Search criteria
20 vulnerabilities found for bitrix_site_manager by bitrix
CVE-2008-2052 (GCVE-0-2008-2052)
Vulnerability from cvelistv5 – Published: 2008-05-02 17:00 – Updated: 2024-08-07 08:49
VLAI?
Summary
Open redirect vulnerability in redirect.php in Bitrix Site Manager 6.5 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the goto parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:49:57.766Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "bitrix-redirect-security-bypass(42157)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42157"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://holisticinfosec.org/content/view/62/45/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-05-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Open redirect vulnerability in redirect.php in Bitrix Site Manager 6.5 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the goto parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "bitrix-redirect-security-bypass(42157)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42157"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://holisticinfosec.org/content/view/62/45/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-2052",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Open redirect vulnerability in redirect.php in Bitrix Site Manager 6.5 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the goto parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "bitrix-redirect-security-bypass(42157)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42157"
},
{
"name": "http://holisticinfosec.org/content/view/62/45/",
"refsource": "MISC",
"url": "http://holisticinfosec.org/content/view/62/45/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-2052",
"datePublished": "2008-05-02T17:00:00",
"dateReserved": "2008-05-02T00:00:00",
"dateUpdated": "2024-08-07T08:49:57.766Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-2477 (GCVE-0-2006-2477)
Vulnerability from cvelistv5 – Published: 2006-05-19 17:00 – Updated: 2024-08-07 17:51
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in the administrative interface Bitrix Site Manager 4.1.x allows remote attackers to inject arbitrary web script or HTML via unspecified inputs.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:51:04.586Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "bitrixcms-admin-interface-xss(26544)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26544"
},
{
"name": "ADV-2006-1858",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/1858"
},
{
"name": "20143",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20143"
},
{
"name": "20060518 Multiple Vulns in Bitrix CMS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/434367/100/0/threaded"
},
{
"name": "1016121",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016121"
},
{
"name": "918",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/918"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-05-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the administrative interface Bitrix Site Manager 4.1.x allows remote attackers to inject arbitrary web script or HTML via unspecified inputs."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "bitrixcms-admin-interface-xss(26544)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26544"
},
{
"name": "ADV-2006-1858",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/1858"
},
{
"name": "20143",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20143"
},
{
"name": "20060518 Multiple Vulns in Bitrix CMS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/434367/100/0/threaded"
},
{
"name": "1016121",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1016121"
},
{
"name": "918",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/918"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-2477",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the administrative interface Bitrix Site Manager 4.1.x allows remote attackers to inject arbitrary web script or HTML via unspecified inputs."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "bitrixcms-admin-interface-xss(26544)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26544"
},
{
"name": "ADV-2006-1858",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1858"
},
{
"name": "20143",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20143"
},
{
"name": "20060518 Multiple Vulns in Bitrix CMS",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/434367/100/0/threaded"
},
{
"name": "1016121",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016121"
},
{
"name": "918",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/918"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-2477",
"datePublished": "2006-05-19T17:00:00",
"dateReserved": "2006-05-19T00:00:00",
"dateUpdated": "2024-08-07T17:51:04.586Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-2478 (GCVE-0-2006-2478)
Vulnerability from cvelistv5 – Published: 2006-05-19 17:00 – Updated: 2024-08-07 17:51
VLAI?
Summary
Bitrix Site Manager 4.1.x allows remote attackers to redirect users to other websites via a modified back_url during a HTTP POST request. NOTE: this issue has been referred to as "cross-site scripting," but that is inconsistent with the common use of the term.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:51:04.536Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2006-1858",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/1858"
},
{
"name": "bitrixcms-backurl-url-redirect(26543)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26543"
},
{
"name": "25625",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/25625"
},
{
"name": "20143",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20143"
},
{
"name": "20060518 Multiple Vulns in Bitrix CMS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/434367/100/0/threaded"
},
{
"name": "1016121",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016121"
},
{
"name": "918",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/918"
},
{
"name": "20060518 Multiple Vulns in Bitrix CMS",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-05/0443.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-05-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Bitrix Site Manager 4.1.x allows remote attackers to redirect users to other websites via a modified back_url during a HTTP POST request. NOTE: this issue has been referred to as \"cross-site scripting,\" but that is inconsistent with the common use of the term."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2006-1858",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/1858"
},
{
"name": "bitrixcms-backurl-url-redirect(26543)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26543"
},
{
"name": "25625",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/25625"
},
{
"name": "20143",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20143"
},
{
"name": "20060518 Multiple Vulns in Bitrix CMS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/434367/100/0/threaded"
},
{
"name": "1016121",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1016121"
},
{
"name": "918",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/918"
},
{
"name": "20060518 Multiple Vulns in Bitrix CMS",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-05/0443.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-2478",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Bitrix Site Manager 4.1.x allows remote attackers to redirect users to other websites via a modified back_url during a HTTP POST request. NOTE: this issue has been referred to as \"cross-site scripting,\" but that is inconsistent with the common use of the term."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-1858",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1858"
},
{
"name": "bitrixcms-backurl-url-redirect(26543)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26543"
},
{
"name": "25625",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/25625"
},
{
"name": "20143",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20143"
},
{
"name": "20060518 Multiple Vulns in Bitrix CMS",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/434367/100/0/threaded"
},
{
"name": "1016121",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016121"
},
{
"name": "918",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/918"
},
{
"name": "20060518 Multiple Vulns in Bitrix CMS",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-05/0443.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-2478",
"datePublished": "2006-05-19T17:00:00",
"dateReserved": "2006-05-19T00:00:00",
"dateUpdated": "2024-08-07T17:51:04.536Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-2479 (GCVE-0-2006-2479)
Vulnerability from cvelistv5 – Published: 2006-05-19 17:00 – Updated: 2024-08-07 17:51
VLAI?
Summary
The Update functionality in Bitrix Site Manager 4.1.x does not verify the authenticity of downloaded updates, which allows remote attackers to obtain sensitive information and ultimately execute arbitrary PHP code via DNS cache poisoning that redirects the user to a malicious site.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:51:04.615Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2006-1858",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/1858"
},
{
"name": "bitrixcms-updaterlog-information-disclosure(26542)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26542"
},
{
"name": "bitrixcms-update-cache-poisoning(26548)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26548"
},
{
"name": "20060518 Multiple Vulns in Bitrix CMS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/434367/100/0/threaded"
},
{
"name": "1016121",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016121"
},
{
"name": "918",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/918"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-05-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Update functionality in Bitrix Site Manager 4.1.x does not verify the authenticity of downloaded updates, which allows remote attackers to obtain sensitive information and ultimately execute arbitrary PHP code via DNS cache poisoning that redirects the user to a malicious site."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2006-1858",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/1858"
},
{
"name": "bitrixcms-updaterlog-information-disclosure(26542)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26542"
},
{
"name": "bitrixcms-update-cache-poisoning(26548)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26548"
},
{
"name": "20060518 Multiple Vulns in Bitrix CMS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/434367/100/0/threaded"
},
{
"name": "1016121",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1016121"
},
{
"name": "918",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/918"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-2479",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Update functionality in Bitrix Site Manager 4.1.x does not verify the authenticity of downloaded updates, which allows remote attackers to obtain sensitive information and ultimately execute arbitrary PHP code via DNS cache poisoning that redirects the user to a malicious site."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-1858",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1858"
},
{
"name": "bitrixcms-updaterlog-information-disclosure(26542)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26542"
},
{
"name": "bitrixcms-update-cache-poisoning(26548)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26548"
},
{
"name": "20060518 Multiple Vulns in Bitrix CMS",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/434367/100/0/threaded"
},
{
"name": "1016121",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016121"
},
{
"name": "918",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/918"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-2479",
"datePublished": "2006-05-19T17:00:00",
"dateReserved": "2006-05-19T00:00:00",
"dateUpdated": "2024-08-07T17:51:04.615Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-2476 (GCVE-0-2006-2476)
Vulnerability from cvelistv5 – Published: 2006-05-19 17:00 – Updated: 2024-08-07 17:51
VLAI?
Summary
Bitrix Site Manager 4.1.x stores updater.log under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:51:04.719Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2006-1858",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/1858"
},
{
"name": "bitrixcms-updaterlog-information-disclosure(26542)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26542"
},
{
"name": "20143",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20143"
},
{
"name": "20060518 Multiple Vulns in Bitrix CMS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/434367/100/0/threaded"
},
{
"name": "1016121",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016121"
},
{
"name": "25624",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/25624"
},
{
"name": "918",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/918"
},
{
"name": "20060518 Multiple Vulns in Bitrix CMS",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-05/0443.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-05-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Bitrix Site Manager 4.1.x stores updater.log under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2006-1858",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/1858"
},
{
"name": "bitrixcms-updaterlog-information-disclosure(26542)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26542"
},
{
"name": "20143",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20143"
},
{
"name": "20060518 Multiple Vulns in Bitrix CMS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/434367/100/0/threaded"
},
{
"name": "1016121",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1016121"
},
{
"name": "25624",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/25624"
},
{
"name": "918",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/918"
},
{
"name": "20060518 Multiple Vulns in Bitrix CMS",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-05/0443.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-2476",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Bitrix Site Manager 4.1.x stores updater.log under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-1858",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1858"
},
{
"name": "bitrixcms-updaterlog-information-disclosure(26542)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26542"
},
{
"name": "20143",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20143"
},
{
"name": "20060518 Multiple Vulns in Bitrix CMS",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/434367/100/0/threaded"
},
{
"name": "1016121",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016121"
},
{
"name": "25624",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/25624"
},
{
"name": "918",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/918"
},
{
"name": "20060518 Multiple Vulns in Bitrix CMS",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-05/0443.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-2476",
"datePublished": "2006-05-19T17:00:00",
"dateReserved": "2006-05-19T00:00:00",
"dateUpdated": "2024-08-07T17:51:04.719Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-1996 (GCVE-0-2005-1996)
Vulnerability from cvelistv5 – Published: 2005-06-20 04:00 – Updated: 2024-08-07 22:06
VLAI?
Summary
PHP remote file inclusion vulnerability in start.php in Bitrix Site Manager 4.0.x allows remote attackers to execute arbitrary PHP code via the _SERVER[DOCUMENT_ROOT] parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T22:06:57.832Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "bitrix-serverdocumentroot-file-include(21018)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21018"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.bitrixsoft.com/sitemanager/versions.php?module=main"
},
{
"name": "20050615 Vulnerability: Bitrix Php inclusion",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=111885605913761\u0026w=2"
},
{
"name": "15726",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/15726"
},
{
"name": "13965",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/13965"
},
{
"name": "ADV-2005-0779",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/0779"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.bitrixsoft.com/support/forum/read.php?FID=10\u0026TID=1872"
},
{
"name": "17341",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/17341"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-06-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "PHP remote file inclusion vulnerability in start.php in Bitrix Site Manager 4.0.x allows remote attackers to execute arbitrary PHP code via the _SERVER[DOCUMENT_ROOT] parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "bitrix-serverdocumentroot-file-include(21018)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21018"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.bitrixsoft.com/sitemanager/versions.php?module=main"
},
{
"name": "20050615 Vulnerability: Bitrix Php inclusion",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=111885605913761\u0026w=2"
},
{
"name": "15726",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/15726"
},
{
"name": "13965",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/13965"
},
{
"name": "ADV-2005-0779",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/0779"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.bitrixsoft.com/support/forum/read.php?FID=10\u0026TID=1872"
},
{
"name": "17341",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/17341"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1996",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in start.php in Bitrix Site Manager 4.0.x allows remote attackers to execute arbitrary PHP code via the _SERVER[DOCUMENT_ROOT] parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "bitrix-serverdocumentroot-file-include(21018)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21018"
},
{
"name": "http://www.bitrixsoft.com/sitemanager/versions.php?module=main",
"refsource": "CONFIRM",
"url": "http://www.bitrixsoft.com/sitemanager/versions.php?module=main"
},
{
"name": "20050615 Vulnerability: Bitrix Php inclusion",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=111885605913761\u0026w=2"
},
{
"name": "15726",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/15726"
},
{
"name": "13965",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/13965"
},
{
"name": "ADV-2005-0779",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/0779"
},
{
"name": "http://www.bitrixsoft.com/support/forum/read.php?FID=10\u0026TID=1872",
"refsource": "CONFIRM",
"url": "http://www.bitrixsoft.com/support/forum/read.php?FID=10\u0026TID=1872"
},
{
"name": "17341",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/17341"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-1996",
"datePublished": "2005-06-20T04:00:00",
"dateReserved": "2005-06-20T00:00:00",
"dateUpdated": "2024-08-07T22:06:57.832Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-1995 (GCVE-0-2005-1995)
Vulnerability from cvelistv5 – Published: 2005-06-20 04:00 – Updated: 2024-08-07 22:06
VLAI?
Summary
Bitrix Site Manager 4.0.x allows remote attackers to obtain sensitive information via direct request to (1) subscr_form.php or (2) dbquery_error.php, which reveals the path in an error message.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T22:06:57.832Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20050615 Vulnerability: Bitrix Web Server Paths",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=111885652331100\u0026w=2"
},
{
"name": "17348",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/17348"
},
{
"name": "17376",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/17376"
},
{
"name": "bitrix-site-path-disclosure(21019)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21019"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-06-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Bitrix Site Manager 4.0.x allows remote attackers to obtain sensitive information via direct request to (1) subscr_form.php or (2) dbquery_error.php, which reveals the path in an error message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20050615 Vulnerability: Bitrix Web Server Paths",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=111885652331100\u0026w=2"
},
{
"name": "17348",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/17348"
},
{
"name": "17376",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/17376"
},
{
"name": "bitrix-site-path-disclosure(21019)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21019"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1995",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Bitrix Site Manager 4.0.x allows remote attackers to obtain sensitive information via direct request to (1) subscr_form.php or (2) dbquery_error.php, which reveals the path in an error message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20050615 Vulnerability: Bitrix Web Server Paths",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=111885652331100\u0026w=2"
},
{
"name": "17348",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/17348"
},
{
"name": "17376",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/17376"
},
{
"name": "bitrix-site-path-disclosure(21019)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21019"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-1995",
"datePublished": "2005-06-20T04:00:00",
"dateReserved": "2005-06-20T00:00:00",
"dateUpdated": "2024-08-07T22:06:57.832Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-2052 (GCVE-0-2008-2052)
Vulnerability from nvd – Published: 2008-05-02 17:00 – Updated: 2024-08-07 08:49
VLAI?
Summary
Open redirect vulnerability in redirect.php in Bitrix Site Manager 6.5 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the goto parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:49:57.766Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "bitrix-redirect-security-bypass(42157)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42157"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://holisticinfosec.org/content/view/62/45/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-05-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Open redirect vulnerability in redirect.php in Bitrix Site Manager 6.5 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the goto parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "bitrix-redirect-security-bypass(42157)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42157"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://holisticinfosec.org/content/view/62/45/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-2052",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Open redirect vulnerability in redirect.php in Bitrix Site Manager 6.5 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the goto parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "bitrix-redirect-security-bypass(42157)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42157"
},
{
"name": "http://holisticinfosec.org/content/view/62/45/",
"refsource": "MISC",
"url": "http://holisticinfosec.org/content/view/62/45/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-2052",
"datePublished": "2008-05-02T17:00:00",
"dateReserved": "2008-05-02T00:00:00",
"dateUpdated": "2024-08-07T08:49:57.766Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-2477 (GCVE-0-2006-2477)
Vulnerability from nvd – Published: 2006-05-19 17:00 – Updated: 2024-08-07 17:51
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in the administrative interface Bitrix Site Manager 4.1.x allows remote attackers to inject arbitrary web script or HTML via unspecified inputs.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:51:04.586Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "bitrixcms-admin-interface-xss(26544)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26544"
},
{
"name": "ADV-2006-1858",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/1858"
},
{
"name": "20143",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20143"
},
{
"name": "20060518 Multiple Vulns in Bitrix CMS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/434367/100/0/threaded"
},
{
"name": "1016121",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016121"
},
{
"name": "918",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/918"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-05-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the administrative interface Bitrix Site Manager 4.1.x allows remote attackers to inject arbitrary web script or HTML via unspecified inputs."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "bitrixcms-admin-interface-xss(26544)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26544"
},
{
"name": "ADV-2006-1858",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/1858"
},
{
"name": "20143",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20143"
},
{
"name": "20060518 Multiple Vulns in Bitrix CMS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/434367/100/0/threaded"
},
{
"name": "1016121",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1016121"
},
{
"name": "918",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/918"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-2477",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the administrative interface Bitrix Site Manager 4.1.x allows remote attackers to inject arbitrary web script or HTML via unspecified inputs."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "bitrixcms-admin-interface-xss(26544)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26544"
},
{
"name": "ADV-2006-1858",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1858"
},
{
"name": "20143",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20143"
},
{
"name": "20060518 Multiple Vulns in Bitrix CMS",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/434367/100/0/threaded"
},
{
"name": "1016121",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016121"
},
{
"name": "918",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/918"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-2477",
"datePublished": "2006-05-19T17:00:00",
"dateReserved": "2006-05-19T00:00:00",
"dateUpdated": "2024-08-07T17:51:04.586Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-2478 (GCVE-0-2006-2478)
Vulnerability from nvd – Published: 2006-05-19 17:00 – Updated: 2024-08-07 17:51
VLAI?
Summary
Bitrix Site Manager 4.1.x allows remote attackers to redirect users to other websites via a modified back_url during a HTTP POST request. NOTE: this issue has been referred to as "cross-site scripting," but that is inconsistent with the common use of the term.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:51:04.536Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2006-1858",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/1858"
},
{
"name": "bitrixcms-backurl-url-redirect(26543)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26543"
},
{
"name": "25625",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/25625"
},
{
"name": "20143",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20143"
},
{
"name": "20060518 Multiple Vulns in Bitrix CMS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/434367/100/0/threaded"
},
{
"name": "1016121",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016121"
},
{
"name": "918",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/918"
},
{
"name": "20060518 Multiple Vulns in Bitrix CMS",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-05/0443.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-05-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Bitrix Site Manager 4.1.x allows remote attackers to redirect users to other websites via a modified back_url during a HTTP POST request. NOTE: this issue has been referred to as \"cross-site scripting,\" but that is inconsistent with the common use of the term."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2006-1858",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/1858"
},
{
"name": "bitrixcms-backurl-url-redirect(26543)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26543"
},
{
"name": "25625",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/25625"
},
{
"name": "20143",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20143"
},
{
"name": "20060518 Multiple Vulns in Bitrix CMS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/434367/100/0/threaded"
},
{
"name": "1016121",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1016121"
},
{
"name": "918",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/918"
},
{
"name": "20060518 Multiple Vulns in Bitrix CMS",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-05/0443.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-2478",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Bitrix Site Manager 4.1.x allows remote attackers to redirect users to other websites via a modified back_url during a HTTP POST request. NOTE: this issue has been referred to as \"cross-site scripting,\" but that is inconsistent with the common use of the term."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-1858",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1858"
},
{
"name": "bitrixcms-backurl-url-redirect(26543)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26543"
},
{
"name": "25625",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/25625"
},
{
"name": "20143",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20143"
},
{
"name": "20060518 Multiple Vulns in Bitrix CMS",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/434367/100/0/threaded"
},
{
"name": "1016121",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016121"
},
{
"name": "918",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/918"
},
{
"name": "20060518 Multiple Vulns in Bitrix CMS",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-05/0443.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-2478",
"datePublished": "2006-05-19T17:00:00",
"dateReserved": "2006-05-19T00:00:00",
"dateUpdated": "2024-08-07T17:51:04.536Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-2479 (GCVE-0-2006-2479)
Vulnerability from nvd – Published: 2006-05-19 17:00 – Updated: 2024-08-07 17:51
VLAI?
Summary
The Update functionality in Bitrix Site Manager 4.1.x does not verify the authenticity of downloaded updates, which allows remote attackers to obtain sensitive information and ultimately execute arbitrary PHP code via DNS cache poisoning that redirects the user to a malicious site.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:51:04.615Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2006-1858",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/1858"
},
{
"name": "bitrixcms-updaterlog-information-disclosure(26542)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26542"
},
{
"name": "bitrixcms-update-cache-poisoning(26548)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26548"
},
{
"name": "20060518 Multiple Vulns in Bitrix CMS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/434367/100/0/threaded"
},
{
"name": "1016121",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016121"
},
{
"name": "918",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/918"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-05-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Update functionality in Bitrix Site Manager 4.1.x does not verify the authenticity of downloaded updates, which allows remote attackers to obtain sensitive information and ultimately execute arbitrary PHP code via DNS cache poisoning that redirects the user to a malicious site."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2006-1858",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/1858"
},
{
"name": "bitrixcms-updaterlog-information-disclosure(26542)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26542"
},
{
"name": "bitrixcms-update-cache-poisoning(26548)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26548"
},
{
"name": "20060518 Multiple Vulns in Bitrix CMS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/434367/100/0/threaded"
},
{
"name": "1016121",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1016121"
},
{
"name": "918",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/918"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-2479",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Update functionality in Bitrix Site Manager 4.1.x does not verify the authenticity of downloaded updates, which allows remote attackers to obtain sensitive information and ultimately execute arbitrary PHP code via DNS cache poisoning that redirects the user to a malicious site."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-1858",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1858"
},
{
"name": "bitrixcms-updaterlog-information-disclosure(26542)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26542"
},
{
"name": "bitrixcms-update-cache-poisoning(26548)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26548"
},
{
"name": "20060518 Multiple Vulns in Bitrix CMS",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/434367/100/0/threaded"
},
{
"name": "1016121",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016121"
},
{
"name": "918",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/918"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-2479",
"datePublished": "2006-05-19T17:00:00",
"dateReserved": "2006-05-19T00:00:00",
"dateUpdated": "2024-08-07T17:51:04.615Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-2476 (GCVE-0-2006-2476)
Vulnerability from nvd – Published: 2006-05-19 17:00 – Updated: 2024-08-07 17:51
VLAI?
Summary
Bitrix Site Manager 4.1.x stores updater.log under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:51:04.719Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2006-1858",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/1858"
},
{
"name": "bitrixcms-updaterlog-information-disclosure(26542)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26542"
},
{
"name": "20143",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20143"
},
{
"name": "20060518 Multiple Vulns in Bitrix CMS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/434367/100/0/threaded"
},
{
"name": "1016121",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016121"
},
{
"name": "25624",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/25624"
},
{
"name": "918",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/918"
},
{
"name": "20060518 Multiple Vulns in Bitrix CMS",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-05/0443.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-05-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Bitrix Site Manager 4.1.x stores updater.log under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2006-1858",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/1858"
},
{
"name": "bitrixcms-updaterlog-information-disclosure(26542)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26542"
},
{
"name": "20143",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20143"
},
{
"name": "20060518 Multiple Vulns in Bitrix CMS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/434367/100/0/threaded"
},
{
"name": "1016121",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1016121"
},
{
"name": "25624",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/25624"
},
{
"name": "918",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/918"
},
{
"name": "20060518 Multiple Vulns in Bitrix CMS",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-05/0443.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-2476",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Bitrix Site Manager 4.1.x stores updater.log under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-1858",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1858"
},
{
"name": "bitrixcms-updaterlog-information-disclosure(26542)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26542"
},
{
"name": "20143",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20143"
},
{
"name": "20060518 Multiple Vulns in Bitrix CMS",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/434367/100/0/threaded"
},
{
"name": "1016121",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016121"
},
{
"name": "25624",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/25624"
},
{
"name": "918",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/918"
},
{
"name": "20060518 Multiple Vulns in Bitrix CMS",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-05/0443.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-2476",
"datePublished": "2006-05-19T17:00:00",
"dateReserved": "2006-05-19T00:00:00",
"dateUpdated": "2024-08-07T17:51:04.719Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-1996 (GCVE-0-2005-1996)
Vulnerability from nvd – Published: 2005-06-20 04:00 – Updated: 2024-08-07 22:06
VLAI?
Summary
PHP remote file inclusion vulnerability in start.php in Bitrix Site Manager 4.0.x allows remote attackers to execute arbitrary PHP code via the _SERVER[DOCUMENT_ROOT] parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T22:06:57.832Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "bitrix-serverdocumentroot-file-include(21018)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21018"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.bitrixsoft.com/sitemanager/versions.php?module=main"
},
{
"name": "20050615 Vulnerability: Bitrix Php inclusion",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=111885605913761\u0026w=2"
},
{
"name": "15726",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/15726"
},
{
"name": "13965",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/13965"
},
{
"name": "ADV-2005-0779",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/0779"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.bitrixsoft.com/support/forum/read.php?FID=10\u0026TID=1872"
},
{
"name": "17341",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/17341"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-06-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "PHP remote file inclusion vulnerability in start.php in Bitrix Site Manager 4.0.x allows remote attackers to execute arbitrary PHP code via the _SERVER[DOCUMENT_ROOT] parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "bitrix-serverdocumentroot-file-include(21018)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21018"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.bitrixsoft.com/sitemanager/versions.php?module=main"
},
{
"name": "20050615 Vulnerability: Bitrix Php inclusion",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=111885605913761\u0026w=2"
},
{
"name": "15726",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/15726"
},
{
"name": "13965",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/13965"
},
{
"name": "ADV-2005-0779",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/0779"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.bitrixsoft.com/support/forum/read.php?FID=10\u0026TID=1872"
},
{
"name": "17341",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/17341"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1996",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in start.php in Bitrix Site Manager 4.0.x allows remote attackers to execute arbitrary PHP code via the _SERVER[DOCUMENT_ROOT] parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "bitrix-serverdocumentroot-file-include(21018)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21018"
},
{
"name": "http://www.bitrixsoft.com/sitemanager/versions.php?module=main",
"refsource": "CONFIRM",
"url": "http://www.bitrixsoft.com/sitemanager/versions.php?module=main"
},
{
"name": "20050615 Vulnerability: Bitrix Php inclusion",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=111885605913761\u0026w=2"
},
{
"name": "15726",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/15726"
},
{
"name": "13965",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/13965"
},
{
"name": "ADV-2005-0779",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/0779"
},
{
"name": "http://www.bitrixsoft.com/support/forum/read.php?FID=10\u0026TID=1872",
"refsource": "CONFIRM",
"url": "http://www.bitrixsoft.com/support/forum/read.php?FID=10\u0026TID=1872"
},
{
"name": "17341",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/17341"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-1996",
"datePublished": "2005-06-20T04:00:00",
"dateReserved": "2005-06-20T00:00:00",
"dateUpdated": "2024-08-07T22:06:57.832Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-1995 (GCVE-0-2005-1995)
Vulnerability from nvd – Published: 2005-06-20 04:00 – Updated: 2024-08-07 22:06
VLAI?
Summary
Bitrix Site Manager 4.0.x allows remote attackers to obtain sensitive information via direct request to (1) subscr_form.php or (2) dbquery_error.php, which reveals the path in an error message.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T22:06:57.832Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20050615 Vulnerability: Bitrix Web Server Paths",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=111885652331100\u0026w=2"
},
{
"name": "17348",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/17348"
},
{
"name": "17376",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/17376"
},
{
"name": "bitrix-site-path-disclosure(21019)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21019"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-06-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Bitrix Site Manager 4.0.x allows remote attackers to obtain sensitive information via direct request to (1) subscr_form.php or (2) dbquery_error.php, which reveals the path in an error message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20050615 Vulnerability: Bitrix Web Server Paths",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=111885652331100\u0026w=2"
},
{
"name": "17348",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/17348"
},
{
"name": "17376",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/17376"
},
{
"name": "bitrix-site-path-disclosure(21019)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21019"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1995",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Bitrix Site Manager 4.0.x allows remote attackers to obtain sensitive information via direct request to (1) subscr_form.php or (2) dbquery_error.php, which reveals the path in an error message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20050615 Vulnerability: Bitrix Web Server Paths",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=111885652331100\u0026w=2"
},
{
"name": "17348",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/17348"
},
{
"name": "17376",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/17376"
},
{
"name": "bitrix-site-path-disclosure(21019)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21019"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-1995",
"datePublished": "2005-06-20T04:00:00",
"dateReserved": "2005-06-20T00:00:00",
"dateUpdated": "2024-08-07T22:06:57.832Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
FKIE_CVE-2006-2476
Vulnerability from fkie_nvd - Published: 2006-05-19 17:02 - Updated: 2025-04-03 01:03
Severity ?
Summary
Bitrix Site Manager 4.1.x stores updater.log under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| bitrix | bitrix_site_manager | * | |
| bitrix | bitrix_site_manager | 4.0.0 | |
| bitrix | bitrix_site_manager | 4.0.2 | |
| bitrix | bitrix_site_manager | 4.0.3 | |
| bitrix | bitrix_site_manager | 4.0.4 | |
| bitrix | bitrix_site_manager | 4.0.5 | |
| bitrix | bitrix_site_manager | 4.0.6 | |
| bitrix | bitrix_site_manager | 4.0.7 | |
| bitrix | bitrix_site_manager | 4.0.8 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bitrix:bitrix_site_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5DB5EEB8-73FD-4A03-AFB6-EC930B34F612",
"versionEndIncluding": "4.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitrix:bitrix_site_manager:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8C8FAB07-B0A4-499E-A9F9-5135ED70FAB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitrix:bitrix_site_manager:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "964A32F7-699D-4096-8AF7-CDB6EBCA8FAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitrix:bitrix_site_manager:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "02A233BC-68DA-4988-A840-B26B40294D44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitrix:bitrix_site_manager:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0EE66137-DED6-4EF3-90BC-29331C9281C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitrix:bitrix_site_manager:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "7C04D4F3-1E3D-436A-A8CF-F362DC854733",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitrix:bitrix_site_manager:4.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "BD84101B-84E9-44C5-9E5A-BEE676F12427",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitrix:bitrix_site_manager:4.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "704A4DF4-871F-4E20-9AA1-2725BC1CDB50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitrix:bitrix_site_manager:4.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "1D469F51-611B-47F1-A5AC-4CE99E944DFB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Bitrix Site Manager 4.1.x stores updater.log under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information."
}
],
"id": "CVE-2006-2476",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-05-19T17:02:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-05/0443.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20143"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/918"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://securitytracker.com/id?1016121"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/25624"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/434367/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/1858"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26542"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-05/0443.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20143"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/918"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://securitytracker.com/id?1016121"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/25624"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/434367/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/1858"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26542"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2006-2479
Vulnerability from fkie_nvd - Published: 2006-05-19 17:02 - Updated: 2025-04-03 01:03
Severity ?
Summary
The Update functionality in Bitrix Site Manager 4.1.x does not verify the authenticity of downloaded updates, which allows remote attackers to obtain sensitive information and ultimately execute arbitrary PHP code via DNS cache poisoning that redirects the user to a malicious site.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| bitrix | bitrix_site_manager | 4.0.0 | |
| bitrix | bitrix_site_manager | 4.0.2 | |
| bitrix | bitrix_site_manager | 4.0.3 | |
| bitrix | bitrix_site_manager | 4.0.4 | |
| bitrix | bitrix_site_manager | 4.0.5 | |
| bitrix | bitrix_site_manager | 4.0.6 | |
| bitrix | bitrix_site_manager | 4.0.7 | |
| bitrix | bitrix_site_manager | 4.0.8 | |
| bitrix | bitrix_site_manager | 4.1.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bitrix:bitrix_site_manager:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8C8FAB07-B0A4-499E-A9F9-5135ED70FAB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitrix:bitrix_site_manager:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "964A32F7-699D-4096-8AF7-CDB6EBCA8FAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitrix:bitrix_site_manager:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "02A233BC-68DA-4988-A840-B26B40294D44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitrix:bitrix_site_manager:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0EE66137-DED6-4EF3-90BC-29331C9281C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitrix:bitrix_site_manager:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "7C04D4F3-1E3D-436A-A8CF-F362DC854733",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitrix:bitrix_site_manager:4.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "BD84101B-84E9-44C5-9E5A-BEE676F12427",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitrix:bitrix_site_manager:4.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "704A4DF4-871F-4E20-9AA1-2725BC1CDB50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitrix:bitrix_site_manager:4.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "1D469F51-611B-47F1-A5AC-4CE99E944DFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitrix:bitrix_site_manager:4.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "37A63D71-42EF-4E05-A891-AB711F3309CC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Update functionality in Bitrix Site Manager 4.1.x does not verify the authenticity of downloaded updates, which allows remote attackers to obtain sensitive information and ultimately execute arbitrary PHP code via DNS cache poisoning that redirects the user to a malicious site."
}
],
"id": "CVE-2006-2479",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-05-19T17:02:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/918"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://securitytracker.com/id?1016121"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/434367/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/1858"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26542"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26548"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/918"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://securitytracker.com/id?1016121"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/434367/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/1858"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26542"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26548"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2006-2477
Vulnerability from fkie_nvd - Published: 2006-05-19 17:02 - Updated: 2025-04-03 01:03
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the administrative interface Bitrix Site Manager 4.1.x allows remote attackers to inject arbitrary web script or HTML via unspecified inputs.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| bitrix | bitrix_site_manager | 4.0.0 | |
| bitrix | bitrix_site_manager | 4.0.2 | |
| bitrix | bitrix_site_manager | 4.0.3 | |
| bitrix | bitrix_site_manager | 4.0.4 | |
| bitrix | bitrix_site_manager | 4.0.5 | |
| bitrix | bitrix_site_manager | 4.0.6 | |
| bitrix | bitrix_site_manager | 4.0.7 | |
| bitrix | bitrix_site_manager | 4.0.8 | |
| bitrix | bitrix_site_manager | 4.1.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bitrix:bitrix_site_manager:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8C8FAB07-B0A4-499E-A9F9-5135ED70FAB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitrix:bitrix_site_manager:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "964A32F7-699D-4096-8AF7-CDB6EBCA8FAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitrix:bitrix_site_manager:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "02A233BC-68DA-4988-A840-B26B40294D44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitrix:bitrix_site_manager:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0EE66137-DED6-4EF3-90BC-29331C9281C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitrix:bitrix_site_manager:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "7C04D4F3-1E3D-436A-A8CF-F362DC854733",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitrix:bitrix_site_manager:4.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "BD84101B-84E9-44C5-9E5A-BEE676F12427",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitrix:bitrix_site_manager:4.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "704A4DF4-871F-4E20-9AA1-2725BC1CDB50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitrix:bitrix_site_manager:4.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "1D469F51-611B-47F1-A5AC-4CE99E944DFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitrix:bitrix_site_manager:4.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "37A63D71-42EF-4E05-A891-AB711F3309CC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the administrative interface Bitrix Site Manager 4.1.x allows remote attackers to inject arbitrary web script or HTML via unspecified inputs."
}
],
"id": "CVE-2006-2477",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-05-19T17:02:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20143"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/918"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://securitytracker.com/id?1016121"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/434367/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/1858"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26544"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20143"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/918"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://securitytracker.com/id?1016121"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/434367/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/1858"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26544"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2006-2478
Vulnerability from fkie_nvd - Published: 2006-05-19 17:02 - Updated: 2025-04-03 01:03
Severity ?
Summary
Bitrix Site Manager 4.1.x allows remote attackers to redirect users to other websites via a modified back_url during a HTTP POST request. NOTE: this issue has been referred to as "cross-site scripting," but that is inconsistent with the common use of the term.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| bitrix | bitrix_site_manager | 4.0.0 | |
| bitrix | bitrix_site_manager | 4.0.2 | |
| bitrix | bitrix_site_manager | 4.0.3 | |
| bitrix | bitrix_site_manager | 4.0.4 | |
| bitrix | bitrix_site_manager | 4.0.5 | |
| bitrix | bitrix_site_manager | 4.0.6 | |
| bitrix | bitrix_site_manager | 4.0.7 | |
| bitrix | bitrix_site_manager | 4.0.8 | |
| bitrix | bitrix_site_manager | 4.1.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bitrix:bitrix_site_manager:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8C8FAB07-B0A4-499E-A9F9-5135ED70FAB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitrix:bitrix_site_manager:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "964A32F7-699D-4096-8AF7-CDB6EBCA8FAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitrix:bitrix_site_manager:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "02A233BC-68DA-4988-A840-B26B40294D44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitrix:bitrix_site_manager:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0EE66137-DED6-4EF3-90BC-29331C9281C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitrix:bitrix_site_manager:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "7C04D4F3-1E3D-436A-A8CF-F362DC854733",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitrix:bitrix_site_manager:4.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "BD84101B-84E9-44C5-9E5A-BEE676F12427",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitrix:bitrix_site_manager:4.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "704A4DF4-871F-4E20-9AA1-2725BC1CDB50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitrix:bitrix_site_manager:4.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "1D469F51-611B-47F1-A5AC-4CE99E944DFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitrix:bitrix_site_manager:4.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "37A63D71-42EF-4E05-A891-AB711F3309CC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Bitrix Site Manager 4.1.x allows remote attackers to redirect users to other websites via a modified back_url during a HTTP POST request. NOTE: this issue has been referred to as \"cross-site scripting,\" but that is inconsistent with the common use of the term."
}
],
"id": "CVE-2006-2478",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-05-19T17:02:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-05/0443.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20143"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/918"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://securitytracker.com/id?1016121"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/25625"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/434367/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/1858"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26543"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-05/0443.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20143"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/918"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://securitytracker.com/id?1016121"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/25625"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/434367/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/1858"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26543"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2005-1996
Vulnerability from fkie_nvd - Published: 2005-06-15 04:00 - Updated: 2025-04-03 01:03
Severity ?
Summary
PHP remote file inclusion vulnerability in start.php in Bitrix Site Manager 4.0.x allows remote attackers to execute arbitrary PHP code via the _SERVER[DOCUMENT_ROOT] parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| bitrix | bitrix_site_manager | 4.0.0 | |
| bitrix | bitrix_site_manager | 4.0.2 | |
| bitrix | bitrix_site_manager | 4.0.3 | |
| bitrix | bitrix_site_manager | 4.0.4 | |
| bitrix | bitrix_site_manager | 4.0.5 | |
| bitrix | bitrix_site_manager | 4.0.6 | |
| bitrix | bitrix_site_manager | 4.0.7 | |
| bitrix | bitrix_site_manager | 4.0.8 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bitrix:bitrix_site_manager:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8C8FAB07-B0A4-499E-A9F9-5135ED70FAB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitrix:bitrix_site_manager:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "964A32F7-699D-4096-8AF7-CDB6EBCA8FAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitrix:bitrix_site_manager:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "02A233BC-68DA-4988-A840-B26B40294D44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitrix:bitrix_site_manager:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0EE66137-DED6-4EF3-90BC-29331C9281C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitrix:bitrix_site_manager:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "7C04D4F3-1E3D-436A-A8CF-F362DC854733",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitrix:bitrix_site_manager:4.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "BD84101B-84E9-44C5-9E5A-BEE676F12427",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitrix:bitrix_site_manager:4.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "704A4DF4-871F-4E20-9AA1-2725BC1CDB50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitrix:bitrix_site_manager:4.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "1D469F51-611B-47F1-A5AC-4CE99E944DFB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "PHP remote file inclusion vulnerability in start.php in Bitrix Site Manager 4.0.x allows remote attackers to execute arbitrary PHP code via the _SERVER[DOCUMENT_ROOT] parameter."
}
],
"id": "CVE-2005-1996",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-06-15T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=111885605913761\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/15726"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.bitrixsoft.com/sitemanager/versions.php?module=main"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.bitrixsoft.com/support/forum/read.php?FID=10\u0026TID=1872"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.osvdb.org/17341"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/13965"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2005/0779"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21018"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=111885605913761\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/15726"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.bitrixsoft.com/sitemanager/versions.php?module=main"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.bitrixsoft.com/support/forum/read.php?FID=10\u0026TID=1872"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.osvdb.org/17341"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/13965"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2005/0779"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21018"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2005-1995
Vulnerability from fkie_nvd - Published: 2005-06-15 04:00 - Updated: 2025-04-03 01:03
Severity ?
Summary
Bitrix Site Manager 4.0.x allows remote attackers to obtain sensitive information via direct request to (1) subscr_form.php or (2) dbquery_error.php, which reveals the path in an error message.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| bitrix | bitrix_site_manager | 4.0.0 | |
| bitrix | bitrix_site_manager | 4.0.2 | |
| bitrix | bitrix_site_manager | 4.0.3 | |
| bitrix | bitrix_site_manager | 4.0.4 | |
| bitrix | bitrix_site_manager | 4.0.5 | |
| bitrix | bitrix_site_manager | 4.0.6 | |
| bitrix | bitrix_site_manager | 4.0.7 | |
| bitrix | bitrix_site_manager | 4.0.8 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bitrix:bitrix_site_manager:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8C8FAB07-B0A4-499E-A9F9-5135ED70FAB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitrix:bitrix_site_manager:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "964A32F7-699D-4096-8AF7-CDB6EBCA8FAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitrix:bitrix_site_manager:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "02A233BC-68DA-4988-A840-B26B40294D44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitrix:bitrix_site_manager:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0EE66137-DED6-4EF3-90BC-29331C9281C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitrix:bitrix_site_manager:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "7C04D4F3-1E3D-436A-A8CF-F362DC854733",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitrix:bitrix_site_manager:4.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "BD84101B-84E9-44C5-9E5A-BEE676F12427",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitrix:bitrix_site_manager:4.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "704A4DF4-871F-4E20-9AA1-2725BC1CDB50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitrix:bitrix_site_manager:4.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "1D469F51-611B-47F1-A5AC-4CE99E944DFB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Bitrix Site Manager 4.0.x allows remote attackers to obtain sensitive information via direct request to (1) subscr_form.php or (2) dbquery_error.php, which reveals the path in an error message."
}
],
"id": "CVE-2005-1995",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-06-15T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=111885652331100\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.osvdb.org/17348"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.osvdb.org/17376"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21019"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=111885652331100\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.osvdb.org/17348"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.osvdb.org/17376"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21019"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}