admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

- Synchronized data.

Browse Source
This commit is contained in:
CVE Team 2018-11-16 13:04:23 -05:00
parent df2f9d3181
commit f7640e9258
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
27 changed files with 1128 additions and 44 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
2001/0xxx/CVE-2001-0593.json
View File

@ -34,7 +34,7 @@
"description_data" : [
{
"lang" : "eng",
"value" : "Ananconda Partners Clipper 3.3 and earlier allows a remote attacker to read arbitrary files via a '..' (dot dot) attack in the template parameter."
"value" : "Anaconda Partners Clipper 3.3 and earlier allows a remote attacker to read arbitrary files via a '..' (dot dot) attack in the template parameter."
}
]
},

5
2018/11xxx/CVE-2018-11399.json
View File

@ -56,6 +56,11 @@
"name" : "https://www.simpleorsecure.net/simplisafe-security-advisory/",
"refsource" : "MISC",
"url" : "https://www.simpleorsecure.net/simplisafe-security-advisory/"
},
{
"name" : "https://simplisafe.com/files/pdf/SimpliSafe_advisory_8-17-18.pdf",
"refsource" : "MISC",
"url" : "https://simplisafe.com/files/pdf/SimpliSafe_advisory_8-17-18.pdf"
}
]
}

5
2018/11xxx/CVE-2018-11400.json
View File

@ -56,6 +56,11 @@
"name" : "https://www.simpleorsecure.net/simplisafe-security-advisory/",
"refsource" : "MISC",
"url" : "https://www.simpleorsecure.net/simplisafe-security-advisory/"
},
{
"name" : "https://simplisafe.com/files/pdf/SimpliSafe_advisory_8-17-18.pdf",
"refsource" : "MISC",
"url" : "https://simplisafe.com/files/pdf/SimpliSafe_advisory_8-17-18.pdf"
}
]
}

5
2018/11xxx/CVE-2018-11401.json
View File

@ -56,6 +56,11 @@
"name" : "https://www.simpleorsecure.net/simplisafe-security-advisory/",
"refsource" : "MISC",
"url" : "https://www.simpleorsecure.net/simplisafe-security-advisory/"
},
{
"name" : "https://simplisafe.com/files/pdf/SimpliSafe_advisory_8-17-18.pdf",
"refsource" : "MISC",
"url" : "https://simplisafe.com/files/pdf/SimpliSafe_advisory_8-17-18.pdf"
}
]
}

5
2018/11xxx/CVE-2018-11402.json
View File

@ -56,6 +56,11 @@
"name" : "https://www.simpleorsecure.net/simplisafe-security-advisory/",
"refsource" : "MISC",
"url" : "https://www.simpleorsecure.net/simplisafe-security-advisory/"
},
{
"name" : "https://simplisafe.com/files/pdf/SimpliSafe_advisory_8-17-18.pdf",
"refsource" : "MISC",
"url" : "https://simplisafe.com/files/pdf/SimpliSafe_advisory_8-17-18.pdf"
}
]
}

17
2018/14xxx/CVE-2018-14847.json
View File

@ -34,7 +34,7 @@
"description_data" : [
{
"lang" : "eng",
"value" : "Winbox for MikroTik RouterOS through 6.42 allows remote attackers to bypass authentication and read arbitrary files by modifying a request to change one byte related to a Session ID."
"value" : "MikroTik RouterOS through 6.42 allows unauthenticated remote attackers to read arbitrary files and remote authenticated attackers to write arbitrary files due to a directory traversal vulnerability in the WinBox interface."
}
]
},
@ -71,6 +71,21 @@
"name" : "https://n0p.me/winbox-bug-dissection/",
"refsource" : "MISC",
"url" : "https://n0p.me/winbox-bug-dissection/"
},
{
"name" : "https://github.com/tenable/routeros/blob/master/bug_hunting_in_routeros_derbycon_2018.pdf",
"refsource" : "MISC",
"url" : "https://github.com/tenable/routeros/blob/master/bug_hunting_in_routeros_derbycon_2018.pdf"
},
{
"name" : "https://github.com/tenable/routeros/tree/master/poc/bytheway",
"refsource" : "MISC",
"url" : "https://github.com/tenable/routeros/tree/master/poc/bytheway"
},
{
"name" : "https://github.com/tenable/routeros/tree/master/poc/cve_2018_14847",
"refsource" : "MISC",
"url" : "https://github.com/tenable/routeros/tree/master/poc/cve_2018_14847"
}
]
}

48
2018/15xxx/CVE-2018-15692.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-15692",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +34,28 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "Inova Partner 5.0.5-RELEASE, Build 0510-0906 and earlier allows authenticated users authorization bypass and data manipulation in certain functions."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.kpmg.de/noindex/advisories/KPMG-2018-002.txt",
"refsource" : "MISC",
"url" : "https://www.kpmg.de/noindex/advisories/KPMG-2018-002.txt"
}
]
}

48
2018/15xxx/CVE-2018-15693.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-15693",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +34,28 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "Inova Partner 5.0.5-RELEASE, Build 0510-0906 and earlier allows authenticated users authorization bypass via insecure direct object reference."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.kpmg.de/noindex/advisories/KPMG-2018-001.txt",
"refsource" : "MISC",
"url" : "https://www.kpmg.de/noindex/advisories/KPMG-2018-001.txt"
}
]
}

78
2018/16xxx/CVE-2018-16395.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-16395",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +34,58 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "An issue was discovered in the OpenSSL library in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. When two OpenSSL::X509::Name objects are compared using ==, depending on the ordering, non-equal objects may return true. When the first argument is one character longer than the second, or the second argument contains a character that is one less than a character in the same position of the first argument, the result of == will be true. This could be leveraged to create an illegitimate certificate that may be accepted as legitimate and then used in signing or encryption operations."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[debian-lts-announce] 20181028 [SECURITY] [DLA 1558-1] ruby2.1 security update",
"refsource" : "MLIST",
"url" : "https://lists.debian.org/debian-lts-announce/2018/10/msg00020.html"
},
{
"name" : "https://hackerone.com/reports/387250",
"refsource" : "MISC",
"url" : "https://hackerone.com/reports/387250"
},
{
"name" : "https://www.ruby-lang.org/en/news/2018/10/17/openssl-x509-name-equality-check-does-not-work-correctly-cve-2018-16395/",
"refsource" : "CONFIRM",
"url" : "https://www.ruby-lang.org/en/news/2018/10/17/openssl-x509-name-equality-check-does-not-work-correctly-cve-2018-16395/"
},
{
"name" : "https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-3-8-released/",
"refsource" : "CONFIRM",
"url" : "https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-3-8-released/"
},
{
"name" : "https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-4-5-released/",
"refsource" : "CONFIRM",
"url" : "https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-4-5-released/"
},
{
"name" : "https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-5-2-released/",
"refsource" : "CONFIRM",
"url" : "https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-5-2-released/"
},
{
"name" : "https://www.ruby-lang.org/en/news/2018/11/06/ruby-2-6-0-preview3-released/",
"refsource" : "CONFIRM",
"url" : "https://www.ruby-lang.org/en/news/2018/11/06/ruby-2-6-0-preview3-released/"
}
]
}

78
2018/16xxx/CVE-2018-16396.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-16396",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +34,58 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "An issue was discovered in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. It does not taint strings that result from unpacking tainted strings with some formats."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[debian-lts-announce] 20181028 [SECURITY] [DLA 1558-1] ruby2.1 security update",
"refsource" : "MLIST",
"url" : "https://lists.debian.org/debian-lts-announce/2018/10/msg00020.html"
},
{
"name" : "https://hackerone.com/reports/385070",
"refsource" : "MISC",
"url" : "https://hackerone.com/reports/385070"
},
{
"name" : "https://www.ruby-lang.org/en/news/2018/10/17/not-propagated-taint-flag-in-some-formats-of-pack-cve-2018-16396/",
"refsource" : "CONFIRM",
"url" : "https://www.ruby-lang.org/en/news/2018/10/17/not-propagated-taint-flag-in-some-formats-of-pack-cve-2018-16396/"
},
{
"name" : "https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-3-8-released/",
"refsource" : "CONFIRM",
"url" : "https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-3-8-released/"
},
{
"name" : "https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-4-5-released/",
"refsource" : "CONFIRM",
"url" : "https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-4-5-released/"
},
{
"name" : "https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-5-2-released/",
"refsource" : "CONFIRM",
"url" : "https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-5-2-released/"
},
{
"name" : "https://www.ruby-lang.org/en/news/2018/11/06/ruby-2-6-0-preview3-released/",
"refsource" : "CONFIRM",
"url" : "https://www.ruby-lang.org/en/news/2018/11/06/ruby-2-6-0-preview3-released/"
}
]
}

53
2018/18xxx/CVE-2018-18755.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-18755",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +34,33 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "K-iwi Framework 1775 has SQL Injection via the admin/user/group/update user_group_id parameter or the admin/user/user/update user_id parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "45735",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/45735/"
},
{
"name" : "http://packetstormsecurity.com/files/150016/K-iwi-Framework-1775-SQL-Injection.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/150016/K-iwi-Framework-1775-SQL-Injection.html"
}
]
}

48
2018/18xxx/CVE-2018-18756.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-18756",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +34,28 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "Local Server 1.0.9 has a Buffer Overflow via crafted data on Port 4008."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://packetstormsecurity.com/files/149986/Local-Server-1.0.9-Denial-Of-Service.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/149986/Local-Server-1.0.9-Denial-Of-Service.html"
}
]
}

53
2018/18xxx/CVE-2018-18759.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-18759",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +34,33 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "Modbus Slave 7.0.0 in modbus tools has a Buffer Overflow."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "45732",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/45732/"
},
{
"name" : "http://packetstormsecurity.com/files/150015/Modbus-Slave-7.0.0-Denial-Of-Service.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/150015/Modbus-Slave-7.0.0-Denial-Of-Service.html"
}
]
}

53
2018/18xxx/CVE-2018-18760.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-18760",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +34,33 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "RhinOS 3.0 build 1190 allows CSRF."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "45729",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/45729/"
},
{
"name" : "http://packetstormsecurity.com/files/150018/RhinOS-CMS-3.x-Arbitrary-File-Download.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/150018/RhinOS-CMS-3.x-Arbitrary-File-Download.html"
}
]
}

48
2018/18xxx/CVE-2018-18761.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-18761",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +34,28 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "SaltOS 3.1 r8126 allows action=login&querystring=&user=[SQL] SQL Injection."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "45731",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/45731/"
}
]
}

53
2018/18xxx/CVE-2018-18763.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-18763",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +34,33 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "SaltOS 3.1 r8126 allows action=ajax&query=numbers&page=usuarios&action2=[SQL] SQL Injection."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "45733",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/45733/"
},
{
"name" : "http://packetstormsecurity.com/files/150004/SaltOS-Erp-Crm-3.1-r8126-SQL-Injection.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/150004/SaltOS-Erp-Crm-3.1-r8126-SQL-Injection.html"
}
]
}

53
2018/18xxx/CVE-2018-18793.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-18793",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +34,33 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "School Event Management System 1.0 allows Arbitrary File Upload via event/controller.php?action=photos."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "45723",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/45723/"
},
{
"name" : "http://packetstormsecurity.com/files/150006/School-Event-Management-System-1.0-Shell-Upload.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/150006/School-Event-Management-System-1.0-Shell-Upload.html"
}
]
}

53
2018/18xxx/CVE-2018-18794.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-18794",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +34,33 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "School Event Management System 1.0 allows CSRF via user/controller.php?action=edit."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "45724",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/45724/"
},
{
"name" : "http://packetstormsecurity.com/files/150007/School-Event-Management-System-1.0-Cross-Site-Request-Forgery.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/150007/School-Event-Management-System-1.0-Cross-Site-Request-Forgery.html"
}
]
}

53
2018/18xxx/CVE-2018-18795.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-18795",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +34,33 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "School Event Management System 1.0 has SQL Injection via the student/index.php or event/index.php id parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "45722",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/45722/"
},
{
"name" : "http://packetstormsecurity.com/files/150014/School-Event-Management-System-1.0-SQL-Injection.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/150014/School-Event-Management-System-1.0-SQL-Injection.html"
}
]
}

48
2018/18xxx/CVE-2018-18796.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-18796",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +34,28 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "Library Management System 1.0 has SQL Injection via the \"Search for Books\" screen."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://packetstormsecurity.com/files/149987/Library-Management-System-1.0-SQL-Injection.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/149987/Library-Management-System-1.0-SQL-Injection.html"
}
]
}

53
2018/18xxx/CVE-2018-18797.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-18797",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +34,33 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "School Attendance Monitoring System 1.0 has CSRF via /user/user/edit.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "45725",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/45725/"
},
{
"name" : "http://packetstormsecurity.com/files/150008/School-Attendance-Monitoring-System-1.0-Cross-Site-Request-Forgery.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/150008/School-Attendance-Monitoring-System-1.0-Cross-Site-Request-Forgery.html"
}
]
}

53
2018/18xxx/CVE-2018-18799.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-18799",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +34,33 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "School Attendance Monitoring System 1.0 has CSRF via event/controller.php?action=photos."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "45726",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/45726/"
},
{
"name" : "http://packetstormsecurity.com/files/150009/School-Attendance-Monitoring-System-1.0-Shell-Upload.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/150009/School-Attendance-Monitoring-System-1.0-Shell-Upload.html"
}
]
}

53
2018/18xxx/CVE-2018-18801.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-18801",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +34,33 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "The BSEN Ordering software 1.0 has SQL Injection via student/index.php?view=view&id=[SQL] or index.php?q=single-item&id=[SQL]."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "45730",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/45730/"
},
{
"name" : "http://packetstormsecurity.com/files/150017/E-Negosyo-System-1.0-SQL-Injection.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/150017/E-Negosyo-System-1.0-SQL-Injection.html"
}
]
}

53
2018/18xxx/CVE-2018-18803.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-18803",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +34,33 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "Curriculum Evaluation System 1.0 allows SQL Injection via the login screen, related to frmCourse.vb and includes/user.vb."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "45719",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/45719/"
},
{
"name" : "http://packetstormsecurity.com/files/150011/Curriculum-Evaluation-System-1.0-SQL-Injection.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/150011/Curriculum-Evaluation-System-1.0-SQL-Injection.html"
}
]
}

53
2018/18xxx/CVE-2018-18804.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-18804",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +34,33 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "Bakeshop Inventory System 1.0 has SQL injection via the login screen, related to include/publicfunction.vb."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "45720",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/45720/"
},
{
"name" : "http://packetstormsecurity.com/files/150012/Bakeshop-Inventory-System-In-VB.Net-MS-Access-Database-1.0-SQL-Injection.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/150012/Bakeshop-Inventory-System-In-VB.Net-MS-Access-Database-1.0-SQL-Injection.html"
}
]
}

53
2018/18xxx/CVE-2018-18805.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-18805",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +34,33 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "PointOfSales 1.0 allows SQL injection via the login screen, related to LoginForm1.vb."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "45721",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/45721/"
},
{
"name" : "http://packetstormsecurity.com/files/150013/Point-Of-Sales-POS-In-VB.Net-MYSQL-Database-1.0-SQL-Injection.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/150013/Point-Of-Sales-POS-In-VB.Net-MYSQL-Database-1.0-SQL-Injection.html"
}
]
}

48
2018/18xxx/CVE-2018-18806.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-18806",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +34,28 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "School Equipment Monitoring System 1.0 allows SQL injection via the login screen, related to include/user.vb."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://packetstormsecurity.com/files/149996/School-Equipment-Monitoring-System-1.0-SQL-Injection.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/149996/School-Equipment-Monitoring-System-1.0-SQL-Injection.html"
}
]
}