mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-08-04 08:44:25 +00:00
118 lines
4.1 KiB
JSON
118 lines
4.1 KiB
JSON
{
|
|
"CVE_data_meta" : {
|
|
"ASSIGNER" : "cve@mitre.org",
|
|
"ID" : "CVE-2006-3935",
|
|
"STATE" : "PUBLIC"
|
|
},
|
|
"affects" : {
|
|
"vendor" : {
|
|
"vendor_data" : [
|
|
{
|
|
"product" : {
|
|
"product_data" : [
|
|
{
|
|
"product_name" : "n/a",
|
|
"version" : {
|
|
"version_data" : [
|
|
{
|
|
"version_value" : "n/a"
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
},
|
|
"vendor_name" : "n/a"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"data_format" : "MITRE",
|
|
"data_type" : "CVE",
|
|
"data_version" : "4.0",
|
|
"description" : {
|
|
"description_data" : [
|
|
{
|
|
"lang" : "eng",
|
|
"value" : "system/workplace/views/admin/admin-main.jsp in Alkacon OpenCms before 6.2.2 does not restrict access to administrator functions, which allows remote authenticated users to (1) send broadcast messages to all users (/workplace/broadcast), (2) list all users (/accounts/users), (3) add webusers (/accounts/webusers/new), (4) upload database import and export files (/database/importhttp), (5) upload arbitrary program modules (/modules/modules_import), and (6) read the log file (/workplace/logfileview) by setting the appropriate value for the path parameter in a direct request to admin-main.jsp."
|
|
}
|
|
]
|
|
},
|
|
"problemtype" : {
|
|
"problemtype_data" : [
|
|
{
|
|
"description" : [
|
|
{
|
|
"lang" : "eng",
|
|
"value" : "n/a"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
"references" : {
|
|
"reference_data" : [
|
|
{
|
|
"name" : "20060726 Multiple vulnerabilities in OpenCMS",
|
|
"refsource" : "BUGTRAQ",
|
|
"url" : "http://www.securityfocus.com/archive/1/441182/100/0/threaded"
|
|
},
|
|
{
|
|
"name" : "http://o0o.nu/~meder/OpenCMS_multiple_vulnerabilities.txt",
|
|
"refsource" : "MISC",
|
|
"url" : "http://o0o.nu/~meder/OpenCMS_multiple_vulnerabilities.txt"
|
|
},
|
|
{
|
|
"name" : "http://www.opencms.org/export/download/opencms/opencms_6.2.2_src.zip",
|
|
"refsource" : "MISC",
|
|
"url" : "http://www.opencms.org/export/download/opencms/opencms_6.2.2_src.zip"
|
|
},
|
|
{
|
|
"name" : "http://www.opencms.org/opencms/en/shownews.html?id=1002",
|
|
"refsource" : "MISC",
|
|
"url" : "http://www.opencms.org/opencms/en/shownews.html?id=1002"
|
|
},
|
|
{
|
|
"name" : "21193",
|
|
"refsource" : "SECUNIA",
|
|
"url" : "http://secunia.com/advisories/21193"
|
|
},
|
|
{
|
|
"name" : "1302",
|
|
"refsource" : "SREASON",
|
|
"url" : "http://securityreason.com/securityalert/1302"
|
|
},
|
|
{
|
|
"name" : "opencms-adminmain-account-creation(28003)",
|
|
"refsource" : "XF",
|
|
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28003"
|
|
},
|
|
{
|
|
"name" : "opencms-adminmain-database-file-upload(28026)",
|
|
"refsource" : "XF",
|
|
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28026"
|
|
},
|
|
{
|
|
"name" : "opencms-adminmain-file-access(27996)",
|
|
"refsource" : "XF",
|
|
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27996"
|
|
},
|
|
{
|
|
"name" : "opencms-adminmain-message-broadcast(28031)",
|
|
"refsource" : "XF",
|
|
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28031"
|
|
},
|
|
{
|
|
"name" : "opencms-adminmain-module-upload(28010)",
|
|
"refsource" : "XF",
|
|
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28010"
|
|
},
|
|
{
|
|
"name" : "opencms-adminmain-obtain-information(28036)",
|
|
"refsource" : "XF",
|
|
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28036"
|
|
}
|
|
]
|
|
}
|
|
}
|