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The mod_authz_svn module in Subversion 1.0.7 and earlier does not properly restrict access to all metadata on unreadable paths, which could allow remote attackers to gain sensitive information via (1) svn log -v, (2) svn propget, or (3) svn blame, and other commands that follow renames."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FEDORA-2004-318",
"refsource": "FEDORA",
"url": "http://fedoranews.org/updates/FEDORA-2004-318.shtml"
},
{
"name": "subversion-information-disclosure(17472)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17472"
},
{
"name": "11243",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11243"
},
{
"name": "http://subversion.tigris.org/security/CAN-2004-0749-advisory.txt",
"refsource": "CONFIRM",
"url": "http://subversion.tigris.org/security/CAN-2004-0749-advisory.txt"
},
{
"name": "GLSA-200409-35",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200409-35.xml"
}
]
}
}

170
2004/1xxx/CVE-2004-1439.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-1439",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in BlackJumboDog 3.x allows remote attackers to execute arbitrary code via long FTP commands such as (1) USER, (2) PASS, (3) RETR,(4) CWD, (5) XMKD, and (6) XRMD."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1439",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.security.org.sg/vuln/bjd361.html",
"refsource" : "MISC",
"url" : "http://www.security.org.sg/vuln/bjd361.html"
},
{
"name" : "20040910 BlackJumboDog FTP Server version 3.6.1 Buffer Overflow [Exploit included]",
"refsource" : "BUGTRAQ",
"url" : "http://www.ir3ip.net/pipermail/bugtraq/2004-September/009960.html"
},
{
"name" : "VU#714584",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/714584"
},
{
"name" : "10834",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/10834"
},
{
"name" : "12203",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/12203"
},
{
"name" : "blackjumbodog-long-string-bo(16842)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16842"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in BlackJumboDog 3.x allows remote attackers to execute arbitrary code via long FTP commands such as (1) USER, (2) PASS, (3) RETR,(4) CWD, (5) XMKD, and (6) XRMD."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20040910 BlackJumboDog FTP Server version 3.6.1 Buffer Overflow [Exploit included]",
"refsource": "BUGTRAQ",
"url": "http://www.ir3ip.net/pipermail/bugtraq/2004-September/009960.html"
},
{
"name": "blackjumbodog-long-string-bo(16842)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16842"
},
{
"name": "12203",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/12203"
},
{
"name": "http://www.security.org.sg/vuln/bjd361.html",
"refsource": "MISC",
"url": "http://www.security.org.sg/vuln/bjd361.html"
},
{
"name": "VU#714584",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/714584"
},
{
"name": "10834",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10834"
}
]
}
}

160
2004/1xxx/CVE-2004-1559.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-1559",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in Wordpress 1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) redirect_to, text, popupurl, or popuptitle parameters to wp-login.php, (2) redirect_url parameter to admin-header.php, (3) popuptitle, popupurl, content, or post_title parameters to bookmarklet.php, (4) cat_ID parameter to categories.php, (5) s parameter to edit.php, or (6) s or mode parameter to edit-comments.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1559",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20040927 Multiple XSS Vulnerabilities in Wordpress 1.2",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=109641484723194&w=2"
},
{
"name" : "11268",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/11268"
},
{
"name" : "1011440",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1011440"
},
{
"name" : "12683",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/12683"
},
{
"name" : "wordpress-multiple-scripts-xss(17532)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17532"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Wordpress 1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) redirect_to, text, popupurl, or popuptitle parameters to wp-login.php, (2) redirect_url parameter to admin-header.php, (3) popuptitle, popupurl, content, or post_title parameters to bookmarklet.php, (4) cat_ID parameter to categories.php, (5) s parameter to edit.php, or (6) s or mode parameter to edit-comments.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "wordpress-multiple-scripts-xss(17532)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17532"
},
{
"name": "12683",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/12683"
},
{
"name": "20040927 Multiple XSS Vulnerabilities in Wordpress 1.2",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=109641484723194&w=2"
},
{
"name": "11268",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11268"
},
{
"name": "1011440",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1011440"
}
]
}
}

150
2004/1xxx/CVE-2004-1749.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-1749",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Attack Mitigator IPS 5500 3.11.008, and possibly other versions, when configured in a one-armed routing configuration, allows remote attackers to cause a denial of service (CPU consumption) via a large number of HTTP requests."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1749",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20040825 IRM 010: Top Layer Attack Mitigator IPS 5500 Denial of Service",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=109345253016318&w=2"
},
{
"name" : "11049",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/11049"
},
{
"name" : "12390",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/12390"
},
{
"name" : "am-ips5500-http-dos(17125)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17125"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Attack Mitigator IPS 5500 3.11.008, and possibly other versions, when configured in a one-armed routing configuration, allows remote attackers to cause a denial of service (CPU consumption) via a large number of HTTP requests."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20040825 IRM 010: Top Layer Attack Mitigator IPS 5500 Denial of Service",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=109345253016318&w=2"
},
{
"name": "11049",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11049"
},
{
"name": "am-ips5500-http-dos(17125)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17125"
},
{
"name": "12390",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/12390"
}
]
}
}

190
2004/1xxx/CVE-2004-1766.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-1766",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The default installation of NetScreen-Security Manager before Feature Pack 1 does not enable encryption for communication with devices running ScreenOS 5.0, which allows remote attackers to obtain sensitive information via sniffing."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1766",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.netscreen.com/services/security/alerts/1_19_04_58290.jsp",
"refsource" : "CONFIRM",
"url" : "http://www.netscreen.com/services/security/alerts/1_19_04_58290.jsp"
},
{
"name" : "http://www.kb.cert.org/vuls/id/CRDY-5VEU8N",
"refsource" : "CONFIRM",
"url" : "http://www.kb.cert.org/vuls/id/CRDY-5VEU8N"
},
{
"name" : "http://www.juniper.net/support/security/alerts/58290.txt",
"refsource" : "CONFIRM",
"url" : "http://www.juniper.net/support/security/alerts/58290.txt"
},
{
"name" : "VU#927630",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/927630"
},
{
"name" : "9455",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/9455"
},
{
"name" : "3613",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/3613"
},
{
"name" : "10675",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/10675"
},
{
"name" : "netscreen-information-disclosure(14886)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/14886"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The default installation of NetScreen-Security Manager before Feature Pack 1 does not enable encryption for communication with devices running ScreenOS 5.0, which allows remote attackers to obtain sensitive information via sniffing."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#927630",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/927630"
},
{
"name": "http://www.kb.cert.org/vuls/id/CRDY-5VEU8N",
"refsource": "CONFIRM",
"url": "http://www.kb.cert.org/vuls/id/CRDY-5VEU8N"
},
{
"name": "9455",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/9455"
},
{
"name": "http://www.netscreen.com/services/security/alerts/1_19_04_58290.jsp",
"refsource": "CONFIRM",
"url": "http://www.netscreen.com/services/security/alerts/1_19_04_58290.jsp"
},
{
"name": "10675",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/10675"
},
{
"name": "netscreen-information-disclosure(14886)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14886"
},
{
"name": "3613",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/3613"
},
{
"name": "http://www.juniper.net/support/security/alerts/58290.txt",
"refsource": "CONFIRM",
"url": "http://www.juniper.net/support/security/alerts/58290.txt"
}
]
}
}

170
2004/1xxx/CVE-2004-1937.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-1937",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple directory traversal vulnerabilities in Nuked-KlaN 1.4b and 1.5b allow remote attackers to read or include arbitrary files via .. sequences in (1) the user_langue parameter to index.php or (2) the langue parameter to update.php, or modify arbitrary GLOBAL variables by causing globals.php to be loaded before conf.inc.php via (3) .. sequences in the file parameter with the page parameter set to globals, or (4) ../globals.php in the user_langue parameter, as demonstrated by modifying $nuked[prefix] in the Suggest module."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1937",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20040417 [SCSA-028] Nuked-Klan Multiple Vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=108222826225823&w=2"
},
{
"name" : "http://www.phpsecure.info/v2/tutos/frog/Nuked-KlaN.txt",
"refsource" : "MISC",
"url" : "http://www.phpsecure.info/v2/tutos/frog/Nuked-KlaN.txt"
},
{
"name" : "10104",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/10104"
},
{
"name" : "11341",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/11341"
},
{
"name" : "nuked-klan-file-include(15843)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15843"
},
{
"name" : "nuked-klan-configurtion-corruption(15844)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15844"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple directory traversal vulnerabilities in Nuked-KlaN 1.4b and 1.5b allow remote attackers to read or include arbitrary files via .. sequences in (1) the user_langue parameter to index.php or (2) the langue parameter to update.php, or modify arbitrary GLOBAL variables by causing globals.php to be loaded before conf.inc.php via (3) .. sequences in the file parameter with the page parameter set to globals, or (4) ../globals.php in the user_langue parameter, as demonstrated by modifying $nuked[prefix] in the Suggest module."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20040417 [SCSA-028] Nuked-Klan Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=108222826225823&w=2"
},
{
"name": "nuked-klan-file-include(15843)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15843"
},
{
"name": "http://www.phpsecure.info/v2/tutos/frog/Nuked-KlaN.txt",
"refsource": "MISC",
"url": "http://www.phpsecure.info/v2/tutos/frog/Nuked-KlaN.txt"
},
{
"name": "nuked-klan-configurtion-corruption(15844)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15844"
},
{
"name": "11341",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/11341"
},
{
"name": "10104",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10104"
}
]
}
}

180
2004/1xxx/CVE-2004-1941.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-1941",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Fastream NETFile FTP/Web Server 6.5.1.980 allows remote attackers to cause a denial of service via a username that does not exist."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1941",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20040419 DoS in NETFile FTP/Web Server",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=108239249613861&w=2"
},
{
"name" : "http://www.autistici.org/fdonato/advisory/FastreamNETFileFWServer6.5.1.980-adv.txt",
"refsource" : "MISC",
"url" : "http://www.autistici.org/fdonato/advisory/FastreamNETFileFWServer6.5.1.980-adv.txt"
},
{
"name" : "10169",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/10169"
},
{
"name" : "5548",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/5548"
},
{
"name" : "1009868",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1009868"
},
{
"name" : "11428",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/11428"
},
{
"name" : "fastream-user-pass-dos(15899)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15899"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Fastream NETFile FTP/Web Server 6.5.1.980 allows remote attackers to cause a denial of service via a username that does not exist."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "5548",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/5548"
},
{
"name": "10169",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10169"
},
{
"name": "http://www.autistici.org/fdonato/advisory/FastreamNETFileFWServer6.5.1.980-adv.txt",
"refsource": "MISC",
"url": "http://www.autistici.org/fdonato/advisory/FastreamNETFileFWServer6.5.1.980-adv.txt"
},
{
"name": "1009868",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1009868"
},
{
"name": "fastream-user-pass-dos(15899)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15899"
},
{
"name": "11428",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/11428"
},
{
"name": "20040419 DoS in NETFile FTP/Web Server",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=108239249613861&w=2"
}
]
}
}

190
2004/2xxx/CVE-2004-2079.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-2079",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Red-M Red-Alert 2.7.5 with software 3.1 build 24 binds authentication to IP addresses, which allows remote attackers to bypass authentication by connecting from the same IP address as an active authenticated user."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2079",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20040209 Red-M Red-Alert Multiple Vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/353211"
},
{
"name" : "20040209 Red-M Red-Alert Multiple Vulnerabilities",
"refsource" : "FULLDISC",
"url" : "http://marc.info/?l=full-disclosure&m=107635119005407&w=2"
},
{
"name" : "http://genhex.org/releases/031003.txt",
"refsource" : "MISC",
"url" : "http://genhex.org/releases/031003.txt"
},
{
"name" : "http://www.securiteam.com/securitynews/5SP0C0KC0A.html",
"refsource" : "MISC",
"url" : "http://www.securiteam.com/securitynews/5SP0C0KC0A.html"
},
{
"name" : "9618",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/9618"
},
{
"name" : "1009001",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1009001"
},
{
"name" : "3952",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/3952"
},
{
"name" : "redalert-gain-access(15088)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15088"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Red-M Red-Alert 2.7.5 with software 3.1 build 24 binds authentication to IP addresses, which allows remote attackers to bypass authentication by connecting from the same IP address as an active authenticated user."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20040209 Red-M Red-Alert Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/353211"
},
{
"name": "20040209 Red-M Red-Alert Multiple Vulnerabilities",
"refsource": "FULLDISC",
"url": "http://marc.info/?l=full-disclosure&m=107635119005407&w=2"
},
{
"name": "3952",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/3952"
},
{
"name": "1009001",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1009001"
},
{
"name": "9618",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/9618"
},
{
"name": "http://www.securiteam.com/securitynews/5SP0C0KC0A.html",
"refsource": "MISC",
"url": "http://www.securiteam.com/securitynews/5SP0C0KC0A.html"
},
{
"name": "redalert-gain-access(15088)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15088"
},
{
"name": "http://genhex.org/releases/031003.txt",
"refsource": "MISC",
"url": "http://genhex.org/releases/031003.txt"
}
]
}
}

160
2004/2xxx/CVE-2004-2168.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-2168",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "BaSoMail 1.24 allows remote attackers to cause a denial of service (CPU consumption) via multiple connections to TCP port (1) 25 (SMTP) or (2) 110 (POP3)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2168",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://members.lycos.co.uk/r34ct/main/Baso_mail/Baso_1.24.txt",
"refsource" : "MISC",
"url" : "http://members.lycos.co.uk/r34ct/main/Baso_mail/Baso_1.24.txt"
},
{
"name" : "3789",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/3789"
},
{
"name" : "1008912",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1008912"
},
{
"name" : "10761",
"refsource" : "SECUNIA",
"url" : "http://www.secunia.com/advisories/10761/"
},
{
"name" : "basomail-multiple-connection-dos(15002)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15002"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "BaSoMail 1.24 allows remote attackers to cause a denial of service (CPU consumption) via multiple connections to TCP port (1) 25 (SMTP) or (2) 110 (POP3)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "10761",
"refsource": "SECUNIA",
"url": "http://www.secunia.com/advisories/10761/"
},
{
"name": "1008912",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1008912"
},
{
"name": "3789",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/3789"
},
{
"name": "basomail-multiple-connection-dos(15002)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15002"
},
{
"name": "http://members.lycos.co.uk/r34ct/main/Baso_mail/Baso_1.24.txt",
"refsource": "MISC",
"url": "http://members.lycos.co.uk/r34ct/main/Baso_mail/Baso_1.24.txt"
}
]
}
}

160
2004/2xxx/CVE-2004-2707.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-2707",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple unspecified vulnerabilities in Gyach Enhanced (Gyach-E) before 1.0.5 have unknown impact and attack vectors related to \"several security flaws,\" probably related to buffer overflows in HTTP server responses."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2707",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.phrozensmoke.com/projects/pyvoicechat/changelog.php",
"refsource" : "CONFIRM",
"url" : "http://www.phrozensmoke.com/projects/pyvoicechat/changelog.php"
},
{
"name" : "10975",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/10975"
},
{
"name" : "8937",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/8937"
},
{
"name" : "1011058",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1011058"
},
{
"name" : "gyach-enhanced-dos(17096)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17096"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple unspecified vulnerabilities in Gyach Enhanced (Gyach-E) before 1.0.5 have unknown impact and attack vectors related to \"several security flaws,\" probably related to buffer overflows in HTTP server responses."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "8937",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/8937"
},
{
"name": "1011058",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1011058"
},
{
"name": "gyach-enhanced-dos(17096)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17096"
},
{
"name": "10975",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10975"
},
{
"name": "http://www.phrozensmoke.com/projects/pyvoicechat/changelog.php",
"refsource": "CONFIRM",
"url": "http://www.phrozensmoke.com/projects/pyvoicechat/changelog.php"
}
]
}
}

140
2008/2xxx/CVE-2008-2068.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-2068",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in WordPress 2.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-2068",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://wordpress.org/development/2008/04/wordpress-251/",
"refsource" : "CONFIRM",
"url" : "http://wordpress.org/development/2008/04/wordpress-251/"
},
{
"name" : "29965",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/29965"
},
{
"name" : "wordpress-unspecified-xss(42029)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42029"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in WordPress 2.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://wordpress.org/development/2008/04/wordpress-251/",
"refsource": "CONFIRM",
"url": "http://wordpress.org/development/2008/04/wordpress-251/"
},
{
"name": "wordpress-unspecified-xss(42029)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42029"
},
{
"name": "29965",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29965"
}
]
}
}

150
2008/2xxx/CVE-2008-2118.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-2118",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in info.php in Project Alumni 1.0.9 allows remote attackers to execute arbitrary SQL commands via the id parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-2118",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20080502 project alumni v1.0.9 (info.php) SQL Injection Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/491552/100/0/threaded"
},
{
"name" : "29019",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/29019"
},
{
"name" : "3863",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/3863"
},
{
"name" : "projectalumni-info-sql-injection(42148)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42148"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in info.php in Project Alumni 1.0.9 allows remote attackers to execute arbitrary SQL commands via the id parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20080502 project alumni v1.0.9 (info.php) SQL Injection Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/491552/100/0/threaded"
},
{
"name": "29019",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29019"
},
{
"name": "projectalumni-info-sql-injection(42148)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42148"
},
{
"name": "3863",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3863"
}
]
}
}

160
2008/2xxx/CVE-2008-2210.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-2210",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in Maian Support 1.3 allow remote attackers to inject arbitrary web script or HTML via the (1) msg_script, (2) msg_script2, and (3) msg_script3 parameters to admin/inc/footer.php; and the (4) msg_script2 parameter to admin/inc/header.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-2210",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20080503 Maian Support v1.3 Xss Vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/491587/100/0/threaded"
},
{
"name" : "29032",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/29032"
},
{
"name" : "30068",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/30068"
},
{
"name" : "3888",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/3888"
},
{
"name" : "maian-support-footer-header-xss(42205)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42205"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Maian Support 1.3 allow remote attackers to inject arbitrary web script or HTML via the (1) msg_script, (2) msg_script2, and (3) msg_script3 parameters to admin/inc/footer.php; and the (4) msg_script2 parameter to admin/inc/header.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "3888",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3888"
},
{
"name": "29032",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29032"
},
{
"name": "30068",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30068"
},
{
"name": "20080503 Maian Support v1.3 Xss Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/491587/100/0/threaded"
},
{
"name": "maian-support-footer-header-xss(42205)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42205"
}
]
}
}

170
2008/2xxx/CVE-2008-2758.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-2758",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in Xigla Absolute News Manager XE 3.2 allow remote authenticated administrators to inject arbitrary web script or HTML via the (1) pblname and (2) text parameters to (a) admin/search.asp, (3) name parameter to (b) admin/publishers.asp, and other unspecified vectors to (c) anmviewer.asp and (d) editarticleX.asp in admin/. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-2758",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20080611 Xigla Multiple Products - Multiple Vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=121322052622903&w=2"
},
{
"name" : "http://bugreport.ir/index.php?/41",
"refsource" : "MISC",
"url" : "http://bugreport.ir/index.php?/41"
},
{
"name" : "29672",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/29672"
},
{
"name" : "30643",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/30643"
},
{
"name" : "3950",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/3950"
},
{
"name" : "absolutenews-search-publishers-xss(43042)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43042"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Xigla Absolute News Manager XE 3.2 allow remote authenticated administrators to inject arbitrary web script or HTML via the (1) pblname and (2) text parameters to (a) admin/search.asp, (3) name parameter to (b) admin/publishers.asp, and other unspecified vectors to (c) anmviewer.asp and (d) editarticleX.asp in admin/. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "30643",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30643"
},
{
"name": "http://bugreport.ir/index.php?/41",
"refsource": "MISC",
"url": "http://bugreport.ir/index.php?/41"
},
{
"name": "29672",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29672"
},
{
"name": "absolutenews-search-publishers-xss(43042)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43042"
},
{
"name": "20080611 Xigla Multiple Products - Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=121322052622903&w=2"
},
{
"name": "3950",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3950"
}
]
}
}

180
2008/3xxx/CVE-2008-3616.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-3616",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple integer overflows in the SearchKit API in Apple Mac OS X 10.4.11 and 10.5 through 10.5.4 allow context-dependent attackers to cause a denial of service (application crash) or execute arbitrary code via vectors associated with \"passing untrusted input\" to unspecified API functions."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3616",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "APPLE-SA-2008-09-15",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html"
},
{
"name" : "TA08-260A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA08-260A.html"
},
{
"name" : "31189",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/31189"
},
{
"name" : "ADV-2008-2584",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/2584"
},
{
"name" : "1020880",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1020880"
},
{
"name" : "31882",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/31882"
},
{
"name" : "macos-searchkitapi-code-execution(45172)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45172"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple integer overflows in the SearchKit API in Apple Mac OS X 10.4.11 and 10.5 through 10.5.4 allow context-dependent attackers to cause a denial of service (application crash) or execute arbitrary code via vectors associated with \"passing untrusted input\" to unspecified API functions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "31189",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31189"
},
{
"name": "APPLE-SA-2008-09-15",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html"
},
{
"name": "macos-searchkitapi-code-execution(45172)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45172"
},
{
"name": "TA08-260A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA08-260A.html"
},
{
"name": "1020880",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1020880"
},
{
"name": "ADV-2008-2584",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2584"
},
{
"name": "31882",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31882"
}
]
}
}

160
2008/6xxx/CVE-2008-6591.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-6591",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "LightNEasy \"no database\" (aka flat) version 1.2.2, and possibly SQLite version 1.2.2, allows remote attackers to create arbitrary files via the page parameter to (1) index.php and (2) LightNEasy.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6591",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20080418 LightNEasy v.1.2.2 flat Multiple Vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/491064/100/0/threaded"
},
{
"name" : "28839",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/28839"
},
{
"name" : "44678",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/44678"
},
{
"name" : "44679",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/44679"
},
{
"name" : "29833",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/29833"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "LightNEasy \"no database\" (aka flat) version 1.2.2, and possibly SQLite version 1.2.2, allows remote attackers to create arbitrary files via the page parameter to (1) index.php and (2) LightNEasy.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20080418 LightNEasy v.1.2.2 flat Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/491064/100/0/threaded"
},
{
"name": "44678",
"refsource": "OSVDB",
"url": "http://osvdb.org/44678"
},
{
"name": "29833",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29833"
},
{
"name": "44679",
"refsource": "OSVDB",
"url": "http://osvdb.org/44679"
},
{
"name": "28839",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28839"
}
]
}
}

140
2008/6xxx/CVE-2008-6797.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-6797",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The server in Mitel NuPoint Messenger R11 and R3 sends usernames and passwords in cleartext to Exchange servers, which allows remote attackers to obtain sensitive information by sniffing the network."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6797",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.mitel.com/resources/NuPoint_and_Exchange.pdf",
"refsource" : "MISC",
"url" : "http://www.mitel.com/resources/NuPoint_and_Exchange.pdf"
},
{
"name" : "VU#576996",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/576996"
},
{
"name" : "34847",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/34847"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The server in Mitel NuPoint Messenger R11 and R3 sends usernames and passwords in cleartext to Exchange servers, which allows remote attackers to obtain sensitive information by sniffing the network."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "34847",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34847"
},
{
"name": "http://www.mitel.com/resources/NuPoint_and_Exchange.pdf",
"refsource": "MISC",
"url": "http://www.mitel.com/resources/NuPoint_and_Exchange.pdf"
},
{
"name": "VU#576996",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/576996"
}
]
}
}

140
2008/6xxx/CVE-2008-6869.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-6869",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Oramon Oracle Database Monitoring Tool 2.0.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing credentials via a direct request for config/oramon.ini."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6869",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "7286",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/7286"
},
{
"name" : "ADV-2008-3305",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/3305"
},
{
"name" : "oramon-oramon-information-disclosure(46967)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46967"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Oramon Oracle Database Monitoring Tool 2.0.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing credentials via a direct request for config/oramon.ini."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "7286",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/7286"
},
{
"name": "oramon-oramon-information-disclosure(46967)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46967"
},
{
"name": "ADV-2008-3305",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/3305"
}
]
}
}

200
2008/6xxx/CVE-2008-6926.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-6926",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in autoinstall4imagesgalleryupgrade.php in the Fantastico De Luxe Module for cPanel allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the scriptpath_show parameter in a GoAhead action. NOTE: this issue only crosses privilege boundaries when security settings such as disable_functions and safe_mode are active, since exploitation requires uploading of executable code to a home directory."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6926",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20081031 Cpanel 11.x Local File Inclusion & Cross Site Scripting - Discovered By Khashayar Fereidani",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/497964/100/0/threaded"
},
{
"name" : "20081120 Re: Cpanel 11 Local File Inclusion & Cross Site Scripting - Discovered By Khashayar Fereidani",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/498519"
},
{
"name" : "20081120 Re: Cpanel 11 Local File Inclusion & Cross Site Scripting - Discovered By Khashayar Fereidani",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/498526"
},
{
"name" : "20081120 Re: Re: Cpanel 11 Local File Inclusion & Cross Site Scripting - Discovered By Khashayar Fereidani",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/498529"
},
{
"name" : "20081120 Re: Re: Cpanel 11.x Local File Inclusion & Cross Site Scripting - Discovered By Khashayar Fereidani",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/498529/100/0/threaded"
},
{
"name" : "6897",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/6897"
},
{
"name" : "http://www.netenberg.com/forum/index.php?topic=6832",
"refsource" : "CONFIRM",
"url" : "http://www.netenberg.com/forum/index.php?topic=6832"
},
{
"name" : "32016",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/32016"
},
{
"name" : "cpanel-autoinstall-file-include(46252)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46252"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in autoinstall4imagesgalleryupgrade.php in the Fantastico De Luxe Module for cPanel allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the scriptpath_show parameter in a GoAhead action. NOTE: this issue only crosses privilege boundaries when security settings such as disable_functions and safe_mode are active, since exploitation requires uploading of executable code to a home directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "32016",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32016"
},
{
"name": "20081120 Re: Cpanel 11 Local File Inclusion & Cross Site Scripting - Discovered By Khashayar Fereidani",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/498526"
},
{
"name": "20081120 Re: Re: Cpanel 11.x Local File Inclusion & Cross Site Scripting - Discovered By Khashayar Fereidani",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/498529/100/0/threaded"
},
{
"name": "cpanel-autoinstall-file-include(46252)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46252"
},
{
"name": "6897",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/6897"
},
{
"name": "20081120 Re: Cpanel 11 Local File Inclusion & Cross Site Scripting - Discovered By Khashayar Fereidani",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/498519"
},
{
"name": "http://www.netenberg.com/forum/index.php?topic=6832",
"refsource": "CONFIRM",
"url": "http://www.netenberg.com/forum/index.php?topic=6832"
},
{
"name": "20081120 Re: Re: Cpanel 11 Local File Inclusion & Cross Site Scripting - Discovered By Khashayar Fereidani",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/498529"
},
{
"name": "20081031 Cpanel 11.x Local File Inclusion & Cross Site Scripting - Discovered By Khashayar Fereidani",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/497964/100/0/threaded"
}
]
}
}

140
2008/7xxx/CVE-2008-7086.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-7086",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Maian Greetings 2.1 allows remote attackers to bypass authentication and gain administrative privileges by setting the mecard_admin_cookie cookie to admin."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-7086",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "6050",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/6050"
},
{
"name" : "30199",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/30199"
},
{
"name" : "maiangreetings-index-security-bypass(43744)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43744"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Maian Greetings 2.1 allows remote attackers to bypass authentication and gain administrative privileges by setting the mecard_admin_cookie cookie to admin."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "6050",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/6050"
},
{
"name": "30199",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30199"
},
{
"name": "maiangreetings-index-security-bypass(43744)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43744"
}
]
}
}

34
2012/5xxx/CVE-2012-5194.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-5194",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-5194",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2012/5xxx/CVE-2012-5828.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-5828",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-5828",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2017/11xxx/CVE-2017-11036.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-11036",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-11036",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

130
2017/11xxx/CVE-2017-11321.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-11321",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The restricted shell interface in UCOPIA Wireless Appliance before 5.1.8 allows remote authenticated users to gain 'admin' privileges via shell metacharacters in the less command."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-11321",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "42937",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/42937/"
},
{
"name" : "https://sysdream.com/news/lab/2017-09-29-cve-2017-11321-ucopia-wireless-appliance-5-1-8-restricted-shell-escape/",
"refsource" : "MISC",
"url" : "https://sysdream.com/news/lab/2017-09-29-cve-2017-11321-ucopia-wireless-appliance-5-1-8-restricted-shell-escape/"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The restricted shell interface in UCOPIA Wireless Appliance before 5.1.8 allows remote authenticated users to gain 'admin' privileges via shell metacharacters in the less command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://sysdream.com/news/lab/2017-09-29-cve-2017-11321-ucopia-wireless-appliance-5-1-8-restricted-shell-escape/",
"refsource": "MISC",
"url": "https://sysdream.com/news/lab/2017-09-29-cve-2017-11321-ucopia-wireless-appliance-5-1-8-restricted-shell-escape/"
},
{
"name": "42937",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/42937/"
}
]
}
}

34
2017/11xxx/CVE-2017-11902.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-11902",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-11902",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

142
2017/11xxx/CVE-2017-11936.json
View File

@ -1,73 +1,73 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secure@microsoft.com",
"DATE_PUBLIC" : "2017-12-12T00:00:00",
"ID" : "CVE-2017-11936",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Microsoft SharePoint",
"version" : {
"version_data" : [
{
"version_value" : "Microsoft SharePoint Enterprise Server 2016"
}
]
}
}
]
},
"vendor_name" : "Microsoft Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft SharePoint Enterprise Server 2016 allows an elevation of privilege vulnerability due to the way web requests are handled, aka \"Microsoft SharePoint Elevation of Privilege Vulnerability\"."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Elevation of Privilege"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"DATE_PUBLIC": "2017-12-12T00:00:00",
"ID": "CVE-2017-11936",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft SharePoint",
"version": {
"version_data": [
{
"version_value": "Microsoft SharePoint Enterprise Server 2016"
}
]
}
}
]
},
"vendor_name": "Microsoft Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11936",
"refsource" : "CONFIRM",
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11936"
},
{
"name" : "102068",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/102068"
},
{
"name" : "1039995",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1039995"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft SharePoint Enterprise Server 2016 allows an elevation of privilege vulnerability due to the way web requests are handled, aka \"Microsoft SharePoint Elevation of Privilege Vulnerability\"."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of Privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11936",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11936"
},
{
"name": "1039995",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039995"
},
{
"name": "102068",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102068"
}
]
}
}

140
2017/14xxx/CVE-2017-14054.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-14054",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In libavformat/rmdec.c in FFmpeg 3.3.3, a DoS in ivr_read_header() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted IVR file, which claims a large \"len\" field in the header but does not contain sufficient backing data, is provided, the first type==4 loop would consume huge CPU resources, since there is no EOF check inside the loop."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-14054",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/FFmpeg/FFmpeg/commit/124eb202e70678539544f6268efc98131f19fa49",
"refsource" : "CONFIRM",
"url" : "https://github.com/FFmpeg/FFmpeg/commit/124eb202e70678539544f6268efc98131f19fa49"
},
{
"name" : "DSA-3996",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2017/dsa-3996"
},
{
"name" : "100627",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/100627"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In libavformat/rmdec.c in FFmpeg 3.3.3, a DoS in ivr_read_header() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted IVR file, which claims a large \"len\" field in the header but does not contain sufficient backing data, is provided, the first type==4 loop would consume huge CPU resources, since there is no EOF check inside the loop."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "100627",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100627"
},
{
"name": "https://github.com/FFmpeg/FFmpeg/commit/124eb202e70678539544f6268efc98131f19fa49",
"refsource": "CONFIRM",
"url": "https://github.com/FFmpeg/FFmpeg/commit/124eb202e70678539544f6268efc98131f19fa49"
},
{
"name": "DSA-3996",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3996"
}
]
}
}

122
2017/14xxx/CVE-2017-14433.json
View File

@ -1,63 +1,63 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "talos-cna@cisco.com",
"DATE_PUBLIC" : "2018-04-13T00:00:00",
"ID" : "CVE-2017-14433",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Moxa",
"version" : {
"version_data" : [
{
"version_value" : "Moxa EDR-810 V4.1 build 17030317"
}
]
}
}
]
},
"vendor_name" : "Talos"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An exploitable command injection vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP POST can cause a privilege escalation resulting in root shell. An attacker can inject OS commands into the remoteNetwork0= parameter in the \"/goform/net\\_Web\\_get_value\" uri to trigger this vulnerability."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "command injection"
}
"CVE_data_meta": {
"ASSIGNER": "talos-cna@cisco.com",
"DATE_PUBLIC": "2018-04-13T00:00:00",
"ID": "CVE-2017-14433",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Moxa",
"version": {
"version_data": [
{
"version_value": "Moxa EDR-810 V4.1 build 17030317"
}
]
}
}
]
},
"vendor_name": "Talos"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0482",
"refsource" : "MISC",
"url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0482"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An exploitable command injection vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP POST can cause a privilege escalation resulting in root shell. An attacker can inject OS commands into the remoteNetwork0= parameter in the \"/goform/net\\_Web\\_get_value\" uri to trigger this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "command injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0482",
"refsource": "MISC",
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0482"
}
]
}
}

132
2017/14xxx/CVE-2017-14893.json
View File

@ -1,68 +1,68 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "product-security@qualcomm.com",
"DATE_PUBLIC" : "2018-06-05T00:00:00",
"ID" : "CVE-2017-14893",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Android for MSM, Firefox OS for MSM, QRD Android",
"version" : {
"version_data" : [
{
"version_value" : "All Android releases from CAF using the Linux kernel"
}
]
}
}
]
},
"vendor_name" : "Qualcomm, Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "While flashing meta image, a buffer over-read may potentially occur when the image size is smaller than the image header size or is smaller than the image header size + total image header entry in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Possible buffer overread while flashing meta image"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@qualcomm.com",
"DATE_PUBLIC": "2018-06-05T00:00:00",
"ID": "CVE-2017-14893",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Android for MSM, Firefox OS for MSM, QRD Android",
"version": {
"version_data": [
{
"version_value": "All Android releases from CAF using the Linux kernel"
}
]
}
}
]
},
"vendor_name": "Qualcomm, Inc."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://source.android.com/security/bulletin/pixel/2018-06-01#qualcomm-components",
"refsource" : "CONFIRM",
"url" : "https://source.android.com/security/bulletin/pixel/2018-06-01#qualcomm-components"
},
{
"name" : "https://source.codeaurora.org/quic/la/abl/tianocore/edk2/commit/?id=c8dc3bf07ee909e6e57ad7887f9d3c0ffa5df795",
"refsource" : "CONFIRM",
"url" : "https://source.codeaurora.org/quic/la/abl/tianocore/edk2/commit/?id=c8dc3bf07ee909e6e57ad7887f9d3c0ffa5df795"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "While flashing meta image, a buffer over-read may potentially occur when the image size is smaller than the image header size or is smaller than the image header size + total image header entry in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Possible buffer overread while flashing meta image"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/pixel/2018-06-01#qualcomm-components",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/pixel/2018-06-01#qualcomm-components"
},
{
"name": "https://source.codeaurora.org/quic/la/abl/tianocore/edk2/commit/?id=c8dc3bf07ee909e6e57ad7887f9d3c0ffa5df795",
"refsource": "CONFIRM",
"url": "https://source.codeaurora.org/quic/la/abl/tianocore/edk2/commit/?id=c8dc3bf07ee909e6e57ad7887f9d3c0ffa5df795"
}
]
}
}

34
2017/15xxx/CVE-2017-15066.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-15066",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue associated with the originally named downstream provider. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2017-15066",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue associated with the originally named downstream provider. Notes: none."
}
]
}
}

132
2017/15xxx/CVE-2017-15131.json
View File

@ -1,68 +1,68 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert@redhat.com",
"DATE_PUBLIC" : "2017-05-24T00:00:00",
"ID" : "CVE-2017-15131",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "RHEL shipped xdg-user-dirs and gnome-session",
"version" : {
"version_data" : [
{
"version_value" : "before 0.15-5"
}
]
}
}
]
},
"vendor_name" : "Red Hat, Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "It was found that system umask policy is not being honored when creating XDG user directories, since Xsession sources xdg-user-dirs.sh before setting umask policy. This only affects xdg-user-dirs before 0.15.5 as shipped with Red Hat Enterprise Linux."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-284"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"DATE_PUBLIC": "2017-05-24T00:00:00",
"ID": "CVE-2017-15131",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "RHEL shipped xdg-user-dirs and gnome-session",
"version": {
"version_data": [
{
"version_value": "before 0.15-5"
}
]
}
}
]
},
"vendor_name": "Red Hat, Inc."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1412762",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1412762"
},
{
"name" : "RHSA-2018:0842",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:0842"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "It was found that system umask policy is not being honored when creating XDG user directories, since Xsession sources xdg-user-dirs.sh before setting umask policy. This only affects xdg-user-dirs before 0.15.5 as shipped with Red Hat Enterprise Linux."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1412762",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1412762"
},
{
"name": "RHSA-2018:0842",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0842"
}
]
}
}

34
2017/15xxx/CVE-2017-15442.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-15442",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2017-15442",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none."
}
]
}
}

130
2017/15xxx/CVE-2017-15635.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-15635",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the max_conn variable in the session_limits.lua file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-15635",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20180110 Multiple vulnerabilities in TP-Link products(CVE-2017-15613 to CVE-2017-15637)",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/541655/100/0/threaded"
},
{
"name" : "https://github.com/chunibalon/Vulnerability/blob/master/CVE-2017-15613_to_CVE-2017-15637.txt",
"refsource" : "MISC",
"url" : "https://github.com/chunibalon/Vulnerability/blob/master/CVE-2017-15613_to_CVE-2017-15637.txt"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the max_conn variable in the session_limits.lua file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/chunibalon/Vulnerability/blob/master/CVE-2017-15613_to_CVE-2017-15637.txt",
"refsource": "MISC",
"url": "https://github.com/chunibalon/Vulnerability/blob/master/CVE-2017-15613_to_CVE-2017-15637.txt"
},
{
"name": "20180110 Multiple vulnerabilities in TP-Link products(CVE-2017-15613 to CVE-2017-15637)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/541655/100/0/threaded"
}
]
}
}

120
2017/15xxx/CVE-2017-15780.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-15780",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "XnView Classic for Windows Version 2.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dwg file, related to a \"Read Access Violation starting at CADImage+0x0000000000285dad.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-15780",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15780",
"refsource" : "MISC",
"url" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15780"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XnView Classic for Windows Version 2.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dwg file, related to a \"Read Access Violation starting at CADImage+0x0000000000285dad.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15780",
"refsource": "MISC",
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15780"
}
]
}
}

122
2017/8xxx/CVE-2017-8186.json
View File

@ -1,63 +1,63 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@huawei.com",
"DATE_PUBLIC" : "2017-11-15T00:00:00",
"ID" : "CVE-2017-8186",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "MHA-AL00A",
"version" : {
"version_data" : [
{
"version_value" : "Earlier than MHA-AL00BC00B231 versions"
}
]
}
}
]
},
"vendor_name" : "Huawei Technologies Co., Ltd."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Bastet of some Huawei mobile phones with software of earlier than MHA-AL00BC00B231 versions has a DOS vulnerability due to the lack of parameter validation. An attacker may trick a user into installing a malicious APP. The APP can modify specific parameter to cause system reboot."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "DOS"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"DATE_PUBLIC": "2017-11-15T00:00:00",
"ID": "CVE-2017-8186",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MHA-AL00A",
"version": {
"version_data": [
{
"version_value": "Earlier than MHA-AL00BC00B231 versions"
}
]
}
}
]
},
"vendor_name": "Huawei Technologies Co., Ltd."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171018-01-dos-en",
"refsource" : "CONFIRM",
"url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171018-01-dos-en"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Bastet of some Huawei mobile phones with software of earlier than MHA-AL00BC00B231 versions has a DOS vulnerability due to the lack of parameter validation. An attacker may trick a user into installing a malicious APP. The APP can modify specific parameter to cause system reboot."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "DOS"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171018-01-dos-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171018-01-dos-en"
}
]
}
}

150
2017/8xxx/CVE-2017-8471.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secure@microsoft.com",
"ID" : "CVE-2017-8471",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Microsoft Windows",
"version" : {
"version_data" : [
{
"version_value" : "Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016."
}
]
}
}
]
},
"vendor_name" : "Microsoft Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an authenticated attacker to run a specially crafted application when the Windows kernel improperly initializes objects in memory, aka \"Win32k Information Disclosure Vulnerability\". This CVE ID is unique from CVE-2017-8470, CVE-2017-8472, CVE-2017-8473, CVE-2017-8475, CVE-2017-8477, and CVE-2017-8484."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Information Disclosure"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2017-8471",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft Windows",
"version": {
"version_data": [
{
"version_value": "Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016."
}
]
}
}
]
},
"vendor_name": "Microsoft Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "42224",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/42224/"
},
{
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8471",
"refsource" : "CONFIRM",
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8471"
},
{
"name" : "98849",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/98849"
},
{
"name" : "1038659",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1038659"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an authenticated attacker to run a specially crafted application when the Windows kernel improperly initializes objects in memory, aka \"Win32k Information Disclosure Vulnerability\". This CVE ID is unique from CVE-2017-8470, CVE-2017-8472, CVE-2017-8473, CVE-2017-8475, CVE-2017-8477, and CVE-2017-8484."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1038659",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038659"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8471",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8471"
},
{
"name": "98849",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98849"
},
{
"name": "42224",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/42224/"
}
]
}
}

120
2018/12xxx/CVE-2018-12089.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-12089",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In Octopus Deploy version 2018.5.1 to 2018.5.7, a user with Task View is able to view a password for a Service Fabric Cluster, when the Service Fabric Cluster target is configured in Azure Active Directory security mode and a deployment is executed with OctopusPrintVariables set to True. This is fixed in 2018.6.0."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-12089",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/OctopusDeploy/Issues/issues/4628",
"refsource" : "CONFIRM",
"url" : "https://github.com/OctopusDeploy/Issues/issues/4628"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Octopus Deploy version 2018.5.1 to 2018.5.7, a user with Task View is able to view a password for a Service Fabric Cluster, when the Service Fabric Cluster target is configured in Azure Active Directory security mode and a deployment is executed with OctopusPrintVariables set to True. This is fixed in 2018.6.0."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/OctopusDeploy/Issues/issues/4628",
"refsource": "CONFIRM",
"url": "https://github.com/OctopusDeploy/Issues/issues/4628"
}
]
}
}

130
2018/12xxx/CVE-2018-12094.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-12094",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in news.php in Dimofinf CMS Version 3.0.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-12094",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "44897",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/44897/"
},
{
"name" : "https://cxsecurity.com/issue/WLB-2018060091",
"refsource" : "MISC",
"url" : "https://cxsecurity.com/issue/WLB-2018060091"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in news.php in Dimofinf CMS Version 3.0.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "44897",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/44897/"
},
{
"name": "https://cxsecurity.com/issue/WLB-2018060091",
"refsource": "MISC",
"url": "https://cxsecurity.com/issue/WLB-2018060091"
}
]
}
}

140
2018/12xxx/CVE-2018-12867.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@adobe.com",
"ID" : "CVE-2018-12867",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Adobe Acrobat and Reader",
"version" : {
"version_data" : [
{
"version_value" : "2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier versions"
}
]
}
}
]
},
"vendor_name" : "Adobe"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Out-of-bounds read"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2018-12867",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Adobe Acrobat and Reader",
"version": {
"version_data": [
{
"version_value": "2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier versions"
}
]
}
}
]
},
"vendor_name": "Adobe"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://helpx.adobe.com/security/products/acrobat/apsb18-30.html",
"refsource" : "CONFIRM",
"url" : "https://helpx.adobe.com/security/products/acrobat/apsb18-30.html"
},
{
"name" : "105439",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/105439"
},
{
"name" : "1041809",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1041809"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Out-of-bounds read"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1041809",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041809"
},
{
"name": "105439",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105439"
},
{
"name": "https://helpx.adobe.com/security/products/acrobat/apsb18-30.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/acrobat/apsb18-30.html"
}
]
}
}

83
2018/13xxx/CVE-2018-13104.json
View File

@ -1,18 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-13104",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-13104",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OX App Suite 7.8.4 and earlier allows XSS. Internal reference: 58742 (Bug ID)"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://packetstormsecurity.com/files/151243/Open-Xchange-OX-App-Suite-Cross-Site-Scripting-SSRF.html",
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/151243/Open-Xchange-OX-App-Suite-Cross-Site-Scripting-SSRF.html"
},
{
"url": "http://seclists.org/fulldisclosure/2019/Jan/46",
"refsource": "MISC",
"name": "http://seclists.org/fulldisclosure/2019/Jan/46"
}
]
}
}

130
2018/13xxx/CVE-2018-13644.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-13644",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The mintToken function of a smart contract implementation for RoyalClassicCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-13644",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md",
"refsource" : "MISC",
"url" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md"
},
{
"name" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/RoyalClassicCoin",
"refsource" : "MISC",
"url" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/RoyalClassicCoin"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The mintToken function of a smart contract implementation for RoyalClassicCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md",
"refsource": "MISC",
"url": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md"
},
{
"name": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/RoyalClassicCoin",
"refsource": "MISC",
"url": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/RoyalClassicCoin"
}
]
}
}

140
2018/16xxx/CVE-2018-16419.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-16419",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Several buffer overflows when handling responses from a Cryptoflex card in read_public_key in tools/cryptoflex-tool.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-16419",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/OpenSC/OpenSC/commit/360e95d45ac4123255a4c796db96337f332160ad#diff-a6074523a9cbd875e26c58e20868fb15",
"refsource" : "MISC",
"url" : "https://github.com/OpenSC/OpenSC/commit/360e95d45ac4123255a4c796db96337f332160ad#diff-a6074523a9cbd875e26c58e20868fb15"
},
{
"name" : "https://github.com/OpenSC/OpenSC/releases/tag/0.19.0-rc1",
"refsource" : "MISC",
"url" : "https://github.com/OpenSC/OpenSC/releases/tag/0.19.0-rc1"
},
{
"name" : "https://www.x41-dsec.de/lab/advisories/x41-2018-002-OpenSC/",
"refsource" : "MISC",
"url" : "https://www.x41-dsec.de/lab/advisories/x41-2018-002-OpenSC/"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Several buffer overflows when handling responses from a Cryptoflex card in read_public_key in tools/cryptoflex-tool.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/OpenSC/OpenSC/commit/360e95d45ac4123255a4c796db96337f332160ad#diff-a6074523a9cbd875e26c58e20868fb15",
"refsource": "MISC",
"url": "https://github.com/OpenSC/OpenSC/commit/360e95d45ac4123255a4c796db96337f332160ad#diff-a6074523a9cbd875e26c58e20868fb15"
},
{
"name": "https://github.com/OpenSC/OpenSC/releases/tag/0.19.0-rc1",
"refsource": "MISC",
"url": "https://github.com/OpenSC/OpenSC/releases/tag/0.19.0-rc1"
},
{
"name": "https://www.x41-dsec.de/lab/advisories/x41-2018-002-OpenSC/",
"refsource": "MISC",
"url": "https://www.x41-dsec.de/lab/advisories/x41-2018-002-OpenSC/"
}
]
}
}

34
2018/16xxx/CVE-2018-16503.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-16503",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-16503",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2018/16xxx/CVE-2018-16898.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-16898",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-16898",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2018/17xxx/CVE-2018-17084.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-17084",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-17084",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2018/4xxx/CVE-2018-4338.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-4338",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-4338",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2018/4xxx/CVE-2018-4438.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-4438",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-4438",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2018/4xxx/CVE-2018-4624.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-4624",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-4624",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}