admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity
cvelist/2006/4xxx/CVE-2006-4954.json
CVE Team 702b2164f4
"-Synchronized-Data."
2019-03-18 00:48:19 +00:00

82 lines
2.6 KiB
JSON
Raw Blame History

{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4954",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The updateuser servlet in Neon WebMail for Java before 5.08 does not validate the in_id parameter, which allows remote attackers to modify information of arbitrary users, as demonstrated by modifying (1) passwords and (2) permissions, (3) viewing profile settings, and (4) creating and (5) deleting users."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20109",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20109"
},
{
"name": "http://vuln.sg/neonmail506-en.html",
"refsource": "MISC",
"url": "http://vuln.sg/neonmail506-en.html"
},
{
"name": "22029",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22029"
},
{
"name": "neonwebmail-updateuser-security-bypass(29089)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29089"
},
{
"name": "84203",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/84203"
}
]
}
}
Reference in New Issue View Git Blame Copy Permalink