Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
9 vulnerabilities by lussumo
CVE-2010-1337 (GCVE-0-2010-1337)
Vulnerability from cvelistv5 – Published: 2010-04-09 18:00 – Updated: 2024-08-07 01:21
VLAI
Summary
Multiple PHP remote file inclusion vulnerabilities in definitions.php in Lussumo Vanilla 1.1.10, and possibly 0.9.2 and other versions, allow remote attackers to execute arbitrary PHP code via a URL in the (1) include and (2) Configuration['LANGUAGE'] parameters.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.securityfocus.com/bid/38889 | vdb-entryx_refsource_BID |
| http://www.packetstormsecurity.com/1003-exploits/… | x_refsource_MISC |
Date Public
2010-03-23 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T01:21:18.567Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "vanilla-definitions-file-include(57147)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/57147"
},
{
"name": "38889",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/38889"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.packetstormsecurity.com/1003-exploits/vanilla-rfi.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-03-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple PHP remote file inclusion vulnerabilities in definitions.php in Lussumo Vanilla 1.1.10, and possibly 0.9.2 and other versions, allow remote attackers to execute arbitrary PHP code via a URL in the (1) include and (2) Configuration[\u0027LANGUAGE\u0027] parameters."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "vanilla-definitions-file-include(57147)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/57147"
},
{
"name": "38889",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/38889"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.packetstormsecurity.com/1003-exploits/vanilla-rfi.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1337",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple PHP remote file inclusion vulnerabilities in definitions.php in Lussumo Vanilla 1.1.10, and possibly 0.9.2 and other versions, allow remote attackers to execute arbitrary PHP code via a URL in the (1) include and (2) Configuration[\u0027LANGUAGE\u0027] parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "vanilla-definitions-file-include(57147)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/57147"
},
{
"name": "38889",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/38889"
},
{
"name": "http://www.packetstormsecurity.com/1003-exploits/vanilla-rfi.txt",
"refsource": "MISC",
"url": "http://www.packetstormsecurity.com/1003-exploits/vanilla-rfi.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-1337",
"datePublished": "2010-04-09T18:00:00.000Z",
"dateReserved": "2010-04-09T00:00:00.000Z",
"dateUpdated": "2024-08-07T01:21:18.567Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-1845 (GCVE-0-2009-1845)
Vulnerability from cvelistv5 – Published: 2009-06-01 19:00 – Updated: 2024-08-07 05:27
VLAI
Summary
Cross-site scripting (XSS) vulnerability in ajax/updatecheck.php in Lussumo Vanilla 1.1.5 and 1.1.7 allows remote attackers to inject arbitrary web script or HTML via the RequestName parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://secunia.com/advisories/35234 | third-party-advisoryx_refsource_SECUNIA |
| http://lussumo.com/community/discussion/9524/vani… | x_refsource_CONFIRM |
| http://gsasec.blogspot.com/2009/05/vanilla-v117-c… | x_refsource_MISC |
| http://www.securityfocus.com/archive/1/503847/100… | mailing-listx_refsource_BUGTRAQ |
Date Public
2009-05-27 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:27:54.658Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "35234",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35234"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://lussumo.com/community/discussion/9524/vanilla-118-released/#Item_0"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://gsasec.blogspot.com/2009/05/vanilla-v117-cross-site-scripting.html"
},
{
"name": "20090527 Vanilla v.1.1.7 Cross-Site Scripting",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/503847/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-05-27T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in ajax/updatecheck.php in Lussumo Vanilla 1.1.5 and 1.1.7 allows remote attackers to inject arbitrary web script or HTML via the RequestName parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "35234",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35234"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://lussumo.com/community/discussion/9524/vanilla-118-released/#Item_0"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://gsasec.blogspot.com/2009/05/vanilla-v117-cross-site-scripting.html"
},
{
"name": "20090527 Vanilla v.1.1.7 Cross-Site Scripting",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/503847/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1845",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in ajax/updatecheck.php in Lussumo Vanilla 1.1.5 and 1.1.7 allows remote attackers to inject arbitrary web script or HTML via the RequestName parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "35234",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35234"
},
{
"name": "http://lussumo.com/community/discussion/9524/vanilla-118-released/#Item_0",
"refsource": "CONFIRM",
"url": "http://lussumo.com/community/discussion/9524/vanilla-118-released/#Item_0"
},
{
"name": "http://gsasec.blogspot.com/2009/05/vanilla-v117-cross-site-scripting.html",
"refsource": "MISC",
"url": "http://gsasec.blogspot.com/2009/05/vanilla-v117-cross-site-scripting.html"
},
{
"name": "20090527 Vanilla v.1.1.7 Cross-Site Scripting",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/503847/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-1845",
"datePublished": "2009-06-01T19:00:00.000Z",
"dateReserved": "2009-06-01T00:00:00.000Z",
"dateUpdated": "2024-08-07T05:27:54.658Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-3874 (GCVE-0-2008-3874)
Vulnerability from cvelistv5 – Published: 2008-08-29 17:00 – Updated: 2024-08-07 09:53
VLAI
Summary
Cross-site scripting (XSS) vulnerability in account.php in Lussumo Vanilla 1.1.5-rc1, 1.1.4, and earlier allows remote authenticated users to inject arbitrary web script or HTML via the Value field (aka Label ==> Value pairs). NOTE: some of these details are obtained from third party information.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| http://secunia.com/advisories/31527 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/archive/1/495577/100… | mailing-listx_refsource_BUGTRAQ |
| http://lussumo.com/community/discussion/8559/vani… | x_refsource_MISC |
| http://www.gulftech.org/?node=research&article_id… | x_refsource_MISC |
| http://www.securityfocus.com/bid/30748 | vdb-entryx_refsource_BID |
| http://lussumo.com/docs/doku.php?id=vanilla:relea… | x_refsource_MISC |
| http://securityreason.com/securityalert/4176 | third-party-advisoryx_refsource_SREASON |
Date Public
2008-08-19 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:53:00.484Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "31527",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31527"
},
{
"name": "20080819 Vanilla \u003c= 1.1.4 Script Injection/ XSS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/495577/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://lussumo.com/community/discussion/8559/vanilla-115-release-candidate-1/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.gulftech.org/?node=research\u0026article_id=00126-08192008"
},
{
"name": "30748",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30748"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://lussumo.com/docs/doku.php?id=vanilla:releasenotes"
},
{
"name": "4176",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/4176"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-08-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in account.php in Lussumo Vanilla 1.1.5-rc1, 1.1.4, and earlier allows remote authenticated users to inject arbitrary web script or HTML via the Value field (aka Label ==\u003e Value pairs). NOTE: some of these details are obtained from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "31527",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31527"
},
{
"name": "20080819 Vanilla \u003c= 1.1.4 Script Injection/ XSS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/495577/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://lussumo.com/community/discussion/8559/vanilla-115-release-candidate-1/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.gulftech.org/?node=research\u0026article_id=00126-08192008"
},
{
"name": "30748",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30748"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://lussumo.com/docs/doku.php?id=vanilla:releasenotes"
},
{
"name": "4176",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/4176"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3874",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in account.php in Lussumo Vanilla 1.1.5-rc1, 1.1.4, and earlier allows remote authenticated users to inject arbitrary web script or HTML via the Value field (aka Label ==\u003e Value pairs). NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "31527",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31527"
},
{
"name": "20080819 Vanilla \u003c= 1.1.4 Script Injection/ XSS",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/495577/100/0/threaded"
},
{
"name": "http://lussumo.com/community/discussion/8559/vanilla-115-release-candidate-1/",
"refsource": "MISC",
"url": "http://lussumo.com/community/discussion/8559/vanilla-115-release-candidate-1/"
},
{
"name": "http://www.gulftech.org/?node=research\u0026article_id=00126-08192008",
"refsource": "MISC",
"url": "http://www.gulftech.org/?node=research\u0026article_id=00126-08192008"
},
{
"name": "30748",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30748"
},
{
"name": "http://lussumo.com/docs/doku.php?id=vanilla:releasenotes",
"refsource": "MISC",
"url": "http://lussumo.com/docs/doku.php?id=vanilla:releasenotes"
},
{
"name": "4176",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4176"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-3874",
"datePublished": "2008-08-29T17:00:00.000Z",
"dateReserved": "2008-08-29T00:00:00.000Z",
"dateUpdated": "2024-08-07T09:53:00.484Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-3758 (GCVE-0-2008-3758)
Vulnerability from cvelistv5 – Published: 2008-08-21 17:00 – Updated: 2024-08-07 09:52
VLAI
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Lussumo Vanilla 1.1.4 and earlier (1) allow remote attackers to inject arbitrary web script or HTML via the NewPassword parameter to people.php, and allow remote authenticated users to inject arbitrary web script or HTML via the (2) Account picture and (3) Icon fields in account.php. NOTE: some of these details are obtained from third party information.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
9 references
| URL | Tags |
|---|---|
| http://secunia.com/advisories/31527 | third-party-advisoryx_refsource_SECUNIA |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://lussumo.com/community/discussion/8559/vani… | x_refsource_CONFIRM |
| http://www.securityfocus.com/archive/1/495577/100… | mailing-listx_refsource_BUGTRAQ |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.gulftech.org/?node=research&article_id… | x_refsource_MISC |
| http://www.securityfocus.com/bid/30748 | vdb-entryx_refsource_BID |
| http://lussumo.com/docs/doku.php?id=vanilla:relea… | x_refsource_CONFIRM |
| http://securityreason.com/securityalert/4176 | third-party-advisoryx_refsource_SREASON |
Date Public
2008-08-19 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:52:59.532Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "31527",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31527"
},
{
"name": "vanilla-people-xss(44554)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44554"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://lussumo.com/community/discussion/8559/vanilla-115-release-candidate-1/"
},
{
"name": "20080819 Vanilla \u003c= 1.1.4 Script Injection/ XSS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/495577/100/0/threaded"
},
{
"name": "vanilla-account-xss(44556)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44556"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.gulftech.org/?node=research\u0026article_id=00126-08192008"
},
{
"name": "30748",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30748"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://lussumo.com/docs/doku.php?id=vanilla:releasenotes"
},
{
"name": "4176",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/4176"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-08-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Lussumo Vanilla 1.1.4 and earlier (1) allow remote attackers to inject arbitrary web script or HTML via the NewPassword parameter to people.php, and allow remote authenticated users to inject arbitrary web script or HTML via the (2) Account picture and (3) Icon fields in account.php. NOTE: some of these details are obtained from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "31527",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31527"
},
{
"name": "vanilla-people-xss(44554)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44554"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://lussumo.com/community/discussion/8559/vanilla-115-release-candidate-1/"
},
{
"name": "20080819 Vanilla \u003c= 1.1.4 Script Injection/ XSS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/495577/100/0/threaded"
},
{
"name": "vanilla-account-xss(44556)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44556"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.gulftech.org/?node=research\u0026article_id=00126-08192008"
},
{
"name": "30748",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30748"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://lussumo.com/docs/doku.php?id=vanilla:releasenotes"
},
{
"name": "4176",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/4176"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3758",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Lussumo Vanilla 1.1.4 and earlier (1) allow remote attackers to inject arbitrary web script or HTML via the NewPassword parameter to people.php, and allow remote authenticated users to inject arbitrary web script or HTML via the (2) Account picture and (3) Icon fields in account.php. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "31527",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31527"
},
{
"name": "vanilla-people-xss(44554)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44554"
},
{
"name": "http://lussumo.com/community/discussion/8559/vanilla-115-release-candidate-1/",
"refsource": "CONFIRM",
"url": "http://lussumo.com/community/discussion/8559/vanilla-115-release-candidate-1/"
},
{
"name": "20080819 Vanilla \u003c= 1.1.4 Script Injection/ XSS",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/495577/100/0/threaded"
},
{
"name": "vanilla-account-xss(44556)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44556"
},
{
"name": "http://www.gulftech.org/?node=research\u0026article_id=00126-08192008",
"refsource": "MISC",
"url": "http://www.gulftech.org/?node=research\u0026article_id=00126-08192008"
},
{
"name": "30748",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30748"
},
{
"name": "http://lussumo.com/docs/doku.php?id=vanilla:releasenotes",
"refsource": "CONFIRM",
"url": "http://lussumo.com/docs/doku.php?id=vanilla:releasenotes"
},
{
"name": "4176",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4176"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-3758",
"datePublished": "2008-08-21T17:00:00.000Z",
"dateReserved": "2008-08-21T00:00:00.000Z",
"dateUpdated": "2024-08-07T09:52:59.532Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-3760 (GCVE-0-2008-3760)
Vulnerability from cvelistv5 – Published: 2008-08-21 17:00 – Updated: 2024-08-07 09:52
VLAI
Summary
Cross-site request forgery (CSRF) vulnerability in the sign-out page in Vanilla 1.1.4 and earlier allows remote attackers to hijack the authentication of arbitrary users for requests that trigger a logout via a SignOutNow action to people.php.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://secunia.com/advisories/31527 | third-party-advisoryx_refsource_SECUNIA |
| http://lussumo.com/community/discussion/8559/vani… | x_refsource_CONFIRM |
| http://lussumo.com/community/discussion/8463/poss… | x_refsource_CONFIRM |
| http://lussumo.com/docs/doku.php?id=vanilla:relea… | x_refsource_CONFIRM |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://lussumo.com/bugs/discussion/88/csrf-attack-hole/ | x_refsource_CONFIRM |
Date Public
2008-08-19 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:52:59.923Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "vanilla-people-csrf(44748)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44748"
},
{
"name": "31527",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31527"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://lussumo.com/community/discussion/8559/vanilla-115-release-candidate-1/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://lussumo.com/community/discussion/8463/possible-security-flaw/#Comment_88511"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://lussumo.com/docs/doku.php?id=vanilla:releasenotes"
},
{
"name": "vanilla-updatecheck-people-csrf(44558)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44558"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://lussumo.com/bugs/discussion/88/csrf-attack-hole/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-08-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in the sign-out page in Vanilla 1.1.4 and earlier allows remote attackers to hijack the authentication of arbitrary users for requests that trigger a logout via a SignOutNow action to people.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "vanilla-people-csrf(44748)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44748"
},
{
"name": "31527",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31527"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://lussumo.com/community/discussion/8559/vanilla-115-release-candidate-1/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://lussumo.com/community/discussion/8463/possible-security-flaw/#Comment_88511"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://lussumo.com/docs/doku.php?id=vanilla:releasenotes"
},
{
"name": "vanilla-updatecheck-people-csrf(44558)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44558"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://lussumo.com/bugs/discussion/88/csrf-attack-hole/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3760",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in the sign-out page in Vanilla 1.1.4 and earlier allows remote attackers to hijack the authentication of arbitrary users for requests that trigger a logout via a SignOutNow action to people.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "vanilla-people-csrf(44748)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44748"
},
{
"name": "31527",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31527"
},
{
"name": "http://lussumo.com/community/discussion/8559/vanilla-115-release-candidate-1/",
"refsource": "CONFIRM",
"url": "http://lussumo.com/community/discussion/8559/vanilla-115-release-candidate-1/"
},
{
"name": "http://lussumo.com/community/discussion/8463/possible-security-flaw/#Comment_88511",
"refsource": "CONFIRM",
"url": "http://lussumo.com/community/discussion/8463/possible-security-flaw/#Comment_88511"
},
{
"name": "http://lussumo.com/docs/doku.php?id=vanilla:releasenotes",
"refsource": "CONFIRM",
"url": "http://lussumo.com/docs/doku.php?id=vanilla:releasenotes"
},
{
"name": "vanilla-updatecheck-people-csrf(44558)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44558"
},
{
"name": "http://lussumo.com/bugs/discussion/88/csrf-attack-hole/",
"refsource": "CONFIRM",
"url": "http://lussumo.com/bugs/discussion/88/csrf-attack-hole/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-3760",
"datePublished": "2008-08-21T17:00:00.000Z",
"dateReserved": "2008-08-21T00:00:00.000Z",
"dateUpdated": "2024-08-07T09:52:59.923Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-3759 (GCVE-0-2008-3759)
Vulnerability from cvelistv5 – Published: 2008-08-21 17:00 – Updated: 2024-08-07 09:52
VLAI
Summary
Cross-site request forgery (CSRF) vulnerability in ajax/UpdateCheck.php in Vanilla 1.1.4 and earlier has unknown impact and remote attack vectors.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://secunia.com/advisories/31527 | third-party-advisoryx_refsource_SECUNIA |
| http://lussumo.com/community/discussion/8559/vani… | x_refsource_CONFIRM |
| http://lussumo.com/bugs/discussion/91/ajaxupdatec… | x_refsource_CONFIRM |
| http://lussumo.com/docs/doku.php?id=vanilla:relea… | x_refsource_CONFIRM |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Date Public
2008-08-19 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:52:59.437Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "31527",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31527"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://lussumo.com/community/discussion/8559/vanilla-115-release-candidate-1/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://lussumo.com/bugs/discussion/91/ajaxupdatecheckphp-csrf-vulnerability/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://lussumo.com/docs/doku.php?id=vanilla:releasenotes"
},
{
"name": "vanilla-updatecheck-people-csrf(44558)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44558"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-08-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in ajax/UpdateCheck.php in Vanilla 1.1.4 and earlier has unknown impact and remote attack vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "31527",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31527"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://lussumo.com/community/discussion/8559/vanilla-115-release-candidate-1/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://lussumo.com/bugs/discussion/91/ajaxupdatecheckphp-csrf-vulnerability/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://lussumo.com/docs/doku.php?id=vanilla:releasenotes"
},
{
"name": "vanilla-updatecheck-people-csrf(44558)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44558"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3759",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in ajax/UpdateCheck.php in Vanilla 1.1.4 and earlier has unknown impact and remote attack vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "31527",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31527"
},
{
"name": "http://lussumo.com/community/discussion/8559/vanilla-115-release-candidate-1/",
"refsource": "CONFIRM",
"url": "http://lussumo.com/community/discussion/8559/vanilla-115-release-candidate-1/"
},
{
"name": "http://lussumo.com/bugs/discussion/91/ajaxupdatecheckphp-csrf-vulnerability/",
"refsource": "CONFIRM",
"url": "http://lussumo.com/bugs/discussion/91/ajaxupdatecheckphp-csrf-vulnerability/"
},
{
"name": "http://lussumo.com/docs/doku.php?id=vanilla:releasenotes",
"refsource": "CONFIRM",
"url": "http://lussumo.com/docs/doku.php?id=vanilla:releasenotes"
},
{
"name": "vanilla-updatecheck-people-csrf(44558)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44558"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-3759",
"datePublished": "2008-08-21T17:00:00.000Z",
"dateReserved": "2008-08-21T00:00:00.000Z",
"dateUpdated": "2024-08-07T09:52:59.437Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-5644 (GCVE-0-2007-5644)
Vulnerability from cvelistv5 – Published: 2007-10-23 21:00 – Updated: 2024-08-07 15:39
VLAI
Summary
Lussumo Vanilla 1.1.3 and earlier does not require admin privileges for (1) ajax/sortcategories.php and (2) ajax/sortroles.php, which allows remote attackers to conduct unauthorized sort operations and other activities.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/4548 | exploitx_refsource_EXPLOIT-DB |
Date Public
2007-10-20 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:39:13.268Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "4548",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/4548"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-10-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Lussumo Vanilla 1.1.3 and earlier does not require admin privileges for (1) ajax/sortcategories.php and (2) ajax/sortroles.php, which allows remote attackers to conduct unauthorized sort operations and other activities."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "4548",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/4548"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-5644",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Lussumo Vanilla 1.1.3 and earlier does not require admin privileges for (1) ajax/sortcategories.php and (2) ajax/sortroles.php, which allows remote attackers to conduct unauthorized sort operations and other activities."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "4548",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/4548"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-5644",
"datePublished": "2007-10-23T21:00:00.000Z",
"dateReserved": "2007-10-23T00:00:00.000Z",
"dateUpdated": "2024-08-07T15:39:13.268Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-5643 (GCVE-0-2007-5643)
Vulnerability from cvelistv5 – Published: 2007-10-23 21:00 – Updated: 2024-08-07 15:39
VLAI
Summary
Multiple SQL injection vulnerabilities in Lussumo Vanilla 1.1.3 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the CategoryID parameter to ajax/sortcategories.php or (2) an unspecified vector to ajax/sortroles.php.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| http://lussumo.com/swell/168/Vanilla-114-Released/ | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/26145 | vdb-entryx_refsource_BID |
| http://www.vupen.com/english/advisories/2007/3571 | vdb-entryx_refsource_VUPEN |
| http://secunia.com/advisories/27348 | third-party-advisoryx_refsource_SECUNIA |
| http://lussumo.com/community/discussion/7214/vani… | x_refsource_CONFIRM |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| https://www.exploit-db.com/exploits/4548 | exploitx_refsource_EXPLOIT-DB |
Date Public
2007-10-20 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:39:13.519Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://lussumo.com/swell/168/Vanilla-114-Released/"
},
{
"name": "26145",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/26145"
},
{
"name": "ADV-2007-3571",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/3571"
},
{
"name": "27348",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27348"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://lussumo.com/community/discussion/7214/vanilla-113-new-remote-blind-sql-injection-exploit-/"
},
{
"name": "vanilla-categoryid-sql-injection(37345)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37345"
},
{
"name": "4548",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/4548"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-10-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in Lussumo Vanilla 1.1.3 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the CategoryID parameter to ajax/sortcategories.php or (2) an unspecified vector to ajax/sortroles.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://lussumo.com/swell/168/Vanilla-114-Released/"
},
{
"name": "26145",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/26145"
},
{
"name": "ADV-2007-3571",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/3571"
},
{
"name": "27348",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27348"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://lussumo.com/community/discussion/7214/vanilla-113-new-remote-blind-sql-injection-exploit-/"
},
{
"name": "vanilla-categoryid-sql-injection(37345)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37345"
},
{
"name": "4548",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/4548"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-5643",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in Lussumo Vanilla 1.1.3 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the CategoryID parameter to ajax/sortcategories.php or (2) an unspecified vector to ajax/sortroles.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://lussumo.com/swell/168/Vanilla-114-Released/",
"refsource": "CONFIRM",
"url": "http://lussumo.com/swell/168/Vanilla-114-Released/"
},
{
"name": "26145",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26145"
},
{
"name": "ADV-2007-3571",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/3571"
},
{
"name": "27348",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27348"
},
{
"name": "http://lussumo.com/community/discussion/7214/vanilla-113-new-remote-blind-sql-injection-exploit-/",
"refsource": "CONFIRM",
"url": "http://lussumo.com/community/discussion/7214/vanilla-113-new-remote-blind-sql-injection-exploit-/"
},
{
"name": "vanilla-categoryid-sql-injection(37345)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37345"
},
{
"name": "4548",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/4548"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-5643",
"datePublished": "2007-10-23T21:00:00.000Z",
"dateReserved": "2007-10-23T00:00:00.000Z",
"dateUpdated": "2024-08-07T15:39:13.519Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-3850 (GCVE-0-2006-3850)
Vulnerability from cvelistv5 – Published: 2006-07-25 23:00 – Updated: 2024-08-07 18:48 Disputed
VLAI
Summary
PHP remote file inclusion vulnerability in upgrader.php in Vanilla CMS 1.0.1 and earlier, when /conf/old_settings.php exists, allows remote attackers to execute arbitrary PHP code via a URL in the RootDirectory parameter. NOTE: this issue has been disputed by a third party who states that the RootDirectory parameter is initialized before being used, for version 1.0. CVE analysis concurs with the dispute, but it is unclear whether older versions are affected
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/archive/1/440938/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.attrition.org/pipermail/vim/2006-July/… | mailing-listx_refsource_VIM |
| http://www.attrition.org/pipermail/vim/2006-July/… | mailing-listx_refsource_VIM |
| http://www.securityfocus.com/archive/1/442450/100… | mailing-listx_refsource_BUGTRAQ |
| http://securitytracker.com/id?1016568 | vdb-entryx_refsource_SECTRACK |
| http://www.securityfocus.com/bid/19127 | vdb-entryx_refsource_BID |
| http://www.osvdb.org/28287 | vdb-entryx_refsource_OSVDB |
| http://securityreason.com/securityalert/1281 | third-party-advisoryx_refsource_SREASON |
Date Public
2006-07-23 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:48:39.257Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20060723 Vanilla CMS \u003c= 1.0.1 (RootDirectory) Remote file inclusion Vuln.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/440938/100/0/threaded"
},
{
"name": "20060724 Vanilla CMS",
"tags": [
"mailing-list",
"x_refsource_VIM",
"x_transferred"
],
"url": "http://www.attrition.org/pipermail/vim/2006-July/000937.html"
},
{
"name": "20060725 Vanilla CMS",
"tags": [
"mailing-list",
"x_refsource_VIM",
"x_transferred"
],
"url": "http://www.attrition.org/pipermail/vim/2006-July/000944.html"
},
{
"name": "20060805 Re: Vanilla CMS \u003c= 1.0.1 (RootDirectory) Remote file inclusion Vuln.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/442450/100/0/threaded"
},
{
"name": "1016568",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016568"
},
{
"name": "19127",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/19127"
},
{
"name": "28287",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/28287"
},
{
"name": "1281",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/1281"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-07-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "PHP remote file inclusion vulnerability in upgrader.php in Vanilla CMS 1.0.1 and earlier, when /conf/old_settings.php exists, allows remote attackers to execute arbitrary PHP code via a URL in the RootDirectory parameter. NOTE: this issue has been disputed by a third party who states that the RootDirectory parameter is initialized before being used, for version 1.0. CVE analysis concurs with the dispute, but it is unclear whether older versions are affected"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20060723 Vanilla CMS \u003c= 1.0.1 (RootDirectory) Remote file inclusion Vuln.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/440938/100/0/threaded"
},
{
"name": "20060724 Vanilla CMS",
"tags": [
"mailing-list",
"x_refsource_VIM"
],
"url": "http://www.attrition.org/pipermail/vim/2006-July/000937.html"
},
{
"name": "20060725 Vanilla CMS",
"tags": [
"mailing-list",
"x_refsource_VIM"
],
"url": "http://www.attrition.org/pipermail/vim/2006-July/000944.html"
},
{
"name": "20060805 Re: Vanilla CMS \u003c= 1.0.1 (RootDirectory) Remote file inclusion Vuln.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/442450/100/0/threaded"
},
{
"name": "1016568",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1016568"
},
{
"name": "19127",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/19127"
},
{
"name": "28287",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/28287"
},
{
"name": "1281",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/1281"
}
],
"tags": [
"disputed"
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3850",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** PHP remote file inclusion vulnerability in upgrader.php in Vanilla CMS 1.0.1 and earlier, when /conf/old_settings.php exists, allows remote attackers to execute arbitrary PHP code via a URL in the RootDirectory parameter. NOTE: this issue has been disputed by a third party who states that the RootDirectory parameter is initialized before being used, for version 1.0. CVE analysis concurs with the dispute, but it is unclear whether older versions are affected."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060723 Vanilla CMS \u003c= 1.0.1 (RootDirectory) Remote file inclusion Vuln.",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/440938/100/0/threaded"
},
{
"name": "20060724 Vanilla CMS",
"refsource": "VIM",
"url": "http://www.attrition.org/pipermail/vim/2006-July/000937.html"
},
{
"name": "20060725 Vanilla CMS",
"refsource": "VIM",
"url": "http://www.attrition.org/pipermail/vim/2006-July/000944.html"
},
{
"name": "20060805 Re: Vanilla CMS \u003c= 1.0.1 (RootDirectory) Remote file inclusion Vuln.",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/442450/100/0/threaded"
},
{
"name": "1016568",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016568"
},
{
"name": "19127",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19127"
},
{
"name": "28287",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/28287"
},
{
"name": "1281",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1281"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-3850",
"datePublished": "2006-07-25T23:00:00.000Z",
"dateReserved": "2006-07-25T00:00:00.000Z",
"dateUpdated": "2024-08-07T18:48:39.257Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}