Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
2 vulnerabilities by TmaxSoft
CVE-2019-17327 (GCVE-0-2019-17327)
Vulnerability from cvelistv5 – Published: 2019-11-08 17:54 – Updated: 2024-08-05 01:40
VLAI
Summary
JEUS 7 Fix#0~5 and JEUS 8Fix#0~1 versions contains a directory traversal vulnerability caused by improper input parameter check when uploading installation file in administration web page. That leads remote attacker to execute arbitrary code via uploaded file.
Severity
No CVSS data available.
CWE
- Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.boho.or.kr/krcert/secNoticeView.do?bu… | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:40:14.453Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35197"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "JEUS",
"vendor": "TmaxSoft",
"versions": [
{
"status": "affected",
"version": "JEUS 7 Fix#0~5, JEUS 8Fix#0~1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "JEUS 7 Fix#0~5 and JEUS 8Fix#0~1 versions contains a directory traversal vulnerability caused by improper input parameter check when uploading installation file in administration web page. That leads remote attacker to execute arbitrary code via uploaded file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-08T17:54:05.000Z",
"orgId": "cdd7a122-0fae-4202-8d86-14efbacc2863",
"shortName": "krcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35197"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vuln@krcert.or.kr",
"ID": "CVE-2019-17327",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "JEUS",
"version": {
"version_data": [
{
"version_value": "JEUS 7 Fix#0~5, JEUS 8Fix#0~1"
}
]
}
}
]
},
"vendor_name": "TmaxSoft"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "JEUS 7 Fix#0~5 and JEUS 8Fix#0~1 versions contains a directory traversal vulnerability caused by improper input parameter check when uploading installation file in administration web page. That leads remote attacker to execute arbitrary code via uploaded file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35197",
"refsource": "MISC",
"url": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35197"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cdd7a122-0fae-4202-8d86-14efbacc2863",
"assignerShortName": "krcert",
"cveId": "CVE-2019-17327",
"datePublished": "2019-11-08T17:54:05.000Z",
"dateReserved": "2019-10-07T00:00:00.000Z",
"dateUpdated": "2024-08-05T01:40:14.453Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-6528 (GCVE-0-2008-6528)
Vulnerability from cvelistv5 – Published: 2009-03-26 14:00 – Updated: 2024-08-07 11:34
VLAI
Summary
NTFS TmaxSoft JEUS 5 before Fix 26 allows remote attackers to read the source code for scripts by appending ::$DATA to the URL, which accesses the alternate data stream.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.securityfocus.com/bid/32804 | vdb-entryx_refsource_BID |
| https://www.exploit-db.com/exploits/7442 | exploitx_refsource_EXPLOIT-DB |
| http://www.securityfocus.com/archive/1/499235/100… | mailing-listx_refsource_BUGTRAQ |
| http://secunia.com/advisories/33123 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/archive/1/499236/100… | mailing-listx_refsource_BUGTRAQ |
Date Public
2008-12-12 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:34:47.058Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "jeus-ads-file-disclosure(47303)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47303"
},
{
"name": "32804",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/32804"
},
{
"name": "7442",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/7442"
},
{
"name": "20081212 TmaxSoft JEUS Alternate Data Streams Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/499235/100/0/threaded"
},
{
"name": "33123",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33123"
},
{
"name": "20081214 Fwd: TmaxSoft JEUS Alternate Data Streams Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/499236/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-12-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "NTFS TmaxSoft JEUS 5 before Fix 26 allows remote attackers to read the source code for scripts by appending ::$DATA to the URL, which accesses the alternate data stream."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "jeus-ads-file-disclosure(47303)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47303"
},
{
"name": "32804",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/32804"
},
{
"name": "7442",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/7442"
},
{
"name": "20081212 TmaxSoft JEUS Alternate Data Streams Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/499235/100/0/threaded"
},
{
"name": "33123",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33123"
},
{
"name": "20081214 Fwd: TmaxSoft JEUS Alternate Data Streams Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/499236/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6528",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "NTFS TmaxSoft JEUS 5 before Fix 26 allows remote attackers to read the source code for scripts by appending ::$DATA to the URL, which accesses the alternate data stream."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "jeus-ads-file-disclosure(47303)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47303"
},
{
"name": "32804",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32804"
},
{
"name": "7442",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/7442"
},
{
"name": "20081212 TmaxSoft JEUS Alternate Data Streams Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/499235/100/0/threaded"
},
{
"name": "33123",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33123"
},
{
"name": "20081214 Fwd: TmaxSoft JEUS Alternate Data Streams Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/499236/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-6528",
"datePublished": "2009-03-26T14:00:00.000Z",
"dateReserved": "2009-03-26T00:00:00.000Z",
"dateUpdated": "2024-08-07T11:34:47.058Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}