{"vulnerability": "CVE-2010-1000", "sightings": [{"uuid": "e9b954ec-701d-44a6-9e0a-a7b2fa6c8ccb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2010-10006", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/10325", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2010-10006\n\ud83d\udd25 CVSS Score: 2.6 (cvssV3_1, Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N)\n\ud83d\udd39 Description: A vulnerability, which was classified as problematic, was found in michaelliao jopenid. Affected is the function getAuthentication of the file JOpenId/src/org/expressme/openid/OpenIdManager.java. The manipulation leads to observable timing discrepancy. The complexity of an attack is rather high. The exploitability is told to be difficult. Upgrading to version 1.08 is able to address this issue. The name of the patch is c9baaa976b684637f0d5a50268e91846a7a719ab. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-218460.\n\ud83d\udccf Published: 2023-01-17T23:58:07.307Z\n\ud83d\udccf Modified: 2025-04-03T19:25:38.582Z\n\ud83d\udd17 References:\n1. https://vuldb.com/?id.218460\n2. https://vuldb.com/?ctiid.218460\n3. https://github.com/michaelliao/jopenid/commit/c9baaa976b684637f0d5a50268e91846a7a719ab\n4. https://github.com/michaelliao/jopenid/releases/tag/JOpenId-1.08", "creation_timestamp": "2025-04-03T19:35:33.000000Z"}, {"uuid": "6ae72d5c-e734-474c-918a-1fa7dcfe8496", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2010-10001", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/11830", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2010-10001\n\ud83d\udd25 CVSS Score: 5.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\ud83d\udd39 Description: A vulnerability, which was classified as problematic, was found in Shemes GrabIt up to 1.7.2 Beta 4. This affects the component NZB Date Parser. The manipulation of the argument date with the input 1000000000000000 as part of a NZB File leads to a denial of service. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.\n\ud83d\udccf Published: 2022-03-28T20:45:50.000Z\n\ud83d\udccf Modified: 2025-04-15T14:45:09.752Z\n\ud83d\udd17 References:\n1. https://vuldb.com/?id.4143\n2. https://www.scip.ch/publikationen/advisories/scip_advisory-4143_shemes_grabbit_malicious_nzb_date_denial_of_service.txt\n3. http://seclists.org/bugtraq/2010/Jul/60", "creation_timestamp": "2025-04-15T14:55:13.000000Z"}, {"uuid": "1db46858-1f84-43cb-a42f-050bce48f511", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2010-10007", "type": "seen", "source": "https://t.me/cibsecurity/56663", "content": "\u203c CVE-2010-10007 \u203c\n\n** UNSUPPPORTED WHEN ASSIGNED **** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in lierdakil click-reminder. It has been rated as critical. This issue affects the function db_query of the file src/backend/include/BaseAction.php. The manipulation leads to sql injection. The name of the patch is 41213b660e8eb01b22c8074f06208f59a73ca8dc. It is recommended to apply a patch to fix this issue. The identifier VDB-218465 was assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-01-18T12:20:56.000000Z"}, {"uuid": "b994faad-fbf1-4241-a9bc-1c62ea493bb8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2010-10002", "type": "seen", "source": "https://t.me/cibsecurity/55729", "content": "\u203c CVE-2010-10002 \u203c\n\n** UNSUPPPORTED WHEN ASSIGNED **** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as problematic has been found in SimpleSAMLphp simplesamlphp-module-openid. Affected is an unknown function of the file templates/consumer.php of the component OpenID Handler. The manipulation of the argument AuthState leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 1.0 is able to address this issue. The name of the patch is d652d41ccaf8c45d5707e741c0c5d82a2365a9a3. It is recommended to upgrade the affected component. VDB-217170 is the identifier assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-01-01T20:15:47.000000Z"}, {"uuid": "67d243b1-423c-42cb-b0ca-8fd0d47e70cc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2010-10003", "type": "seen", "source": "https://t.me/cibsecurity/55857", "content": "\u203c CVE-2010-10003 \u203c\n\nA vulnerability classified as critical was found in gesellix titlelink. Affected by this vulnerability is an unknown functionality of the file plugin_content_title.php. The manipulation of the argument phrase leads to sql injection. The name of the patch is b4604e523853965fa981a4e79aef4b554a535db0. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217351.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-01-04T12:18:06.000000Z"}, {"uuid": "a1fea63c-7a12-4ae6-8acd-04bbb62d4ee2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2010-10001", "type": "seen", "source": "https://t.me/cibsecurity/39688", "content": "\u203c CVE-2010-10001 \u203c\n\nA vulnerability, which was classified as problematic, was found in Shemes GrabIt up to 1.7.2 Beta 4. This affects the component NZB Date Parser. The manipulation of the argument date with the input 1000000000000000 as part of a NZB File leads to a denial of service. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-29T00:40:42.000000Z"}]}