Created
March 22, 2026 09:13
-
-
Save adulau/ab250a9945da4f6558be48a7b99ac427 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| {"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2011-02-23T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "The TFTP implementation on Cisco TelePresence endpoint devices with software 1.2.x through 1.5.x, 1.6.0, and 1.6.1 allows remote attackers to obtain sensitive information via a GET request, aka Bug ID CSCte43876."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2011-03-31T09:00:00.000Z", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco"}, "references": [{"name": "1025112", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1025112"}, {"name": "20110223 Multiple Vulnerabilities in Cisco TelePresence Endpoint Devices", "tags": ["vendor-advisory", "x_refsource_CISCO"], "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b6e152.shtml"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@cisco.com", "ID": "CVE-2011-0376", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The TFTP implementation on Cisco TelePresence endpoint devices with software 1.2.x through 1.5.x, 1.6.0, and 1.6.1 allows remote attackers to obtain sensitive information via a GET request, aka Bug ID CSCte43876."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "1025112", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1025112"}, {"name": "20110223 Multiple Vulnerabilities in Cisco TelePresence Endpoint Devices", "refsource": "CISCO", "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b6e152.shtml"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T21:51:08.622Z"}, "title": "CVE Program Container", "references": [{"name": "1025112", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id?1025112"}, {"name": "20110223 Multiple Vulnerabilities in Cisco TelePresence Endpoint Devices", "tags": ["vendor-advisory", "x_refsource_CISCO", "x_transferred"], "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b6e152.shtml"}]}]}, "cveMetadata": {"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2011-0376", "datePublished": "2011-02-25T11:00:00.000Z", "dateReserved": "2011-01-07T00:00:00.000Z", "dateUpdated": "2024-08-06T21:51:08.622Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1", "vulnerability-lookup:meta": {"fkie_nvd": {"configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:telepresence_system_software:1.2.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C5EAB196-F648-42F7-9621-9D43FA9288C1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:telepresence_system_software:1.3.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BFE7BB6D-16FF-4141-93A1-1B4EB7C1D46C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:telepresence_system_software:1.4.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"31487AA7-257C-4216-B5E5-6244FF06D00A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:telepresence_system_software:1.5.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4062C260-C7B5-40E4-B77E-5AC1BFDB303D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:telepresence_system_software:1.5.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4B9FF632-4F67-4D04-A7D9-FDDF24E22541\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:telepresence_system_software:1.5.10:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"27ECF70E-A6FE-4277-B02A-F0551271446B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:telepresence_system_software:1.5.11:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"68CC9A38-CA82-4558-BC92-0433301570E9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:telepresence_system_software:1.5.12:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F74C1145-E2DC-41A5-ADD8-282332124C8A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:telepresence_system_software:1.5.13:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B1CB7370-5367-4C3E-9B0E-88A29E1E8704\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:a:cisco:telepresence_system_software:1.6.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F6456B65-FE0C-4133-BADD-2B3872855348\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:a:cisco:telepresence_system_software:1.6.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2FBF8BE7-C77D-4259-9AC7-FF8987AFCD60\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:cisco:telepresence_system_1000:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9397D7AF-428C-422C-8EB1-B7C59D567BB4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:cisco:telepresence_system_1100:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"505B044D-2529-4605-9FD0-C6B8B534B4C3\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:telepresence_system_software:1.2.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C5EAB196-F648-42F7-9621-9D43FA9288C1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:telepresence_system_software:1.3.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BFE7BB6D-16FF-4141-93A1-1B4EB7C1D46C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:telepresence_system_software:1.4.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"31487AA7-257C-4216-B5E5-6244FF06D00A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:telepresence_system_software:1.5.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4062C260-C7B5-40E4-B77E-5AC1BFDB303D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:telepresence_system_software:1.5.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4B9FF632-4F67-4D04-A7D9-FDDF24E22541\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:telepresence_system_software:1.5.10:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"27ECF70E-A6FE-4277-B02A-F0551271446B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:telepresence_system_software:1.5.11:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"68CC9A38-CA82-4558-BC92-0433301570E9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:telepresence_system_software:1.5.12:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F74C1145-E2DC-41A5-ADD8-282332124C8A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:telepresence_system_software:1.5.13:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B1CB7370-5367-4C3E-9B0E-88A29E1E8704\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:a:cisco:telepresence_system_software:1.6.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F6456B65-FE0C-4133-BADD-2B3872855348\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:a:cisco:telepresence_system_software:1.6.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2FBF8BE7-C77D-4259-9AC7-FF8987AFCD60\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:cisco:telepresence_system_3000:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DC14CB1A-DE5C-4877-8FFB-DF2FA1ADE176\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:telepresence_system_software:1.5.10:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"27ECF70E-A6FE-4277-B02A-F0551271446B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:telepresence_system_software:1.5.11:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"68CC9A38-CA82-4558-BC92-0433301570E9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:telepresence_system_software:1.5.12:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F74C1145-E2DC-41A5-ADD8-282332124C8A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:telepresence_system_software:1.5.13:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B1CB7370-5367-4C3E-9B0E-88A29E1E8704\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:a:cisco:telepresence_system_software:1.6.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F6456B65-FE0C-4133-BADD-2B3872855348\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:a:cisco:telepresence_system_software:1.6.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2FBF8BE7-C77D-4259-9AC7-FF8987AFCD60\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:cisco:telepresence_system_1300_series:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B6D3C3AC-464F-4BCB-B3FF-CE4718156109\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:a:cisco:telepresence_system_software:1.4.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"31487AA7-257C-4216-B5E5-6244FF06D00A\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:a:cisco:telepresence_system_software:1.5.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4062C260-C7B5-40E4-B77E-5AC1BFDB303D\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:a:cisco:telepresence_system_software:1.5.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4B9FF632-4F67-4D04-A7D9-FDDF24E22541\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:a:cisco:telepresence_system_software:1.5.10:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"27ECF70E-A6FE-4277-B02A-F0551271446B\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:a:cisco:telepresence_system_software:1.5.11:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"68CC9A38-CA82-4558-BC92-0433301570E9\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:a:cisco:telepresence_system_software:1.5.12:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F74C1145-E2DC-41A5-ADD8-282332124C8A\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:a:cisco:telepresence_system_software:1.5.13:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B1CB7370-5367-4C3E-9B0E-88A29E1E8704\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:a:cisco:telepresence_system_software:1.6.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F6456B65-FE0C-4133-BADD-2B3872855348\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:a:cisco:telepresence_system_software:1.6.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2FBF8BE7-C77D-4259-9AC7-FF8987AFCD60\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:cisco:telepresence_system_3200_series:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B9CB2EA2-9BC8-4FFD-B79C-0887D65B082B\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:telepresence_system_software:1.4.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"31487AA7-257C-4216-B5E5-6244FF06D00A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:telepresence_system_software:1.5.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4062C260-C7B5-40E4-B77E-5AC1BFDB303D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:telepresence_system_software:1.5.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4B9FF632-4F67-4D04-A7D9-FDDF24E22541\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:telepresence_system_software:1.5.10:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"27ECF70E-A6FE-4277-B02A-F0551271446B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:telepresence_system_software:1.5.11:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"68CC9A38-CA82-4558-BC92-0433301570E9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:telepresence_system_software:1.5.12:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F74C1145-E2DC-41A5-ADD8-282332124C8A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:telepresence_system_software:1.5.13:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B1CB7370-5367-4C3E-9B0E-88A29E1E8704\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:telepresence_system_software:1.6.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F6456B65-FE0C-4133-BADD-2B3872855348\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:telepresence_system_software:1.6.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2FBF8BE7-C77D-4259-9AC7-FF8987AFCD60\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:cisco:telepresence_system_500_series:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F04D64C3-9105-49CD-8CED-E802E348ECF0\"}]}]}]", "descriptions": "[{\"lang\": \"en\", \"value\": \"The TFTP implementation on Cisco TelePresence endpoint devices with software 1.2.x through 1.5.x, 1.6.0, and 1.6.1 allows remote attackers to obtain sensitive information via a GET request, aka Bug ID CSCte43876.\"}, {\"lang\": \"es\", \"value\": \"La implementaci\\u00f3n TFTP en los dispositivos de Cisco TelePresence endpoint con software v1.2.x hasta v1.5.x, v1.6.0 y v1.6.1 permite a atacantes remotos obtener informaci\\u00f3n sensible a trav\\u00e9s de una petici\\u00f3n GET, tambi\\u00e9n conocido como error ID CSCte43876.\"}]", "id": "CVE-2011-0376", "lastModified": "2024-11-21T01:23:50.300", "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:C/I:C/A:C\", \"baseScore\": 10.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}", "published": "2011-02-25T12:00:18.167", "references": "[{\"url\": \"http://www.cisco.com/en/US/products/products_security_advisory09186a0080b6e152.shtml\", \"source\": \"ykramarz@cisco.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securitytracker.com/id?1025112\", \"source\": \"ykramarz@cisco.com\"}, {\"url\": \"http://www.cisco.com/en/US/products/products_security_advisory09186a0080b6e152.shtml\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securitytracker.com/id?1025112\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]", "sourceIdentifier": "ykramarz@cisco.com", "vulnStatus": "Modified", "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-200\"}]}]"}, "nvd": "{\"cve\":{\"id\":\"CVE-2011-0376\",\"sourceIdentifier\":\"psirt@cisco.com\",\"published\":\"2011-02-25T12:00:18.167\",\"lastModified\":\"2025-04-11T00:51:21.963\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The TFTP implementation on Cisco TelePresence endpoint devices with software 1.2.x through 1.5.x, 1.6.0, and 1.6.1 allows remote attackers to obtain sensitive information via a GET request, aka Bug ID CSCte43876.\"},{\"lang\":\"es\",\"value\":\"La implementación TFTP en los dispositivos de Cisco TelePresence endpoint con software v1.2.x hasta v1.5.x, v1.6.0 y v1.6.1 permite a atacantes remotos obtener información sensible a través de una petición GET, también conocido como error ID CSCte43876.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:C/I:C/A:C\",\"baseScore\":10.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-200\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_system_software:1.2.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C5EAB196-F648-42F7-9621-9D43FA9288C1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_system_software:1.3.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BFE7BB6D-16FF-4141-93A1-1B4EB7C1D46C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_system_software:1.4.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"31487AA7-257C-4216-B5E5-6244FF06D00A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_system_software:1.5.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4062C260-C7B5-40E4-B77E-5AC1BFDB303D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_system_software:1.5.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4B9FF632-4F67-4D04-A7D9-FDDF24E22541\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_system_software:1.5.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"27ECF70E-A6FE-4277-B02A-F0551271446B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_system_software:1.5.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"68CC9A38-CA82-4558-BC92-0433301570E9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_system_software:1.5.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F74C1145-E2DC-41A5-ADD8-282332124C8A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_system_software:1.5.13:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B1CB7370-5367-4C3E-9B0E-88A29E1E8704\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:a:cisco:telepresence_system_software:1.6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F6456B65-FE0C-4133-BADD-2B3872855348\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:a:cisco:telepresence_system_software:1.6.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2FBF8BE7-C77D-4259-9AC7-FF8987AFCD60\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:cisco:telepresence_system_1000:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9397D7AF-428C-422C-8EB1-B7C59D567BB4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:cisco:telepresence_system_1100:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"505B044D-2529-4605-9FD0-C6B8B534B4C3\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_system_software:1.2.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C5EAB196-F648-42F7-9621-9D43FA9288C1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_system_software:1.3.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BFE7BB6D-16FF-4141-93A1-1B4EB7C1D46C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_system_software:1.4.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"31487AA7-257C-4216-B5E5-6244FF06D00A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_system_software:1.5.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4062C260-C7B5-40E4-B77E-5AC1BFDB303D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_system_software:1.5.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4B9FF632-4F67-4D04-A7D9-FDDF24E22541\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_system_software:1.5.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"27ECF70E-A6FE-4277-B02A-F0551271446B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_system_software:1.5.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"68CC9A38-CA82-4558-BC92-0433301570E9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_system_software:1.5.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F74C1145-E2DC-41A5-ADD8-282332124C8A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_system_software:1.5.13:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B1CB7370-5367-4C3E-9B0E-88A29E1E8704\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:a:cisco:telepresence_system_software:1.6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F6456B65-FE0C-4133-BADD-2B3872855348\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:a:cisco:telepresence_system_software:1.6.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2FBF8BE7-C77D-4259-9AC7-FF8987AFCD60\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:cisco:telepresence_system_3000:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DC14CB1A-DE5C-4877-8FFB-DF2FA1ADE176\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_system_software:1.5.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"27ECF70E-A6FE-4277-B02A-F0551271446B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_system_software:1.5.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"68CC9A38-CA82-4558-BC92-0433301570E9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_system_software:1.5.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F74C1145-E2DC-41A5-ADD8-282332124C8A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_system_software:1.5.13:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B1CB7370-5367-4C3E-9B0E-88A29E1E8704\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:a:cisco:telepresence_system_software:1.6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F6456B65-FE0C-4133-BADD-2B3872855348\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:a:cisco:telepresence_system_software:1.6.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2FBF8BE7-C77D-4259-9AC7-FF8987AFCD60\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:cisco:telepresence_system_1300_series:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B6D3C3AC-464F-4BCB-B3FF-CE4718156109\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:a:cisco:telepresence_system_software:1.4.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"31487AA7-257C-4216-B5E5-6244FF06D00A\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:a:cisco:telepresence_system_software:1.5.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4062C260-C7B5-40E4-B77E-5AC1BFDB303D\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:a:cisco:telepresence_system_software:1.5.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4B9FF632-4F67-4D04-A7D9-FDDF24E22541\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:a:cisco:telepresence_system_software:1.5.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"27ECF70E-A6FE-4277-B02A-F0551271446B\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:a:cisco:telepresence_system_software:1.5.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"68CC9A38-CA82-4558-BC92-0433301570E9\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:a:cisco:telepresence_system_software:1.5.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F74C1145-E2DC-41A5-ADD8-282332124C8A\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:a:cisco:telepresence_system_software:1.5.13:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B1CB7370-5367-4C3E-9B0E-88A29E1E8704\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:a:cisco:telepresence_system_software:1.6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F6456B65-FE0C-4133-BADD-2B3872855348\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:a:cisco:telepresence_system_software:1.6.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2FBF8BE7-C77D-4259-9AC7-FF8987AFCD60\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:cisco:telepresence_system_3200_series:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B9CB2EA2-9BC8-4FFD-B79C-0887D65B082B\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_system_software:1.4.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"31487AA7-257C-4216-B5E5-6244FF06D00A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_system_software:1.5.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4062C260-C7B5-40E4-B77E-5AC1BFDB303D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_system_software:1.5.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4B9FF632-4F67-4D04-A7D9-FDDF24E22541\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_system_software:1.5.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"27ECF70E-A6FE-4277-B02A-F0551271446B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_system_software:1.5.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"68CC9A38-CA82-4558-BC92-0433301570E9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_system_software:1.5.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F74C1145-E2DC-41A5-ADD8-282332124C8A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_system_software:1.5.13:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B1CB7370-5367-4C3E-9B0E-88A29E1E8704\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_system_software:1.6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F6456B65-FE0C-4133-BADD-2B3872855348\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_system_software:1.6.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2FBF8BE7-C77D-4259-9AC7-FF8987AFCD60\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:cisco:telepresence_system_500_series:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F04D64C3-9105-49CD-8CED-E802E348ECF0\"}]}]}],\"references\":[{\"url\":\"http://www.cisco.com/en/US/products/products_security_advisory09186a0080b6e152.shtml\",\"source\":\"psirt@cisco.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securitytracker.com/id?1025112\",\"source\":\"psirt@cisco.com\"},{\"url\":\"http://www.cisco.com/en/US/products/products_security_advisory09186a0080b6e152.shtml\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securitytracker.com/id?1025112\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"}} | |
| {"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2008-12-21T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "Stack-based buffer overflow in skin.c in CoolPlayer 2.17 through 2.19 allows remote attackers to execute arbitrary code via a large PlaylistSkin value in a skin file."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-11T19:57:01.000Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "20081222 CoolPlayer 2.19 (Skin File) Local Buffer Overflow Exploit", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/499480/100/0/threaded"}, {"name": "7536", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "https://www.exploit-db.com/exploits/7536"}, {"name": "32947", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/32947"}, {"tags": ["x_refsource_MISC"], "url": "http://www.bmgsec.com.au/advisory/43/"}, {"name": "4813", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/4813"}, {"name": "coolplayer-skin-bo(47527)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47527"}, {"name": "7547", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "https://www.exploit-db.com/exploits/7547"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-5735", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Stack-based buffer overflow in skin.c in CoolPlayer 2.17 through 2.19 allows remote attackers to execute arbitrary code via a large PlaylistSkin value in a skin file."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "20081222 CoolPlayer 2.19 (Skin File) Local Buffer Overflow Exploit", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/499480/100/0/threaded"}, {"name": "7536", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/7536"}, {"name": "32947", "refsource": "BID", "url": "http://www.securityfocus.com/bid/32947"}, {"name": "http://www.bmgsec.com.au/advisory/43/", "refsource": "MISC", "url": "http://www.bmgsec.com.au/advisory/43/"}, {"name": "4813", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/4813"}, {"name": "coolplayer-skin-bo(47527)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47527"}, {"name": "7547", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/7547"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T11:04:44.556Z"}, "title": "CVE Program Container", "references": [{"name": "20081222 CoolPlayer 2.19 (Skin File) Local Buffer Overflow Exploit", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/499480/100/0/threaded"}, {"name": "7536", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"], "url": "https://www.exploit-db.com/exploits/7536"}, {"name": "32947", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/32947"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.bmgsec.com.au/advisory/43/"}, {"name": "4813", "tags": ["third-party-advisory", "x_refsource_SREASON", "x_transferred"], "url": "http://securityreason.com/securityalert/4813"}, {"name": "coolplayer-skin-bo(47527)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47527"}, {"name": "7547", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"], "url": "https://www.exploit-db.com/exploits/7547"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-5735", "datePublished": "2008-12-26T18:00:00.000Z", "dateReserved": "2008-12-26T00:00:00.000Z", "dateUpdated": "2024-08-07T11:04:44.556Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1", "vulnerability-lookup:meta": {"fkie_nvd": {"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:coolplayer:coolplayer:2.17:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"89472CA5-7BA9-4F29-8E0E-C52BB2D3298B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:coolplayer:coolplayer:2.18:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FF60AE3E-90C0-4F60-9C76-68CAD2A9C0C1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:coolplayer:coolplayer:2.19:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"925F1556-4CEF-484D-B712-B1FE45079B9A\"}]}]}]", "descriptions": "[{\"lang\": \"en\", \"value\": \"Stack-based buffer overflow in skin.c in CoolPlayer 2.17 through 2.19 allows remote attackers to execute arbitrary code via a large PlaylistSkin value in a skin file.\"}, {\"lang\": \"es\", \"value\": \"Desbordamiento de b\\u00fafer basado en pila en skin.c en CoolPlayer de 2.17 a 2.19 permite a atacantes remotos ejecutar c\\u00f3digo de su elecci\\u00f3n mediante un valor PlaylistSkin grande en un archivo skin.\"}]", "id": "CVE-2008-5735", "lastModified": "2024-11-21T00:54:46.443", "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:C/I:C/A:C\", \"baseScore\": 9.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 8.6, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": true, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}", "published": "2008-12-26T18:30:00.187", "references": "[{\"url\": \"http://securityreason.com/securityalert/4813\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.bmgsec.com.au/advisory/43/\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/archive/1/499480/100/0/threaded\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/bid/32947\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/47527\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://www.exploit-db.com/exploits/7536\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://www.exploit-db.com/exploits/7547\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://securityreason.com/securityalert/4813\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.bmgsec.com.au/advisory/43/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/archive/1/499480/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/32947\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/47527\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://www.exploit-db.com/exploits/7536\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://www.exploit-db.com/exploits/7547\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]", "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-119\"}]}]"}, "nvd": "{\"cve\":{\"id\":\"CVE-2008-5735\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2008-12-26T18:30:00.187\",\"lastModified\":\"2025-04-09T00:30:58.490\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Stack-based buffer overflow in skin.c in CoolPlayer 2.17 through 2.19 allows remote attackers to execute arbitrary code via a large PlaylistSkin value in a skin file.\"},{\"lang\":\"es\",\"value\":\"Desbordamiento de búfer basado en pila en skin.c en CoolPlayer de 2.17 a 2.19 permite a atacantes remotos ejecutar código de su elección mediante un valor PlaylistSkin grande en un archivo skin.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:C/I:C/A:C\",\"baseScore\":9.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.6,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":true,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-119\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:coolplayer:coolplayer:2.17:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"89472CA5-7BA9-4F29-8E0E-C52BB2D3298B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:coolplayer:coolplayer:2.18:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FF60AE3E-90C0-4F60-9C76-68CAD2A9C0C1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:coolplayer:coolplayer:2.19:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"925F1556-4CEF-484D-B712-B1FE45079B9A\"}]}]}],\"references\":[{\"url\":\"http://securityreason.com/securityalert/4813\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.bmgsec.com.au/advisory/43/\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/499480/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/32947\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/47527\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://www.exploit-db.com/exploits/7536\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://www.exploit-db.com/exploits/7547\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://securityreason.com/securityalert/4813\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.bmgsec.com.au/advisory/43/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/499480/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/32947\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/47527\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.exploit-db.com/exploits/7536\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.exploit-db.com/exploits/7547\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"}} | |
| {"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2008-03-10T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "Directory traversal vulnerability in the Notes (aka Flash Notes or instant messages) feature in tb2ftp.dll in Timbuktu Pro 8.6.5 for Windows, and possibly 8.7 for Mac OS X, allows remote attackers to upload files to arbitrary locations via a destination filename with a \\ (backslash) character followed by ../ (dot dot slash) sequences. NOTE: this can be leveraged for code execution by writing to a Startup folder. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2007-4220."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-11T19:57:01.000Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "20080310 Vulnerabilities in Timbuktu Pro 8.6.5", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/489360/100/0/threaded"}, {"name": "4455", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "https://www.exploit-db.com/exploits/4455"}, {"name": "29316", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/29316"}, {"name": "3741", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/3741"}, {"tags": ["x_refsource_MISC"], "url": "http://www.coresecurity.com/?action=item&id=2166"}, {"name": "20080311 Re: [Full-disclosure] Vulnerabilities in Timbuktu Pro 8.6.5", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/489382/100/0/threaded"}, {"tags": ["x_refsource_MISC"], "url": "http://aluigi.org/poc/timbuto.zip"}, {"name": "28081", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/28081"}, {"tags": ["x_refsource_MISC"], "url": "http://aluigi.altervista.org/adv/timbuto-adv.txt"}, {"name": "20080311 CORE-2008-0204: Timbuktu Pro Remote Path Traversal and Log Injection", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/489414/100/0/threaded"}, {"name": "ADV-2008-0840", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2008/0840"}, {"name": "5238", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "https://www.exploit-db.com/exploits/5238"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-1117", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Directory traversal vulnerability in the Notes (aka Flash Notes or instant messages) feature in tb2ftp.dll in Timbuktu Pro 8.6.5 for Windows, and possibly 8.7 for Mac OS X, allows remote attackers to upload files to arbitrary locations via a destination filename with a \\ (backslash) character followed by ../ (dot dot slash) sequences. NOTE: this can be leveraged for code execution by writing to a Startup folder. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2007-4220."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "20080310 Vulnerabilities in Timbuktu Pro 8.6.5", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/489360/100/0/threaded"}, {"name": "4455", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/4455"}, {"name": "29316", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29316"}, {"name": "3741", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/3741"}, {"name": "http://www.coresecurity.com/?action=item&id=2166", "refsource": "MISC", "url": "http://www.coresecurity.com/?action=item&id=2166"}, {"name": "20080311 Re: [Full-disclosure] Vulnerabilities in Timbuktu Pro 8.6.5", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/489382/100/0/threaded"}, {"name": "http://aluigi.org/poc/timbuto.zip", "refsource": "MISC", "url": "http://aluigi.org/poc/timbuto.zip"}, {"name": "28081", "refsource": "BID", "url": "http://www.securityfocus.com/bid/28081"}, {"name": "http://aluigi.altervista.org/adv/timbuto-adv.txt", "refsource": "MISC", "url": "http://aluigi.altervista.org/adv/timbuto-adv.txt"}, {"name": "20080311 CORE-2008-0204: Timbuktu Pro Remote Path Traversal and Log Injection", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/489414/100/0/threaded"}, {"name": "ADV-2008-0840", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/0840"}, {"name": "5238", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/5238"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T08:08:57.659Z"}, "title": "CVE Program Container", "references": [{"name": "20080310 Vulnerabilities in Timbuktu Pro 8.6.5", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/489360/100/0/threaded"}, {"name": "4455", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"], "url": "https://www.exploit-db.com/exploits/4455"}, {"name": "29316", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/29316"}, {"name": "3741", "tags": ["third-party-advisory", "x_refsource_SREASON", "x_transferred"], "url": "http://securityreason.com/securityalert/3741"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.coresecurity.com/?action=item&id=2166"}, {"name": "20080311 Re: [Full-disclosure] Vulnerabilities in Timbuktu Pro 8.6.5", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/489382/100/0/threaded"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://aluigi.org/poc/timbuto.zip"}, {"name": "28081", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/28081"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://aluigi.altervista.org/adv/timbuto-adv.txt"}, {"name": "20080311 CORE-2008-0204: Timbuktu Pro Remote Path Traversal and Log Injection", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/489414/100/0/threaded"}, {"name": "ADV-2008-0840", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2008/0840"}, {"name": "5238", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"], "url": "https://www.exploit-db.com/exploits/5238"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-1117", "datePublished": "2008-03-14T20:00:00.000Z", "dateReserved": "2008-03-03T00:00:00.000Z", "dateUpdated": "2024-08-07T08:08:57.659Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1", "vulnerability-lookup:meta": {"fkie_nvd": {"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netopia:timbuktu_pro:8.6.5:*:windows:*:*:*:*:*\", \"matchCriteriaId\": \"7C97B7A9-5647-436E-9C24-B1F144BC511D\"}]}]}]", "descriptions": "[{\"lang\": \"en\", \"value\": \"Directory traversal vulnerability in the Notes (aka Flash Notes or instant messages) feature in tb2ftp.dll in Timbuktu Pro 8.6.5 for Windows, and possibly 8.7 for Mac OS X, allows remote attackers to upload files to arbitrary locations via a destination filename with a \\\\ (backslash) character followed by ../ (dot dot slash) sequences. NOTE: this can be leveraged for code execution by writing to a Startup folder. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2007-4220.\"}, {\"lang\": \"es\", \"value\": \"Vulnerabilidad de salto de directorio en la utilidad de notas (tambi\\u00e9n conocido como Flash Notes o mensajes intant\\u00e1neos) en el m\\u00f3dulo tb2ftp.dll de Timbuktu Pro 8.6.5 para Windows, y posiblemente en la versi\\u00f3n 8.7 para Mac OS X, permite a atacantes remotos cargar ficheros en localizaciones arbitrarias mediante la utilizaci\\u00f3n de un fichero de destino con un car\\u00e1cter \\\\ (barra invertida) seguido de la secuencia de caracteres ../ (punto, punto y barra). NOTA: esto puede ser utilizado para ejecutar c\\u00f3digo al escribir el fichero en la carpeta \\\"Inicio\\\". NOTA: esta vulnerabilidad reportada est\\u00e1 causada por una reparaci\\u00f3n incompleta de VE-2007-4220.\"}]", "id": "CVE-2008-1117", "lastModified": "2024-11-21T00:43:42.997", "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:C/I:C/A:C\", \"baseScore\": 10.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}", "published": "2008-03-14T20:44:00.000", "references": "[{\"url\": \"http://aluigi.altervista.org/adv/timbuto-adv.txt\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://aluigi.org/poc/timbuto.zip\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://secunia.com/advisories/29316\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://securityreason.com/securityalert/3741\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.coresecurity.com/?action=item&id=2166\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/archive/1/489360/100/0/threaded\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/archive/1/489382/100/0/threaded\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/archive/1/489414/100/0/threaded\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/bid/28081\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.vupen.com/english/advisories/2008/0840\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://www.exploit-db.com/exploits/4455\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://www.exploit-db.com/exploits/5238\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://aluigi.altervista.org/adv/timbuto-adv.txt\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://aluigi.org/poc/timbuto.zip\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://secunia.com/advisories/29316\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://securityreason.com/securityalert/3741\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.coresecurity.com/?action=item&id=2166\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/archive/1/489360/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/archive/1/489382/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/archive/1/489414/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/28081\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vupen.com/english/advisories/2008/0840\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://www.exploit-db.com/exploits/4455\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://www.exploit-db.com/exploits/5238\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]", "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-22\"}]}]"}, "nvd": "{\"cve\":{\"id\":\"CVE-2008-1117\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2008-03-14T20:44:00.000\",\"lastModified\":\"2025-04-09T00:30:58.490\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Directory traversal vulnerability in the Notes (aka Flash Notes or instant messages) feature in tb2ftp.dll in Timbuktu Pro 8.6.5 for Windows, and possibly 8.7 for Mac OS X, allows remote attackers to upload files to arbitrary locations via a destination filename with a \\\\ (backslash) character followed by ../ (dot dot slash) sequences. NOTE: this can be leveraged for code execution by writing to a Startup folder. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2007-4220.\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad de salto de directorio en la utilidad de notas (también conocido como Flash Notes o mensajes intantáneos) en el módulo tb2ftp.dll de Timbuktu Pro 8.6.5 para Windows, y posiblemente en la versión 8.7 para Mac OS X, permite a atacantes remotos cargar ficheros en localizaciones arbitrarias mediante la utilización de un fichero de destino con un carácter \\\\ (barra invertida) seguido de la secuencia de caracteres ../ (punto, punto y barra). NOTA: esto puede ser utilizado para ejecutar código al escribir el fichero en la carpeta \\\"Inicio\\\". NOTA: esta vulnerabilidad reportada está causada por una reparación incompleta de VE-2007-4220.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:C/I:C/A:C\",\"baseScore\":10.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-22\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netopia:timbuktu_pro:8.6.5:*:windows:*:*:*:*:*\",\"matchCriteriaId\":\"7C97B7A9-5647-436E-9C24-B1F144BC511D\"}]}]}],\"references\":[{\"url\":\"http://aluigi.altervista.org/adv/timbuto-adv.txt\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://aluigi.org/poc/timbuto.zip\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\"]},{\"url\":\"http://secunia.com/advisories/29316\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://securityreason.com/securityalert/3741\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.coresecurity.com/?action=item&id=2166\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/489360/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/489382/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/489414/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/28081\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2008/0840\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://www.exploit-db.com/exploits/4455\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://www.exploit-db.com/exploits/5238\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://aluigi.altervista.org/adv/timbuto-adv.txt\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://aluigi.org/poc/timbuto.zip\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\"]},{\"url\":\"http://secunia.com/advisories/29316\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://securityreason.com/securityalert/3741\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.coresecurity.com/?action=item&id=2166\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/489360/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/489382/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/489414/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/28081\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2008/0840\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.exploit-db.com/exploits/4455\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.exploit-db.com/exploits/5238\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"}} | |
| {"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2001-01-07T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "Directory traversal vulnerability in eXtropia bbs_forum.cgi 1.0 allows remote attackers to read arbitrary files via a .. (dot dot) attack on the file parameter."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2004-09-02T09:00:00.000Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://www.extropia.com/hacks/bbs_security.html"}, {"name": "3546", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/3546"}, {"name": "20010107 Cgisecurity.com Advisory #3.1", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://marc.info/?l=bugtraq&m=97905792214999&w=2"}, {"name": "2177", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/2177"}, {"name": "http-cgi-bbs-forum(5906)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5906"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2001-0123", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Directory traversal vulnerability in eXtropia bbs_forum.cgi 1.0 allows remote attackers to read arbitrary files via a .. (dot dot) attack on the file parameter."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://www.extropia.com/hacks/bbs_security.html", "refsource": "CONFIRM", "url": "http://www.extropia.com/hacks/bbs_security.html"}, {"name": "3546", "refsource": "OSVDB", "url": "http://www.osvdb.org/3546"}, {"name": "20010107 Cgisecurity.com Advisory #3.1", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq&m=97905792214999&w=2"}, {"name": "2177", "refsource": "BID", "url": "http://www.securityfocus.com/bid/2177"}, {"name": "http-cgi-bbs-forum(5906)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5906"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-08T04:06:55.441Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.extropia.com/hacks/bbs_security.html"}, {"name": "3546", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/3546"}, {"name": "20010107 Cgisecurity.com Advisory #3.1", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=97905792214999&w=2"}, {"name": "2177", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/2177"}, {"name": "http-cgi-bbs-forum(5906)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5906"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2001-0123", "datePublished": "2001-05-07T04:00:00.000Z", "dateReserved": "2001-02-06T00:00:00.000Z", "dateUpdated": "2024-08-08T04:06:55.441Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1", "vulnerability-lookup:meta": {"fkie_nvd": {"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:extropia:bbs_forum.cgi:1.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"31EAC9BF-A3B3-4615-AE6B-FFF27E6AE82E\"}]}]}]", "descriptions": "[{\"lang\": \"en\", \"value\": \"Directory traversal vulnerability in eXtropia bbs_forum.cgi 1.0 allows remote attackers to read arbitrary files via a .. (dot dot) attack on the file parameter.\"}]", "id": "CVE-2001-0123", "lastModified": "2024-11-20T23:34:39.413", "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:N/A:N\", \"baseScore\": 5.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 10.0, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}", "published": "2001-03-12T05:00:00.000", "references": "[{\"url\": \"http://marc.info/?l=bugtraq&m=97905792214999&w=2\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.extropia.com/hacks/bbs_security.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.osvdb.org/3546\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/bid/2177\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/5906\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://marc.info/?l=bugtraq&m=97905792214999&w=2\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.extropia.com/hacks/bbs_security.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.osvdb.org/3546\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/2177\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/5906\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]", "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-Other\"}]}]"}, "nvd": "{\"cve\":{\"id\":\"CVE-2001-0123\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2001-03-12T05:00:00.000\",\"lastModified\":\"2025-04-03T01:03:51.193\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Directory traversal vulnerability in eXtropia bbs_forum.cgi 1.0 allows remote attackers to read arbitrary files via a .. (dot dot) attack on the file parameter.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:N/A:N\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:extropia:bbs_forum.cgi:1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"31EAC9BF-A3B3-4615-AE6B-FFF27E6AE82E\"}]}]}],\"references\":[{\"url\":\"http://marc.info/?l=bugtraq&m=97905792214999&w=2\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.extropia.com/hacks/bbs_security.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.osvdb.org/3546\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/2177\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/5906\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://marc.info/?l=bugtraq&m=97905792214999&w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.extropia.com/hacks/bbs_security.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.osvdb.org/3546\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/2177\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/5906\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"}} | |
| {"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2008-08-27T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "CRLF injection vulnerability in Sys.Web in Mono 2.0 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the query string."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-11T19:57:01.000Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "30867", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/30867"}, {"name": "mono-sysweb-xss(44740)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44740"}, {"name": "36494", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/36494"}, {"name": "[oss-security] 20080827 CVE request: mono Sys.Web header injection", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2008/08/27/6"}, {"name": "ADV-2008-2443", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2008/2443"}, {"name": "20080930 rPSA-2008-0286-1 mono", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/496845/100/0/threaded"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0286"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.novell.com/show_bug.cgi?id=418620"}, {"name": "USN-826-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/826-1/"}, {"name": "31643", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/31643"}, {"name": "MDVSA-2008:210", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:210"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-3906", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "CRLF injection vulnerability in Sys.Web in Mono 2.0 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the query string."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "30867", "refsource": "BID", "url": "http://www.securityfocus.com/bid/30867"}, {"name": "mono-sysweb-xss(44740)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44740"}, {"name": "36494", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/36494"}, {"name": "[oss-security] 20080827 CVE request: mono Sys.Web header injection", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2008/08/27/6"}, {"name": "ADV-2008-2443", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/2443"}, {"name": "20080930 rPSA-2008-0286-1 mono", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/496845/100/0/threaded"}, {"name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0286", "refsource": "CONFIRM", "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0286"}, {"name": "https://bugzilla.novell.com/show_bug.cgi?id=418620", "refsource": "CONFIRM", "url": "https://bugzilla.novell.com/show_bug.cgi?id=418620"}, {"name": "USN-826-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/826-1/"}, {"name": "31643", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/31643"}, {"name": "MDVSA-2008:210", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:210"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T09:53:00.711Z"}, "title": "CVE Program Container", "references": [{"name": "30867", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/30867"}, {"name": "mono-sysweb-xss(44740)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44740"}, {"name": "36494", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/36494"}, {"name": "[oss-security] 20080827 CVE request: mono Sys.Web header injection", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2008/08/27/6"}, {"name": "ADV-2008-2443", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2008/2443"}, {"name": "20080930 rPSA-2008-0286-1 mono", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/496845/100/0/threaded"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0286"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.novell.com/show_bug.cgi?id=418620"}, {"name": "USN-826-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/826-1/"}, {"name": "31643", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/31643"}, {"name": "MDVSA-2008:210", "tags": ["vendor-advisory", "x_refsource_MANDRIVA", "x_transferred"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:210"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-3906", "datePublished": "2008-09-04T17:00:00.000Z", "dateReserved": "2008-09-04T00:00:00.000Z", "dateUpdated": "2024-08-07T09:53:00.711Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1", "vulnerability-lookup:meta": {"fkie_nvd": {"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mono:mono:1.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B31A3175-7CC6-4367-9A3C-F3324156C818\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mono:mono:1.0.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DBB77289-2AED-4BD4-9578-FEB0EC83701E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mono:mono:1.1.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A4299404-6C79-4B21-BB8C-115FA1E3AC28\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mono:mono:1.1.8.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"919CAD10-2F17-4F94-8116-815E77F5E998\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mono:mono:1.1.13:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"19877D33-5DBF-40D7-87CB-545558C64771\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mono:mono:1.1.13.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F64E7267-E010-4FC8-879A-448C85BC250B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mono:mono:1.1.13.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"683F75A5-E4E4-4416-8E1C-A2C694A30BA3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mono:mono:1.1.13.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EBE3CDD7-8553-4CB7-A0A7-B059B4D75B0C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mono:mono:1.1.17:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DE2C11F2-2A21-481E-8350-F3777A0A8033\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mono:mono:1.1.17.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EFC21FA7-648F-4E41-962B-664140FA4812\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mono:mono:1.1.18:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A9FF02E9-070C-4AAA-ABB7-26FC9E56C7A2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mono:mono:1.2.5.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EC72C972-FF09-4A5D-9AD4-A422EDADF5AF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mono_project:mono:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"2.0\", \"matchCriteriaId\": \"0F33FED4-EE33-41EF-8B24-F751D0A9891B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mono_project:mono:1.2.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"403E554C-FD1B-42CE-82C2-43CC191905DE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mono_project:mono:1.2.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"78278FE6-26EA-4E89-9423-EABA6C4D8877\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mono_project:mono:1.2.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"15E1695E-FD6E-4602-9BD9-9CFFF20574CA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mono_project:mono:1.2.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"691B3AF1-7F3F-4A7D-9F16-FE6044E33482\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mono_project:mono:1.2.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E2DE3739-A2ED-47D7-9AE9-442A95ACFC3A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mono_project:mono:1.2.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DDAB5331-AD2E-483C-93C3-8095BBBA0572\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mono_project:mono:1.9:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E3CC03DC-14A6-4C45-9511-7CE8E7F727BB\"}]}]}]", "descriptions": "[{\"lang\": \"en\", \"value\": \"CRLF injection vulnerability in Sys.Web in Mono 2.0 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the query string.\"}, {\"lang\": \"es\", \"value\": \"Vulnerabilidad de inyecci\\u00f3n CRLF en Sys.Web en Mono 2.0 y anteriores, permite a atacantes remotos inyectar cabeceras HTTP de su elecci\\u00f3n y llevar a cabo ataques de divisi\\u00f3n de respuesta HTTP mediante secuencias CRLF en la cadena de consulta(query).\"}]", "id": "CVE-2008-3906", "lastModified": "2024-11-21T00:50:24.273", "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:N/I:P/A:N\", \"baseScore\": 4.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}", "published": "2008-09-04T17:41:00.000", "references": "[{\"url\": \"http://secunia.com/advisories/31643\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/36494\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0286\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.mandriva.com/security/advisories?name=MDVSA-2008:210\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2008/08/27/6\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/archive/1/496845/100/0/threaded\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/bid/30867\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2008/2443\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://bugzilla.novell.com/show_bug.cgi?id=418620\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/44740\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://usn.ubuntu.com/826-1/\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/31643\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/36494\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0286\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.mandriva.com/security/advisories?name=MDVSA-2008:210\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2008/08/27/6\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/archive/1/496845/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/30867\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2008/2443\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://bugzilla.novell.com/show_bug.cgi?id=418620\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/44740\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://usn.ubuntu.com/826-1/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]", "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-20\"}]}]"}, "nvd": "{\"cve\":{\"id\":\"CVE-2008-3906\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2008-09-04T17:41:00.000\",\"lastModified\":\"2025-04-09T00:30:58.490\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"CRLF injection vulnerability in Sys.Web in Mono 2.0 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the query string.\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad de inyección CRLF en Sys.Web en Mono 2.0 y anteriores, permite a atacantes remotos inyectar cabeceras HTTP de su elección y llevar a cabo ataques de división de respuesta HTTP mediante secuencias CRLF en la cadena de consulta(query).\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:P/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mono:mono:1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B31A3175-7CC6-4367-9A3C-F3324156C818\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mono:mono:1.0.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DBB77289-2AED-4BD4-9578-FEB0EC83701E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mono:mono:1.1.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A4299404-6C79-4B21-BB8C-115FA1E3AC28\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mono:mono:1.1.8.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"919CAD10-2F17-4F94-8116-815E77F5E998\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mono:mono:1.1.13:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"19877D33-5DBF-40D7-87CB-545558C64771\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mono:mono:1.1.13.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F64E7267-E010-4FC8-879A-448C85BC250B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mono:mono:1.1.13.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"683F75A5-E4E4-4416-8E1C-A2C694A30BA3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mono:mono:1.1.13.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EBE3CDD7-8553-4CB7-A0A7-B059B4D75B0C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mono:mono:1.1.17:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DE2C11F2-2A21-481E-8350-F3777A0A8033\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mono:mono:1.1.17.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EFC21FA7-648F-4E41-962B-664140FA4812\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mono:mono:1.1.18:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A9FF02E9-070C-4AAA-ABB7-26FC9E56C7A2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mono:mono:1.2.5.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EC72C972-FF09-4A5D-9AD4-A422EDADF5AF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mono_project:mono:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2.0\",\"matchCriteriaId\":\"0F33FED4-EE33-41EF-8B24-F751D0A9891B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mono_project:mono:1.2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"403E554C-FD1B-42CE-82C2-43CC191905DE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mono_project:mono:1.2.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"78278FE6-26EA-4E89-9423-EABA6C4D8877\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mono_project:mono:1.2.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"15E1695E-FD6E-4602-9BD9-9CFFF20574CA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mono_project:mono:1.2.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"691B3AF1-7F3F-4A7D-9F16-FE6044E33482\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mono_project:mono:1.2.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E2DE3739-A2ED-47D7-9AE9-442A95ACFC3A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mono_project:mono:1.2.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DDAB5331-AD2E-483C-93C3-8095BBBA0572\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mono_project:mono:1.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E3CC03DC-14A6-4C45-9511-7CE8E7F727BB\"}]}]}],\"references\":[{\"url\":\"http://secunia.com/advisories/31643\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/36494\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0286\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2008:210\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2008/08/27/6\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/496845/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/30867\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\"]},{\"url\":\"http://www.vupen.com/english/advisories/2008/2443\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://bugzilla.novell.com/show_bug.cgi?id=418620\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/44740\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://usn.ubuntu.com/826-1/\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/31643\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/36494\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0286\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2008:210\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2008/08/27/6\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/496845/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/30867\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\"]},{\"url\":\"http://www.vupen.com/english/advisories/2008/2443\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://bugzilla.novell.com/show_bug.cgi?id=418620\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/44740\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://usn.ubuntu.com/826-1/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"}} | |
| {"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2001-02-15T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "Buffer overflow in tstisapi.dll in Pi3Web 1.0.1 web server allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long URL."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2002-05-17T09:00:00.000Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "20010215 Vulnerabilities in Pi3Web Server", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://archives.neohapsis.com/archives/bugtraq/2001-02/0316.html"}, {"name": "2381", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/2381"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2001-0302", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Buffer overflow in tstisapi.dll in Pi3Web 1.0.1 web server allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long URL."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "20010215 Vulnerabilities in Pi3Web Server", "refsource": "BUGTRAQ", "url": "http://archives.neohapsis.com/archives/bugtraq/2001-02/0316.html"}, {"name": "2381", "refsource": "BID", "url": "http://www.securityfocus.com/bid/2381"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-08T04:14:07.359Z"}, "title": "CVE Program Container", "references": [{"name": "20010215 Vulnerabilities in Pi3Web Server", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://archives.neohapsis.com/archives/bugtraq/2001-02/0316.html"}, {"name": "2381", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/2381"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2001-0302", "datePublished": "2001-04-04T04:00:00.000Z", "dateReserved": "2001-04-04T00:00:00.000Z", "dateUpdated": "2024-08-08T04:14:07.359Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1", "vulnerability-lookup:meta": {"fkie_nvd": {"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:pi3:pi3web:1.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"50775359-8D25-4F67-8171-AF60A48EA122\"}]}]}]", "descriptions": "[{\"lang\": \"en\", \"value\": \"Buffer overflow in tstisapi.dll in Pi3Web 1.0.1 web server allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long URL.\"}]", "id": "CVE-2001-0302", "lastModified": "2024-11-20T23:35:04.207", "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:N/I:N/A:P\", \"baseScore\": 5.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 10.0, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}", "published": "2001-05-03T04:00:00.000", "references": "[{\"url\": \"http://archives.neohapsis.com/archives/bugtraq/2001-02/0316.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\", \"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/2381\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\", \"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://archives.neohapsis.com/archives/bugtraq/2001-02/0316.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/2381\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Patch\", \"Vendor Advisory\"]}]", "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-Other\"}]}]"}, "nvd": "{\"cve\":{\"id\":\"CVE-2001-0302\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2001-05-03T04:00:00.000\",\"lastModified\":\"2025-04-03T01:03:51.193\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Buffer overflow in tstisapi.dll in Pi3Web 1.0.1 web server allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long URL.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:N/A:P\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pi3:pi3web:1.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"50775359-8D25-4F67-8171-AF60A48EA122\"}]}]}],\"references\":[{\"url\":\"http://archives.neohapsis.com/archives/bugtraq/2001-02/0316.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/2381\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://archives.neohapsis.com/archives/bugtraq/2001-02/0316.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/2381\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Patch\",\"Vendor Advisory\"]}]}}"}} | |
| {"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2006-08-10T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "Multiple PHP remote file inclusion vulnerabilities in Chaussette 080706 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the _BASE parameter to scripts in Classes/ including (1) Evenement.php, (2) Event.php, (3) Event_for_month.php, (4) Event_for_week.php, (5) My_Log.php, (6) My_Smarty.php, and possibly (7) Event_for_month_per_day.php."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-10-18T16:57:01.000Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "27899", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/27899"}, {"name": "27900", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/27900"}, {"name": "27902", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/27902"}, {"name": "2169", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "https://www.exploit-db.com/exploits/2169"}, {"name": "27901", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/27901"}, {"name": "21489", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/21489"}, {"name": "27898", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/27898"}, {"name": "ADV-2006-3269", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2006/3269"}, {"name": "27897", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/27897"}, {"name": "19480", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/19480"}, {"name": "chaussette-base-file-include(28327)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28327"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-4159", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple PHP remote file inclusion vulnerabilities in Chaussette 080706 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the _BASE parameter to scripts in Classes/ including (1) Evenement.php, (2) Event.php, (3) Event_for_month.php, (4) Event_for_week.php, (5) My_Log.php, (6) My_Smarty.php, and possibly (7) Event_for_month_per_day.php."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "27899", "refsource": "OSVDB", "url": "http://www.osvdb.org/27899"}, {"name": "27900", "refsource": "OSVDB", "url": "http://www.osvdb.org/27900"}, {"name": "27902", "refsource": "OSVDB", "url": "http://www.osvdb.org/27902"}, {"name": "2169", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/2169"}, {"name": "27901", "refsource": "OSVDB", "url": "http://www.osvdb.org/27901"}, {"name": "21489", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/21489"}, {"name": "27898", "refsource": "OSVDB", "url": "http://www.osvdb.org/27898"}, {"name": "ADV-2006-3269", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/3269"}, {"name": "27897", "refsource": "OSVDB", "url": "http://www.osvdb.org/27897"}, {"name": "19480", "refsource": "BID", "url": "http://www.securityfocus.com/bid/19480"}, {"name": "chaussette-base-file-include(28327)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28327"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T18:57:45.949Z"}, "title": "CVE Program Container", "references": [{"name": "27899", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/27899"}, {"name": "27900", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/27900"}, {"name": "27902", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/27902"}, {"name": "2169", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"], "url": "https://www.exploit-db.com/exploits/2169"}, {"name": "27901", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/27901"}, {"name": "21489", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/21489"}, {"name": "27898", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/27898"}, {"name": "ADV-2006-3269", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2006/3269"}, {"name": "27897", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/27897"}, {"name": "19480", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/19480"}, {"name": "chaussette-base-file-include(28327)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28327"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-4159", "datePublished": "2006-08-16T21:00:00.000Z", "dateReserved": "2006-08-16T00:00:00.000Z", "dateUpdated": "2024-08-07T18:57:45.949Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1", "vulnerability-lookup:meta": {"fkie_nvd": {"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:chaussette:chaussette:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"080706\", \"matchCriteriaId\": \"6422A6A0-9F2A-4E6D-B0C5-EEE52B11A387\"}]}]}]", "descriptions": "[{\"lang\": \"en\", \"value\": \"Multiple PHP remote file inclusion vulnerabilities in Chaussette 080706 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the _BASE parameter to scripts in Classes/ including (1) Evenement.php, (2) Event.php, (3) Event_for_month.php, (4) Event_for_week.php, (5) My_Log.php, (6) My_Smarty.php, and possibly (7) Event_for_month_per_day.php.\"}, {\"lang\": \"es\", \"value\": \"M\\u00faltiples vulnerabilidades de inclusi\\u00f3n remota de archivo en PHP en Chaussette 080706 y anteriores permiten a atacantes remotos ejecutar c\\u00f3digo PHP de su elecci\\u00f3n mediante una URL en el par\\u00e1metro _BASE de archivos en Classes/ incluyendo (1) Evenement.php, (2) Event.php, (3) Event_for_month.php, (4) Event_for_week.php, (5) My_Log.php, (6) My_Smarty.php, y posiblemente (7) Event_for_month_per_day.php.\"}]", "id": "CVE-2006-4159", "lastModified": "2024-11-21T00:15:17.303", "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:P/A:P\", \"baseScore\": 7.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": true, \"userInteractionRequired\": false}]}", "published": "2006-08-16T22:04:00.000", "references": "[{\"url\": \"http://secunia.com/advisories/21489\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\", \"Vendor Advisory\"]}, {\"url\": \"http://www.osvdb.org/27897\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.osvdb.org/27898\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.osvdb.org/27899\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.osvdb.org/27900\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.osvdb.org/27901\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.osvdb.org/27902\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/bid/19480\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2006/3269\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/28327\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://www.exploit-db.com/exploits/2169\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/21489\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Vendor Advisory\"]}, {\"url\": \"http://www.osvdb.org/27897\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.osvdb.org/27898\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.osvdb.org/27899\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.osvdb.org/27900\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.osvdb.org/27901\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.osvdb.org/27902\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/19480\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2006/3269\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/28327\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://www.exploit-db.com/exploits/2169\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]", "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-94\"}]}]"}, "nvd": "{\"cve\":{\"id\":\"CVE-2006-4159\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2006-08-16T22:04:00.000\",\"lastModified\":\"2025-04-03T01:03:51.193\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Multiple PHP remote file inclusion vulnerabilities in Chaussette 080706 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the _BASE parameter to scripts in Classes/ including (1) Evenement.php, (2) Event.php, (3) Event_for_month.php, (4) Event_for_week.php, (5) My_Log.php, (6) My_Smarty.php, and possibly (7) Event_for_month_per_day.php.\"},{\"lang\":\"es\",\"value\":\"Múltiples vulnerabilidades de inclusión remota de archivo en PHP en Chaussette 080706 y anteriores permiten a atacantes remotos ejecutar código PHP de su elección mediante una URL en el parámetro _BASE de archivos en Classes/ incluyendo (1) Evenement.php, (2) Event.php, (3) Event_for_month.php, (4) Event_for_week.php, (5) My_Log.php, (6) My_Smarty.php, y posiblemente (7) Event_for_month_per_day.php.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":true,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-94\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:chaussette:chaussette:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"080706\",\"matchCriteriaId\":\"6422A6A0-9F2A-4E6D-B0C5-EEE52B11A387\"}]}]}],\"references\":[{\"url\":\"http://secunia.com/advisories/21489\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]},{\"url\":\"http://www.osvdb.org/27897\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.osvdb.org/27898\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.osvdb.org/27899\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.osvdb.org/27900\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.osvdb.org/27901\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.osvdb.org/27902\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/19480\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\"]},{\"url\":\"http://www.vupen.com/english/advisories/2006/3269\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/28327\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://www.exploit-db.com/exploits/2169\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/21489\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]},{\"url\":\"http://www.osvdb.org/27897\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.osvdb.org/27898\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.osvdb.org/27899\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.osvdb.org/27900\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.osvdb.org/27901\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.osvdb.org/27902\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/19480\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\"]},{\"url\":\"http://www.vupen.com/english/advisories/2006/3269\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/28327\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.exploit-db.com/exploits/2169\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"}} | |
| {"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2006-04-15T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "PHP remote file inclusion vulnerability in language.php in PHP Album 0.3.2.3, when register_globals is enabled, allows remote attackers to execute arbitrary code via an FTP URL in the data_dir parameter, which satisfies the file_exists function call."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-18T14:57:01.000Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "ADV-2006-1382", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2006/1382"}, {"name": "19661", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/19661"}, {"tags": ["x_refsource_MISC"], "url": "http://retrogod.altervista.org/phpalbum_0323_incl_xpl.html"}, {"name": "17526", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/17526"}, {"name": "phpalbum-language-file-include(25846)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25846"}, {"name": "24741", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/24741"}, {"name": "20060415 PHP Album <= 0.3.2.3 remote commnads execution", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/431067/100/0/threaded"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-1839", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "PHP remote file inclusion vulnerability in language.php in PHP Album 0.3.2.3, when register_globals is enabled, allows remote attackers to execute arbitrary code via an FTP URL in the data_dir parameter, which satisfies the file_exists function call."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "ADV-2006-1382", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/1382"}, {"name": "19661", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/19661"}, {"name": "http://retrogod.altervista.org/phpalbum_0323_incl_xpl.html", "refsource": "MISC", "url": "http://retrogod.altervista.org/phpalbum_0323_incl_xpl.html"}, {"name": "17526", "refsource": "BID", "url": "http://www.securityfocus.com/bid/17526"}, {"name": "phpalbum-language-file-include(25846)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25846"}, {"name": "24741", "refsource": "OSVDB", "url": "http://www.osvdb.org/24741"}, {"name": "20060415 PHP Album <= 0.3.2.3 remote commnads execution", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/431067/100/0/threaded"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T17:27:29.380Z"}, "title": "CVE Program Container", "references": [{"name": "ADV-2006-1382", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2006/1382"}, {"name": "19661", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/19661"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://retrogod.altervista.org/phpalbum_0323_incl_xpl.html"}, {"name": "17526", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/17526"}, {"name": "phpalbum-language-file-include(25846)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25846"}, {"name": "24741", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/24741"}, {"name": "20060415 PHP Album <= 0.3.2.3 remote commnads execution", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/431067/100/0/threaded"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-1839", "datePublished": "2006-04-19T16:00:00.000Z", "dateReserved": "2006-04-19T00:00:00.000Z", "dateUpdated": "2024-08-07T17:27:29.380Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1", "vulnerability-lookup:meta": {"fkie_nvd": {"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:php_album:php_album:0.3.2.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"32AE97A8-7678-4914-9A9C-A41BA6E760BC\"}]}]}]", "descriptions": "[{\"lang\": \"en\", \"value\": \"PHP remote file inclusion vulnerability in language.php in PHP Album 0.3.2.3, when register_globals is enabled, allows remote attackers to execute arbitrary code via an FTP URL in the data_dir parameter, which satisfies the file_exists function call.\"}]", "id": "CVE-2006-1839", "lastModified": "2024-11-21T00:09:53.203", "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:P/A:P\", \"baseScore\": 7.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": true, \"userInteractionRequired\": false}]}", "published": "2006-04-19T16:06:00.000", "references": "[{\"url\": \"http://retrogod.altervista.org/phpalbum_0323_incl_xpl.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://secunia.com/advisories/19661\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.osvdb.org/24741\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/archive/1/431067/100/0/threaded\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/bid/17526\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.vupen.com/english/advisories/2006/1382\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/25846\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://retrogod.altervista.org/phpalbum_0323_incl_xpl.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://secunia.com/advisories/19661\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.osvdb.org/24741\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/archive/1/431067/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/17526\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vupen.com/english/advisories/2006/1382\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/25846\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]", "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-Other\"}]}]"}, "nvd": "{\"cve\":{\"id\":\"CVE-2006-1839\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2006-04-19T16:06:00.000\",\"lastModified\":\"2025-04-03T01:03:51.193\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"PHP remote file inclusion vulnerability in language.php in PHP Album 0.3.2.3, when register_globals is enabled, allows remote attackers to execute arbitrary code via an FTP URL in the data_dir parameter, which satisfies the file_exists function call.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":true,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:php_album:php_album:0.3.2.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"32AE97A8-7678-4914-9A9C-A41BA6E760BC\"}]}]}],\"references\":[{\"url\":\"http://retrogod.altervista.org/phpalbum_0323_incl_xpl.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\"]},{\"url\":\"http://secunia.com/advisories/19661\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.osvdb.org/24741\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/431067/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/17526\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2006/1382\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/25846\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://retrogod.altervista.org/phpalbum_0323_incl_xpl.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\"]},{\"url\":\"http://secunia.com/advisories/19661\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.osvdb.org/24741\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/431067/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/17526\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2006/1382\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/25846\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"}} | |
| {"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2005-08-30T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "print.php in FlatNuke 2.5.6 allows remote attackers to obtain sensitive information (path disclosure on error) or cause a denial of service (resource consumption) via an MS-DOS device name in the news parameter to print.php, such as (1) AUX, (2) CON, (3) PRN, (4) COM1, or (5) LPT1."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-10T14:57:01.000Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "flatnuke-msdos-news-path-disclosure(22153)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22153"}, {"name": "1014824", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1014824"}, {"name": "20050830 Flatnuke 2.5.6 (possibly prior versions) Underlying system information disclosure / Administrative & users credentials disclosure", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://seclists.org/lists/bugtraq/2005/Aug/0440.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2005-2815", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "print.php in FlatNuke 2.5.6 allows remote attackers to obtain sensitive information (path disclosure on error) or cause a denial of service (resource consumption) via an MS-DOS device name in the news parameter to print.php, such as (1) AUX, (2) CON, (3) PRN, (4) COM1, or (5) LPT1."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "flatnuke-msdos-news-path-disclosure(22153)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22153"}, {"name": "1014824", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1014824"}, {"name": "20050830 Flatnuke 2.5.6 (possibly prior versions) Underlying system information disclosure / Administrative & users credentials disclosure", "refsource": "BUGTRAQ", "url": "http://seclists.org/lists/bugtraq/2005/Aug/0440.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T22:45:02.279Z"}, "title": "CVE Program Container", "references": [{"name": "flatnuke-msdos-news-path-disclosure(22153)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22153"}, {"name": "1014824", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://securitytracker.com/id?1014824"}, {"name": "20050830 Flatnuke 2.5.6 (possibly prior versions) Underlying system information disclosure / Administrative & users credentials disclosure", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://seclists.org/lists/bugtraq/2005/Aug/0440.html"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2005-2815", "datePublished": "2005-09-07T04:00:00.000Z", "dateReserved": "2005-09-07T00:00:00.000Z", "dateUpdated": "2024-08-07T22:45:02.279Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1", "vulnerability-lookup:meta": {"fkie_nvd": {"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:flatnuke:flatnuke:2.5.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F59B925E-748F-4BC8-AF15-997CDAC9F9EE\"}]}]}]", "descriptions": "[{\"lang\": \"en\", \"value\": \"print.php in FlatNuke 2.5.6 allows remote attackers to obtain sensitive information (path disclosure on error) or cause a denial of service (resource consumption) via an MS-DOS device name in the news parameter to print.php, such as (1) AUX, (2) CON, (3) PRN, (4) COM1, or (5) LPT1.\"}]", "id": "CVE-2005-2815", "lastModified": "2024-11-21T00:00:29.887", "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:N/A:P\", \"baseScore\": 6.4, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 10.0, \"impactScore\": 4.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}", "published": "2005-09-07T18:03:00.000", "references": "[{\"url\": \"http://seclists.org/lists/bugtraq/2005/Aug/0440.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://securitytracker.com/id?1014824\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/22153\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://seclists.org/lists/bugtraq/2005/Aug/0440.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://securitytracker.com/id?1014824\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/22153\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]", "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-Other\"}]}]"}, "nvd": "{\"cve\":{\"id\":\"CVE-2005-2815\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2005-09-07T18:03:00.000\",\"lastModified\":\"2025-04-03T01:03:51.193\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"print.php in FlatNuke 2.5.6 allows remote attackers to obtain sensitive information (path disclosure on error) or cause a denial of service (resource consumption) via an MS-DOS device name in the news parameter to print.php, such as (1) AUX, (2) CON, (3) PRN, (4) COM1, or (5) LPT1.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:N/A:P\",\"baseScore\":6.4,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":4.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:flatnuke:flatnuke:2.5.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F59B925E-748F-4BC8-AF15-997CDAC9F9EE\"}]}]}],\"references\":[{\"url\":\"http://seclists.org/lists/bugtraq/2005/Aug/0440.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\"]},{\"url\":\"http://securitytracker.com/id?1014824\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/22153\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://seclists.org/lists/bugtraq/2005/Aug/0440.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\"]},{\"url\":\"http://securitytracker.com/id?1014824\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/22153\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"}} | |
| {"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2008-02-08T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "Mozilla Firefox before 2.0.0.12 does not always display a web forgery warning dialog if the entire contents of a web page are in a DIV tag that uses absolute positioning, which makes it easier for remote attackers to conduct phishing attacks."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-15T20:57:01.000Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "USN-576-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/usn-576-1"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://browser.netscape.com/releasenotes/"}, {"name": "28939", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/28939"}, {"name": "DSA-1506", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2008/dsa-1506"}, {"name": "30620", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/30620"}, {"name": "28865", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/28865"}, {"name": "ADV-2008-0453", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2008/0453/references"}, {"name": "28877", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/28877"}, {"name": "28879", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/28879"}, {"name": "29567", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/29567"}, {"name": "28958", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/28958"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://support.novell.com/techcenter/psdb/6251b18e050302ebe7fe74294b55c818.html"}, {"name": "30327", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/30327"}, {"name": "238492", "tags": ["vendor-advisory", "x_refsource_SUNALERT"], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-238492-1"}, {"name": "DSA-1489", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2008/dsa-1489"}, {"name": "20080212 FLEA-2008-0001-1 firefox", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/488002/100/0/threaded"}, {"name": "20080209 rPSA-2008-0051-1 firefox", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/487826/100/0/threaded"}, {"name": "29086", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/29086"}, {"name": "28864", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/28864"}, {"name": "DSA-1485", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2008/dsa-1485"}, {"name": "28924", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/28924"}, {"name": "27683", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/27683"}, {"name": "ADV-2008-1793", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2008/1793/references"}, {"name": "SUSE-SA:2008:008", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00006.html"}, {"name": "1019342", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1019342"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.mozilla.org/security/announce/2008/mfsa2008-11.html"}, {"name": "FEDORA-2008-1535", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00381.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://wiki.rpath.com/Advisories:rPSA-2008-0051"}, {"name": "DSA-1484", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2008/dsa-1484"}, {"name": "ADV-2008-0627", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2008/0627/references"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=408164"}, {"name": "GLSA-200805-18", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "http://www.gentoo.org/security/en/glsa/glsa-200805-18.xml"}, {"name": "FEDORA-2008-1435", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00274.html"}, {"name": "MDVSA-2008:048", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:048"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T07:54:22.847Z"}, "title": "CVE Program Container", "references": [{"name": "USN-576-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/usn-576-1"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://browser.netscape.com/releasenotes/"}, {"name": "28939", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/28939"}, {"name": "DSA-1506", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2008/dsa-1506"}, {"name": "30620", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/30620"}, {"name": "28865", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/28865"}, {"name": "ADV-2008-0453", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2008/0453/references"}, {"name": "28877", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/28877"}, {"name": "28879", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/28879"}, {"name": "29567", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/29567"}, {"name": "28958", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/28958"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://support.novell.com/techcenter/psdb/6251b18e050302ebe7fe74294b55c818.html"}, {"name": "30327", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/30327"}, {"name": "238492", "tags": ["vendor-advisory", "x_refsource_SUNALERT", "x_transferred"], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-238492-1"}, {"name": "DSA-1489", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2008/dsa-1489"}, {"name": "20080212 FLEA-2008-0001-1 firefox", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/488002/100/0/threaded"}, {"name": "20080209 rPSA-2008-0051-1 firefox", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/487826/100/0/threaded"}, {"name": "29086", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/29086"}, {"name": "28864", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/28864"}, {"name": "DSA-1485", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2008/dsa-1485"}, {"name": "28924", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/28924"}, {"name": "27683", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/27683"}, {"name": "ADV-2008-1793", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2008/1793/references"}, {"name": "SUSE-SA:2008:008", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00006.html"}, {"name": "1019342", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id?1019342"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.mozilla.org/security/announce/2008/mfsa2008-11.html"}, {"name": "FEDORA-2008-1535", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00381.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://wiki.rpath.com/Advisories:rPSA-2008-0051"}, {"name": "DSA-1484", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2008/dsa-1484"}, {"name": "ADV-2008-0627", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2008/0627/references"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=408164"}, {"name": "GLSA-200805-18", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "http://www.gentoo.org/security/en/glsa/glsa-200805-18.xml"}, {"name": "FEDORA-2008-1435", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00274.html"}, {"name": "MDVSA-2008:048", "tags": ["vendor-advisory", "x_refsource_MANDRIVA", "x_transferred"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:048"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2008-0594", "datePublished": "2008-02-09T00:00:00.000Z", "dateReserved": "2008-02-05T00:00:00.000Z", "dateUpdated": "2024-08-07T07:54:22.847Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1", "vulnerability-lookup:meta": {"fkie_nvd": {"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"2.0.0.11\", \"matchCriteriaId\": \"B3E4F934-1CC7-475C-B425-BEEF29AED912\"}]}]}]", "descriptions": "[{\"lang\": \"en\", \"value\": \"Mozilla Firefox before 2.0.0.12 does not always display a web forgery warning dialog if the entire contents of a web page are in a DIV tag that uses absolute positioning, which makes it easier for remote attackers to conduct phishing attacks.\"}, {\"lang\": \"es\", \"value\": \"Versiones anteriores a Mozilla Firefox 2.0.0.12, nunca muestran una advertencia de falsificaci\\u00f3n de web si el contenido completo de una p\\u00e1gina web se encuentra entre una etiqueta DIV lo que permite a atacantes remotos realizar ataques de phishing\"}]", "id": "CVE-2008-0594", "lastModified": "2024-11-21T00:42:27.950", "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:N/I:P/A:N\", \"baseScore\": 5.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 10.0, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}", "published": "2008-02-09T01:00:00.000", "references": "[{\"url\": \"http://browser.netscape.com/releasenotes/\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00006.html\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://secunia.com/advisories/28864\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://secunia.com/advisories/28865\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://secunia.com/advisories/28877\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://secunia.com/advisories/28879\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://secunia.com/advisories/28924\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://secunia.com/advisories/28939\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://secunia.com/advisories/28958\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://secunia.com/advisories/29086\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://secunia.com/advisories/29567\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://secunia.com/advisories/30327\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://secunia.com/advisories/30620\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://sunsolve.sun.com/search/document.do?assetkey=1-26-238492-1\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://support.novell.com/techcenter/psdb/6251b18e050302ebe7fe74294b55c818.html\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://wiki.rpath.com/Advisories:rPSA-2008-0051\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.debian.org/security/2008/dsa-1484\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.debian.org/security/2008/dsa-1485\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.debian.org/security/2008/dsa-1489\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.debian.org/security/2008/dsa-1506\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.gentoo.org/security/en/glsa/glsa-200805-18.xml\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.mandriva.com/security/advisories?name=MDVSA-2008:048\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.mozilla.org/security/announce/2008/mfsa2008-11.html\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.securityfocus.com/archive/1/487826/100/0/threaded\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.securityfocus.com/archive/1/488002/100/0/threaded\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.securityfocus.com/bid/27683\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.securitytracker.com/id?1019342\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.ubuntu.com/usn/usn-576-1\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.vupen.com/english/advisories/2008/0453/references\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.vupen.com/english/advisories/2008/0627/references\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.vupen.com/english/advisories/2008/1793/references\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://bugzilla.mozilla.org/show_bug.cgi?id=408164\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Exploit\"]}, {\"url\": \"https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00274.html\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00381.html\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://browser.netscape.com/releasenotes/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00006.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/28864\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/28865\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/28877\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/28879\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/28924\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/28939\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/28958\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/29086\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/29567\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/30327\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/30620\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://sunsolve.sun.com/search/document.do?assetkey=1-26-238492-1\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://support.novell.com/techcenter/psdb/6251b18e050302ebe7fe74294b55c818.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://wiki.rpath.com/Advisories:rPSA-2008-0051\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.debian.org/security/2008/dsa-1484\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.debian.org/security/2008/dsa-1485\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.debian.org/security/2008/dsa-1489\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.debian.org/security/2008/dsa-1506\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.gentoo.org/security/en/glsa/glsa-200805-18.xml\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.mandriva.com/security/advisories?name=MDVSA-2008:048\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.mozilla.org/security/announce/2008/mfsa2008-11.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/archive/1/487826/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/archive/1/488002/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/27683\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securitytracker.com/id?1019342\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.ubuntu.com/usn/usn-576-1\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vupen.com/english/advisories/2008/0453/references\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vupen.com/english/advisories/2008/0627/references\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vupen.com/english/advisories/2008/1793/references\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://bugzilla.mozilla.org/show_bug.cgi?id=408164\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\"]}, {\"url\": \"https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00274.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00381.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]", "sourceIdentifier": "secalert@redhat.com", "vendorComments": "[{\"organization\": \"Red Hat\", \"comment\": \"Not vulnerable.\\n\\nThis does not affect the versions of Firefox or SeaMonkey shipped in Red Hat Enterprise Linux.\", \"lastModified\": \"2008-02-12T00:00:00\"}]", "vulnStatus": "Modified", "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-Other\"}]}]"}, "nvd": "{\"cve\":{\"id\":\"CVE-2008-0594\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2008-02-09T01:00:00.000\",\"lastModified\":\"2025-04-09T00:30:58.490\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Mozilla Firefox before 2.0.0.12 does not always display a web forgery warning dialog if the entire contents of a web page are in a DIV tag that uses absolute positioning, which makes it easier for remote attackers to conduct phishing attacks.\"},{\"lang\":\"es\",\"value\":\"Versiones anteriores a Mozilla Firefox 2.0.0.12, nunca muestran una advertencia de falsificación de web si el contenido completo de una página web se encuentra entre una etiqueta DIV lo que permite a atacantes remotos realizar ataques de phishing\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:P/A:N\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2.0.0.11\",\"matchCriteriaId\":\"B3E4F934-1CC7-475C-B425-BEEF29AED912\"}]}]}],\"references\":[{\"url\":\"http://browser.netscape.com/releasenotes/\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00006.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/28864\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/28865\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/28877\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/28879\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/28924\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/28939\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/28958\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/29086\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/29567\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/30327\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/30620\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://sunsolve.sun.com/search/document.do?assetkey=1-26-238492-1\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://support.novell.com/techcenter/psdb/6251b18e050302ebe7fe74294b55c818.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://wiki.rpath.com/Advisories:rPSA-2008-0051\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.debian.org/security/2008/dsa-1484\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.debian.org/security/2008/dsa-1485\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.debian.org/security/2008/dsa-1489\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.debian.org/security/2008/dsa-1506\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.gentoo.org/security/en/glsa/glsa-200805-18.xml\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2008:048\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.mozilla.org/security/announce/2008/mfsa2008-11.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.securityfocus.com/archive/1/487826/100/0/threaded\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.securityfocus.com/archive/1/488002/100/0/threaded\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.securityfocus.com/bid/27683\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.securitytracker.com/id?1019342\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.ubuntu.com/usn/usn-576-1\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.vupen.com/english/advisories/2008/0453/references\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.vupen.com/english/advisories/2008/0627/references\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.vupen.com/english/advisories/2008/1793/references\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://bugzilla.mozilla.org/show_bug.cgi?id=408164\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Exploit\"]},{\"url\":\"https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00274.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00381.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://browser.netscape.com/releasenotes/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00006.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/28864\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/28865\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/28877\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/28879\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/28924\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/28939\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/28958\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/29086\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/29567\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/30327\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/30620\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://sunsolve.sun.com/search/document.do?assetkey=1-26-238492-1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://support.novell.com/techcenter/psdb/6251b18e050302ebe7fe74294b55c818.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://wiki.rpath.com/Advisories:rPSA-2008-0051\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.debian.org/security/2008/dsa-1484\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.debian.org/security/2008/dsa-1485\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.debian.org/security/2008/dsa-1489\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.debian.org/security/2008/dsa-1506\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.gentoo.org/security/en/glsa/glsa-200805-18.xml\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2008:048\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.mozilla.org/security/announce/2008/mfsa2008-11.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/487826/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/488002/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/27683\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id?1019342\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.ubuntu.com/usn/usn-576-1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2008/0453/references\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2008/0627/references\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2008/1793/references\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://bugzilla.mozilla.org/show_bug.cgi?id=408164\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\"]},{\"url\":\"https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00274.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00381.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}],\"vendorComments\":[{\"organization\":\"Red Hat\",\"comment\":\"Not vulnerable.\\n\\nThis does not affect the versions of Firefox or SeaMonkey shipped in Red Hat Enterprise Linux.\",\"lastModified\":\"2008-02-12T00:00:00\"}]}}"}} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment