Vulnerability-Lookup - Search a vulnerability

Refine your search

Product

Sort by

Order

Sources

jvndb-2009-000035

Vulnerability from jvndb

Published

2009-06-18 17:53

Modified

2009-06-18 17:53

Severity ?

() - -

Summary

Predictable session ID vulnerability in Serene Bach

Details

Serene Bach from SerendipityNZ Limited contains a vulnerability in which it generates predictable session ID's. Serene Bach from SerendipityNZ Limited is a weblog management system. Serene Bach contains a vulnerability in which it generates predictable session ID's.

References

Type

URL

	JVN	http://jvn.jp/en/jp/JVN20689557/index.html
	CVE	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2165
	NVD	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2165
	SECUNIA	http://secunia.com/advisories/35335
	BID	http://www.securityfocus.com/bid/35254
	Improper Authentication(CWE-287)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html

Impacted products

Vendor

Product

SerendipityNZ Limited

Serene Bach

Show details on JVN DB website

JSON

To clipboard

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000035.html",
  "dc:date": "2009-06-18T17:53+09:00",
  "dcterms:issued": "2009-06-18T17:53+09:00",
  "dcterms:modified": "2009-06-18T17:53+09:00",
  "description": "Serene Bach from SerendipityNZ Limited contains a vulnerability in which it generates predictable session ID\u0027s.\r\n\r\nSerene Bach from SerendipityNZ Limited is a weblog management system. Serene Bach contains a vulnerability in which it generates predictable session ID\u0027s.",
  "link": "https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000035.html",
  "sec:cpe": {
    "#text": "cpe:/a:serendipitynz:serene_bach",
    "@product": "Serene Bach",
    "@vendor": "SerendipityNZ Limited",
    "@version": "2.2"
  },
  "sec:cvss": {
    "@score": "5.1",
    "@severity": "Medium",
    "@type": "Base",
    "@vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
    "@version": "2.0"
  },
  "sec:identifier": "JVNDB-2009-000035",
  "sec:references": [
    {
      "#text": "http://jvn.jp/en/jp/JVN20689557/index.html",
      "@id": "JVN#20689557",
      "@source": "JVN"
    },
    {
      "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2165",
      "@id": "CVE-2009-2165",
      "@source": "CVE"
    },
    {
      "#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2165",
      "@id": "CVE-2009-2165",
      "@source": "NVD"
    },
    {
      "#text": "http://secunia.com/advisories/35335",
      "@id": "SA35335",
      "@source": "SECUNIA"
    },
    {
      "#text": "http://www.securityfocus.com/bid/35254",
      "@id": "35254",
      "@source": "BID"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-287",
      "@title": "Improper Authentication(CWE-287)"
    }
  ],
  "title": "Predictable session ID vulnerability in Serene Bach"
}

jvndb-2007-000006

Vulnerability from jvndb

Published

2008-05-21 00:00

Modified

2008-05-21 00:00

Severity ?

() - -

Summary

Serene Bach cross-site scripting vulnerability

Details

Serene Bach, a weblog management tool from SerendipityNZ Limited, contains a cross-site scripting vulnerability.

References

Type

URL

	JVN	http://jvn.jp/en/jp/JVN65500885/index.html
	CVE	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0137
	NVD	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-0137
	SECUNIA	http://secunia.com/advisories/23623/
	BID	http://www.securityfocus.com/bid/21884
	XF	http://xforce.iss.net/xforce/xfdb/31302
	SECTRACK	http://securitytracker.com/id?1017470
	FRSIRT	http://www.frsirt.com/english/advisories/2007/0065

Impacted products

Vendor

Product

	SerendipityNZ Limited	sb
	SerendipityNZ Limited	Serene Bach

Show details on JVN DB website

JSON

To clipboard

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000006.html",
  "dc:date": "2008-05-21T00:00+09:00",
  "dcterms:issued": "2008-05-21T00:00+09:00",
  "dcterms:modified": "2008-05-21T00:00+09:00",
  "description": "Serene Bach, a weblog management tool from SerendipityNZ Limited, contains a cross-site scripting vulnerability.",
  "link": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000006.html",
  "sec:cpe": [
    {
      "#text": "cpe:/a:serendipitynz:sb",
      "@product": "sb",
      "@vendor": "SerendipityNZ Limited",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:serendipitynz:serene_bach",
      "@product": "Serene Bach",
      "@vendor": "SerendipityNZ Limited",
      "@version": "2.2"
    }
  ],
  "sec:cvss": {
    "@score": "4.3",
    "@severity": "Medium",
    "@type": "Base",
    "@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
    "@version": "2.0"
  },
  "sec:identifier": "JVNDB-2007-000006",
  "sec:references": [
    {
      "#text": "http://jvn.jp/en/jp/JVN65500885/index.html",
      "@id": "JVN#65500885",
      "@source": "JVN"
    },
    {
      "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0137",
      "@id": "CVE-2007-0137",
      "@source": "CVE"
    },
    {
      "#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-0137",
      "@id": "CVE-2007-0137",
      "@source": "NVD"
    },
    {
      "#text": "http://secunia.com/advisories/23623/",
      "@id": "SA23623",
      "@source": "SECUNIA"
    },
    {
      "#text": "http://www.securityfocus.com/bid/21884",
      "@id": "21884",
      "@source": "BID"
    },
    {
      "#text": "http://xforce.iss.net/xforce/xfdb/31302",
      "@id": "31302",
      "@source": "XF"
    },
    {
      "#text": "http://securitytracker.com/id?1017470",
      "@id": "1017470",
      "@source": "SECTRACK"
    },
    {
      "#text": "http://www.frsirt.com/english/advisories/2007/0065",
      "@id": "FrSIRT/ADV-2007-0065",
      "@source": "FRSIRT"
    }
  ],
  "title": "Serene Bach cross-site scripting vulnerability"
}

Refine your search

2 vulnerabilities found for Serene Bach by SerendipityNZ Limited

jvndb-2009-000035

Vulnerability from jvndb

jvndb-2007-000006

Vulnerability from jvndb