Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
14 vulnerabilities found for bitrix_site_manager by bitrix
CVE-2008-2052 (GCVE-0-2008-2052)
Vulnerability from nvd – Published: 2008-05-02 17:00 – Updated: 2024-08-07 08:49
VLAI
Summary
Open redirect vulnerability in redirect.php in Bitrix Site Manager 6.5 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the goto parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://holisticinfosec.org/content/view/62/45/ | x_refsource_MISC |
Date Public
2008-05-02 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:49:57.766Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "bitrix-redirect-security-bypass(42157)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42157"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://holisticinfosec.org/content/view/62/45/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-05-02T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Open redirect vulnerability in redirect.php in Bitrix Site Manager 6.5 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the goto parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "bitrix-redirect-security-bypass(42157)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42157"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://holisticinfosec.org/content/view/62/45/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-2052",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Open redirect vulnerability in redirect.php in Bitrix Site Manager 6.5 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the goto parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "bitrix-redirect-security-bypass(42157)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42157"
},
{
"name": "http://holisticinfosec.org/content/view/62/45/",
"refsource": "MISC",
"url": "http://holisticinfosec.org/content/view/62/45/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-2052",
"datePublished": "2008-05-02T17:00:00.000Z",
"dateReserved": "2008-05-02T00:00:00.000Z",
"dateUpdated": "2024-08-07T08:49:57.766Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-2477 (GCVE-0-2006-2477)
Vulnerability from nvd – Published: 2006-05-19 17:00 – Updated: 2024-08-07 17:51
VLAI
Summary
Cross-site scripting (XSS) vulnerability in the administrative interface Bitrix Site Manager 4.1.x allows remote attackers to inject arbitrary web script or HTML via unspecified inputs.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.vupen.com/english/advisories/2006/1858 | vdb-entryx_refsource_VUPEN |
| http://secunia.com/advisories/20143 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/archive/1/434367/100… | mailing-listx_refsource_BUGTRAQ |
| http://securitytracker.com/id?1016121 | vdb-entryx_refsource_SECTRACK |
| http://securityreason.com/securityalert/918 | third-party-advisoryx_refsource_SREASON |
Date Public
2006-05-18 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:51:04.586Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "bitrixcms-admin-interface-xss(26544)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26544"
},
{
"name": "ADV-2006-1858",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/1858"
},
{
"name": "20143",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20143"
},
{
"name": "20060518 Multiple Vulns in Bitrix CMS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/434367/100/0/threaded"
},
{
"name": "1016121",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016121"
},
{
"name": "918",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/918"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-05-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the administrative interface Bitrix Site Manager 4.1.x allows remote attackers to inject arbitrary web script or HTML via unspecified inputs."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "bitrixcms-admin-interface-xss(26544)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26544"
},
{
"name": "ADV-2006-1858",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/1858"
},
{
"name": "20143",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20143"
},
{
"name": "20060518 Multiple Vulns in Bitrix CMS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/434367/100/0/threaded"
},
{
"name": "1016121",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1016121"
},
{
"name": "918",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/918"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-2477",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the administrative interface Bitrix Site Manager 4.1.x allows remote attackers to inject arbitrary web script or HTML via unspecified inputs."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "bitrixcms-admin-interface-xss(26544)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26544"
},
{
"name": "ADV-2006-1858",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1858"
},
{
"name": "20143",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20143"
},
{
"name": "20060518 Multiple Vulns in Bitrix CMS",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/434367/100/0/threaded"
},
{
"name": "1016121",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016121"
},
{
"name": "918",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/918"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-2477",
"datePublished": "2006-05-19T17:00:00.000Z",
"dateReserved": "2006-05-19T00:00:00.000Z",
"dateUpdated": "2024-08-07T17:51:04.586Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-2476 (GCVE-0-2006-2476)
Vulnerability from nvd – Published: 2006-05-19 17:00 – Updated: 2024-08-07 17:51
VLAI
Summary
Bitrix Site Manager 4.1.x stores updater.log under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| http://www.vupen.com/english/advisories/2006/1858 | vdb-entryx_refsource_VUPEN |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://secunia.com/advisories/20143 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/archive/1/434367/100… | mailing-listx_refsource_BUGTRAQ |
| http://securitytracker.com/id?1016121 | vdb-entryx_refsource_SECTRACK |
| http://www.osvdb.org/25624 | vdb-entryx_refsource_OSVDB |
| http://securityreason.com/securityalert/918 | third-party-advisoryx_refsource_SREASON |
| http://archives.neohapsis.com/archives/fulldisclo… | mailing-listx_refsource_FULLDISC |
Date Public
2006-05-18 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:51:04.719Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2006-1858",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/1858"
},
{
"name": "bitrixcms-updaterlog-information-disclosure(26542)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26542"
},
{
"name": "20143",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20143"
},
{
"name": "20060518 Multiple Vulns in Bitrix CMS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/434367/100/0/threaded"
},
{
"name": "1016121",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016121"
},
{
"name": "25624",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/25624"
},
{
"name": "918",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/918"
},
{
"name": "20060518 Multiple Vulns in Bitrix CMS",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-05/0443.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-05-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Bitrix Site Manager 4.1.x stores updater.log under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2006-1858",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/1858"
},
{
"name": "bitrixcms-updaterlog-information-disclosure(26542)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26542"
},
{
"name": "20143",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20143"
},
{
"name": "20060518 Multiple Vulns in Bitrix CMS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/434367/100/0/threaded"
},
{
"name": "1016121",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1016121"
},
{
"name": "25624",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/25624"
},
{
"name": "918",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/918"
},
{
"name": "20060518 Multiple Vulns in Bitrix CMS",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-05/0443.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-2476",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Bitrix Site Manager 4.1.x stores updater.log under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-1858",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1858"
},
{
"name": "bitrixcms-updaterlog-information-disclosure(26542)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26542"
},
{
"name": "20143",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20143"
},
{
"name": "20060518 Multiple Vulns in Bitrix CMS",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/434367/100/0/threaded"
},
{
"name": "1016121",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016121"
},
{
"name": "25624",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/25624"
},
{
"name": "918",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/918"
},
{
"name": "20060518 Multiple Vulns in Bitrix CMS",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-05/0443.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-2476",
"datePublished": "2006-05-19T17:00:00.000Z",
"dateReserved": "2006-05-19T00:00:00.000Z",
"dateUpdated": "2024-08-07T17:51:04.719Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-2478 (GCVE-0-2006-2478)
Vulnerability from nvd – Published: 2006-05-19 17:00 – Updated: 2024-08-07 17:51
VLAI
Summary
Bitrix Site Manager 4.1.x allows remote attackers to redirect users to other websites via a modified back_url during a HTTP POST request. NOTE: this issue has been referred to as "cross-site scripting," but that is inconsistent with the common use of the term.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| http://www.vupen.com/english/advisories/2006/1858 | vdb-entryx_refsource_VUPEN |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.osvdb.org/25625 | vdb-entryx_refsource_OSVDB |
| http://secunia.com/advisories/20143 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/archive/1/434367/100… | mailing-listx_refsource_BUGTRAQ |
| http://securitytracker.com/id?1016121 | vdb-entryx_refsource_SECTRACK |
| http://securityreason.com/securityalert/918 | third-party-advisoryx_refsource_SREASON |
| http://archives.neohapsis.com/archives/fulldisclo… | mailing-listx_refsource_FULLDISC |
Date Public
2006-05-18 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:51:04.536Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2006-1858",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/1858"
},
{
"name": "bitrixcms-backurl-url-redirect(26543)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26543"
},
{
"name": "25625",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/25625"
},
{
"name": "20143",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20143"
},
{
"name": "20060518 Multiple Vulns in Bitrix CMS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/434367/100/0/threaded"
},
{
"name": "1016121",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016121"
},
{
"name": "918",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/918"
},
{
"name": "20060518 Multiple Vulns in Bitrix CMS",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-05/0443.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-05-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Bitrix Site Manager 4.1.x allows remote attackers to redirect users to other websites via a modified back_url during a HTTP POST request. NOTE: this issue has been referred to as \"cross-site scripting,\" but that is inconsistent with the common use of the term."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2006-1858",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/1858"
},
{
"name": "bitrixcms-backurl-url-redirect(26543)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26543"
},
{
"name": "25625",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/25625"
},
{
"name": "20143",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20143"
},
{
"name": "20060518 Multiple Vulns in Bitrix CMS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/434367/100/0/threaded"
},
{
"name": "1016121",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1016121"
},
{
"name": "918",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/918"
},
{
"name": "20060518 Multiple Vulns in Bitrix CMS",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-05/0443.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-2478",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Bitrix Site Manager 4.1.x allows remote attackers to redirect users to other websites via a modified back_url during a HTTP POST request. NOTE: this issue has been referred to as \"cross-site scripting,\" but that is inconsistent with the common use of the term."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-1858",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1858"
},
{
"name": "bitrixcms-backurl-url-redirect(26543)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26543"
},
{
"name": "25625",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/25625"
},
{
"name": "20143",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20143"
},
{
"name": "20060518 Multiple Vulns in Bitrix CMS",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/434367/100/0/threaded"
},
{
"name": "1016121",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016121"
},
{
"name": "918",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/918"
},
{
"name": "20060518 Multiple Vulns in Bitrix CMS",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-05/0443.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-2478",
"datePublished": "2006-05-19T17:00:00.000Z",
"dateReserved": "2006-05-19T00:00:00.000Z",
"dateUpdated": "2024-08-07T17:51:04.536Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-2479 (GCVE-0-2006-2479)
Vulnerability from nvd – Published: 2006-05-19 17:00 – Updated: 2024-08-07 17:51
VLAI
Summary
The Update functionality in Bitrix Site Manager 4.1.x does not verify the authenticity of downloaded updates, which allows remote attackers to obtain sensitive information and ultimately execute arbitrary PHP code via DNS cache poisoning that redirects the user to a malicious site.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://www.vupen.com/english/advisories/2006/1858 | vdb-entryx_refsource_VUPEN |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.securityfocus.com/archive/1/434367/100… | mailing-listx_refsource_BUGTRAQ |
| http://securitytracker.com/id?1016121 | vdb-entryx_refsource_SECTRACK |
| http://securityreason.com/securityalert/918 | third-party-advisoryx_refsource_SREASON |
Date Public
2006-05-18 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:51:04.615Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2006-1858",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/1858"
},
{
"name": "bitrixcms-updaterlog-information-disclosure(26542)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26542"
},
{
"name": "bitrixcms-update-cache-poisoning(26548)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26548"
},
{
"name": "20060518 Multiple Vulns in Bitrix CMS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/434367/100/0/threaded"
},
{
"name": "1016121",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016121"
},
{
"name": "918",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/918"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-05-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The Update functionality in Bitrix Site Manager 4.1.x does not verify the authenticity of downloaded updates, which allows remote attackers to obtain sensitive information and ultimately execute arbitrary PHP code via DNS cache poisoning that redirects the user to a malicious site."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2006-1858",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/1858"
},
{
"name": "bitrixcms-updaterlog-information-disclosure(26542)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26542"
},
{
"name": "bitrixcms-update-cache-poisoning(26548)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26548"
},
{
"name": "20060518 Multiple Vulns in Bitrix CMS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/434367/100/0/threaded"
},
{
"name": "1016121",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1016121"
},
{
"name": "918",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/918"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-2479",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Update functionality in Bitrix Site Manager 4.1.x does not verify the authenticity of downloaded updates, which allows remote attackers to obtain sensitive information and ultimately execute arbitrary PHP code via DNS cache poisoning that redirects the user to a malicious site."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-1858",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1858"
},
{
"name": "bitrixcms-updaterlog-information-disclosure(26542)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26542"
},
{
"name": "bitrixcms-update-cache-poisoning(26548)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26548"
},
{
"name": "20060518 Multiple Vulns in Bitrix CMS",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/434367/100/0/threaded"
},
{
"name": "1016121",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016121"
},
{
"name": "918",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/918"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-2479",
"datePublished": "2006-05-19T17:00:00.000Z",
"dateReserved": "2006-05-19T00:00:00.000Z",
"dateUpdated": "2024-08-07T17:51:04.615Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-1996 (GCVE-0-2005-1996)
Vulnerability from nvd – Published: 2005-06-20 04:00 – Updated: 2024-08-07 22:06
VLAI
Summary
PHP remote file inclusion vulnerability in start.php in Bitrix Site Manager 4.0.x allows remote attackers to execute arbitrary PHP code via the _SERVER[DOCUMENT_ROOT] parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.bitrixsoft.com/sitemanager/versions.ph… | x_refsource_CONFIRM |
| http://marc.info/?l=bugtraq&m=111885605913761&w=2 | mailing-listx_refsource_BUGTRAQ |
| http://secunia.com/advisories/15726 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/bid/13965 | vdb-entryx_refsource_BID |
| http://www.vupen.com/english/advisories/2005/0779 | vdb-entryx_refsource_VUPEN |
| http://www.bitrixsoft.com/support/forum/read.php?… | x_refsource_CONFIRM |
| http://www.osvdb.org/17341 | vdb-entryx_refsource_OSVDB |
Date Public
2005-06-15 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T22:06:57.832Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "bitrix-serverdocumentroot-file-include(21018)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21018"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.bitrixsoft.com/sitemanager/versions.php?module=main"
},
{
"name": "20050615 Vulnerability: Bitrix Php inclusion",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=111885605913761\u0026w=2"
},
{
"name": "15726",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/15726"
},
{
"name": "13965",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/13965"
},
{
"name": "ADV-2005-0779",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/0779"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.bitrixsoft.com/support/forum/read.php?FID=10\u0026TID=1872"
},
{
"name": "17341",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/17341"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-06-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "PHP remote file inclusion vulnerability in start.php in Bitrix Site Manager 4.0.x allows remote attackers to execute arbitrary PHP code via the _SERVER[DOCUMENT_ROOT] parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "bitrix-serverdocumentroot-file-include(21018)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21018"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.bitrixsoft.com/sitemanager/versions.php?module=main"
},
{
"name": "20050615 Vulnerability: Bitrix Php inclusion",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=111885605913761\u0026w=2"
},
{
"name": "15726",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/15726"
},
{
"name": "13965",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/13965"
},
{
"name": "ADV-2005-0779",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/0779"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.bitrixsoft.com/support/forum/read.php?FID=10\u0026TID=1872"
},
{
"name": "17341",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/17341"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1996",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in start.php in Bitrix Site Manager 4.0.x allows remote attackers to execute arbitrary PHP code via the _SERVER[DOCUMENT_ROOT] parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "bitrix-serverdocumentroot-file-include(21018)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21018"
},
{
"name": "http://www.bitrixsoft.com/sitemanager/versions.php?module=main",
"refsource": "CONFIRM",
"url": "http://www.bitrixsoft.com/sitemanager/versions.php?module=main"
},
{
"name": "20050615 Vulnerability: Bitrix Php inclusion",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=111885605913761\u0026w=2"
},
{
"name": "15726",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/15726"
},
{
"name": "13965",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/13965"
},
{
"name": "ADV-2005-0779",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/0779"
},
{
"name": "http://www.bitrixsoft.com/support/forum/read.php?FID=10\u0026TID=1872",
"refsource": "CONFIRM",
"url": "http://www.bitrixsoft.com/support/forum/read.php?FID=10\u0026TID=1872"
},
{
"name": "17341",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/17341"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-1996",
"datePublished": "2005-06-20T04:00:00.000Z",
"dateReserved": "2005-06-20T00:00:00.000Z",
"dateUpdated": "2024-08-07T22:06:57.832Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-1995 (GCVE-0-2005-1995)
Vulnerability from nvd – Published: 2005-06-20 04:00 – Updated: 2024-08-07 22:06
VLAI
Summary
Bitrix Site Manager 4.0.x allows remote attackers to obtain sensitive information via direct request to (1) subscr_form.php or (2) dbquery_error.php, which reveals the path in an error message.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://marc.info/?l=bugtraq&m=111885652331100&w=2 | mailing-listx_refsource_BUGTRAQ |
| http://www.osvdb.org/17348 | vdb-entryx_refsource_OSVDB |
| http://www.osvdb.org/17376 | vdb-entryx_refsource_OSVDB |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Date Public
2005-06-15 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T22:06:57.832Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20050615 Vulnerability: Bitrix Web Server Paths",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=111885652331100\u0026w=2"
},
{
"name": "17348",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/17348"
},
{
"name": "17376",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/17376"
},
{
"name": "bitrix-site-path-disclosure(21019)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21019"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-06-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Bitrix Site Manager 4.0.x allows remote attackers to obtain sensitive information via direct request to (1) subscr_form.php or (2) dbquery_error.php, which reveals the path in an error message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20050615 Vulnerability: Bitrix Web Server Paths",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=111885652331100\u0026w=2"
},
{
"name": "17348",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/17348"
},
{
"name": "17376",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/17376"
},
{
"name": "bitrix-site-path-disclosure(21019)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21019"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1995",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Bitrix Site Manager 4.0.x allows remote attackers to obtain sensitive information via direct request to (1) subscr_form.php or (2) dbquery_error.php, which reveals the path in an error message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20050615 Vulnerability: Bitrix Web Server Paths",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=111885652331100\u0026w=2"
},
{
"name": "17348",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/17348"
},
{
"name": "17376",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/17376"
},
{
"name": "bitrix-site-path-disclosure(21019)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21019"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-1995",
"datePublished": "2005-06-20T04:00:00.000Z",
"dateReserved": "2005-06-20T00:00:00.000Z",
"dateUpdated": "2024-08-07T22:06:57.832Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-2052 (GCVE-0-2008-2052)
Vulnerability from cvelistv5 – Published: 2008-05-02 17:00 – Updated: 2024-08-07 08:49
VLAI
Summary
Open redirect vulnerability in redirect.php in Bitrix Site Manager 6.5 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the goto parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://holisticinfosec.org/content/view/62/45/ | x_refsource_MISC |
Date Public
2008-05-02 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:49:57.766Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "bitrix-redirect-security-bypass(42157)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42157"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://holisticinfosec.org/content/view/62/45/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-05-02T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Open redirect vulnerability in redirect.php in Bitrix Site Manager 6.5 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the goto parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "bitrix-redirect-security-bypass(42157)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42157"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://holisticinfosec.org/content/view/62/45/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-2052",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Open redirect vulnerability in redirect.php in Bitrix Site Manager 6.5 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the goto parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "bitrix-redirect-security-bypass(42157)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42157"
},
{
"name": "http://holisticinfosec.org/content/view/62/45/",
"refsource": "MISC",
"url": "http://holisticinfosec.org/content/view/62/45/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-2052",
"datePublished": "2008-05-02T17:00:00.000Z",
"dateReserved": "2008-05-02T00:00:00.000Z",
"dateUpdated": "2024-08-07T08:49:57.766Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-2477 (GCVE-0-2006-2477)
Vulnerability from cvelistv5 – Published: 2006-05-19 17:00 – Updated: 2024-08-07 17:51
VLAI
Summary
Cross-site scripting (XSS) vulnerability in the administrative interface Bitrix Site Manager 4.1.x allows remote attackers to inject arbitrary web script or HTML via unspecified inputs.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.vupen.com/english/advisories/2006/1858 | vdb-entryx_refsource_VUPEN |
| http://secunia.com/advisories/20143 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/archive/1/434367/100… | mailing-listx_refsource_BUGTRAQ |
| http://securitytracker.com/id?1016121 | vdb-entryx_refsource_SECTRACK |
| http://securityreason.com/securityalert/918 | third-party-advisoryx_refsource_SREASON |
Date Public
2006-05-18 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:51:04.586Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "bitrixcms-admin-interface-xss(26544)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26544"
},
{
"name": "ADV-2006-1858",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/1858"
},
{
"name": "20143",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20143"
},
{
"name": "20060518 Multiple Vulns in Bitrix CMS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/434367/100/0/threaded"
},
{
"name": "1016121",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016121"
},
{
"name": "918",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/918"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-05-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the administrative interface Bitrix Site Manager 4.1.x allows remote attackers to inject arbitrary web script or HTML via unspecified inputs."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "bitrixcms-admin-interface-xss(26544)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26544"
},
{
"name": "ADV-2006-1858",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/1858"
},
{
"name": "20143",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20143"
},
{
"name": "20060518 Multiple Vulns in Bitrix CMS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/434367/100/0/threaded"
},
{
"name": "1016121",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1016121"
},
{
"name": "918",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/918"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-2477",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the administrative interface Bitrix Site Manager 4.1.x allows remote attackers to inject arbitrary web script or HTML via unspecified inputs."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "bitrixcms-admin-interface-xss(26544)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26544"
},
{
"name": "ADV-2006-1858",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1858"
},
{
"name": "20143",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20143"
},
{
"name": "20060518 Multiple Vulns in Bitrix CMS",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/434367/100/0/threaded"
},
{
"name": "1016121",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016121"
},
{
"name": "918",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/918"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-2477",
"datePublished": "2006-05-19T17:00:00.000Z",
"dateReserved": "2006-05-19T00:00:00.000Z",
"dateUpdated": "2024-08-07T17:51:04.586Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-2476 (GCVE-0-2006-2476)
Vulnerability from cvelistv5 – Published: 2006-05-19 17:00 – Updated: 2024-08-07 17:51
VLAI
Summary
Bitrix Site Manager 4.1.x stores updater.log under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| http://www.vupen.com/english/advisories/2006/1858 | vdb-entryx_refsource_VUPEN |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://secunia.com/advisories/20143 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/archive/1/434367/100… | mailing-listx_refsource_BUGTRAQ |
| http://securitytracker.com/id?1016121 | vdb-entryx_refsource_SECTRACK |
| http://www.osvdb.org/25624 | vdb-entryx_refsource_OSVDB |
| http://securityreason.com/securityalert/918 | third-party-advisoryx_refsource_SREASON |
| http://archives.neohapsis.com/archives/fulldisclo… | mailing-listx_refsource_FULLDISC |
Date Public
2006-05-18 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:51:04.719Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2006-1858",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/1858"
},
{
"name": "bitrixcms-updaterlog-information-disclosure(26542)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26542"
},
{
"name": "20143",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20143"
},
{
"name": "20060518 Multiple Vulns in Bitrix CMS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/434367/100/0/threaded"
},
{
"name": "1016121",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016121"
},
{
"name": "25624",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/25624"
},
{
"name": "918",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/918"
},
{
"name": "20060518 Multiple Vulns in Bitrix CMS",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-05/0443.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-05-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Bitrix Site Manager 4.1.x stores updater.log under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2006-1858",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/1858"
},
{
"name": "bitrixcms-updaterlog-information-disclosure(26542)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26542"
},
{
"name": "20143",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20143"
},
{
"name": "20060518 Multiple Vulns in Bitrix CMS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/434367/100/0/threaded"
},
{
"name": "1016121",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1016121"
},
{
"name": "25624",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/25624"
},
{
"name": "918",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/918"
},
{
"name": "20060518 Multiple Vulns in Bitrix CMS",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-05/0443.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-2476",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Bitrix Site Manager 4.1.x stores updater.log under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-1858",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1858"
},
{
"name": "bitrixcms-updaterlog-information-disclosure(26542)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26542"
},
{
"name": "20143",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20143"
},
{
"name": "20060518 Multiple Vulns in Bitrix CMS",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/434367/100/0/threaded"
},
{
"name": "1016121",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016121"
},
{
"name": "25624",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/25624"
},
{
"name": "918",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/918"
},
{
"name": "20060518 Multiple Vulns in Bitrix CMS",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-05/0443.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-2476",
"datePublished": "2006-05-19T17:00:00.000Z",
"dateReserved": "2006-05-19T00:00:00.000Z",
"dateUpdated": "2024-08-07T17:51:04.719Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-2478 (GCVE-0-2006-2478)
Vulnerability from cvelistv5 – Published: 2006-05-19 17:00 – Updated: 2024-08-07 17:51
VLAI
Summary
Bitrix Site Manager 4.1.x allows remote attackers to redirect users to other websites via a modified back_url during a HTTP POST request. NOTE: this issue has been referred to as "cross-site scripting," but that is inconsistent with the common use of the term.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| http://www.vupen.com/english/advisories/2006/1858 | vdb-entryx_refsource_VUPEN |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.osvdb.org/25625 | vdb-entryx_refsource_OSVDB |
| http://secunia.com/advisories/20143 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/archive/1/434367/100… | mailing-listx_refsource_BUGTRAQ |
| http://securitytracker.com/id?1016121 | vdb-entryx_refsource_SECTRACK |
| http://securityreason.com/securityalert/918 | third-party-advisoryx_refsource_SREASON |
| http://archives.neohapsis.com/archives/fulldisclo… | mailing-listx_refsource_FULLDISC |
Date Public
2006-05-18 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:51:04.536Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2006-1858",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/1858"
},
{
"name": "bitrixcms-backurl-url-redirect(26543)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26543"
},
{
"name": "25625",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/25625"
},
{
"name": "20143",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20143"
},
{
"name": "20060518 Multiple Vulns in Bitrix CMS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/434367/100/0/threaded"
},
{
"name": "1016121",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016121"
},
{
"name": "918",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/918"
},
{
"name": "20060518 Multiple Vulns in Bitrix CMS",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-05/0443.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-05-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Bitrix Site Manager 4.1.x allows remote attackers to redirect users to other websites via a modified back_url during a HTTP POST request. NOTE: this issue has been referred to as \"cross-site scripting,\" but that is inconsistent with the common use of the term."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2006-1858",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/1858"
},
{
"name": "bitrixcms-backurl-url-redirect(26543)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26543"
},
{
"name": "25625",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/25625"
},
{
"name": "20143",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20143"
},
{
"name": "20060518 Multiple Vulns in Bitrix CMS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/434367/100/0/threaded"
},
{
"name": "1016121",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1016121"
},
{
"name": "918",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/918"
},
{
"name": "20060518 Multiple Vulns in Bitrix CMS",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-05/0443.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-2478",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Bitrix Site Manager 4.1.x allows remote attackers to redirect users to other websites via a modified back_url during a HTTP POST request. NOTE: this issue has been referred to as \"cross-site scripting,\" but that is inconsistent with the common use of the term."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-1858",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1858"
},
{
"name": "bitrixcms-backurl-url-redirect(26543)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26543"
},
{
"name": "25625",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/25625"
},
{
"name": "20143",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20143"
},
{
"name": "20060518 Multiple Vulns in Bitrix CMS",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/434367/100/0/threaded"
},
{
"name": "1016121",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016121"
},
{
"name": "918",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/918"
},
{
"name": "20060518 Multiple Vulns in Bitrix CMS",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-05/0443.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-2478",
"datePublished": "2006-05-19T17:00:00.000Z",
"dateReserved": "2006-05-19T00:00:00.000Z",
"dateUpdated": "2024-08-07T17:51:04.536Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-2479 (GCVE-0-2006-2479)
Vulnerability from cvelistv5 – Published: 2006-05-19 17:00 – Updated: 2024-08-07 17:51
VLAI
Summary
The Update functionality in Bitrix Site Manager 4.1.x does not verify the authenticity of downloaded updates, which allows remote attackers to obtain sensitive information and ultimately execute arbitrary PHP code via DNS cache poisoning that redirects the user to a malicious site.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://www.vupen.com/english/advisories/2006/1858 | vdb-entryx_refsource_VUPEN |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.securityfocus.com/archive/1/434367/100… | mailing-listx_refsource_BUGTRAQ |
| http://securitytracker.com/id?1016121 | vdb-entryx_refsource_SECTRACK |
| http://securityreason.com/securityalert/918 | third-party-advisoryx_refsource_SREASON |
Date Public
2006-05-18 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:51:04.615Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2006-1858",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/1858"
},
{
"name": "bitrixcms-updaterlog-information-disclosure(26542)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26542"
},
{
"name": "bitrixcms-update-cache-poisoning(26548)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26548"
},
{
"name": "20060518 Multiple Vulns in Bitrix CMS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/434367/100/0/threaded"
},
{
"name": "1016121",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016121"
},
{
"name": "918",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/918"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-05-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The Update functionality in Bitrix Site Manager 4.1.x does not verify the authenticity of downloaded updates, which allows remote attackers to obtain sensitive information and ultimately execute arbitrary PHP code via DNS cache poisoning that redirects the user to a malicious site."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2006-1858",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/1858"
},
{
"name": "bitrixcms-updaterlog-information-disclosure(26542)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26542"
},
{
"name": "bitrixcms-update-cache-poisoning(26548)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26548"
},
{
"name": "20060518 Multiple Vulns in Bitrix CMS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/434367/100/0/threaded"
},
{
"name": "1016121",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1016121"
},
{
"name": "918",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/918"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-2479",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Update functionality in Bitrix Site Manager 4.1.x does not verify the authenticity of downloaded updates, which allows remote attackers to obtain sensitive information and ultimately execute arbitrary PHP code via DNS cache poisoning that redirects the user to a malicious site."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-1858",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1858"
},
{
"name": "bitrixcms-updaterlog-information-disclosure(26542)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26542"
},
{
"name": "bitrixcms-update-cache-poisoning(26548)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26548"
},
{
"name": "20060518 Multiple Vulns in Bitrix CMS",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/434367/100/0/threaded"
},
{
"name": "1016121",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016121"
},
{
"name": "918",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/918"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-2479",
"datePublished": "2006-05-19T17:00:00.000Z",
"dateReserved": "2006-05-19T00:00:00.000Z",
"dateUpdated": "2024-08-07T17:51:04.615Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-1996 (GCVE-0-2005-1996)
Vulnerability from cvelistv5 – Published: 2005-06-20 04:00 – Updated: 2024-08-07 22:06
VLAI
Summary
PHP remote file inclusion vulnerability in start.php in Bitrix Site Manager 4.0.x allows remote attackers to execute arbitrary PHP code via the _SERVER[DOCUMENT_ROOT] parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.bitrixsoft.com/sitemanager/versions.ph… | x_refsource_CONFIRM |
| http://marc.info/?l=bugtraq&m=111885605913761&w=2 | mailing-listx_refsource_BUGTRAQ |
| http://secunia.com/advisories/15726 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/bid/13965 | vdb-entryx_refsource_BID |
| http://www.vupen.com/english/advisories/2005/0779 | vdb-entryx_refsource_VUPEN |
| http://www.bitrixsoft.com/support/forum/read.php?… | x_refsource_CONFIRM |
| http://www.osvdb.org/17341 | vdb-entryx_refsource_OSVDB |
Date Public
2005-06-15 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T22:06:57.832Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "bitrix-serverdocumentroot-file-include(21018)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21018"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.bitrixsoft.com/sitemanager/versions.php?module=main"
},
{
"name": "20050615 Vulnerability: Bitrix Php inclusion",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=111885605913761\u0026w=2"
},
{
"name": "15726",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/15726"
},
{
"name": "13965",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/13965"
},
{
"name": "ADV-2005-0779",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/0779"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.bitrixsoft.com/support/forum/read.php?FID=10\u0026TID=1872"
},
{
"name": "17341",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/17341"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-06-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "PHP remote file inclusion vulnerability in start.php in Bitrix Site Manager 4.0.x allows remote attackers to execute arbitrary PHP code via the _SERVER[DOCUMENT_ROOT] parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "bitrix-serverdocumentroot-file-include(21018)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21018"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.bitrixsoft.com/sitemanager/versions.php?module=main"
},
{
"name": "20050615 Vulnerability: Bitrix Php inclusion",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=111885605913761\u0026w=2"
},
{
"name": "15726",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/15726"
},
{
"name": "13965",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/13965"
},
{
"name": "ADV-2005-0779",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/0779"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.bitrixsoft.com/support/forum/read.php?FID=10\u0026TID=1872"
},
{
"name": "17341",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/17341"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1996",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in start.php in Bitrix Site Manager 4.0.x allows remote attackers to execute arbitrary PHP code via the _SERVER[DOCUMENT_ROOT] parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "bitrix-serverdocumentroot-file-include(21018)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21018"
},
{
"name": "http://www.bitrixsoft.com/sitemanager/versions.php?module=main",
"refsource": "CONFIRM",
"url": "http://www.bitrixsoft.com/sitemanager/versions.php?module=main"
},
{
"name": "20050615 Vulnerability: Bitrix Php inclusion",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=111885605913761\u0026w=2"
},
{
"name": "15726",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/15726"
},
{
"name": "13965",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/13965"
},
{
"name": "ADV-2005-0779",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/0779"
},
{
"name": "http://www.bitrixsoft.com/support/forum/read.php?FID=10\u0026TID=1872",
"refsource": "CONFIRM",
"url": "http://www.bitrixsoft.com/support/forum/read.php?FID=10\u0026TID=1872"
},
{
"name": "17341",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/17341"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-1996",
"datePublished": "2005-06-20T04:00:00.000Z",
"dateReserved": "2005-06-20T00:00:00.000Z",
"dateUpdated": "2024-08-07T22:06:57.832Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-1995 (GCVE-0-2005-1995)
Vulnerability from cvelistv5 – Published: 2005-06-20 04:00 – Updated: 2024-08-07 22:06
VLAI
Summary
Bitrix Site Manager 4.0.x allows remote attackers to obtain sensitive information via direct request to (1) subscr_form.php or (2) dbquery_error.php, which reveals the path in an error message.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://marc.info/?l=bugtraq&m=111885652331100&w=2 | mailing-listx_refsource_BUGTRAQ |
| http://www.osvdb.org/17348 | vdb-entryx_refsource_OSVDB |
| http://www.osvdb.org/17376 | vdb-entryx_refsource_OSVDB |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Date Public
2005-06-15 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T22:06:57.832Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20050615 Vulnerability: Bitrix Web Server Paths",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=111885652331100\u0026w=2"
},
{
"name": "17348",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/17348"
},
{
"name": "17376",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/17376"
},
{
"name": "bitrix-site-path-disclosure(21019)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21019"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-06-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Bitrix Site Manager 4.0.x allows remote attackers to obtain sensitive information via direct request to (1) subscr_form.php or (2) dbquery_error.php, which reveals the path in an error message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20050615 Vulnerability: Bitrix Web Server Paths",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=111885652331100\u0026w=2"
},
{
"name": "17348",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/17348"
},
{
"name": "17376",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/17376"
},
{
"name": "bitrix-site-path-disclosure(21019)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21019"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1995",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Bitrix Site Manager 4.0.x allows remote attackers to obtain sensitive information via direct request to (1) subscr_form.php or (2) dbquery_error.php, which reveals the path in an error message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20050615 Vulnerability: Bitrix Web Server Paths",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=111885652331100\u0026w=2"
},
{
"name": "17348",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/17348"
},
{
"name": "17376",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/17376"
},
{
"name": "bitrix-site-path-disclosure(21019)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21019"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-1995",
"datePublished": "2005-06-20T04:00:00.000Z",
"dateReserved": "2005-06-20T00:00:00.000Z",
"dateUpdated": "2024-08-07T22:06:57.832Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}