Vulnerabilites related to windriver - bsdos
cve-2007-6232
Vulnerability from cvelistv5
Published
2007-12-04 18:00
Modified
2024-08-07 16:02
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in index.php in FTP Admin 0.1.0 allows remote attackers to inject arbitrary web script or HTML via the error parameter in an error page action.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/38780 | vdb-entry, x_refsource_XF | |
| https://www.exploit-db.com/exploits/4681 | exploit, x_refsource_EXPLOIT-DB | |
| http://secunia.com/advisories/27875 | third-party-advisory, x_refsource_SECUNIA |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T16:02:34.855Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "ftp-admin-index-xss(38780)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/38780", }, { name: "4681", tags: [ "exploit", "x_refsource_EXPLOIT-DB", "x_transferred", ], url: "https://www.exploit-db.com/exploits/4681", }, { name: "27875", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/27875", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2007-11-29T00:00:00", descriptions: [ { lang: "en", value: "Cross-site scripting (XSS) vulnerability in index.php in FTP Admin 0.1.0 allows remote attackers to inject arbitrary web script or HTML via the error parameter in an error page action.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-09-28T12:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "ftp-admin-index-xss(38780)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/38780", }, { name: "4681", tags: [ "exploit", "x_refsource_EXPLOIT-DB", ], url: "https://www.exploit-db.com/exploits/4681", }, { name: "27875", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/27875", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2007-6232", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Cross-site scripting (XSS) vulnerability in index.php in FTP Admin 0.1.0 allows remote attackers to inject arbitrary web script or HTML via the error parameter in an error page action.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "ftp-admin-index-xss(38780)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/38780", }, { name: "4681", refsource: "EXPLOIT-DB", url: "https://www.exploit-db.com/exploits/4681", }, { name: "27875", refsource: "SECUNIA", url: "http://secunia.com/advisories/27875", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2007-6232", datePublished: "2007-12-04T18:00:00", dateReserved: "2007-12-04T00:00:00", dateUpdated: "2024-08-07T16:02:34.855Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2007-1898
Vulnerability from cvelistv5
Published
2007-05-16 22:00
Modified
2024-08-07 13:13
Severity ?
EPSS score ?
Summary
formmail.php in Jetbox CMS 2.1 allows remote attackers to send arbitrary e-mails (spam) via modified recipient, _SETTINGS[allowed_email_hosts][], and subject parameters.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/34292 | vdb-entry, x_refsource_XF | |
| http://www.netvigilance.com/advisory0026 | x_refsource_MISC | |
| http://securityreason.com/securityalert/2710 | third-party-advisory, x_refsource_SREASON | |
| http://www.vupen.com/english/advisories/2007/1831 | vdb-entry, x_refsource_VUPEN | |
| http://www.securityfocus.com/archive/1/468644/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securitytracker.com/id?1018063 | vdb-entry, x_refsource_SECTRACK | |
| http://www.osvdb.org/34088 | vdb-entry, x_refsource_OSVDB | |
| http://www.securityfocus.com/bid/23989 | vdb-entry, x_refsource_BID |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T13:13:41.503Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "jetbox-formmail-mail-relay(34292)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/34292", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.netvigilance.com/advisory0026", }, { name: "2710", tags: [ "third-party-advisory", "x_refsource_SREASON", "x_transferred", ], url: "http://securityreason.com/securityalert/2710", }, { name: "ADV-2007-1831", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2007/1831", }, { name: "20070515 Jetbox CMS version 2.1 E-Mail Injection Vulnerability", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://www.securityfocus.com/archive/1/468644/100/0/threaded", }, { name: "1018063", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id?1018063", }, { name: "34088", tags: [ "vdb-entry", "x_refsource_OSVDB", "x_transferred", ], url: "http://www.osvdb.org/34088", }, { name: "23989", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/23989", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2007-05-15T00:00:00", descriptions: [ { lang: "en", value: "formmail.php in Jetbox CMS 2.1 allows remote attackers to send arbitrary e-mails (spam) via modified recipient, _SETTINGS[allowed_email_hosts][], and subject parameters.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-16T14:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "jetbox-formmail-mail-relay(34292)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/34292", }, { tags: [ "x_refsource_MISC", ], url: "http://www.netvigilance.com/advisory0026", }, { name: "2710", tags: [ "third-party-advisory", "x_refsource_SREASON", ], url: "http://securityreason.com/securityalert/2710", }, { name: "ADV-2007-1831", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2007/1831", }, { name: "20070515 Jetbox CMS version 2.1 E-Mail Injection Vulnerability", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://www.securityfocus.com/archive/1/468644/100/0/threaded", }, { name: "1018063", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id?1018063", }, { name: "34088", tags: [ "vdb-entry", "x_refsource_OSVDB", ], url: "http://www.osvdb.org/34088", }, { name: "23989", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/23989", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2007-1898", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "formmail.php in Jetbox CMS 2.1 allows remote attackers to send arbitrary e-mails (spam) via modified recipient, _SETTINGS[allowed_email_hosts][], and subject parameters.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "jetbox-formmail-mail-relay(34292)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/34292", }, { name: "http://www.netvigilance.com/advisory0026", refsource: "MISC", url: "http://www.netvigilance.com/advisory0026", }, { name: "2710", refsource: "SREASON", url: "http://securityreason.com/securityalert/2710", }, { name: "ADV-2007-1831", refsource: "VUPEN", url: "http://www.vupen.com/english/advisories/2007/1831", }, { name: "20070515 Jetbox CMS version 2.1 E-Mail Injection Vulnerability", refsource: "BUGTRAQ", url: "http://www.securityfocus.com/archive/1/468644/100/0/threaded", }, { name: "1018063", refsource: "SECTRACK", url: "http://www.securitytracker.com/id?1018063", }, { name: "34088", refsource: "OSVDB", url: "http://www.osvdb.org/34088", }, { name: "23989", refsource: "BID", url: "http://www.securityfocus.com/bid/23989", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2007-1898", datePublished: "2007-05-16T22:00:00", dateReserved: "2007-04-09T00:00:00", dateUpdated: "2024-08-07T13:13:41.503Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2006-7034
Vulnerability from cvelistv5
Published
2007-02-23 01:00
Modified
2024-08-07 20:50
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in directory.php in Super Link Exchange Script 1.0 might allow remote attackers to execute arbitrary SQL queries via the cat parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/archive/1/435166/30/4680/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://securityreason.com/securityalert/2285 | third-party-advisory, x_refsource_SREASON | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/26720 | vdb-entry, x_refsource_XF |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T20:50:05.966Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20060525 Super Link Exchange Script v1.0", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://www.securityfocus.com/archive/1/435166/30/4680/threaded", }, { name: "2285", tags: [ "third-party-advisory", "x_refsource_SREASON", "x_transferred", ], url: "http://securityreason.com/securityalert/2285", }, { name: "superlinkexchange-directory-sql-injection(26720)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/26720", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2006-05-25T00:00:00", descriptions: [ { lang: "en", value: "SQL injection vulnerability in directory.php in Super Link Exchange Script 1.0 might allow remote attackers to execute arbitrary SQL queries via the cat parameter.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-16T14:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "20060525 Super Link Exchange Script v1.0", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://www.securityfocus.com/archive/1/435166/30/4680/threaded", }, { name: "2285", tags: [ "third-party-advisory", "x_refsource_SREASON", ], url: "http://securityreason.com/securityalert/2285", }, { name: "superlinkexchange-directory-sql-injection(26720)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/26720", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2006-7034", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "SQL injection vulnerability in directory.php in Super Link Exchange Script 1.0 might allow remote attackers to execute arbitrary SQL queries via the cat parameter.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "20060525 Super Link Exchange Script v1.0", refsource: "BUGTRAQ", url: "http://www.securityfocus.com/archive/1/435166/30/4680/threaded", }, { name: "2285", refsource: "SREASON", url: "http://securityreason.com/securityalert/2285", }, { name: "superlinkexchange-directory-sql-injection(26720)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/26720", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2006-7034", datePublished: "2007-02-23T01:00:00", dateReserved: "2007-02-22T00:00:00", dateUpdated: "2024-08-07T20:50:05.966Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2007-1043
Vulnerability from cvelistv5
Published
2007-02-21 17:00
Modified
2024-08-07 12:43
Severity ?
EPSS score ?
Summary
Ezboo webstats, possibly 3.0.3, allows remote attackers to bypass authentication and gain access via a direct request to (1) update.php and (2) config.php.
References
| ▼ | URL | Tags |
|---|---|---|
| http://forums.avenir-geopolitique.net/viewtopic.php?t=2674 | x_refsource_MISC | |
| http://www.securityfocus.com/archive/1/460325/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/32563 | vdb-entry, x_refsource_XF | |
| http://osvdb.org/34181 | vdb-entry, x_refsource_OSVDB | |
| http://securityreason.com/securityalert/2275 | third-party-advisory, x_refsource_SREASON | |
| http://www.securityfocus.com/bid/22590 | vdb-entry, x_refsource_BID |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T12:43:22.287Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://forums.avenir-geopolitique.net/viewtopic.php?t=2674", }, { name: "20070215 Ezboo webstats acces to sensitive files", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://www.securityfocus.com/archive/1/460325/100/0/threaded", }, { name: "ezboo-update-unauthorized-access(32563)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/32563", }, { name: "34181", tags: [ "vdb-entry", "x_refsource_OSVDB", "x_transferred", ], url: "http://osvdb.org/34181", }, { name: "2275", tags: [ "third-party-advisory", "x_refsource_SREASON", "x_transferred", ], url: "http://securityreason.com/securityalert/2275", }, { name: "22590", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/22590", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2007-02-15T00:00:00", descriptions: [ { lang: "en", value: "Ezboo webstats, possibly 3.0.3, allows remote attackers to bypass authentication and gain access via a direct request to (1) update.php and (2) config.php.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-16T14:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "http://forums.avenir-geopolitique.net/viewtopic.php?t=2674", }, { name: "20070215 Ezboo webstats acces to sensitive files", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://www.securityfocus.com/archive/1/460325/100/0/threaded", }, { name: "ezboo-update-unauthorized-access(32563)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/32563", }, { name: "34181", tags: [ "vdb-entry", "x_refsource_OSVDB", ], url: "http://osvdb.org/34181", }, { name: "2275", tags: [ "third-party-advisory", "x_refsource_SREASON", ], url: "http://securityreason.com/securityalert/2275", }, { name: "22590", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/22590", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2007-1043", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Ezboo webstats, possibly 3.0.3, allows remote attackers to bypass authentication and gain access via a direct request to (1) update.php and (2) config.php.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://forums.avenir-geopolitique.net/viewtopic.php?t=2674", refsource: "MISC", url: "http://forums.avenir-geopolitique.net/viewtopic.php?t=2674", }, { name: "20070215 Ezboo webstats acces to sensitive files", refsource: "BUGTRAQ", url: "http://www.securityfocus.com/archive/1/460325/100/0/threaded", }, { name: "ezboo-update-unauthorized-access(32563)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/32563", }, { name: "34181", refsource: "OSVDB", url: "http://osvdb.org/34181", }, { name: "2275", refsource: "SREASON", url: "http://securityreason.com/securityalert/2275", }, { name: "22590", refsource: "BID", url: "http://www.securityfocus.com/bid/22590", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2007-1043", datePublished: "2007-02-21T17:00:00", dateReserved: "2007-02-21T00:00:00", dateUpdated: "2024-08-07T12:43:22.287Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2002-1337
Vulnerability from cvelistv5
Published
2004-09-01 04:00
Modified
2024-08-08 03:19
Severity ?
EPSS score ?
Summary
Buffer overflow in Sendmail 5.79 to 8.12.7 allows remote attackers to execute arbitrary code via certain formatted address fields, related to sender and recipient header comments as processed by the crackaddr function of headers.c.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-08T03:19:28.722Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "RHSA-2003:073", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2003-073.html", }, { name: "20030301-01-P", tags: [ "vendor-advisory", "x_refsource_SGI", "x_transferred", ], url: "ftp://patches.sgi.com/support/free/security/advisories/20030301-01-P", }, { name: "IY40501", tags: [ "vendor-advisory", "x_refsource_AIXAPAR", "x_transferred", ], url: "http://www-1.ibm.com/support/search.wss?rs=0&q=IY40501&apar=only", }, { name: "20030303 Fwd: APPLE-SA-2003-03-03 sendmail", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=104678862109841&w=2", }, { name: "RHSA-2003:227", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2003-227.html", }, { name: "6991", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/6991", }, { name: "VU#398025", tags: [ "third-party-advisory", "x_refsource_CERT-VN", "x_transferred", ], url: "http://www.kb.cert.org/vuls/id/398025", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.sendmail.org/8.12.8.html", }, { name: "DSA-257", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.debian.org/security/2003/dsa-257", }, { name: "20030304 [LSD] Technical analysis of the remote sendmail vulnerability", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=104678739608479&w=2", }, { name: "oval:org.mitre.oval:def:2222", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2222", }, { name: "RHSA-2003:074", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2003-074.html", }, { name: "CA-2003-07", tags: [ "third-party-advisory", "x_refsource_CERT", "x_transferred", ], url: "http://www.cert.org/advisories/CA-2003-07.html", }, { name: "20030303 sendmail 8.12.8 available", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=104673778105192&w=2", }, { name: "MDKSA-2003:028", tags: [ "vendor-advisory", "x_refsource_MANDRAKE", "x_transferred", ], url: "http://frontal2.mandriva.com/security/advisories?name=MDKSA-2003:028", }, { name: "IY40500", tags: [ "vendor-advisory", "x_refsource_AIXAPAR", "x_transferred", ], url: "http://www-1.ibm.com/support/search.wss?rs=0&q=IY40500&apar=only", }, { name: "sendmail-header-processing-bo(10748)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "http://www.iss.net/security_center/static/10748.php", }, { name: "CSSA-2003-SCO.6", tags: [ "vendor-advisory", "x_refsource_CALDERA", "x_transferred", ], url: "ftp://ftp.sco.com/pub/updates/OpenServer/CSSA-2003-SCO.6", }, { name: "CSSA-2003-SCO.5", tags: [ "vendor-advisory", "x_refsource_CALDERA", "x_transferred", ], url: "ftp://ftp.sco.com/pub/updates/UnixWare/CSSA-2003-SCO.5", }, { name: "CLA-2003:571", tags: [ "vendor-advisory", "x_refsource_CONECTIVA", "x_transferred", ], url: "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000571", }, { name: "NetBSD-SA2003-002", tags: [ "vendor-advisory", "x_refsource_NETBSD", "x_transferred", ], url: "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-002.txt.asc", }, { name: "HPSBUX0302-246", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=104679411316818&w=2", }, { name: "20030303 Remote Sendmail Header Processing Vulnerability", tags: [ "third-party-advisory", "x_refsource_ISS", "x_transferred", ], url: "http://www.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21950", }, { name: "IY40502", tags: [ "vendor-advisory", "x_refsource_AIXAPAR", "x_transferred", ], url: "http://www-1.ibm.com/support/search.wss?rs=0&q=IY40502&apar=only", }, { name: "20030304 GLSA: sendmail (200303-4)", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=104678862409849&w=2", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2003-03-03T00:00:00", descriptions: [ { lang: "en", value: "Buffer overflow in Sendmail 5.79 to 8.12.7 allows remote attackers to execute arbitrary code via certain formatted address fields, related to sender and recipient header comments as processed by the crackaddr function of headers.c.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2010-05-21T00:00:00", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "RHSA-2003:073", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2003-073.html", }, { name: "20030301-01-P", tags: [ "vendor-advisory", "x_refsource_SGI", ], url: "ftp://patches.sgi.com/support/free/security/advisories/20030301-01-P", }, { name: "IY40501", tags: [ "vendor-advisory", "x_refsource_AIXAPAR", ], url: "http://www-1.ibm.com/support/search.wss?rs=0&q=IY40501&apar=only", }, { name: "20030303 Fwd: APPLE-SA-2003-03-03 sendmail", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://marc.info/?l=bugtraq&m=104678862109841&w=2", }, { name: "RHSA-2003:227", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2003-227.html", }, { name: "6991", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/6991", }, { name: "VU#398025", tags: [ "third-party-advisory", "x_refsource_CERT-VN", ], url: "http://www.kb.cert.org/vuls/id/398025", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.sendmail.org/8.12.8.html", }, { name: "DSA-257", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.debian.org/security/2003/dsa-257", }, { name: "20030304 [LSD] Technical analysis of the remote sendmail vulnerability", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://marc.info/?l=bugtraq&m=104678739608479&w=2", }, { name: "oval:org.mitre.oval:def:2222", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2222", }, { name: "RHSA-2003:074", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2003-074.html", }, { name: "CA-2003-07", tags: [ "third-party-advisory", "x_refsource_CERT", ], url: "http://www.cert.org/advisories/CA-2003-07.html", }, { name: "20030303 sendmail 8.12.8 available", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://marc.info/?l=bugtraq&m=104673778105192&w=2", }, { name: "MDKSA-2003:028", tags: [ "vendor-advisory", "x_refsource_MANDRAKE", ], url: "http://frontal2.mandriva.com/security/advisories?name=MDKSA-2003:028", }, { name: "IY40500", tags: [ "vendor-advisory", "x_refsource_AIXAPAR", ], url: "http://www-1.ibm.com/support/search.wss?rs=0&q=IY40500&apar=only", }, { name: "sendmail-header-processing-bo(10748)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "http://www.iss.net/security_center/static/10748.php", }, { name: "CSSA-2003-SCO.6", tags: [ "vendor-advisory", "x_refsource_CALDERA", ], url: "ftp://ftp.sco.com/pub/updates/OpenServer/CSSA-2003-SCO.6", }, { name: "CSSA-2003-SCO.5", tags: [ "vendor-advisory", "x_refsource_CALDERA", ], url: "ftp://ftp.sco.com/pub/updates/UnixWare/CSSA-2003-SCO.5", }, { name: "CLA-2003:571", tags: [ "vendor-advisory", "x_refsource_CONECTIVA", ], url: "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000571", }, { name: "NetBSD-SA2003-002", tags: [ "vendor-advisory", "x_refsource_NETBSD", ], url: "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-002.txt.asc", }, { name: "HPSBUX0302-246", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://marc.info/?l=bugtraq&m=104679411316818&w=2", }, { name: "20030303 Remote Sendmail Header Processing Vulnerability", tags: [ "third-party-advisory", "x_refsource_ISS", ], url: "http://www.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21950", }, { name: "IY40502", tags: [ "vendor-advisory", "x_refsource_AIXAPAR", ], url: "http://www-1.ibm.com/support/search.wss?rs=0&q=IY40502&apar=only", }, { name: "20030304 GLSA: sendmail (200303-4)", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://marc.info/?l=bugtraq&m=104678862409849&w=2", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2002-1337", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Buffer overflow in Sendmail 5.79 to 8.12.7 allows remote attackers to execute arbitrary code via certain formatted address fields, related to sender and recipient header comments as processed by the crackaddr function of headers.c.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "RHSA-2003:073", refsource: "REDHAT", url: "http://www.redhat.com/support/errata/RHSA-2003-073.html", }, { name: "20030301-01-P", refsource: "SGI", url: "ftp://patches.sgi.com/support/free/security/advisories/20030301-01-P", }, { name: "IY40501", refsource: "AIXAPAR", url: "http://www-1.ibm.com/support/search.wss?rs=0&q=IY40501&apar=only", }, { name: "20030303 Fwd: APPLE-SA-2003-03-03 sendmail", refsource: "BUGTRAQ", url: "http://marc.info/?l=bugtraq&m=104678862109841&w=2", }, { name: "RHSA-2003:227", refsource: "REDHAT", url: "http://www.redhat.com/support/errata/RHSA-2003-227.html", }, { name: "6991", refsource: "BID", url: "http://www.securityfocus.com/bid/6991", }, { name: "VU#398025", refsource: "CERT-VN", url: "http://www.kb.cert.org/vuls/id/398025", }, { name: "http://www.sendmail.org/8.12.8.html", refsource: "CONFIRM", url: "http://www.sendmail.org/8.12.8.html", }, { name: "DSA-257", refsource: "DEBIAN", url: "http://www.debian.org/security/2003/dsa-257", }, { name: "20030304 [LSD] Technical analysis of the remote sendmail vulnerability", refsource: "BUGTRAQ", url: "http://marc.info/?l=bugtraq&m=104678739608479&w=2", }, { name: "oval:org.mitre.oval:def:2222", refsource: "OVAL", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2222", }, { name: "RHSA-2003:074", refsource: "REDHAT", url: "http://www.redhat.com/support/errata/RHSA-2003-074.html", }, { name: "CA-2003-07", refsource: "CERT", url: "http://www.cert.org/advisories/CA-2003-07.html", }, { name: "20030303 sendmail 8.12.8 available", refsource: "BUGTRAQ", url: "http://marc.info/?l=bugtraq&m=104673778105192&w=2", }, { name: "MDKSA-2003:028", refsource: "MANDRAKE", url: "http://frontal2.mandriva.com/security/advisories?name=MDKSA-2003:028", }, { name: "IY40500", refsource: "AIXAPAR", url: "http://www-1.ibm.com/support/search.wss?rs=0&q=IY40500&apar=only", }, { name: "sendmail-header-processing-bo(10748)", refsource: "XF", url: "http://www.iss.net/security_center/static/10748.php", }, { name: "CSSA-2003-SCO.6", refsource: "CALDERA", url: "ftp://ftp.sco.com/pub/updates/OpenServer/CSSA-2003-SCO.6", }, { name: "CSSA-2003-SCO.5", refsource: "CALDERA", url: "ftp://ftp.sco.com/pub/updates/UnixWare/CSSA-2003-SCO.5", }, { name: "CLA-2003:571", refsource: "CONECTIVA", url: "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000571", }, { name: "NetBSD-SA2003-002", refsource: "NETBSD", url: "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-002.txt.asc", }, { name: "HPSBUX0302-246", refsource: "HP", url: "http://marc.info/?l=bugtraq&m=104679411316818&w=2", }, { name: "20030303 Remote Sendmail Header Processing Vulnerability", refsource: "ISS", url: "http://www.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21950", }, { name: "IY40502", refsource: "AIXAPAR", url: "http://www-1.ibm.com/support/search.wss?rs=0&q=IY40502&apar=only", }, { name: "20030304 GLSA: sendmail (200303-4)", refsource: "BUGTRAQ", url: "http://marc.info/?l=bugtraq&m=104678862409849&w=2", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2002-1337", datePublished: "2004-09-01T04:00:00", dateReserved: "2002-12-03T00:00:00", dateUpdated: "2024-08-08T03:19:28.722Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2007-4938
Vulnerability from cvelistv5
Published
2007-09-18 19:00
Modified
2024-08-07 15:17
Severity ?
EPSS score ?
Summary
Heap-based buffer overflow in libmpdemux/aviheader.c in MPlayer 1.0rc1 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a .avi file with certain large "indx truck size" and nEntriesInuse values, and a certain wLongsPerEntry value.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/25648 | vdb-entry, x_refsource_BID | |
| http://securityreason.com/securityalert/3144 | third-party-advisory, x_refsource_SREASON | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/36581 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/archive/1/479222/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://secunia.com/advisories/27016 | third-party-advisory, x_refsource_SECUNIA | |
| http://osvdb.org/45940 | vdb-entry, x_refsource_OSVDB | |
| http://www.vulnhunt.com/advisories/CAL-20070912-1_Multiple_vendor_produce_handling_AVI_file_vulnerabilities.txt | x_refsource_MISC | |
| http://www.mandriva.com/security/advisories?name=MDKSA-2007:192 | vendor-advisory, x_refsource_MANDRIVA |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T15:17:27.081Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "25648", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/25648", }, { name: "3144", tags: [ "third-party-advisory", "x_refsource_SREASON", "x_transferred", ], url: "http://securityreason.com/securityalert/3144", }, { name: "mplayer-avi-file-bo(36581)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/36581", }, { name: "20070912 CAL-20070912-1 Multiple vendor produce handling AVI file vulnerabilities", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://www.securityfocus.com/archive/1/479222/100/0/threaded", }, { name: "27016", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/27016", }, { name: "45940", tags: [ "vdb-entry", "x_refsource_OSVDB", "x_transferred", ], url: "http://osvdb.org/45940", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.vulnhunt.com/advisories/CAL-20070912-1_Multiple_vendor_produce_handling_AVI_file_vulnerabilities.txt", }, { name: "MDKSA-2007:192", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred", ], url: "http://www.mandriva.com/security/advisories?name=MDKSA-2007:192", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2007-09-13T00:00:00", descriptions: [ { lang: "en", value: "Heap-based buffer overflow in libmpdemux/aviheader.c in MPlayer 1.0rc1 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a .avi file with certain large \"indx truck size\" and nEntriesInuse values, and a certain wLongsPerEntry value.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-15T20:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "25648", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/25648", }, { name: "3144", tags: [ "third-party-advisory", "x_refsource_SREASON", ], url: "http://securityreason.com/securityalert/3144", }, { name: "mplayer-avi-file-bo(36581)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/36581", }, { name: "20070912 CAL-20070912-1 Multiple vendor produce handling AVI file vulnerabilities", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://www.securityfocus.com/archive/1/479222/100/0/threaded", }, { name: "27016", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/27016", }, { name: "45940", tags: [ "vdb-entry", "x_refsource_OSVDB", ], url: "http://osvdb.org/45940", }, { tags: [ "x_refsource_MISC", ], url: "http://www.vulnhunt.com/advisories/CAL-20070912-1_Multiple_vendor_produce_handling_AVI_file_vulnerabilities.txt", }, { name: "MDKSA-2007:192", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", ], url: "http://www.mandriva.com/security/advisories?name=MDKSA-2007:192", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2007-4938", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Heap-based buffer overflow in libmpdemux/aviheader.c in MPlayer 1.0rc1 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a .avi file with certain large \"indx truck size\" and nEntriesInuse values, and a certain wLongsPerEntry value.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "25648", refsource: "BID", url: "http://www.securityfocus.com/bid/25648", }, { name: "3144", refsource: "SREASON", url: "http://securityreason.com/securityalert/3144", }, { name: "mplayer-avi-file-bo(36581)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/36581", }, { name: "20070912 CAL-20070912-1 Multiple vendor produce handling AVI file vulnerabilities", refsource: "BUGTRAQ", url: "http://www.securityfocus.com/archive/1/479222/100/0/threaded", }, { name: "27016", refsource: "SECUNIA", url: "http://secunia.com/advisories/27016", }, { name: "45940", refsource: "OSVDB", url: "http://osvdb.org/45940", }, { name: "http://www.vulnhunt.com/advisories/CAL-20070912-1_Multiple_vendor_produce_handling_AVI_file_vulnerabilities.txt", refsource: "MISC", url: "http://www.vulnhunt.com/advisories/CAL-20070912-1_Multiple_vendor_produce_handling_AVI_file_vulnerabilities.txt", }, { name: "MDKSA-2007:192", refsource: "MANDRIVA", url: "http://www.mandriva.com/security/advisories?name=MDKSA-2007:192", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2007-4938", datePublished: "2007-09-18T19:00:00", dateReserved: "2007-09-18T00:00:00", dateUpdated: "2024-08-07T15:17:27.081Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2007-2736
Vulnerability from cvelistv5
Published
2007-05-17 19:00
Modified
2024-08-07 13:49
Severity ?
EPSS score ?
Summary
PHP remote file inclusion vulnerability in index.php in Achievo 1.1.0 allows remote attackers to execute arbitrary PHP code via a URL in the config_atkroot parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.exploit-db.com/exploits/3928 | exploit, x_refsource_EXPLOIT-DB | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/34305 | vdb-entry, x_refsource_XF | |
| http://osvdb.org/37919 | vdb-entry, x_refsource_OSVDB | |
| http://www.securityfocus.com/bid/23992 | vdb-entry, x_refsource_BID |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T13:49:57.405Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "3928", tags: [ "exploit", "x_refsource_EXPLOIT-DB", "x_transferred", ], url: "https://www.exploit-db.com/exploits/3928", }, { name: "achievo-index-file-include(34305)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/34305", }, { name: "37919", tags: [ "vdb-entry", "x_refsource_OSVDB", "x_transferred", ], url: "http://osvdb.org/37919", }, { name: "23992", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/23992", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2007-05-15T00:00:00", descriptions: [ { lang: "en", value: "PHP remote file inclusion vulnerability in index.php in Achievo 1.1.0 allows remote attackers to execute arbitrary PHP code via a URL in the config_atkroot parameter.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-10-10T00:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "3928", tags: [ "exploit", "x_refsource_EXPLOIT-DB", ], url: "https://www.exploit-db.com/exploits/3928", }, { name: "achievo-index-file-include(34305)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/34305", }, { name: "37919", tags: [ "vdb-entry", "x_refsource_OSVDB", ], url: "http://osvdb.org/37919", }, { name: "23992", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/23992", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2007-2736", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "PHP remote file inclusion vulnerability in index.php in Achievo 1.1.0 allows remote attackers to execute arbitrary PHP code via a URL in the config_atkroot parameter.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "3928", refsource: "EXPLOIT-DB", url: "https://www.exploit-db.com/exploits/3928", }, { name: "achievo-index-file-include(34305)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/34305", }, { name: "37919", refsource: "OSVDB", url: "http://osvdb.org/37919", }, { name: "23992", refsource: "BID", url: "http://www.securityfocus.com/bid/23992", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2007-2736", datePublished: "2007-05-17T19:00:00", dateReserved: "2007-05-17T00:00:00", dateUpdated: "2024-08-07T13:49:57.405Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-1999-0524
Vulnerability from cvelistv5
Published
2000-02-04 05:00
Modified
2024-08-01 16:41
Severity ?
EPSS score ?
Summary
ICMP information such as (1) netmask and (2) timestamp is allowed from arbitrary hosts.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/322 | vdb-entry, x_refsource_XF | |
| https://kc.mcafee.com/corporate/index?page=content&id=SB10053 | x_refsource_CONFIRM | |
| http://descriptions.securescout.com/tc/11010 | x_refsource_MISC | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/306 | vdb-entry, x_refsource_XF | |
| http://descriptions.securescout.com/tc/11011 | x_refsource_MISC | |
| http://www.osvdb.org/95 | vdb-entry, x_refsource_OSVDB | |
| http://kb.vmware.com/selfservice/microsites/search.do?cmd=displayKC&externalId=1434 | x_refsource_MISC | |
| http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-01T16:41:45.608Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "icmp-timestamp(322)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/322", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10053", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://descriptions.securescout.com/tc/11010", }, { name: "icmp-netmask(306)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/306", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://descriptions.securescout.com/tc/11011", }, { name: "95", tags: [ "vdb-entry", "x_refsource_OSVDB", "x_transferred", ], url: "http://www.osvdb.org/95", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://kb.vmware.com/selfservice/microsites/search.do?cmd=displayKC&externalId=1434", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "ICMP information such as (1) netmask and (2) timestamp is allowed from arbitrary hosts.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-07-10T14:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "icmp-timestamp(322)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/322", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10053", }, { tags: [ "x_refsource_MISC", ], url: "http://descriptions.securescout.com/tc/11010", }, { name: "icmp-netmask(306)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/306", }, { tags: [ "x_refsource_MISC", ], url: "http://descriptions.securescout.com/tc/11011", }, { name: "95", tags: [ "vdb-entry", "x_refsource_OSVDB", ], url: "http://www.osvdb.org/95", }, { tags: [ "x_refsource_MISC", ], url: "http://kb.vmware.com/selfservice/microsites/search.do?cmd=displayKC&externalId=1434", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-1999-0524", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "ICMP information such as (1) netmask and (2) timestamp is allowed from arbitrary hosts.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "icmp-timestamp(322)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/322", }, { name: "https://kc.mcafee.com/corporate/index?page=content&id=SB10053", refsource: "CONFIRM", url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10053", }, { name: "http://descriptions.securescout.com/tc/11010", refsource: "MISC", url: "http://descriptions.securescout.com/tc/11010", }, { name: "icmp-netmask(306)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/306", }, { name: "http://descriptions.securescout.com/tc/11011", refsource: "MISC", url: "http://descriptions.securescout.com/tc/11011", }, { name: "95", refsource: "OSVDB", url: "http://www.osvdb.org/95", }, { name: "http://kb.vmware.com/selfservice/microsites/search.do?cmd=displayKC&externalId=1434", refsource: "MISC", url: "http://kb.vmware.com/selfservice/microsites/search.do?cmd=displayKC&externalId=1434", }, { name: "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705", refsource: "CONFIRM", url: "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-1999-0524", datePublished: "2000-02-04T05:00:00", dateReserved: "1999-06-07T00:00:00", dateUpdated: "2024-08-01T16:41:45.608Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
Vulnerability from fkie_nvd
Published
2003-03-07 05:00
Modified
2024-11-20 23:41
Severity ?
Summary
Buffer overflow in Sendmail 5.79 to 8.12.7 allows remote attackers to execute arbitrary code via certain formatted address fields, related to sender and recipient header comments as processed by the crackaddr function of headers.c.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sendmail | sendmail | * | |
| sendmail | sendmail | * | |
| sendmail | sendmail | * | |
| hp | alphaserver_sc | * | |
| gentoo | linux | 1.4 | |
| gentoo | linux | 1.4 | |
| hp | hp-ux | 10.10 | |
| hp | hp-ux | 10.20 | |
| hp | hp-ux | 11.00 | |
| hp | hp-ux | 11.0.4 | |
| hp | hp-ux | 11.11 | |
| hp | hp-ux | 11.22 | |
| netbsd | netbsd | 1.5 | |
| netbsd | netbsd | 1.5.1 | |
| netbsd | netbsd | 1.5.2 | |
| netbsd | netbsd | 1.5.3 | |
| netbsd | netbsd | 1.6 | |
| oracle | solaris | 2.6 | |
| oracle | solaris | 7.0 | |
| oracle | solaris | 8 | |
| oracle | solaris | 9 | |
| sun | sunos | - | |
| sun | sunos | 5.7 | |
| sun | sunos | 5.8 | |
| windriver | bsdos | 4.2 | |
| windriver | bsdos | 4.3.1 | |
| windriver | bsdos | 5.0 | |
| windriver | platform_sa | 1.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:sendmail:sendmail:*:*:*:*:*:*:*:*", matchCriteriaId: "C6D3A2C0-B076-4351-8085-DA3A37117453", versionEndExcluding: "8.9.3", vulnerable: true, }, { criteria: "cpe:2.3:a:sendmail:sendmail:*:*:*:*:*:*:*:*", matchCriteriaId: "5AE239ED-94EE-40C7-9133-D1F4779A2E0C", versionEndExcluding: "8.11.6", versionStartIncluding: "8.10.0", vulnerable: true, }, { criteria: "cpe:2.3:a:sendmail:sendmail:*:*:*:*:*:*:*:*", matchCriteriaId: "64788C22-64F9-41DB-A4C2-BFCD6DBD8EE6", versionEndExcluding: "8.12.8", versionStartIncluding: "8.12.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:h:hp:alphaserver_sc:*:*:*:*:*:*:*:*", matchCriteriaId: "5556D665-3792-4832-9EEE-D1122C9BF98E", vulnerable: true, }, { criteria: "cpe:2.3:o:gentoo:linux:1.4:rc1:*:*:*:*:*:*", matchCriteriaId: "D1FD0EB4-E744-4465-AFEE-A3C807C9C993", vulnerable: true, }, { criteria: "cpe:2.3:o:gentoo:linux:1.4:rc2:*:*:*:*:*:*", matchCriteriaId: "1D866A7D-F0B9-4EA3-93C6-1E7C2C2A861F", vulnerable: true, }, { criteria: "cpe:2.3:o:hp:hp-ux:10.10:*:*:*:*:*:*:*", matchCriteriaId: "38BFA923-7D80-4F01-AF9F-6F13209948AC", vulnerable: true, }, { criteria: "cpe:2.3:o:hp:hp-ux:10.20:*:*:*:*:*:*:*", matchCriteriaId: "EDE44C49-172C-4899-8CC8-29AA99A7CD2F", vulnerable: true, }, { criteria: "cpe:2.3:o:hp:hp-ux:11.00:*:*:*:*:*:*:*", matchCriteriaId: "771931F7-9180-4EBD-8627-E1CF17D24647", vulnerable: true, }, { criteria: "cpe:2.3:o:hp:hp-ux:11.0.4:*:*:*:*:*:*:*", matchCriteriaId: "3DB008E3-9A00-4D28-8826-A9FCC9F65314", vulnerable: true, }, { criteria: "cpe:2.3:o:hp:hp-ux:11.11:*:*:*:*:*:*:*", matchCriteriaId: "EDD9BE2B-7255-4FC1-B452-E8370632B03F", vulnerable: true, }, { criteria: "cpe:2.3:o:hp:hp-ux:11.22:*:*:*:*:*:*:*", matchCriteriaId: "EBD0DC0A-ACAD-4870-9C0F-3095F2AC8CCD", vulnerable: true, }, { criteria: "cpe:2.3:o:netbsd:netbsd:1.5:*:*:*:*:*:*:*", matchCriteriaId: "E10D9BF9-FCC7-4680-AD3A-95757FC005EA", vulnerable: true, }, { criteria: "cpe:2.3:o:netbsd:netbsd:1.5.1:*:*:*:*:*:*:*", matchCriteriaId: "78E8C3A4-9FA7-4F2A-8C65-D4404715E674", vulnerable: true, }, { criteria: "cpe:2.3:o:netbsd:netbsd:1.5.2:*:*:*:*:*:*:*", matchCriteriaId: "DBA2E3A3-EB9B-4B20-B754-EEC914FB1D47", vulnerable: true, }, { criteria: "cpe:2.3:o:netbsd:netbsd:1.5.3:*:*:*:*:*:*:*", matchCriteriaId: "7AC78BA4-70F4-4B9F-93C2-B107E4DCC418", vulnerable: true, }, { criteria: "cpe:2.3:o:netbsd:netbsd:1.6:*:*:*:*:*:*:*", matchCriteriaId: "28A10F5A-067E-4DD8-B585-ABCD6F6B324E", vulnerable: true, }, { criteria: "cpe:2.3:o:oracle:solaris:2.6:*:*:*:*:*:*:*", matchCriteriaId: "69C7B4A8-E8D0-425C-B979-17E85458B0C6", vulnerable: true, }, { criteria: "cpe:2.3:o:oracle:solaris:7.0:*:*:*:*:*:*:*", matchCriteriaId: "0F538D2B-1AE1-4766-830E-CF7999181128", vulnerable: true, }, { criteria: "cpe:2.3:o:oracle:solaris:8:*:*:*:*:*:*:*", matchCriteriaId: "722A52CF-4C6E-44D3-90C4-D2F72A40EF58", vulnerable: true, }, { criteria: "cpe:2.3:o:oracle:solaris:9:*:*:*:*:*:*:*", matchCriteriaId: "4F864AD7-53A2-4225-870F-062876CE45DD", vulnerable: true, }, { criteria: "cpe:2.3:o:sun:sunos:-:*:*:*:*:*:*:*", matchCriteriaId: "369207B4-96FA-4324-9445-98FAE8ECF5DB", vulnerable: true, }, { criteria: "cpe:2.3:o:sun:sunos:5.7:*:*:*:*:*:*:*", matchCriteriaId: "08003947-A4F1-44AC-84C6-9F8D097EB759", vulnerable: true, }, { criteria: "cpe:2.3:o:sun:sunos:5.8:*:*:*:*:*:*:*", matchCriteriaId: "A2475113-CFE4-41C8-A86F-F2DA6548D224", vulnerable: true, }, { criteria: "cpe:2.3:o:windriver:bsdos:4.2:*:*:*:*:*:*:*", matchCriteriaId: "18B197B3-AA07-440F-A733-80B7CE07B3D2", vulnerable: true, }, { criteria: "cpe:2.3:o:windriver:bsdos:4.3.1:*:*:*:*:*:*:*", matchCriteriaId: "42761237-75A9-4E8C-8202-3CA3EB3D1ACC", vulnerable: true, }, { criteria: "cpe:2.3:o:windriver:bsdos:5.0:*:*:*:*:*:*:*", matchCriteriaId: "7FAFD2BC-330C-4357-B8C7-F451C6282869", vulnerable: true, }, { criteria: "cpe:2.3:o:windriver:platform_sa:1.0:*:*:*:*:*:*:*", matchCriteriaId: "2151D858-F6D4-472E-9CC7-A8EA26E27CC7", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Buffer overflow in Sendmail 5.79 to 8.12.7 allows remote attackers to execute arbitrary code via certain formatted address fields, related to sender and recipient header comments as processed by the crackaddr function of headers.c.", }, { lang: "es", value: "Desbordamiento de búfer en Sendmail 5.79 a la 8.12.7 que permite a atacantes remotos la ejecución arbitraria de código mediante ciertos campos de dirección formateados, relativos a comentarios de cabecera de emisor y receptor, procesados por la función crackaddr del fichero headers.c.", }, ], id: "CVE-2002-1337", lastModified: "2024-11-20T23:41:03.983", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 10, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 10, impactScore: 10, obtainAllPrivilege: true, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2003-03-07T05:00:00.000", references: [ { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-002.txt.asc", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "ftp://ftp.sco.com/pub/updates/OpenServer/CSSA-2003-SCO.6", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "ftp://ftp.sco.com/pub/updates/UnixWare/CSSA-2003-SCO.5", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "ftp://patches.sgi.com/support/free/security/advisories/20030301-01-P", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000571", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://frontal2.mandriva.com/security/advisories?name=MDKSA-2003:028", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=104673778105192&w=2", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=104678739608479&w=2", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=104678862109841&w=2", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=104678862409849&w=2", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=104679411316818&w=2", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://www-1.ibm.com/support/search.wss?rs=0&q=IY40500&apar=only", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://www-1.ibm.com/support/search.wss?rs=0&q=IY40501&apar=only", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://www-1.ibm.com/support/search.wss?rs=0&q=IY40502&apar=only", }, { source: "cve@mitre.org", tags: [ "Broken Link", "Patch", "Third Party Advisory", "US Government Resource", ], url: "http://www.cert.org/advisories/CA-2003-07.html", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://www.debian.org/security/2003/dsa-257", }, { source: "cve@mitre.org", tags: [ "Broken Link", "Patch", "Vendor Advisory", ], url: "http://www.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21950", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://www.iss.net/security_center/static/10748.php", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "US Government Resource", ], url: "http://www.kb.cert.org/vuls/id/398025", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://www.redhat.com/support/errata/RHSA-2003-073.html", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://www.redhat.com/support/errata/RHSA-2003-074.html", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://www.redhat.com/support/errata/RHSA-2003-227.html", }, { source: "cve@mitre.org", tags: [ "Broken Link", "Exploit", "Patch", "Third Party Advisory", "VDB Entry", "Vendor Advisory", ], url: "http://www.securityfocus.com/bid/6991", }, { source: "cve@mitre.org", tags: [ "Broken Link", "Patch", "Vendor Advisory", ], url: "http://www.sendmail.org/8.12.8.html", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2222", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-002.txt.asc", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "ftp://ftp.sco.com/pub/updates/OpenServer/CSSA-2003-SCO.6", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "ftp://ftp.sco.com/pub/updates/UnixWare/CSSA-2003-SCO.5", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "ftp://patches.sgi.com/support/free/security/advisories/20030301-01-P", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000571", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://frontal2.mandriva.com/security/advisories?name=MDKSA-2003:028", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=104673778105192&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=104678739608479&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=104678862109841&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=104678862409849&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=104679411316818&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://www-1.ibm.com/support/search.wss?rs=0&q=IY40500&apar=only", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://www-1.ibm.com/support/search.wss?rs=0&q=IY40501&apar=only", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://www-1.ibm.com/support/search.wss?rs=0&q=IY40502&apar=only", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Patch", "Third Party Advisory", "US Government Resource", ], url: "http://www.cert.org/advisories/CA-2003-07.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://www.debian.org/security/2003/dsa-257", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Patch", "Vendor Advisory", ], url: "http://www.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21950", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://www.iss.net/security_center/static/10748.php", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "US Government Resource", ], url: "http://www.kb.cert.org/vuls/id/398025", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://www.redhat.com/support/errata/RHSA-2003-073.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://www.redhat.com/support/errata/RHSA-2003-074.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://www.redhat.com/support/errata/RHSA-2003-227.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Exploit", "Patch", "Third Party Advisory", "VDB Entry", "Vendor Advisory", ], url: "http://www.securityfocus.com/bid/6991", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Patch", "Vendor Advisory", ], url: "http://www.sendmail.org/8.12.8.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2222", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-120", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2007-05-16 22:30
Modified
2024-11-21 00:29
Severity ?
Summary
formmail.php in Jetbox CMS 2.1 allows remote attackers to send arbitrary e-mails (spam) via modified recipient, _SETTINGS[allowed_email_hosts][], and subject parameters.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apple | mac_os_x | * | |
| hp | hp-ux | * | |
| hp | tru64 | * | |
| linux | linux_kernel | * | |
| microsoft | windows_2000 | * | |
| microsoft | windows_2003_server | * | |
| microsoft | windows_95 | * | |
| microsoft | windows_98 | * | |
| microsoft | windows_98se | * | |
| microsoft | windows_me | * | |
| microsoft | windows_nt | 4.0 | |
| microsoft | windows_xp | * | |
| santa_cruz_operation | sco_unix | * | |
| sun | solaris | * | |
| windriver | bsdos | * | |
| jetbox | jetbox_cms | 2.1 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", matchCriteriaId: "0FF5999A-9D12-4CDD-8DE9-A89C10B2D574", vulnerable: false, }, { criteria: "cpe:2.3:o:hp:hp-ux:*:*:*:*:*:*:*:*", matchCriteriaId: "61A4F116-1FEE-450E-99AE-6AD9ACDDE570", vulnerable: false, }, { criteria: "cpe:2.3:o:hp:tru64:*:*:*:*:*:*:*:*", matchCriteriaId: "1FE64F3F-48F6-493F-A81E-2B106FF73AC1", vulnerable: false, }, { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "155AD4FB-E527-4103-BCEF-801B653DEA37", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*", matchCriteriaId: "4E545C63-FE9C-4CA1-AF0F-D999D84D2AFD", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_2003_server:*:*:*:*:*:*:*:*", matchCriteriaId: "60EC86B8-5C8C-4873-B364-FB1F8EFE1CFF", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_95:*:*:*:*:*:*:*:*", matchCriteriaId: "82F7322B-8022-4D0B-ADB3-D0F5B6F20309", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_98:*:gold:*:*:*:*:*:*", matchCriteriaId: "2D3B703C-79B2-4FA2-9E12-713AB977A880", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_98se:*:*:*:*:*:*:*:*", matchCriteriaId: "AA733AD2-D948-46A0-A063-D29081A56F1F", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_me:*:*:*:*:*:*:*:*", matchCriteriaId: "799DA395-C7F8-477C-8BC7-5B4B88FB7503", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_nt:4.0:*:*:*:*:*:*:*", matchCriteriaId: "E53CDA8E-50A8-4509-B070-CCA5604FFB21", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_xp:*:*:*:*:*:*:*:*", matchCriteriaId: "E61F1C9B-44AF-4B35-A7B2-948EEF7639BD", vulnerable: false, }, { criteria: "cpe:2.3:o:santa_cruz_operation:sco_unix:*:*:*:*:*:*:*:*", matchCriteriaId: "ECCBDA43-9C75-4B36-8C90-EF26B8CD777D", vulnerable: false, }, { criteria: "cpe:2.3:o:sun:solaris:*:*:*:*:*:*:*:*", matchCriteriaId: "469B74F2-4B89-42B8-8638-731E92D463B9", vulnerable: false, }, { criteria: "cpe:2.3:o:windriver:bsdos:*:*:*:*:*:*:*:*", matchCriteriaId: "60ACA374-1434-4C02-8327-17BC9C000B65", vulnerable: false, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:a:jetbox:jetbox_cms:2.1:*:*:*:*:*:*:*", matchCriteriaId: "0916DF3D-71ED-423F-A2F4-842EE706ADDC", vulnerable: true, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "formmail.php in Jetbox CMS 2.1 allows remote attackers to send arbitrary e-mails (spam) via modified recipient, _SETTINGS[allowed_email_hosts][], and subject parameters.", }, { lang: "es", value: "formmail.php en Jetbox CMS 2.1 permite a atacantes remotos envíar e-mails de su elección a través de recipientes modificados, a través de los parámetros _SETTINGS[allowed_email_hosts][], y subject.", }, ], id: "CVE-2007-1898", lastModified: "2024-11-21T00:29:25.010", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 4.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2007-05-16T22:30:00.000", references: [ { source: "cve@mitre.org", url: "http://securityreason.com/securityalert/2710", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://www.netvigilance.com/advisory0026", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://www.osvdb.org/34088", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/archive/1/468644/100/0/threaded", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/bid/23989", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://www.securitytracker.com/id?1018063", }, { source: "cve@mitre.org", url: "http://www.vupen.com/english/advisories/2007/1831", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/34292", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://securityreason.com/securityalert/2710", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.netvigilance.com/advisory0026", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.osvdb.org/34088", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/archive/1/468644/100/0/threaded", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/23989", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.securitytracker.com/id?1018063", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.vupen.com/english/advisories/2007/1831", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/34292", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2007-05-17 19:30
Modified
2024-11-21 00:31
Severity ?
Summary
PHP remote file inclusion vulnerability in index.php in Achievo 1.1.0 allows remote attackers to execute arbitrary PHP code via a URL in the config_atkroot parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apple | a_ux | * | |
| apple | mac_os_x | * | |
| hp | hp-ux | * | |
| hp | tru64 | * | |
| ibm | os2 | * | |
| linux | linux_kernel | * | |
| microsoft | windows_2000 | * | |
| microsoft | windows_2003_server | * | |
| microsoft | windows_95 | * | |
| microsoft | windows_98 | * | |
| microsoft | windows_98se | * | |
| microsoft | windows_me | * | |
| microsoft | windows_nt | 4.0 | |
| microsoft | windows_xp | * | |
| santa_cruz_operation | sco_unix | * | |
| sun | solaris | * | |
| windriver | bsdos | * | |
| achievo | achievo | 1.1.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:apple:a_ux:*:*:*:*:*:*:*:*", matchCriteriaId: "B9E99BBE-C53B-4C23-95AB-61239020E252", vulnerable: false, }, { criteria: "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", matchCriteriaId: "0FF5999A-9D12-4CDD-8DE9-A89C10B2D574", vulnerable: false, }, { criteria: "cpe:2.3:o:hp:hp-ux:*:*:*:*:*:*:*:*", matchCriteriaId: "61A4F116-1FEE-450E-99AE-6AD9ACDDE570", vulnerable: false, }, { criteria: "cpe:2.3:o:hp:tru64:*:*:*:*:*:*:*:*", matchCriteriaId: "1FE64F3F-48F6-493F-A81E-2B106FF73AC1", vulnerable: false, }, { criteria: "cpe:2.3:o:ibm:os2:*:*:*:*:*:*:*:*", matchCriteriaId: "AD5511BD-2A41-4FF6-BD3F-9448F3F8AC90", vulnerable: false, }, { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "155AD4FB-E527-4103-BCEF-801B653DEA37", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*", matchCriteriaId: "4E545C63-FE9C-4CA1-AF0F-D999D84D2AFD", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_2003_server:*:*:*:*:*:*:*:*", matchCriteriaId: "60EC86B8-5C8C-4873-B364-FB1F8EFE1CFF", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_95:*:*:*:*:*:*:*:*", matchCriteriaId: "82F7322B-8022-4D0B-ADB3-D0F5B6F20309", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_98:*:gold:*:*:*:*:*:*", matchCriteriaId: "2D3B703C-79B2-4FA2-9E12-713AB977A880", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_98se:*:*:*:*:*:*:*:*", matchCriteriaId: "AA733AD2-D948-46A0-A063-D29081A56F1F", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_me:*:*:*:*:*:*:*:*", matchCriteriaId: "799DA395-C7F8-477C-8BC7-5B4B88FB7503", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_nt:4.0:*:*:*:*:*:*:*", matchCriteriaId: "E53CDA8E-50A8-4509-B070-CCA5604FFB21", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_xp:*:*:*:*:*:*:*:*", matchCriteriaId: "E61F1C9B-44AF-4B35-A7B2-948EEF7639BD", vulnerable: false, }, { criteria: "cpe:2.3:o:santa_cruz_operation:sco_unix:*:*:*:*:*:*:*:*", matchCriteriaId: "ECCBDA43-9C75-4B36-8C90-EF26B8CD777D", vulnerable: false, }, { criteria: "cpe:2.3:o:sun:solaris:*:*:*:*:*:*:*:*", matchCriteriaId: "469B74F2-4B89-42B8-8638-731E92D463B9", vulnerable: false, }, { criteria: "cpe:2.3:o:windriver:bsdos:*:*:*:*:*:*:*:*", matchCriteriaId: "60ACA374-1434-4C02-8327-17BC9C000B65", vulnerable: false, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:a:achievo:achievo:1.1.0:*:*:*:*:*:*:*", matchCriteriaId: "A5D5AEF1-38CE-4B89-A15A-89D9BF3BEA55", vulnerable: true, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "PHP remote file inclusion vulnerability in index.php in Achievo 1.1.0 allows remote attackers to execute arbitrary PHP code via a URL in the config_atkroot parameter.", }, { lang: "es", value: "Vulnerabilidad de inclusión remota de archivo en PHP en index.php de Achievo 1.1.0 permite a atacantes remotos ejecutar código PHP de su elección mediante una URL en el parámetro config_atkroot.", }, ], id: "CVE-2007-2736", lastModified: "2024-11-21T00:31:31.847", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 10, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 10, impactScore: 10, obtainAllPrivilege: true, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2007-05-17T19:30:00.000", references: [ { source: "cve@mitre.org", url: "http://osvdb.org/37919", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/bid/23992", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/34305", }, { source: "cve@mitre.org", url: "https://www.exploit-db.com/exploits/3928", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://osvdb.org/37919", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/23992", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/34305", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://www.exploit-db.com/exploits/3928", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2007-09-18 19:17
Modified
2024-11-21 00:36
Severity ?
Summary
Heap-based buffer overflow in libmpdemux/aviheader.c in MPlayer 1.0rc1 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a .avi file with certain large "indx truck size" and nEntriesInuse values, and a certain wLongsPerEntry value.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apple | mac_os_x | * | |
| hp | hp-ux | * | |
| hp | tru64 | * | |
| ibm | aix | * | |
| ibm | os2 | * | |
| linux | linux_kernel | * | |
| mandrakesoft | mandrake_linux | 2007 | |
| mandrakesoft | mandrake_linux | 2007 | |
| mandrakesoft | mandrake_linux | 2007.1 | |
| mandrakesoft | mandrake_linux | 2007.1 | |
| microsoft | windows_2000 | * | |
| microsoft | windows_2003_server | * | |
| microsoft | windows_98 | * | |
| microsoft | windows_me | * | |
| microsoft | windows_nt | 4.0 | |
| microsoft | windows_xp | * | |
| santa_cruz_operation | sco_unix | * | |
| sun | solaris | * | |
| windriver | bsdos | * | |
| mplayer | mplayer | 1.0_rc1 | |
| sgi | irix | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", matchCriteriaId: "0FF5999A-9D12-4CDD-8DE9-A89C10B2D574", vulnerable: false, }, { criteria: "cpe:2.3:o:hp:hp-ux:*:*:*:*:*:*:*:*", matchCriteriaId: "61A4F116-1FEE-450E-99AE-6AD9ACDDE570", vulnerable: false, }, { criteria: "cpe:2.3:o:hp:tru64:*:*:*:*:*:*:*:*", matchCriteriaId: "1FE64F3F-48F6-493F-A81E-2B106FF73AC1", vulnerable: false, }, { criteria: "cpe:2.3:o:ibm:aix:*:*:*:*:*:*:*:*", matchCriteriaId: "F7F01A55-7C37-4BAF-A4D4-61E8AC54FF79", vulnerable: false, }, { criteria: "cpe:2.3:o:ibm:os2:*:*:*:*:*:*:*:*", matchCriteriaId: "AD5511BD-2A41-4FF6-BD3F-9448F3F8AC90", vulnerable: false, }, { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "155AD4FB-E527-4103-BCEF-801B653DEA37", vulnerable: false, }, { criteria: "cpe:2.3:o:mandrakesoft:mandrake_linux:2007:*:*:*:*:*:*:*", matchCriteriaId: "02362C25-B373-4FB1-AF4A-2AFC7F7D4387", vulnerable: false, }, { criteria: "cpe:2.3:o:mandrakesoft:mandrake_linux:2007:*:x86_64:*:*:*:*:*", matchCriteriaId: "19AD5F8D-6EB9-4E4B-9E82-FFBAB68797E9", vulnerable: false, }, { criteria: "cpe:2.3:o:mandrakesoft:mandrake_linux:2007.1:*:*:*:*:*:*:*", matchCriteriaId: "19D64247-F0A0-4984-84EA-B63FC901F002", vulnerable: false, }, { criteria: "cpe:2.3:o:mandrakesoft:mandrake_linux:2007.1:*:x86_64:*:*:*:*:*", matchCriteriaId: "316AA6EB-7191-479E-99D5-40DA79E340E7", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*", matchCriteriaId: "4E545C63-FE9C-4CA1-AF0F-D999D84D2AFD", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_2003_server:*:*:*:*:*:*:*:*", matchCriteriaId: "60EC86B8-5C8C-4873-B364-FB1F8EFE1CFF", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_98:*:*:*:*:*:*:*:*", matchCriteriaId: "AD1B68C0-2676-4F21-8EF0-1749103CB8C2", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_me:*:*:*:*:*:*:*:*", matchCriteriaId: "799DA395-C7F8-477C-8BC7-5B4B88FB7503", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_nt:4.0:*:*:*:*:*:*:*", matchCriteriaId: "E53CDA8E-50A8-4509-B070-CCA5604FFB21", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_xp:*:*:*:*:*:*:*:*", matchCriteriaId: "E61F1C9B-44AF-4B35-A7B2-948EEF7639BD", vulnerable: false, }, { criteria: "cpe:2.3:o:santa_cruz_operation:sco_unix:*:*:*:*:*:*:*:*", matchCriteriaId: "ECCBDA43-9C75-4B36-8C90-EF26B8CD777D", vulnerable: false, }, { criteria: "cpe:2.3:o:sun:solaris:*:*:*:*:*:*:*:*", matchCriteriaId: "469B74F2-4B89-42B8-8638-731E92D463B9", vulnerable: false, }, { criteria: "cpe:2.3:o:windriver:bsdos:*:*:*:*:*:*:*:*", matchCriteriaId: "60ACA374-1434-4C02-8327-17BC9C000B65", vulnerable: false, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:a:mplayer:mplayer:1.0_rc1:*:*:*:*:*:*:*", matchCriteriaId: "83E84D8D-93DA-47C1-9282-E127CD1862E5", vulnerable: true, }, { criteria: "cpe:2.3:o:sgi:irix:*:*:*:*:*:*:*:*", matchCriteriaId: "056B3397-81A9-4128-9F49-ECEBE1743EE8", vulnerable: true, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "Heap-based buffer overflow in libmpdemux/aviheader.c in MPlayer 1.0rc1 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a .avi file with certain large \"indx truck size\" and nEntriesInuse values, and a certain wLongsPerEntry value.", }, { lang: "es", value: "Desbordamiento de búfer basado en pila en libmpdemux/aviheader.c en MPlayer 1.0rc1 y anteriores permite a atacantes remotos provocar denegación de servicio (caida de aplicación) o posiblemente ejecutar código de su elección a través de un archivo .avi con cierto \"tamaño indx tratado\" y valores nEntriesInuse, y un cierto valor wLongsPerEntry.", }, ], id: "CVE-2007-4938", lastModified: "2024-11-21T00:36:46.050", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "HIGH", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 7.6, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:H/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 4.9, impactScore: 10, obtainAllPrivilege: true, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], }, published: "2007-09-18T19:17:00.000", references: [ { source: "cve@mitre.org", url: "http://osvdb.org/45940", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/27016", }, { source: "cve@mitre.org", url: "http://securityreason.com/securityalert/3144", }, { source: "cve@mitre.org", url: "http://www.mandriva.com/security/advisories?name=MDKSA-2007:192", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/archive/1/479222/100/0/threaded", }, { source: "cve@mitre.org", tags: [ "Exploit", ], url: "http://www.securityfocus.com/bid/25648", }, { source: "cve@mitre.org", tags: [ "Exploit", ], url: "http://www.vulnhunt.com/advisories/CAL-20070912-1_Multiple_vendor_produce_handling_AVI_file_vulnerabilities.txt", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/36581", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://osvdb.org/45940", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/27016", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://securityreason.com/securityalert/3144", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.mandriva.com/security/advisories?name=MDKSA-2007:192", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/archive/1/479222/100/0/threaded", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "http://www.securityfocus.com/bid/25648", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "http://www.vulnhunt.com/advisories/CAL-20070912-1_Multiple_vendor_produce_handling_AVI_file_vulnerabilities.txt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/36581", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-119", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2007-12-04 18:46
Modified
2024-11-21 00:39
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in index.php in FTP Admin 0.1.0 allows remote attackers to inject arbitrary web script or HTML via the error parameter in an error page action.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:hp:hp-ux:*:*:*:*:*:*:*:*", matchCriteriaId: "61A4F116-1FEE-450E-99AE-6AD9ACDDE570", vulnerable: false, }, { criteria: "cpe:2.3:o:hp:tru64:*:*:*:*:*:*:*:*", matchCriteriaId: "1FE64F3F-48F6-493F-A81E-2B106FF73AC1", vulnerable: false, }, { criteria: "cpe:2.3:o:ibm:aix:*:*:*:*:*:*:*:*", matchCriteriaId: "F7F01A55-7C37-4BAF-A4D4-61E8AC54FF79", vulnerable: false, }, { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "155AD4FB-E527-4103-BCEF-801B653DEA37", vulnerable: false, }, { criteria: "cpe:2.3:o:santa_cruz_operation:sco_unix:any_version:*:*:*:*:*:*:*", matchCriteriaId: "D7B2A213-26BC-4192-8695-D702BEF34E33", vulnerable: false, }, { criteria: "cpe:2.3:o:sgi:irix:any_version:*:*:*:*:*:*:*", matchCriteriaId: "258743E2-61D1-437C-A2B3-3CC6364DC9B2", vulnerable: false, }, { criteria: "cpe:2.3:o:sun:solaris:*:*:*:*:*:*:*:*", matchCriteriaId: "469B74F2-4B89-42B8-8638-731E92D463B9", vulnerable: false, }, { criteria: "cpe:2.3:o:windriver:bsdos:any_version:*:*:*:*:*:*:*", matchCriteriaId: "1EC68F59-F6BA-4818-ACE0-2F095F304D21", vulnerable: false, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:a:ftp:admin:0.1.0:*:*:*:*:*:*:*", matchCriteriaId: "23F3C472-E4CD-403C-8626-BA100EA7268C", vulnerable: true, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cross-site scripting (XSS) vulnerability in index.php in FTP Admin 0.1.0 allows remote attackers to inject arbitrary web script or HTML via the error parameter in an error page action.", }, { lang: "es", value: "Vulnerabilidad de secuencia de comandos en sitios cruzados (XSS) en index.php en FTP Admin 0.1.0 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro error en una acción de página de error.", }, ], id: "CVE-2007-6232", lastModified: "2024-11-21T00:39:40.290", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], }, published: "2007-12-04T18:46:00.000", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/27875", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/38780", }, { source: "cve@mitre.org", url: "https://www.exploit-db.com/exploits/4681", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/27875", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/38780", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://www.exploit-db.com/exploits/4681", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2007-02-21 17:28
Modified
2024-11-21 00:27
Severity ?
Summary
Ezboo webstats, possibly 3.0.3, allows remote attackers to bypass authentication and gain access via a direct request to (1) update.php and (2) config.php.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apple | mac_os_x | 10.4.9 | |
| hp | hp-ux | * | |
| hp | tru64 | 5.1b_pk2_bl22 | |
| ibm | aix | * | |
| ibm | os2 | * | |
| linux | linux_kernel | * | |
| microsoft | windows_2000 | * | |
| microsoft | windows_2003_server | sp2 | |
| microsoft | windows_95 | * | |
| microsoft | windows_98 | * | |
| microsoft | windows_98se | * | |
| microsoft | windows_me | * | |
| microsoft | windows_nt | 4.0 | |
| microsoft | windows_xp | * | |
| santa_cruz_operation | sco_unix | * | |
| sun | solaris | * | |
| windriver | bsdos | * | |
| ezboo | webstats | 3.0.3 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:apple:mac_os_x:10.4.9:*:*:*:*:*:*:*", matchCriteriaId: "786BB737-EA99-4EC6-B742-0C35BF2453F9", vulnerable: false, }, { criteria: "cpe:2.3:o:hp:hp-ux:*:*:*:*:*:*:*:*", matchCriteriaId: "61A4F116-1FEE-450E-99AE-6AD9ACDDE570", vulnerable: false, }, { criteria: "cpe:2.3:o:hp:tru64:5.1b_pk2_bl22:*:*:*:*:*:*:*", matchCriteriaId: "5F6E90A8-BF8E-46AD-A0E6-4266EE0AE70C", vulnerable: false, }, { criteria: "cpe:2.3:o:ibm:aix:*:*:*:*:*:*:*:*", matchCriteriaId: "F7F01A55-7C37-4BAF-A4D4-61E8AC54FF79", vulnerable: false, }, { criteria: "cpe:2.3:o:ibm:os2:*:*:*:*:*:*:*:*", matchCriteriaId: "AD5511BD-2A41-4FF6-BD3F-9448F3F8AC90", vulnerable: false, }, { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "155AD4FB-E527-4103-BCEF-801B653DEA37", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*", matchCriteriaId: "4E545C63-FE9C-4CA1-AF0F-D999D84D2AFD", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_2003_server:sp2:*:*:*:*:*:*:*", matchCriteriaId: "377F7D0C-6B44-4B90-BF90-DAF959880C6D", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_95:*:*:*:*:*:*:*:*", matchCriteriaId: "82F7322B-8022-4D0B-ADB3-D0F5B6F20309", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_98:*:gold:*:*:*:*:*:*", matchCriteriaId: "2D3B703C-79B2-4FA2-9E12-713AB977A880", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_98se:*:*:*:*:*:*:*:*", matchCriteriaId: "AA733AD2-D948-46A0-A063-D29081A56F1F", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_me:*:*:*:*:*:*:*:*", matchCriteriaId: "799DA395-C7F8-477C-8BC7-5B4B88FB7503", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_nt:4.0:*:*:*:*:*:*:*", matchCriteriaId: "E53CDA8E-50A8-4509-B070-CCA5604FFB21", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_xp:*:gold:*:*:*:*:*:*", matchCriteriaId: "580B0C9B-DD85-40FA-9D37-BAC0C96D57FC", vulnerable: false, }, { criteria: "cpe:2.3:o:santa_cruz_operation:sco_unix:*:*:*:*:*:*:*:*", matchCriteriaId: "ECCBDA43-9C75-4B36-8C90-EF26B8CD777D", vulnerable: false, }, { criteria: "cpe:2.3:o:sun:solaris:*:*:*:*:*:*:*:*", matchCriteriaId: "469B74F2-4B89-42B8-8638-731E92D463B9", vulnerable: false, }, { criteria: "cpe:2.3:o:windriver:bsdos:*:*:*:*:*:*:*:*", matchCriteriaId: "60ACA374-1434-4C02-8327-17BC9C000B65", vulnerable: false, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:a:ezboo:webstats:3.0.3:*:*:*:*:*:*:*", matchCriteriaId: "E4F3346B-0AB1-4200-BF60-29392FB1EEB7", vulnerable: true, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "Ezboo webstats, possibly 3.0.3, allows remote attackers to bypass authentication and gain access via a direct request to (1) update.php and (2) config.php.", }, { lang: "es", value: "Ezboo webstats, posiblemente la 3.0.3, permite a atacantes remotos evitar la autenticación y obtener una vía de acceso mediante una petición directa al (1) update.php y (2) config.php.", }, ], id: "CVE-2007-1043", lastModified: "2024-11-21T00:27:22.077", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: true, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2007-02-21T17:28:00.000", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Vendor Advisory", ], url: "http://forums.avenir-geopolitique.net/viewtopic.php?t=2674", }, { source: "cve@mitre.org", url: "http://osvdb.org/34181", }, { source: "cve@mitre.org", url: "http://securityreason.com/securityalert/2275", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/archive/1/460325/100/0/threaded", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/bid/22590", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/32563", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Vendor Advisory", ], url: "http://forums.avenir-geopolitique.net/viewtopic.php?t=2674", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://osvdb.org/34181", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://securityreason.com/securityalert/2275", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/archive/1/460325/100/0/threaded", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/22590", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/32563", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2007-02-23 03:28
Modified
2024-11-21 00:24
Severity ?
Summary
SQL injection vulnerability in directory.php in Super Link Exchange Script 1.0 might allow remote attackers to execute arbitrary SQL queries via the cat parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apple | mac_os_x | 10.4.9 | |
| hp | hp-ux | * | |
| hp | tru64 | 5.1b_pk2_bl22 | |
| ibm | aix | * | |
| ibm | os2 | * | |
| linux | linux_kernel | * | |
| microsoft | windows_2000 | * | |
| microsoft | windows_2003_server | sp2 | |
| microsoft | windows_95 | * | |
| microsoft | windows_98 | * | |
| microsoft | windows_98se | * | |
| microsoft | windows_me | * | |
| microsoft | windows_nt | 4.0 | |
| microsoft | windows_xp | * | |
| santa_cruz_operation | sco_unix | * | |
| sun | solaris | * | |
| windriver | bsdos | * | |
| super_link_exchange_script | super_link_exchange_script | 1.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:apple:mac_os_x:10.4.9:*:*:*:*:*:*:*", matchCriteriaId: "786BB737-EA99-4EC6-B742-0C35BF2453F9", vulnerable: false, }, { criteria: "cpe:2.3:o:hp:hp-ux:*:*:*:*:*:*:*:*", matchCriteriaId: "61A4F116-1FEE-450E-99AE-6AD9ACDDE570", vulnerable: false, }, { criteria: "cpe:2.3:o:hp:tru64:5.1b_pk2_bl22:*:*:*:*:*:*:*", matchCriteriaId: "5F6E90A8-BF8E-46AD-A0E6-4266EE0AE70C", vulnerable: false, }, { criteria: "cpe:2.3:o:ibm:aix:*:*:*:*:*:*:*:*", matchCriteriaId: "F7F01A55-7C37-4BAF-A4D4-61E8AC54FF79", vulnerable: false, }, { criteria: "cpe:2.3:o:ibm:os2:*:*:*:*:*:*:*:*", matchCriteriaId: "AD5511BD-2A41-4FF6-BD3F-9448F3F8AC90", vulnerable: false, }, { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "155AD4FB-E527-4103-BCEF-801B653DEA37", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*", matchCriteriaId: "4E545C63-FE9C-4CA1-AF0F-D999D84D2AFD", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_2003_server:sp2:*:*:*:*:*:*:*", matchCriteriaId: "377F7D0C-6B44-4B90-BF90-DAF959880C6D", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_95:*:*:*:*:*:*:*:*", matchCriteriaId: "82F7322B-8022-4D0B-ADB3-D0F5B6F20309", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_98:*:gold:*:*:*:*:*:*", matchCriteriaId: "2D3B703C-79B2-4FA2-9E12-713AB977A880", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_98se:*:*:*:*:*:*:*:*", matchCriteriaId: "AA733AD2-D948-46A0-A063-D29081A56F1F", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_me:*:*:*:*:*:*:*:*", matchCriteriaId: "799DA395-C7F8-477C-8BC7-5B4B88FB7503", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_nt:4.0:*:*:*:*:*:*:*", matchCriteriaId: "E53CDA8E-50A8-4509-B070-CCA5604FFB21", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_xp:*:gold:*:*:*:*:*:*", matchCriteriaId: "580B0C9B-DD85-40FA-9D37-BAC0C96D57FC", vulnerable: false, }, { criteria: "cpe:2.3:o:santa_cruz_operation:sco_unix:*:*:*:*:*:*:*:*", matchCriteriaId: "ECCBDA43-9C75-4B36-8C90-EF26B8CD777D", vulnerable: false, }, { criteria: "cpe:2.3:o:sun:solaris:*:*:*:*:*:*:*:*", matchCriteriaId: "469B74F2-4B89-42B8-8638-731E92D463B9", vulnerable: false, }, { criteria: "cpe:2.3:o:windriver:bsdos:*:*:*:*:*:*:*:*", matchCriteriaId: "60ACA374-1434-4C02-8327-17BC9C000B65", vulnerable: false, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:a:super_link_exchange_script:super_link_exchange_script:1.0:*:*:*:*:*:*:*", matchCriteriaId: "72865C64-C70A-4CBC-83B7-629DE0DD3532", vulnerable: true, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "SQL injection vulnerability in directory.php in Super Link Exchange Script 1.0 might allow remote attackers to execute arbitrary SQL queries via the cat parameter.", }, { lang: "es", value: "Vulnerabilidad de inyección SQL en directory.php en Super Link Exchange Script 1.0 podría permitir a atacantes remotos ejecutar consultas SQL de su elección a través del parámetro cat.", }, ], id: "CVE-2006-7034", lastModified: "2024-11-21T00:24:13.820", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2007-02-23T03:28:00.000", references: [ { source: "cve@mitre.org", url: "http://securityreason.com/securityalert/2285", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/archive/1/435166/30/4680/threaded", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/26720", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://securityreason.com/securityalert/2285", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/archive/1/435166/30/4680/threaded", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/26720", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
1997-08-01 04:00
Modified
2024-11-20 23:28
Severity ?
Summary
ICMP information such as (1) netmask and (2) timestamp is allowed from arbitrary hosts.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*", matchCriteriaId: "4781BF1E-8A4E-4AFF-9540-23D523EE30DD", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", matchCriteriaId: "387021A0-AF36-463C-A605-32EA7DAC172E", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:-:*:*:*:*:*:*:*", matchCriteriaId: "B6230A85-30D2-4934-A8A0-11499B7B09F8", vulnerable: true, }, { criteria: "cpe:2.3:o:hp:hp-ux:-:*:*:*:*:*:*:*", matchCriteriaId: "F480AA32-841A-4E68-9343-B2E7548B0A0C", vulnerable: true, }, { criteria: "cpe:2.3:o:hp:tru64:-:*:*:*:*:*:*:*", matchCriteriaId: "06E97148-F1B2-40FB-9C98-AB9FBE867DE7", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*", matchCriteriaId: "E492C463-D76E-49B7-A4D4-3B499E422D89", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:os2:-:*:*:*:*:*:*:*", matchCriteriaId: "602ECD33-560E-4CDD-8396-7B6EC002C10A", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", matchCriteriaId: "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", matchCriteriaId: "A2572D17-1DE6-457B-99CC-64AFD54487EA", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:netware:-:*:*:*:*:*:*:*", matchCriteriaId: "61BD8560-99BE-46E5-8366-7CD9CD3427E6", vulnerable: true, }, { criteria: "cpe:2.3:o:oracle:solaris:-:*:*:*:*:*:-:*", matchCriteriaId: "F5027746-8216-452D-83C5-2F8E9546F2A5", vulnerable: true, }, { criteria: "cpe:2.3:o:sco:sco_unix:-:*:*:*:*:*:*:*", matchCriteriaId: "97A1D7CF-430A-4348-AC21-DB4BA7FD59F1", vulnerable: true, }, { criteria: "cpe:2.3:o:sgi:irix:-:*:*:*:*:*:*:*", matchCriteriaId: "1B522A89-5F4E-4BA1-8AAF-2613C3A6CEE9", vulnerable: true, }, { criteria: "cpe:2.3:o:windriver:bsdos:-:*:*:*:*:*:*:*", matchCriteriaId: "D0B43723-26A2-40E5-8B2D-B8747CEEA274", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "ICMP information such as (1) netmask and (2) timestamp is allowed from arbitrary hosts.", }, { lang: "es", value: "Información ICMP como (1) máscara de red y (2) marca de tiempo está permitida desde hosts arbitrarios.", }, ], id: "CVE-1999-0524", lastModified: "2024-11-20T23:28:56.657", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "NONE", baseScore: 2.1, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:L/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "1997-08-01T04:00:00.000", references: [ { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://descriptions.securescout.com/tc/11010", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://descriptions.securescout.com/tc/11011", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://kb.vmware.com/selfservice/microsites/search.do?cmd=displayKC&externalId=1434", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://www.osvdb.org/95", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/306", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/322", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10053", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://descriptions.securescout.com/tc/11010", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://descriptions.securescout.com/tc/11011", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://kb.vmware.com/selfservice/microsites/search.do?cmd=displayKC&externalId=1434", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://www.osvdb.org/95", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/306", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/322", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10053", }, ], sourceIdentifier: "cve@mitre.org", vendorComments: [ { comment: "Red Hat Enterprise Linux is configured by default to respond to all ICMP requests. Users may configure the firewall to prevent a system from responding to certain ICMP requests.", lastModified: "2010-01-05T00:00:00", organization: "Red Hat", }, ], vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-200", }, { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
var-200303-0122
Vulnerability from variot
Buffer overflow in Sendmail 5.79 to 8.12.7 allows remote attackers to execute arbitrary code via certain formatted address fields, related to sender and recipient header comments as processed by the crackaddr function of headers.c. sendmail A buffer overflow vulnerability was discovered in message processing. The vulnerability could allow a third party to gain administrative privileges remotely. This problem, sendmail is caused by receiving a message with maliciously constructed header information. For this reason, LAN is running on a host installed within sendmail Even other MTA (Mail Transfer Agent) You may be affected by the vulnerability if you receive a malicious message relayed from .A third party may be able to remotely obtain administrator privileges. Sendmail is prone to a remotely buffer-overflow vulnerability in the SMTP header parsing component. Successful attackers may exploit this vulnerability to gain control of affected servers. Reportedly, this vulnerability may be locally exploitable if the sendmail binary is setuid/setgid. Sendmail 5.2 to 8.12.7 are affected. Administrators are advised to upgrade to 8.12.8 or to apply patches to earlier versions of the 8.12.x tree. Most organizations have various mail transfer agents (MTAs) at various locations within their network, at least one of which is directly connected to the Internet. According to statistics, Internet mail traffic handled by Sendmail accounts for 50\% to 75\% of the total. Many UNIX and Linux workstations run Sendmail by default. When an email header contains an address or address list (eg \"From\", \"To\", \"CC\"), Sendmail will attempt to check whether the provided address or address list is valid. Sendmail does this using the crackaddr() function, which is located in the headers.c file in the Sendmail source tree. Sendmail will check this buffer and stop adding data to it if it is found to be full. Sendmail goes through several safety checks to ensure that characters are interpreted correctly. On most Unix or Linux systems, Sendmail runs as the root user. Because the attack code can be included in what appears to be a normal email message, it can easily penetrate many common packet filtering devices or firewalls without being detected. Successful exploitation of an unpatched sendmail system leaves no messages in the syslog. However, on patched systems, attempts to exploit this vulnerability leave the following log message: Dropped invalid comments from header address This vulnerability affects both the commercial and open source versions of Sendmail, and is also reported to have been tested in the lab environment has been successfully exploited
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-200303-0122", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "netbsd", scope: "eq", trust: 1.3, vendor: "netbsd", version: "1.6", }, { model: "netbsd", scope: "eq", trust: 1.3, vendor: "netbsd", version: "1.5.3", }, { model: "netbsd", scope: "eq", trust: 1.3, vendor: "netbsd", version: "1.5.2", }, { model: "netbsd", scope: "eq", trust: 1.3, vendor: "netbsd", version: "1.5.1", }, { model: "netbsd", scope: "eq", trust: 1.3, vendor: "netbsd", version: "1.5", }, { model: "hp-ux", scope: "eq", trust: 1.3, vendor: "hp", version: "11.22", }, { model: "hp-ux", scope: "eq", trust: 1.3, vendor: "hp", version: "11.11", }, { model: "hp-ux", scope: "eq", trust: 1.3, vendor: "hp", version: "10.20", }, { model: "hp-ux", scope: "eq", trust: 1.3, vendor: "hp", version: "10.10", }, { model: "sendmail", scope: "lt", trust: 1, vendor: "sendmail", version: "8.9.3", }, { model: "bsdos", scope: "eq", trust: 1, vendor: "windriver", version: "4.2", }, { model: "hp-ux", scope: "eq", trust: 1, vendor: "hp", version: "11.00", }, { model: "sendmail", scope: "lt", trust: 1, vendor: "sendmail", version: "8.11.6", }, { model: "sendmail", scope: "gte", trust: 1, vendor: "sendmail", version: "8.10.0", }, { model: "sunos", scope: "eq", trust: 1, vendor: "sun", version: "5.8", }, { model: "sendmail", scope: "gte", trust: 1, vendor: "sendmail", version: "8.12.0", }, { model: "solaris", scope: "eq", trust: 1, vendor: "oracle", version: "2.6", }, { model: "solaris", scope: "eq", trust: 1, vendor: "oracle", version: "7.0", }, { model: "sunos", scope: "eq", trust: 1, vendor: "sun", version: "5.7", }, { model: "bsdos", scope: "eq", trust: 1, vendor: "windriver", version: "4.3.1", }, { model: "bsdos", scope: "eq", trust: 1, vendor: "windriver", version: "5.0", }, { model: "hp-ux", scope: "eq", trust: 1, vendor: "hp", version: "11.0.4", }, { model: "alphaserver sc", scope: "eq", trust: 1, vendor: "hp", version: "*", }, { model: "sunos", scope: "eq", trust: 1, vendor: "sun", version: null, }, { model: "platform sa", scope: "eq", trust: 1, vendor: "windriver", version: "1.0", }, { model: "sendmail", scope: "lt", trust: 1, vendor: "sendmail", version: "8.12.8", }, { model: "solaris", scope: "eq", trust: 1, vendor: "oracle", version: "8", }, { model: "solaris", scope: "eq", trust: 1, vendor: "oracle", version: "9", }, { model: "linux", scope: "eq", trust: 1, vendor: "gentoo", version: "1.4", }, { model: "alphaserver sc", scope: null, trust: 0.9, vendor: "hp", version: null, }, { model: null, scope: null, trust: 0.8, vendor: "apple computer", version: null, }, { model: null, scope: null, trust: 0.8, vendor: "bsd os", version: null, }, { model: null, scope: null, trust: 0.8, vendor: "conectiva", version: null, }, { model: null, scope: null, trust: 0.8, vendor: "debian", version: null, }, { model: null, scope: null, trust: 0.8, vendor: "freebsd", version: null, }, { model: null, scope: null, trust: 0.8, vendor: "gentoo linux", version: null, }, { model: null, scope: null, trust: 0.8, vendor: "hewlett packard", version: null, }, { model: null, scope: null, trust: 0.8, vendor: "ibm", version: null, }, { model: null, scope: null, trust: 0.8, vendor: "mandrakesoft", version: null, }, { model: null, scope: null, trust: 0.8, vendor: "netbsd", version: null, }, { model: null, scope: null, trust: 0.8, vendor: "nortel", version: null, }, { model: null, scope: null, trust: 0.8, vendor: "openbsd", version: null, }, { model: null, scope: null, trust: 0.8, vendor: "openpkg", version: null, }, { model: null, scope: null, trust: 0.8, vendor: "red hat", version: null, }, { model: null, scope: null, trust: 0.8, vendor: "sgi", version: null, }, { model: null, scope: null, trust: 0.8, vendor: "sendmail", version: null, }, { model: null, scope: null, trust: 0.8, vendor: "slackware", version: null, }, { model: null, scope: null, trust: 0.8, vendor: "suse", version: null, }, { model: null, scope: null, trust: 0.8, vendor: "sun microsystems", version: null, }, { model: null, scope: null, trust: 0.8, vendor: "the sco group sco linux", version: null, }, { model: null, scope: null, trust: 0.8, vendor: "the sco group sco unixware", version: null, }, { model: null, scope: null, trust: 0.8, vendor: "the sendmail consortium", version: null, }, { model: null, scope: null, trust: 0.8, vendor: "xerox", version: null, }, { model: "bsd/os", scope: null, trust: 0.8, vendor: "フォア チューン", version: null, }, { model: "ux4800シリーズ", scope: null, trust: 0.8, vendor: "日本電気", version: null, }, { model: "sendmail", scope: null, trust: 0.8, vendor: "sendmail consortium", version: null, }, { model: "gnu/linux", scope: null, trust: 0.8, vendor: "debian", version: null, }, { model: "sun cobalt qube3", scope: null, trust: 0.8, vendor: "サン マイクロシステムズ", version: null, }, { model: "systemwalker perfmgr", scope: null, trust: 0.8, vendor: "富士通", version: null, }, { model: "teamware office", scope: "eq", trust: 0.8, vendor: "富士通", version: null, }, { model: "sun cobalt raq3", scope: null, trust: 0.8, vendor: "サン マイクロシステムズ", version: null, }, { model: "sendmail switch", scope: null, trust: 0.8, vendor: "センドメール社", version: null, }, { model: "up-ux", scope: null, trust: 0.8, vendor: "日本電気", version: null, }, { model: "sun cobalt raq4", scope: null, trust: 0.8, vendor: "サン マイクロシステムズ", version: null, }, { model: "interstage collaborationring pm", scope: null, trust: 0.8, vendor: "富士通", version: null, }, { model: "irix", scope: null, trust: 0.8, vendor: "sgi", version: null, }, { model: "netbsd", scope: null, trust: 0.8, vendor: "netbsd", version: null, }, { model: "sun linux 5.0", scope: null, trust: 0.8, vendor: "サン マイクロシステムズ", version: null, }, { model: "turbolinux workstation", scope: null, trust: 0.8, vendor: "ターボリナックス", version: null, }, { model: "unixware", scope: null, trust: 0.8, vendor: "sco", version: null, }, { model: "interstage collaborationring tpm", scope: null, trust: 0.8, vendor: "富士通", version: null, }, { model: "sendmail pro", scope: null, trust: 0.8, vendor: "センドメール社", version: null, }, { model: "sendmail for nt", scope: null, trust: 0.8, vendor: "センドメール社", version: null, }, { model: "turbolinux advanced server", scope: null, trust: 0.8, vendor: "ターボリナックス", version: null, }, { model: "systemwalker it budgetmgr", scope: null, trust: 0.8, vendor: "富士通", version: null, }, { model: "apple mac os x", scope: null, trust: 0.8, vendor: "アップル", version: null, }, { model: "aix", scope: null, trust: 0.8, vendor: "ibm", version: null, }, { model: "hi-ux/we2", scope: null, trust: 0.8, vendor: "日立", version: null, }, { model: "open unix", scope: null, trust: 0.8, vendor: "sco", version: null, }, { model: "trendmicro interscan viruswall", scope: null, trust: 0.8, vendor: "トレンドマイクロ", version: null, }, { model: "sun cobalt raq550", scope: null, trust: 0.8, vendor: "サン マイクロシステムズ", version: null, }, { model: "internet navigware server", scope: null, trust: 0.8, vendor: "富士通", version: null, }, { model: "openlinux", scope: null, trust: 0.8, vendor: "sco", version: null, }, { model: "hp-ux", scope: null, trust: 0.8, vendor: "ヒューレット パッカード", version: null, }, { model: "interstage office square", scope: null, trust: 0.8, vendor: "富士通", version: null, }, { model: "red hat enterprise linux", scope: null, trust: 0.8, vendor: "レッドハット", version: null, }, { model: "sun solaris", scope: null, trust: 0.8, vendor: "サン マイクロシステムズ", version: null, }, { model: "red hat linux advanced workstation", scope: null, trust: 0.8, vendor: "レッドハット", version: null, }, { model: "turbolinux server", scope: null, trust: 0.8, vendor: "ターボリナックス", version: null, }, { model: "sun cobalt raqxtr", scope: null, trust: 0.8, vendor: "サン マイクロシステムズ", version: null, }, { model: "red hat linux", scope: null, trust: 0.8, vendor: "レッドハット", version: null, }, { model: "ews-ux", scope: null, trust: 0.8, vendor: "日本電気", version: null, }, { model: "freebsd", scope: null, trust: 0.8, vendor: "freebsd", version: null, }, { model: "hp-ux", scope: "eq", trust: 0.6, vendor: "hp", version: "11.04", }, { model: "river systems platform sa", scope: "eq", trust: 0.3, vendor: "wind", version: "1.0", }, { model: "river systems bsd/os", scope: "eq", trust: 0.3, vendor: "wind", version: "5.0", }, { model: "river systems bsd/os", scope: "eq", trust: 0.3, vendor: "wind", version: "4.3.1", }, { model: "river systems bsd/os", scope: "eq", trust: 0.3, vendor: "wind", version: "4.2", }, { model: "solaris 9 x86", scope: null, trust: 0.3, vendor: "sun", version: null, }, { model: "solaris", scope: "eq", trust: 0.3, vendor: "sun", version: "9", }, { model: "solaris 8 x86", scope: null, trust: 0.3, vendor: "sun", version: null, }, { model: "solaris 8 sparc", scope: null, trust: 0.3, vendor: "sun", version: null, }, { model: "solaris 7.0 x86", scope: null, trust: 0.3, vendor: "sun", version: null, }, { model: "solaris", scope: "eq", trust: 0.3, vendor: "sun", version: "7.0", }, { model: "solaris 2.6 x86", scope: null, trust: 0.3, vendor: "sun", version: null, }, { model: "solaris", scope: "eq", trust: 0.3, vendor: "sun", version: "2.6", }, { model: "lx50", scope: null, trust: 0.3, vendor: "sun", version: null, }, { model: "cobalt raq xtr", scope: null, trust: 0.3, vendor: "sun", version: null, }, { model: "cobalt raq", scope: "eq", trust: 0.3, vendor: "sun", version: "550", }, { model: "cobalt raq", scope: "eq", trust: 0.3, vendor: "sun", version: "4", }, { model: "cobalt raq", scope: "eq", trust: 0.3, vendor: "sun", version: "3", }, { model: "cobalt qube", scope: "eq", trust: 0.3, vendor: "sun", version: "3", }, { model: "cobalt manageraq3 3000r-mr", scope: null, trust: 0.3, vendor: "sun", version: null, }, { model: "cobalt cacheraq", scope: "eq", trust: 0.3, vendor: "sun", version: "4", }, { model: "irix", scope: "eq", trust: 0.3, vendor: "sgi", version: "6.5.19", }, { model: "irix", scope: "eq", trust: 0.3, vendor: "sgi", version: "6.5.18", }, { model: "irix", scope: "eq", trust: 0.3, vendor: "sgi", version: "6.5.17", }, { model: "irix", scope: "eq", trust: 0.3, vendor: "sgi", version: "6.5.16", }, { model: "irix", scope: "eq", trust: 0.3, vendor: "sgi", version: "6.5.15", }, { model: "irix", scope: "eq", trust: 0.3, vendor: "sgi", version: "6.5.14", }, { model: "irix", scope: "eq", trust: 0.3, vendor: "sgi", version: "6.5.13", }, { model: "irix", scope: "eq", trust: 0.3, vendor: "sgi", version: "6.5.12", }, { model: "irix", scope: "eq", trust: 0.3, vendor: "sgi", version: "6.5.11", }, { model: "irix", scope: "eq", trust: 0.3, vendor: "sgi", version: "6.5.10", }, { model: "irix", scope: "eq", trust: 0.3, vendor: "sgi", version: "6.5.9", }, { model: "irix", scope: "eq", trust: 0.3, vendor: "sgi", version: "6.5.8", }, { model: "irix", scope: "eq", trust: 0.3, vendor: "sgi", version: "6.5.7", }, { model: "irix", scope: "eq", trust: 0.3, vendor: "sgi", version: "6.5.6", }, { model: "irix", scope: "eq", trust: 0.3, vendor: "sgi", version: "6.5.5", }, { model: "irix", scope: "eq", trust: 0.3, vendor: "sgi", version: "6.5.4", }, { model: "irix", scope: "eq", trust: 0.3, vendor: "sgi", version: "6.5.3", }, { model: "irix", scope: "eq", trust: 0.3, vendor: "sgi", version: "6.5.2", }, { model: "irix", scope: "eq", trust: 0.3, vendor: "sgi", version: "6.5.1", }, { model: "irix", scope: "eq", trust: 0.3, vendor: "sgi", version: "6.5", }, { model: "freeware", scope: "eq", trust: 0.3, vendor: "sgi", version: "1.0", }, { model: "inc sendmail switch", scope: "eq", trust: 0.3, vendor: "sendmail", version: "3.0.2", }, { model: "inc sendmail switch", scope: "eq", trust: 0.3, vendor: "sendmail", version: "3.0.1", }, { model: "inc sendmail switch", scope: "eq", trust: 0.3, vendor: "sendmail", version: "3.0", }, { model: "inc sendmail switch", scope: "eq", trust: 0.3, vendor: "sendmail", version: "2.2.4", }, { model: "inc sendmail switch", scope: "eq", trust: 0.3, vendor: "sendmail", version: "2.2.3", }, { model: "inc sendmail switch", scope: "eq", trust: 0.3, vendor: "sendmail", version: "2.2.2", }, { model: "inc sendmail switch", scope: "eq", trust: 0.3, vendor: "sendmail", version: "2.2.1", }, { model: "inc sendmail switch", scope: "eq", trust: 0.3, vendor: "sendmail", version: "2.2", }, { model: "inc sendmail switch", scope: "eq", trust: 0.3, vendor: "sendmail", version: "2.1.4", }, { model: "inc sendmail switch", scope: "eq", trust: 0.3, vendor: "sendmail", version: "2.1.3", }, { model: "inc sendmail switch", scope: "eq", trust: 0.3, vendor: "sendmail", version: "2.1.2", }, { model: "inc sendmail switch", scope: "eq", trust: 0.3, vendor: "sendmail", version: "2.1.1", }, { model: "inc sendmail switch", scope: "eq", trust: 0.3, vendor: "sendmail", version: "2.1", }, { model: "inc sendmail for nt", scope: "eq", trust: 0.3, vendor: "sendmail", version: "3.0.2", }, { model: "inc sendmail for nt", scope: "eq", trust: 0.3, vendor: "sendmail", version: "3.0.1", }, { model: "inc sendmail for nt", scope: "eq", trust: 0.3, vendor: "sendmail", version: "3.0", }, { model: "inc sendmail for nt", scope: "eq", trust: 0.3, vendor: "sendmail", version: "2.6.1", }, { model: "inc sendmail for nt", scope: "eq", trust: 0.3, vendor: "sendmail", version: "2.6", }, { model: "inc sendmail advanced message server", scope: "eq", trust: 0.3, vendor: "sendmail", version: "1.3", }, { model: "inc sendmail advanced message server", scope: "eq", trust: 0.3, vendor: "sendmail", version: "1.2", }, { model: "consortium sendmail switch", scope: "eq", trust: 0.3, vendor: "sendmail", version: "3.0.2", }, { model: "consortium sendmail switch", scope: "eq", trust: 0.3, vendor: "sendmail", version: "3.0.1", }, { model: "consortium sendmail switch", scope: "eq", trust: 0.3, vendor: "sendmail", version: "3.0", }, { model: "consortium sendmail switch", scope: "eq", trust: 0.3, vendor: "sendmail", version: "2.2.4", }, { model: "consortium sendmail switch", scope: "eq", trust: 0.3, vendor: "sendmail", version: "2.2.3", }, { model: "consortium sendmail switch", scope: "eq", trust: 0.3, vendor: "sendmail", version: "2.2.2", }, { model: "consortium sendmail switch", scope: "eq", trust: 0.3, vendor: "sendmail", version: "2.2.1", }, { model: "consortium sendmail switch", scope: "eq", trust: 0.3, vendor: "sendmail", version: "2.2", }, { model: "consortium sendmail switch", scope: "eq", trust: 0.3, vendor: "sendmail", version: "2.1.4", }, { model: "consortium sendmail switch", scope: "eq", trust: 0.3, vendor: "sendmail", version: "2.1.3", }, { model: "consortium sendmail switch", scope: "eq", trust: 0.3, vendor: "sendmail", version: "2.1.2", }, { model: "consortium sendmail switch", scope: "eq", trust: 0.3, vendor: "sendmail", version: "2.1.1", }, { model: "consortium sendmail switch", scope: "eq", trust: 0.3, vendor: "sendmail", version: "2.1", }, { model: "consortium sendmail for nt", scope: "eq", trust: 0.3, vendor: "sendmail", version: "3.0.2", }, { model: "consortium sendmail for nt", scope: "eq", trust: 0.3, vendor: "sendmail", version: "3.0.1", }, { model: "consortium sendmail for nt", scope: "eq", trust: 0.3, vendor: "sendmail", version: "3.0", }, { model: "consortium sendmail for nt", scope: "eq", trust: 0.3, vendor: "sendmail", version: "2.6.1", }, { model: "consortium sendmail for nt", scope: "eq", trust: 0.3, vendor: "sendmail", version: "2.6", }, { model: "consortium sendmail", scope: "eq", trust: 0.3, vendor: "sendmail", version: "8.12.7", }, { model: "consortium sendmail", scope: "eq", trust: 0.3, vendor: "sendmail", version: "8.12.6", }, { model: "consortium sendmail", scope: "eq", trust: 0.3, vendor: "sendmail", version: "8.12.5", }, { model: "consortium sendmail", scope: "eq", trust: 0.3, vendor: "sendmail", version: "8.12.4", }, { model: "consortium sendmail", scope: "eq", trust: 0.3, vendor: "sendmail", version: "8.12.3", }, { model: "consortium sendmail", scope: "eq", trust: 0.3, vendor: "sendmail", version: "8.12.2", }, { model: "consortium sendmail", scope: "eq", trust: 0.3, vendor: "sendmail", version: "8.12.1", }, { model: "consortium sendmail beta7", scope: "eq", trust: 0.3, vendor: "sendmail", version: "8.12", }, { model: "consortium sendmail beta5", scope: "eq", trust: 0.3, vendor: "sendmail", version: "8.12", }, { model: "consortium sendmail beta16", scope: "eq", trust: 0.3, vendor: "sendmail", version: "8.12", }, { model: "consortium sendmail beta12", scope: "eq", trust: 0.3, vendor: "sendmail", version: "8.12", }, { model: "consortium sendmail beta10", scope: "eq", trust: 0.3, vendor: "sendmail", version: "8.12", }, { model: "consortium sendmail", scope: "eq", trust: 0.3, vendor: "sendmail", version: "8.12.0", }, { model: "consortium sendmail", scope: "eq", trust: 0.3, vendor: "sendmail", version: "8.11.6", }, { model: "consortium sendmail", scope: "eq", trust: 0.3, vendor: "sendmail", version: "8.11.5", }, { model: "consortium sendmail", scope: "eq", trust: 0.3, vendor: "sendmail", version: "8.11.4", }, { model: "consortium sendmail", scope: "eq", trust: 0.3, vendor: "sendmail", version: "8.11.3", }, { model: "consortium sendmail", scope: "eq", trust: 0.3, vendor: "sendmail", version: "8.11.2", }, { model: "consortium sendmail", scope: "eq", trust: 0.3, vendor: "sendmail", version: "8.11.1", }, { model: "consortium sendmail", scope: "eq", trust: 0.3, vendor: "sendmail", version: "8.11", }, { model: "consortium sendmail", scope: "eq", trust: 0.3, vendor: "sendmail", version: "8.10.2", }, { model: "consortium sendmail", scope: "eq", trust: 0.3, vendor: "sendmail", version: "8.10.1", }, { model: "consortium sendmail", scope: "eq", trust: 0.3, vendor: "sendmail", version: "8.10", }, { model: "consortium sendmail", scope: "eq", trust: 0.3, vendor: "sendmail", version: "8.9.3", }, { model: "consortium sendmail", scope: "eq", trust: 0.3, vendor: "sendmail", version: "8.9.2", }, { model: "consortium sendmail", scope: "eq", trust: 0.3, vendor: "sendmail", version: "8.9.1", }, { model: "consortium sendmail", scope: "eq", trust: 0.3, vendor: "sendmail", version: "8.9.0", }, { model: "consortium sendmail", scope: "eq", trust: 0.3, vendor: "sendmail", version: "8.8.8", }, { model: "consortium sendmail", scope: "eq", trust: 0.3, vendor: "sendmail", version: "5.65", }, { model: "consortium sendmail", scope: "eq", trust: 0.3, vendor: "sendmail", version: "5.61", }, { model: "consortium sendmail", scope: "eq", trust: 0.3, vendor: "sendmail", version: "5.59", }, { model: "unixware", scope: "eq", trust: 0.3, vendor: "sco", version: "7.1.3", }, { model: "unixware", scope: "eq", trust: 0.3, vendor: "sco", version: "7.1.1", }, { model: "open unix", scope: "eq", trust: 0.3, vendor: "sco", version: "8.0", }, { model: "z/os v1r4", scope: null, trust: 0.3, vendor: "ibm", version: null, }, { model: "z/os v1r2", scope: null, trust: 0.3, vendor: "ibm", version: null, }, { model: "os/390 v2r8", scope: null, trust: 0.3, vendor: "ibm", version: null, }, { model: "os/390 v2r10", scope: null, trust: 0.3, vendor: "ibm", version: null, }, { model: "mvs", scope: null, trust: 0.3, vendor: "ibm", version: null, }, { model: "mpe/ix", scope: "eq", trust: 0.3, vendor: "hp", version: "6.5", }, { model: "hp-ux", scope: "eq", trust: 0.3, vendor: "hp", version: "11.0", }, { model: "hp-ux b.11.22", scope: null, trust: 0.3, vendor: "hp", version: null, }, { model: "hp-ux b.11.11", scope: null, trust: 0.3, vendor: "hp", version: null, }, { model: "hp-ux b.11.04", scope: null, trust: 0.3, vendor: "hp", version: null, }, { model: "hp-ux b.11.00", scope: null, trust: 0.3, vendor: "hp", version: null, }, { model: "linux rc2", scope: "eq", trust: 0.3, vendor: "gentoo", version: "1.4", }, { model: "linux rc1", scope: "eq", trust: 0.3, vendor: "gentoo", version: "1.4", }, { model: "freebsd", scope: "eq", trust: 0.3, vendor: "freebsd", version: "5.0", }, { model: "freebsd", scope: "eq", trust: 0.3, vendor: "freebsd", version: "4.7", }, { model: "freebsd", scope: "eq", trust: 0.3, vendor: "freebsd", version: "4.6", }, { model: "irix", scope: "ne", trust: 0.3, vendor: "sgi", version: "6.5.20", }, { model: "inc sendmail switch", scope: "ne", trust: 0.3, vendor: "sendmail", version: "3.0.3", }, { model: "inc sendmail switch", scope: "ne", trust: 0.3, vendor: "sendmail", version: "2.2.5", }, { model: "inc sendmail switch", scope: "ne", trust: 0.3, vendor: "sendmail", version: "2.1.5", }, { model: "inc sendmail for nt", scope: "ne", trust: 0.3, vendor: "sendmail", version: "3.0.3", }, { model: "inc sendmail for nt", scope: "ne", trust: 0.3, vendor: "sendmail", version: "2.6.2", }, { model: "consortium sendmail switch", scope: "ne", trust: 0.3, vendor: "sendmail", version: "3.0.3", }, { model: "consortium sendmail switch", scope: "ne", trust: 0.3, vendor: "sendmail", version: "2.2.5", }, { model: "consortium sendmail switch", scope: "ne", trust: 0.3, vendor: "sendmail", version: "2.1.5", }, { model: "consortium sendmail for nt", scope: "ne", trust: 0.3, vendor: "sendmail", version: "3.0.3", }, { model: "consortium sendmail for nt", scope: "ne", trust: 0.3, vendor: "sendmail", version: "2.6.2", }, { model: "consortium sendmail", scope: "ne", trust: 0.3, vendor: "sendmail", version: "8.12.8", }, { model: "gnu/*/linux", scope: "ne", trust: 0.3, vendor: "openwall", version: "1.0", }, { model: "networks junos", scope: "ne", trust: 0.3, vendor: "juniper", version: "5.1", }, { model: "networks junos", scope: "ne", trust: 0.3, vendor: "juniper", version: "5.0", }, ], sources: [ { db: "CERT/CC", id: "VU#398025", }, { db: "BID", id: "6991", }, { db: "JVNDB", id: "JVNDB-2003-000061", }, { db: "CNNVD", id: "CNNVD-200303-038", }, { db: "NVD", id: "CVE-2002-1337", }, ], }, credits: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "ISS X-Force※ xforce@iss.net", sources: [ { db: "CNNVD", id: "CNNVD-200303-038", }, ], trust: 0.6, }, cve: "CVE-2002-1337", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "nvd@nist.gov", availabilityImpact: "COMPLETE", baseScore: 10, confidentialityImpact: "COMPLETE", exploitabilityScore: 10, id: "CVE-2002-1337", impactScore: 10, integrityImpact: "COMPLETE", severity: "HIGH", trust: 1.8, vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "VULHUB", availabilityImpact: "COMPLETE", baseScore: 10, confidentialityImpact: "COMPLETE", exploitabilityScore: 10, id: "VHN-5722", impactScore: 10, integrityImpact: "COMPLETE", severity: "HIGH", trust: 0.1, vectorString: "AV:N/AC:L/AU:N/C:C/I:C/A:C", version: "2.0", }, ], cvssV3: [], severity: [ { author: "nvd@nist.gov", id: "CVE-2002-1337", trust: 1, value: "HIGH", }, { author: "CARNEGIE MELLON", id: "VU#398025", trust: 0.8, value: "66.00", }, { author: "NVD", id: "CVE-2002-1337", trust: 0.8, value: "High", }, { author: "CNNVD", id: "CNNVD-200303-038", trust: 0.6, value: "CRITICAL", }, { author: "VULHUB", id: "VHN-5722", trust: 0.1, value: "HIGH", }, ], }, ], sources: [ { db: "CERT/CC", id: "VU#398025", }, { db: "VULHUB", id: "VHN-5722", }, { db: "JVNDB", id: "JVNDB-2003-000061", }, { db: "CNNVD", id: "CNNVD-200303-038", }, { db: "NVD", id: "CVE-2002-1337", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Buffer overflow in Sendmail 5.79 to 8.12.7 allows remote attackers to execute arbitrary code via certain formatted address fields, related to sender and recipient header comments as processed by the crackaddr function of headers.c. sendmail A buffer overflow vulnerability was discovered in message processing. The vulnerability could allow a third party to gain administrative privileges remotely. This problem, sendmail is caused by receiving a message with maliciously constructed header information. For this reason, LAN is running on a host installed within sendmail Even other MTA (Mail Transfer Agent) You may be affected by the vulnerability if you receive a malicious message relayed from .A third party may be able to remotely obtain administrator privileges. Sendmail is prone to a remotely buffer-overflow vulnerability in the SMTP header parsing component. Successful attackers may exploit this vulnerability to gain control of affected servers. \nReportedly, this vulnerability may be locally exploitable if the sendmail binary is setuid/setgid. \nSendmail 5.2 to 8.12.7 are affected. Administrators are advised to upgrade to 8.12.8 or to apply patches to earlier versions of the 8.12.x tree. Most organizations have various mail transfer agents (MTAs) at various locations within their network, at least one of which is directly connected to the Internet. According to statistics, Internet mail traffic handled by Sendmail accounts for 50\\\\% to 75\\\\% of the total. Many UNIX and Linux workstations run Sendmail by default. When an email header contains an address or address list (eg \\\"From\\\", \\\"To\\\", \\\"CC\\\"), Sendmail will attempt to check whether the provided address or address list is valid. Sendmail does this using the crackaddr() function, which is located in the headers.c file in the Sendmail source tree. Sendmail will check this buffer and stop adding data to it if it is found to be full. Sendmail goes through several safety checks to ensure that characters are interpreted correctly. On most Unix or Linux systems, Sendmail runs as the root user. Because the attack code can be included in what appears to be a normal email message, it can easily penetrate many common packet filtering devices or firewalls without being detected. Successful exploitation of an unpatched sendmail system leaves no messages in the syslog. However, on patched systems, attempts to exploit this vulnerability leave the following log message: Dropped invalid comments from header address This vulnerability affects both the commercial and open source versions of Sendmail, and is also reported to have been tested in the lab environment has been successfully exploited", sources: [ { db: "NVD", id: "CVE-2002-1337", }, { db: "CERT/CC", id: "VU#398025", }, { db: "JVNDB", id: "JVNDB-2003-000061", }, { db: "BID", id: "6991", }, { db: "VULHUB", id: "VHN-5722", }, ], trust: 2.7, }, exploit_availability: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { reference: "https://www.scap.org.cn/vuln/vhn-5722", trust: 0.1, type: "unknown", }, ], sources: [ { db: "VULHUB", id: "VHN-5722", }, ], }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2002-1337", trust: 3.6, }, { db: "CERT/CC", id: "VU#398025", trust: 3.3, }, { db: "BID", id: "6991", trust: 2.8, }, { db: "XF", id: "10748", trust: 1.4, }, { db: "XF", id: "11653", trust: 0.8, }, { db: "JVNDB", id: "JVNDB-2003-000061", trust: 0.8, }, { db: "CNNVD", id: "CNNVD-200303-038", trust: 0.7, }, { db: "CALDERA", id: "CSSA-2003-SCO.5", trust: 0.6, }, { db: "CALDERA", id: "CSSA-2003-SCO.6", trust: 0.6, }, { db: "REDHAT", id: "RHSA-2003:074", trust: 0.6, }, { db: "REDHAT", id: "RHSA-2003:073", trust: 0.6, }, { db: "REDHAT", id: "RHSA-2003:227", trust: 0.6, }, { db: "HP", id: "HPSBUX0302-246", trust: 0.6, }, { db: "BUGTRAQ", id: "20030303 FWD: APPLE-SA-2003-03-03 SENDMAIL", trust: 0.6, }, { db: "BUGTRAQ", id: "20030304 [LSD] TECHNICAL ANALYSIS OF THE REMOTE SENDMAIL VULNERABILITY", trust: 0.6, }, { db: "BUGTRAQ", id: "20030304 GLSA: SENDMAIL (200303-4)", trust: 0.6, }, { db: "BUGTRAQ", id: "20030303 SENDMAIL 8.12.8 AVAILABLE", trust: 0.6, }, { db: "CERT/CC", id: "CA-2003-07", trust: 0.6, }, { db: "OVAL", id: "OVAL:ORG.MITRE.OVAL:DEF:2222", trust: 0.6, }, { db: "AIXAPAR", id: "IY40500", trust: 0.6, }, { db: "AIXAPAR", id: "IY40502", trust: 0.6, }, { db: "AIXAPAR", id: "IY40501", trust: 0.6, }, { db: "CONECTIVA", id: "CLA-2003:571", trust: 0.6, }, { db: "MANDRAKE", id: "MDKSA-2003:028", trust: 0.6, }, { db: "SGI", id: "20030301-01-P", trust: 0.6, }, { db: "DEBIAN", id: "DSA-257", trust: 0.6, }, { db: "ISS", id: "20030303 REMOTE SENDMAIL HEADER PROCESSING VULNERABILITY", trust: 0.6, }, { db: "NETBSD", id: "NETBSD-SA2003-002", trust: 0.6, }, { db: "SEEBUG", id: "SSVID-76118", trust: 0.1, }, { db: "SEEBUG", id: "SSVID-76119", trust: 0.1, }, { db: "EXPLOIT-DB", id: "22314", trust: 0.1, }, { db: "EXPLOIT-DB", id: "22313", trust: 0.1, }, { db: "EXPLOIT-DB", id: "411", trust: 0.1, }, { db: "VULHUB", id: "VHN-5722", trust: 0.1, }, ], sources: [ { db: "CERT/CC", id: "VU#398025", }, { db: "VULHUB", id: "VHN-5722", }, { db: "BID", id: "6991", }, { db: "JVNDB", id: "JVNDB-2003-000061", }, { db: "CNNVD", id: "CNNVD-200303-038", }, { db: "NVD", id: "CVE-2002-1337", }, ], }, id: "VAR-200303-0122", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VULHUB", id: "VHN-5722", }, ], trust: 0.421969685, }, last_update_date: "2024-11-22T21:23:55.658000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "HS03-001 Fujitsu CERT Advisory information", trust: 0.8, url: "http://www.debian.org/security/2003/dsa-257", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2003-000061", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-120", trust: 1, }, { problemtype: "Classic buffer overflow (CWE-120) [NVD evaluation ]", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2003-000061", }, { db: "NVD", id: "CVE-2002-1337", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 4.3, url: "http://www.iss.net/issen/delivery/xforce/alertdetail.jsp?oid=21950", }, { trust: 3.8, url: "http://www.sendmail.org/8.12.8.html", }, { trust: 3.8, url: "http://www.cert.org/advisories/ca-2003-07.html", }, { trust: 3.5, url: "http://www.securityfocus.com/bid/6991", }, { trust: 3.5, url: "http://www.kb.cert.org/vuls/id/398025", }, { trust: 2.7, url: "http://www-1.ibm.com/support/search.wss?rs=0&q=iy40500&apar=only", }, { trust: 2.7, url: "http://www-1.ibm.com/support/search.wss?rs=0&q=iy40501&apar=only", }, { trust: 2.7, url: "http://www-1.ibm.com/support/search.wss?rs=0&q=iy40502&apar=only", }, { trust: 2.7, url: "ftp://ftp.sco.com/pub/updates/unixware/cssa-2003-sco.5", }, { trust: 2.7, url: "ftp://ftp.sco.com/pub/updates/openserver/cssa-2003-sco.6", }, { trust: 2.7, url: "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000571", }, { trust: 2.7, url: "http://www.debian.org/security/2003/dsa-257", }, { trust: 2.7, url: "http://frontal2.mandriva.com/security/advisories?name=mdksa-2003:028", }, { trust: 2.7, url: "ftp://ftp.netbsd.org/pub/netbsd/security/advisories/netbsd-sa2003-002.txt.asc", }, { trust: 2.7, url: "http://www.redhat.com/support/errata/rhsa-2003-073.html", }, { trust: 2.7, url: "http://www.redhat.com/support/errata/rhsa-2003-074.html", }, { trust: 2.7, url: "http://www.redhat.com/support/errata/rhsa-2003-227.html", }, { trust: 2.7, url: "ftp://patches.sgi.com/support/free/security/advisories/20030301-01-p", }, { trust: 2.7, url: "http://www.iss.net/security_center/static/10748.php", }, { trust: 2.1, url: "http://marc.info/?l=bugtraq&m=104678862109841&w=2", }, { trust: 2.1, url: "http://marc.info/?l=bugtraq&m=104673778105192&w=2", }, { trust: 2.1, url: "http://marc.info/?l=bugtraq&m=104678862409849&w=2", }, { trust: 2.1, url: "http://marc.info/?l=bugtraq&m=104678739608479&w=2", }, { trust: 2.1, url: "http://marc.info/?l=bugtraq&m=104679411316818&w=2", }, { trust: 2.1, url: "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a2222", }, { trust: 1.1, url: "http://www.sendmail.org", }, { trust: 0.8, url: "http://www.sendmail.com/security/", }, { trust: 0.8, url: "http://www.securityfocus.org/archive/1/313757/2003-03-01/2003-03-07/0", }, { trust: 0.8, url: "http://www.nipc.gov/warnings/advisories/2003/03-004.htm", }, { trust: 0.8, url: "http://jvn.jp/cert/jvnca-2003-07", }, { trust: 0.8, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2002-1337", }, { trust: 0.8, url: "http://www.jpcert.or.jp/at/2003/at030002.txt", }, { trust: 0.8, url: "http://www.jpcert.or.jp/wr/2003/wr031001.txt", }, { trust: 0.8, url: "http://www.cyberpolice.go.jp/important/20030314_190827.html", }, { trust: 0.8, url: "http://www.cyberpolice.go.jp/important/20030305_170302.html", }, { trust: 0.8, url: "http://www.ipa.go.jp/security/ciadr/20030303sendmail.html", }, { trust: 0.8, url: "http://www.ciac.org/ciac/bulletins/n-048.shtml", }, { trust: 0.8, url: "http://www.isskk.co.jp/support/techinfo/general/sendmailheader_xforce.html", }, { trust: 0.8, url: "http://xforce.iss.net/xforce/xfdb/10748", }, { trust: 0.8, url: "http://xforce.iss.net/xforce/xfdb/11653", }, { trust: 0.6, url: "http://ftp.support.compaq.com/patches/public/readmes/unix/t64v51ab21-c0103500-17099-es-20030226.readme", }, { trust: 0.6, url: "http://marc.theaimsgroup.com/?l=bugtraq&m=104679411316818&w=2", }, { trust: 0.6, url: "http://marc.theaimsgroup.com/?l=bugtraq&m=104678862409849&w=2", }, { trust: 0.6, url: "http://marc.theaimsgroup.com/?l=bugtraq&m=104678862109841&w=2", }, { trust: 0.6, url: "http://marc.theaimsgroup.com/?l=bugtraq&m=104678739608479&w=2", }, { trust: 0.6, url: "http://marc.theaimsgroup.com/?l=bugtraq&m=104673778105192&w=2", }, { trust: 0.6, url: "http://oval.mitre.org/repository/data/getdef?id=oval:org.mitre.oval:def:2222", }, { trust: 0.3, url: "http://www.info.apple.com/usen/security/security_updates.html", }, { trust: 0.3, url: "http://www-1.ibm.com/services/continuity/recover1.nsf/mss/mss-oar-e01-2003.0794.1", }, { trust: 0.3, url: "http://www.slackware.org/lists/archive/viewer.php?l=slackware-security&y=2003&m=slackware-security.286398", }, { trust: 0.3, url: "http://www.sendmail.org/", }, { trust: 0.3, url: "ftp://ftp1.support.compaq.com/public/unix/v4.0g/t64v40gb17-c0028100-16887-es-20030211.readme", }, { trust: 0.3, url: "ftp://ftp1.support.compaq.com/public/unix/v4.0f/duv40fb18-c0092200-16888-es-20030211.readme", }, { trust: 0.3, url: "http://ftp1.support.compaq.com/public/unix/v5.0a/t64v50ab17-c0031300-16884-es-20030211.readme", }, { trust: 0.3, url: "ftp://ftp1.support.compaq.com/public/unix/v5.1/t64v51b19-c0169100-16882-es-20030211.readme", }, { trust: 0.3, url: "http://ftp.support.compaq.com/patches/public/readmes/unix/t64v51bb1-c0003900-16874-es-20030211.readme", }, { trust: 0.3, url: "http://ftp.support.compaq.com/patches/public/readmes/unix/t64v51b20-c0169800-16980-es-20030218.readme", }, { trust: 0.3, url: "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/51181", }, { trust: 0.3, url: "http://www.sendmail.com", }, { trust: 0.3, url: "/archive/1/313757", }, { trust: 0.3, url: "/archive/1/313795", }, { trust: 0.3, url: "/archive/1/313841", }, { trust: 0.1, url: "", }, ], sources: [ { db: "CERT/CC", id: "VU#398025", }, { db: "VULHUB", id: "VHN-5722", }, { db: "BID", id: "6991", }, { db: "JVNDB", id: "JVNDB-2003-000061", }, { db: "CNNVD", id: "CNNVD-200303-038", }, { db: "NVD", id: "CVE-2002-1337", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CERT/CC", id: "VU#398025", }, { db: "VULHUB", id: "VHN-5722", }, { db: "BID", id: "6991", }, { db: "JVNDB", id: "JVNDB-2003-000061", }, { db: "CNNVD", id: "CNNVD-200303-038", }, { db: "NVD", id: "CVE-2002-1337", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2003-03-03T00:00:00", db: "CERT/CC", id: "VU#398025", }, { date: "2003-03-07T00:00:00", db: "VULHUB", id: "VHN-5722", }, { date: "2003-03-02T00:00:00", db: "BID", id: "6991", }, { date: "2007-04-01T00:00:00", db: "JVNDB", id: "JVNDB-2003-000061", }, { date: "2003-03-07T00:00:00", db: "CNNVD", id: "CNNVD-200303-038", }, { date: "2003-03-07T05:00:00", db: "NVD", id: "CVE-2002-1337", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2003-09-15T00:00:00", db: "CERT/CC", id: "VU#398025", }, { date: "2018-10-30T00:00:00", db: "VULHUB", id: "VHN-5722", }, { date: "2007-09-22T00:30:00", db: "BID", id: "6991", }, { date: "2024-03-01T01:52:00", db: "JVNDB", id: "JVNDB-2003-000061", }, { date: "2006-08-24T00:00:00", db: "CNNVD", id: "CNNVD-200303-038", }, { date: "2024-11-20T23:41:03.983000", db: "NVD", id: "CVE-2002-1337", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-200303-038", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Remote Buffer Overflow in Sendmail", sources: [ { db: "CERT/CC", id: "VU#398025", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Boundary Condition Error", sources: [ { db: "BID", id: "6991", }, { db: "CNNVD", id: "CNNVD-200303-038", }, ], trust: 0.9, }, }
var-199708-0008
Vulnerability from variot
ICMP information such as (1) netmask and (2) timestamp is allowed from arbitrary hosts. McAfee Data Loss Prevention (DLP) is a set of data loss prevention solutions from McAfee. The solution protects intellectual property and ensures compliance by protecting the environment in which sensitive data resides (on-premise, in the cloud, or on the endpoint). Cross-site scripting vulnerabilities and cross-site request forgery vulnerabilities exist in McAfee DLP. When the user browses the affected website, his browser will execute any script code provided by the attacker, which may cause the attacker to steal cookie-based authentication, perform unauthorized operations, leak or modify sensitive information, or other forms may exist. s attack. Other attacks may also be possible
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-199708-0008", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "windows", scope: "eq", trust: 1, vendor: "microsoft", version: null, }, { model: "unix", scope: "eq", trust: 1, vendor: "sco", version: null, }, { model: "solaris", scope: "eq", trust: 1, vendor: "oracle", version: null, }, { model: "kernel", scope: "eq", trust: 1, vendor: "linux", version: null, }, { model: "ios", scope: "eq", trust: 1, vendor: "cisco", version: null, }, { model: "os2", scope: "eq", trust: 1, vendor: "ibm", version: null, }, { model: "tru64", scope: "eq", trust: 1, vendor: "hp", version: null, }, { model: "netware", scope: "eq", trust: 1, vendor: "novell", version: null, }, { model: "irix", scope: "eq", trust: 1, vendor: "sgi", version: null, }, { model: "bsdos", scope: "eq", trust: 1, vendor: "windriver", version: null, }, { model: "mac os x", scope: "eq", trust: 1, vendor: "apple", version: null, }, { model: "hp-ux", scope: "eq", trust: 1, vendor: "hp", version: null, }, { model: "macos", scope: "eq", trust: 1, vendor: "apple", version: null, }, { model: "aix", scope: "eq", trust: 1, vendor: "ibm", version: null, }, { model: "kernel", scope: null, trust: 0.6, vendor: "linux", version: null, }, { model: "network data loss prevention", scope: "eq", trust: 0.3, vendor: "mcafee", version: "9.2.2", }, { model: "network data loss prevention", scope: "eq", trust: 0.3, vendor: "mcafee", version: "9.2.1", }, { model: "network data loss prevention", scope: "eq", trust: 0.3, vendor: "mcafee", version: "9.2.0", }, { model: "network data loss prevention", scope: "eq", trust: 0.3, vendor: "mcafee", version: "8.6", }, { model: "network data loss prevention", scope: "ne", trust: 0.3, vendor: "mcafee", version: "9.3", }, ], sources: [ { db: "BID", id: "61811", }, { db: "CNNVD", id: "CNNVD-199708-003", }, { db: "NVD", id: "CVE-1999-0524", }, ], }, credits: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "ANZ Bank, BAE Systems, Graham Bell of Stratsec.Detica, Jamie Ooi, DirecTV, Xylinx, and Telstra", sources: [ { db: "BID", id: "61811", }, { db: "CNNVD", id: "CNNVD-201308-265", }, ], trust: 0.9, }, cve: "CVE-1999-0524", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", author: "nvd@nist.gov", availabilityImpact: "NONE", baseScore: 2.1, confidentialityImpact: "PARTIAL", exploitabilityScore: 3.9, id: "CVE-1999-0524", impactScore: 2.9, integrityImpact: "NONE", severity: "LOW", trust: 1, vectorString: "AV:L/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", author: "VULHUB", availabilityImpact: "NONE", baseScore: 0, confidentialityImpact: "NONE", exploitabilityScore: 3.9, id: "VHN-522", impactScore: 0, integrityImpact: "NONE", severity: "LOW", trust: 0.1, vectorString: "AV:L/AC:L/AU:N/C:N/I:N/A:N", version: "2.0", }, ], cvssV3: [], severity: [ { author: "nvd@nist.gov", id: "CVE-1999-0524", trust: 1, value: "LOW", }, { author: "CNNVD", id: "CNNVD-199708-003", trust: 0.6, value: "LOW", }, { author: "VULHUB", id: "VHN-522", trust: 0.1, value: "LOW", }, ], }, ], sources: [ { db: "VULHUB", id: "VHN-522", }, { db: "CNNVD", id: "CNNVD-199708-003", }, { db: "NVD", id: "CVE-1999-0524", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "ICMP information such as (1) netmask and (2) timestamp is allowed from arbitrary hosts. McAfee Data Loss Prevention (DLP) is a set of data loss prevention solutions from McAfee. The solution protects intellectual property and ensures compliance by protecting the environment in which sensitive data resides (on-premise, in the cloud, or on the endpoint). \nCross-site scripting vulnerabilities and cross-site request forgery vulnerabilities exist in McAfee DLP. When the user browses the affected website, his browser will execute any script code provided by the attacker, which may cause the attacker to steal cookie-based authentication, perform unauthorized operations, leak or modify sensitive information, or other forms may exist. s attack. Other attacks may also be possible", sources: [ { db: "NVD", id: "CVE-1999-0524", }, { db: "CNNVD", id: "CNNVD-201308-265", }, { db: "BID", id: "61811", }, { db: "VULHUB", id: "VHN-522", }, ], trust: 1.8, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "MCAFEE", id: "SB10053", trust: 2, }, { db: "NVD", id: "CVE-1999-0524", trust: 1.7, }, { db: "JUNIPER", id: "JSA10705", trust: 1.7, }, { db: "OSVDB", id: "95", trust: 1.7, }, { db: "BID", id: "61811", trust: 0.9, }, { db: "CNNVD", id: "CNNVD-199708-003", trust: 0.7, }, { db: "CNNVD", id: "CNNVD-201308-265", trust: 0.6, }, { db: "VULHUB", id: "VHN-522", trust: 0.1, }, ], sources: [ { db: "VULHUB", id: "VHN-522", }, { db: "BID", id: "61811", }, { db: "CNNVD", id: "CNNVD-199708-003", }, { db: "CNNVD", id: "CNNVD-201308-265", }, { db: "NVD", id: "CVE-1999-0524", }, ], }, id: "VAR-199708-0008", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VULHUB", id: "VHN-522", }, ], trust: 0.01, }, last_update_date: "2024-11-22T20:59:20.509000Z", problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-200", trust: 1.1, }, { problemtype: "NVD-CWE-noinfo", trust: 1, }, ], sources: [ { db: "VULHUB", id: "VHN-522", }, { db: "NVD", id: "CVE-1999-0524", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2.9, url: "https://kc.mcafee.com/corporate/index?page=content&id=sb10053", }, { trust: 2.7, url: "http://descriptions.securescout.com/tc/11010", }, { trust: 2.7, url: "http://descriptions.securescout.com/tc/11011", }, { trust: 2.7, url: "http://www.osvdb.org/95", }, { trust: 2.7, url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/306", }, { trust: 2.7, url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/322", }, { trust: 2.6, url: "http://kb.juniper.net/infocenter/index?page=content&id=jsa10705", }, { trust: 2.6, url: "http://kb.vmware.com/selfservice/microsites/search.do?cmd=displaykc&externalid=1434", }, { trust: 0.6, url: "http://www.securityfocus.com/bid/61811", }, { trust: 0.3, url: "http://www.mcafee.com/us/products/data-protection/data-loss-prevention.aspx", }, { trust: 0.1, url: "http://kb.juniper.net/infocenter/index?page=content&id=jsa10705", }, { trust: 0.1, url: "https://kc.mcafee.com/corporate/index?page=content&id=sb10053", }, { trust: 0.1, url: "http://kb.vmware.com/selfservice/microsites/search.do?cmd=displaykc&externalid=1434", }, ], sources: [ { db: "VULHUB", id: "VHN-522", }, { db: "BID", id: "61811", }, { db: "CNNVD", id: "CNNVD-199708-003", }, { db: "CNNVD", id: "CNNVD-201308-265", }, { db: "NVD", id: "CVE-1999-0524", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULHUB", id: "VHN-522", }, { db: "BID", id: "61811", }, { db: "CNNVD", id: "CNNVD-199708-003", }, { db: "CNNVD", id: "CNNVD-201308-265", }, { db: "NVD", id: "CVE-1999-0524", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "1997-08-01T00:00:00", db: "VULHUB", id: "VHN-522", }, { date: "2013-08-13T00:00:00", db: "BID", id: "61811", }, { date: "1997-08-01T00:00:00", db: "CNNVD", id: "CNNVD-199708-003", }, { date: "2013-08-20T00:00:00", db: "CNNVD", id: "CNNVD-201308-265", }, { date: "1997-08-01T04:00:00", db: "NVD", id: "CVE-1999-0524", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2017-07-11T00:00:00", db: "VULHUB", id: "VHN-522", }, { date: "2013-08-13T00:00:00", db: "BID", id: "61811", }, { date: "2022-11-17T00:00:00", db: "CNNVD", id: "CNNVD-199708-003", }, { date: "2013-08-20T00:00:00", db: "CNNVD", id: "CNNVD-201308-265", }, { date: "2024-11-20T23:28:56.657000", db: "NVD", id: "CVE-1999-0524", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "local", sources: [ { db: "CNNVD", id: "CNNVD-199708-003", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Linux kernel Information disclosure vulnerability", sources: [ { db: "CNNVD", id: "CNNVD-199708-003", }, ], trust: 0.6, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "information disclosure", sources: [ { db: "CNNVD", id: "CNNVD-199708-003", }, ], trust: 0.6, }, }
var-200705-0013
Vulnerability from variot
formmail.php in Jetbox CMS 2.1 allows remote attackers to send arbitrary e-mails (spam) via modified recipient, _SETTINGS[allowed_email_hosts][], and subject parameters. Jetbox CMS is prone to an input-validation vulnerabilitiy because it fails to adequately sanitize user-supplied input. Attackers can exploit this issue to send spam email in the context of the application. Jetbox 2.1 is vulnerable; other versions may also be affected
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-200705-0013", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "cms", scope: "eq", trust: 2.1, vendor: "jetbox", version: "2.1", }, { model: "bsdos", scope: null, trust: 0.6, vendor: "windriver", version: null, }, ], sources: [ { db: "BID", id: "23989", }, { db: "JVNDB", id: "JVNDB-2007-003653", }, { db: "CNNVD", id: "CNNVD-200705-335", }, { db: "NVD", id: "CVE-2007-1898", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { cpe_match: [ { cpe22Uri: "cpe:/a:jetbox:jetbox_cms", vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2007-003653", }, ], }, credits: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Jesper Jurcenoks is credited with the discovery of this issue.", sources: [ { db: "BID", id: "23989", }, { db: "CNNVD", id: "CNNVD-200705-335", }, ], trust: 0.9, }, cve: "CVE-2007-1898", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", author: "nvd@nist.gov", availabilityImpact: "NONE", baseScore: 5.8, confidentialityImpact: "PARTIAL", exploitabilityScore: 8.6, id: "CVE-2007-1898", impactScore: 4.9, integrityImpact: "PARTIAL", severity: "MEDIUM", trust: 1.8, vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:N", version: "2.0", }, { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", author: "VULHUB", availabilityImpact: "NONE", baseScore: 5.8, confidentialityImpact: "PARTIAL", exploitabilityScore: 8.6, id: "VHN-25260", impactScore: 4.9, integrityImpact: "PARTIAL", severity: "MEDIUM", trust: 0.1, vectorString: "AV:N/AC:M/AU:N/C:P/I:P/A:N", version: "2.0", }, ], cvssV3: [], severity: [ { author: "nvd@nist.gov", id: "CVE-2007-1898", trust: 1, value: "MEDIUM", }, { author: "NVD", id: "CVE-2007-1898", trust: 0.8, value: "Medium", }, { author: "CNNVD", id: "CNNVD-200705-335", trust: 0.6, value: "MEDIUM", }, { author: "VULHUB", id: "VHN-25260", trust: 0.1, value: "MEDIUM", }, ], }, ], sources: [ { db: "VULHUB", id: "VHN-25260", }, { db: "JVNDB", id: "JVNDB-2007-003653", }, { db: "CNNVD", id: "CNNVD-200705-335", }, { db: "NVD", id: "CVE-2007-1898", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "formmail.php in Jetbox CMS 2.1 allows remote attackers to send arbitrary e-mails (spam) via modified recipient, _SETTINGS[allowed_email_hosts][], and subject parameters. Jetbox CMS is prone to an input-validation vulnerabilitiy because it fails to adequately sanitize user-supplied input. \nAttackers can exploit this issue to send spam email in the context of the application. \nJetbox 2.1 is vulnerable; other versions may also be affected", sources: [ { db: "NVD", id: "CVE-2007-1898", }, { db: "JVNDB", id: "JVNDB-2007-003653", }, { db: "BID", id: "23989", }, { db: "VULHUB", id: "VHN-25260", }, ], trust: 1.98, }, exploit_availability: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { reference: "https://www.scap.org.cn/vuln/vhn-25260", trust: 0.1, type: "unknown", }, ], sources: [ { db: "VULHUB", id: "VHN-25260", }, ], }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2007-1898", trust: 2.8, }, { db: "BID", id: "23989", trust: 2, }, { db: "SREASON", id: "2710", trust: 1.7, }, { db: "OSVDB", id: "34088", trust: 1.7, }, { db: "VUPEN", id: "ADV-2007-1831", trust: 1.7, }, { db: "SECTRACK", id: "1018063", trust: 1.7, }, { db: "JVNDB", id: "JVNDB-2007-003653", trust: 0.8, }, { db: "CNNVD", id: "CNNVD-200705-335", trust: 0.7, }, { db: "XF", id: "34292", trust: 0.6, }, { db: "BUGTRAQ", id: "20070515 JETBOX CMS VERSION 2.1 E-MAIL INJECTION VULNERABILITY", trust: 0.6, }, { db: "PACKETSTORM", id: "56801", trust: 0.1, }, { db: "SEEBUG", id: "SSVID-83505", trust: 0.1, }, { db: "EXPLOIT-DB", id: "30040", trust: 0.1, }, { db: "VULHUB", id: "VHN-25260", trust: 0.1, }, ], sources: [ { db: "VULHUB", id: "VHN-25260", }, { db: "BID", id: "23989", }, { db: "JVNDB", id: "JVNDB-2007-003653", }, { db: "CNNVD", id: "CNNVD-200705-335", }, { db: "NVD", id: "CVE-2007-1898", }, ], }, id: "VAR-200705-0013", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VULHUB", id: "VHN-25260", }, ], trust: 0.01, }, last_update_date: "2024-11-23T21:49:05.095000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Jetbox CMS", trust: 0.8, url: "http://jetbox.streamedge.com/", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2007-003653", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "NVD-CWE-Other", trust: 1, }, ], sources: [ { db: "NVD", id: "CVE-2007-1898", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.7, url: "http://www.securityfocus.com/bid/23989", }, { trust: 1.7, url: "http://www.netvigilance.com/advisory0026", }, { trust: 1.7, url: "http://www.osvdb.org/34088", }, { trust: 1.7, url: "http://www.securitytracker.com/id?1018063", }, { trust: 1.7, url: "http://securityreason.com/securityalert/2710", }, { trust: 1.1, url: "http://www.securityfocus.com/archive/1/468644/100/0/threaded", }, { trust: 1.1, url: "http://www.vupen.com/english/advisories/2007/1831", }, { trust: 1.1, url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/34292", }, { trust: 0.8, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-1898", }, { trust: 0.8, url: "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-1898", }, { trust: 0.6, url: "http://xforce.iss.net/xforce/xfdb/34292", }, { trust: 0.6, url: "http://www.securityfocus.com/archive/1/archive/1/468644/100/0/threaded", }, { trust: 0.6, url: "http://www.frsirt.com/english/advisories/2007/1831", }, { trust: 0.3, url: "http://sourceforge.net/projects/jetboxone/", }, { trust: 0.3, url: "/archive/1/468644", }, ], sources: [ { db: "VULHUB", id: "VHN-25260", }, { db: "BID", id: "23989", }, { db: "JVNDB", id: "JVNDB-2007-003653", }, { db: "CNNVD", id: "CNNVD-200705-335", }, { db: "NVD", id: "CVE-2007-1898", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULHUB", id: "VHN-25260", }, { db: "BID", id: "23989", }, { db: "JVNDB", id: "JVNDB-2007-003653", }, { db: "CNNVD", id: "CNNVD-200705-335", }, { db: "NVD", id: "CVE-2007-1898", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2007-05-16T00:00:00", db: "VULHUB", id: "VHN-25260", }, { date: "2007-05-15T00:00:00", db: "BID", id: "23989", }, { date: "2012-09-25T00:00:00", db: "JVNDB", id: "JVNDB-2007-003653", }, { date: "2007-05-16T00:00:00", db: "CNNVD", id: "CNNVD-200705-335", }, { date: "2007-05-16T22:30:00", db: "NVD", id: "CVE-2007-1898", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2018-10-16T00:00:00", db: "VULHUB", id: "VHN-25260", }, { date: "2016-07-06T14:39:00", db: "BID", id: "23989", }, { date: "2012-09-25T00:00:00", db: "JVNDB", id: "JVNDB-2007-003653", }, { date: "2007-05-24T00:00:00", db: "CNNVD", id: "CNNVD-200705-335", }, { date: "2024-11-21T00:29:25.010000", db: "NVD", id: "CVE-2007-1898", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-200705-335", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Jetbox CMS of formmail.php Spam spam vulnerability", sources: [ { db: "JVNDB", id: "JVNDB-2007-003653", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "code injection", sources: [ { db: "CNNVD", id: "CNNVD-200705-335", }, ], trust: 0.6, }, }
var-200702-0154
Vulnerability from variot
SQL injection vulnerability in directory.php in Super Link Exchange Script 1.0 might allow remote attackers to execute arbitrary SQL queries via the cat parameter
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-200702-0154", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "super link exchange script", scope: "eq", trust: 1.8, vendor: "super link exchange script", version: "1.0", }, { model: "kernel", scope: null, trust: 0.6, vendor: "linux", version: null, }, { model: "bsdos", scope: null, trust: 0.6, vendor: "windriver", version: null, }, { model: "link exchange script super link exchange script", scope: "eq", trust: 0.3, vendor: "super", version: "1.0", }, ], sources: [ { db: "BID", id: "82138", }, { db: "JVNDB", id: "JVNDB-2007-004849", }, { db: "CNNVD", id: "CNNVD-200702-415", }, { db: "NVD", id: "CVE-2006-7034", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { cpe_match: [ { cpe22Uri: "cpe:/a:super_link_exchange_script:super_link_exchange_script", vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2007-004849", }, ], }, credits: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Unknown", sources: [ { db: "BID", id: "82138", }, ], trust: 0.3, }, cve: "CVE-2006-7034", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "nvd@nist.gov", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", exploitabilityScore: 10, id: "CVE-2006-7034", impactScore: 6.4, integrityImpact: "PARTIAL", severity: "HIGH", trust: 1.8, vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "VULHUB", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", exploitabilityScore: 10, id: "VHN-23142", impactScore: 6.4, integrityImpact: "PARTIAL", severity: "HIGH", trust: 0.1, vectorString: "AV:N/AC:L/AU:N/C:P/I:P/A:P", version: "2.0", }, ], cvssV3: [], severity: [ { author: "nvd@nist.gov", id: "CVE-2006-7034", trust: 1, value: "HIGH", }, { author: "NVD", id: "CVE-2006-7034", trust: 0.8, value: "High", }, { author: "CNNVD", id: "CNNVD-200702-415", trust: 0.6, value: "HIGH", }, { author: "VULHUB", id: "VHN-23142", trust: 0.1, value: "HIGH", }, ], }, ], sources: [ { db: "VULHUB", id: "VHN-23142", }, { db: "JVNDB", id: "JVNDB-2007-004849", }, { db: "CNNVD", id: "CNNVD-200702-415", }, { db: "NVD", id: "CVE-2006-7034", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "SQL injection vulnerability in directory.php in Super Link Exchange Script 1.0 might allow remote attackers to execute arbitrary SQL queries via the cat parameter", sources: [ { db: "NVD", id: "CVE-2006-7034", }, { db: "JVNDB", id: "JVNDB-2007-004849", }, { db: "BID", id: "82138", }, { db: "VULHUB", id: "VHN-23142", }, ], trust: 1.98, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2006-7034", trust: 2.8, }, { db: "SREASON", id: "2285", trust: 2, }, { db: "XF", id: "26720", trust: 0.9, }, { db: "JVNDB", id: "JVNDB-2007-004849", trust: 0.8, }, { db: "CNNVD", id: "CNNVD-200702-415", trust: 0.7, }, { db: "BUGTRAQ", id: "20060525 SUPER LINK EXCHANGE SCRIPT V1.0", trust: 0.6, }, { db: "BID", id: "82138", trust: 0.4, }, { db: "VULHUB", id: "VHN-23142", trust: 0.1, }, ], sources: [ { db: "VULHUB", id: "VHN-23142", }, { db: "BID", id: "82138", }, { db: "JVNDB", id: "JVNDB-2007-004849", }, { db: "CNNVD", id: "CNNVD-200702-415", }, { db: "NVD", id: "CVE-2006-7034", }, ], }, id: "VAR-200702-0154", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VULHUB", id: "VHN-23142", }, ], trust: 0.01, }, last_update_date: "2024-11-23T22:28:22.531000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Super Link Exchange Script", trust: 0.8, url: "http://webscripts.softpedia.com/script/Link-Indeing/Super-Link-Exchange-Script-41958.html", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2007-004849", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "NVD-CWE-Other", trust: 1, }, ], sources: [ { db: "NVD", id: "CVE-2006-7034", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2, url: "http://securityreason.com/securityalert/2285", }, { trust: 1.1, url: "http://www.securityfocus.com/archive/1/435166/30/4680/threaded", }, { trust: 1.1, url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/26720", }, { trust: 0.9, url: "http://xforce.iss.net/xforce/xfdb/26720", }, { trust: 0.9, url: "http://www.securityfocus.com/archive/1/archive/1/435166/30/4680/threaded", }, { trust: 0.8, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-7034", }, { trust: 0.8, url: "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-7034", }, ], sources: [ { db: "VULHUB", id: "VHN-23142", }, { db: "BID", id: "82138", }, { db: "JVNDB", id: "JVNDB-2007-004849", }, { db: "CNNVD", id: "CNNVD-200702-415", }, { db: "NVD", id: "CVE-2006-7034", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULHUB", id: "VHN-23142", }, { db: "BID", id: "82138", }, { db: "JVNDB", id: "JVNDB-2007-004849", }, { db: "CNNVD", id: "CNNVD-200702-415", }, { db: "NVD", id: "CVE-2006-7034", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2007-02-23T00:00:00", db: "VULHUB", id: "VHN-23142", }, { date: "2007-02-22T00:00:00", db: "BID", id: "82138", }, { date: "2012-12-20T00:00:00", db: "JVNDB", id: "JVNDB-2007-004849", }, { date: "2007-02-22T00:00:00", db: "CNNVD", id: "CNNVD-200702-415", }, { date: "2007-02-23T03:28:00", db: "NVD", id: "CVE-2006-7034", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2018-10-16T00:00:00", db: "VULHUB", id: "VHN-23142", }, { date: "2007-02-22T00:00:00", db: "BID", id: "82138", }, { date: "2012-12-20T00:00:00", db: "JVNDB", id: "JVNDB-2007-004849", }, { date: "2007-05-16T00:00:00", db: "CNNVD", id: "CNNVD-200702-415", }, { date: "2024-11-21T00:24:13.820000", db: "NVD", id: "CVE-2006-7034", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-200702-415", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Super Link Exchange Script of directory.php In SQL Injection vulnerability", sources: [ { db: "JVNDB", id: "JVNDB-2007-004849", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "SQL injection", sources: [ { db: "CNNVD", id: "CNNVD-200702-415", }, ], trust: 0.6, }, }