admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-05 10:18:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 00:08:21 +00:00
parent 2773bf8b4c
commit f9829c773f
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
53 changed files with 4318 additions and 4318 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

170
2006/0xxx/CVE-2006-0081.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0081",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "ialmnt5.sys in the ialmrnt5 display driver in Intel Graphics Accelerator Driver 6.14.10.4308 allows attackers to cause a denial of service (crash or screen resolution change) via a long text field, as demonstrated using a long window title."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0081",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060102 Buffer Overflow vulnerability in Windows Display Manager [Suspected]",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2006/Jan/8"
},
{
"name" : "20060103 Re: Buffer Overflow vulnerability in Windows Display Manager [Suspected]",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2006/Jan/32"
},
{
"name" : "16127",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/16127"
},
{
"name" : "ADV-2006-0017",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/0017"
},
{
"name" : "22196",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/22196"
},
{
"name" : "18286",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18286"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ialmnt5.sys in the ialmrnt5 display driver in Intel Graphics Accelerator Driver 6.14.10.4308 allows attackers to cause a denial of service (crash or screen resolution change) via a long text field, as demonstrated using a long window title."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060103 Re: Buffer Overflow vulnerability in Windows Display Manager [Suspected]",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2006/Jan/32"
},
{
"name": "22196",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22196"
},
{
"name": "ADV-2006-0017",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0017"
},
{
"name": "18286",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18286"
},
{
"name": "20060102 Buffer Overflow vulnerability in Windows Display Manager [Suspected]",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2006/Jan/8"
},
{
"name": "16127",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16127"
}
]
}
}

180
2006/0xxx/CVE-2006-0318.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0318",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in index.php in BlogPHP 1.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands and bypass authentication via the username parameter in a login action."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0318",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060117 [eVuln] BlogPHP Authentication Bypass",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/422137/100/0/threaded"
},
{
"name" : "http://evuln.com/vulns/34/summary",
"refsource" : "MISC",
"url" : "http://evuln.com/vulns/34/summary"
},
{
"name" : "16269",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/16269"
},
{
"name" : "ADV-2006-0204",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/0204"
},
{
"name" : "22495",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/22495"
},
{
"name" : "18467",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18467"
},
{
"name" : "blogphp-index-bypass-security(24131)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24131"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in index.php in BlogPHP 1.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands and bypass authentication via the username parameter in a login action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "18467",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18467"
},
{
"name": "16269",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16269"
},
{
"name": "22495",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22495"
},
{
"name": "http://evuln.com/vulns/34/summary",
"refsource": "MISC",
"url": "http://evuln.com/vulns/34/summary"
},
{
"name": "ADV-2006-0204",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0204"
},
{
"name": "20060117 [eVuln] BlogPHP Authentication Bypass",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/422137/100/0/threaded"
},
{
"name": "blogphp-index-bypass-security(24131)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24131"
}
]
}
}

140
2006/0xxx/CVE-2006-0434.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0434",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in action.php in phpXplorer allows remote attackers to read arbitrary files via \"..\" (dot dot) sequences and null bytes in the sAction parameter, a different vulnerability than CVE-2006-0244. NOTE: if the functionality of phpXplorer supports the upload of PHP files, then this issue would not cross privilege boundaries and would not be a vulnerability."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0434",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060118 phpXplorer file inclusion biyosecurity.be",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/422434/100/0/threaded"
},
{
"name" : "16292",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/16292"
},
{
"name" : "phpxplorer-sshare-directory-traversal(39982)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/39982"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in action.php in phpXplorer allows remote attackers to read arbitrary files via \"..\" (dot dot) sequences and null bytes in the sAction parameter, a different vulnerability than CVE-2006-0244. NOTE: if the functionality of phpXplorer supports the upload of PHP files, then this issue would not cross privilege boundaries and would not be a vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "phpxplorer-sshare-directory-traversal(39982)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39982"
},
{
"name": "20060118 phpXplorer file inclusion biyosecurity.be",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/422434/100/0/threaded"
},
{
"name": "16292",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16292"
}
]
}
}

150
2006/0xxx/CVE-2006-0665.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0665",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in (1) query_store.php and (2) manage_proj_create.php in Mantis before 1.0.0 has unknown impact and attack vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. An original vendor bug report is referenced, but not accessible to the general public."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0665",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "DSA-1133",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2006/dsa-1133"
},
{
"name" : "16561",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/16561"
},
{
"name" : "ADV-2006-0485",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/0485"
},
{
"name" : "21400",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21400"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in (1) query_store.php and (2) manage_proj_create.php in Mantis before 1.0.0 has unknown impact and attack vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. An original vendor bug report is referenced, but not accessible to the general public."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-0485",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0485"
},
{
"name": "21400",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21400"
},
{
"name": "DSA-1133",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1133"
},
{
"name": "16561",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16561"
}
]
}
}

280
2006/1xxx/CVE-2006-1502.json
View File

@ -1,142 +1,142 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-1502",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple integer overflows in MPlayer 1.0pre7try2 allow remote attackers to cause a denial of service and trigger heap-based buffer overflows via (1) a certain ASF file handled by asfheader.c that causes the asf_descrambling function to be passed a negative integer after the conversion from a char to an int or (2) an AVI file with a crafted wLongsPerEntry or nEntriesInUse value in the indx chunk, which is handled in aviheader.c."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1502",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060329 [xfocus-SD-060329]MPlayer: Multiple integer overflows",
"refsource" : "FULLDISC",
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2006-March/044615.html"
},
{
"name" : "20060329 [xfocus-SD-060329]MPlayer: Multiple integer overflows",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/429251/100/0/threaded"
},
{
"name" : "http://www.xfocus.org/advisories/200603/11.html",
"refsource" : "MISC",
"url" : "http://www.xfocus.org/advisories/200603/11.html"
},
{
"name" : "GLSA-200605-01",
"refsource" : "GENTOO",
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200605-01.xml"
},
{
"name" : "MDKSA-2006:068",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:068"
},
{
"name" : "17295",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/17295"
},
{
"name" : "ADV-2006-1156",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/1156"
},
{
"name" : "24246",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/24246"
},
{
"name" : "24247",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/24247"
},
{
"name" : "1015842",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1015842"
},
{
"name" : "19418",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19418"
},
{
"name" : "19565",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19565"
},
{
"name" : "19919",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19919"
},
{
"name" : "532",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/532"
},
{
"name" : "647",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/647"
},
{
"name" : "mplayer-asfheader-integer-overflow(25513)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25513"
},
{
"name" : "mplayer-aviheader-integer-overflow(25514)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25514"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple integer overflows in MPlayer 1.0pre7try2 allow remote attackers to cause a denial of service and trigger heap-based buffer overflows via (1) a certain ASF file handled by asfheader.c that causes the asf_descrambling function to be passed a negative integer after the conversion from a char to an int or (2) an AVI file with a crafted wLongsPerEntry or nEntriesInUse value in the indx chunk, which is handled in aviheader.c."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "mplayer-asfheader-integer-overflow(25513)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25513"
},
{
"name": "19418",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19418"
},
{
"name": "http://www.xfocus.org/advisories/200603/11.html",
"refsource": "MISC",
"url": "http://www.xfocus.org/advisories/200603/11.html"
},
{
"name": "647",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/647"
},
{
"name": "20060329 [xfocus-SD-060329]MPlayer: Multiple integer overflows",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-March/044615.html"
},
{
"name": "GLSA-200605-01",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200605-01.xml"
},
{
"name": "24247",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/24247"
},
{
"name": "20060329 [xfocus-SD-060329]MPlayer: Multiple integer overflows",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/429251/100/0/threaded"
},
{
"name": "mplayer-aviheader-integer-overflow(25514)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25514"
},
{
"name": "19565",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19565"
},
{
"name": "19919",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19919"
},
{
"name": "532",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/532"
},
{
"name": "1015842",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015842"
},
{
"name": "17295",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17295"
},
{
"name": "MDKSA-2006:068",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:068"
},
{
"name": "24246",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/24246"
},
{
"name": "ADV-2006-1156",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1156"
}
]
}
}

200
2006/1xxx/CVE-2006-1637.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-1637",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in aWebBB 1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) tname or (2) fpost parameters to (a) post.php; (3) fullname, (4) emailadd, (5) country, (6) sig, or (7) otherav parameters to (b) editac.php; or (8) fullname, (9) emailadd, or (10) country parameters to (c) register.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1637",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060415 [eVuln] aWebBB Multiple XSS and SQL Injection Vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/431064/100/0/threaded"
},
{
"name" : "http://evuln.com/vulns/117/summary.html",
"refsource" : "MISC",
"url" : "http://evuln.com/vulns/117/summary.html"
},
{
"name" : "17352",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/17352"
},
{
"name" : "ADV-2006-1197",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/1197"
},
{
"name" : "24337",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/24337"
},
{
"name" : "24338",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/24338"
},
{
"name" : "24339",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/24339"
},
{
"name" : "19486",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19486"
},
{
"name" : "awebbb-multiple-xss(25585)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25585"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in aWebBB 1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) tname or (2) fpost parameters to (a) post.php; (3) fullname, (4) emailadd, (5) country, (6) sig, or (7) otherav parameters to (b) editac.php; or (8) fullname, (9) emailadd, or (10) country parameters to (c) register.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "24339",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/24339"
},
{
"name": "awebbb-multiple-xss(25585)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25585"
},
{
"name": "19486",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19486"
},
{
"name": "20060415 [eVuln] aWebBB Multiple XSS and SQL Injection Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/431064/100/0/threaded"
},
{
"name": "24338",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/24338"
},
{
"name": "http://evuln.com/vulns/117/summary.html",
"refsource": "MISC",
"url": "http://evuln.com/vulns/117/summary.html"
},
{
"name": "ADV-2006-1197",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1197"
},
{
"name": "17352",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17352"
},
{
"name": "24337",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/24337"
}
]
}
}

170
2006/1xxx/CVE-2006-1718.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-1718",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Magus Perde Clever Copy 3.0 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to view the database username and password via a direct request for connect.inc."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1718",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060407 [ECHO_ADV_28$2006] Clever Copy <= 3.0 Connect.inc Critical Information Disclosure",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/430369/100/0/threaded"
},
{
"name" : "http://advisories.echo.or.id/adv/adv28-K-159-2006.txt",
"refsource" : "MISC",
"url" : "http://advisories.echo.or.id/adv/adv28-K-159-2006.txt"
},
{
"name" : "17461",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/17461"
},
{
"name" : "ADV-2006-1316",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/1316"
},
{
"name" : "19579",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19579"
},
{
"name" : "clevercopy-connect-disclose-information(25720)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25720"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Magus Perde Clever Copy 3.0 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to view the database username and password via a direct request for connect.inc."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-1316",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1316"
},
{
"name": "19579",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19579"
},
{
"name": "clevercopy-connect-disclose-information(25720)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25720"
},
{
"name": "17461",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17461"
},
{
"name": "http://advisories.echo.or.id/adv/adv28-K-159-2006.txt",
"refsource": "MISC",
"url": "http://advisories.echo.or.id/adv/adv28-K-159-2006.txt"
},
{
"name": "20060407 [ECHO_ADV_28$2006] Clever Copy <= 3.0 Connect.inc Critical Information Disclosure",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/430369/100/0/threaded"
}
]
}
}

160
2006/1xxx/CVE-2006-1815.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-1815",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in register.php in Tritanium Bulletin Board (TBB) 1.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) newuser_realname and (2) newuser_icq parameters, a different vector than CVE-2006-1768. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1815",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "ADV-2006-1329",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/1329"
},
{
"name" : "24556",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/24556"
},
{
"name" : "19635",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19635"
},
{
"name" : "693",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/693"
},
{
"name" : "tritaniumbb-register-xss(25751)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25751"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in register.php in Tritanium Bulletin Board (TBB) 1.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) newuser_realname and (2) newuser_icq parameters, a different vector than CVE-2006-1768. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "19635",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19635"
},
{
"name": "ADV-2006-1329",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1329"
},
{
"name": "24556",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/24556"
},
{
"name": "tritaniumbb-register-xss(25751)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25751"
},
{
"name": "693",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/693"
}
]
}
}

170
2006/4xxx/CVE-2006-4049.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4049",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the utxconfig utility in Sun Ray Server Software 3.x allows local users to create or overwrite arbitrary files via unknown attack vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4049",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "101924",
"refsource" : "SUNALERT",
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101924-1"
},
{
"name" : "19394",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/19394"
},
{
"name" : "ADV-2006-3226",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3226"
},
{
"name" : "1016647",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1016647"
},
{
"name" : "21398",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21398"
},
{
"name" : "sun-ray-utxconfig-file-manipulation(28260)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28260"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the utxconfig utility in Sun Ray Server Software 3.x allows local users to create or overwrite arbitrary files via unknown attack vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "101924",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101924-1"
},
{
"name": "19394",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19394"
},
{
"name": "sun-ray-utxconfig-file-manipulation(28260)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28260"
},
{
"name": "ADV-2006-3226",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3226"
},
{
"name": "1016647",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016647"
},
{
"name": "21398",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21398"
}
]
}
}

180
2006/4xxx/CVE-2006-4050.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4050",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in auto_check_renewals.php in phpAutoMembersArea (phpAMA) 3.2.4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the installed_config_file parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4050",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060804 phpAutoMembersArea 3.2.5 ($installed_config_file) Remote File Inclusion",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/442242/100/0/threaded"
},
{
"name" : "http://dwalker.co.uk/forum/viewtopic.php?t=517",
"refsource" : "CONFIRM",
"url" : "http://dwalker.co.uk/forum/viewtopic.php?t=517"
},
{
"name" : "19354",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/19354"
},
{
"name" : "ADV-2006-3170",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3170"
},
{
"name" : "21373",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21373"
},
{
"name" : "1352",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1352"
},
{
"name" : "phpama-autocheckrenewals-file-include(28233)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28233"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in auto_check_renewals.php in phpAutoMembersArea (phpAMA) 3.2.4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the installed_config_file parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1352",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1352"
},
{
"name": "http://dwalker.co.uk/forum/viewtopic.php?t=517",
"refsource": "CONFIRM",
"url": "http://dwalker.co.uk/forum/viewtopic.php?t=517"
},
{
"name": "phpama-autocheckrenewals-file-include(28233)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28233"
},
{
"name": "19354",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19354"
},
{
"name": "ADV-2006-3170",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3170"
},
{
"name": "20060804 phpAutoMembersArea 3.2.5 ($installed_config_file) Remote File Inclusion",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/442242/100/0/threaded"
},
{
"name": "21373",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21373"
}
]
}
}

240
2006/4xxx/CVE-2006-4071.json
View File

@ -1,122 +1,122 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4071",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Sign extension vulnerability in the createBrushIndirect function in the GDI library (gdi32.dll) in Microsoft Windows XP, Server 2003, and possibly other versions, allows user-assisted attackers to cause a denial of service (application crash) via a crafted WMF file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4071",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060806 0-day XP SP2 wmf exploit",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/442426/100/0/threaded"
},
{
"name" : "20060807 0-day XP SP2 wmf exploit (some details)",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/442420/100/0/threaded"
},
{
"name" : "20070111 WMF CreateBrushIndirect vulnerability (DoS)",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/456585/100/0/threaded"
},
{
"name" : "20060806 0-day XP SP2 wmf exploit",
"refsource" : "FULLDISC",
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2006-August/048530.html"
},
{
"name" : "20060807 0-day XP SP2 wmf exploit (some details)",
"refsource" : "FULLDISC",
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2006-August/048547.html"
},
{
"name" : "http://determina.blogspot.com/2007/01/whats-wrong-with-wmf.html",
"refsource" : "MISC",
"url" : "http://determina.blogspot.com/2007/01/whats-wrong-with-wmf.html"
},
{
"name" : "3111",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/3111"
},
{
"name" : "21992",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/21992"
},
{
"name" : "19365",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/19365"
},
{
"name" : "ADV-2006-3180",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3180"
},
{
"name" : "21377",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21377"
},
{
"name" : "1353",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1353"
},
{
"name" : "windows-wmf-gdi32-dos(28281)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28281"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Sign extension vulnerability in the createBrushIndirect function in the GDI library (gdi32.dll) in Microsoft Windows XP, Server 2003, and possibly other versions, allows user-assisted attackers to cause a denial of service (application crash) via a crafted WMF file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "windows-wmf-gdi32-dos(28281)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28281"
},
{
"name": "20070111 WMF CreateBrushIndirect vulnerability (DoS)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/456585/100/0/threaded"
},
{
"name": "20060806 0-day XP SP2 wmf exploit",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-August/048530.html"
},
{
"name": "19365",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19365"
},
{
"name": "3111",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/3111"
},
{
"name": "20060807 0-day XP SP2 wmf exploit (some details)",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-August/048547.html"
},
{
"name": "ADV-2006-3180",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3180"
},
{
"name": "21377",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21377"
},
{
"name": "http://determina.blogspot.com/2007/01/whats-wrong-with-wmf.html",
"refsource": "MISC",
"url": "http://determina.blogspot.com/2007/01/whats-wrong-with-wmf.html"
},
{
"name": "1353",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1353"
},
{
"name": "21992",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21992"
},
{
"name": "20060806 0-day XP SP2 wmf exploit",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/442426/100/0/threaded"
},
{
"name": "20060807 0-day XP SP2 wmf exploit (some details)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/442420/100/0/threaded"
}
]
}
}

140
2006/4xxx/CVE-2006-4711.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4711",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in Sage allow remote attackers to inject arbitrary web script or HTML via an Atom 1.0 feed, as demonstrated by certain test cases of the James M. Snell Atom 1.0 feed reader test suite."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4711",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://mozdev.org/bugs/show_bug.cgi?id=15101",
"refsource" : "MISC",
"url" : "http://mozdev.org/bugs/show_bug.cgi?id=15101"
},
{
"name" : "http://www.snellspace.com/wp/?p=410",
"refsource" : "MISC",
"url" : "http://www.snellspace.com/wp/?p=410"
},
{
"name" : "http://www.snellspace.com/wp/?p=448",
"refsource" : "MISC",
"url" : "http://www.snellspace.com/wp/?p=448"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Sage allow remote attackers to inject arbitrary web script or HTML via an Atom 1.0 feed, as demonstrated by certain test cases of the James M. Snell Atom 1.0 feed reader test suite."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.snellspace.com/wp/?p=410",
"refsource": "MISC",
"url": "http://www.snellspace.com/wp/?p=410"
},
{
"name": "http://mozdev.org/bugs/show_bug.cgi?id=15101",
"refsource": "MISC",
"url": "http://mozdev.org/bugs/show_bug.cgi?id=15101"
},
{
"name": "http://www.snellspace.com/wp/?p=448",
"refsource": "MISC",
"url": "http://www.snellspace.com/wp/?p=448"
}
]
}
}

190
2006/5xxx/CVE-2006-5660.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-5660",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cisco Security Agent Management Center (CSAMC) 5.1 before 5.1.0.79 does not properly handle certain LDAP error messages, which allows remote attackers to bypass authentication requirements via an empty password when using an external LDAP server."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5660",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20061101 Cisco Security Agent Management Center LDAP Administrator Authentication Bypass",
"refsource" : "CISCO",
"url" : "http://www.cisco.com/en/US/products/products_security_advisory09186a00807726f7.shtml"
},
{
"name" : "VU#778648",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/778648"
},
{
"name" : "20852",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/20852"
},
{
"name" : "ADV-2006-4308",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/4308"
},
{
"name" : "30169",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/30169"
},
{
"name" : "1017148",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1017148"
},
{
"name" : "22684",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22684"
},
{
"name" : "cisco-csamc-auth-bypass(29955)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29955"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cisco Security Agent Management Center (CSAMC) 5.1 before 5.1.0.79 does not properly handle certain LDAP error messages, which allows remote attackers to bypass authentication requirements via an empty password when using an external LDAP server."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "cisco-csamc-auth-bypass(29955)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29955"
},
{
"name": "22684",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22684"
},
{
"name": "20061101 Cisco Security Agent Management Center LDAP Administrator Authentication Bypass",
"refsource": "CISCO",
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a00807726f7.shtml"
},
{
"name": "30169",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/30169"
},
{
"name": "ADV-2006-4308",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4308"
},
{
"name": "20852",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20852"
},
{
"name": "1017148",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017148"
},
{
"name": "VU#778648",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/778648"
}
]
}
}

190
2006/5xxx/CVE-2006-5703.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-5703",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in tiki-featured_link.php in Tikiwiki 1.9.5 allows remote attackers to inject arbitrary web script or HTML via a url parameter that evades filtering, as demonstrated by a parameter value containing malformed, nested SCRIPT elements."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5703",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20061101 tikiwiki 1.9.5 mysql password disclosure & xss",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/450268/100/0/threaded"
},
{
"name" : "GLSA-200611-11",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-200611-11.xml"
},
{
"name" : "20858",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/20858"
},
{
"name" : "ADV-2006-4316",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/4316"
},
{
"name" : "22678",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22678"
},
{
"name" : "23039",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/23039"
},
{
"name" : "1816",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1816"
},
{
"name" : "tikiwiki-tikifeatured-xss(29958)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29958"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in tiki-featured_link.php in Tikiwiki 1.9.5 allows remote attackers to inject arbitrary web script or HTML via a url parameter that evades filtering, as demonstrated by a parameter value containing malformed, nested SCRIPT elements."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-4316",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4316"
},
{
"name": "tikiwiki-tikifeatured-xss(29958)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29958"
},
{
"name": "20061101 tikiwiki 1.9.5 mysql password disclosure & xss",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/450268/100/0/threaded"
},
{
"name": "22678",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22678"
},
{
"name": "23039",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23039"
},
{
"name": "GLSA-200611-11",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200611-11.xml"
},
{
"name": "1816",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1816"
},
{
"name": "20858",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20858"
}
]
}
}

200
2010/0xxx/CVE-2010-0359.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-0359",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in the SSLv2 support in Zeus Web Server before 4.3r5 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a long string in an invalid Client Hello message."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-0359",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://intevydis.blogspot.com/2010/01/zeus-web-server-ssl2clienthello.html",
"refsource" : "MISC",
"url" : "http://intevydis.blogspot.com/2010/01/zeus-web-server-ssl2clienthello.html"
},
{
"name" : "http://intevydis.com/vd-list.shtml",
"refsource" : "MISC",
"url" : "http://intevydis.com/vd-list.shtml"
},
{
"name" : "http://support.zeus.com/zws/media/docs/4.3/RELEASE_NOTES",
"refsource" : "CONFIRM",
"url" : "http://support.zeus.com/zws/media/docs/4.3/RELEASE_NOTES"
},
{
"name" : "http://support.zeus.com/zws/news/2010/01/13/zws_4_3r5_released",
"refsource" : "CONFIRM",
"url" : "http://support.zeus.com/zws/news/2010/01/13/zws_4_3r5_released"
},
{
"name" : "37829",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/37829"
},
{
"name" : "61699",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/61699"
},
{
"name" : "1023465",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1023465"
},
{
"name" : "38056",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/38056"
},
{
"name" : "ADV-2010-0147",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/0147"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the SSLv2 support in Zeus Web Server before 4.3r5 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a long string in an invalid Client Hello message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2010-0147",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/0147"
},
{
"name": "61699",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/61699"
},
{
"name": "http://support.zeus.com/zws/news/2010/01/13/zws_4_3r5_released",
"refsource": "CONFIRM",
"url": "http://support.zeus.com/zws/news/2010/01/13/zws_4_3r5_released"
},
{
"name": "http://support.zeus.com/zws/media/docs/4.3/RELEASE_NOTES",
"refsource": "CONFIRM",
"url": "http://support.zeus.com/zws/media/docs/4.3/RELEASE_NOTES"
},
{
"name": "1023465",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1023465"
},
{
"name": "http://intevydis.com/vd-list.shtml",
"refsource": "MISC",
"url": "http://intevydis.com/vd-list.shtml"
},
{
"name": "37829",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37829"
},
{
"name": "38056",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38056"
},
{
"name": "http://intevydis.blogspot.com/2010/01/zeus-web-server-ssl2clienthello.html",
"refsource": "MISC",
"url": "http://intevydis.blogspot.com/2010/01/zeus-web-server-ssl2clienthello.html"
}
]
}
}

200
2010/0xxx/CVE-2010-0682.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-0682",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "WordPress 2.9 before 2.9.2 allows remote authenticated users to read trash posts from other authors via a direct request with a modified p parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-0682",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://hakre.wordpress.com/2010/02/16/the-short-memory-of-wordpress-org-security/",
"refsource" : "MISC",
"url" : "http://hakre.wordpress.com/2010/02/16/the-short-memory-of-wordpress-org-security/"
},
{
"name" : "http://tmacuk.co.uk/?p=180",
"refsource" : "MISC",
"url" : "http://tmacuk.co.uk/?p=180"
},
{
"name" : "http://wordpress.org/development/2010/02/wordpress-2-9-2/",
"refsource" : "CONFIRM",
"url" : "http://wordpress.org/development/2010/02/wordpress-2-9-2/"
},
{
"name" : "https://core.trac.wordpress.org/ticket/11236",
"refsource" : "CONFIRM",
"url" : "https://core.trac.wordpress.org/ticket/11236"
},
{
"name" : "FEDORA-2010-19329",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052932.html"
},
{
"name" : "FEDORA-2010-19330",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052917.html"
},
{
"name" : "62330",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/62330"
},
{
"name" : "38592",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/38592"
},
{
"name" : "42871",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42871"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WordPress 2.9 before 2.9.2 allows remote authenticated users to read trash posts from other authors via a direct request with a modified p parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FEDORA-2010-19329",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052932.html"
},
{
"name": "http://tmacuk.co.uk/?p=180",
"refsource": "MISC",
"url": "http://tmacuk.co.uk/?p=180"
},
{
"name": "http://wordpress.org/development/2010/02/wordpress-2-9-2/",
"refsource": "CONFIRM",
"url": "http://wordpress.org/development/2010/02/wordpress-2-9-2/"
},
{
"name": "42871",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42871"
},
{
"name": "http://hakre.wordpress.com/2010/02/16/the-short-memory-of-wordpress-org-security/",
"refsource": "MISC",
"url": "http://hakre.wordpress.com/2010/02/16/the-short-memory-of-wordpress-org-security/"
},
{
"name": "https://core.trac.wordpress.org/ticket/11236",
"refsource": "CONFIRM",
"url": "https://core.trac.wordpress.org/ticket/11236"
},
{
"name": "38592",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38592"
},
{
"name": "FEDORA-2010-19330",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052917.html"
},
{
"name": "62330",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/62330"
}
]
}
}

140
2010/2xxx/CVE-2010-2013.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2013",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in cp/edit_email.php in LiSK CMS 4.4 allows remote attackers to inject arbitrary web script or HTML via the id parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2013",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20100520 XSS vulnerability in LiSK CMS",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/511379/100/0/threaded"
},
{
"name" : "http://www.htbridge.ch/advisory/xss_vulnerability_in_product.html",
"refsource" : "MISC",
"url" : "http://www.htbridge.ch/advisory/xss_vulnerability_in_product.html"
},
{
"name" : "39912",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/39912"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in cp/edit_email.php in LiSK CMS 4.4 allows remote attackers to inject arbitrary web script or HTML via the id parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.htbridge.ch/advisory/xss_vulnerability_in_product.html",
"refsource": "MISC",
"url": "http://www.htbridge.ch/advisory/xss_vulnerability_in_product.html"
},
{
"name": "20100520 XSS vulnerability in LiSK CMS",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/511379/100/0/threaded"
},
{
"name": "39912",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39912"
}
]
}
}

160
2010/2xxx/CVE-2010-2920.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2920",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in the Foobla Suggestions (com_foobla_suggestions) component 1.5.1.2 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the controller parameter to index.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2920",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "12120",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/12120"
},
{
"name" : "http://packetstormsecurity.org/1004-exploits/joomlafoobla-lfi.txt",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.org/1004-exploits/joomlafoobla-lfi.txt"
},
{
"name" : "39341",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/39341"
},
{
"name" : "ADV-2010-1844",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/1844"
},
{
"name" : "comfoobla-controller-file-include(57660)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/57660"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in the Foobla Suggestions (com_foobla_suggestions) component 1.5.1.2 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the controller parameter to index.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "39341",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/39341"
},
{
"name": "ADV-2010-1844",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1844"
},
{
"name": "comfoobla-controller-file-include(57660)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/57660"
},
{
"name": "12120",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/12120"
},
{
"name": "http://packetstormsecurity.org/1004-exploits/joomlafoobla-lfi.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/1004-exploits/joomlafoobla-lfi.txt"
}
]
}
}

410
2010/2xxx/CVE-2010-2935.json
View File

@ -1,207 +1,207 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2935",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "simpress.bin in the Impress module in OpenOffice.org (OOo) 2.x and 3.x before 3.3 does not properly handle integer values associated with dictionary property items, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PowerPoint document that triggers a heap-based buffer overflow, related to an \"integer truncation error.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-2935",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[dev] 20100806 Two exploitable OpenOffice.org bugs!",
"refsource" : "MLIST",
"url" : "http://www.openoffice.org/servlets/ReadMsg?list=dev&msgNo=27690"
},
{
"name" : "[oss-security] 20100811 CVE Request -- OpenOffice.org [two ids]: 1, integer truncation error 2, short integer overflow",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2010/08/11/1"
},
{
"name" : "[oss-security] 20100811 Re: CVE Request -- OpenOffice.org [two ids]: 1, integer truncation error 2, short integer overflow",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2010/08/11/4"
},
{
"name" : "http://securityevaluators.com/files/papers/CrashAnalysis.pdf",
"refsource" : "MISC",
"url" : "http://securityevaluators.com/files/papers/CrashAnalysis.pdf"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=622529",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=622529"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html"
},
{
"name" : "http://www.openoffice.org/security/cves/CVE-2010-2935_CVE-2010-2936.html",
"refsource" : "CONFIRM",
"url" : "http://www.openoffice.org/security/cves/CVE-2010-2935_CVE-2010-2936.html"
},
{
"name" : "DSA-2099",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2010/dsa-2099"
},
{
"name" : "GLSA-201408-19",
"refsource" : "GENTOO",
"url" : "http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml"
},
{
"name" : "MDVSA-2010:221",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:221"
},
{
"name" : "RHSA-2010:0643",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0643.html"
},
{
"name" : "SUSE-SR:2010:019",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html"
},
{
"name" : "SUSE-SR:2010:024",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html"
},
{
"name" : "USN-1056-1",
"refsource" : "UBUNTU",
"url" : "http://ubuntu.com/usn/usn-1056-1"
},
{
"name" : "oval:org.mitre.oval:def:12063",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12063"
},
{
"name" : "1024352",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1024352"
},
{
"name" : "1024976",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1024976"
},
{
"name" : "40775",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/40775"
},
{
"name" : "41052",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/41052"
},
{
"name" : "41235",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/41235"
},
{
"name" : "42927",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42927"
},
{
"name" : "43105",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/43105"
},
{
"name" : "60799",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/60799"
},
{
"name" : "ADV-2010-2003",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/2003"
},
{
"name" : "ADV-2010-2149",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/2149"
},
{
"name" : "ADV-2010-2228",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/2228"
},
{
"name" : "ADV-2010-2905",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/2905"
},
{
"name" : "ADV-2011-0150",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0150"
},
{
"name" : "ADV-2011-0230",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0230"
},
{
"name" : "ADV-2011-0279",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0279"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "simpress.bin in the Impress module in OpenOffice.org (OOo) 2.x and 3.x before 3.3 does not properly handle integer values associated with dictionary property items, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PowerPoint document that triggers a heap-based buffer overflow, related to an \"integer truncation error.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "40775",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40775"
},
{
"name": "[dev] 20100806 Two exploitable OpenOffice.org bugs!",
"refsource": "MLIST",
"url": "http://www.openoffice.org/servlets/ReadMsg?list=dev&msgNo=27690"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=622529",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=622529"
},
{
"name": "MDVSA-2010:221",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:221"
},
{
"name": "ADV-2010-2003",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/2003"
},
{
"name": "60799",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60799"
},
{
"name": "1024976",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1024976"
},
{
"name": "GLSA-201408-19",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml"
},
{
"name": "oval:org.mitre.oval:def:12063",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12063"
},
{
"name": "ADV-2011-0150",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0150"
},
{
"name": "42927",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42927"
},
{
"name": "RHSA-2010:0643",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0643.html"
},
{
"name": "ADV-2011-0230",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0230"
},
{
"name": "ADV-2010-2149",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/2149"
},
{
"name": "[oss-security] 20100811 CVE Request -- OpenOffice.org [two ids]: 1, integer truncation error 2, short integer overflow",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/08/11/1"
},
{
"name": "ADV-2010-2228",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/2228"
},
{
"name": "http://www.openoffice.org/security/cves/CVE-2010-2935_CVE-2010-2936.html",
"refsource": "CONFIRM",
"url": "http://www.openoffice.org/security/cves/CVE-2010-2935_CVE-2010-2936.html"
},
{
"name": "41235",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/41235"
},
{
"name": "USN-1056-1",
"refsource": "UBUNTU",
"url": "http://ubuntu.com/usn/usn-1056-1"
},
{
"name": "ADV-2011-0279",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0279"
},
{
"name": "1024352",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1024352"
},
{
"name": "43105",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43105"
},
{
"name": "http://securityevaluators.com/files/papers/CrashAnalysis.pdf",
"refsource": "MISC",
"url": "http://securityevaluators.com/files/papers/CrashAnalysis.pdf"
},
{
"name": "SUSE-SR:2010:024",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html"
},
{
"name": "DSA-2099",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2010/dsa-2099"
},
{
"name": "SUSE-SR:2010:019",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html"
},
{
"name": "41052",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/41052"
},
{
"name": "ADV-2010-2905",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/2905"
},
{
"name": "[oss-security] 20100811 Re: CVE Request -- OpenOffice.org [two ids]: 1, integer truncation error 2, short integer overflow",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/08/11/4"
}
]
}
}

220
2010/3xxx/CVE-2010-3032.json
View File

@ -1,112 +1,112 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3032",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Integer overflow in the OBGIOPServerWorker::extractHeader function in the ebus-3-3-2-6.dll module in SAP Crystal Reports 2008 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a GIOP packet with a crafted size, which triggers a heap-based buffer overflow."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-3032",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20100811 RE: Correction to: ZDI-10-151: SAP Crystal Reports 2008 GIOP Message Size Integer Overflow Remote Code Execution Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/513024/100/0/threaded"
},
{
"name" : "20100811 ZDI-10-151: SAP Crystal Reports 2008 GIOP Message Size Integer Overflow Remote Code Execution Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/513023/100/0/threaded"
},
{
"name" : "20100813 Re: Correction to: ZDI-10-151: SAP Crystal Reports 2008 GIOP Message Size Integer Overflow Remote Code Execution Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/513103/100/0/threaded"
},
{
"name" : "http://dvlabs.tippingpoint.com/advisory/TPTI-10-07",
"refsource" : "MISC",
"url" : "http://dvlabs.tippingpoint.com/advisory/TPTI-10-07"
},
{
"name" : "https://service.sap.com/sap/support/notes/1473327",
"refsource" : "MISC",
"url" : "https://service.sap.com/sap/support/notes/1473327"
},
{
"name" : "42374",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/42374"
},
{
"name" : "67080",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/67080"
},
{
"name" : "1024334",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1024334"
},
{
"name" : "40960",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/40960"
},
{
"name" : "ADV-2010-2074",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/2074"
},
{
"name" : "sap-crystal-giop-bo(61065)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/61065"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in the OBGIOPServerWorker::extractHeader function in the ebus-3-3-2-6.dll module in SAP Crystal Reports 2008 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a GIOP packet with a crafted size, which triggers a heap-based buffer overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2010-2074",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/2074"
},
{
"name": "http://dvlabs.tippingpoint.com/advisory/TPTI-10-07",
"refsource": "MISC",
"url": "http://dvlabs.tippingpoint.com/advisory/TPTI-10-07"
},
{
"name": "sap-crystal-giop-bo(61065)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61065"
},
{
"name": "20100813 Re: Correction to: ZDI-10-151: SAP Crystal Reports 2008 GIOP Message Size Integer Overflow Remote Code Execution Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/513103/100/0/threaded"
},
{
"name": "40960",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40960"
},
{
"name": "https://service.sap.com/sap/support/notes/1473327",
"refsource": "MISC",
"url": "https://service.sap.com/sap/support/notes/1473327"
},
{
"name": "42374",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/42374"
},
{
"name": "20100811 RE: Correction to: ZDI-10-151: SAP Crystal Reports 2008 GIOP Message Size Integer Overflow Remote Code Execution Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/513024/100/0/threaded"
},
{
"name": "20100811 ZDI-10-151: SAP Crystal Reports 2008 GIOP Message Size Integer Overflow Remote Code Execution Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/513023/100/0/threaded"
},
{
"name": "1024334",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1024334"
},
{
"name": "67080",
"refsource": "OSVDB",
"url": "http://osvdb.org/67080"
}
]
}
}

140
2010/3xxx/CVE-2010-3181.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3181",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Untrusted search path vulnerability in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 on Windows allows local users to gain privileges via a Trojan horse DLL in the current working directory."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-3181",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.mozilla.org/security/announce/2010/mfsa2010-71.html",
"refsource" : "CONFIRM",
"url" : "http://www.mozilla.org/security/announce/2010/mfsa2010-71.html"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=589190",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=589190"
},
{
"name" : "oval:org.mitre.oval:def:12116",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12116"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 on Windows allows local users to gain privileges via a Trojan horse DLL in the current working directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=589190",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=589190"
},
{
"name": "oval:org.mitre.oval:def:12116",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12116"
},
{
"name": "http://www.mozilla.org/security/announce/2010/mfsa2010-71.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/security/announce/2010/mfsa2010-71.html"
}
]
}
}

34
2010/3xxx/CVE-2010-3806.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3806",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-3806",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

150
2010/4xxx/CVE-2010-4099.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-4099",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "ess.pm in NitroSecurity NitroView ESM 8.4.0a, when ESSPMDebug is enabled, allows remote attackers to execute arbitrary commands via shell metacharacters in the Request parameter to ess."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4099",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "15318",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/15318"
},
{
"name" : "44421",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/44421"
},
{
"name" : "1024639",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1024639"
},
{
"name" : "nitrosecurityesm-ess-command-execution(62768)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/62768"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ess.pm in NitroSecurity NitroView ESM 8.4.0a, when ESSPMDebug is enabled, allows remote attackers to execute arbitrary commands via shell metacharacters in the Request parameter to ess."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "nitrosecurityesm-ess-command-execution(62768)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/62768"
},
{
"name": "15318",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/15318"
},
{
"name": "1024639",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1024639"
},
{
"name": "44421",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/44421"
}
]
}
}

180
2010/4xxx/CVE-2010-4335.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-4335",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The _validatePost function in libs/controller/components/security.php in CakePHP 1.3.x through 1.3.5 and 1.2.8 allows remote attackers to modify the internal Cake cache and execute arbitrary code via a crafted data[_Token][fields] value that is processed by the unserialize function, as demonstrated by modifying the file_map cache to execute arbitrary local files."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-4335",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "16011",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/16011"
},
{
"name" : "http://malloc.im/CakePHP-unserialize.txt",
"refsource" : "MISC",
"url" : "http://malloc.im/CakePHP-unserialize.txt"
},
{
"name" : "http://packetstormsecurity.org/files/view/95847/burnedcake.py.txt",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.org/files/view/95847/burnedcake.py.txt"
},
{
"name" : "https://github.com/cakephp/cakephp/commit/e431e86aa4301ced4273dc7919b59362cbb353cb",
"refsource" : "CONFIRM",
"url" : "https://github.com/cakephp/cakephp/commit/e431e86aa4301ced4273dc7919b59362cbb353cb"
},
{
"name" : "69352",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/69352"
},
{
"name" : "42211",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42211"
},
{
"name" : "8026",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/8026"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The _validatePost function in libs/controller/components/security.php in CakePHP 1.3.x through 1.3.5 and 1.2.8 allows remote attackers to modify the internal Cake cache and execute arbitrary code via a crafted data[_Token][fields] value that is processed by the unserialize function, as demonstrated by modifying the file_map cache to execute arbitrary local files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/cakephp/cakephp/commit/e431e86aa4301ced4273dc7919b59362cbb353cb",
"refsource": "CONFIRM",
"url": "https://github.com/cakephp/cakephp/commit/e431e86aa4301ced4273dc7919b59362cbb353cb"
},
{
"name": "16011",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/16011"
},
{
"name": "http://packetstormsecurity.org/files/view/95847/burnedcake.py.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/files/view/95847/burnedcake.py.txt"
},
{
"name": "69352",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/69352"
},
{
"name": "8026",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8026"
},
{
"name": "http://malloc.im/CakePHP-unserialize.txt",
"refsource": "MISC",
"url": "http://malloc.im/CakePHP-unserialize.txt"
},
{
"name": "42211",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42211"
}
]
}
}

160
2010/4xxx/CVE-2010-4782.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-4782",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in list.asp in Softwebs Nepal (aka Ananda Raj Pandey) Ananda Real Estate 3.4 allow remote attackers to execute arbitrary SQL commands via the (1) city, (2) state, (3) country, (4) minprice, (5) maxprice, (6) bed, and (7) bath parameters, different vectors than CVE-2006-6807."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4782",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "15661",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/15661"
},
{
"name" : "http://packetstormsecurity.org/files/view/96305/anandarealestate-sql.txt",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.org/files/view/96305/anandarealestate-sql.txt"
},
{
"name" : "45146",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/45146"
},
{
"name" : "23506",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/23506"
},
{
"name" : "8185",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/8185"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in list.asp in Softwebs Nepal (aka Ananda Raj Pandey) Ananda Real Estate 3.4 allow remote attackers to execute arbitrary SQL commands via the (1) city, (2) state, (3) country, (4) minprice, (5) maxprice, (6) bed, and (7) bath parameters, different vectors than CVE-2006-6807."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "23506",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23506"
},
{
"name": "15661",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/15661"
},
{
"name": "http://packetstormsecurity.org/files/view/96305/anandarealestate-sql.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/files/view/96305/anandarealestate-sql.txt"
},
{
"name": "8185",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8185"
},
{
"name": "45146",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/45146"
}
]
}
}

170
2010/4xxx/CVE-2010-4998.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-4998",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in ardeaCore/lib/core/ardeaInit.php in ardeaCore PHP Framework 2.2 allows remote attackers to execute arbitrary PHP code via a URL in the pathForArdeaCore parameter. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4998",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "13832",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/13832/"
},
{
"name" : "http://packetstormsecurity.org/1006-exploits/ardeacore-rfi.txt",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.org/1006-exploits/ardeacore-rfi.txt"
},
{
"name" : "40811",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/40811"
},
{
"name" : "40207",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/40207"
},
{
"name" : "8503",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/8503"
},
{
"name" : "ADV-2010-1444",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/1444"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in ardeaCore/lib/core/ardeaInit.php in ardeaCore PHP Framework 2.2 allows remote attackers to execute arbitrary PHP code via a URL in the pathForArdeaCore parameter. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2010-1444",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1444"
},
{
"name": "8503",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8503"
},
{
"name": "http://packetstormsecurity.org/1006-exploits/ardeacore-rfi.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/1006-exploits/ardeacore-rfi.txt"
},
{
"name": "40811",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/40811"
},
{
"name": "13832",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/13832/"
},
{
"name": "40207",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40207"
}
]
}
}

130
2011/5xxx/CVE-2011-5049.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-5049",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "MySQL 5.5.8, when running on Windows, allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted packet to TCP port 3306."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-5049",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "18269",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/18269"
},
{
"name" : "mysql-port-dos(71965)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/71965"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "MySQL 5.5.8, when running on Windows, allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted packet to TCP port 3306."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "18269",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/18269"
},
{
"name": "mysql-port-dos(71965)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71965"
}
]
}
}

132
2014/10xxx/CVE-2014-10053.json
View File

@ -1,68 +1,68 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "product-security@qualcomm.com",
"DATE_PUBLIC" : "2018-04-02T00:00:00",
"ID" : "CVE-2014-10053",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear",
"version" : {
"version_data" : [
{
"version_value" : "MDM9206, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 615/16/SD 415, SD 450, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850"
}
]
}
}
]
},
"vendor_name" : "Qualcomm, Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 615/16/SD 415, SD 450, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, and SD 850, data access is not properly validated in the Widevine secure application."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Improper Input Validation in TrustZone"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@qualcomm.com",
"DATE_PUBLIC": "2018-04-02T00:00:00",
"ID": "CVE-2014-10053",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear",
"version": {
"version_data": [
{
"version_value": "MDM9206, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 615/16/SD 415, SD 450, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850"
}
]
}
}
]
},
"vendor_name": "Qualcomm, Inc."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://source.android.com/security/bulletin/2018-04-01",
"refsource" : "CONFIRM",
"url" : "https://source.android.com/security/bulletin/2018-04-01"
},
{
"name" : "103671",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/103671"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 615/16/SD 415, SD 450, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, and SD 850, data access is not properly validated in the Widevine secure application."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Input Validation in TrustZone"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/2018-04-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2018-04-01"
},
{
"name": "103671",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103671"
}
]
}
}

180
2014/3xxx/CVE-2014-3005.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3005",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "XML external entity (XXE) vulnerability in Zabbix 1.8.x before 1.8.21rc1, 2.0.x before 2.0.13rc1, 2.2.x before 2.2.5rc1, and 2.3.x before 2.3.2 allows remote attackers to read arbitrary files or potentially execute arbitrary code via a crafted DTD in an XML request."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-3005",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20140617 [CVE-2014-3005]Zabbix 1.8.x-2.2.x Local File Inclusion via XXE Attack",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2014/Jun/87"
},
{
"name" : "https://web.archive.org/web/20140622034155/http://www.pnigos.com:80/?p=273",
"refsource" : "MISC",
"url" : "https://web.archive.org/web/20140622034155/http://www.pnigos.com:80/?p=273"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1110496",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1110496"
},
{
"name" : "https://support.zabbix.com/browse/ZBX-8151",
"refsource" : "CONFIRM",
"url" : "https://support.zabbix.com/browse/ZBX-8151"
},
{
"name" : "FEDORA-2014-7594",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134885.html"
},
{
"name" : "FEDORA-2014-7603",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134909.html"
},
{
"name" : "68075",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/68075"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XML external entity (XXE) vulnerability in Zabbix 1.8.x before 1.8.21rc1, 2.0.x before 2.0.13rc1, 2.2.x before 2.2.5rc1, and 2.3.x before 2.3.2 allows remote attackers to read arbitrary files or potentially execute arbitrary code via a crafted DTD in an XML request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FEDORA-2014-7594",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134885.html"
},
{
"name": "68075",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/68075"
},
{
"name": "https://support.zabbix.com/browse/ZBX-8151",
"refsource": "CONFIRM",
"url": "https://support.zabbix.com/browse/ZBX-8151"
},
{
"name": "FEDORA-2014-7603",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134909.html"
},
{
"name": "20140617 [CVE-2014-3005]Zabbix 1.8.x-2.2.x Local File Inclusion via XXE Attack",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Jun/87"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1110496",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1110496"
},
{
"name": "https://web.archive.org/web/20140622034155/http://www.pnigos.com:80/?p=273",
"refsource": "MISC",
"url": "https://web.archive.org/web/20140622034155/http://www.pnigos.com:80/?p=273"
}
]
}
}

130
2014/3xxx/CVE-2014-3092.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3092",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Jazz Team Server, as used in Rational Collaborative Lifecycle Management; Rational Quality Manager 3.x before 3.0.1.6 iFix 3, 4.x before 4.0.7, and 5.x before 5.0.1; and other Rational products, does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-3092",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21682787",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21682787"
},
{
"name" : "ibm-rclm-cve20143092-cookie(94258)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/94258"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Jazz Team Server, as used in Rational Collaborative Lifecycle Management; Rational Quality Manager 3.x before 3.0.1.6 iFix 3, 4.x before 4.0.7, and 5.x before 5.0.1; and other Rational products, does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21682787",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682787"
},
{
"name": "ibm-rclm-cve20143092-cookie(94258)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94258"
}
]
}
}

190
2014/3xxx/CVE-2014-3465.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3465",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The gnutls_x509_dn_oid_name function in lib/x509/common.c in GnuTLS 3.0 before 3.1.20 and 3.2.x before 3.2.10 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted X.509 certificate, related to a missing LDAP description for an OID when printing the DN."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-3465",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[gnutls-help] 20140131 gnutls 3.1.20",
"refsource" : "MLIST",
"url" : "http://lists.gnutls.org/pipermail/gnutls-help/2014-January/003327.html"
},
{
"name" : "[gnutls-help] 20140131 gnutls 3.2.10",
"refsource" : "MLIST",
"url" : "http://lists.gnutls.org/pipermail/gnutls-help/2014-January/003326.html"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1101734",
"refsource" : "MISC",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1101734"
},
{
"name" : "https://www.gitorious.org/gnutls/gnutls/commit/d3648ebb04b650e6d20a2ec1fb839256b30b9fc6",
"refsource" : "CONFIRM",
"url" : "https://www.gitorious.org/gnutls/gnutls/commit/d3648ebb04b650e6d20a2ec1fb839256b30b9fc6"
},
{
"name" : "RHSA-2014:0684",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2014-0684.html"
},
{
"name" : "openSUSE-SU-2014:0763",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00007.html"
},
{
"name" : "openSUSE-SU-2014:0767",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00010.html"
},
{
"name" : "59086",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/59086"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The gnutls_x509_dn_oid_name function in lib/x509/common.c in GnuTLS 3.0 before 3.1.20 and 3.2.x before 3.2.10 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted X.509 certificate, related to a missing LDAP description for an OID when printing the DN."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[gnutls-help] 20140131 gnutls 3.2.10",
"refsource": "MLIST",
"url": "http://lists.gnutls.org/pipermail/gnutls-help/2014-January/003326.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1101734",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1101734"
},
{
"name": "59086",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59086"
},
{
"name": "RHSA-2014:0684",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0684.html"
},
{
"name": "openSUSE-SU-2014:0763",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00007.html"
},
{
"name": "https://www.gitorious.org/gnutls/gnutls/commit/d3648ebb04b650e6d20a2ec1fb839256b30b9fc6",
"refsource": "CONFIRM",
"url": "https://www.gitorious.org/gnutls/gnutls/commit/d3648ebb04b650e6d20a2ec1fb839256b30b9fc6"
},
{
"name": "openSUSE-SU-2014:0767",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00010.html"
},
{
"name": "[gnutls-help] 20140131 gnutls 3.1.20",
"refsource": "MLIST",
"url": "http://lists.gnutls.org/pipermail/gnutls-help/2014-January/003327.html"
}
]
}
}

34
2014/3xxx/CVE-2014-3725.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3725",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-3725",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

130
2014/4xxx/CVE-2014-4294.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-4294",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Java VM component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality via unknown vectors, a different vulnerability than CVE-2014-4295, CVE-2014-6538, and CVE-2014-6563."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2014-4294",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html"
},
{
"name" : "70508",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/70508"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Java VM component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality via unknown vectors, a different vulnerability than CVE-2014-4295, CVE-2014-6538, and CVE-2014-6563."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "70508",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/70508"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html"
}
]
}
}

130
2014/7xxx/CVE-2014-7993.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-7993",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cisco-Meraki MS, MR, and MX devices with firmware before 2014-09-24 allow remote attackers to obtain sensitive credential information by leveraging unspecified HTTP handler access on the local network, aka Cisco-Meraki defect ID 00302012."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2014-7993",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=36797",
"refsource" : "CONFIRM",
"url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=36797"
},
{
"name" : "https://dashboard.meraki.com/firmware_security",
"refsource" : "CONFIRM",
"url" : "https://dashboard.meraki.com/firmware_security"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cisco-Meraki MS, MR, and MX devices with firmware before 2014-09-24 allow remote attackers to obtain sensitive credential information by leveraging unspecified HTTP handler access on the local network, aka Cisco-Meraki defect ID 00302012."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=36797",
"refsource": "CONFIRM",
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=36797"
},
{
"name": "https://dashboard.meraki.com/firmware_security",
"refsource": "CONFIRM",
"url": "https://dashboard.meraki.com/firmware_security"
}
]
}
}

160
2014/8xxx/CVE-2014-8005.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-8005",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Race condition in the lighttpd module in Cisco IOS XR 5.1 and earlier on Network Convergence System 6000 devices allows remote attackers to cause a denial of service (process reload) by establishing many TCP sessions, aka Bug ID CSCuq45239."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2014-8005",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=36532",
"refsource" : "CONFIRM",
"url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=36532"
},
{
"name" : "20141125 Cisco IOS XR Software lighttpd TCP Session Vulnerability",
"refsource" : "CISCO",
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8005"
},
{
"name" : "71287",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/71287"
},
{
"name" : "1031262",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1031262"
},
{
"name" : "ciscoiosxr-cve20148005-dos(98937)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/98937"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Race condition in the lighttpd module in Cisco IOS XR 5.1 and earlier on Network Convergence System 6000 devices allows remote attackers to cause a denial of service (process reload) by establishing many TCP sessions, aka Bug ID CSCuq45239."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20141125 Cisco IOS XR Software lighttpd TCP Session Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8005"
},
{
"name": "71287",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/71287"
},
{
"name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=36532",
"refsource": "CONFIRM",
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=36532"
},
{
"name": "1031262",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031262"
},
{
"name": "ciscoiosxr-cve20148005-dos(98937)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98937"
}
]
}
}

180
2014/8xxx/CVE-2014-8081.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-8081",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "lib/execute/execSetResults.php in TestLink before 1.9.13 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via the filter_result_result parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-8081",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20141023 [KIS-2014-11] TestLink <= 1.9.12 (execSetResults.php) PHP Object Injection Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/533798/100/0/threaded"
},
{
"name" : "20141023 [KIS-2014-11] TestLink <= 1.9.12 (execSetResults.php) PHP Object Injection Vulnerability",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2014/Oct/105"
},
{
"name" : "http://karmainsecurity.com/KIS-2014-11",
"refsource" : "MISC",
"url" : "http://karmainsecurity.com/KIS-2014-11"
},
{
"name" : "http://mantis.testlink.org/view.php?id=6651",
"refsource" : "CONFIRM",
"url" : "http://mantis.testlink.org/view.php?id=6651"
},
{
"name" : "https://gitorious.org/testlink-ga/testlink-code/commit/a519da3a45d80077e4eab957eb793b03652f57dc",
"refsource" : "CONFIRM",
"url" : "https://gitorious.org/testlink-ga/testlink-code/commit/a519da3a45d80077e4eab957eb793b03652f57dc"
},
{
"name" : "70711",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/70711"
},
{
"name" : "testlink-cve20148081-code-exec(97727)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/97727"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "lib/execute/execSetResults.php in TestLink before 1.9.13 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via the filter_result_result parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20141023 [KIS-2014-11] TestLink <= 1.9.12 (execSetResults.php) PHP Object Injection Vulnerability",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Oct/105"
},
{
"name": "https://gitorious.org/testlink-ga/testlink-code/commit/a519da3a45d80077e4eab957eb793b03652f57dc",
"refsource": "CONFIRM",
"url": "https://gitorious.org/testlink-ga/testlink-code/commit/a519da3a45d80077e4eab957eb793b03652f57dc"
},
{
"name": "http://karmainsecurity.com/KIS-2014-11",
"refsource": "MISC",
"url": "http://karmainsecurity.com/KIS-2014-11"
},
{
"name": "http://mantis.testlink.org/view.php?id=6651",
"refsource": "CONFIRM",
"url": "http://mantis.testlink.org/view.php?id=6651"
},
{
"name": "70711",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/70711"
},
{
"name": "testlink-cve20148081-code-exec(97727)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/97727"
},
{
"name": "20141023 [KIS-2014-11] TestLink <= 1.9.12 (execSetResults.php) PHP Object Injection Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/533798/100/0/threaded"
}
]
}
}

180
2014/8xxx/CVE-2014-8088.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-8088",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The (1) Zend_Ldap class in Zend before 1.12.9 and (2) Zend\\Ldap component in Zend 2.x before 2.2.8 and 2.3.x before 2.3.3 allows remote attackers to bypass authentication via a password starting with a null byte, which triggers an unauthenticated bind."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-8088",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20141010 Re: CVE request: Zend Framework ZF2014-05 and ZF2014-06",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2014/10/10/5"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
},
{
"name" : "DSA-3265",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2015/dsa-3265"
},
{
"name" : "FEDORA-2014-12344",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-October/141070.html"
},
{
"name" : "FEDORA-2014-12418",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-October/141106.html"
},
{
"name" : "70378",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/70378"
},
{
"name" : "zend-framework-cve20148088-sec-bypass(97038)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/97038"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The (1) Zend_Ldap class in Zend before 1.12.9 and (2) Zend\\Ldap component in Zend 2.x before 2.2.8 and 2.3.x before 2.3.3 allows remote attackers to bypass authentication via a password starting with a null byte, which triggers an unauthenticated bind."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FEDORA-2014-12344",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-October/141070.html"
},
{
"name": "[oss-security] 20141010 Re: CVE request: Zend Framework ZF2014-05 and ZF2014-06",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/10/10/5"
},
{
"name": "FEDORA-2014-12418",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-October/141106.html"
},
{
"name": "70378",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/70378"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
},
{
"name": "DSA-3265",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3265"
},
{
"name": "zend-framework-cve20148088-sec-bypass(97038)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/97038"
}
]
}
}

170
2014/8xxx/CVE-2014-8171.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-8171",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The memory resource controller (aka memcg) in the Linux kernel allows local users to cause a denial of service (deadlock) by spawning new processes within a memory-constrained cgroup."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-8171",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1198109",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1198109"
},
{
"name" : "RHSA-2015:0864",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-0864.html"
},
{
"name" : "RHSA-2015:2152",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-2152.html"
},
{
"name" : "RHSA-2015:2411",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-2411.html"
},
{
"name" : "RHSA-2016:0068",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2016-0068.html"
},
{
"name" : "74293",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/74293"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The memory resource controller (aka memcg) in the Linux kernel allows local users to cause a denial of service (deadlock) by spawning new processes within a memory-constrained cgroup."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2016:0068",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0068.html"
},
{
"name": "RHSA-2015:0864",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0864.html"
},
{
"name": "RHSA-2015:2152",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-2152.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1198109",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1198109"
},
{
"name": "74293",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/74293"
},
{
"name": "RHSA-2015:2411",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-2411.html"
}
]
}
}

210
2014/8xxx/CVE-2014-8866.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-8866",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The compatibility mode hypercall argument translation in Xen 3.3.x through 4.4.x, when running on a 64-bit hypervisor, allows local 32-bit HVM guests to cause a denial of service (host crash) via vectors involving altering the high halves of registers while in 64-bit mode."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-8866",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://xenbits.xen.org/xsa/advisory-111.html",
"refsource" : "CONFIRM",
"url" : "http://xenbits.xen.org/xsa/advisory-111.html"
},
{
"name" : "http://support.citrix.com/article/CTX201794",
"refsource" : "CONFIRM",
"url" : "http://support.citrix.com/article/CTX201794"
},
{
"name" : "http://support.citrix.com/article/CTX200288",
"refsource" : "CONFIRM",
"url" : "http://support.citrix.com/article/CTX200288"
},
{
"name" : "DSA-3140",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2015/dsa-3140"
},
{
"name" : "GLSA-201504-04",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201504-04"
},
{
"name" : "openSUSE-SU-2015:0226",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00005.html"
},
{
"name" : "openSUSE-SU-2015:0256",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00010.html"
},
{
"name" : "71332",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/71332"
},
{
"name" : "59937",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/59937"
},
{
"name" : "62672",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/62672"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The compatibility mode hypercall argument translation in Xen 3.3.x through 4.4.x, when running on a 64-bit hypervisor, allows local 32-bit HVM guests to cause a denial of service (host crash) via vectors involving altering the high halves of registers while in 64-bit mode."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201504-04",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201504-04"
},
{
"name": "62672",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62672"
},
{
"name": "http://support.citrix.com/article/CTX201794",
"refsource": "CONFIRM",
"url": "http://support.citrix.com/article/CTX201794"
},
{
"name": "http://support.citrix.com/article/CTX200288",
"refsource": "CONFIRM",
"url": "http://support.citrix.com/article/CTX200288"
},
{
"name": "http://xenbits.xen.org/xsa/advisory-111.html",
"refsource": "CONFIRM",
"url": "http://xenbits.xen.org/xsa/advisory-111.html"
},
{
"name": "DSA-3140",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3140"
},
{
"name": "openSUSE-SU-2015:0226",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00005.html"
},
{
"name": "openSUSE-SU-2015:0256",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00010.html"
},
{
"name": "71332",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/71332"
},
{
"name": "59937",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59937"
}
]
}
}

300
2014/9xxx/CVE-2014-9296.json
View File

@ -1,152 +1,152 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-9296",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The receive function in ntp_proto.c in ntpd in NTP before 4.2.8 continues to execute after detecting a certain authentication error, which might allow remote attackers to trigger an unintended association change via crafted packets."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9296",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://bk1.ntp.org/ntp-dev/?PAGE=patch&REV=548ad06feXHK1HlZoY-WZVyynwvwAg",
"refsource" : "CONFIRM",
"url" : "http://bk1.ntp.org/ntp-dev/?PAGE=patch&REV=548ad06feXHK1HlZoY-WZVyynwvwAg"
},
{
"name" : "http://bugs.ntp.org/show_bug.cgi?id=2670",
"refsource" : "CONFIRM",
"url" : "http://bugs.ntp.org/show_bug.cgi?id=2670"
},
{
"name" : "http://support.ntp.org/bin/view/Main/SecurityNotice",
"refsource" : "CONFIRM",
"url" : "http://support.ntp.org/bin/view/Main/SecurityNotice"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1176040",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1176040"
},
{
"name" : "http://advisories.mageia.org/MGASA-2014-0541.html",
"refsource" : "CONFIRM",
"url" : "http://advisories.mageia.org/MGASA-2014-0541.html"
},
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
},
{
"name" : "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04790232",
"refsource" : "CONFIRM",
"url" : "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04790232"
},
{
"name" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10103",
"refsource" : "CONFIRM",
"url" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10103"
},
{
"name" : "20141222 Multiple Vulnerabilities in ntpd Affecting Cisco Products",
"refsource" : "CISCO",
"url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141222-ntpd"
},
{
"name" : "HPSBGN03277",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=142590659431171&w=2"
},
{
"name" : "HPSBOV03505",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=144182594518755&w=2"
},
{
"name" : "HPSBUX03240",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=142853370924302&w=2"
},
{
"name" : "SSRT101872",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=142853370924302&w=2"
},
{
"name" : "MDVSA-2015:003",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2015:003"
},
{
"name" : "RHSA-2015:0104",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-0104.html"
},
{
"name" : "openSUSE-SU-2014:1670",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2014-12/msg00020.html"
},
{
"name" : "VU#852879",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/852879"
},
{
"name" : "71758",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/71758"
},
{
"name" : "62209",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/62209"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The receive function in ntp_proto.c in ntpd in NTP before 4.2.8 continues to execute after detecting a certain authentication error, which might allow remote attackers to trigger an unintended association change via crafted packets."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20141222 Multiple Vulnerabilities in ntpd Affecting Cisco Products",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141222-ntpd"
},
{
"name": "HPSBGN03277",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=142590659431171&w=2"
},
{
"name": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04790232",
"refsource": "CONFIRM",
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04790232"
},
{
"name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10103",
"refsource": "CONFIRM",
"url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10103"
},
{
"name": "71758",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/71758"
},
{
"name": "http://advisories.mageia.org/MGASA-2014-0541.html",
"refsource": "CONFIRM",
"url": "http://advisories.mageia.org/MGASA-2014-0541.html"
},
{
"name": "VU#852879",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/852879"
},
{
"name": "HPSBUX03240",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=142853370924302&w=2"
},
{
"name": "62209",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62209"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
},
{
"name": "RHSA-2015:0104",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0104.html"
},
{
"name": "HPSBOV03505",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=144182594518755&w=2"
},
{
"name": "http://bugs.ntp.org/show_bug.cgi?id=2670",
"refsource": "CONFIRM",
"url": "http://bugs.ntp.org/show_bug.cgi?id=2670"
},
{
"name": "SSRT101872",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=142853370924302&w=2"
},
{
"name": "openSUSE-SU-2014:1670",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-12/msg00020.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1176040",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1176040"
},
{
"name": "http://support.ntp.org/bin/view/Main/SecurityNotice",
"refsource": "CONFIRM",
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice"
},
{
"name": "http://bk1.ntp.org/ntp-dev/?PAGE=patch&REV=548ad06feXHK1HlZoY-WZVyynwvwAg",
"refsource": "CONFIRM",
"url": "http://bk1.ntp.org/ntp-dev/?PAGE=patch&REV=548ad06feXHK1HlZoY-WZVyynwvwAg"
},
{
"name": "MDVSA-2015:003",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:003"
}
]
}
}

120
2014/9xxx/CVE-2014-9415.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-9415",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Huawei eSpace Desktop before V100R001C03 allows local users to cause a denial of service (program exit) via a crafted QES file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9415",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-406589.htm",
"refsource" : "CONFIRM",
"url" : "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-406589.htm"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Huawei eSpace Desktop before V100R001C03 allows local users to cause a denial of service (program exit) via a crafted QES file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-406589.htm",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-406589.htm"
}
]
}
}

150
2014/9xxx/CVE-2014-9560.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-9560",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in redir_last_post_list.php in SoftBB 0.1.3 allows remote attackers to execute arbitrary SQL commands via the post parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9560",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20150110 CVE-2014-9560 Softbb.net SoftBB SQL Injection Security Vulnerability",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2015/Jan/20"
},
{
"name" : "http://packetstormsecurity.com/files/129888/SoftBB-0.1.3-SQL-Injection.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/129888/SoftBB-0.1.3-SQL-Injection.html"
},
{
"name" : "http://tetraph.com/security/cves/cve-2014-9560-softbb-net-softbb-sql-injection-security-vulnerability/",
"refsource" : "MISC",
"url" : "http://tetraph.com/security/cves/cve-2014-9560-softbb-net-softbb-sql-injection-security-vulnerability/"
},
{
"name" : "71986",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/71986"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in redir_last_post_list.php in SoftBB 0.1.3 allows remote attackers to execute arbitrary SQL commands via the post parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/129888/SoftBB-0.1.3-SQL-Injection.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/129888/SoftBB-0.1.3-SQL-Injection.html"
},
{
"name": "71986",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/71986"
},
{
"name": "20150110 CVE-2014-9560 Softbb.net SoftBB SQL Injection Security Vulnerability",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2015/Jan/20"
},
{
"name": "http://tetraph.com/security/cves/cve-2014-9560-softbb-net-softbb-sql-injection-security-vulnerability/",
"refsource": "MISC",
"url": "http://tetraph.com/security/cves/cve-2014-9560-softbb-net-softbb-sql-injection-security-vulnerability/"
}
]
}
}

140
2014/9xxx/CVE-2014-9875.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-9875",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "drivers/char/diag/diag_dci.c in the Qualcomm components in Android before 2016-08-05 on Nexus 7 (2013) devices allows attackers to gain privileges via a crafted application that sends short DCI request packets, aka Android internal bug 28767589 and Qualcomm internal bug CR483310."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"ID": "CVE-2014-9875",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://source.android.com/security/bulletin/2016-08-01.html",
"refsource" : "CONFIRM",
"url" : "http://source.android.com/security/bulletin/2016-08-01.html"
},
{
"name" : "https://source.codeaurora.org/quic/la/kernel/msm/commit/?id=b77c694b88a994d077316c157168c710696f8805",
"refsource" : "CONFIRM",
"url" : "https://source.codeaurora.org/quic/la/kernel/msm/commit/?id=b77c694b88a994d077316c157168c710696f8805"
},
{
"name" : "92219",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/92219"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "drivers/char/diag/diag_dci.c in the Qualcomm components in Android before 2016-08-05 on Nexus 7 (2013) devices allows attackers to gain privileges via a crafted application that sends short DCI request packets, aka Android internal bug 28767589 and Qualcomm internal bug CR483310."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://source.android.com/security/bulletin/2016-08-01.html",
"refsource": "CONFIRM",
"url": "http://source.android.com/security/bulletin/2016-08-01.html"
},
{
"name": "https://source.codeaurora.org/quic/la/kernel/msm/commit/?id=b77c694b88a994d077316c157168c710696f8805",
"refsource": "CONFIRM",
"url": "https://source.codeaurora.org/quic/la/kernel/msm/commit/?id=b77c694b88a994d077316c157168c710696f8805"
},
{
"name": "92219",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92219"
}
]
}
}

140
2016/2xxx/CVE-2016-2403.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-2403",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Symfony before 2.8.6 and 3.x before 3.0.6 allows remote attackers to bypass authentication by logging in with an empty password and valid username, which triggers an unauthenticated bind."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-2403",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://symfony.com/blog/cve-2016-2403-unauthorized-access-on-a-misconfigured-ldap-server-when-using-an-empty-password",
"refsource" : "CONFIRM",
"url" : "http://symfony.com/blog/cve-2016-2403-unauthorized-access-on-a-misconfigured-ldap-server-when-using-an-empty-password"
},
{
"name" : "DSA-4262",
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2018/dsa-4262"
},
{
"name" : "96137",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/96137"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Symfony before 2.8.6 and 3.x before 3.0.6 allows remote attackers to bypass authentication by logging in with an empty password and valid username, which triggers an unauthenticated bind."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://symfony.com/blog/cve-2016-2403-unauthorized-access-on-a-misconfigured-ldap-server-when-using-an-empty-password",
"refsource": "CONFIRM",
"url": "http://symfony.com/blog/cve-2016-2403-unauthorized-access-on-a-misconfigured-ldap-server-when-using-an-empty-password"
},
{
"name": "DSA-4262",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4262"
},
{
"name": "96137",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96137"
}
]
}
}

34
2016/2xxx/CVE-2016-2649.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-2649",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2016-2649",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}

34
2016/2xxx/CVE-2016-2763.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-2763",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2016-2763",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}

160
2016/3xxx/CVE-2016-3646.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-3646",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The AntiVirus Decomposer engine in Symantec Advanced Threat Protection (ATP); Symantec Data Center Security:Server (SDCS:S) 6.x through 6.6 MP1; Symantec Web Gateway; Symantec Endpoint Protection (SEP) before 12.1 RU6 MP5; Symantec Endpoint Protection (SEP) for Mac; Symantec Endpoint Protection (SEP) for Linux before 12.1 RU6 MP5; Symantec Protection Engine (SPE) before 7.0.5 HF01, 7.5.x before 7.5.3 HF03, 7.5.4 before HF01, and 7.8.0 before HF01; Symantec Protection for SharePoint Servers (SPSS) 6.0.3 through 6.0.5 before 6.0.5 HF 1.5 and 6.0.6 before HF 1.6; Symantec Mail Security for Microsoft Exchange (SMSMSE) before 7.0_3966002 HF1.1 and 7.5.x before 7.5_3966008 VHF1.2; Symantec Mail Security for Domino (SMSDOM) before 8.0.9 HF1.1 and 8.1.x before 8.1.3 HF1.2; CSAPI before 10.0.4 HF01; Symantec Message Gateway (SMG) before 10.6.1-4; Symantec Message Gateway for Service Providers (SMG-SP) 10.5 before patch 254 and 10.6 before patch 253; Norton AntiVirus, Norton Security, Norton Internet Security, and Norton 360 before NGC 22.7; Norton Security for Mac before 13.0.2; Norton Power Eraser (NPE) before 5.1; and Norton Bootable Removal Tool (NBRT) before 2016.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory access violation) via a crafted ZIP archive that is mishandled during decompression."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@symantec.com",
"ID": "CVE-2016-3646",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "40036",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/40036/"
},
{
"name" : "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160628_00",
"refsource" : "CONFIRM",
"url" : "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160628_00"
},
{
"name" : "91435",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/91435"
},
{
"name" : "1036198",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1036198"
},
{
"name" : "1036199",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1036199"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The AntiVirus Decomposer engine in Symantec Advanced Threat Protection (ATP); Symantec Data Center Security:Server (SDCS:S) 6.x through 6.6 MP1; Symantec Web Gateway; Symantec Endpoint Protection (SEP) before 12.1 RU6 MP5; Symantec Endpoint Protection (SEP) for Mac; Symantec Endpoint Protection (SEP) for Linux before 12.1 RU6 MP5; Symantec Protection Engine (SPE) before 7.0.5 HF01, 7.5.x before 7.5.3 HF03, 7.5.4 before HF01, and 7.8.0 before HF01; Symantec Protection for SharePoint Servers (SPSS) 6.0.3 through 6.0.5 before 6.0.5 HF 1.5 and 6.0.6 before HF 1.6; Symantec Mail Security for Microsoft Exchange (SMSMSE) before 7.0_3966002 HF1.1 and 7.5.x before 7.5_3966008 VHF1.2; Symantec Mail Security for Domino (SMSDOM) before 8.0.9 HF1.1 and 8.1.x before 8.1.3 HF1.2; CSAPI before 10.0.4 HF01; Symantec Message Gateway (SMG) before 10.6.1-4; Symantec Message Gateway for Service Providers (SMG-SP) 10.5 before patch 254 and 10.6 before patch 253; Norton AntiVirus, Norton Security, Norton Internet Security, and Norton 360 before NGC 22.7; Norton Security for Mac before 13.0.2; Norton Power Eraser (NPE) before 5.1; and Norton Bootable Removal Tool (NBRT) before 2016.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory access violation) via a crafted ZIP archive that is mishandled during decompression."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1036199",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036199"
},
{
"name": "1036198",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036198"
},
{
"name": "91435",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91435"
},
{
"name": "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160628_00",
"refsource": "CONFIRM",
"url": "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160628_00"
},
{
"name": "40036",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/40036/"
}
]
}
}

34
2016/6xxx/CVE-2016-6049.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-6049",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-6049",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

142
2016/6xxx/CVE-2016-6062.json
View File

@ -1,73 +1,73 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2016-6062",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Resilient",
"version" : {
"version_data" : [
{
"version_value" : "v26.0"
},
{
"version_value" : "v26.1"
},
{
"version_value" : "v26.2"
}
]
}
}
]
},
"vendor_name" : "IBM Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Resilient v26.0, v26.1, and v26.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference#: 213457065."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross-Site Scripting"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2016-6062",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Resilient",
"version": {
"version_data": [
{
"version_value": "v26.0"
},
{
"version_value": "v26.1"
},
{
"version_value": "v26.2"
}
]
}
}
]
},
"vendor_name": "IBM Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-resilient-cross-site-scripting-vulnerability-cve-2016-6062/",
"refsource" : "CONFIRM",
"url" : "https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-resilient-cross-site-scripting-vulnerability-cve-2016-6062/"
},
{
"name" : "94268",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/94268"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Resilient v26.0, v26.1, and v26.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference#: 213457065."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "94268",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94268"
},
{
"name": "https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-resilient-cross-site-scripting-vulnerability-cve-2016-6062/",
"refsource": "CONFIRM",
"url": "https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-resilient-cross-site-scripting-vulnerability-cve-2016-6062/"
}
]
}
}

162
2016/6xxx/CVE-2016-6544.json
View File

@ -1,83 +1,83 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cert@cert.org",
"ID" : "CVE-2016-6544",
"STATE" : "PUBLIC",
"TITLE" : "iTrack Easy's getgps data can be modified without authentication"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Easy",
"version" : {
"version_data" : [
{
"affected" : "?",
"version_value" : "N/A"
}
]
}
}
]
},
"vendor_name" : "iTrack"
}
]
}
},
"credit" : [
{
"lang" : "eng",
"value" : "Thanks to Deral Heiland and Adam Compton of Rapid7, Inc. for reporting this vulnerability."
}
],
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "getgps data in iTrack Easy can be modified without authentication by setting the data using the parametercmd:setothergps. This vulnerability can be exploited to alter the GPS data of a lost device."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-306: Missing Authentication for Critical Function"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2016-6544",
"STATE": "PUBLIC",
"TITLE": "iTrack Easy's getgps data can be modified without authentication"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Easy",
"version": {
"version_data": [
{
"affected": "?",
"version_value": "N/A"
}
]
}
}
]
},
"vendor_name": "iTrack"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://blog.rapid7.com/2016/10/25/multiple-bluetooth-low-energy-ble-tracker-vulnerabilities/",
"refsource" : "MISC",
"url" : "https://blog.rapid7.com/2016/10/25/multiple-bluetooth-low-energy-ble-tracker-vulnerabilities/"
},
{
"name" : "VU#974055",
"refsource" : "CERT-VN",
"url" : "https://www.kb.cert.org/vuls/id/974055"
},
{
"name" : "93875",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/93875"
}
]
},
"source" : {
"discovery" : "UNKNOWN"
}
}
}
},
"credit": [
{
"lang": "eng",
"value": "Thanks to Deral Heiland and Adam Compton of Rapid7, Inc. for reporting this vulnerability."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "getgps data in iTrack Easy can be modified without authentication by setting the data using the parametercmd:setothergps. This vulnerability can be exploited to alter the GPS data of a lost device."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-306: Missing Authentication for Critical Function"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#974055",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/974055"
},
{
"name": "https://blog.rapid7.com/2016/10/25/multiple-bluetooth-low-energy-ble-tracker-vulnerabilities/",
"refsource": "MISC",
"url": "https://blog.rapid7.com/2016/10/25/multiple-bluetooth-low-energy-ble-tracker-vulnerabilities/"
},
{
"name": "93875",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93875"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}

150
2016/7xxx/CVE-2016-7065.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert@redhat.com",
"ID" : "CVE-2016-7065",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The JMX servlet in Red Hat JBoss Enterprise Application Platform (EAP) 4 and 5 allows remote authenticated users to cause a denial of service and possibly execute arbitrary code via a crafted serialized Java object."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-7065",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "40842",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/40842/"
},
{
"name" : "20161125 Red Hat JBoss EAP deserialization of untrusted data",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2016/Nov/143"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1382534",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1382534"
},
{
"name" : "93462",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/93462"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The JMX servlet in Red Hat JBoss Enterprise Application Platform (EAP) 4 and 5 allows remote authenticated users to cause a denial of service and possibly execute arbitrary code via a crafted serialized Java object."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1382534",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1382534"
},
{
"name": "40842",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/40842/"
},
{
"name": "20161125 Red Hat JBoss EAP deserialization of untrusted data",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2016/Nov/143"
},
{
"name": "93462",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93462"
}
]
}
}

200
2016/7xxx/CVE-2016-7916.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-7916",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Race condition in the environ_read function in fs/proc/base.c in the Linux kernel before 4.5.4 allows local users to obtain sensitive information from kernel memory by reading a /proc/*/environ file during a process-setup time interval in which environment-variable copying is incomplete."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"ID": "CVE-2016-7916",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8148a73c9901a8794a50f950083c00ccf97d43b3",
"refsource" : "CONFIRM",
"url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8148a73c9901a8794a50f950083c00ccf97d43b3"
},
{
"name" : "http://source.android.com/security/bulletin/2016-11-01.html",
"refsource" : "CONFIRM",
"url" : "http://source.android.com/security/bulletin/2016-11-01.html"
},
{
"name" : "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.4",
"refsource" : "CONFIRM",
"url" : "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.4"
},
{
"name" : "https://bugzilla.kernel.org/show_bug.cgi?id=116461",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.kernel.org/show_bug.cgi?id=116461"
},
{
"name" : "https://forums.grsecurity.net/viewtopic.php?f=3&t=4363",
"refsource" : "CONFIRM",
"url" : "https://forums.grsecurity.net/viewtopic.php?f=3&t=4363"
},
{
"name" : "https://github.com/torvalds/linux/commit/8148a73c9901a8794a50f950083c00ccf97d43b3",
"refsource" : "CONFIRM",
"url" : "https://github.com/torvalds/linux/commit/8148a73c9901a8794a50f950083c00ccf97d43b3"
},
{
"name" : "USN-3159-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-3159-1"
},
{
"name" : "USN-3159-2",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-3159-2"
},
{
"name" : "94138",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/94138"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Race condition in the environ_read function in fs/proc/base.c in the Linux kernel before 4.5.4 allows local users to obtain sensitive information from kernel memory by reading a /proc/*/environ file during a process-setup time interval in which environment-variable copying is incomplete."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://source.android.com/security/bulletin/2016-11-01.html",
"refsource": "CONFIRM",
"url": "http://source.android.com/security/bulletin/2016-11-01.html"
},
{
"name": "https://bugzilla.kernel.org/show_bug.cgi?id=116461",
"refsource": "CONFIRM",
"url": "https://bugzilla.kernel.org/show_bug.cgi?id=116461"
},
{
"name": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.4",
"refsource": "CONFIRM",
"url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.4"
},
{
"name": "USN-3159-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3159-1"
},
{
"name": "https://forums.grsecurity.net/viewtopic.php?f=3&t=4363",
"refsource": "CONFIRM",
"url": "https://forums.grsecurity.net/viewtopic.php?f=3&t=4363"
},
{
"name": "USN-3159-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3159-2"
},
{
"name": "94138",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94138"
},
{
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8148a73c9901a8794a50f950083c00ccf97d43b3",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8148a73c9901a8794a50f950083c00ccf97d43b3"
},
{
"name": "https://github.com/torvalds/linux/commit/8148a73c9901a8794a50f950083c00ccf97d43b3",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/8148a73c9901a8794a50f950083c00ccf97d43b3"
}
]
}
}

190
2016/7xxx/CVE-2016-7980.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-7980",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site request forgery (CSRF) vulnerability in ecrire/exec/valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to hijack the authentication of administrators for requests that execute the XML validator on a local file via a crafted valider_xml request. NOTE: this issue can be combined with CVE-2016-7998 to execute arbitrary PHP code."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-7980",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20161005 SPIP vulnerabilities: request for 5 CVE",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2016/10/05/17"
},
{
"name" : "[oss-security] 20161006 Re: SPIP vulnerabilities: request for 5 CVE",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2016/10/06/6"
},
{
"name" : "[oss-security] 20161012 CVE-2016-7980: SPIP 3.1.2 Exec Code Cross-Site Request Forgery",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2016/10/12/6"
},
{
"name" : "https://sysdream.com/news/lab/2016-10-19-spip-3-1-2-exec-code-cross-site-request-forgery-cve-2016-7980/",
"refsource" : "MISC",
"url" : "https://sysdream.com/news/lab/2016-10-19-spip-3-1-2-exec-code-cross-site-request-forgery-cve-2016-7980/"
},
{
"name" : "https://core.spip.net/projects/spip/repository/revisions/23201",
"refsource" : "CONFIRM",
"url" : "https://core.spip.net/projects/spip/repository/revisions/23201"
},
{
"name" : "https://core.spip.net/projects/spip/repository/revisions/23202",
"refsource" : "CONFIRM",
"url" : "https://core.spip.net/projects/spip/repository/revisions/23202"
},
{
"name" : "https://core.spip.net/projects/spip/repository/revisions/23203",
"refsource" : "CONFIRM",
"url" : "https://core.spip.net/projects/spip/repository/revisions/23203"
},
{
"name" : "93451",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/93451"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in ecrire/exec/valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to hijack the authentication of administrators for requests that execute the XML validator on a local file via a crafted valider_xml request. NOTE: this issue can be combined with CVE-2016-7998 to execute arbitrary PHP code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://sysdream.com/news/lab/2016-10-19-spip-3-1-2-exec-code-cross-site-request-forgery-cve-2016-7980/",
"refsource": "MISC",
"url": "https://sysdream.com/news/lab/2016-10-19-spip-3-1-2-exec-code-cross-site-request-forgery-cve-2016-7980/"
},
{
"name": "93451",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93451"
},
{
"name": "[oss-security] 20161012 CVE-2016-7980: SPIP 3.1.2 Exec Code Cross-Site Request Forgery",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/10/12/6"
},
{
"name": "https://core.spip.net/projects/spip/repository/revisions/23203",
"refsource": "CONFIRM",
"url": "https://core.spip.net/projects/spip/repository/revisions/23203"
},
{
"name": "[oss-security] 20161006 Re: SPIP vulnerabilities: request for 5 CVE",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/10/06/6"
},
{
"name": "[oss-security] 20161005 SPIP vulnerabilities: request for 5 CVE",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/10/05/17"
},
{
"name": "https://core.spip.net/projects/spip/repository/revisions/23202",
"refsource": "CONFIRM",
"url": "https://core.spip.net/projects/spip/repository/revisions/23202"
},
{
"name": "https://core.spip.net/projects/spip/repository/revisions/23201",
"refsource": "CONFIRM",
"url": "https://core.spip.net/projects/spip/repository/revisions/23201"
}
]
}
}