diff --git a/2004/1xxx/CVE-2004-1078.json b/2004/1xxx/CVE-2004-1078.json index 57013aa85c4..4f29002c7e7 100644 --- a/2004/1xxx/CVE-2004-1078.json +++ b/2004/1xxx/CVE-2004-1078.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1078", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in the client for Citrix Program Neighborhood Agent for Win32 8.00.24737 and earlier and Citrix MetaFrame Presentation Server client for WinCE before 8.33 allows remote attackers to execute arbitrary code via a long cached icon filename in the InName XML element." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1078", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050426 Citrix Program Neighborhood Agent Buffer Overflow", - "refsource" : "IDEFENSE", - "url" : "http://www.idefense.com/application/poi/display?id=238&type=vulnerabilities" - }, - { - "name" : "http://support.citrix.com/kb/entry.jspa?externalID=CTX105650", - "refsource" : "CONFIRM", - "url" : "http://support.citrix.com/kb/entry.jspa?externalID=CTX105650" - }, - { - "name" : "15108", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/15108" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in the client for Citrix Program Neighborhood Agent for Win32 8.00.24737 and earlier and Citrix MetaFrame Presentation Server client for WinCE before 8.33 allows remote attackers to execute arbitrary code via a long cached icon filename in the InName XML element." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "15108", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/15108" + }, + { + "name": "http://support.citrix.com/kb/entry.jspa?externalID=CTX105650", + "refsource": "CONFIRM", + "url": "http://support.citrix.com/kb/entry.jspa?externalID=CTX105650" + }, + { + "name": "20050426 Citrix Program Neighborhood Agent Buffer Overflow", + "refsource": "IDEFENSE", + "url": "http://www.idefense.com/application/poi/display?id=238&type=vulnerabilities" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1532.json b/2004/1xxx/CVE-2004-1532.json index a46548b8427..60699ddd8b9 100644 --- a/2004/1xxx/CVE-2004-1532.json +++ b/2004/1xxx/CVE-2004-1532.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1532", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "AppServ 2.5.x and earlier installs a default username and password, which allows remote attackers to gain access." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1532", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20041118 AppServ 2.5.x and Prior Exploit", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=110079586328430&w=2" - }, - { - "name" : "11704", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/11704" - }, - { - "name" : "appserv-default-account(18163)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18163" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "AppServ 2.5.x and earlier installs a default username and password, which allows remote attackers to gain access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20041118 AppServ 2.5.x and Prior Exploit", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=110079586328430&w=2" + }, + { + "name": "11704", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/11704" + }, + { + "name": "appserv-default-account(18163)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18163" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1679.json b/2004/1xxx/CVE-2004-1679.json index e6473d12df4..685062f75d6 100644 --- a/2004/1xxx/CVE-2004-1679.json +++ b/2004/1xxx/CVE-2004-1679.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1679", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in TwinFTP 1.0.3 R2 allows remote attackers to create arbitrary files via a .../ (triple dot) in the (1) CWD, (2) STOR, or (3) RETR commands." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1679", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040913 Directory Traversal Vulnerability in TwinFTP Server allows overwriting of files outside FTP directory", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=109509243831121&w=2" - }, - { - "name" : "http://www.security.org.sg/vuln/twinftp103r2.html", - "refsource" : "MISC", - "url" : "http://www.security.org.sg/vuln/twinftp103r2.html" - }, - { - "name" : "11159", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/11159" - }, - { - "name" : "12511", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/12511/" - }, - { - "name" : "twinftp-argument-directory-traversal(17323)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17323" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in TwinFTP 1.0.3 R2 allows remote attackers to create arbitrary files via a .../ (triple dot) in the (1) CWD, (2) STOR, or (3) RETR commands." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20040913 Directory Traversal Vulnerability in TwinFTP Server allows overwriting of files outside FTP directory", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=109509243831121&w=2" + }, + { + "name": "twinftp-argument-directory-traversal(17323)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17323" + }, + { + "name": "http://www.security.org.sg/vuln/twinftp103r2.html", + "refsource": "MISC", + "url": "http://www.security.org.sg/vuln/twinftp103r2.html" + }, + { + "name": "12511", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/12511/" + }, + { + "name": "11159", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/11159" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1947.json b/2004/1xxx/CVE-2004-1947.json index adeffba5190..3847840e653 100644 --- a/2004/1xxx/CVE-2004-1947.json +++ b/2004/1xxx/CVE-2004-1947.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1947", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The AVXSCANONLINE.AvxScanOnlineCtrl.1 ActiveX control in BitDefender Scan Online allows remote attackers to (1) obtain sensitive information such as system drives and contents or (2) use the RequestFile method to download and execute arbitrary code via an object codebase that uses bitdefender.cab." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1947", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040419 BitDefender Scan Online(ActiveX) - Remote File Download & Execute & Private Information Disclosure", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=108240639427412&w=2" - }, - { - "name" : "20040420 Re: BitDefender Scan Online(ActiveX) - Remote File Download & Execute & Private Information Disclosure", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=108248367901616&w=2" - }, - { - "name" : "10174", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/10174" - }, - { - "name" : "10175", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/10175" - }, - { - "name" : "5549", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/5549" - }, - { - "name" : "1009862", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1009862" - }, - { - "name" : "11427", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/11427" - }, - { - "name" : "bitdefender-avxscanonline-code-execution(15911)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15911" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The AVXSCANONLINE.AvxScanOnlineCtrl.1 ActiveX control in BitDefender Scan Online allows remote attackers to (1) obtain sensitive information such as system drives and contents or (2) use the RequestFile method to download and execute arbitrary code via an object codebase that uses bitdefender.cab." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "bitdefender-avxscanonline-code-execution(15911)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15911" + }, + { + "name": "10174", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/10174" + }, + { + "name": "20040420 Re: BitDefender Scan Online(ActiveX) - Remote File Download & Execute & Private Information Disclosure", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=108248367901616&w=2" + }, + { + "name": "11427", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/11427" + }, + { + "name": "10175", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/10175" + }, + { + "name": "1009862", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1009862" + }, + { + "name": "5549", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/5549" + }, + { + "name": "20040419 BitDefender Scan Online(ActiveX) - Remote File Download & Execute & Private Information Disclosure", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=108240639427412&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3210.json b/2008/3xxx/CVE-2008-3210.json index 41d12750025..d29ede017d0 100644 --- a/2008/3xxx/CVE-2008-3210.json +++ b/2008/3xxx/CVE-2008-3210.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3210", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "rutil/dns/DnsStub.cxx in ReSIProcate 1.3.2, as used by repro, allows remote attackers to cause a denial of service (daemon crash) via a SIP (1) INVITE or (2) OPTIONS message with a long domain name in a request URI, which triggers an assert error." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3210", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "6046", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6046" - }, - { - "name" : "http://labs.mudynamics.com/advisories/MU-200807-01.txt", - "refsource" : "MISC", - "url" : "http://labs.mudynamics.com/advisories/MU-200807-01.txt" - }, - { - "name" : "http://www.resiprocate.org/ReSIProcate_1.3.3_Release", - "refsource" : "CONFIRM", - "url" : "http://www.resiprocate.org/ReSIProcate_1.3.3_Release" - }, - { - "name" : "30194", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30194" - }, - { - "name" : "31058", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31058" - }, - { - "name" : "4013", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4013" - }, - { - "name" : "resiprocate-dnsstub-dos(43770)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43770" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "rutil/dns/DnsStub.cxx in ReSIProcate 1.3.2, as used by repro, allows remote attackers to cause a denial of service (daemon crash) via a SIP (1) INVITE or (2) OPTIONS message with a long domain name in a request URI, which triggers an assert error." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "resiprocate-dnsstub-dos(43770)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43770" + }, + { + "name": "http://www.resiprocate.org/ReSIProcate_1.3.3_Release", + "refsource": "CONFIRM", + "url": "http://www.resiprocate.org/ReSIProcate_1.3.3_Release" + }, + { + "name": "6046", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6046" + }, + { + "name": "31058", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31058" + }, + { + "name": "4013", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4013" + }, + { + "name": "30194", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30194" + }, + { + "name": "http://labs.mudynamics.com/advisories/MU-200807-01.txt", + "refsource": "MISC", + "url": "http://labs.mudynamics.com/advisories/MU-200807-01.txt" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3283.json b/2008/3xxx/CVE-2008-3283.json index b394155a4ca..0ea5832ff58 100644 --- a/2008/3xxx/CVE-2008-3283.json +++ b/2008/3xxx/CVE-2008-3283.json @@ -1,152 +1,152 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3283", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple memory leaks in Red Hat Directory Server 7.1 before SP7, Red Hat Directory Server 8, and Fedora Directory Server 1.1.1 and earlier allow remote attackers to cause a denial of service (memory consumption) via vectors involving (1) the authentication / bind phase and (2) anonymous LDAP search requests." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2008-3283", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.redhat.com/docs/manuals/dir-server/release-notes/7.1SP7/index.html", - "refsource" : "CONFIRM", - "url" : "http://www.redhat.com/docs/manuals/dir-server/release-notes/7.1SP7/index.html" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=458977", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=458977" - }, - { - "name" : "FEDORA-2008-7813", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00521.html" - }, - { - "name" : "FEDORA-2008-7891", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00708.html" - }, - { - "name" : "HPSBUX02354", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01532861" - }, - { - "name" : "SSRT080113", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01532861" - }, - { - "name" : "RHSA-2008:0596", - "refsource" : "REDHAT", - "url" : "https://rhn.redhat.com/errata/RHSA-2008-0596.html" - }, - { - "name" : "RHSA-2008:0602", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2008-0602.html" - }, - { - "name" : "RHSA-2008:0858", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2008-0858.html" - }, - { - "name" : "30872", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30872" - }, - { - "name" : "oval:org.mitre.oval:def:6118", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6118" - }, - { - "name" : "ADV-2008-2480", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2480" - }, - { - "name" : "1020774", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1020774" - }, - { - "name" : "31565", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31565" - }, - { - "name" : "31627", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31627" - }, - { - "name" : "31702", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31702" - }, - { - "name" : "31913", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31913" - }, - { - "name" : "31867", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31867" - }, - { - "name" : "rhds-leaks-dos(44731)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44731" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple memory leaks in Red Hat Directory Server 7.1 before SP7, Red Hat Directory Server 8, and Fedora Directory Server 1.1.1 and earlier allow remote attackers to cause a denial of service (memory consumption) via vectors involving (1) the authentication / bind phase and (2) anonymous LDAP search requests." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=458977", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=458977" + }, + { + "name": "1020774", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1020774" + }, + { + "name": "RHSA-2008:0602", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2008-0602.html" + }, + { + "name": "rhds-leaks-dos(44731)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44731" + }, + { + "name": "SSRT080113", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01532861" + }, + { + "name": "31913", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31913" + }, + { + "name": "http://www.redhat.com/docs/manuals/dir-server/release-notes/7.1SP7/index.html", + "refsource": "CONFIRM", + "url": "http://www.redhat.com/docs/manuals/dir-server/release-notes/7.1SP7/index.html" + }, + { + "name": "31702", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31702" + }, + { + "name": "RHSA-2008:0596", + "refsource": "REDHAT", + "url": "https://rhn.redhat.com/errata/RHSA-2008-0596.html" + }, + { + "name": "31867", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31867" + }, + { + "name": "HPSBUX02354", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01532861" + }, + { + "name": "30872", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30872" + }, + { + "name": "oval:org.mitre.oval:def:6118", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6118" + }, + { + "name": "ADV-2008-2480", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2480" + }, + { + "name": "FEDORA-2008-7891", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00708.html" + }, + { + "name": "RHSA-2008:0858", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2008-0858.html" + }, + { + "name": "31565", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31565" + }, + { + "name": "31627", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31627" + }, + { + "name": "FEDORA-2008-7813", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00521.html" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3393.json b/2008/3xxx/CVE-2008-3393.json index a04e5ab4890..611be3917ab 100644 --- a/2008/3xxx/CVE-2008-3393.json +++ b/2008/3xxx/CVE-2008-3393.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3393", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in events.cfm in BookMine allows remote attackers to execute arbitrary SQL commands via the events_id parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3393", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://holisticinfosec.org/content/view/79/45/", - "refsource" : "MISC", - "url" : "http://holisticinfosec.org/content/view/79/45/" - }, - { - "name" : "30432", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30432" - }, - { - "name" : "47202", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/47202" - }, - { - "name" : "31258", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31258" - }, - { - "name" : "bookmine-events-sql-injection(44067)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44067" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in events.cfm in BookMine allows remote attackers to execute arbitrary SQL commands via the events_id parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "30432", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30432" + }, + { + "name": "http://holisticinfosec.org/content/view/79/45/", + "refsource": "MISC", + "url": "http://holisticinfosec.org/content/view/79/45/" + }, + { + "name": "47202", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/47202" + }, + { + "name": "31258", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31258" + }, + { + "name": "bookmine-events-sql-injection(44067)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44067" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3592.json b/2008/3xxx/CVE-2008-3592.json index 70fc7690ac2..93aee4304ac 100644 --- a/2008/3xxx/CVE-2008-3592.json +++ b/2008/3xxx/CVE-2008-3592.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3592", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unrestricted file upload vulnerability in the File Manager in the admin panel in Twentyone Degrees Symphony 1.7.01 and earlier allows remote attackers to execute arbitrary code by uploading a file with an executable extension to a directory specified in the destination parameter, then accessing the uploaded file via a direct request, as demonstrated using workspace/masters/." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3592", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "6177", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6177" - }, - { - "name" : "http://overture21.com/forum/comments.php?DiscussionID=1823", - "refsource" : "CONFIRM", - "url" : "http://overture21.com/forum/comments.php?DiscussionID=1823" - }, - { - "name" : "31293", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31293" - }, - { - "name" : "4137", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4137" - }, - { - "name" : "symphony-file-upload(44432)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44432" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unrestricted file upload vulnerability in the File Manager in the admin panel in Twentyone Degrees Symphony 1.7.01 and earlier allows remote attackers to execute arbitrary code by uploading a file with an executable extension to a directory specified in the destination parameter, then accessing the uploaded file via a direct request, as demonstrated using workspace/masters/." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "6177", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6177" + }, + { + "name": "symphony-file-upload(44432)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44432" + }, + { + "name": "4137", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4137" + }, + { + "name": "31293", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31293" + }, + { + "name": "http://overture21.com/forum/comments.php?DiscussionID=1823", + "refsource": "CONFIRM", + "url": "http://overture21.com/forum/comments.php?DiscussionID=1823" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3773.json b/2008/3xxx/CVE-2008-3773.json index 4069fc58c38..ac674850070 100644 --- a/2008/3xxx/CVE-2008-3773.json +++ b/2008/3xxx/CVE-2008-3773.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3773", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in vBulletin 3.7.2 PL1 and 3.6.10 PL3, when \"Show New Private Message Notification Pop-Up\" is enabled, allows remote authenticated users to inject arbitrary web script or HTML via a private message subject (aka newpm[title])." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3773", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080820 CORE-2008-0813 - vBulletin Cross Site Scripting Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=121933258013788&w=2" - }, - { - "name" : "http://www.coresecurity.com/content/vbulletin-cross-site-scripting-vulnerability", - "refsource" : "MISC", - "url" : "http://www.coresecurity.com/content/vbulletin-cross-site-scripting-vulnerability" - }, - { - "name" : "http://www.vbulletin.com/forum/showthread.php?t=282133", - "refsource" : "CONFIRM", - "url" : "http://www.vbulletin.com/forum/showthread.php?t=282133" - }, - { - "name" : "30777", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30777" - }, - { - "name" : "1020727", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1020727" - }, - { - "name" : "31552", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31552" - }, - { - "name" : "4182", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4182" - }, - { - "name" : "vbulletin-message-xss(44576)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44576" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in vBulletin 3.7.2 PL1 and 3.6.10 PL3, when \"Show New Private Message Notification Pop-Up\" is enabled, allows remote authenticated users to inject arbitrary web script or HTML via a private message subject (aka newpm[title])." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "30777", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30777" + }, + { + "name": "31552", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31552" + }, + { + "name": "vbulletin-message-xss(44576)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44576" + }, + { + "name": "http://www.vbulletin.com/forum/showthread.php?t=282133", + "refsource": "CONFIRM", + "url": "http://www.vbulletin.com/forum/showthread.php?t=282133" + }, + { + "name": "1020727", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1020727" + }, + { + "name": "4182", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4182" + }, + { + "name": "http://www.coresecurity.com/content/vbulletin-cross-site-scripting-vulnerability", + "refsource": "MISC", + "url": "http://www.coresecurity.com/content/vbulletin-cross-site-scripting-vulnerability" + }, + { + "name": "20080820 CORE-2008-0813 - vBulletin Cross Site Scripting Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=121933258013788&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4296.json b/2008/4xxx/CVE-2008-4296.json index 865292746cc..e8002af43ce 100644 --- a/2008/4xxx/CVE-2008-4296.json +++ b/2008/4xxx/CVE-2008-4296.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4296", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Cisco Linksys WRT350N with firmware 1.0.3.7 has \"admin\" as its default password for the \"admin\" account, which makes it easier for remote attackers to obtain access." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-4296", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080926 Linksys/Cisco WRT350N 1.0.3.7 Insecure Samba Static Configuration", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/496756/100/0/threaded" - }, - { - "name" : "4319", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4319" - }, - { - "name" : "linksys-admin-default-password(45588)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45588" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Cisco Linksys WRT350N with firmware 1.0.3.7 has \"admin\" as its default password for the \"admin\" account, which makes it easier for remote attackers to obtain access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "4319", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4319" + }, + { + "name": "linksys-admin-default-password(45588)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45588" + }, + { + "name": "20080926 Linksys/Cisco WRT350N 1.0.3.7 Insecure Samba Static Configuration", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/496756/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4455.json b/2008/4xxx/CVE-2008-4455.json index 34a4f2a0fc4..630907fe2a0 100644 --- a/2008/4xxx/CVE-2008-4455.json +++ b/2008/4xxx/CVE-2008-4455.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4455", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in index.php in EKINdesigns MySQL Quick Admin 1.5.5 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to read and execute arbitrary files via a .. (dot dot) in the language cookie." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-4455", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "6641", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6641" - }, - { - "name" : "31517", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31517" - }, - { - "name" : "31820", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31820" - }, - { - "name" : "mysqlquickadmin-index-file-include(45606)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45606" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in index.php in EKINdesigns MySQL Quick Admin 1.5.5 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to read and execute arbitrary files via a .. (dot dot) in the language cookie." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "31820", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31820" + }, + { + "name": "31517", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31517" + }, + { + "name": "mysqlquickadmin-index-file-include(45606)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45606" + }, + { + "name": "6641", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6641" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4501.json b/2008/4xxx/CVE-2008-4501.json index 2caed166496..293b51a6013 100644 --- a/2008/4xxx/CVE-2008-4501.json +++ b/2008/4xxx/CVE-2008-4501.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4501", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in the FTP server in Serv-U 7.0.0.1 through 7.3, including 7.2.0.1, allows remote authenticated users to overwrite or create arbitrary files via a ..\\ (dot dot backslash) in the RNTO command." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-4501", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "6661", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6661" - }, - { - "name" : "ADV-2008-2746", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2746" - }, - { - "name" : "32150", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32150" - }, - { - "name" : "4378", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4378" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in the FTP server in Serv-U 7.0.0.1 through 7.3, including 7.2.0.1, allows remote authenticated users to overwrite or create arbitrary files via a ..\\ (dot dot backslash) in the RNTO command." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2008-2746", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2746" + }, + { + "name": "6661", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6661" + }, + { + "name": "32150", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32150" + }, + { + "name": "4378", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4378" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4575.json b/2008/4xxx/CVE-2008-4575.json index cc0e5fd845a..580e0706d3c 100644 --- a/2008/4xxx/CVE-2008-4575.json +++ b/2008/4xxx/CVE-2008-4575.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4575", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the DoCommand function in jhead before 2.84 might allow context-dependent attackers to cause a denial of service (crash) via (1) a long -cmd argument and (2) unspecified vectors related to \"a bunch of potential string overflows.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-4575", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20081015 Re: CVE request: jhead", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2008/10/15/6" - }, - { - "name" : "http://www.sentex.net/~mwandel/jhead/changes.txt", - "refsource" : "CONFIRM", - "url" : "http://www.sentex.net/~mwandel/jhead/changes.txt" - }, - { - "name" : "https://bugs.launchpad.net/ubuntu/+source/jhead/+bug/271020", - "refsource" : "CONFIRM", - "url" : "https://bugs.launchpad.net/ubuntu/+source/jhead/+bug/271020" - }, - { - "name" : "FEDORA-2008-8928", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00511.html" - }, - { - "name" : "FEDORA-2008-8941", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00531.html" - }, - { - "name" : "31770", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31770" - }, - { - "name" : "32363", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32363" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the DoCommand function in jhead before 2.84 might allow context-dependent attackers to cause a denial of service (crash) via (1) a long -cmd argument and (2) unspecified vectors related to \"a bunch of potential string overflows.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "FEDORA-2008-8928", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00511.html" + }, + { + "name": "31770", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31770" + }, + { + "name": "http://www.sentex.net/~mwandel/jhead/changes.txt", + "refsource": "CONFIRM", + "url": "http://www.sentex.net/~mwandel/jhead/changes.txt" + }, + { + "name": "32363", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32363" + }, + { + "name": "FEDORA-2008-8941", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00531.html" + }, + { + "name": "https://bugs.launchpad.net/ubuntu/+source/jhead/+bug/271020", + "refsource": "CONFIRM", + "url": "https://bugs.launchpad.net/ubuntu/+source/jhead/+bug/271020" + }, + { + "name": "[oss-security] 20081015 Re: CVE request: jhead", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2008/10/15/6" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4819.json b/2008/4xxx/CVE-2008-4819.json index a81acd463a4..f1934d5d861 100644 --- a/2008/4xxx/CVE-2008-4819.json +++ b/2008/4xxx/CVE-2008-4819.json @@ -1,147 +1,147 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4819", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Adobe Flash Player 9.0.124.0 and earlier makes it easier for remote attackers to conduct DNS rebinding attacks via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-4819", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb08-20.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb08-20.html" - }, - { - "name" : "http://support.apple.com/kb/HT3338", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT3338" - }, - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2008-440.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2008-440.htm" - }, - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2009-020.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2009-020.htm" - }, - { - "name" : "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=834256&poid=", - "refsource" : "CONFIRM", - "url" : "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=834256&poid=" - }, - { - "name" : "APPLE-SA-2008-12-15", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce//2008//Dec/msg00000.html" - }, - { - "name" : "GLSA-200903-23", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200903-23.xml" - }, - { - "name" : "RHSA-2008:0980", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2008-0980.html" - }, - { - "name" : "248586", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-248586-1" - }, - { - "name" : "TA08-350A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA08-350A.html" - }, - { - "name" : "32129", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/32129" - }, - { - "name" : "34226", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34226" - }, - { - "name" : "ADV-2008-3444", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/3444" - }, - { - "name" : "1021147", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1021147" - }, - { - "name" : "32702", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32702" - }, - { - "name" : "33179", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33179" - }, - { - "name" : "33390", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33390" - }, - { - "name" : "adobe-flash-dnsrebinding-security-bypass1(46532)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46532" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Adobe Flash Player 9.0.124.0 and earlier makes it easier for remote attackers to conduct DNS rebinding attacks via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=834256&poid=", + "refsource": "CONFIRM", + "url": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=834256&poid=" + }, + { + "name": "32129", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/32129" + }, + { + "name": "33390", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33390" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2009-020.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2009-020.htm" + }, + { + "name": "ADV-2008-3444", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/3444" + }, + { + "name": "32702", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32702" + }, + { + "name": "TA08-350A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA08-350A.html" + }, + { + "name": "http://www.adobe.com/support/security/bulletins/apsb08-20.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb08-20.html" + }, + { + "name": "33179", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33179" + }, + { + "name": "34226", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34226" + }, + { + "name": "adobe-flash-dnsrebinding-security-bypass1(46532)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46532" + }, + { + "name": "GLSA-200903-23", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200903-23.xml" + }, + { + "name": "http://support.apple.com/kb/HT3338", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT3338" + }, + { + "name": "RHSA-2008:0980", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2008-0980.html" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2008-440.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-440.htm" + }, + { + "name": "APPLE-SA-2008-12-15", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce//2008//Dec/msg00000.html" + }, + { + "name": "248586", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-248586-1" + }, + { + "name": "1021147", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1021147" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4837.json b/2008/4xxx/CVE-2008-4837.json index cda035af969..b40e69c5e5c 100644 --- a/2008/4xxx/CVE-2008-4837.json +++ b/2008/4xxx/CVE-2008-4837.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4837", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Word Viewer 2003 Gold and SP3; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; and Microsoft Works 8 allow remote attackers to execute arbitrary code via a crafted Word document that contains a malformed table property, which triggers memory corruption, aka \"Word Memory Corruption Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2008-4837", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20081209 ZDI-08-086: Microsoft Office Word Document Table Property Stack Overflow Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/499064/100/0/threaded" - }, - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-08-086/", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-08-086/" - }, - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-08-086", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-08-086" - }, - { - "name" : "MS08-072", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-072" - }, - { - "name" : "TA08-344A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA08-344A.html" - }, - { - "name" : "oval:org.mitre.oval:def:5982", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5982" - }, - { - "name" : "ADV-2008-3384", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/3384" - }, - { - "name" : "1021370", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1021370" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Word Viewer 2003 Gold and SP3; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; and Microsoft Works 8 allow remote attackers to execute arbitrary code via a crafted Word document that contains a malformed table property, which triggers memory corruption, aka \"Word Memory Corruption Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS08-072", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-072" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-08-086/", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-08-086/" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-08-086", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-08-086" + }, + { + "name": "20081209 ZDI-08-086: Microsoft Office Word Document Table Property Stack Overflow Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/499064/100/0/threaded" + }, + { + "name": "1021370", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1021370" + }, + { + "name": "TA08-344A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA08-344A.html" + }, + { + "name": "ADV-2008-3384", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/3384" + }, + { + "name": "oval:org.mitre.oval:def:5982", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5982" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4928.json b/2008/4xxx/CVE-2008-4928.json index 541d66e6e8c..b00b600a042 100644 --- a/2008/4xxx/CVE-2008-4928.json +++ b/2008/4xxx/CVE-2008-4928.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4928", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the redirect function in functions.php in MyBB (aka MyBulletinBoard) 1.4.2 allows remote attackers to inject arbitrary web script or HTML via the url parameter in a removesubscriptions action to moderation.php, related to use of the ajax option to request a JavaScript redirect. NOTE: this can be leveraged to execute PHP code and bypass cross-site request forgery (CSRF) protection." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-4928", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20081027 MyBB 1.4.2: Multiple Vulnerabilties", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2008-10/0203.html" - }, - { - "name" : "20081027 Re: MyBB 1.4.2: Multiple Vulnerabilties", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2008-10/0212.html" - }, - { - "name" : "20081027 MyBB 1.4.2: Multiple Vulnerabilties", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2008-10/0472.html" - }, - { - "name" : "[oss-security] 20081101 CVE request (Fwd: MyBB 1.4.2: Multiple Vulnerabilties)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2008/11/01/2" - }, - { - "name" : "31935", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31935" - }, - { - "name" : "ADV-2008-2967", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2967" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the redirect function in functions.php in MyBB (aka MyBulletinBoard) 1.4.2 allows remote attackers to inject arbitrary web script or HTML via the url parameter in a removesubscriptions action to moderation.php, related to use of the ajax option to request a JavaScript redirect. NOTE: this can be leveraged to execute PHP code and bypass cross-site request forgery (CSRF) protection." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "31935", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31935" + }, + { + "name": "20081027 Re: MyBB 1.4.2: Multiple Vulnerabilties", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2008-10/0212.html" + }, + { + "name": "20081027 MyBB 1.4.2: Multiple Vulnerabilties", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2008-10/0203.html" + }, + { + "name": "ADV-2008-2967", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2967" + }, + { + "name": "20081027 MyBB 1.4.2: Multiple Vulnerabilties", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2008-10/0472.html" + }, + { + "name": "[oss-security] 20081101 CVE request (Fwd: MyBB 1.4.2: Multiple Vulnerabilties)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2008/11/01/2" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6216.json b/2008/6xxx/CVE-2008-6216.json index 893f061632a..90987a5df18 100644 --- a/2008/6xxx/CVE-2008-6216.json +++ b/2008/6xxx/CVE-2008-6216.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6216", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in cadena_ofertas_ext.php in Venalsur Booking Centre Booking System for Hotels Group allows remote attackers to execute arbitrary SQL commands via the OfertaID parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6216", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "6876", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6876" - }, - { - "name" : "31990", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31990" - }, - { - "name" : "49446", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/49446" - }, - { - "name" : "32430", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32430" - }, - { - "name" : "ADV-2008-2963", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2963" - }, - { - "name" : "bookingcentre-cadenaofertas-sql-injection(46226)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46226" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in cadena_ofertas_ext.php in Venalsur Booking Centre Booking System for Hotels Group allows remote attackers to execute arbitrary SQL commands via the OfertaID parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "bookingcentre-cadenaofertas-sql-injection(46226)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46226" + }, + { + "name": "32430", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32430" + }, + { + "name": "49446", + "refsource": "OSVDB", + "url": "http://osvdb.org/49446" + }, + { + "name": "31990", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31990" + }, + { + "name": "ADV-2008-2963", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2963" + }, + { + "name": "6876", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6876" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6795.json b/2008/6xxx/CVE-2008-6795.json index 54abaf61a99..36ef945ca13 100644 --- a/2008/6xxx/CVE-2008-6795.json +++ b/2008/6xxx/CVE-2008-6795.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6795", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in view_news.php in nicLOR Vibro-School-CMS allows remote attackers to execute arbitrary SQL commands via the nID parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6795", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "6981", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6981" - }, - { - "name" : "32109", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/32109" - }, - { - "name" : "vibroschoolcms-viewnews-sql-injection(46348)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46348" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in view_news.php in nicLOR Vibro-School-CMS allows remote attackers to execute arbitrary SQL commands via the nID parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "32109", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/32109" + }, + { + "name": "vibroschoolcms-viewnews-sql-injection(46348)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46348" + }, + { + "name": "6981", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6981" + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2051.json b/2013/2xxx/CVE-2013-2051.json index cc9dd5ad5b6..630be447c22 100644 --- a/2013/2xxx/CVE-2013-2051.json +++ b/2013/2xxx/CVE-2013-2051.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2051", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Tomcat 6 DIGEST authentication functionality as used in Red Hat Enterprise Linux 6 allows remote attackers to bypass intended access restrictions by performing a replay attack after a nonce becomes stale. NOTE: this issue is due to an incomplete fix for CVE-2012-5887." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-2051", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=959047", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=959047" - }, - { - "name" : "RHSA-2013:0869", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0869.html" - }, - { - "name" : "60187", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/60187" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Tomcat 6 DIGEST authentication functionality as used in Red Hat Enterprise Linux 6 allows remote attackers to bypass intended access restrictions by performing a replay attack after a nonce becomes stale. NOTE: this issue is due to an incomplete fix for CVE-2012-5887." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "60187", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/60187" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=959047", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=959047" + }, + { + "name": "RHSA-2013:0869", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0869.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2140.json b/2013/2xxx/CVE-2013-2140.json index 45519882e73..76180ebc2c7 100644 --- a/2013/2xxx/CVE-2013-2140.json +++ b/2013/2xxx/CVE-2013-2140.json @@ -1,127 +1,127 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2140", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The dispatch_discard_io function in drivers/block/xen-blkback/blkback.c in the Xen blkback implementation in the Linux kernel before 3.10.5 allows guest OS users to cause a denial of service (data loss) via filesystem write operations on a read-only disk that supports the (1) BLKIF_OP_DISCARD (aka discard or TRIM) or (2) SCSI UNMAP feature." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-2140", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20130605 Re: xen/blkback: Check device permissions before allowing OP_DISCARD", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2013/06/05/21" - }, - { - "name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=604c499cbbcc3d5fe5fb8d53306aa0fae1990109", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=604c499cbbcc3d5fe5fb8d53306aa0fae1990109" - }, - { - "name" : "http://people.canonical.com/~ubuntu-security/cve/2013/CVE-2013-2140.html", - "refsource" : "CONFIRM", - "url" : "http://people.canonical.com/~ubuntu-security/cve/2013/CVE-2013-2140.html" - }, - { - "name" : "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.5", - "refsource" : "CONFIRM", - "url" : "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.5" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=971146", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=971146" - }, - { - "name" : "https://github.com/torvalds/linux/commit/604c499cbbcc3d5fe5fb8d53306aa0fae1990109", - "refsource" : "CONFIRM", - "url" : "https://github.com/torvalds/linux/commit/604c499cbbcc3d5fe5fb8d53306aa0fae1990109" - }, - { - "name" : "USN-1938-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1938-1" - }, - { - "name" : "USN-1943-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1943-1" - }, - { - "name" : "USN-1944-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1944-1" - }, - { - "name" : "USN-1945-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1945-1" - }, - { - "name" : "USN-1946-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1946-1" - }, - { - "name" : "USN-1947-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1947-1" - }, - { - "name" : "USN-2038-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2038-1" - }, - { - "name" : "USN-2039-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2039-1" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The dispatch_discard_io function in drivers/block/xen-blkback/blkback.c in the Xen blkback implementation in the Linux kernel before 3.10.5 allows guest OS users to cause a denial of service (data loss) via filesystem write operations on a read-only disk that supports the (1) BLKIF_OP_DISCARD (aka discard or TRIM) or (2) SCSI UNMAP feature." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-1943-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1943-1" + }, + { + "name": "USN-2039-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2039-1" + }, + { + "name": "USN-1938-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1938-1" + }, + { + "name": "USN-1944-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1944-1" + }, + { + "name": "USN-1945-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1945-1" + }, + { + "name": "USN-2038-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2038-1" + }, + { + "name": "http://people.canonical.com/~ubuntu-security/cve/2013/CVE-2013-2140.html", + "refsource": "CONFIRM", + "url": "http://people.canonical.com/~ubuntu-security/cve/2013/CVE-2013-2140.html" + }, + { + "name": "[oss-security] 20130605 Re: xen/blkback: Check device permissions before allowing OP_DISCARD", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2013/06/05/21" + }, + { + "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=604c499cbbcc3d5fe5fb8d53306aa0fae1990109", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=604c499cbbcc3d5fe5fb8d53306aa0fae1990109" + }, + { + "name": "https://github.com/torvalds/linux/commit/604c499cbbcc3d5fe5fb8d53306aa0fae1990109", + "refsource": "CONFIRM", + "url": "https://github.com/torvalds/linux/commit/604c499cbbcc3d5fe5fb8d53306aa0fae1990109" + }, + { + "name": "USN-1947-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1947-1" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=971146", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=971146" + }, + { + "name": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.5", + "refsource": "CONFIRM", + "url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.5" + }, + { + "name": "USN-1946-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1946-1" + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2651.json b/2013/2xxx/CVE-2013-2651.json index 2da0e867a9e..18933170e26 100644 --- a/2013/2xxx/CVE-2013-2651.json +++ b/2013/2xxx/CVE-2013-2651.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2651", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in BoltWire 3.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) \"p\" or (2) content parameter to index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-2651", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20131009 [ISecAuditors Security Advisories] Multiple Reflected XSS vulnerabilities in BoltWire <= v3.5", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2013-10/0033.html" - }, - { - "name" : "http://packetstormsecurity.com/files/123558", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/123558" - }, - { - "name" : "boltwire-cve20132651-xss(87809)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/87809" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in BoltWire 3.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) \"p\" or (2) content parameter to index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20131009 [ISecAuditors Security Advisories] Multiple Reflected XSS vulnerabilities in BoltWire <= v3.5", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2013-10/0033.html" + }, + { + "name": "http://packetstormsecurity.com/files/123558", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/123558" + }, + { + "name": "boltwire-cve20132651-xss(87809)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87809" + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2676.json b/2013/2xxx/CVE-2013-2676.json index 986a8a2d13c..65ca619dcaa 100644 --- a/2013/2xxx/CVE-2013-2676.json +++ b/2013/2xxx/CVE-2013-2676.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2676", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-2676", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6031.json b/2013/6xxx/CVE-2013-6031.json index 63195c49b1c..f3f41b26f26 100644 --- a/2013/6xxx/CVE-2013-6031.json +++ b/2013/6xxx/CVE-2013-6031.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6031", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Huawei E355 adapter with firmware 21.157.37.01.910 does not require authentication for API pages, which allows remote attackers to change passwords and settings, or obtain sensitive information, via a direct request to (1) api/wlan/security-settings, (2) api/device/information, (3) api/wlan/basic-settings, (4) api/wlan/mac-filter, (5) api/monitoring/status, or (6) api/dhcp/settings." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2013-6031", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/aczire/huawei-csrf-info_disclosure/blob/master/huawei_wifi_info.rb", - "refsource" : "MISC", - "url" : "https://github.com/aczire/huawei-csrf-info_disclosure/blob/master/huawei_wifi_info.rb" - }, - { - "name" : "VU#341526", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/341526" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Huawei E355 adapter with firmware 21.157.37.01.910 does not require authentication for API pages, which allows remote attackers to change passwords and settings, or obtain sensitive information, via a direct request to (1) api/wlan/security-settings, (2) api/device/information, (3) api/wlan/basic-settings, (4) api/wlan/mac-filter, (5) api/monitoring/status, or (6) api/dhcp/settings." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#341526", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/341526" + }, + { + "name": "https://github.com/aczire/huawei-csrf-info_disclosure/blob/master/huawei_wifi_info.rb", + "refsource": "MISC", + "url": "https://github.com/aczire/huawei-csrf-info_disclosure/blob/master/huawei_wifi_info.rb" + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6172.json b/2013/6xxx/CVE-2013-6172.json index 1d2ce876ed5..5629ae8110b 100644 --- a/2013/6xxx/CVE-2013-6172.json +++ b/2013/6xxx/CVE-2013-6172.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6172", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "steps/utils/save_pref.inc in Roundcube webmail before 0.8.7 and 0.9.x before 0.9.5 allows remote attackers to modify configuration settings via the _session parameter, which can be leveraged to read arbitrary files, conduct SQL injection attacks, and execute arbitrary code." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-6172", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://roundcube.net/news/2013/10/21/security-updates-095-and-087/", - "refsource" : "CONFIRM", - "url" : "http://roundcube.net/news/2013/10/21/security-updates-095-and-087/" - }, - { - "name" : "http://trac.roundcube.net/ticket/1489382", - "refsource" : "CONFIRM", - "url" : "http://trac.roundcube.net/ticket/1489382" - }, - { - "name" : "http://www.interworx.com/developers/changelog/version-5-0-13-build-574-2014-02-19", - "refsource" : "CONFIRM", - "url" : "http://www.interworx.com/developers/changelog/version-5-0-13-build-574-2014-02-19" - }, - { - "name" : "DSA-2787", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2013/dsa-2787" - }, - { - "name" : "openSUSE-SU-2014:0365", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2014-03/msg00035.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "steps/utils/save_pref.inc in Roundcube webmail before 0.8.7 and 0.9.x before 0.9.5 allows remote attackers to modify configuration settings via the _session parameter, which can be leveraged to read arbitrary files, conduct SQL injection attacks, and execute arbitrary code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://trac.roundcube.net/ticket/1489382", + "refsource": "CONFIRM", + "url": "http://trac.roundcube.net/ticket/1489382" + }, + { + "name": "http://roundcube.net/news/2013/10/21/security-updates-095-and-087/", + "refsource": "CONFIRM", + "url": "http://roundcube.net/news/2013/10/21/security-updates-095-and-087/" + }, + { + "name": "http://www.interworx.com/developers/changelog/version-5-0-13-build-574-2014-02-19", + "refsource": "CONFIRM", + "url": "http://www.interworx.com/developers/changelog/version-5-0-13-build-574-2014-02-19" + }, + { + "name": "openSUSE-SU-2014:0365", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00035.html" + }, + { + "name": "DSA-2787", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2013/dsa-2787" + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6795.json b/2013/6xxx/CVE-2013-6795.json index 5aab0969a7a..a30a6d66911 100644 --- a/2013/6xxx/CVE-2013-6795.json +++ b/2013/6xxx/CVE-2013-6795.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6795", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Updater in Rackspace Openstack Windows Guest Agent for XenServer before 1.2.6.0 allows remote attackers to execute arbitrary code via a crafted serialized .NET object to TCP port 1984, which triggers the download and extraction of a ZIP file that overwrites the Agent service binary." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-6795", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20131122 CVE-2013-6795 Vulnerability in the Rackspace Windows Agent and Updater", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2013-11/0122.html" - }, - { - "name" : "http://blog.cloudpassage.com/2013/11/18/cve-2013-6795-vulnerability-rackspace-windows-agent-updater/", - "refsource" : "MISC", - "url" : "http://blog.cloudpassage.com/2013/11/18/cve-2013-6795-vulnerability-rackspace-windows-agent-updater/" - }, - { - "name" : "http://packetstormsecurity.com/files/124153/Rackspace-Windows-Agent-Updater-Arbitrary-Code-Execution.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/124153/Rackspace-Windows-Agent-Updater-Arbitrary-Code-Execution.html" - }, - { - "name" : "https://github.com/rackerlabs/openstack-guest-agents-windows-xenserver/commit/ef16f88f20254b8083e361f11707da25f8482401", - "refsource" : "CONFIRM", - "url" : "https://github.com/rackerlabs/openstack-guest-agents-windows-xenserver/commit/ef16f88f20254b8083e361f11707da25f8482401" - }, - { - "name" : "https://github.com/rackerlabs/openstack-guest-agents-windows-xenserver/releases/tag/1.2.6.0", - "refsource" : "CONFIRM", - "url" : "https://github.com/rackerlabs/openstack-guest-agents-windows-xenserver/releases/tag/1.2.6.0" - }, - { - "name" : "100191", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/100191" - }, - { - "name" : "55775", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/55775" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Updater in Rackspace Openstack Windows Guest Agent for XenServer before 1.2.6.0 allows remote attackers to execute arbitrary code via a crafted serialized .NET object to TCP port 1984, which triggers the download and extraction of a ZIP file that overwrites the Agent service binary." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://blog.cloudpassage.com/2013/11/18/cve-2013-6795-vulnerability-rackspace-windows-agent-updater/", + "refsource": "MISC", + "url": "http://blog.cloudpassage.com/2013/11/18/cve-2013-6795-vulnerability-rackspace-windows-agent-updater/" + }, + { + "name": "http://packetstormsecurity.com/files/124153/Rackspace-Windows-Agent-Updater-Arbitrary-Code-Execution.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/124153/Rackspace-Windows-Agent-Updater-Arbitrary-Code-Execution.html" + }, + { + "name": "20131122 CVE-2013-6795 Vulnerability in the Rackspace Windows Agent and Updater", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2013-11/0122.html" + }, + { + "name": "100191", + "refsource": "OSVDB", + "url": "http://osvdb.org/100191" + }, + { + "name": "https://github.com/rackerlabs/openstack-guest-agents-windows-xenserver/commit/ef16f88f20254b8083e361f11707da25f8482401", + "refsource": "CONFIRM", + "url": "https://github.com/rackerlabs/openstack-guest-agents-windows-xenserver/commit/ef16f88f20254b8083e361f11707da25f8482401" + }, + { + "name": "55775", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/55775" + }, + { + "name": "https://github.com/rackerlabs/openstack-guest-agents-windows-xenserver/releases/tag/1.2.6.0", + "refsource": "CONFIRM", + "url": "https://github.com/rackerlabs/openstack-guest-agents-windows-xenserver/releases/tag/1.2.6.0" + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10057.json b/2017/10xxx/CVE-2017-10057.json index 2ec0a2fea84..fbbab45ee4d 100644 --- a/2017/10xxx/CVE-2017-10057.json +++ b/2017/10xxx/CVE-2017-10057.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2017-10057", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "PeopleSoft Enterprise PRTL Interaction Hub", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "9.1.0" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the PeopleSoft Enterprise PRTL Interaction Hub component of Oracle PeopleSoft Products (subcomponent: Discussion Forum). The supported version that is affected is 9.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PRTL Interaction Hub. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PRTL Interaction Hub, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PRTL Interaction Hub accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PRTL Interaction Hub accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PRTL Interaction Hub. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PRTL Interaction Hub, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PRTL Interaction Hub accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PRTL Interaction Hub accessible data." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2017-10057", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "PeopleSoft Enterprise PRTL Interaction Hub", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "9.1.0" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" - }, - { - "name" : "99798", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99798" - }, - { - "name" : "1038932", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038932" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the PeopleSoft Enterprise PRTL Interaction Hub component of Oracle PeopleSoft Products (subcomponent: Discussion Forum). The supported version that is affected is 9.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PRTL Interaction Hub. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PRTL Interaction Hub, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PRTL Interaction Hub accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PRTL Interaction Hub accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PRTL Interaction Hub. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PRTL Interaction Hub, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PRTL Interaction Hub accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PRTL Interaction Hub accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1038932", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038932" + }, + { + "name": "99798", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99798" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10070.json b/2017/10xxx/CVE-2017-10070.json index 3b0cadb96a1..7209c0aadde 100644 --- a/2017/10xxx/CVE-2017-10070.json +++ b/2017/10xxx/CVE-2017-10070.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2017-10070", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "PeopleSoft Enterprise PRTL Interaction Hub", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "9.1.0" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the PeopleSoft Enterprise PRTL Interaction Hub component of Oracle PeopleSoft Products (subcomponent: Maintenance Folders). The supported version that is affected is 9.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PRTL Interaction Hub. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PRTL Interaction Hub, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PRTL Interaction Hub accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PRTL Interaction Hub accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PRTL Interaction Hub. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PRTL Interaction Hub, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PRTL Interaction Hub accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PRTL Interaction Hub accessible data." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2017-10070", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "PeopleSoft Enterprise PRTL Interaction Hub", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "9.1.0" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" - }, - { - "name" : "99762", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99762" - }, - { - "name" : "1038932", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038932" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the PeopleSoft Enterprise PRTL Interaction Hub component of Oracle PeopleSoft Products (subcomponent: Maintenance Folders). The supported version that is affected is 9.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PRTL Interaction Hub. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PRTL Interaction Hub, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PRTL Interaction Hub accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PRTL Interaction Hub accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PRTL Interaction Hub. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PRTL Interaction Hub, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PRTL Interaction Hub accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PRTL Interaction Hub accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "99762", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99762" + }, + { + "name": "1038932", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038932" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10968.json b/2017/10xxx/CVE-2017-10968.json index bb9de552d12..dd65171fb38 100644 --- a/2017/10xxx/CVE-2017-10968.json +++ b/2017/10xxx/CVE-2017-10968.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-10968", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In FineCMS through 2017-07-07, application\\core\\controller\\template.php allows remote PHP code execution by placing the code after \"