Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
33 vulnerabilities by apc
CVE-2024-58310 (GCVE-0-2024-58310)
Vulnerability from nvd – Published: 2025-12-11 21:42 – Updated: 2026-03-05 12:03- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/51897 | exploit |
| https://www.apc.com/ | product |
| https://www.vulncheck.com/advisories/apc-network-… | third-party-advisory |
| Vendor | Product | Version | |
|---|---|---|---|
| Apc | Network Management Card 4 |
Affected:
4
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-58310",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-16T16:22:06.695125Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-16T16:31:14.526Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Network Management Card 4",
"vendor": "Apc",
"versions": [
{
"status": "affected",
"version": "4"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apc:apcupsd_firmware:4:*:*:*:*:*:*:*",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "V\u00edctor Garc\u00eda"
}
],
"datePublic": "2023-12-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAPC Network Management Card 4 contains a path traversal vulnerability that allows unauthenticated attackers to access sensitive system files by manipulating URL parameters. Attackers can exploit directory traversal techniques to read critical system files like /etc/passwd by using encoded path traversal characters in HTTP requests.\u003c/p\u003e"
}
],
"value": "APC Network Management Card 4 contains a path traversal vulnerability that allows unauthenticated attackers to access sensitive system files by manipulating URL parameters. Attackers can exploit directory traversal techniques to read critical system files like /etc/passwd by using encoded path traversal characters in HTTP requests."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-05T12:03:42.683Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "ExploitDB-51897",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/51897"
},
{
"name": "Official Product Homepage",
"tags": [
"product"
],
"url": "https://www.apc.com/"
},
{
"name": "VulnCheck Advisory: APC Network Management Card 4 Path Traversal",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/apc-network-management-card-path-traversal-via-directory-traversal"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "APC Network Management Card 4 Path Traversal via Directory Traversal",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2024-58310",
"datePublished": "2025-12-11T21:42:43.398Z",
"dateReserved": "2025-12-11T11:49:20.719Z",
"dateUpdated": "2026-03-05T12:03:42.683Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2020-7526 (GCVE-0-2020-7526)
Vulnerability from nvd – Published: 2020-08-31 16:13 – Updated: 2024-08-04 09:33- CWE-20 - Improper Input Validation
| URL | Tags |
|---|---|
| https://www.se.com/ww/en/download/document/SEVD-2… | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | PowerChute Business Edition software V9.0.x and earlier |
Affected:
PowerChute Business Edition software V9.0.x and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:33:19.487Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.se.com/ww/en/download/document/SEVD-2020-224-05/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "PowerChute Business Edition software V9.0.x and earlier",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "PowerChute Business Edition software V9.0.x and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper Input Validation vulnerability exists in PowerChute Business Edition (software V9.0.x and earlier) which could cause remote code execution when a script is executed during a shutdown event."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-08-31T16:13:23.000Z",
"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"shortName": "schneider"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.se.com/ww/en/download/document/SEVD-2020-224-05/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@schneider-electric.com",
"ID": "CVE-2020-7526",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PowerChute Business Edition software V9.0.x and earlier",
"version": {
"version_data": [
{
"version_value": "PowerChute Business Edition software V9.0.x and earlier"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper Input Validation vulnerability exists in PowerChute Business Edition (software V9.0.x and earlier) which could cause remote code execution when a script is executed during a shutdown event."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20: Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.se.com/ww/en/download/document/SEVD-2020-224-05/",
"refsource": "MISC",
"url": "https://www.se.com/ww/en/download/document/SEVD-2020-224-05/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"assignerShortName": "schneider",
"cveId": "CVE-2020-7526",
"datePublished": "2020-08-31T16:13:23.000Z",
"dateReserved": "2020-01-21T00:00:00.000Z",
"dateUpdated": "2024-08-04T09:33:19.487Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-4263 (GCVE-0-2011-4263)
Vulnerability from nvd – Published: 2011-12-07 19:00 – Updated: 2024-09-17 00:26- n/a
| URL | Tags |
|---|---|
| http://jvndb.jvn.jp/jvndb/JVNDB-2011-000100 | third-party-advisoryx_refsource_JVNDB |
| http://jvn.jp/en/jp/JVN61695284/index.html | third-party-advisoryx_refsource_JVN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:01:51.348Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVNDB-2011-000100",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2011-000100"
},
{
"name": "JVN#61695284",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN61695284/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Schneider Electric PowerChute Business Edition before 8.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-12-07T19:00:00.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVNDB-2011-000100",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2011-000100"
},
{
"name": "JVN#61695284",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN61695284/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2011-4263",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Schneider Electric PowerChute Business Edition before 8.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVNDB-2011-000100",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2011-000100"
},
{
"name": "JVN#61695284",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN61695284/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2011-4263",
"datePublished": "2011-12-07T19:00:00.000Z",
"dateReserved": "2011-11-02T00:00:00.000Z",
"dateUpdated": "2024-09-17T00:26:37.773Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-1798 (GCVE-0-2009-1798)
Vulnerability from nvd – Published: 2009-12-28 19:00 – Updated: 2024-09-17 03:48- n/a
| URL | Tags |
|---|---|
| http://holisticinfosec.org/content/view/111/45/ | x_refsource_MISC |
| http://nam-en.apc.com/cgi-bin/nam_en.cfg/php/endu… | x_refsource_CONFIRM |
| http://www.kb.cert.org/vuls/id/166739 | third-party-advisoryx_refsource_CERT-VN |
| http://secunia.com/advisories/37744 | third-party-advisoryx_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:27:54.397Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://holisticinfosec.org/content/view/111/45/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://nam-en.apc.com/cgi-bin/nam_en.cfg/php/enduser/std_adp.php?p_faqid=10887"
},
{
"name": "VU#166739",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/166739"
},
{
"name": "37744",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37744"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities on the Network Management Card (NMC) on American Power Conversion (APC) Switched Rack PDU (aka Rack Mount Power Distribution) devices and other devices allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: the login_username vector for Forms/login1 is already covered by CVE-2009-4406."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-12-28T19:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://holisticinfosec.org/content/view/111/45/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://nam-en.apc.com/cgi-bin/nam_en.cfg/php/enduser/std_adp.php?p_faqid=10887"
},
{
"name": "VU#166739",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/166739"
},
{
"name": "37744",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37744"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1798",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities on the Network Management Card (NMC) on American Power Conversion (APC) Switched Rack PDU (aka Rack Mount Power Distribution) devices and other devices allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: the login_username vector for Forms/login1 is already covered by CVE-2009-4406."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://holisticinfosec.org/content/view/111/45/",
"refsource": "MISC",
"url": "http://holisticinfosec.org/content/view/111/45/"
},
{
"name": "http://nam-en.apc.com/cgi-bin/nam_en.cfg/php/enduser/std_adp.php?p_faqid=10887",
"refsource": "CONFIRM",
"url": "http://nam-en.apc.com/cgi-bin/nam_en.cfg/php/enduser/std_adp.php?p_faqid=10887"
},
{
"name": "VU#166739",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/166739"
},
{
"name": "37744",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37744"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-1798",
"datePublished": "2009-12-28T19:00:00.000Z",
"dateReserved": "2009-05-26T00:00:00.000Z",
"dateUpdated": "2024-09-17T03:48:35.279Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-1797 (GCVE-0-2009-1797)
Vulnerability from nvd – Published: 2009-12-28 19:00 – Updated: 2024-09-17 04:04- n/a
| URL | Tags |
|---|---|
| http://holisticinfosec.org/content/view/111/45/ | x_refsource_MISC |
| http://nam-en.apc.com/cgi-bin/nam_en.cfg/php/endu… | x_refsource_CONFIRM |
| http://www.kb.cert.org/vuls/id/166739 | third-party-advisoryx_refsource_CERT-VN |
| http://secunia.com/advisories/37744 | third-party-advisoryx_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:27:54.865Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://holisticinfosec.org/content/view/111/45/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://nam-en.apc.com/cgi-bin/nam_en.cfg/php/enduser/std_adp.php?p_faqid=10887"
},
{
"name": "VU#166739",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/166739"
},
{
"name": "37744",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37744"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities on the Network Management Card (NMC) on American Power Conversion (APC) Switched Rack PDU (aka Rack Mount Power Distribution) devices and other devices allow remote attackers to hijack the authentication of (1) administrator or (2) device users for requests that create new administrative users or have unspecified other impact."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-12-28T19:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://holisticinfosec.org/content/view/111/45/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://nam-en.apc.com/cgi-bin/nam_en.cfg/php/enduser/std_adp.php?p_faqid=10887"
},
{
"name": "VU#166739",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/166739"
},
{
"name": "37744",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37744"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1797",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities on the Network Management Card (NMC) on American Power Conversion (APC) Switched Rack PDU (aka Rack Mount Power Distribution) devices and other devices allow remote attackers to hijack the authentication of (1) administrator or (2) device users for requests that create new administrative users or have unspecified other impact."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://holisticinfosec.org/content/view/111/45/",
"refsource": "MISC",
"url": "http://holisticinfosec.org/content/view/111/45/"
},
{
"name": "http://nam-en.apc.com/cgi-bin/nam_en.cfg/php/enduser/std_adp.php?p_faqid=10887",
"refsource": "CONFIRM",
"url": "http://nam-en.apc.com/cgi-bin/nam_en.cfg/php/enduser/std_adp.php?p_faqid=10887"
},
{
"name": "VU#166739",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/166739"
},
{
"name": "37744",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37744"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-1797",
"datePublished": "2009-12-28T19:00:00.000Z",
"dateReserved": "2009-05-26T00:00:00.000Z",
"dateUpdated": "2024-09-17T04:04:00.640Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-6226 (GCVE-0-2007-6226)
Vulnerability from nvd – Published: 2007-12-04 18:00 – Updated: 2024-08-07 15:54- n/a
| URL | Tags |
|---|---|
| http://securitytracker.com/id?1019018 | vdb-entryx_refsource_SECTRACK |
| http://www.securityfocus.com/archive/1/484363/100… | mailing-listx_refsource_BUGTRAQ |
| http://securityreason.com/securityalert/3418 | third-party-advisoryx_refsource_SREASON |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.securityfocus.com/bid/26636 | vdb-entryx_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:54:27.182Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1019018",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1019018"
},
{
"name": "20071129 APC Management Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/484363/100/0/threaded"
},
{
"name": "3418",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3418"
},
{
"name": "apc-pdu-unspecified-security-bypass(38783)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38783"
},
{
"name": "26636",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/26636"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-11-29T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The American Power Conversion (APC) AP7932 0u 30amp Switched Rack Power Distribution Unit (PDU), with rpdu 3.5.5 and aos 3.5.6, allows remote attackers to bypass authentication and obtain login access by making a login attempt while a different client is logged in, and then resubmitting the login attempt once the other client exits."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1019018",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1019018"
},
{
"name": "20071129 APC Management Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/484363/100/0/threaded"
},
{
"name": "3418",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3418"
},
{
"name": "apc-pdu-unspecified-security-bypass(38783)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38783"
},
{
"name": "26636",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/26636"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-6226",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The American Power Conversion (APC) AP7932 0u 30amp Switched Rack Power Distribution Unit (PDU), with rpdu 3.5.5 and aos 3.5.6, allows remote attackers to bypass authentication and obtain login access by making a login attempt while a different client is logged in, and then resubmitting the login attempt once the other client exits."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1019018",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1019018"
},
{
"name": "20071129 APC Management Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/484363/100/0/threaded"
},
{
"name": "3418",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3418"
},
{
"name": "apc-pdu-unspecified-security-bypass(38783)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38783"
},
{
"name": "26636",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26636"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-6226",
"datePublished": "2007-12-04T18:00:00.000Z",
"dateReserved": "2007-12-04T00:00:00.000Z",
"dateUpdated": "2024-08-07T15:54:27.182Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-4326 (GCVE-0-2005-4326)
Vulnerability from nvd – Published: 2005-12-17 11:00 – Updated: 2024-08-07 23:38- n/a
| URL | Tags |
|---|---|
| http://securitytracker.com/alerts/2005/Nov/1015250.html | vdb-entryx_refsource_SECTRACK |
| http://nam-en.apc.com/cgi-bin/nam_en.cfg/php/endu… | x_refsource_CONFIRM |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:38:51.697Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1015250",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/alerts/2005/Nov/1015250.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://nam-en.apc.com/cgi-bin/nam_en.cfg/php/enduser/std_adp.php?p_faqid=7330"
},
{
"name": "powerchute-web-weak-security(23183)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23183"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-11-22T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The web interface for American Power Conversion (APC) PowerChute Network Shutdown performs all communication in cleartext (base64-encoded), which allows remote attackers to sniff authentication credentials."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1015250",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/alerts/2005/Nov/1015250.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://nam-en.apc.com/cgi-bin/nam_en.cfg/php/enduser/std_adp.php?p_faqid=7330"
},
{
"name": "powerchute-web-weak-security(23183)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23183"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4326",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The web interface for American Power Conversion (APC) PowerChute Network Shutdown performs all communication in cleartext (base64-encoded), which allows remote attackers to sniff authentication credentials."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1015250",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/alerts/2005/Nov/1015250.html"
},
{
"name": "http://nam-en.apc.com/cgi-bin/nam_en.cfg/php/enduser/std_adp.php?p_faqid=7330",
"refsource": "CONFIRM",
"url": "http://nam-en.apc.com/cgi-bin/nam_en.cfg/php/enduser/std_adp.php?p_faqid=7330"
},
{
"name": "powerchute-web-weak-security(23183)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23183"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-4326",
"datePublished": "2005-12-17T11:00:00.000Z",
"dateReserved": "2005-12-17T00:00:00.000Z",
"dateUpdated": "2024-08-07T23:38:51.697Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-2046 (GCVE-0-2004-2046)
Vulnerability from nvd – Published: 2005-05-10 04:00 – Updated: 2024-08-08 01:15- n/a
| URL | Tags |
|---|---|
| http://securitytracker.com/id?1010745 | vdb-entryx_refsource_SECTRACK |
| http://www.osvdb.org/8187 | vdb-entryx_refsource_OSVDB |
| http://secunia.com/advisories/12124 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/bid/10777 | vdb-entryx_refsource_BID |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://marc.info/?l=bugtraq&m=109061480026378&w=2 | mailing-listx_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:15:01.390Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1010745",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1010745"
},
{
"name": "8187",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/8187"
},
{
"name": "12124",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/12124"
},
{
"name": "10777",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/10777"
},
{
"name": "powerchute-console-dos(16767)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16767"
},
{
"name": "20040721 APC Security Advisory Denial of Service Vulnerability with PowerChute Business Edition",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=109061480026378\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-07-21T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Unknown vulnerability in APC PowerChute Business Edition 6.0 through 7.0.1 allows remote attackers to cause a denial of service via unknown attack vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1010745",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1010745"
},
{
"name": "8187",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/8187"
},
{
"name": "12124",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/12124"
},
{
"name": "10777",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/10777"
},
{
"name": "powerchute-console-dos(16767)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16767"
},
{
"name": "20040721 APC Security Advisory Denial of Service Vulnerability with PowerChute Business Edition",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=109061480026378\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2046",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unknown vulnerability in APC PowerChute Business Edition 6.0 through 7.0.1 allows remote attackers to cause a denial of service via unknown attack vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1010745",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1010745"
},
{
"name": "8187",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/8187"
},
{
"name": "12124",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/12124"
},
{
"name": "10777",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10777"
},
{
"name": "powerchute-console-dos(16767)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16767"
},
{
"name": "20040721 APC Security Advisory Denial of Service Vulnerability with PowerChute Business Edition",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=109061480026378\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-2046",
"datePublished": "2005-05-10T04:00:00.000Z",
"dateReserved": "2005-05-04T00:00:00.000Z",
"dateUpdated": "2024-08-08T01:15:01.390Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-0311 (GCVE-0-2004-0311)
Vulnerability from nvd – Published: 2004-03-18 05:00 – Updated: 2024-08-08 00:17- n/a
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/9681 | vdb-entryx_refsource_BID |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://marc.info/?l=bugtraq&m=107703696631367&w=2 | mailing-listx_refsource_BUGTRAQ |
| http://marc.info/?l=bugtraq&m=107721020803565&w=2 | mailing-listx_refsource_BUGTRAQ |
| http://nam-en.apc.com/cgi-bin/nam_en.cfg/php/endu… | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:17:13.699Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "9681",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/9681"
},
{
"name": "apc-smartslot-default-password(15238)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15238"
},
{
"name": "20040216 APC 9606 SmartSlot Web/SNMP management card \"backdoor\"",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=107703696631367\u0026w=2"
},
{
"name": "20040219 Re: Fw: APC 9606 SmartSlot Web/SNMP management card \"backdoor\"",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=107721020803565\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://nam-en.apc.com/cgi-bin/nam_en.cfg/php/enduser/std_adp.php?p_faqid=3131\u0026p_created=1077139129"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-02-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "American Power Conversion (APC) Web/SNMP Management SmartSlot Card 3.0 through 3.0.3 and 3.21 are shipped with a default password of TENmanUFactOryPOWER, which allows remote attackers to gain unauthorized access."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "9681",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/9681"
},
{
"name": "apc-smartslot-default-password(15238)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15238"
},
{
"name": "20040216 APC 9606 SmartSlot Web/SNMP management card \"backdoor\"",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=107703696631367\u0026w=2"
},
{
"name": "20040219 Re: Fw: APC 9606 SmartSlot Web/SNMP management card \"backdoor\"",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=107721020803565\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://nam-en.apc.com/cgi-bin/nam_en.cfg/php/enduser/std_adp.php?p_faqid=3131\u0026p_created=1077139129"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0311",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "American Power Conversion (APC) Web/SNMP Management SmartSlot Card 3.0 through 3.0.3 and 3.21 are shipped with a default password of TENmanUFactOryPOWER, which allows remote attackers to gain unauthorized access."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "9681",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/9681"
},
{
"name": "apc-smartslot-default-password(15238)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15238"
},
{
"name": "20040216 APC 9606 SmartSlot Web/SNMP management card \"backdoor\"",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=107703696631367\u0026w=2"
},
{
"name": "20040219 Re: Fw: APC 9606 SmartSlot Web/SNMP management card \"backdoor\"",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=107721020803565\u0026w=2"
},
{
"name": "http://nam-en.apc.com/cgi-bin/nam_en.cfg/php/enduser/std_adp.php?p_faqid=3131\u0026p_created=1077139129",
"refsource": "CONFIRM",
"url": "http://nam-en.apc.com/cgi-bin/nam_en.cfg/php/enduser/std_adp.php?p_faqid=3131\u0026p_created=1077139129"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-0311",
"datePublished": "2004-03-18T05:00:00.000Z",
"dateReserved": "2004-03-17T00:00:00.000Z",
"dateUpdated": "2024-08-08T00:17:13.699Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2003-0099 (GCVE-0-2003-0099)
Vulnerability from nvd – Published: 2003-02-26 05:00 – Updated: 2024-08-08 01:43- n/a
| URL | Tags |
|---|---|
| http://sourceforge.net/project/shownotes.php?rele… | x_refsource_CONFIRM |
| http://securitytracker.com/id?1006108 | vdb-entryx_refsource_SECTRACK |
| http://www.mandriva.com/security/advisories?name=… | vendor-advisoryx_refsource_MANDRAKE |
| http://www.iss.net/security_center/static/11491.php | vdb-entryx_refsource_XF |
| http://www.securityfocus.com/bid/7200 | vdb-entryx_refsource_BID |
| http://www.novell.com/linux/security/advisories/2… | vendor-advisoryx_refsource_SUSE |
| http://sourceforge.net/project/shownotes.php?rele… | x_refsource_CONFIRM |
| http://www.debian.org/security/2003/dsa-277 | vendor-advisoryx_refsource_DEBIAN |
| ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA… | vendor-advisoryx_refsource_CALDERA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:43:35.371Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=137900"
},
{
"name": "1006108",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1006108"
},
{
"name": "MDKSA-2003:018",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:018"
},
{
"name": "apcupsd-vsprintf-multiple-bo(11491)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/11491.php"
},
{
"name": "7200",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/7200"
},
{
"name": "SuSE-SA:2003:022",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2003_022_apcupsd.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=137892"
},
{
"name": "DSA-277",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2003/dsa-277"
},
{
"name": "CSSA-2003-015.0",
"tags": [
"vendor-advisory",
"x_refsource_CALDERA",
"x_transferred"
],
"url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2003-015.0.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-02-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple buffer overflows in apcupsd before 3.8.6, and 3.10.x before 3.10.5, may allow attackers to cause a denial of service or execute arbitrary code, related to usage of the vsprintf function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-17T15:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=137900"
},
{
"name": "1006108",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1006108"
},
{
"name": "MDKSA-2003:018",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:018"
},
{
"name": "apcupsd-vsprintf-multiple-bo(11491)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/11491.php"
},
{
"name": "7200",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/7200"
},
{
"name": "SuSE-SA:2003:022",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2003_022_apcupsd.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=137892"
},
{
"name": "DSA-277",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2003/dsa-277"
},
{
"name": "CSSA-2003-015.0",
"tags": [
"vendor-advisory",
"x_refsource_CALDERA"
],
"url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2003-015.0.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0099",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple buffer overflows in apcupsd before 3.8.6, and 3.10.x before 3.10.5, may allow attackers to cause a denial of service or execute arbitrary code, related to usage of the vsprintf function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=137900",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=137900"
},
{
"name": "1006108",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1006108"
},
{
"name": "MDKSA-2003:018",
"refsource": "MANDRAKE",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:018"
},
{
"name": "apcupsd-vsprintf-multiple-bo(11491)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/11491.php"
},
{
"name": "7200",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/7200"
},
{
"name": "SuSE-SA:2003:022",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2003_022_apcupsd.html"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=137892",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=137892"
},
{
"name": "DSA-277",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2003/dsa-277"
},
{
"name": "CSSA-2003-015.0",
"refsource": "CALDERA",
"url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2003-015.0.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-0099",
"datePublished": "2003-02-26T05:00:00.000Z",
"dateReserved": "2003-02-21T00:00:00.000Z",
"dateUpdated": "2024-08-08T01:43:35.371Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2002-1924 (GCVE-0-2002-1924)
Vulnerability from nvd – Published: 2005-06-28 04:00 – Updated: 2024-09-16 23:01- n/a
| URL | Tags |
|---|---|
| http://www.security.nnov.ru/news2064.html | x_refsource_MISC |
| http://www.iss.net/security_center/static/9413.php | vdb-entryx_refsource_XF |
| http://online.securityfocus.com/archive/1/277930 | mailing-listx_refsource_BUGTRAQ |
| http://www.securityfocus.com/bid/5069 | vdb-entryx_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T03:43:33.462Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.security.nnov.ru/news2064.html"
},
{
"name": "powerchute-dir-world-writeable(9413)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/9413.php"
},
{
"name": "20020620 bugtraq@security.nnov.ru list issues",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://online.securityfocus.com/archive/1/277930"
},
{
"name": "5069",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/5069"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "PowerChute plus 5.0.2 creates a \"Pwrchute\" directory during installation that is shared and world writeable, which could allow remote attackers to modify or create files in that directory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-06-28T04:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.security.nnov.ru/news2064.html"
},
{
"name": "powerchute-dir-world-writeable(9413)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/9413.php"
},
{
"name": "20020620 bugtraq@security.nnov.ru list issues",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://online.securityfocus.com/archive/1/277930"
},
{
"name": "5069",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/5069"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-1924",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PowerChute plus 5.0.2 creates a \"Pwrchute\" directory during installation that is shared and world writeable, which could allow remote attackers to modify or create files in that directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.security.nnov.ru/news2064.html",
"refsource": "MISC",
"url": "http://www.security.nnov.ru/news2064.html"
},
{
"name": "powerchute-dir-world-writeable(9413)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9413.php"
},
{
"name": "20020620 bugtraq@security.nnov.ru list issues",
"refsource": "BUGTRAQ",
"url": "http://online.securityfocus.com/archive/1/277930"
},
{
"name": "5069",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5069"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-1924",
"datePublished": "2005-06-28T04:00:00.000Z",
"dateReserved": "2005-06-28T04:00:00.000Z",
"dateUpdated": "2024-09-16T23:01:58.933Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2001-0564 (GCVE-0-2001-0564)
Vulnerability from nvd – Published: 2002-03-09 05:00 – Updated: 2024-08-08 04:21- n/a
| URL | Tags |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.securityfocus.com/bid/2430 | vdb-entryx_refsource_BID |
| ftp://ftp.apcftp.com/hardware/webcard/firmware/sy… | x_refsource_MISC |
| http://archives.neohapsis.com/archives/bugtraq/20… | mailing-listx_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:21:38.669Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "apc-telnet-dos(6199)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6199"
},
{
"name": "2430",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/2430"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "ftp://ftp.apcftp.com/hardware/webcard/firmware/sy/v310/install.txt"
},
{
"name": "20010225 APC web/snmp/telnet management card dos",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-02/0436.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2001-02-25T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "APC Web/SNMP Management Card prior to Firmware 310 only supports one telnet connection, which allows a remote attacker to create a denial of service via repeated failed logon attempts which temporarily locks the card."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2002-03-01T10:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "apc-telnet-dos(6199)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6199"
},
{
"name": "2430",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/2430"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "ftp://ftp.apcftp.com/hardware/webcard/firmware/sy/v310/install.txt"
},
{
"name": "20010225 APC web/snmp/telnet management card dos",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-02/0436.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-0564",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "APC Web/SNMP Management Card prior to Firmware 310 only supports one telnet connection, which allows a remote attacker to create a denial of service via repeated failed logon attempts which temporarily locks the card."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "apc-telnet-dos(6199)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6199"
},
{
"name": "2430",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/2430"
},
{
"name": "ftp://ftp.apcftp.com/hardware/webcard/firmware/sy/v310/install.txt",
"refsource": "MISC",
"url": "ftp://ftp.apcftp.com/hardware/webcard/firmware/sy/v310/install.txt"
},
{
"name": "20010225 APC web/snmp/telnet management card dos",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-02/0436.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2001-0564",
"datePublished": "2002-03-09T05:00:00.000Z",
"dateReserved": "2001-07-27T00:00:00.000Z",
"dateUpdated": "2024-08-08T04:21:38.669Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-58310 (GCVE-0-2024-58310)
Vulnerability from cvelistv5 – Published: 2025-12-11 21:42 – Updated: 2026-03-05 12:03- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/51897 | exploit |
| https://www.apc.com/ | product |
| https://www.vulncheck.com/advisories/apc-network-… | third-party-advisory |
| Vendor | Product | Version | |
|---|---|---|---|
| Apc | Network Management Card 4 |
Affected:
4
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-58310",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-16T16:22:06.695125Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-16T16:31:14.526Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Network Management Card 4",
"vendor": "Apc",
"versions": [
{
"status": "affected",
"version": "4"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apc:apcupsd_firmware:4:*:*:*:*:*:*:*",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "V\u00edctor Garc\u00eda"
}
],
"datePublic": "2023-12-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAPC Network Management Card 4 contains a path traversal vulnerability that allows unauthenticated attackers to access sensitive system files by manipulating URL parameters. Attackers can exploit directory traversal techniques to read critical system files like /etc/passwd by using encoded path traversal characters in HTTP requests.\u003c/p\u003e"
}
],
"value": "APC Network Management Card 4 contains a path traversal vulnerability that allows unauthenticated attackers to access sensitive system files by manipulating URL parameters. Attackers can exploit directory traversal techniques to read critical system files like /etc/passwd by using encoded path traversal characters in HTTP requests."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-05T12:03:42.683Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "ExploitDB-51897",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/51897"
},
{
"name": "Official Product Homepage",
"tags": [
"product"
],
"url": "https://www.apc.com/"
},
{
"name": "VulnCheck Advisory: APC Network Management Card 4 Path Traversal",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/apc-network-management-card-path-traversal-via-directory-traversal"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "APC Network Management Card 4 Path Traversal via Directory Traversal",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2024-58310",
"datePublished": "2025-12-11T21:42:43.398Z",
"dateReserved": "2025-12-11T11:49:20.719Z",
"dateUpdated": "2026-03-05T12:03:42.683Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2020-7526 (GCVE-0-2020-7526)
Vulnerability from cvelistv5 – Published: 2020-08-31 16:13 – Updated: 2024-08-04 09:33- CWE-20 - Improper Input Validation
| URL | Tags |
|---|---|
| https://www.se.com/ww/en/download/document/SEVD-2… | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | PowerChute Business Edition software V9.0.x and earlier |
Affected:
PowerChute Business Edition software V9.0.x and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:33:19.487Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.se.com/ww/en/download/document/SEVD-2020-224-05/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "PowerChute Business Edition software V9.0.x and earlier",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "PowerChute Business Edition software V9.0.x and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper Input Validation vulnerability exists in PowerChute Business Edition (software V9.0.x and earlier) which could cause remote code execution when a script is executed during a shutdown event."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-08-31T16:13:23.000Z",
"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"shortName": "schneider"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.se.com/ww/en/download/document/SEVD-2020-224-05/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@schneider-electric.com",
"ID": "CVE-2020-7526",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PowerChute Business Edition software V9.0.x and earlier",
"version": {
"version_data": [
{
"version_value": "PowerChute Business Edition software V9.0.x and earlier"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper Input Validation vulnerability exists in PowerChute Business Edition (software V9.0.x and earlier) which could cause remote code execution when a script is executed during a shutdown event."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20: Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.se.com/ww/en/download/document/SEVD-2020-224-05/",
"refsource": "MISC",
"url": "https://www.se.com/ww/en/download/document/SEVD-2020-224-05/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"assignerShortName": "schneider",
"cveId": "CVE-2020-7526",
"datePublished": "2020-08-31T16:13:23.000Z",
"dateReserved": "2020-01-21T00:00:00.000Z",
"dateUpdated": "2024-08-04T09:33:19.487Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-4263 (GCVE-0-2011-4263)
Vulnerability from cvelistv5 – Published: 2011-12-07 19:00 – Updated: 2024-09-17 00:26- n/a
| URL | Tags |
|---|---|
| http://jvndb.jvn.jp/jvndb/JVNDB-2011-000100 | third-party-advisoryx_refsource_JVNDB |
| http://jvn.jp/en/jp/JVN61695284/index.html | third-party-advisoryx_refsource_JVN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:01:51.348Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVNDB-2011-000100",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2011-000100"
},
{
"name": "JVN#61695284",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN61695284/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Schneider Electric PowerChute Business Edition before 8.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-12-07T19:00:00.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVNDB-2011-000100",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2011-000100"
},
{
"name": "JVN#61695284",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN61695284/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2011-4263",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Schneider Electric PowerChute Business Edition before 8.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVNDB-2011-000100",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2011-000100"
},
{
"name": "JVN#61695284",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN61695284/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2011-4263",
"datePublished": "2011-12-07T19:00:00.000Z",
"dateReserved": "2011-11-02T00:00:00.000Z",
"dateUpdated": "2024-09-17T00:26:37.773Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-1798 (GCVE-0-2009-1798)
Vulnerability from cvelistv5 – Published: 2009-12-28 19:00 – Updated: 2024-09-17 03:48- n/a
| URL | Tags |
|---|---|
| http://holisticinfosec.org/content/view/111/45/ | x_refsource_MISC |
| http://nam-en.apc.com/cgi-bin/nam_en.cfg/php/endu… | x_refsource_CONFIRM |
| http://www.kb.cert.org/vuls/id/166739 | third-party-advisoryx_refsource_CERT-VN |
| http://secunia.com/advisories/37744 | third-party-advisoryx_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:27:54.397Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://holisticinfosec.org/content/view/111/45/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://nam-en.apc.com/cgi-bin/nam_en.cfg/php/enduser/std_adp.php?p_faqid=10887"
},
{
"name": "VU#166739",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/166739"
},
{
"name": "37744",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37744"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities on the Network Management Card (NMC) on American Power Conversion (APC) Switched Rack PDU (aka Rack Mount Power Distribution) devices and other devices allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: the login_username vector for Forms/login1 is already covered by CVE-2009-4406."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-12-28T19:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://holisticinfosec.org/content/view/111/45/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://nam-en.apc.com/cgi-bin/nam_en.cfg/php/enduser/std_adp.php?p_faqid=10887"
},
{
"name": "VU#166739",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/166739"
},
{
"name": "37744",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37744"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1798",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities on the Network Management Card (NMC) on American Power Conversion (APC) Switched Rack PDU (aka Rack Mount Power Distribution) devices and other devices allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: the login_username vector for Forms/login1 is already covered by CVE-2009-4406."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://holisticinfosec.org/content/view/111/45/",
"refsource": "MISC",
"url": "http://holisticinfosec.org/content/view/111/45/"
},
{
"name": "http://nam-en.apc.com/cgi-bin/nam_en.cfg/php/enduser/std_adp.php?p_faqid=10887",
"refsource": "CONFIRM",
"url": "http://nam-en.apc.com/cgi-bin/nam_en.cfg/php/enduser/std_adp.php?p_faqid=10887"
},
{
"name": "VU#166739",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/166739"
},
{
"name": "37744",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37744"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-1798",
"datePublished": "2009-12-28T19:00:00.000Z",
"dateReserved": "2009-05-26T00:00:00.000Z",
"dateUpdated": "2024-09-17T03:48:35.279Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-1797 (GCVE-0-2009-1797)
Vulnerability from cvelistv5 – Published: 2009-12-28 19:00 – Updated: 2024-09-17 04:04- n/a
| URL | Tags |
|---|---|
| http://holisticinfosec.org/content/view/111/45/ | x_refsource_MISC |
| http://nam-en.apc.com/cgi-bin/nam_en.cfg/php/endu… | x_refsource_CONFIRM |
| http://www.kb.cert.org/vuls/id/166739 | third-party-advisoryx_refsource_CERT-VN |
| http://secunia.com/advisories/37744 | third-party-advisoryx_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:27:54.865Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://holisticinfosec.org/content/view/111/45/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://nam-en.apc.com/cgi-bin/nam_en.cfg/php/enduser/std_adp.php?p_faqid=10887"
},
{
"name": "VU#166739",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/166739"
},
{
"name": "37744",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37744"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities on the Network Management Card (NMC) on American Power Conversion (APC) Switched Rack PDU (aka Rack Mount Power Distribution) devices and other devices allow remote attackers to hijack the authentication of (1) administrator or (2) device users for requests that create new administrative users or have unspecified other impact."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-12-28T19:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://holisticinfosec.org/content/view/111/45/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://nam-en.apc.com/cgi-bin/nam_en.cfg/php/enduser/std_adp.php?p_faqid=10887"
},
{
"name": "VU#166739",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/166739"
},
{
"name": "37744",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37744"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1797",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities on the Network Management Card (NMC) on American Power Conversion (APC) Switched Rack PDU (aka Rack Mount Power Distribution) devices and other devices allow remote attackers to hijack the authentication of (1) administrator or (2) device users for requests that create new administrative users or have unspecified other impact."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://holisticinfosec.org/content/view/111/45/",
"refsource": "MISC",
"url": "http://holisticinfosec.org/content/view/111/45/"
},
{
"name": "http://nam-en.apc.com/cgi-bin/nam_en.cfg/php/enduser/std_adp.php?p_faqid=10887",
"refsource": "CONFIRM",
"url": "http://nam-en.apc.com/cgi-bin/nam_en.cfg/php/enduser/std_adp.php?p_faqid=10887"
},
{
"name": "VU#166739",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/166739"
},
{
"name": "37744",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37744"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-1797",
"datePublished": "2009-12-28T19:00:00.000Z",
"dateReserved": "2009-05-26T00:00:00.000Z",
"dateUpdated": "2024-09-17T04:04:00.640Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-6226 (GCVE-0-2007-6226)
Vulnerability from cvelistv5 – Published: 2007-12-04 18:00 – Updated: 2024-08-07 15:54- n/a
| URL | Tags |
|---|---|
| http://securitytracker.com/id?1019018 | vdb-entryx_refsource_SECTRACK |
| http://www.securityfocus.com/archive/1/484363/100… | mailing-listx_refsource_BUGTRAQ |
| http://securityreason.com/securityalert/3418 | third-party-advisoryx_refsource_SREASON |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.securityfocus.com/bid/26636 | vdb-entryx_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:54:27.182Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1019018",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1019018"
},
{
"name": "20071129 APC Management Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/484363/100/0/threaded"
},
{
"name": "3418",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3418"
},
{
"name": "apc-pdu-unspecified-security-bypass(38783)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38783"
},
{
"name": "26636",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/26636"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-11-29T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The American Power Conversion (APC) AP7932 0u 30amp Switched Rack Power Distribution Unit (PDU), with rpdu 3.5.5 and aos 3.5.6, allows remote attackers to bypass authentication and obtain login access by making a login attempt while a different client is logged in, and then resubmitting the login attempt once the other client exits."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1019018",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1019018"
},
{
"name": "20071129 APC Management Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/484363/100/0/threaded"
},
{
"name": "3418",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3418"
},
{
"name": "apc-pdu-unspecified-security-bypass(38783)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38783"
},
{
"name": "26636",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/26636"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-6226",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The American Power Conversion (APC) AP7932 0u 30amp Switched Rack Power Distribution Unit (PDU), with rpdu 3.5.5 and aos 3.5.6, allows remote attackers to bypass authentication and obtain login access by making a login attempt while a different client is logged in, and then resubmitting the login attempt once the other client exits."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1019018",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1019018"
},
{
"name": "20071129 APC Management Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/484363/100/0/threaded"
},
{
"name": "3418",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3418"
},
{
"name": "apc-pdu-unspecified-security-bypass(38783)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38783"
},
{
"name": "26636",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26636"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-6226",
"datePublished": "2007-12-04T18:00:00.000Z",
"dateReserved": "2007-12-04T00:00:00.000Z",
"dateUpdated": "2024-08-07T15:54:27.182Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2000-1242 (GCVE-0-2000-1242)
Vulnerability from cvelistv5 – Published: 2006-12-10 11:00 – Updated: 2024-09-16 19:24- n/a
| URL | Tags |
|---|---|
| http://governmentsecurity.org/articles/DefaultLog… | x_refsource_MISC |
| http://www.osvdb.org/30768 | vdb-entryx_refsource_OSVDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T05:45:37.482Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://governmentsecurity.org/articles/DefaultLoginsandPasswordsforNetworkedDevices.php"
},
{
"name": "30768",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/30768"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The HTTP service in American Power Conversion (APC) PowerChute uses a default username and password, which allows remote attackers to gain system access."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2006-12-10T11:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://governmentsecurity.org/articles/DefaultLoginsandPasswordsforNetworkedDevices.php"
},
{
"name": "30768",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/30768"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2000-1242",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The HTTP service in American Power Conversion (APC) PowerChute uses a default username and password, which allows remote attackers to gain system access."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://governmentsecurity.org/articles/DefaultLoginsandPasswordsforNetworkedDevices.php",
"refsource": "MISC",
"url": "http://governmentsecurity.org/articles/DefaultLoginsandPasswordsforNetworkedDevices.php"
},
{
"name": "30768",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/30768"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2000-1242",
"datePublished": "2006-12-10T11:00:00.000Z",
"dateReserved": "2006-12-09T00:00:00.000Z",
"dateUpdated": "2024-09-16T19:24:55.268Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-4326 (GCVE-0-2005-4326)
Vulnerability from cvelistv5 – Published: 2005-12-17 11:00 – Updated: 2024-08-07 23:38- n/a
| URL | Tags |
|---|---|
| http://securitytracker.com/alerts/2005/Nov/1015250.html | vdb-entryx_refsource_SECTRACK |
| http://nam-en.apc.com/cgi-bin/nam_en.cfg/php/endu… | x_refsource_CONFIRM |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:38:51.697Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1015250",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/alerts/2005/Nov/1015250.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://nam-en.apc.com/cgi-bin/nam_en.cfg/php/enduser/std_adp.php?p_faqid=7330"
},
{
"name": "powerchute-web-weak-security(23183)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23183"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-11-22T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The web interface for American Power Conversion (APC) PowerChute Network Shutdown performs all communication in cleartext (base64-encoded), which allows remote attackers to sniff authentication credentials."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1015250",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/alerts/2005/Nov/1015250.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://nam-en.apc.com/cgi-bin/nam_en.cfg/php/enduser/std_adp.php?p_faqid=7330"
},
{
"name": "powerchute-web-weak-security(23183)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23183"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4326",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The web interface for American Power Conversion (APC) PowerChute Network Shutdown performs all communication in cleartext (base64-encoded), which allows remote attackers to sniff authentication credentials."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1015250",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/alerts/2005/Nov/1015250.html"
},
{
"name": "http://nam-en.apc.com/cgi-bin/nam_en.cfg/php/enduser/std_adp.php?p_faqid=7330",
"refsource": "CONFIRM",
"url": "http://nam-en.apc.com/cgi-bin/nam_en.cfg/php/enduser/std_adp.php?p_faqid=7330"
},
{
"name": "powerchute-web-weak-security(23183)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23183"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-4326",
"datePublished": "2005-12-17T11:00:00.000Z",
"dateReserved": "2005-12-17T00:00:00.000Z",
"dateUpdated": "2024-08-07T23:38:51.697Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2002-1924 (GCVE-0-2002-1924)
Vulnerability from cvelistv5 – Published: 2005-06-28 04:00 – Updated: 2024-09-16 23:01- n/a
| URL | Tags |
|---|---|
| http://www.security.nnov.ru/news2064.html | x_refsource_MISC |
| http://www.iss.net/security_center/static/9413.php | vdb-entryx_refsource_XF |
| http://online.securityfocus.com/archive/1/277930 | mailing-listx_refsource_BUGTRAQ |
| http://www.securityfocus.com/bid/5069 | vdb-entryx_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T03:43:33.462Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.security.nnov.ru/news2064.html"
},
{
"name": "powerchute-dir-world-writeable(9413)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/9413.php"
},
{
"name": "20020620 bugtraq@security.nnov.ru list issues",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://online.securityfocus.com/archive/1/277930"
},
{
"name": "5069",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/5069"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "PowerChute plus 5.0.2 creates a \"Pwrchute\" directory during installation that is shared and world writeable, which could allow remote attackers to modify or create files in that directory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-06-28T04:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.security.nnov.ru/news2064.html"
},
{
"name": "powerchute-dir-world-writeable(9413)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/9413.php"
},
{
"name": "20020620 bugtraq@security.nnov.ru list issues",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://online.securityfocus.com/archive/1/277930"
},
{
"name": "5069",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/5069"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-1924",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PowerChute plus 5.0.2 creates a \"Pwrchute\" directory during installation that is shared and world writeable, which could allow remote attackers to modify or create files in that directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.security.nnov.ru/news2064.html",
"refsource": "MISC",
"url": "http://www.security.nnov.ru/news2064.html"
},
{
"name": "powerchute-dir-world-writeable(9413)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9413.php"
},
{
"name": "20020620 bugtraq@security.nnov.ru list issues",
"refsource": "BUGTRAQ",
"url": "http://online.securityfocus.com/archive/1/277930"
},
{
"name": "5069",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5069"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-1924",
"datePublished": "2005-06-28T04:00:00.000Z",
"dateReserved": "2005-06-28T04:00:00.000Z",
"dateUpdated": "2024-09-16T23:01:58.933Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-2046 (GCVE-0-2004-2046)
Vulnerability from cvelistv5 – Published: 2005-05-10 04:00 – Updated: 2024-08-08 01:15- n/a
| URL | Tags |
|---|---|
| http://securitytracker.com/id?1010745 | vdb-entryx_refsource_SECTRACK |
| http://www.osvdb.org/8187 | vdb-entryx_refsource_OSVDB |
| http://secunia.com/advisories/12124 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/bid/10777 | vdb-entryx_refsource_BID |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://marc.info/?l=bugtraq&m=109061480026378&w=2 | mailing-listx_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:15:01.390Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1010745",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1010745"
},
{
"name": "8187",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/8187"
},
{
"name": "12124",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/12124"
},
{
"name": "10777",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/10777"
},
{
"name": "powerchute-console-dos(16767)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16767"
},
{
"name": "20040721 APC Security Advisory Denial of Service Vulnerability with PowerChute Business Edition",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=109061480026378\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-07-21T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Unknown vulnerability in APC PowerChute Business Edition 6.0 through 7.0.1 allows remote attackers to cause a denial of service via unknown attack vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1010745",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1010745"
},
{
"name": "8187",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/8187"
},
{
"name": "12124",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/12124"
},
{
"name": "10777",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/10777"
},
{
"name": "powerchute-console-dos(16767)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16767"
},
{
"name": "20040721 APC Security Advisory Denial of Service Vulnerability with PowerChute Business Edition",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=109061480026378\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2046",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unknown vulnerability in APC PowerChute Business Edition 6.0 through 7.0.1 allows remote attackers to cause a denial of service via unknown attack vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1010745",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1010745"
},
{
"name": "8187",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/8187"
},
{
"name": "12124",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/12124"
},
{
"name": "10777",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10777"
},
{
"name": "powerchute-console-dos(16767)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16767"
},
{
"name": "20040721 APC Security Advisory Denial of Service Vulnerability with PowerChute Business Edition",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=109061480026378\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-2046",
"datePublished": "2005-05-10T04:00:00.000Z",
"dateReserved": "2005-05-04T00:00:00.000Z",
"dateUpdated": "2024-08-08T01:15:01.390Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-0311 (GCVE-0-2004-0311)
Vulnerability from cvelistv5 – Published: 2004-03-18 05:00 – Updated: 2024-08-08 00:17- n/a
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/9681 | vdb-entryx_refsource_BID |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://marc.info/?l=bugtraq&m=107703696631367&w=2 | mailing-listx_refsource_BUGTRAQ |
| http://marc.info/?l=bugtraq&m=107721020803565&w=2 | mailing-listx_refsource_BUGTRAQ |
| http://nam-en.apc.com/cgi-bin/nam_en.cfg/php/endu… | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:17:13.699Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "9681",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/9681"
},
{
"name": "apc-smartslot-default-password(15238)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15238"
},
{
"name": "20040216 APC 9606 SmartSlot Web/SNMP management card \"backdoor\"",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=107703696631367\u0026w=2"
},
{
"name": "20040219 Re: Fw: APC 9606 SmartSlot Web/SNMP management card \"backdoor\"",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=107721020803565\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://nam-en.apc.com/cgi-bin/nam_en.cfg/php/enduser/std_adp.php?p_faqid=3131\u0026p_created=1077139129"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-02-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "American Power Conversion (APC) Web/SNMP Management SmartSlot Card 3.0 through 3.0.3 and 3.21 are shipped with a default password of TENmanUFactOryPOWER, which allows remote attackers to gain unauthorized access."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "9681",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/9681"
},
{
"name": "apc-smartslot-default-password(15238)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15238"
},
{
"name": "20040216 APC 9606 SmartSlot Web/SNMP management card \"backdoor\"",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=107703696631367\u0026w=2"
},
{
"name": "20040219 Re: Fw: APC 9606 SmartSlot Web/SNMP management card \"backdoor\"",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=107721020803565\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://nam-en.apc.com/cgi-bin/nam_en.cfg/php/enduser/std_adp.php?p_faqid=3131\u0026p_created=1077139129"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0311",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "American Power Conversion (APC) Web/SNMP Management SmartSlot Card 3.0 through 3.0.3 and 3.21 are shipped with a default password of TENmanUFactOryPOWER, which allows remote attackers to gain unauthorized access."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "9681",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/9681"
},
{
"name": "apc-smartslot-default-password(15238)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15238"
},
{
"name": "20040216 APC 9606 SmartSlot Web/SNMP management card \"backdoor\"",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=107703696631367\u0026w=2"
},
{
"name": "20040219 Re: Fw: APC 9606 SmartSlot Web/SNMP management card \"backdoor\"",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=107721020803565\u0026w=2"
},
{
"name": "http://nam-en.apc.com/cgi-bin/nam_en.cfg/php/enduser/std_adp.php?p_faqid=3131\u0026p_created=1077139129",
"refsource": "CONFIRM",
"url": "http://nam-en.apc.com/cgi-bin/nam_en.cfg/php/enduser/std_adp.php?p_faqid=3131\u0026p_created=1077139129"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-0311",
"datePublished": "2004-03-18T05:00:00.000Z",
"dateReserved": "2004-03-17T00:00:00.000Z",
"dateUpdated": "2024-08-08T00:17:13.699Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2003-0099 (GCVE-0-2003-0099)
Vulnerability from cvelistv5 – Published: 2003-02-26 05:00 – Updated: 2024-08-08 01:43- n/a
| URL | Tags |
|---|---|
| http://sourceforge.net/project/shownotes.php?rele… | x_refsource_CONFIRM |
| http://securitytracker.com/id?1006108 | vdb-entryx_refsource_SECTRACK |
| http://www.mandriva.com/security/advisories?name=… | vendor-advisoryx_refsource_MANDRAKE |
| http://www.iss.net/security_center/static/11491.php | vdb-entryx_refsource_XF |
| http://www.securityfocus.com/bid/7200 | vdb-entryx_refsource_BID |
| http://www.novell.com/linux/security/advisories/2… | vendor-advisoryx_refsource_SUSE |
| http://sourceforge.net/project/shownotes.php?rele… | x_refsource_CONFIRM |
| http://www.debian.org/security/2003/dsa-277 | vendor-advisoryx_refsource_DEBIAN |
| ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA… | vendor-advisoryx_refsource_CALDERA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:43:35.371Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=137900"
},
{
"name": "1006108",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1006108"
},
{
"name": "MDKSA-2003:018",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:018"
},
{
"name": "apcupsd-vsprintf-multiple-bo(11491)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/11491.php"
},
{
"name": "7200",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/7200"
},
{
"name": "SuSE-SA:2003:022",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2003_022_apcupsd.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=137892"
},
{
"name": "DSA-277",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2003/dsa-277"
},
{
"name": "CSSA-2003-015.0",
"tags": [
"vendor-advisory",
"x_refsource_CALDERA",
"x_transferred"
],
"url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2003-015.0.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-02-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple buffer overflows in apcupsd before 3.8.6, and 3.10.x before 3.10.5, may allow attackers to cause a denial of service or execute arbitrary code, related to usage of the vsprintf function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-17T15:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=137900"
},
{
"name": "1006108",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1006108"
},
{
"name": "MDKSA-2003:018",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:018"
},
{
"name": "apcupsd-vsprintf-multiple-bo(11491)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/11491.php"
},
{
"name": "7200",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/7200"
},
{
"name": "SuSE-SA:2003:022",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2003_022_apcupsd.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=137892"
},
{
"name": "DSA-277",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2003/dsa-277"
},
{
"name": "CSSA-2003-015.0",
"tags": [
"vendor-advisory",
"x_refsource_CALDERA"
],
"url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2003-015.0.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0099",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple buffer overflows in apcupsd before 3.8.6, and 3.10.x before 3.10.5, may allow attackers to cause a denial of service or execute arbitrary code, related to usage of the vsprintf function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=137900",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=137900"
},
{
"name": "1006108",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1006108"
},
{
"name": "MDKSA-2003:018",
"refsource": "MANDRAKE",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:018"
},
{
"name": "apcupsd-vsprintf-multiple-bo(11491)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/11491.php"
},
{
"name": "7200",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/7200"
},
{
"name": "SuSE-SA:2003:022",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2003_022_apcupsd.html"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=137892",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=137892"
},
{
"name": "DSA-277",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2003/dsa-277"
},
{
"name": "CSSA-2003-015.0",
"refsource": "CALDERA",
"url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2003-015.0.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-0099",
"datePublished": "2003-02-26T05:00:00.000Z",
"dateReserved": "2003-02-21T00:00:00.000Z",
"dateUpdated": "2024-08-08T01:43:35.371Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2001-0564 (GCVE-0-2001-0564)
Vulnerability from cvelistv5 – Published: 2002-03-09 05:00 – Updated: 2024-08-08 04:21- n/a
| URL | Tags |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.securityfocus.com/bid/2430 | vdb-entryx_refsource_BID |
| ftp://ftp.apcftp.com/hardware/webcard/firmware/sy… | x_refsource_MISC |
| http://archives.neohapsis.com/archives/bugtraq/20… | mailing-listx_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:21:38.669Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "apc-telnet-dos(6199)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6199"
},
{
"name": "2430",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/2430"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "ftp://ftp.apcftp.com/hardware/webcard/firmware/sy/v310/install.txt"
},
{
"name": "20010225 APC web/snmp/telnet management card dos",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-02/0436.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2001-02-25T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "APC Web/SNMP Management Card prior to Firmware 310 only supports one telnet connection, which allows a remote attacker to create a denial of service via repeated failed logon attempts which temporarily locks the card."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2002-03-01T10:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "apc-telnet-dos(6199)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6199"
},
{
"name": "2430",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/2430"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "ftp://ftp.apcftp.com/hardware/webcard/firmware/sy/v310/install.txt"
},
{
"name": "20010225 APC web/snmp/telnet management card dos",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-02/0436.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-0564",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "APC Web/SNMP Management Card prior to Firmware 310 only supports one telnet connection, which allows a remote attacker to create a denial of service via repeated failed logon attempts which temporarily locks the card."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "apc-telnet-dos(6199)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6199"
},
{
"name": "2430",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/2430"
},
{
"name": "ftp://ftp.apcftp.com/hardware/webcard/firmware/sy/v310/install.txt",
"refsource": "MISC",
"url": "ftp://ftp.apcftp.com/hardware/webcard/firmware/sy/v310/install.txt"
},
{
"name": "20010225 APC web/snmp/telnet management card dos",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-02/0436.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2001-0564",
"datePublished": "2002-03-09T05:00:00.000Z",
"dateReserved": "2001-07-27T00:00:00.000Z",
"dateUpdated": "2024-08-08T04:21:38.669Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
VAR-200712-0035
Vulnerability from variot - Updated: 2023-12-18 13:53The American Power Conversion (APC) AP7932 0u 30amp Switched Rack Power Distribution Unit (PDU), with rpdu 3.5.5 and aos 3.5.6, allows remote attackers to bypass authentication and obtain login access by making a login attempt while a different client is logged in, and then resubmitting the login attempt once the other client exits. APC Switched Rack PDUs (Power Distribution Units) are prone to an authentication-bypass vulnerability. Attackers can exploit this issue to gain unauthorized access to affected devices. Successful exploits will allow attackers to control the power distribution to rack-mounted computer equipment. Attackers could leverage this to cause denial-of-service conditions and possibly physical damage. The following firmware versions running on PDU part number AP9732 are vulnerable: rpdu 3.5.5 aos 3.5.6 Other versions and devices may also be affected. A remote attacker bypasses authentication and gains registration access with the help of registration attempts from different customer usages
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200712-0035",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "oas",
"scope": "eq",
"trust": 1.9,
"vendor": "apc",
"version": "3.5.6"
},
{
"model": "switched rack pdu",
"scope": "eq",
"trust": 1.6,
"vendor": "apc",
"version": "3.5.5"
},
{
"model": "oas",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric former name",
"version": "3.5.6"
},
{
"model": "switched rack pdu",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric former name",
"version": "3.5.5"
},
{
"model": "rpdu",
"scope": "eq",
"trust": 0.3,
"vendor": "apc",
"version": "3.5.5"
}
],
"sources": [
{
"db": "BID",
"id": "26636"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-002948"
},
{
"db": "NVD",
"id": "CVE-2007-6226"
},
{
"db": "CNNVD",
"id": "CNNVD-200712-040"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apc:oas:3.5.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apc:switched_rack_pdu_firmware:3.5.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2007-6226"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Gary Simat of Total Server Solutions LLC and Randy Kent of Sevaa Group Inc are credited with the discovery of this issue.",
"sources": [
{
"db": "BID",
"id": "26636"
},
{
"db": "CNNVD",
"id": "CNNVD-200712-040"
}
],
"trust": 0.9
},
"cve": "CVE-2007-6226",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 6.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 7.1,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2007-6226",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-29588",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2007-6226",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-200712-040",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-29588",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-29588"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-002948"
},
{
"db": "NVD",
"id": "CVE-2007-6226"
},
{
"db": "CNNVD",
"id": "CNNVD-200712-040"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The American Power Conversion (APC) AP7932 0u 30amp Switched Rack Power Distribution Unit (PDU), with rpdu 3.5.5 and aos 3.5.6, allows remote attackers to bypass authentication and obtain login access by making a login attempt while a different client is logged in, and then resubmitting the login attempt once the other client exits. APC Switched Rack PDUs (Power Distribution Units) are prone to an authentication-bypass vulnerability. \nAttackers can exploit this issue to gain unauthorized access to affected devices. Successful exploits will allow attackers to control the power distribution to rack-mounted computer equipment. Attackers could leverage this to cause denial-of-service conditions and possibly physical damage. \nThe following firmware versions running on PDU part number AP9732 are vulnerable:\nrpdu 3.5.5\naos 3.5.6\nOther versions and devices may also be affected. A remote attacker bypasses authentication and gains registration access with the help of registration attempts from different customer usages",
"sources": [
{
"db": "NVD",
"id": "CVE-2007-6226"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-002948"
},
{
"db": "BID",
"id": "26636"
},
{
"db": "VULHUB",
"id": "VHN-29588"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2007-6226",
"trust": 2.8
},
{
"db": "BID",
"id": "26636",
"trust": 2.0
},
{
"db": "SECTRACK",
"id": "1019018",
"trust": 1.7
},
{
"db": "SREASON",
"id": "3418",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2007-002948",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200712-040",
"trust": 0.7
},
{
"db": "XF",
"id": "38783",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20071129 APC MANAGEMENT VULNERABILITY",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-29588",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-29588"
},
{
"db": "BID",
"id": "26636"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-002948"
},
{
"db": "NVD",
"id": "CVE-2007-6226"
},
{
"db": "CNNVD",
"id": "CNNVD-200712-040"
}
]
},
"id": "VAR-200712-0035",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-29588"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:53:57.398000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Switched Rack PDU",
"trust": 0.8,
"url": "http://www.apc.com/products/family/index.cfm?id=70"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-002948"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-287",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-29588"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-002948"
},
{
"db": "NVD",
"id": "CVE-2007-6226"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/26636"
},
{
"trust": 1.7,
"url": "http://securitytracker.com/id?1019018"
},
{
"trust": 1.7,
"url": "http://securityreason.com/securityalert/3418"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/484363/100/0/threaded"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38783"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-6226"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-6226"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/38783"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/484363/100/0/threaded"
},
{
"trust": 0.3,
"url": "http://www.apc.com/products/family/index.cfm?id=70"
},
{
"trust": 0.3,
"url": "/archive/1/484363"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-29588"
},
{
"db": "BID",
"id": "26636"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-002948"
},
{
"db": "NVD",
"id": "CVE-2007-6226"
},
{
"db": "CNNVD",
"id": "CNNVD-200712-040"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-29588"
},
{
"db": "BID",
"id": "26636"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-002948"
},
{
"db": "NVD",
"id": "CVE-2007-6226"
},
{
"db": "CNNVD",
"id": "CNNVD-200712-040"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2007-12-04T00:00:00",
"db": "VULHUB",
"id": "VHN-29588"
},
{
"date": "2007-11-29T00:00:00",
"db": "BID",
"id": "26636"
},
{
"date": "2012-06-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2007-002948"
},
{
"date": "2007-12-04T18:46:00",
"db": "NVD",
"id": "CVE-2007-6226"
},
{
"date": "2007-12-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200712-040"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-15T00:00:00",
"db": "VULHUB",
"id": "VHN-29588"
},
{
"date": "2008-03-13T02:21:00",
"db": "BID",
"id": "26636"
},
{
"date": "2012-06-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2007-002948"
},
{
"date": "2018-10-15T21:51:20.653000",
"db": "NVD",
"id": "CVE-2007-6226"
},
{
"date": "2007-12-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200712-040"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200712-040"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "APC AP7932 0u 30amp Switched Rack PDU Vulnerable to login access",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-002948"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200712-040"
}
],
"trust": 0.6
}
}
VAR-200912-0430
Vulnerability from variot - Updated: 2023-12-18 12:52Multiple cross-site request forgery (CSRF) vulnerabilities on the Network Management Card (NMC) on American Power Conversion (APC) Switched Rack PDU (aka Rack Mount Power Distribution) devices and other devices allow remote attackers to hijack the authentication of (1) administrator or (2) device users for requests that create new administrative users or have unspecified other impact. The web management interface for the APC Network Monitoring Card (NMC) used in various APC devices contains cross-site scripting (XSS) and cross-site request forgery (CSRF/XSRF) vulnerabilities. By convincing a victim to load a specially crafted URL while authenticated to an NMC, an attacker could obtain credentials or perform certain actions as the victim, including turning off the NMC-based device and any systems attached to it. An attacker can exploit the cross-site request forgery issues to alter the settings on affected devices, which may lead to further network-based attacks. The attacker can exploit the cross-site scripting issues to execute arbitrary script code in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials. Other attacks are also possible. Versions prior to the following are vulnerable: Network Management Card Firmware 3.7.2 Network Management Card Firmware 5.1.1. ----------------------------------------------------------------------
Do you have VARM strategy implemented?
(Vulnerability Assessment Remediation Management)
If not, then implement it through the most reliable vulnerability intelligence source on the market.
Implement it through Secunia.
1) Input passed to various parameters (e.g. the "login_username" parameter in Forms/login1) is not properly sanitised before being returned to the user.
2) The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the request. This can be exploited to e.g. create administrative users by tricking a logged-in administrative user into visiting a malicious web site.
Vulnerability #1 is reported in APC AP7932 Switched Rack PDU version 3.3.4 with application module version 3.7.0. Other APC NMC products and versions may also be affected.
SOLUTION: Filter malicious characters and character sequences using a proxy. Do not browse untrusted websites and do not follow untrusted links.
Apply updated firmware versions when available. Contact the vendor for additional details.
PROVIDED AND/OR DISCOVERED BY: Russ McRee, HolisticInfoSec.
Vulnerability #1 also independently discovered by Jamal Pecou.
ORIGINAL ADVISORY: HolisticInfoSec: http://holisticinfosec.org/content/view/111/45/
APC: http://nam-en.apc.com/cgi-bin/nam_en.cfg/php/enduser/std_adp.php?p_faqid=10887&p_created=1261587018&p_topview=1
Jamal Pecou: http://archives.neohapsis.com/archives/bugtraq/current/0219.html
OTHER REFERENCES: US-CERT VU#166739: http://www.kb.cert.org/vuls/id/166739
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200912-0430",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "network management card",
"scope": "eq",
"trust": 1.0,
"vendor": "apc",
"version": "*"
},
{
"model": "switched rack pdu",
"scope": "eq",
"trust": 1.0,
"vendor": "apc",
"version": "*"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "american power conversion corp",
"version": null
},
{
"model": "apc network management card",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric former name",
"version": null
},
{
"model": "apc switched rack pdu",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric former name",
"version": null
},
{
"model": "network management card",
"scope": null,
"trust": 0.6,
"vendor": "apc",
"version": null
},
{
"model": "switched rack pdu ap7932",
"scope": null,
"trust": 0.3,
"vendor": "apc",
"version": null
},
{
"model": "network management card",
"scope": "eq",
"trust": 0.3,
"vendor": "apc",
"version": "0"
},
{
"model": "network management card",
"scope": "ne",
"trust": 0.3,
"vendor": "apc",
"version": "5.1.1"
},
{
"model": "network management card",
"scope": "ne",
"trust": 0.3,
"vendor": "apc",
"version": "3.7.2"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#166739"
},
{
"db": "BID",
"id": "37338"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-002512"
},
{
"db": "NVD",
"id": "CVE-2009-1797"
},
{
"db": "CNNVD",
"id": "CNNVD-200912-357"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:apc:network_management_card:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:apc:switched_rack_pdu:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2009-1797"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Jamal Pecou, Russ McRee",
"sources": [
{
"db": "BID",
"id": "37338"
}
],
"trust": 0.3
},
"cve": "CVE-2009-1797",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2009-1797",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-39243",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2009-1797",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-200912-357",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-39243",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-39243"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-002512"
},
{
"db": "NVD",
"id": "CVE-2009-1797"
},
{
"db": "CNNVD",
"id": "CNNVD-200912-357"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple cross-site request forgery (CSRF) vulnerabilities on the Network Management Card (NMC) on American Power Conversion (APC) Switched Rack PDU (aka Rack Mount Power Distribution) devices and other devices allow remote attackers to hijack the authentication of (1) administrator or (2) device users for requests that create new administrative users or have unspecified other impact. The web management interface for the APC Network Monitoring Card (NMC) used in various APC devices contains cross-site scripting (XSS) and cross-site request forgery (CSRF/XSRF) vulnerabilities. By convincing a victim to load a specially crafted URL while authenticated to an NMC, an attacker could obtain credentials or perform certain actions as the victim, including turning off the NMC-based device and any systems attached to it. \nAn attacker can exploit the cross-site request forgery issues to alter the settings on affected devices, which may lead to further network-based attacks. \nThe attacker can exploit the cross-site scripting issues to execute arbitrary script code in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials. Other attacks are also possible. \nVersions prior to the following are vulnerable:\nNetwork Management Card Firmware 3.7.2\nNetwork Management Card Firmware 5.1.1. ----------------------------------------------------------------------\n\nDo you have VARM strategy implemented?\n\n(Vulnerability Assessment Remediation Management) \n\nIf not, then implement it through the most reliable vulnerability\nintelligence source on the market. \n\nImplement it through Secunia. \n\n1) Input passed to various parameters (e.g. the \"login_username\"\nparameter in Forms/login1) is not properly sanitised before being\nreturned to the user. \n\n2) The application allows users to perform certain actions via HTTP\nrequests without performing any validity checks to verify the\nrequest. This can be exploited to e.g. create administrative users by\ntricking a logged-in administrative user into visiting a malicious web\nsite. \n\nVulnerability #1 is reported in APC AP7932 Switched Rack PDU version\n3.3.4 with application module version 3.7.0. Other APC NMC products\nand versions may also be affected. \n\nSOLUTION:\nFilter malicious characters and character sequences using a proxy. Do\nnot browse untrusted websites and do not follow untrusted links. \n\nApply updated firmware versions when available. Contact the vendor\nfor additional details. \n\nPROVIDED AND/OR DISCOVERED BY:\nRuss McRee, HolisticInfoSec. \n\nVulnerability #1 also independently discovered by Jamal Pecou. \n\nORIGINAL ADVISORY:\nHolisticInfoSec:\nhttp://holisticinfosec.org/content/view/111/45/\n\nAPC:\nhttp://nam-en.apc.com/cgi-bin/nam_en.cfg/php/enduser/std_adp.php?p_faqid=10887\u0026p_created=1261587018\u0026p_topview=1\n\nJamal Pecou:\nhttp://archives.neohapsis.com/archives/bugtraq/current/0219.html\n\nOTHER REFERENCES:\nUS-CERT VU#166739:\nhttp://www.kb.cert.org/vuls/id/166739\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2009-1797"
},
{
"db": "CERT/CC",
"id": "VU#166739"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-002512"
},
{
"db": "BID",
"id": "37338"
},
{
"db": "VULHUB",
"id": "VHN-39243"
},
{
"db": "PACKETSTORM",
"id": "84238"
}
],
"trust": 2.79
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#166739",
"trust": 3.1
},
{
"db": "NVD",
"id": "CVE-2009-1797",
"trust": 2.8
},
{
"db": "SECUNIA",
"id": "37744",
"trust": 2.7
},
{
"db": "BID",
"id": "37338",
"trust": 1.9
},
{
"db": "JVNDB",
"id": "JVNDB-2009-002512",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200912-357",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-39243",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "84238",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#166739"
},
{
"db": "VULHUB",
"id": "VHN-39243"
},
{
"db": "BID",
"id": "37338"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-002512"
},
{
"db": "PACKETSTORM",
"id": "84238"
},
{
"db": "NVD",
"id": "CVE-2009-1797"
},
{
"db": "CNNVD",
"id": "CNNVD-200912-357"
}
]
},
"id": "VAR-200912-0430",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-39243"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:52:37.049000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "10887",
"trust": 0.8,
"url": "http://nam-en.apc.com/cgi-bin/nam_en.cfg/php/enduser/std_adp.php?p_faqid=10887"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-002512"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-352",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-39243"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-002512"
},
{
"db": "NVD",
"id": "CVE-2009-1797"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.9,
"url": "http://holisticinfosec.org/content/view/111/45/"
},
{
"trust": 2.5,
"url": "http://secunia.com/advisories/37744"
},
{
"trust": 2.3,
"url": "http://www.kb.cert.org/vuls/id/166739"
},
{
"trust": 1.7,
"url": "http://nam-en.apc.com/cgi-bin/nam_en.cfg/php/enduser/std_adp.php?p_faqid=10887"
},
{
"trust": 1.2,
"url": "http://nam-en.apc.com/cgi-bin/nam_en.cfg/php/enduser/std_adp.php?p_faqid=10887\u0026p_created=1261587018\u0026p_topview=1"
},
{
"trust": 0.8,
"url": "http://www.securityfocus.com/archive/1/508468/30/60/threaded"
},
{
"trust": 0.8,
"url": "http://www.securityfocus.com/archive/1/508468/100/0/threaded"
},
{
"trust": 0.8,
"url": "http://www.securityfocus.com/bid/37338/info"
},
{
"trust": 0.8,
"url": "http://www.apcmedia.com/salestools/pmar-82bmh5_r0_en.zip"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1797"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnvu166739/index.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-1797"
},
{
"trust": 0.8,
"url": "http://www.securityfocus.com/bid/37338"
},
{
"trust": 0.3,
"url": "http://www.apc.com"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/37744/"
},
{
"trust": 0.1,
"url": "http://archives.neohapsis.com/archives/bugtraq/current/0219.html"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/business_solutions/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#166739"
},
{
"db": "VULHUB",
"id": "VHN-39243"
},
{
"db": "BID",
"id": "37338"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-002512"
},
{
"db": "PACKETSTORM",
"id": "84238"
},
{
"db": "NVD",
"id": "CVE-2009-1797"
},
{
"db": "CNNVD",
"id": "CNNVD-200912-357"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#166739"
},
{
"db": "VULHUB",
"id": "VHN-39243"
},
{
"db": "BID",
"id": "37338"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-002512"
},
{
"db": "PACKETSTORM",
"id": "84238"
},
{
"db": "NVD",
"id": "CVE-2009-1797"
},
{
"db": "CNNVD",
"id": "CNNVD-200912-357"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2010-02-25T00:00:00",
"db": "CERT/CC",
"id": "VU#166739"
},
{
"date": "2009-12-28T00:00:00",
"db": "VULHUB",
"id": "VHN-39243"
},
{
"date": "2009-12-15T00:00:00",
"db": "BID",
"id": "37338"
},
{
"date": "2010-03-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-002512"
},
{
"date": "2009-12-29T10:24:08",
"db": "PACKETSTORM",
"id": "84238"
},
{
"date": "2009-12-28T19:30:00.233000",
"db": "NVD",
"id": "CVE-2009-1797"
},
{
"date": "2009-12-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200912-357"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2010-04-29T00:00:00",
"db": "CERT/CC",
"id": "VU#166739"
},
{
"date": "2010-06-29T00:00:00",
"db": "VULHUB",
"id": "VHN-39243"
},
{
"date": "2010-02-25T17:41:00",
"db": "BID",
"id": "37338"
},
{
"date": "2010-03-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-002512"
},
{
"date": "2010-06-29T04:00:00",
"db": "NVD",
"id": "CVE-2009-1797"
},
{
"date": "2009-12-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200912-357"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200912-357"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "APC Network Management Card web interface vulnerable to cross-site scripting and cross-site request forgery",
"sources": [
{
"db": "CERT/CC",
"id": "VU#166739"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "cross-site request forgery",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200912-357"
}
],
"trust": 0.6
}
}
VAR-200912-0431
Vulnerability from variot - Updated: 2023-12-18 12:52Multiple cross-site scripting (XSS) vulnerabilities on the Network Management Card (NMC) on American Power Conversion (APC) Switched Rack PDU (aka Rack Mount Power Distribution) devices and other devices allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: the login_username vector for Forms/login1 is already covered by CVE-2009-4406. By convincing a victim to load a specially crafted URL while authenticated to an NMC, an attacker could obtain credentials or perform certain actions as the victim, including turning off the NMC-based device and any systems attached to it. An attacker can exploit the cross-site request forgery issues to alter the settings on affected devices, which may lead to further network-based attacks. The attacker can exploit the cross-site scripting issues to execute arbitrary script code in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials. Other attacks are also possible. Versions prior to the following are vulnerable: Network Management Card Firmware 3.7.2 Network Management Card Firmware 5.1.1. ----------------------------------------------------------------------
Do you have VARM strategy implemented?
(Vulnerability Assessment Remediation Management)
If not, then implement it through the most reliable vulnerability intelligence source on the market.
Implement it through Secunia.
1) Input passed to various parameters (e.g. the "login_username" parameter in Forms/login1) is not properly sanitised before being returned to the user.
2) The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the request. This can be exploited to e.g. create administrative users by tricking a logged-in administrative user into visiting a malicious web site.
Vulnerability #1 is reported in APC AP7932 Switched Rack PDU version 3.3.4 with application module version 3.7.0. Other APC NMC products and versions may also be affected.
SOLUTION: Filter malicious characters and character sequences using a proxy. Do not browse untrusted websites and do not follow untrusted links.
Apply updated firmware versions when available. Contact the vendor for additional details.
PROVIDED AND/OR DISCOVERED BY: Russ McRee, HolisticInfoSec.
Vulnerability #1 also independently discovered by Jamal Pecou.
ORIGINAL ADVISORY: HolisticInfoSec: http://holisticinfosec.org/content/view/111/45/
APC: http://nam-en.apc.com/cgi-bin/nam_en.cfg/php/enduser/std_adp.php?p_faqid=10887&p_created=1261587018&p_topview=1
Jamal Pecou: http://archives.neohapsis.com/archives/bugtraq/current/0219.html
OTHER REFERENCES: US-CERT VU#166739: http://www.kb.cert.org/vuls/id/166739
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200912-0431",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "network management card",
"scope": "eq",
"trust": 1.0,
"vendor": "apc",
"version": "*"
},
{
"model": "switched rack pdu",
"scope": "eq",
"trust": 1.0,
"vendor": "apc",
"version": "*"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "american power conversion corp",
"version": null
},
{
"model": "apc network management card",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric former name",
"version": null
},
{
"model": "apc switched rack pdu",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric former name",
"version": null
},
{
"model": "network management card",
"scope": null,
"trust": 0.6,
"vendor": "apc",
"version": null
},
{
"model": "switched rack pdu ap7932",
"scope": null,
"trust": 0.3,
"vendor": "apc",
"version": null
},
{
"model": "network management card",
"scope": "eq",
"trust": 0.3,
"vendor": "apc",
"version": "0"
},
{
"model": "network management card",
"scope": "ne",
"trust": 0.3,
"vendor": "apc",
"version": "5.1.1"
},
{
"model": "network management card",
"scope": "ne",
"trust": 0.3,
"vendor": "apc",
"version": "3.7.2"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#166739"
},
{
"db": "BID",
"id": "37338"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-002513"
},
{
"db": "NVD",
"id": "CVE-2009-1798"
},
{
"db": "CNNVD",
"id": "CNNVD-200912-358"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:apc:network_management_card:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:apc:switched_rack_pdu:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2009-1798"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Jamal Pecou, Russ McRee",
"sources": [
{
"db": "BID",
"id": "37338"
},
{
"db": "CNNVD",
"id": "CNNVD-200912-358"
}
],
"trust": 0.9
},
"cve": "CVE-2009-1798",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2009-1798",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-39244",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2009-1798",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-200912-358",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-39244",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-39244"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-002513"
},
{
"db": "NVD",
"id": "CVE-2009-1798"
},
{
"db": "CNNVD",
"id": "CNNVD-200912-358"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple cross-site scripting (XSS) vulnerabilities on the Network Management Card (NMC) on American Power Conversion (APC) Switched Rack PDU (aka Rack Mount Power Distribution) devices and other devices allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: the login_username vector for Forms/login1 is already covered by CVE-2009-4406. By convincing a victim to load a specially crafted URL while authenticated to an NMC, an attacker could obtain credentials or perform certain actions as the victim, including turning off the NMC-based device and any systems attached to it. \nAn attacker can exploit the cross-site request forgery issues to alter the settings on affected devices, which may lead to further network-based attacks. \nThe attacker can exploit the cross-site scripting issues to execute arbitrary script code in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials. Other attacks are also possible. \nVersions prior to the following are vulnerable:\nNetwork Management Card Firmware 3.7.2\nNetwork Management Card Firmware 5.1.1. ----------------------------------------------------------------------\n\nDo you have VARM strategy implemented?\n\n(Vulnerability Assessment Remediation Management) \n\nIf not, then implement it through the most reliable vulnerability\nintelligence source on the market. \n\nImplement it through Secunia. \n\n1) Input passed to various parameters (e.g. the \"login_username\"\nparameter in Forms/login1) is not properly sanitised before being\nreturned to the user. \n\n2) The application allows users to perform certain actions via HTTP\nrequests without performing any validity checks to verify the\nrequest. This can be exploited to e.g. create administrative users by\ntricking a logged-in administrative user into visiting a malicious web\nsite. \n\nVulnerability #1 is reported in APC AP7932 Switched Rack PDU version\n3.3.4 with application module version 3.7.0. Other APC NMC products\nand versions may also be affected. \n\nSOLUTION:\nFilter malicious characters and character sequences using a proxy. Do\nnot browse untrusted websites and do not follow untrusted links. \n\nApply updated firmware versions when available. Contact the vendor\nfor additional details. \n\nPROVIDED AND/OR DISCOVERED BY:\nRuss McRee, HolisticInfoSec. \n\nVulnerability #1 also independently discovered by Jamal Pecou. \n\nORIGINAL ADVISORY:\nHolisticInfoSec:\nhttp://holisticinfosec.org/content/view/111/45/\n\nAPC:\nhttp://nam-en.apc.com/cgi-bin/nam_en.cfg/php/enduser/std_adp.php?p_faqid=10887\u0026p_created=1261587018\u0026p_topview=1\n\nJamal Pecou:\nhttp://archives.neohapsis.com/archives/bugtraq/current/0219.html\n\nOTHER REFERENCES:\nUS-CERT VU#166739:\nhttp://www.kb.cert.org/vuls/id/166739\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2009-1798"
},
{
"db": "CERT/CC",
"id": "VU#166739"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-002513"
},
{
"db": "BID",
"id": "37338"
},
{
"db": "VULHUB",
"id": "VHN-39244"
},
{
"db": "PACKETSTORM",
"id": "84238"
}
],
"trust": 2.79
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-39244",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-39244"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#166739",
"trust": 3.1
},
{
"db": "NVD",
"id": "CVE-2009-1798",
"trust": 2.8
},
{
"db": "SECUNIA",
"id": "37744",
"trust": 2.7
},
{
"db": "BID",
"id": "37338",
"trust": 1.9
},
{
"db": "JVNDB",
"id": "JVNDB-2009-002513",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200912-358",
"trust": 0.7
},
{
"db": "EXPLOIT-DB",
"id": "33405",
"trust": 0.1
},
{
"db": "SEEBUG",
"id": "SSVID-86627",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-39244",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "84238",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#166739"
},
{
"db": "VULHUB",
"id": "VHN-39244"
},
{
"db": "BID",
"id": "37338"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-002513"
},
{
"db": "PACKETSTORM",
"id": "84238"
},
{
"db": "NVD",
"id": "CVE-2009-1798"
},
{
"db": "CNNVD",
"id": "CNNVD-200912-358"
}
]
},
"id": "VAR-200912-0431",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-39244"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:52:37.013000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "10887",
"trust": 0.8,
"url": "http://nam-en.apc.com/cgi-bin/nam_en.cfg/php/enduser/std_adp.php?p_faqid=10887"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-002513"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-39244"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-002513"
},
{
"db": "NVD",
"id": "CVE-2009-1798"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.9,
"url": "http://holisticinfosec.org/content/view/111/45/"
},
{
"trust": 2.5,
"url": "http://secunia.com/advisories/37744"
},
{
"trust": 2.3,
"url": "http://www.kb.cert.org/vuls/id/166739"
},
{
"trust": 1.7,
"url": "http://nam-en.apc.com/cgi-bin/nam_en.cfg/php/enduser/std_adp.php?p_faqid=10887"
},
{
"trust": 1.2,
"url": "http://nam-en.apc.com/cgi-bin/nam_en.cfg/php/enduser/std_adp.php?p_faqid=10887\u0026p_created=1261587018\u0026p_topview=1"
},
{
"trust": 0.8,
"url": "http://www.securityfocus.com/archive/1/508468/30/60/threaded"
},
{
"trust": 0.8,
"url": "http://www.securityfocus.com/archive/1/508468/100/0/threaded"
},
{
"trust": 0.8,
"url": "http://www.securityfocus.com/bid/37338/info"
},
{
"trust": 0.8,
"url": "http://www.apcmedia.com/salestools/pmar-82bmh5_r0_en.zip"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1798"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnvu166739/index.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-1798"
},
{
"trust": 0.8,
"url": "http://www.securityfocus.com/bid/37338"
},
{
"trust": 0.3,
"url": "http://www.apc.com"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/37744/"
},
{
"trust": 0.1,
"url": "http://archives.neohapsis.com/archives/bugtraq/current/0219.html"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/business_solutions/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#166739"
},
{
"db": "VULHUB",
"id": "VHN-39244"
},
{
"db": "BID",
"id": "37338"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-002513"
},
{
"db": "PACKETSTORM",
"id": "84238"
},
{
"db": "NVD",
"id": "CVE-2009-1798"
},
{
"db": "CNNVD",
"id": "CNNVD-200912-358"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#166739"
},
{
"db": "VULHUB",
"id": "VHN-39244"
},
{
"db": "BID",
"id": "37338"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-002513"
},
{
"db": "PACKETSTORM",
"id": "84238"
},
{
"db": "NVD",
"id": "CVE-2009-1798"
},
{
"db": "CNNVD",
"id": "CNNVD-200912-358"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2010-02-25T00:00:00",
"db": "CERT/CC",
"id": "VU#166739"
},
{
"date": "2009-12-28T00:00:00",
"db": "VULHUB",
"id": "VHN-39244"
},
{
"date": "2009-12-15T00:00:00",
"db": "BID",
"id": "37338"
},
{
"date": "2010-03-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-002513"
},
{
"date": "2009-12-29T10:24:08",
"db": "PACKETSTORM",
"id": "84238"
},
{
"date": "2009-12-28T19:30:00.267000",
"db": "NVD",
"id": "CVE-2009-1798"
},
{
"date": "2009-12-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200912-358"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2010-04-29T00:00:00",
"db": "CERT/CC",
"id": "VU#166739"
},
{
"date": "2010-06-29T00:00:00",
"db": "VULHUB",
"id": "VHN-39244"
},
{
"date": "2010-02-25T17:41:00",
"db": "BID",
"id": "37338"
},
{
"date": "2010-03-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-002513"
},
{
"date": "2010-06-29T04:00:00",
"db": "NVD",
"id": "CVE-2009-1798"
},
{
"date": "2009-12-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200912-358"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200912-358"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "APC Network Management Card web interface vulnerable to cross-site scripting and cross-site request forgery",
"sources": [
{
"db": "CERT/CC",
"id": "VU#166739"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200912-358"
}
],
"trust": 0.6
}
}
VAR-200912-0282
Vulnerability from variot - Updated: 2023-12-18 12:52Cross-site scripting (XSS) vulnerability in Forms/login1 in American Power Conversion (APC) Switched Rack PDU AP7932 B2, running rpdu 3.3.3 or 3.7.0 on AOS 3.3.4, and possibly other versions, allows remote attackers to inject arbitrary web script or HTML via the login_username parameter. The web management interface for the APC Network Monitoring Card (NMC) used in various APC devices contains cross-site scripting (XSS) and cross-site request forgery (CSRF/XSRF) vulnerabilities. By convincing a victim to load a specially crafted URL while authenticated to an NMC, an attacker could obtain credentials or perform certain actions as the victim, including turning off the NMC-based device and any systems attached to it. An attacker can exploit the cross-site request forgery issues to alter the settings on affected devices, which may lead to further network-based attacks. The attacker can exploit the cross-site scripting issues to execute arbitrary script code in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials. Other attacks are also possible. Versions prior to the following are vulnerable: Network Management Card Firmware 3.7.2 Network Management Card Firmware 5.1.1. ----------------------------------------------------------------------
Do you have VARM strategy implemented?
(Vulnerability Assessment Remediation Management)
If not, then implement it through the most reliable vulnerability intelligence source on the market.
Implement it through Secunia.
1) Input passed to various parameters (e.g. the "login_username" parameter in Forms/login1) is not properly sanitised before being returned to the user.
2) The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the request. This can be exploited to e.g. create administrative users by tricking a logged-in administrative user into visiting a malicious web site.
Vulnerability #1 is reported in APC AP7932 Switched Rack PDU version 3.3.4 with application module version 3.7.0. Other APC NMC products and versions may also be affected.
SOLUTION: Filter malicious characters and character sequences using a proxy. Do not browse untrusted websites and do not follow untrusted links.
Apply updated firmware versions when available. Contact the vendor for additional details.
PROVIDED AND/OR DISCOVERED BY: Russ McRee, HolisticInfoSec.
Vulnerability #1 also independently discovered by Jamal Pecou.
ORIGINAL ADVISORY: HolisticInfoSec: http://holisticinfosec.org/content/view/111/45/
APC: http://nam-en.apc.com/cgi-bin/nam_en.cfg/php/enduser/std_adp.php?p_faqid=10887&p_created=1261587018&p_topview=1
Jamal Pecou: http://archives.neohapsis.com/archives/bugtraq/current/0219.html
OTHER REFERENCES: US-CERT VU#166739: http://www.kb.cert.org/vuls/id/166739
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200912-0282",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ap7932 b2",
"scope": "eq",
"trust": 1.6,
"vendor": "apc",
"version": "3.7.0"
},
{
"model": "ap7932 b2",
"scope": "eq",
"trust": 1.6,
"vendor": "apc",
"version": "3.3.3"
},
{
"model": "ap7932 b2",
"scope": "eq",
"trust": 1.0,
"vendor": "apc",
"version": "*"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "american power conversion corp",
"version": null
},
{
"model": "aos",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric former name",
"version": "3.3.4"
},
{
"model": "apc switched rack pdu",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric former name",
"version": "ap7932 b2"
},
{
"model": "switched rack pdu ap7932",
"scope": null,
"trust": 0.3,
"vendor": "apc",
"version": null
},
{
"model": "network management card",
"scope": "eq",
"trust": 0.3,
"vendor": "apc",
"version": "0"
},
{
"model": "network management card",
"scope": "ne",
"trust": 0.3,
"vendor": "apc",
"version": "5.1.1"
},
{
"model": "network management card",
"scope": "ne",
"trust": 0.3,
"vendor": "apc",
"version": "3.7.2"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#166739"
},
{
"db": "BID",
"id": "37338"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-002514"
},
{
"db": "NVD",
"id": "CVE-2009-4406"
},
{
"db": "CNNVD",
"id": "CNNVD-200912-337"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apc:ap7932_b2_firmware:3.3.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apc:ap7932_b2_firmware:3.7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:apc:aos:3.3.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:apc:ap7932_b2:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2009-4406"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Jamal Pecou, Russ McRee",
"sources": [
{
"db": "BID",
"id": "37338"
},
{
"db": "CNNVD",
"id": "CNNVD-200912-337"
}
],
"trust": 0.9
},
"cve": "CVE-2009-4406",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2009-4406",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-41852",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2009-4406",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-200912-337",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-41852",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-41852"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-002514"
},
{
"db": "NVD",
"id": "CVE-2009-4406"
},
{
"db": "CNNVD",
"id": "CNNVD-200912-337"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cross-site scripting (XSS) vulnerability in Forms/login1 in American Power Conversion (APC) Switched Rack PDU AP7932 B2, running rpdu 3.3.3 or 3.7.0 on AOS 3.3.4, and possibly other versions, allows remote attackers to inject arbitrary web script or HTML via the login_username parameter. The web management interface for the APC Network Monitoring Card (NMC) used in various APC devices contains cross-site scripting (XSS) and cross-site request forgery (CSRF/XSRF) vulnerabilities. By convincing a victim to load a specially crafted URL while authenticated to an NMC, an attacker could obtain credentials or perform certain actions as the victim, including turning off the NMC-based device and any systems attached to it. \nAn attacker can exploit the cross-site request forgery issues to alter the settings on affected devices, which may lead to further network-based attacks. \nThe attacker can exploit the cross-site scripting issues to execute arbitrary script code in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials. Other attacks are also possible. \nVersions prior to the following are vulnerable:\nNetwork Management Card Firmware 3.7.2\nNetwork Management Card Firmware 5.1.1. ----------------------------------------------------------------------\n\nDo you have VARM strategy implemented?\n\n(Vulnerability Assessment Remediation Management) \n\nIf not, then implement it through the most reliable vulnerability\nintelligence source on the market. \n\nImplement it through Secunia. \n\n1) Input passed to various parameters (e.g. the \"login_username\"\nparameter in Forms/login1) is not properly sanitised before being\nreturned to the user. \n\n2) The application allows users to perform certain actions via HTTP\nrequests without performing any validity checks to verify the\nrequest. This can be exploited to e.g. create administrative users by\ntricking a logged-in administrative user into visiting a malicious web\nsite. \n\nVulnerability #1 is reported in APC AP7932 Switched Rack PDU version\n3.3.4 with application module version 3.7.0. Other APC NMC products\nand versions may also be affected. \n\nSOLUTION:\nFilter malicious characters and character sequences using a proxy. Do\nnot browse untrusted websites and do not follow untrusted links. \n\nApply updated firmware versions when available. Contact the vendor\nfor additional details. \n\nPROVIDED AND/OR DISCOVERED BY:\nRuss McRee, HolisticInfoSec. \n\nVulnerability #1 also independently discovered by Jamal Pecou. \n\nORIGINAL ADVISORY:\nHolisticInfoSec:\nhttp://holisticinfosec.org/content/view/111/45/\n\nAPC:\nhttp://nam-en.apc.com/cgi-bin/nam_en.cfg/php/enduser/std_adp.php?p_faqid=10887\u0026p_created=1261587018\u0026p_topview=1\n\nJamal Pecou:\nhttp://archives.neohapsis.com/archives/bugtraq/current/0219.html\n\nOTHER REFERENCES:\nUS-CERT VU#166739:\nhttp://www.kb.cert.org/vuls/id/166739\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2009-4406"
},
{
"db": "CERT/CC",
"id": "VU#166739"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-002514"
},
{
"db": "BID",
"id": "37338"
},
{
"db": "VULHUB",
"id": "VHN-41852"
},
{
"db": "PACKETSTORM",
"id": "84238"
}
],
"trust": 2.79
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "37338",
"trust": 3.6
},
{
"db": "NVD",
"id": "CVE-2009-4406",
"trust": 2.8
},
{
"db": "SECTRACK",
"id": "1023331",
"trust": 2.5
},
{
"db": "CERT/CC",
"id": "VU#166739",
"trust": 2.0
},
{
"db": "XF",
"id": "54824",
"trust": 1.4
},
{
"db": "JVNDB",
"id": "JVNDB-2009-002514",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200912-337",
"trust": 0.7
},
{
"db": "BUGTRAQ",
"id": "20091214 APC SWITCHED RACK PDU XSS VULNERABILITY",
"trust": 0.6
},
{
"db": "XF",
"id": "7932",
"trust": 0.6
},
{
"db": "SECUNIA",
"id": "37744",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-41852",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "84238",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#166739"
},
{
"db": "VULHUB",
"id": "VHN-41852"
},
{
"db": "BID",
"id": "37338"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-002514"
},
{
"db": "PACKETSTORM",
"id": "84238"
},
{
"db": "NVD",
"id": "CVE-2009-4406"
},
{
"db": "CNNVD",
"id": "CNNVD-200912-337"
}
]
},
"id": "VAR-200912-0282",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-41852"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:52:36.977000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.apc.com/index.cfm"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-002514"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-41852"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-002514"
},
{
"db": "NVD",
"id": "CVE-2009-4406"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://www.securityfocus.com/bid/37338"
},
{
"trust": 2.5,
"url": "http://www.securitytracker.com/id?1023331"
},
{
"trust": 1.9,
"url": "http://www.securityfocus.com/archive/1/508468/100/0/threaded"
},
{
"trust": 1.7,
"url": "http://www.packetstormsecurity.org/0912-exploits/apc-xss.txt"
},
{
"trust": 1.4,
"url": "http://xforce.iss.net/xforce/xfdb/54824"
},
{
"trust": 1.2,
"url": "http://holisticinfosec.org/content/view/111/45/"
},
{
"trust": 1.2,
"url": "http://nam-en.apc.com/cgi-bin/nam_en.cfg/php/enduser/std_adp.php?p_faqid=10887\u0026p_created=1261587018\u0026p_topview=1"
},
{
"trust": 1.2,
"url": "http://www.kb.cert.org/vuls/id/166739"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54824"
},
{
"trust": 0.8,
"url": "http://www.securityfocus.com/archive/1/508468/30/60/threaded"
},
{
"trust": 0.8,
"url": "http://www.securityfocus.com/bid/37338/info"
},
{
"trust": 0.8,
"url": "http://www.apcmedia.com/salestools/pmar-82bmh5_r0_en.zip"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-4406"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnvu166739/index.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-4406"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/508468/100/0/threaded"
},
{
"trust": 0.3,
"url": "http://www.apc.com"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/37744/"
},
{
"trust": 0.1,
"url": "http://archives.neohapsis.com/archives/bugtraq/current/0219.html"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/business_solutions/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#166739"
},
{
"db": "VULHUB",
"id": "VHN-41852"
},
{
"db": "BID",
"id": "37338"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-002514"
},
{
"db": "PACKETSTORM",
"id": "84238"
},
{
"db": "NVD",
"id": "CVE-2009-4406"
},
{
"db": "CNNVD",
"id": "CNNVD-200912-337"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#166739"
},
{
"db": "VULHUB",
"id": "VHN-41852"
},
{
"db": "BID",
"id": "37338"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-002514"
},
{
"db": "PACKETSTORM",
"id": "84238"
},
{
"db": "NVD",
"id": "CVE-2009-4406"
},
{
"db": "CNNVD",
"id": "CNNVD-200912-337"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2010-02-25T00:00:00",
"db": "CERT/CC",
"id": "VU#166739"
},
{
"date": "2009-12-23T00:00:00",
"db": "VULHUB",
"id": "VHN-41852"
},
{
"date": "2009-12-15T00:00:00",
"db": "BID",
"id": "37338"
},
{
"date": "2010-03-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-002514"
},
{
"date": "2009-12-29T10:24:08",
"db": "PACKETSTORM",
"id": "84238"
},
{
"date": "2009-12-23T21:30:00.233000",
"db": "NVD",
"id": "CVE-2009-4406"
},
{
"date": "2009-12-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200912-337"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2010-04-29T00:00:00",
"db": "CERT/CC",
"id": "VU#166739"
},
{
"date": "2018-10-10T00:00:00",
"db": "VULHUB",
"id": "VHN-41852"
},
{
"date": "2010-02-25T17:41:00",
"db": "BID",
"id": "37338"
},
{
"date": "2010-03-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-002514"
},
{
"date": "2018-10-10T19:49:09.260000",
"db": "NVD",
"id": "CVE-2009-4406"
},
{
"date": "2009-12-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200912-337"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200912-337"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "APC Network Management Card web interface vulnerable to cross-site scripting and cross-site request forgery",
"sources": [
{
"db": "CERT/CC",
"id": "VU#166739"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200912-337"
}
],
"trust": 0.6
}
}
VAR-201112-0182
Vulnerability from variot - Updated: 2023-12-18 12:52Cross-site scripting (XSS) vulnerability in Schneider Electric PowerChute Business Edition before 8.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. PowerChute Business Edition contains a cross-site scripting vulnerability. PowerChute Business Edition from Schneider Electric is a power management software. PowerChute Business Edition contains a cross-site scripting vulnerability. Jun Okada of GLOBAL TECHNOLOGY CORPORATION reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.An arbitrary script may be executed on the user's web browser. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. ----------------------------------------------------------------------
Secunia is hiring!
Find your next job here:
http://secunia.com/company/jobs/
TITLE: APC PowerChute Business Edition Unspecified Cross-Site Scripting Vulnerability
SECUNIA ADVISORY ID: SA47113
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47113/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47113
RELEASE DATE: 2011-12-13
DISCUSS ADVISORY: http://secunia.com/advisories/47113/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/47113/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=47113
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: A vulnerability has been reported in APC PowerChute Business Edition, which can be exploited by malicious people to conduct cross-site scripting attacks.
Certain unspecified input is not properly sanitised before being returned to the user.
SOLUTION: Update to version 8.5.
ORIGINAL ADVISORY: JVN: https://jvn.jp/en/jp/JVN61695284/index.html http://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000100.html
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201112-0182",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "powerchute",
"scope": "eq",
"trust": 1.6,
"vendor": "apc",
"version": "7.0.4"
},
{
"model": "powerchute",
"scope": "eq",
"trust": 1.6,
"vendor": "apc",
"version": "7.1"
},
{
"model": "powerchute",
"scope": "eq",
"trust": 1.6,
"vendor": "apc",
"version": "6.0"
},
{
"model": "powerchute",
"scope": "lte",
"trust": 1.0,
"vendor": "apc",
"version": "8.0.1"
},
{
"model": "electric powerchute business edition",
"scope": "eq",
"trust": 0.9,
"vendor": "schneider",
"version": "0"
},
{
"model": "powerchute",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "(business) prior to 8.5"
},
{
"model": "powerchute",
"scope": "eq",
"trust": 0.6,
"vendor": "apc",
"version": "8.0.1"
},
{
"model": "electric powerchute business edition",
"scope": "ne",
"trust": 0.3,
"vendor": "schneider",
"version": "8.5"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "powerchute",
"version": "6.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "powerchute",
"version": "7.0.4"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "powerchute",
"version": "7.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "powerchute",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "58a2b8ce-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-5251"
},
{
"db": "BID",
"id": "51022"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-000100"
},
{
"db": "NVD",
"id": "CVE-2011-4263"
},
{
"db": "CNNVD",
"id": "CNNVD-201112-079"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apc:powerchute:7.1:*:business:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apc:powerchute:7.0.4:*:business:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apc:powerchute:6.0:*:business:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apc:powerchute:*:*:business:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.0.1",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2011-4263"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Jun Okada of GLOBAL TECHNOLOGY CORPORATION",
"sources": [
{
"db": "BID",
"id": "51022"
}
],
"trust": 0.3
},
"cve": "CVE-2011-4263",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2011-000100",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "58a2b8ce-2354-11e6-abef-000c29c66e3d",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2011-4263",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "IPA",
"id": "JVNDB-2011-000100",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201112-079",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "58a2b8ce-2354-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "58a2b8ce-2354-11e6-abef-000c29c66e3d"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-000100"
},
{
"db": "NVD",
"id": "CVE-2011-4263"
},
{
"db": "CNNVD",
"id": "CNNVD-201112-079"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cross-site scripting (XSS) vulnerability in Schneider Electric PowerChute Business Edition before 8.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. PowerChute Business Edition contains a cross-site scripting vulnerability. PowerChute Business Edition from Schneider Electric is a power management software. PowerChute Business Edition contains a cross-site scripting vulnerability. Jun Okada of GLOBAL TECHNOLOGY CORPORATION reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.An arbitrary script may be executed on the user\u0027s web browser. \nAn attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. ----------------------------------------------------------------------\n\nSecunia is hiring!\n\nFind your next job here:\n\nhttp://secunia.com/company/jobs/\n\n----------------------------------------------------------------------\n\nTITLE:\nAPC PowerChute Business Edition Unspecified Cross-Site Scripting\nVulnerability\n\nSECUNIA ADVISORY ID:\nSA47113\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/47113/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=47113\n\nRELEASE DATE:\n2011-12-13\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/47113/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/47113/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=47113\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nA vulnerability has been reported in APC PowerChute Business Edition,\nwhich can be exploited by malicious people to conduct cross-site\nscripting attacks. \n\nCertain unspecified input is not properly sanitised before being\nreturned to the user. \n\nSOLUTION:\nUpdate to version 8.5. \n\nORIGINAL ADVISORY:\nJVN:\nhttps://jvn.jp/en/jp/JVN61695284/index.html\nhttp://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000100.html\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2011-4263"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-000100"
},
{
"db": "CNVD",
"id": "CNVD-2011-5251"
},
{
"db": "BID",
"id": "51022"
},
{
"db": "IVD",
"id": "58a2b8ce-2354-11e6-abef-000c29c66e3d"
},
{
"db": "PACKETSTORM",
"id": "107938"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2011-4263",
"trust": 3.5
},
{
"db": "JVN",
"id": "JVN61695284",
"trust": 3.4
},
{
"db": "JVNDB",
"id": "JVNDB-2011-000100",
"trust": 2.8
},
{
"db": "CNVD",
"id": "CNVD-2011-5251",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201112-079",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVN#61695284",
"trust": 0.6
},
{
"db": "BID",
"id": "51022",
"trust": 0.3
},
{
"db": "SECUNIA",
"id": "47113",
"trust": 0.3
},
{
"db": "IVD",
"id": "58A2B8CE-2354-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "107938",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "58a2b8ce-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-5251"
},
{
"db": "BID",
"id": "51022"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-000100"
},
{
"db": "PACKETSTORM",
"id": "107938"
},
{
"db": "NVD",
"id": "CVE-2011-4263"
},
{
"db": "CNNVD",
"id": "CNNVD-201112-079"
}
]
},
"id": "VAR-201112-0182",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "58a2b8ce-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-5251"
}
],
"trust": 1.55
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "58a2b8ce-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-5251"
}
]
},
"last_update_date": "2023-12-18T12:52:19.662000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "PowerChute Business Edition",
"trust": 0.8,
"url": "http://www.apc.com/products/family/index.cfm?id=125\u0026isocountrycode=us"
},
{
"title": "Schneider Electric PowerChute Business Edition has patches for unidentified cross-site scripting vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/6260"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-5251"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-000100"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-000100"
},
{
"db": "NVD",
"id": "CVE-2011-4263"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "http://jvn.jp/en/jp/jvn61695284/index.html"
},
{
"trust": 1.6,
"url": "http://jvndb.jvn.jp/jvndb/jvndb-2011-000100"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-4263"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-4263"
},
{
"trust": 0.6,
"url": "http://jvn.jp/en/jp/jvn61695284/index.htmlhttp"
},
{
"trust": 0.4,
"url": "http://jvndb.jvn.jp/en/contents/2011/jvndb-2011-000100.html"
},
{
"trust": 0.3,
"url": "http://www.apc.com/products/family/index.cfm?id=125\u0026isocountrycode=us"
},
{
"trust": 0.3,
"url": "http://www.schneider-electric.com/site/home/index.cfm/ww/?selectcountry=true"
},
{
"trust": 0.1,
"url": "http://secunia.com/company/jobs/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_intelligence/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/47113/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/personal/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/47113/#comments"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=47113"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-5251"
},
{
"db": "BID",
"id": "51022"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-000100"
},
{
"db": "PACKETSTORM",
"id": "107938"
},
{
"db": "NVD",
"id": "CVE-2011-4263"
},
{
"db": "CNNVD",
"id": "CNNVD-201112-079"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "58a2b8ce-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-5251"
},
{
"db": "BID",
"id": "51022"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-000100"
},
{
"db": "PACKETSTORM",
"id": "107938"
},
{
"db": "NVD",
"id": "CVE-2011-4263"
},
{
"db": "CNNVD",
"id": "CNNVD-201112-079"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-12-14T00:00:00",
"db": "IVD",
"id": "58a2b8ce-2354-11e6-abef-000c29c66e3d"
},
{
"date": "2011-12-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-5251"
},
{
"date": "2011-12-12T00:00:00",
"db": "BID",
"id": "51022"
},
{
"date": "2011-12-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-000100"
},
{
"date": "2011-12-16T07:34:32",
"db": "PACKETSTORM",
"id": "107938"
},
{
"date": "2011-12-07T19:55:01.957000",
"db": "NVD",
"id": "CVE-2011-4263"
},
{
"date": "2011-12-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201112-079"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-12-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-5251"
},
{
"date": "2015-03-19T09:36:00",
"db": "BID",
"id": "51022"
},
{
"date": "2011-12-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-000100"
},
{
"date": "2011-12-08T14:59:41.547000",
"db": "NVD",
"id": "CVE-2011-4263"
},
{
"date": "2011-12-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201112-079"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201112-079"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "PowerChute Business Edition vulnerable to cross-site scripting",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-000100"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "xss",
"sources": [
{
"db": "PACKETSTORM",
"id": "107938"
},
{
"db": "CNNVD",
"id": "CNNVD-201112-079"
}
],
"trust": 0.7
}
}