Search criteria
85 vulnerabilities
CVE-2025-12592 (GCVE-0-2025-12592)
Vulnerability from cvelistv5 – Published: 2025-11-19 12:30 – Updated: 2025-11-19 16:07
VLAI?
Summary
Legacy Vivotek Device firmware uses default credetials for the root and user login accounts.
Severity ?
CWE
- CWE-1392 - CWE-1392: Use of Default Credentials
Assigner
References
Impacted products
Credits
Larry W. Cashdollar
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-12592",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-19T16:07:31.532330Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-19T16:07:56.677Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://ftpmirror.your.org/pub/misc/ftp.vivotek.com/Firmware/",
"defaultStatus": "unaffected",
"modules": [
"Firmware"
],
"product": "Affected device model numbers are FD7131-VVTK,FD7131-VVTK,FD7131-VVTK,FD7141-VVTK,IP7131-VVTK,IP7133-VVTK,IP7133-VVTK,IP7133-VVTK,IP7134-VVTK,IP7135-VVTK,IP7135-VVTK,IP7135-VVTK,IP7135-VVTK,IP7137-VVTK,IP7137-VVTK,IP7137-VVTK,IP7137-VVTK,IP7137-VVTK,IP7137-VVTK,IP7138-VVTK,IP7142-VVTK,IP7142-VVTK,IP7151-VVTK,IP7152-VVTK,IP7153-VVTK,IP7153-VVTK,IP7154-VVTK,IP7330-VVTK,IP7330-VVTK,IP7330-VVTK,IP8131-VVTK,IP8131-VVTK,IP8131-VVTK,IP8131W-VVTK,PT7135-VVTK,PT7137-TCON,PT7137-VVTK,PT7137-VVTK,PT7137-VVTK,PT7137-VVTK,PZ7131-VVTK,PZ7131-VVTK,PZ71X1-VVTK,PZ71X1-VVTK,PZ71X2-VVTK,SD73X3-VVTK,SD73X3-VVTK,SD73X3-VVTK,TC5330-VVTK,TC5332-TCVV,TC5333-TCVV,TC5633-TCVV,TC5633-VVTK,VS7100-VVTK,VS7100-VVTK,VS7100-VVTK",
"vendor": "Vivotek",
"versions": [
{
"status": "affected",
"version": "0100b",
"versionType": "custom"
},
{
"status": "affected",
"version": "0100e"
},
{
"status": "affected",
"version": "0100e1"
},
{
"status": "affected",
"version": "0100e2"
},
{
"status": "affected",
"version": "0100f"
},
{
"status": "affected",
"version": "0100g"
},
{
"status": "affected",
"version": "0100i"
},
{
"status": "affected",
"version": "0101c"
},
{
"status": "affected",
"version": "0103c"
},
{
"status": "affected",
"version": "0199z"
},
{
"status": "affected",
"version": "0200a"
},
{
"status": "affected",
"version": "0200b"
},
{
"status": "affected",
"version": "0200c"
},
{
"status": "affected",
"version": "0200g"
},
{
"status": "affected",
"version": "0201a"
},
{
"status": "affected",
"version": "0201a1"
},
{
"status": "affected",
"version": "0201c"
},
{
"status": "affected",
"version": "0201k"
},
{
"status": "affected",
"version": "0202a"
},
{
"status": "affected",
"version": "0202b"
},
{
"status": "affected",
"version": "0203a"
},
{
"status": "affected",
"version": "0300a"
},
{
"status": "affected",
"version": "0300b"
},
{
"status": "affected",
"version": "0301b3"
},
{
"status": "affected",
"version": "0302a"
},
{
"status": "affected",
"version": "0302c"
},
{
"status": "affected",
"version": "0400a"
},
{
"status": "affected",
"version": "0400b"
},
{
"status": "affected",
"version": "0401a"
},
{
"status": "affected",
"version": "0500a"
},
{
"status": "affected",
"version": "0500b"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Larry W. Cashdollar"
}
],
"datePublic": "2025-11-02T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Legacy Vivotek Device firmware uses default credetials for the root and user login accounts."
}
],
"value": "Legacy Vivotek Device firmware uses default credetials for the root and user login accounts."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Public"
}
],
"value": "Public"
}
],
"impacts": [
{
"capecId": "CAPEC-70",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-70 Try Common or Default Usernames and Passwords"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "YES",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"exploitMaturity": "PROOF_OF_CONCEPT",
"privilegesRequired": "NONE",
"providerUrgency": "RED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:P/AU:Y/U:Red",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1392",
"description": "CWE-1392 CWE-1392: Use of Default Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-19T12:30:32.854Z",
"orgId": "461b2335-328f-427d-ae3d-eff7d6814455",
"shortName": "larry_cashdollar"
},
"references": [
{
"url": "https://www.akamai.com/blog/security-research/rce-zero-day-in-legacy-vivotek-firmware"
},
{
"url": "http://www.vapidlabs.com/advisory.php?v=219"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Use of default login credentials in Legacy Vivotek Devices",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "461b2335-328f-427d-ae3d-eff7d6814455",
"assignerShortName": "larry_cashdollar",
"cveId": "CVE-2025-12592",
"datePublished": "2025-11-19T12:30:32.854Z",
"dateReserved": "2025-11-01T12:15:08.915Z",
"dateUpdated": "2025-11-19T16:07:56.677Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-40721 (GCVE-0-2022-40721)
Vulnerability from cvelistv5 – Published: 2022-10-03 14:53 – Updated: 2024-08-03 12:21
VLAI?
Summary
Arbitrary file upload vulnerability in php uploader
Severity ?
No CVSS data available.
CWE
- Arbitrary file upload
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | CreativeDream file uploader |
Affected:
v0.3
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:21:46.741Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/CreativeDream/php-uploader/issues/23%2C"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.vapidlabs.com/advisory.php?v=216"
},
{
"name": "[oss-security] 20221003 CreativeDream software arbitrary file upload",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/10/03/3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CreativeDream file uploader",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "v0.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Arbitrary file upload vulnerability in php uploader"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Arbitrary file upload",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-03T17:06:09",
"orgId": "461b2335-328f-427d-ae3d-eff7d6814455",
"shortName": "larry_cashdollar"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/CreativeDream/php-uploader/issues/23%2C"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.vapidlabs.com/advisory.php?v=216"
},
{
"name": "[oss-security] 20221003 CreativeDream software arbitrary file upload",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2022/10/03/3"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "larry0@me.com",
"ID": "CVE-2022-40721",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CreativeDream file uploader",
"version": {
"version_data": [
{
"version_value": "v0.3"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Arbitrary file upload vulnerability in php uploader"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Arbitrary file upload"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/CreativeDream/php-uploader/issues/23,",
"refsource": "MISC",
"url": "https://github.com/CreativeDream/php-uploader/issues/23,"
},
{
"name": "http://www.vapidlabs.com/advisory.php?v=216",
"refsource": "MISC",
"url": "http://www.vapidlabs.com/advisory.php?v=216"
},
{
"name": "[oss-security] 20221003 CreativeDream software arbitrary file upload",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2022/10/03/3"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "461b2335-328f-427d-ae3d-eff7d6814455",
"assignerShortName": "larry_cashdollar",
"cveId": "CVE-2022-40721",
"datePublished": "2022-10-03T14:53:48",
"dateReserved": "2022-09-14T00:00:00",
"dateUpdated": "2024-08-03T12:21:46.741Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-8521 (GCVE-0-2020-8521)
Vulnerability from cvelistv5 – Published: 2020-07-07 19:20 – Updated: 2024-08-04 10:03
VLAI?
Summary
SQL injection with start and length parameters in Records.php for phpzag live add edit delete data tables records with ajax php mysql
Severity ?
No CVSS data available.
CWE
- SQL Injection in search field of phpzag live add edit delete data tables records with ajax php mysql
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| phpzag | phpzag live add edit delete data tables records with ajax php mysql |
Affected:
1.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:03:45.850Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.vapidlabs.com/advisory.php?v=213"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.phpzag.com/live-add-edit-delete-datatables-records-with-ajax-php-mysql/"
},
{
"name": "[oss-security] 20200709 SQL Injection in search field of phpzag live add edit delete data tables records with ajax php mysql",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2020/07/09/1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "phpzag live add edit delete data tables records with ajax php mysql",
"vendor": "phpzag",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"dateAssigned": "2020-05-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection with start and length parameters in Records.php for phpzag live add edit delete data tables records with ajax php mysql"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "SQL Injection in search field of phpzag live add edit delete data tables records with ajax php mysql",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-09T14:06:19",
"orgId": "461b2335-328f-427d-ae3d-eff7d6814455",
"shortName": "larry_cashdollar"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.vapidlabs.com/advisory.php?v=213"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.phpzag.com/live-add-edit-delete-datatables-records-with-ajax-php-mysql/"
},
{
"name": "[oss-security] 20200709 SQL Injection in search field of phpzag live add edit delete data tables records with ajax php mysql",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2020/07/09/1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "larry0@me.com",
"DATE_ASSIGNED": "2020-05-19",
"ID": "CVE-2020-8521",
"REQUESTER": "larry0@me.com",
"STATE": "PUBLIC",
"UPDATED": "2018-04-08T13:21Z"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "phpzag live add edit delete data tables records with ajax php mysql",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.0"
}
]
}
}
]
},
"vendor_name": "phpzag"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection with start and length parameters in Records.php for phpzag live add edit delete data tables records with ajax php mysql"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "SQL Injection in search field of phpzag live add edit delete data tables records with ajax php mysql"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.vapidlabs.com/advisory.php?v=213",
"refsource": "MISC",
"url": "http://www.vapidlabs.com/advisory.php?v=213"
},
{
"name": "https://www.phpzag.com/live-add-edit-delete-datatables-records-with-ajax-php-mysql/",
"refsource": "MISC",
"url": "https://www.phpzag.com/live-add-edit-delete-datatables-records-with-ajax-php-mysql/"
},
{
"name": "[oss-security] 20200709 SQL Injection in search field of phpzag live add edit delete data tables records with ajax php mysql",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2020/07/09/1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "461b2335-328f-427d-ae3d-eff7d6814455",
"assignerShortName": "larry_cashdollar",
"cveId": "CVE-2020-8521",
"datePublished": "2020-07-07T19:20:21",
"dateReserved": "2020-02-03T00:00:00",
"dateUpdated": "2024-08-04T10:03:45.850Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-8519 (GCVE-0-2020-8519)
Vulnerability from cvelistv5 – Published: 2020-07-07 19:20 – Updated: 2024-08-04 10:03
VLAI?
Summary
SQL injection with the search parameter in Records.php for phpzag live add edit delete data tables records with ajax php mysql
Severity ?
No CVSS data available.
CWE
- SQL Injection
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| phpzag | phpzag live add edit delete data tables records with ajax php mysql |
Affected:
1.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:03:46.105Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.vapidlabs.com/advisory.php?v=213"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.phpzag.com/live-add-edit-delete-datatables-records-with-ajax-php-mysql/"
},
{
"name": "[oss-security] 20200709 SQL Injection in search field of phpzag live add edit delete data tables records with ajax php mysql",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2020/07/09/1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "phpzag live add edit delete data tables records with ajax php mysql",
"vendor": "phpzag",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"dateAssigned": "2020-05-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection with the search parameter in Records.php for phpzag live add edit delete data tables records with ajax php mysql"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "SQL Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-09T14:06:18",
"orgId": "461b2335-328f-427d-ae3d-eff7d6814455",
"shortName": "larry_cashdollar"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.vapidlabs.com/advisory.php?v=213"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.phpzag.com/live-add-edit-delete-datatables-records-with-ajax-php-mysql/"
},
{
"name": "[oss-security] 20200709 SQL Injection in search field of phpzag live add edit delete data tables records with ajax php mysql",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2020/07/09/1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "larry0@me.com",
"DATE_ASSIGNED": "2020-05-19",
"ID": "CVE-2020-8519",
"REQUESTER": "larry0@me.com",
"STATE": "PUBLIC",
"UPDATED": "2018-04-08T13:21Z"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "phpzag live add edit delete data tables records with ajax php mysql",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.0"
}
]
}
}
]
},
"vendor_name": "phpzag"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection with the search parameter in Records.php for phpzag live add edit delete data tables records with ajax php mysql"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "SQL Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.vapidlabs.com/advisory.php?v=213",
"refsource": "MISC",
"url": "http://www.vapidlabs.com/advisory.php?v=213"
},
{
"name": "https://www.phpzag.com/live-add-edit-delete-datatables-records-with-ajax-php-mysql/",
"refsource": "MISC",
"url": "https://www.phpzag.com/live-add-edit-delete-datatables-records-with-ajax-php-mysql/"
},
{
"name": "[oss-security] 20200709 SQL Injection in search field of phpzag live add edit delete data tables records with ajax php mysql",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2020/07/09/1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "461b2335-328f-427d-ae3d-eff7d6814455",
"assignerShortName": "larry_cashdollar",
"cveId": "CVE-2020-8519",
"datePublished": "2020-07-07T19:20:20",
"dateReserved": "2020-02-03T00:00:00",
"dateUpdated": "2024-08-04T10:03:46.105Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-8520 (GCVE-0-2020-8520)
Vulnerability from cvelistv5 – Published: 2020-07-07 19:20 – Updated: 2024-08-04 10:03
VLAI?
Summary
SQL injection in order and column parameters in Records.php for phpzag live add edit delete data tables records with ajax php mysql
Severity ?
No CVSS data available.
CWE
- SQL Injection in search field of phpzag live add edit delete data tables records with ajax php mysql
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| phpzag | phpzag live add edit delete data tables records with ajax php mysql |
Affected:
1.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:03:46.177Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.vapidlabs.com/advisory.php?v=213"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.phpzag.com/live-add-edit-delete-datatables-records-with-ajax-php-mysql/"
},
{
"name": "[oss-security] 20200709 SQL Injection in search field of phpzag live add edit delete data tables records with ajax php mysql",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2020/07/09/1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "phpzag live add edit delete data tables records with ajax php mysql",
"vendor": "phpzag",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"dateAssigned": "2020-05-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection in order and column parameters in Records.php for phpzag live add edit delete data tables records with ajax php mysql"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "SQL Injection in search field of phpzag live add edit delete data tables records with ajax php mysql",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-09T14:06:20",
"orgId": "461b2335-328f-427d-ae3d-eff7d6814455",
"shortName": "larry_cashdollar"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.vapidlabs.com/advisory.php?v=213"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.phpzag.com/live-add-edit-delete-datatables-records-with-ajax-php-mysql/"
},
{
"name": "[oss-security] 20200709 SQL Injection in search field of phpzag live add edit delete data tables records with ajax php mysql",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2020/07/09/1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "larry0@me.com",
"DATE_ASSIGNED": "2020-05-19",
"ID": "CVE-2020-8520",
"REQUESTER": "larry0@me.com",
"STATE": "PUBLIC",
"UPDATED": "2018-04-08T13:21Z"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "phpzag live add edit delete data tables records with ajax php mysql",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.0"
}
]
}
}
]
},
"vendor_name": "phpzag"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection in order and column parameters in Records.php for phpzag live add edit delete data tables records with ajax php mysql"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "SQL Injection in search field of phpzag live add edit delete data tables records with ajax php mysql"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.vapidlabs.com/advisory.php?v=213",
"refsource": "MISC",
"url": "http://www.vapidlabs.com/advisory.php?v=213"
},
{
"name": "https://www.phpzag.com/live-add-edit-delete-datatables-records-with-ajax-php-mysql/",
"refsource": "MISC",
"url": "https://www.phpzag.com/live-add-edit-delete-datatables-records-with-ajax-php-mysql/"
},
{
"name": "[oss-security] 20200709 SQL Injection in search field of phpzag live add edit delete data tables records with ajax php mysql",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2020/07/09/1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "461b2335-328f-427d-ae3d-eff7d6814455",
"assignerShortName": "larry_cashdollar",
"cveId": "CVE-2020-8520",
"datePublished": "2020-07-07T19:20:20",
"dateReserved": "2020-02-03T00:00:00",
"dateUpdated": "2024-08-04T10:03:46.177Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-8293 (GCVE-0-2019-8293)
Vulnerability from cvelistv5 – Published: 2019-12-23 21:45 – Updated: 2024-08-04 21:17
VLAI?
Summary
Due to a logic error in the code, upload-image-with-ajax v1.0 allows arbitrary files to be uploaded to the web root allowing code execution.
Severity ?
No CVSS data available.
CWE
- Arbitrary File Upload
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | abcprintf upload-image-with-ajax |
Affected:
v1.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:17:30.524Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/abcprintf/upload-image-with-ajax/commit/71436ba5102010397519d4b25ea57591cfb4974c"
},
{
"name": "[oss-security] 20191223 Re: Arbitrary file upload vulnerability in upload-image-with-ajax v1.0",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2019/12/23/2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "abcprintf upload-image-with-ajax",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "v1.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Due to a logic error in the code, upload-image-with-ajax v1.0 allows arbitrary files to be uploaded to the web root allowing code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Arbitrary File Upload",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-24T00:06:05",
"orgId": "461b2335-328f-427d-ae3d-eff7d6814455",
"shortName": "larry_cashdollar"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/abcprintf/upload-image-with-ajax/commit/71436ba5102010397519d4b25ea57591cfb4974c"
},
{
"name": "[oss-security] 20191223 Re: Arbitrary file upload vulnerability in upload-image-with-ajax v1.0",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2019/12/23/2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "larry0@me.com",
"ID": "CVE-2019-8293",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "abcprintf upload-image-with-ajax",
"version": {
"version_data": [
{
"version_value": "v1.0"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Due to a logic error in the code, upload-image-with-ajax v1.0 allows arbitrary files to be uploaded to the web root allowing code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Arbitrary File Upload"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/abcprintf/upload-image-with-ajax/commit/71436ba5102010397519d4b25ea57591cfb4974c",
"refsource": "MISC",
"url": "https://github.com/abcprintf/upload-image-with-ajax/commit/71436ba5102010397519d4b25ea57591cfb4974c"
},
{
"name": "[oss-security] 20191223 Re: Arbitrary file upload vulnerability in upload-image-with-ajax v1.0",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2019/12/23/2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "461b2335-328f-427d-ae3d-eff7d6814455",
"assignerShortName": "larry_cashdollar",
"cveId": "CVE-2019-8293",
"datePublished": "2019-12-23T21:45:08",
"dateReserved": "2019-02-12T00:00:00",
"dateUpdated": "2024-08-04T21:17:30.524Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-8290 (GCVE-0-2019-8290)
Vulnerability from cvelistv5 – Published: 2019-10-01 19:53 – Updated: 2024-08-04 21:17
VLAI?
Summary
Vulnerability in Online Store v1.0, The registration form requirements for the member email format can be bypassed by posting directly to sent_register.php allowing special characters to be included and an XSS payload to be injected.
Severity ?
No CVSS data available.
CWE
- User input not sanitized in sent_register.php.
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| abcprintf | Online Store |
Affected:
unspecified , ≤ 1.0
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:17:30.470Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.vapidlabs.com/advisory.php?v=210"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.abcprintf.com/view_download.php?id=17"
},
{
"name": "[oss-security] 20191002 Multiple vulnerabilities in Online store system v1.0 Stored XSS and unauthenticated product deletions.",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2019/10/02/1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Online Store",
"vendor": "abcprintf",
"versions": [
{
"lessThanOrEqual": "1.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"dateAssigned": "2019-09-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in Online Store v1.0, The registration form requirements for the member email format can be bypassed by posting directly to sent_register.php allowing special characters to be included and an XSS payload to be injected."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "User input not sanitized in sent_register.php.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-02T14:06:02",
"orgId": "461b2335-328f-427d-ae3d-eff7d6814455",
"shortName": "larry_cashdollar"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.vapidlabs.com/advisory.php?v=210"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.abcprintf.com/view_download.php?id=17"
},
{
"name": "[oss-security] 20191002 Multiple vulnerabilities in Online store system v1.0 Stored XSS and unauthenticated product deletions.",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2019/10/02/1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "larry0@me.com",
"DATE_ASSIGNED": "2019-09-18",
"ID": "CVE-2019-8290",
"REQUESTER": "cve-request@mitre.org",
"STATE": "PUBLIC",
"UPDATED": "2019-09-11T12:11Z"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Online Store",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "1.0"
}
]
}
}
]
},
"vendor_name": "abcprintf"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in Online Store v1.0, The registration form requirements for the member email format can be bypassed by posting directly to sent_register.php allowing special characters to be included and an XSS payload to be injected."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "User input not sanitized in sent_register.php."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.vapidlabs.com/advisory.php?v=210",
"refsource": "MISC",
"url": "http://www.vapidlabs.com/advisory.php?v=210"
},
{
"name": "https://www.abcprintf.com/view_download.php?id=17",
"refsource": "MISC",
"url": "https://www.abcprintf.com/view_download.php?id=17"
},
{
"name": "[oss-security] 20191002 Multiple vulnerabilities in Online store system v1.0 Stored XSS and unauthenticated product deletions.",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2019/10/02/1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "461b2335-328f-427d-ae3d-eff7d6814455",
"assignerShortName": "larry_cashdollar",
"cveId": "CVE-2019-8290",
"datePublished": "2019-10-01T19:53:28",
"dateReserved": "2019-02-12T00:00:00",
"dateUpdated": "2024-08-04T21:17:30.470Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-8288 (GCVE-0-2019-8288)
Vulnerability from cvelistv5 – Published: 2019-10-01 19:53 – Updated: 2024-08-04 21:17
VLAI?
Summary
Vulnerability in Online Store v1.0, Stored XSS in user_view.php where adidas_member_user variable is not sanitized.
Severity ?
No CVSS data available.
CWE
- Online store system v1.0 Stored XSS
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| abcprintf | Online Store |
Affected:
unspecified , ≤ 1.0
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:17:30.693Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.vapidlabs.com/advisory.php?v=210"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.abcprintf.com/view_download.php?id=17"
},
{
"name": "[oss-security] 20191002 Multiple vulnerabilities in Online store system v1.0 Stored XSS and unauthenticated product deletions.",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2019/10/02/1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Online Store",
"vendor": "abcprintf",
"versions": [
{
"lessThanOrEqual": "1.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"dateAssigned": "2019-09-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in Online Store v1.0, Stored XSS in user_view.php where adidas_member_user variable is not sanitized."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Online store system v1.0 Stored XSS",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-02T14:06:03",
"orgId": "461b2335-328f-427d-ae3d-eff7d6814455",
"shortName": "larry_cashdollar"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.vapidlabs.com/advisory.php?v=210"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.abcprintf.com/view_download.php?id=17"
},
{
"name": "[oss-security] 20191002 Multiple vulnerabilities in Online store system v1.0 Stored XSS and unauthenticated product deletions.",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2019/10/02/1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "larry0@me.com",
"DATE_ASSIGNED": "2019-09-18",
"ID": "CVE-2019-8288",
"REQUESTER": "cve-request@mitre.org",
"STATE": "PUBLIC",
"UPDATED": "2019-09-11T12:11Z"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Online Store",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "1.0"
}
]
}
}
]
},
"vendor_name": "abcprintf"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in Online Store v1.0, Stored XSS in user_view.php where adidas_member_user variable is not sanitized."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Online store system v1.0 Stored XSS"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.vapidlabs.com/advisory.php?v=210",
"refsource": "MISC",
"url": "http://www.vapidlabs.com/advisory.php?v=210"
},
{
"name": "https://www.abcprintf.com/view_download.php?id=17",
"refsource": "MISC",
"url": "https://www.abcprintf.com/view_download.php?id=17"
},
{
"name": "[oss-security] 20191002 Multiple vulnerabilities in Online store system v1.0 Stored XSS and unauthenticated product deletions.",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2019/10/02/1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "461b2335-328f-427d-ae3d-eff7d6814455",
"assignerShortName": "larry_cashdollar",
"cveId": "CVE-2019-8288",
"datePublished": "2019-10-01T19:53:28",
"dateReserved": "2019-02-12T00:00:00",
"dateUpdated": "2024-08-04T21:17:30.693Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-8292 (GCVE-0-2019-8292)
Vulnerability from cvelistv5 – Published: 2019-10-01 19:53 – Updated: 2024-08-04 21:17
VLAI?
Summary
Online Store System v1.0 delete_product.php doesn't check to see if a user authtenticated or has administrative rights allowing arbitrary product deletion.
Severity ?
No CVSS data available.
CWE
- unauthenticated arbitrary product deletions.
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| abcprintf | Online Store |
Affected:
unspecified , ≤ 1.0
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:17:30.505Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.vapidlabs.com/advisory.php?v=210"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.abcprintf.com/view_download.php?id=17"
},
{
"name": "[oss-security] 20191002 Multiple vulnerabilities in Online store system v1.0 Stored XSS and unauthenticated product deletions.",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2019/10/02/1"
},
{
"name": "[oss-security] 20191223 Arbitrary file upload vulnerability in upload-image-with-ajax v1.0",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2019/12/23/1"
},
{
"name": "[oss-security] 20191223 Re: Arbitrary file upload vulnerability in upload-image-with-ajax v1.0",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2019/12/23/2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Online Store",
"vendor": "abcprintf",
"versions": [
{
"lessThanOrEqual": "1.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"dateAssigned": "2019-09-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Online Store System v1.0 delete_product.php doesn\u0027t check to see if a user authtenticated or has administrative rights allowing arbitrary product deletion."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "unauthenticated arbitrary product deletions.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-24T00:06:04",
"orgId": "461b2335-328f-427d-ae3d-eff7d6814455",
"shortName": "larry_cashdollar"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.vapidlabs.com/advisory.php?v=210"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.abcprintf.com/view_download.php?id=17"
},
{
"name": "[oss-security] 20191002 Multiple vulnerabilities in Online store system v1.0 Stored XSS and unauthenticated product deletions.",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2019/10/02/1"
},
{
"name": "[oss-security] 20191223 Arbitrary file upload vulnerability in upload-image-with-ajax v1.0",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2019/12/23/1"
},
{
"name": "[oss-security] 20191223 Re: Arbitrary file upload vulnerability in upload-image-with-ajax v1.0",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2019/12/23/2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "larry0@me.com",
"DATE_ASSIGNED": "2019-09-18",
"ID": "CVE-2019-8292",
"REQUESTER": "cve-request@mitre.org",
"STATE": "PUBLIC",
"UPDATED": "2019-09-11T12:11Z"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Online Store",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "1.0"
}
]
}
}
]
},
"vendor_name": "abcprintf"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Online Store System v1.0 delete_product.php doesn\u0027t check to see if a user authtenticated or has administrative rights allowing arbitrary product deletion."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "unauthenticated arbitrary product deletions."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.vapidlabs.com/advisory.php?v=210",
"refsource": "MISC",
"url": "http://www.vapidlabs.com/advisory.php?v=210"
},
{
"name": "https://www.abcprintf.com/view_download.php?id=17",
"refsource": "MISC",
"url": "https://www.abcprintf.com/view_download.php?id=17"
},
{
"name": "[oss-security] 20191002 Multiple vulnerabilities in Online store system v1.0 Stored XSS and unauthenticated product deletions.",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2019/10/02/1"
},
{
"name": "[oss-security] 20191223 Arbitrary file upload vulnerability in upload-image-with-ajax v1.0",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2019/12/23/1"
},
{
"name": "[oss-security] 20191223 Re: Arbitrary file upload vulnerability in upload-image-with-ajax v1.0",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2019/12/23/2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "461b2335-328f-427d-ae3d-eff7d6814455",
"assignerShortName": "larry_cashdollar",
"cveId": "CVE-2019-8292",
"datePublished": "2019-10-01T19:53:28",
"dateReserved": "2019-02-12T00:00:00",
"dateUpdated": "2024-08-04T21:17:30.505Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-8289 (GCVE-0-2019-8289)
Vulnerability from cvelistv5 – Published: 2019-10-01 19:53 – Updated: 2024-08-04 21:17
VLAI?
Summary
Vulnerability in Online Store v1.0, stored XSS in admin/user_view.php adidas_member_email variable
Severity ?
No CVSS data available.
CWE
- Online store system v1.0 Stored XSS.
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| abcprintf | Online Store |
Affected:
unspecified , ≤ 1.0
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:17:31.149Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.vapidlabs.com/advisory.php?v=210"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.abcprintf.com/view_download.php?id=17"
},
{
"name": "[oss-security] 20191002 Multiple vulnerabilities in Online store system v1.0 Stored XSS and unauthenticated product deletions.",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2019/10/02/1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Online Store",
"vendor": "abcprintf",
"versions": [
{
"lessThanOrEqual": "1.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"dateAssigned": "2019-09-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in Online Store v1.0, stored XSS in admin/user_view.php adidas_member_email variable"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Online store system v1.0 Stored XSS.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-02T14:06:05",
"orgId": "461b2335-328f-427d-ae3d-eff7d6814455",
"shortName": "larry_cashdollar"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.vapidlabs.com/advisory.php?v=210"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.abcprintf.com/view_download.php?id=17"
},
{
"name": "[oss-security] 20191002 Multiple vulnerabilities in Online store system v1.0 Stored XSS and unauthenticated product deletions.",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2019/10/02/1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "larry0@me.com",
"DATE_ASSIGNED": "2019-09-18",
"ID": "CVE-2019-8289",
"REQUESTER": "cve-request@mitre.org",
"STATE": "PUBLIC",
"UPDATED": "2019-09-11T12:11Z"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Online Store",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "1.0"
}
]
}
}
]
},
"vendor_name": "abcprintf"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in Online Store v1.0, stored XSS in admin/user_view.php adidas_member_email variable"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Online store system v1.0 Stored XSS."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.vapidlabs.com/advisory.php?v=210",
"refsource": "MISC",
"url": "http://www.vapidlabs.com/advisory.php?v=210"
},
{
"name": "https://www.abcprintf.com/view_download.php?id=17",
"refsource": "MISC",
"url": "https://www.abcprintf.com/view_download.php?id=17"
},
{
"name": "[oss-security] 20191002 Multiple vulnerabilities in Online store system v1.0 Stored XSS and unauthenticated product deletions.",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2019/10/02/1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "461b2335-328f-427d-ae3d-eff7d6814455",
"assignerShortName": "larry_cashdollar",
"cveId": "CVE-2019-8289",
"datePublished": "2019-10-01T19:53:28",
"dateReserved": "2019-02-12T00:00:00",
"dateUpdated": "2024-08-04T21:17:31.149Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-8291 (GCVE-0-2019-8291)
Vulnerability from cvelistv5 – Published: 2019-10-01 19:53 – Updated: 2024-08-04 21:17
VLAI?
Summary
Online Store System v1.0 delete_file.php doesn't check to see if a user has administrative rights nor does it check for path traversal.
Severity ?
No CVSS data available.
CWE
- unauthenticated arbitrary file deletions via path traversal
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| abcprintf | Online Store |
Affected:
unspecified , ≤ 1.0
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:17:31.357Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.vapidlabs.com/advisory.php?v=210"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.abcprintf.com/view_download.php?id=17"
},
{
"name": "[oss-security] 20191002 Multiple vulnerabilities in Online store system v1.0 Stored XSS and unauthenticated product deletions.",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2019/10/02/1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Online Store",
"vendor": "abcprintf",
"versions": [
{
"lessThanOrEqual": "1.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"dateAssigned": "2019-09-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Online Store System v1.0 delete_file.php doesn\u0027t check to see if a user has administrative rights nor does it check for path traversal."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "unauthenticated arbitrary file deletions via path traversal",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-02T14:06:04",
"orgId": "461b2335-328f-427d-ae3d-eff7d6814455",
"shortName": "larry_cashdollar"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.vapidlabs.com/advisory.php?v=210"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.abcprintf.com/view_download.php?id=17"
},
{
"name": "[oss-security] 20191002 Multiple vulnerabilities in Online store system v1.0 Stored XSS and unauthenticated product deletions.",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2019/10/02/1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "larry0@me.com",
"DATE_ASSIGNED": "2019-09-18",
"ID": "CVE-2019-8291",
"REQUESTER": "cve-request@mitre.org",
"STATE": "PUBLIC",
"UPDATED": "2019-09-11T12:11Z"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Online Store",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "1.0"
}
]
}
}
]
},
"vendor_name": "abcprintf"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Online Store System v1.0 delete_file.php doesn\u0027t check to see if a user has administrative rights nor does it check for path traversal."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "unauthenticated arbitrary file deletions via path traversal"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.vapidlabs.com/advisory.php?v=210",
"refsource": "MISC",
"url": "http://www.vapidlabs.com/advisory.php?v=210"
},
{
"name": "https://www.abcprintf.com/view_download.php?id=17",
"refsource": "MISC",
"url": "https://www.abcprintf.com/view_download.php?id=17"
},
{
"name": "[oss-security] 20191002 Multiple vulnerabilities in Online store system v1.0 Stored XSS and unauthenticated product deletions.",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2019/10/02/1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "461b2335-328f-427d-ae3d-eff7d6814455",
"assignerShortName": "larry_cashdollar",
"cveId": "CVE-2019-8291",
"datePublished": "2019-10-01T19:53:28",
"dateReserved": "2019-02-12T00:00:00",
"dateUpdated": "2024-08-04T21:17:31.357Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-5654 (GCVE-0-2013-5654)
Vulnerability from cvelistv5 – Published: 2019-02-15 21:00 – Updated: 2024-08-06 17:15
VLAI?
Summary
Vulnerability in YingZhi Python Programming Language v1.9 allows arbitrary anonymous uploads to the phone's storage
Severity ?
No CVSS data available.
CWE
- Arbitrary file upload vulnerability in YingZhi Python Programming Language for iOS
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| YingZhi | YingZhi Python Programming Language |
Affected:
unspecified , ≤ 1.9
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:15:21.442Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.vapidlabs.com/advisory.php?v=94"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.iphoneappstorm.com/iphone-apps/utilities/com.yingzhi.python/yingzhipython.php?id=493505744"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "YingZhi Python Programming Language",
"vendor": "YingZhi",
"versions": [
{
"lessThanOrEqual": "1.9",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"dateAssigned": "2014-05-14T00:00:00",
"datePublic": "2019-02-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in YingZhi Python Programming Language v1.9 allows arbitrary anonymous uploads to the phone\u0027s storage"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Arbitrary file upload vulnerability in YingZhi Python Programming Language for iOS",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-02-15T20:57:01",
"orgId": "461b2335-328f-427d-ae3d-eff7d6814455",
"shortName": "larry_cashdollar"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.vapidlabs.com/advisory.php?v=94"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.iphoneappstorm.com/iphone-apps/utilities/com.yingzhi.python/yingzhipython.php?id=493505744"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "larry0@me.com",
"DATE_ASSIGNED": "2014-05-14",
"ID": "CVE-2013-5654",
"REQUESTER": "cve-assign@mitre.org",
"STATE": "PUBLIC",
"UPDATED": "2019-02-13T14:41Z"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "YingZhi Python Programming Language",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "1.9"
}
]
}
}
]
},
"vendor_name": "YingZhi"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in YingZhi Python Programming Language v1.9 allows arbitrary anonymous uploads to the phone\u0027s storage"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Arbitrary file upload vulnerability in YingZhi Python Programming Language for iOS"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.vapidlabs.com/advisory.php?v=94",
"refsource": "MISC",
"url": "http://www.vapidlabs.com/advisory.php?v=94"
},
{
"name": "http://www.iphoneappstorm.com/iphone-apps/utilities/com.yingzhi.python/yingzhipython.php?id=493505744",
"refsource": "MISC",
"url": "http://www.iphoneappstorm.com/iphone-apps/utilities/com.yingzhi.python/yingzhipython.php?id=493505744"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "461b2335-328f-427d-ae3d-eff7d6814455",
"assignerShortName": "larry_cashdollar",
"cveId": "CVE-2013-5654",
"datePublished": "2019-02-15T21:00:00",
"dateReserved": "2013-08-30T00:00:00",
"dateUpdated": "2024-08-06T17:15:21.442Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-4617 (GCVE-0-2015-4617)
Vulnerability from cvelistv5 – Published: 2019-02-15 21:00 – Updated: 2024-08-06 06:18
VLAI?
Summary
Vulnerability in Easy2map-photos WordPress Plugin v1.09 MapPinImageUpload.php and MapPinIconSave.php allows path traversal when specifying file names creating files outside of the upload directory.
Severity ?
No CVSS data available.
CWE
- Path traversal in easy2map-photos wordpress plugin v1.09
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Steven Ellis | Easy2map-photos WordPress Plugin |
Affected:
1.09
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:18:12.017Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wordpress.org/plugins/easy2map-photos"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.vapidlabs.com/advisory.php?v=130"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Easy2map-photos WordPress Plugin",
"vendor": "Steven Ellis",
"versions": [
{
"status": "affected",
"version": "1.09"
}
]
}
],
"dateAssigned": "2015-06-08T00:00:00",
"datePublic": "2019-02-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in Easy2map-photos WordPress Plugin v1.09 MapPinImageUpload.php and MapPinIconSave.php allows path traversal when specifying file names creating files outside of the upload directory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Path traversal in easy2map-photos wordpress plugin v1.09",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-02-15T20:57:01",
"orgId": "461b2335-328f-427d-ae3d-eff7d6814455",
"shortName": "larry_cashdollar"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wordpress.org/plugins/easy2map-photos"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.vapidlabs.com/advisory.php?v=130"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "larry0@me.com",
"DATE_ASSIGNED": "2015-06-08",
"ID": "CVE-2015-4617",
"REQUESTER": "cve-assign@mitre.org",
"STATE": "PUBLIC",
"UPDATED": "2019-02-13T10:41Z"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Easy2map-photos WordPress Plugin",
"version": {
"version_data": [
{
"version_affected": "1.09",
"version_value": "1.09"
}
]
}
}
]
},
"vendor_name": "Steven Ellis"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in Easy2map-photos WordPress Plugin v1.09 MapPinImageUpload.php and MapPinIconSave.php allows path traversal when specifying file names creating files outside of the upload directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Path traversal in easy2map-photos wordpress plugin v1.09"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wordpress.org/plugins/easy2map-photos",
"refsource": "MISC",
"url": "https://wordpress.org/plugins/easy2map-photos"
},
{
"name": "http://www.vapidlabs.com/advisory.php?v=130",
"refsource": "MISC",
"url": "http://www.vapidlabs.com/advisory.php?v=130"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "461b2335-328f-427d-ae3d-eff7d6814455",
"assignerShortName": "larry_cashdollar",
"cveId": "CVE-2015-4617",
"datePublished": "2019-02-15T21:00:00",
"dateReserved": "2015-06-16T00:00:00",
"dateUpdated": "2024-08-06T06:18:12.017Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-4615 (GCVE-0-2015-4615)
Vulnerability from cvelistv5 – Published: 2019-02-15 21:00 – Updated: 2024-08-06 06:18
VLAI?
Summary
Vulnerability in Easy2map-photos WordPress Plugin v1.09 allows SQL Injection via unsanitized mapTemplateName, mapName, mapSettingsXML, parentCSSXML, photoCSSXML, mapCSSXML, mapHTML,mapID variables
Severity ?
No CVSS data available.
CWE
- SQL Injection in easy2map-photos wordpress plugin v1.09
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Steven Ellis | Easy2map-photos WordPress Plugin |
Affected:
1.09
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:18:12.219Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.vapid.dhs.org/advisory.php?v=130"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wordpress.org/plugins/easy2map-photos"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Easy2map-photos WordPress Plugin",
"vendor": "Steven Ellis",
"versions": [
{
"status": "affected",
"version": "1.09"
}
]
}
],
"dateAssigned": "2015-06-08T00:00:00",
"datePublic": "2019-02-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in Easy2map-photos WordPress Plugin v1.09 allows SQL Injection via unsanitized mapTemplateName, mapName, mapSettingsXML, parentCSSXML, photoCSSXML, mapCSSXML, mapHTML,mapID variables"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "SQL Injection in easy2map-photos wordpress plugin v1.09",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-02-15T20:57:01",
"orgId": "461b2335-328f-427d-ae3d-eff7d6814455",
"shortName": "larry_cashdollar"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.vapid.dhs.org/advisory.php?v=130"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wordpress.org/plugins/easy2map-photos"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "larry0@me.com",
"DATE_ASSIGNED": "2015-06-08",
"ID": "CVE-2015-4615",
"REQUESTER": "cve-assign@mitre.org",
"STATE": "PUBLIC",
"UPDATED": "2019-02-13T10:41Z"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Easy2map-photos WordPress Plugin",
"version": {
"version_data": [
{
"version_affected": "1.09",
"version_value": "1.09"
}
]
}
}
]
},
"vendor_name": "Steven Ellis"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in Easy2map-photos WordPress Plugin v1.09 allows SQL Injection via unsanitized mapTemplateName, mapName, mapSettingsXML, parentCSSXML, photoCSSXML, mapCSSXML, mapHTML,mapID variables"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "SQL Injection in easy2map-photos wordpress plugin v1.09"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.vapid.dhs.org/advisory.php?v=130",
"refsource": "MISC",
"url": "http://www.vapid.dhs.org/advisory.php?v=130"
},
{
"name": "https://wordpress.org/plugins/easy2map-photos",
"refsource": "MISC",
"url": "https://wordpress.org/plugins/easy2map-photos"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "461b2335-328f-427d-ae3d-eff7d6814455",
"assignerShortName": "larry_cashdollar",
"cveId": "CVE-2015-4615",
"datePublished": "2019-02-15T21:00:00",
"dateReserved": "2015-06-16T00:00:00",
"dateUpdated": "2024-08-06T06:18:12.219Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-2516 (GCVE-0-2013-2516)
Vulnerability from cvelistv5 – Published: 2019-02-15 21:00 – Updated: 2024-08-06 15:44
VLAI?
Summary
Vulnerability in FileUtils v0.7, Ruby Gem Fileutils <= v0.7 Command Injection vulnerability in user supplied url variable that is passed to the shell.
Severity ?
No CVSS data available.
CWE
- Fileutils 0.7 Ruby Gem remote command execution and insecure file handling in /tmp
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Stefaan Colman | FileUtils |
Affected:
unspecified , ≤ 0.7
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:44:31.990Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.vapidlabs.com/advisory.php?v=36"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://rubygems.org/gems/fileutils"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "FileUtils",
"vendor": "Stefaan Colman",
"versions": [
{
"lessThanOrEqual": "0.7",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"dateAssigned": "2013-02-24T00:00:00",
"datePublic": "2019-02-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in FileUtils v0.7, Ruby Gem Fileutils \u003c= v0.7 Command Injection vulnerability in user supplied url variable that is passed to the shell."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Fileutils 0.7 Ruby Gem remote command execution and insecure file handling in /tmp",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-02-15T20:57:01",
"orgId": "461b2335-328f-427d-ae3d-eff7d6814455",
"shortName": "larry_cashdollar"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.vapidlabs.com/advisory.php?v=36"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://rubygems.org/gems/fileutils"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "larry0@me.com",
"DATE_ASSIGNED": "2013-02-24",
"ID": "CVE-2013-2516",
"REQUESTER": "cve-assign@mtire.org",
"STATE": "PUBLIC",
"UPDATED": "2019-02-12T11:31Z"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "FileUtils",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "0.7"
}
]
}
}
]
},
"vendor_name": "Stefaan Colman"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in FileUtils v0.7, Ruby Gem Fileutils \u003c= v0.7 Command Injection vulnerability in user supplied url variable that is passed to the shell."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Fileutils 0.7 Ruby Gem remote command execution and insecure file handling in /tmp"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.vapidlabs.com/advisory.php?v=36",
"refsource": "MISC",
"url": "http://www.vapidlabs.com/advisory.php?v=36"
},
{
"name": "http://rubygems.org/gems/fileutils",
"refsource": "MISC",
"url": "http://rubygems.org/gems/fileutils"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "461b2335-328f-427d-ae3d-eff7d6814455",
"assignerShortName": "larry_cashdollar",
"cveId": "CVE-2013-2516",
"datePublished": "2019-02-15T21:00:00",
"dateReserved": "2013-03-08T00:00:00",
"dateUpdated": "2024-08-06T15:44:31.990Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-2565 (GCVE-0-2013-2565)
Vulnerability from cvelistv5 – Published: 2019-02-15 21:00 – Updated: 2024-08-06 15:44
VLAI?
Summary
A vulnerability in Mambo CMS v4.6.5 where the scripts thumbs.php, editorFrame.php, editor.php, images.php, manager.php discloses the root path of the webserver.
Severity ?
No CVSS data available.
CWE
- Mambo CMS vulnerabilities
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:44:32.128Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://sourceforge.net/projects/mambo/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.vapidlabs.com/advisory.php?v=75"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Mambo CMS",
"vendor": "Mambo",
"versions": [
{
"lessThanOrEqual": "4.6.5",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"dateAssigned": "2012-01-02T00:00:00",
"datePublic": "2019-02-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in Mambo CMS v4.6.5 where the scripts thumbs.php, editorFrame.php, editor.php, images.php, manager.php discloses the root path of the webserver."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Mambo CMS vulnerabilities",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-02-15T20:57:01",
"orgId": "461b2335-328f-427d-ae3d-eff7d6814455",
"shortName": "larry_cashdollar"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://sourceforge.net/projects/mambo/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.vapidlabs.com/advisory.php?v=75"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "larry0@me.com",
"DATE_ASSIGNED": "2012-01-02",
"ID": "CVE-2013-2565",
"REQUESTER": "cve-assign@mitre.org",
"STATE": "PUBLIC",
"UPDATED": "2019-02-11T10:41Z"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Mambo CMS",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "4.6.5"
}
]
}
}
]
},
"vendor_name": "Mambo"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in Mambo CMS v4.6.5 where the scripts thumbs.php, editorFrame.php, editor.php, images.php, manager.php discloses the root path of the webserver."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Mambo CMS vulnerabilities"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://sourceforge.net/projects/mambo/",
"refsource": "MISC",
"url": "http://sourceforge.net/projects/mambo/"
},
{
"name": "http://www.vapidlabs.com/advisory.php?v=75",
"refsource": "MISC",
"url": "http://www.vapidlabs.com/advisory.php?v=75"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "461b2335-328f-427d-ae3d-eff7d6814455",
"assignerShortName": "larry_cashdollar",
"cveId": "CVE-2013-2565",
"datePublished": "2019-02-15T21:00:00",
"dateReserved": "2013-03-13T00:00:00",
"dateUpdated": "2024-08-06T15:44:32.128Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-1002006 (GCVE-0-2018-1002006)
Vulnerability from cvelistv5 – Published: 2018-12-03 16:00 – Updated: 2024-08-05 12:47
VLAI?
Summary
These vulnerabilities require administrative privileges to exploit. There is an XSS vulnerability in integration-contact-form.html.php:14: via POST request variable classes
Severity ?
No CVSS data available.
CWE
- Blind SQL injection and multiple reflected XSS vulnerabilities in Wordpress Plugin Arigato Autoresponder and Newsletter v2.5.1.8
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Kiboko Labs https://calendarscripts.info/ | Arigato Autoresponder and Newsletter |
Affected:
unspecified , ≤ 2.5.1.8
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:47:57.494Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "45434",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/45434/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wordpress.org/plugins/bft-autoresponder/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.vapidlabs.com/advisory.php?v=203"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Arigato Autoresponder and Newsletter",
"vendor": "Kiboko Labs https://calendarscripts.info/",
"versions": [
{
"lessThanOrEqual": "2.5.1.8",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"dateAssigned": "2018-08-22T00:00:00",
"datePublic": "2018-12-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "These vulnerabilities require administrative privileges to exploit. There is an XSS vulnerability in integration-contact-form.html.php:14: via POST request variable classes"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Blind SQL injection and multiple reflected XSS vulnerabilities in Wordpress Plugin Arigato Autoresponder and Newsletter v2.5.1.8",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-12-04T10:57:01",
"orgId": "461b2335-328f-427d-ae3d-eff7d6814455",
"shortName": "larry_cashdollar"
},
"references": [
{
"name": "45434",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/45434/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wordpress.org/plugins/bft-autoresponder/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.vapidlabs.com/advisory.php?v=203"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "larry0@me.com",
"DATE_ASSIGNED": "2018-08-22",
"ID": "CVE-2018-1002006",
"REQUESTER": "kurt@seifried.org",
"STATE": "PUBLIC",
"UPDATED": "2017-08-10T14:41Z"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Arigato Autoresponder and Newsletter",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "2.5.1.8"
}
]
}
}
]
},
"vendor_name": "Kiboko Labs https://calendarscripts.info/"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "These vulnerabilities require administrative privileges to exploit. There is an XSS vulnerability in integration-contact-form.html.php:14: via POST request variable classes"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Blind SQL injection and multiple reflected XSS vulnerabilities in Wordpress Plugin Arigato Autoresponder and Newsletter v2.5.1.8"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "45434",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/45434/"
},
{
"name": "https://wordpress.org/plugins/bft-autoresponder/",
"refsource": "MISC",
"url": "https://wordpress.org/plugins/bft-autoresponder/"
},
{
"name": "http://www.vapidlabs.com/advisory.php?v=203",
"refsource": "MISC",
"url": "http://www.vapidlabs.com/advisory.php?v=203"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "461b2335-328f-427d-ae3d-eff7d6814455",
"assignerShortName": "larry_cashdollar",
"cveId": "CVE-2018-1002006",
"datePublished": "2018-12-03T16:00:00",
"dateReserved": "2018-12-03T00:00:00",
"dateUpdated": "2024-08-05T12:47:57.494Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-1002009 (GCVE-0-2018-1002009)
Vulnerability from cvelistv5 – Published: 2018-12-03 16:00 – Updated: 2024-08-05 12:47
VLAI?
Summary
There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit. There is an XSS vulnerability in unsubscribe.html.php:3: via GET reuqest to the email variable.
Severity ?
No CVSS data available.
CWE
- reflected XSS vulnerability in Wordpress Plugin Arigato Autoresponder and Newsletter v2.5.1.8
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Kiboko Labs https://calendarscripts.info/ | Arigato Autoresponder and Newsletter |
Affected:
unspecified , ≤ 2.5.1.8
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:47:57.451Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "45434",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/45434/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wordpress.org/plugins/bft-autoresponder/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.vapidlabs.com/advisory.php?v=203"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Arigato Autoresponder and Newsletter",
"vendor": "Kiboko Labs https://calendarscripts.info/",
"versions": [
{
"lessThanOrEqual": "2.5.1.8",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"dateAssigned": "2018-08-22T00:00:00",
"datePublic": "2018-12-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit. There is an XSS vulnerability in unsubscribe.html.php:3: via GET reuqest to the email variable."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "reflected XSS vulnerability in Wordpress Plugin Arigato Autoresponder and Newsletter v2.5.1.8",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-12-04T10:57:01",
"orgId": "461b2335-328f-427d-ae3d-eff7d6814455",
"shortName": "larry_cashdollar"
},
"references": [
{
"name": "45434",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/45434/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wordpress.org/plugins/bft-autoresponder/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.vapidlabs.com/advisory.php?v=203"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "larry0@me.com",
"DATE_ASSIGNED": "2018-08-22",
"ID": "CVE-2018-1002009",
"REQUESTER": "kurt@seifried.org",
"STATE": "PUBLIC",
"UPDATED": "2017-08-10T14:41Z"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Arigato Autoresponder and Newsletter",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "2.5.1.8"
}
]
}
}
]
},
"vendor_name": "Kiboko Labs https://calendarscripts.info/"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit. There is an XSS vulnerability in unsubscribe.html.php:3: via GET reuqest to the email variable."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "reflected XSS vulnerability in Wordpress Plugin Arigato Autoresponder and Newsletter v2.5.1.8"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "45434",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/45434/"
},
{
"name": "https://wordpress.org/plugins/bft-autoresponder/",
"refsource": "MISC",
"url": "https://wordpress.org/plugins/bft-autoresponder/"
},
{
"name": "http://www.vapidlabs.com/advisory.php?v=203",
"refsource": "MISC",
"url": "http://www.vapidlabs.com/advisory.php?v=203"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "461b2335-328f-427d-ae3d-eff7d6814455",
"assignerShortName": "larry_cashdollar",
"cveId": "CVE-2018-1002009",
"datePublished": "2018-12-03T16:00:00",
"dateReserved": "2018-12-03T00:00:00",
"dateUpdated": "2024-08-05T12:47:57.451Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-1002000 (GCVE-0-2018-1002000)
Vulnerability from cvelistv5 – Published: 2018-12-03 16:00 – Updated: 2024-08-05 12:47
VLAI?
Summary
There is blind SQL injection in WordPress Arigato Autoresponder and Newsletter v2.5.1.8 These vulnerabilities require administrative privileges to exploit. There is an exploitable blind SQL injection vulnerability via the del_ids variable by POST request.
Severity ?
No CVSS data available.
CWE
- Blind SQL injection in WordPress Plugin Arigato Autoresponder and Newsletter v2.5.1.8
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Kiboko Labs https://calendarscripts.info/ | Arigato Autoresponder and Newsletter |
Affected:
unspecified , ≤ 2.5.1.8
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:47:57.139Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "45434",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/45434/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wordpress.org/plugins/bft-autoresponder/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.vapidlabs.com/advisory.php?v=203"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Arigato Autoresponder and Newsletter",
"vendor": "Kiboko Labs https://calendarscripts.info/",
"versions": [
{
"lessThanOrEqual": "2.5.1.8",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"dateAssigned": "2018-08-22T00:00:00",
"datePublic": "2018-12-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "There is blind SQL injection in WordPress Arigato Autoresponder and Newsletter v2.5.1.8 These vulnerabilities require administrative privileges to exploit. There is an exploitable blind SQL injection vulnerability via the del_ids variable by POST request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Blind SQL injection in WordPress Plugin Arigato Autoresponder and Newsletter v2.5.1.8",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-12-04T10:57:01",
"orgId": "461b2335-328f-427d-ae3d-eff7d6814455",
"shortName": "larry_cashdollar"
},
"references": [
{
"name": "45434",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/45434/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wordpress.org/plugins/bft-autoresponder/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.vapidlabs.com/advisory.php?v=203"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "larry0@me.com",
"DATE_ASSIGNED": "2018-08-22",
"ID": "CVE-2018-1002000",
"REQUESTER": "kurt@seifried.org",
"STATE": "PUBLIC",
"UPDATED": "2017-08-10T14:41Z"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Arigato Autoresponder and Newsletter",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "2.5.1.8"
}
]
}
}
]
},
"vendor_name": "Kiboko Labs https://calendarscripts.info/"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "There is blind SQL injection in WordPress Arigato Autoresponder and Newsletter v2.5.1.8 These vulnerabilities require administrative privileges to exploit. There is an exploitable blind SQL injection vulnerability via the del_ids variable by POST request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Blind SQL injection in WordPress Plugin Arigato Autoresponder and Newsletter v2.5.1.8"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "45434",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/45434/"
},
{
"name": "https://wordpress.org/plugins/bft-autoresponder/",
"refsource": "MISC",
"url": "https://wordpress.org/plugins/bft-autoresponder/"
},
{
"name": "http://www.vapidlabs.com/advisory.php?v=203",
"refsource": "MISC",
"url": "http://www.vapidlabs.com/advisory.php?v=203"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "461b2335-328f-427d-ae3d-eff7d6814455",
"assignerShortName": "larry_cashdollar",
"cveId": "CVE-2018-1002000",
"datePublished": "2018-12-03T16:00:00",
"dateReserved": "2018-12-03T00:00:00",
"dateUpdated": "2024-08-05T12:47:57.139Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-1002003 (GCVE-0-2018-1002003)
Vulnerability from cvelistv5 – Published: 2018-12-03 16:00 – Updated: 2024-08-05 12:47
VLAI?
Summary
There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit.
Severity ?
No CVSS data available.
CWE
- reflected XSS vulnerability in Wordpress Plugin Arigato Autoresponder and Newsletter v2.5.1.8
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Kiboko Labs https://calendarscripts.info/ | Arigato Autoresponder and Newsletter |
Affected:
unspecified , ≤ 2.5.1.8
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:47:57.464Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "45434",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/45434/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wordpress.org/plugins/bft-autoresponder/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.vapidlabs.com/advisory.php?v=203"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Arigato Autoresponder and Newsletter",
"vendor": "Kiboko Labs https://calendarscripts.info/",
"versions": [
{
"lessThanOrEqual": "2.5.1.8",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"dateAssigned": "2018-08-22T00:00:00",
"datePublic": "2018-12-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "reflected XSS vulnerability in Wordpress Plugin Arigato Autoresponder and Newsletter v2.5.1.8",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-12-04T10:57:01",
"orgId": "461b2335-328f-427d-ae3d-eff7d6814455",
"shortName": "larry_cashdollar"
},
"references": [
{
"name": "45434",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/45434/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wordpress.org/plugins/bft-autoresponder/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.vapidlabs.com/advisory.php?v=203"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "larry0@me.com",
"DATE_ASSIGNED": "2018-08-22",
"ID": "CVE-2018-1002003",
"REQUESTER": "kurt@seifried.org",
"STATE": "PUBLIC",
"UPDATED": "2017-08-10T14:41Z"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Arigato Autoresponder and Newsletter",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "2.5.1.8"
}
]
}
}
]
},
"vendor_name": "Kiboko Labs https://calendarscripts.info/"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "reflected XSS vulnerability in Wordpress Plugin Arigato Autoresponder and Newsletter v2.5.1.8"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "45434",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/45434/"
},
{
"name": "https://wordpress.org/plugins/bft-autoresponder/",
"refsource": "MISC",
"url": "https://wordpress.org/plugins/bft-autoresponder/"
},
{
"name": "http://www.vapidlabs.com/advisory.php?v=203",
"refsource": "MISC",
"url": "http://www.vapidlabs.com/advisory.php?v=203"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "461b2335-328f-427d-ae3d-eff7d6814455",
"assignerShortName": "larry_cashdollar",
"cveId": "CVE-2018-1002003",
"datePublished": "2018-12-03T16:00:00",
"dateReserved": "2018-12-03T00:00:00",
"dateUpdated": "2024-08-05T12:47:57.464Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-1002005 (GCVE-0-2018-1002005)
Vulnerability from cvelistv5 – Published: 2018-12-03 16:00 – Updated: 2024-08-05 12:47
VLAI?
Summary
These vulnerabilities require administrative privileges to exploit. There is an XSS vulnerability in bft_list.html.php:43: via the filter_signup_date parameter.
Severity ?
No CVSS data available.
CWE
- Blind SQL injection and multiple reflected XSS vulnerabilities in Wordpress Plugin Arigato Autoresponder and Newsletter v2.5.1.8
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Kiboko Labs https://calendarscripts.info/ | Arigato Autoresponder and Newsletter |
Affected:
unspecified , ≤ 2.5.1.8
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:47:57.518Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "45434",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/45434/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wordpress.org/plugins/bft-autoresponder/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.vapidlabs.com/advisory.php?v=203"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Arigato Autoresponder and Newsletter",
"vendor": "Kiboko Labs https://calendarscripts.info/",
"versions": [
{
"lessThanOrEqual": "2.5.1.8",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"dateAssigned": "2018-08-22T00:00:00",
"datePublic": "2018-12-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "These vulnerabilities require administrative privileges to exploit. There is an XSS vulnerability in bft_list.html.php:43: via the filter_signup_date parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Blind SQL injection and multiple reflected XSS vulnerabilities in Wordpress Plugin Arigato Autoresponder and Newsletter v2.5.1.8",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-12-04T10:57:01",
"orgId": "461b2335-328f-427d-ae3d-eff7d6814455",
"shortName": "larry_cashdollar"
},
"references": [
{
"name": "45434",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/45434/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wordpress.org/plugins/bft-autoresponder/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.vapidlabs.com/advisory.php?v=203"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "larry0@me.com",
"DATE_ASSIGNED": "2018-08-22",
"ID": "CVE-2018-1002005",
"REQUESTER": "kurt@seifried.org",
"STATE": "PUBLIC",
"UPDATED": "2017-08-10T14:41Z"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Arigato Autoresponder and Newsletter",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "2.5.1.8"
}
]
}
}
]
},
"vendor_name": "Kiboko Labs https://calendarscripts.info/"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "These vulnerabilities require administrative privileges to exploit. There is an XSS vulnerability in bft_list.html.php:43: via the filter_signup_date parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Blind SQL injection and multiple reflected XSS vulnerabilities in Wordpress Plugin Arigato Autoresponder and Newsletter v2.5.1.8"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "45434",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/45434/"
},
{
"name": "https://wordpress.org/plugins/bft-autoresponder/",
"refsource": "MISC",
"url": "https://wordpress.org/plugins/bft-autoresponder/"
},
{
"name": "http://www.vapidlabs.com/advisory.php?v=203",
"refsource": "MISC",
"url": "http://www.vapidlabs.com/advisory.php?v=203"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "461b2335-328f-427d-ae3d-eff7d6814455",
"assignerShortName": "larry_cashdollar",
"cveId": "CVE-2018-1002005",
"datePublished": "2018-12-03T16:00:00",
"dateReserved": "2018-12-03T00:00:00",
"dateUpdated": "2024-08-05T12:47:57.518Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-1002001 (GCVE-0-2018-1002001)
Vulnerability from cvelistv5 – Published: 2018-12-03 16:00 – Updated: 2024-08-05 12:47
VLAI?
Summary
There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit.
Severity ?
No CVSS data available.
CWE
- reflected XSS vulnerability in Wordpress Plugin Arigato Autoresponder and Newsletter v2.5.1.8
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Kiboko Labs https://calendarscripts.info/ | Arigato Autoresponder and Newsletter |
Affected:
unspecified , ≤ 2.5.1.8
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:47:57.283Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "45434",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/45434/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wordpress.org/plugins/bft-autoresponder/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.vapidlabs.com/advisory.php?v=203"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Arigato Autoresponder and Newsletter",
"vendor": "Kiboko Labs https://calendarscripts.info/",
"versions": [
{
"lessThanOrEqual": "2.5.1.8",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"dateAssigned": "2018-08-22T00:00:00",
"datePublic": "2018-12-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "reflected XSS vulnerability in Wordpress Plugin Arigato Autoresponder and Newsletter v2.5.1.8",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-12-04T10:57:01",
"orgId": "461b2335-328f-427d-ae3d-eff7d6814455",
"shortName": "larry_cashdollar"
},
"references": [
{
"name": "45434",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/45434/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wordpress.org/plugins/bft-autoresponder/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.vapidlabs.com/advisory.php?v=203"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "larry0@me.com",
"DATE_ASSIGNED": "2018-08-22",
"ID": "CVE-2018-1002001",
"REQUESTER": "kurt@seifried.org",
"STATE": "PUBLIC",
"UPDATED": "2017-08-10T14:41Z"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Arigato Autoresponder and Newsletter",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "2.5.1.8"
}
]
}
}
]
},
"vendor_name": "Kiboko Labs https://calendarscripts.info/"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "reflected XSS vulnerability in Wordpress Plugin Arigato Autoresponder and Newsletter v2.5.1.8"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "45434",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/45434/"
},
{
"name": "https://wordpress.org/plugins/bft-autoresponder/",
"refsource": "MISC",
"url": "https://wordpress.org/plugins/bft-autoresponder/"
},
{
"name": "http://www.vapidlabs.com/advisory.php?v=203",
"refsource": "MISC",
"url": "http://www.vapidlabs.com/advisory.php?v=203"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "461b2335-328f-427d-ae3d-eff7d6814455",
"assignerShortName": "larry_cashdollar",
"cveId": "CVE-2018-1002001",
"datePublished": "2018-12-03T16:00:00",
"dateReserved": "2018-12-03T00:00:00",
"dateUpdated": "2024-08-05T12:47:57.283Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-1002004 (GCVE-0-2018-1002004)
Vulnerability from cvelistv5 – Published: 2018-12-03 16:00 – Updated: 2024-08-05 12:47
VLAI?
Summary
There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit.
Severity ?
No CVSS data available.
CWE
- reflected XSS vulnerability in Wordpress Plugin Arigato Autoresponder and Newsletter v2.5.1.8
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Kiboko Labs https://calendarscripts.info/ | Arigato Autoresponder and Newsletter |
Affected:
unspecified , ≤ 2.5.1.8
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:47:56.996Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "45434",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/45434/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wordpress.org/plugins/bft-autoresponder/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.vapidlabs.com/advisory.php?v=203"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Arigato Autoresponder and Newsletter",
"vendor": "Kiboko Labs https://calendarscripts.info/",
"versions": [
{
"lessThanOrEqual": "2.5.1.8",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"dateAssigned": "2018-08-22T00:00:00",
"datePublic": "2018-12-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "reflected XSS vulnerability in Wordpress Plugin Arigato Autoresponder and Newsletter v2.5.1.8",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-12-04T10:57:01",
"orgId": "461b2335-328f-427d-ae3d-eff7d6814455",
"shortName": "larry_cashdollar"
},
"references": [
{
"name": "45434",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/45434/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wordpress.org/plugins/bft-autoresponder/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.vapidlabs.com/advisory.php?v=203"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "larry0@me.com",
"DATE_ASSIGNED": "2018-08-22",
"ID": "CVE-2018-1002004",
"REQUESTER": "kurt@seifried.org",
"STATE": "PUBLIC",
"UPDATED": "2017-08-10T14:41Z"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Arigato Autoresponder and Newsletter",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "2.5.1.8"
}
]
}
}
]
},
"vendor_name": "Kiboko Labs https://calendarscripts.info/"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "reflected XSS vulnerability in Wordpress Plugin Arigato Autoresponder and Newsletter v2.5.1.8"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "45434",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/45434/"
},
{
"name": "https://wordpress.org/plugins/bft-autoresponder/",
"refsource": "MISC",
"url": "https://wordpress.org/plugins/bft-autoresponder/"
},
{
"name": "http://www.vapidlabs.com/advisory.php?v=203",
"refsource": "MISC",
"url": "http://www.vapidlabs.com/advisory.php?v=203"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "461b2335-328f-427d-ae3d-eff7d6814455",
"assignerShortName": "larry_cashdollar",
"cveId": "CVE-2018-1002004",
"datePublished": "2018-12-03T16:00:00",
"dateReserved": "2018-12-03T00:00:00",
"dateUpdated": "2024-08-05T12:47:56.996Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-1002008 (GCVE-0-2018-1002008)
Vulnerability from cvelistv5 – Published: 2018-12-03 16:00 – Updated: 2024-08-05 12:47
VLAI?
Summary
There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit. There is an XSS vulnerability in list-user.html.php:4: via GET request offset variable.
Severity ?
No CVSS data available.
CWE
- reflected XSS vulnerability in Wordpress Plugin Arigato Autoresponder and Newsletter v2.5.1.8
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Kiboko Labs https://calendarscripts.info/ | Arigato Autoresponder and Newsletter |
Affected:
unspecified , ≤ 2.5.1.8
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:47:57.097Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "45434",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/45434/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wordpress.org/plugins/bft-autoresponder/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.vapidlabs.com/advisory.php?v=203"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Arigato Autoresponder and Newsletter",
"vendor": "Kiboko Labs https://calendarscripts.info/",
"versions": [
{
"lessThanOrEqual": "2.5.1.8",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"dateAssigned": "2018-08-22T00:00:00",
"datePublic": "2018-12-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit. There is an XSS vulnerability in list-user.html.php:4: via GET request offset variable."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "reflected XSS vulnerability in Wordpress Plugin Arigato Autoresponder and Newsletter v2.5.1.8",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-12-04T10:57:01",
"orgId": "461b2335-328f-427d-ae3d-eff7d6814455",
"shortName": "larry_cashdollar"
},
"references": [
{
"name": "45434",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/45434/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wordpress.org/plugins/bft-autoresponder/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.vapidlabs.com/advisory.php?v=203"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "larry0@me.com",
"DATE_ASSIGNED": "2018-08-22",
"ID": "CVE-2018-1002008",
"REQUESTER": "kurt@seifried.org",
"STATE": "PUBLIC",
"UPDATED": "2017-08-10T14:41Z"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Arigato Autoresponder and Newsletter",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "2.5.1.8"
}
]
}
}
]
},
"vendor_name": "Kiboko Labs https://calendarscripts.info/"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit. There is an XSS vulnerability in list-user.html.php:4: via GET request offset variable."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "reflected XSS vulnerability in Wordpress Plugin Arigato Autoresponder and Newsletter v2.5.1.8"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "45434",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/45434/"
},
{
"name": "https://wordpress.org/plugins/bft-autoresponder/",
"refsource": "MISC",
"url": "https://wordpress.org/plugins/bft-autoresponder/"
},
{
"name": "http://www.vapidlabs.com/advisory.php?v=203",
"refsource": "MISC",
"url": "http://www.vapidlabs.com/advisory.php?v=203"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "461b2335-328f-427d-ae3d-eff7d6814455",
"assignerShortName": "larry_cashdollar",
"cveId": "CVE-2018-1002008",
"datePublished": "2018-12-03T16:00:00",
"dateReserved": "2018-12-03T00:00:00",
"dateUpdated": "2024-08-05T12:47:57.097Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-1002007 (GCVE-0-2018-1002007)
Vulnerability from cvelistv5 – Published: 2018-12-03 16:00 – Updated: 2024-08-05 12:47
VLAI?
Summary
There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit. There is an XSS vulnerability in integration-contact-form.html.php:15: via POST request variable html_id.
Severity ?
No CVSS data available.
CWE
- reflected XSS vulnerability in Wordpress Plugin Arigato Autoresponder and Newsletter v2.5.1.8
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Kiboko Labs https://calendarscripts.info/ | Arigato Autoresponder and Newsletter |
Affected:
unspecified , ≤ 2.5.1.8
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:47:57.528Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "45434",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/45434/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wordpress.org/plugins/bft-autoresponder/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.vapidlabs.com/advisory.php?v=203"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Arigato Autoresponder and Newsletter",
"vendor": "Kiboko Labs https://calendarscripts.info/",
"versions": [
{
"lessThanOrEqual": "2.5.1.8",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"dateAssigned": "2018-08-22T00:00:00",
"datePublic": "2018-12-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit. There is an XSS vulnerability in integration-contact-form.html.php:15: via POST request variable html_id."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "reflected XSS vulnerability in Wordpress Plugin Arigato Autoresponder and Newsletter v2.5.1.8",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-12-04T10:57:01",
"orgId": "461b2335-328f-427d-ae3d-eff7d6814455",
"shortName": "larry_cashdollar"
},
"references": [
{
"name": "45434",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/45434/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wordpress.org/plugins/bft-autoresponder/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.vapidlabs.com/advisory.php?v=203"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "larry0@me.com",
"DATE_ASSIGNED": "2018-08-22",
"ID": "CVE-2018-1002007",
"REQUESTER": "kurt@seifried.org",
"STATE": "PUBLIC",
"UPDATED": "2017-08-10T14:41Z"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Arigato Autoresponder and Newsletter",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "2.5.1.8"
}
]
}
}
]
},
"vendor_name": "Kiboko Labs https://calendarscripts.info/"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit. There is an XSS vulnerability in integration-contact-form.html.php:15: via POST request variable html_id."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "reflected XSS vulnerability in Wordpress Plugin Arigato Autoresponder and Newsletter v2.5.1.8"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "45434",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/45434/"
},
{
"name": "https://wordpress.org/plugins/bft-autoresponder/",
"refsource": "MISC",
"url": "https://wordpress.org/plugins/bft-autoresponder/"
},
{
"name": "http://www.vapidlabs.com/advisory.php?v=203",
"refsource": "MISC",
"url": "http://www.vapidlabs.com/advisory.php?v=203"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "461b2335-328f-427d-ae3d-eff7d6814455",
"assignerShortName": "larry_cashdollar",
"cveId": "CVE-2018-1002007",
"datePublished": "2018-12-03T16:00:00",
"dateReserved": "2018-12-03T00:00:00",
"dateUpdated": "2024-08-05T12:47:57.528Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-1002002 (GCVE-0-2018-1002002)
Vulnerability from cvelistv5 – Published: 2018-12-03 16:00 – Updated: 2024-08-05 12:47
VLAI?
Summary
There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit.
Severity ?
No CVSS data available.
CWE
- Reflected XSS vulnerability in Wordpress Plugin Arigato Autoresponder and Newsletter v2.5.1.8
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Kiboko Labs https://calendarscripts.info/ | Arigato Autoresponder and Newsletter |
Affected:
unspecified , ≤ 2.5.1.8
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:47:57.502Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "45434",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/45434/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wordpress.org/plugins/bft-autoresponder/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.vapidlabs.com/advisory.php?v=203"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Arigato Autoresponder and Newsletter",
"vendor": "Kiboko Labs https://calendarscripts.info/",
"versions": [
{
"lessThanOrEqual": "2.5.1.8",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"dateAssigned": "2018-08-22T00:00:00",
"datePublic": "2018-12-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Reflected XSS vulnerability in Wordpress Plugin Arigato Autoresponder and Newsletter v2.5.1.8",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-12-04T10:57:01",
"orgId": "461b2335-328f-427d-ae3d-eff7d6814455",
"shortName": "larry_cashdollar"
},
"references": [
{
"name": "45434",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/45434/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wordpress.org/plugins/bft-autoresponder/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.vapidlabs.com/advisory.php?v=203"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "larry0@me.com",
"DATE_ASSIGNED": "2018-08-22",
"ID": "CVE-2018-1002002",
"REQUESTER": "kurt@seifried.org",
"STATE": "PUBLIC",
"UPDATED": "2017-08-10T14:41Z"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Arigato Autoresponder and Newsletter",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "2.5.1.8"
}
]
}
}
]
},
"vendor_name": "Kiboko Labs https://calendarscripts.info/"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Reflected XSS vulnerability in Wordpress Plugin Arigato Autoresponder and Newsletter v2.5.1.8"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "45434",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/45434/"
},
{
"name": "https://wordpress.org/plugins/bft-autoresponder/",
"refsource": "MISC",
"url": "https://wordpress.org/plugins/bft-autoresponder/"
},
{
"name": "http://www.vapidlabs.com/advisory.php?v=203",
"refsource": "MISC",
"url": "http://www.vapidlabs.com/advisory.php?v=203"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "461b2335-328f-427d-ae3d-eff7d6814455",
"assignerShortName": "larry_cashdollar",
"cveId": "CVE-2018-1002002",
"datePublished": "2018-12-03T16:00:00",
"dateReserved": "2018-12-03T00:00:00",
"dateUpdated": "2024-08-05T12:47:57.502Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-9209 (GCVE-0-2018-9209)
Vulnerability from cvelistv5 – Published: 2018-11-19 18:00 – Updated: 2024-08-05 07:17
VLAI?
Summary
Unauthenticated arbitrary file upload vulnerability in FineUploader php-traditional-server <= v1.2.2
Severity ?
No CVSS data available.
CWE
- FineUploader php-traditional-server <= v1.2.2 unauthenticated arbitrary file upload vulnerability
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| FineUploader | FineUploader php-traditional-server |
Affected:
unspecified , ≤ 1.2.2
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:17:51.791Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.vapidlabs.com/advisory.php?v=208"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "FineUploader php-traditional-server",
"vendor": "FineUploader",
"versions": [
{
"lessThanOrEqual": "1.2.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"dateAssigned": "2018-11-10T00:00:00",
"datePublic": "2018-11-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unauthenticated arbitrary file upload vulnerability in FineUploader php-traditional-server \u003c= v1.2.2"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "FineUploader php-traditional-server \u003c= v1.2.2 unauthenticated arbitrary file upload vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-11-19T17:57:01",
"orgId": "461b2335-328f-427d-ae3d-eff7d6814455",
"shortName": "larry_cashdollar"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.vapidlabs.com/advisory.php?v=208"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "larry0@me.com",
"DATE_ASSIGNED": "2018-11-10",
"ID": "CVE-2018-9209",
"REQUESTER": "larry0@me.com",
"STATE": "PUBLIC",
"UPDATED": "2018-11-17T13:21Z"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "FineUploader php-traditional-server",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "1.2.2"
}
]
}
}
]
},
"vendor_name": "FineUploader"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unauthenticated arbitrary file upload vulnerability in FineUploader php-traditional-server \u003c= v1.2.2"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "FineUploader php-traditional-server \u003c= v1.2.2 unauthenticated arbitrary file upload vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.vapidlabs.com/advisory.php?v=208",
"refsource": "MISC",
"url": "http://www.vapidlabs.com/advisory.php?v=208"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "461b2335-328f-427d-ae3d-eff7d6814455",
"assignerShortName": "larry_cashdollar",
"cveId": "CVE-2018-9209",
"datePublished": "2018-11-19T18:00:00",
"dateReserved": "2018-04-02T00:00:00",
"dateUpdated": "2024-08-05T07:17:51.791Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-9207 (GCVE-0-2018-9207)
Vulnerability from cvelistv5 – Published: 2018-11-19 17:00 – Updated: 2024-08-05 07:17
VLAI?
Summary
Arbitrary file upload in jQuery Upload File <= 4.0.2
Severity ?
No CVSS data available.
CWE
- Arbitrary file upload vulnerability in jQuery Upload File v4.0.2
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| hayageek | jQuery Upload File |
Affected:
unspecified , ≤ 4.0.2
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:17:52.096Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.vapidlabs.com/advisory.php?v=206"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": " jQuery Upload File",
"vendor": "hayageek",
"versions": [
{
"lessThanOrEqual": "4.0.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"dateAssigned": "2018-11-02T00:00:00",
"datePublic": "2018-11-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Arbitrary file upload in jQuery Upload File \u003c= 4.0.2"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Arbitrary file upload vulnerability in jQuery Upload File v4.0.2",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-11-19T16:57:01",
"orgId": "461b2335-328f-427d-ae3d-eff7d6814455",
"shortName": "larry_cashdollar"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.vapidlabs.com/advisory.php?v=206"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "larry0@me.com",
"DATE_ASSIGNED": "2018-11-02",
"ID": "CVE-2018-9207",
"REQUESTER": "larry0@me.com",
"STATE": "PUBLIC",
"UPDATED": "2018-11-19T13:21Z"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": " jQuery Upload File",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "4.0.2"
}
]
}
}
]
},
"vendor_name": "hayageek"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Arbitrary file upload in jQuery Upload File \u003c= 4.0.2"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Arbitrary file upload vulnerability in jQuery Upload File v4.0.2"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.vapidlabs.com/advisory.php?v=206",
"refsource": "MISC",
"url": "http://www.vapidlabs.com/advisory.php?v=206"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "461b2335-328f-427d-ae3d-eff7d6814455",
"assignerShortName": "larry_cashdollar",
"cveId": "CVE-2018-9207",
"datePublished": "2018-11-19T17:00:00",
"dateReserved": "2018-04-02T00:00:00",
"dateUpdated": "2024-08-05T07:17:52.096Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-9208 (GCVE-0-2018-9208)
Vulnerability from cvelistv5 – Published: 2018-11-05 14:00 – Updated: 2024-08-05 07:17
VLAI?
Summary
Unauthenticated arbitrary file upload vulnerability in jQuery Picture Cut <= v1.1Beta
Severity ?
No CVSS data available.
CWE
- jQuery Picture Cut <= v1.1Beta unauthenticated arbitrary file upload vulnerability
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Tuyoshi Vinicius | jQuery Picture Cut |
Affected:
unspecified , ≤ 1.1Beta
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:17:52.013Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.vapidlabs.com/advisory.php?v=207"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "jQuery Picture Cut",
"vendor": "Tuyoshi Vinicius",
"versions": [
{
"lessThanOrEqual": "1.1Beta",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"dateAssigned": "2018-10-09T00:00:00",
"datePublic": "2018-11-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unauthenticated arbitrary file upload vulnerability in jQuery Picture Cut \u003c= v1.1Beta"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "jQuery Picture Cut \u003c= v1.1Beta unauthenticated arbitrary file upload vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-11-05T13:57:01",
"orgId": "461b2335-328f-427d-ae3d-eff7d6814455",
"shortName": "larry_cashdollar"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.vapidlabs.com/advisory.php?v=207"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "larry0@me.com",
"DATE_ASSIGNED": "2018-10-09",
"ID": "CVE-2018-9208",
"REQUESTER": "larry0@me.com",
"STATE": "PUBLIC",
"UPDATED": "2018-04-08T13:21Z"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "jQuery Picture Cut",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "1.1Beta"
}
]
}
}
]
},
"vendor_name": "Tuyoshi Vinicius"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unauthenticated arbitrary file upload vulnerability in jQuery Picture Cut \u003c= v1.1Beta"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "jQuery Picture Cut \u003c= v1.1Beta unauthenticated arbitrary file upload vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.vapidlabs.com/advisory.php?v=207",
"refsource": "MISC",
"url": "http://www.vapidlabs.com/advisory.php?v=207"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "461b2335-328f-427d-ae3d-eff7d6814455",
"assignerShortName": "larry_cashdollar",
"cveId": "CVE-2018-9208",
"datePublished": "2018-11-05T14:00:00",
"dateReserved": "2018-04-02T00:00:00",
"dateUpdated": "2024-08-05T07:17:52.013Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-9206 (GCVE-0-2018-9206)
Vulnerability from cvelistv5 – Published: 2018-10-11 15:00 – Updated: 2025-11-04 14:26
VLAI?
Summary
Unauthenticated arbitrary file upload vulnerability in Blueimp jQuery-File-Upload <= v9.22.0
Severity ?
No CVSS data available.
CWE
- jQuery-File-Upload <= v9.22.0 unauthenticated arbitrary file upload vulnerability
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Blueimp | Blueimp jQuery-File-Upload |
Affected:
unspecified , ≤ 9.22.0
(custom)
|
Credits
Larry W. Cashdollar
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:17:51.545Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "106629",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/106629"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"name": "46182",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/46182/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpvulndb.com/vulnerabilities/9136"
},
{
"name": "45790",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/45790/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.vapidlabs.com/advisory.php?v=204"
},
{
"name": "105679",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105679"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Blueimp jQuery-File-Upload",
"vendor": "Blueimp",
"versions": [
{
"lessThanOrEqual": "9.22.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Larry W. Cashdollar"
}
],
"dateAssigned": "2018-10-09T04:00:00.000Z",
"datePublic": "2018-10-09T04:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eUnauthenticated arbitrary file upload vulnerability in Blueimp jQuery-File-Upload \u0026lt;= v9.22.0\u003c/p\u003e"
}
],
"value": "Unauthenticated arbitrary file upload vulnerability in Blueimp jQuery-File-Upload \u003c= v9.22.0"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "jQuery-File-Upload \u003c= v9.22.0 unauthenticated arbitrary file upload vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-04T14:26:56.318Z",
"orgId": "461b2335-328f-427d-ae3d-eff7d6814455",
"shortName": "larry_cashdollar"
},
"references": [
{
"name": "106629",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/106629"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"name": "46182",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/46182/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpvulndb.com/vulnerabilities/9136"
},
{
"name": "45790",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/45790/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.vapidlabs.com/advisory.php?v=204"
},
{
"name": "105679",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105679"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.5.0"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "larry0@me.com",
"DATE_ASSIGNED": "2018-10-09",
"ID": "CVE-2018-9206",
"REQUESTER": "larry0@me.com",
"STATE": "PUBLIC",
"UPDATED": "2018-04-08T13:21Z"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Blueimp jQuery-File-Upload",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "9.22.0"
}
]
}
}
]
},
"vendor_name": "Blueimp"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unauthenticated arbitrary file upload vulnerability in Blueimp jQuery-File-Upload \u003c= v9.22.0"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "jQuery-File-Upload \u003c= v9.22.0 unauthenticated arbitrary file upload vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "106629",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106629"
},
{
"name": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
"refsource": "CONFIRM",
"url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"name": "46182",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/46182/"
},
{
"name": "https://wpvulndb.com/vulnerabilities/9136",
"refsource": "MISC",
"url": "https://wpvulndb.com/vulnerabilities/9136"
},
{
"name": "45790",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/45790/"
},
{
"name": "http://www.vapidlabs.com/advisory.php?v=204",
"refsource": "MISC",
"url": "http://www.vapidlabs.com/advisory.php?v=204"
},
{
"name": "105679",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105679"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "461b2335-328f-427d-ae3d-eff7d6814455",
"assignerShortName": "larry_cashdollar",
"cveId": "CVE-2018-9206",
"datePublished": "2018-10-11T15:00:00",
"dateReserved": "2018-04-02T00:00:00",
"dateUpdated": "2025-11-04T14:26:56.318Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}