Search criteria
12 vulnerabilities found for openpne by tejimaya
FKIE_CVE-2013-4333
Vulnerability from fkie_nvd - Published: 2020-01-24 15:15 - Updated: 2024-11-21 01:55
Severity ?
Summary
OpenPNE 3 versions 3.8.7, 3.6.11, 3.4.21.1, 3.2.7.6, 3.0.8.5 has an External Entity Injection Vulnerability
References
| URL | Tags | ||
|---|---|---|---|
| secalert@redhat.com | http://www.openwall.com/lists/oss-security/2013/09/11/6 | Mailing List, Patch, Third Party Advisory | |
| secalert@redhat.com | http://www.securityfocus.com/bid/62285 | Third Party Advisory, VDB Entry | |
| secalert@redhat.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/87031 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2013/09/11/6 | Mailing List, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/62285 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/87031 | Third Party Advisory, VDB Entry |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tejimaya:openpne:3.0.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4B30F495-EB73-4B27-8487-7AD39F494970",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tejimaya:openpne:3.2.7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "D01EEFC6-0E3E-4138-A584-2517ACC72B8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tejimaya:openpne:3.4.21.1:*:*:*:*:*:*:*",
"matchCriteriaId": "52F9C802-BE72-45CE-A93D-ACD62F2B27F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tejimaya:openpne:3.6.11:*:*:*:*:*:*:*",
"matchCriteriaId": "AF9F1C54-8A17-4440-ABAB-81C9A96CB1E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tejimaya:openpne:3.8.7:*:*:*:*:*:*:*",
"matchCriteriaId": "F2191B1D-208E-4B2F-A743-FBFF10910FA7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "OpenPNE 3 versions 3.8.7, 3.6.11, 3.4.21.1, 3.2.7.6, 3.0.8.5 has an External Entity Injection Vulnerability"
},
{
"lang": "es",
"value": "OpenPNE 3 versiones 3.8.7, 3.6.11, 3.4.21.1, 3.2.7.6, 3.0.8.5, presenta una Vulnerabilidad de Inyecci\u00f3n de Entidad Externa."
}
],
"id": "CVE-2013-4333",
"lastModified": "2024-11-21T01:55:22.410",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-01-24T15:15:13.390",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2013/09/11/6"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/62285"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87031"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2013/09/11/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/62285"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87031"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-611"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2013-5350
Vulnerability from fkie_nvd - Published: 2014-01-24 15:08 - Updated: 2025-04-11 00:51
Severity ?
Summary
The "Remember me" feature in the opSecurityUser::getRememberLoginCookie function in lib/user/opSecurityUser.class.php in OpenPNE 3.6.13 before 3.6.13.1 and 3.8.9 before 3.8.9.1 does not properly validate login data in HTTP Cookie headers, which allows remote attackers to conduct PHP object injection attacks, and execute arbitrary PHP code, via a crafted serialized object.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tejimaya:openpne:3.6.13:*:*:*:*:*:*:*",
"matchCriteriaId": "47631DE1-EF45-4251-82A8-0C616A7DFB71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tejimaya:openpne:3.8.9:*:*:*:*:*:*:*",
"matchCriteriaId": "69E048BB-7CCE-435D-BA5C-228ABB1BC48D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The \"Remember me\" feature in the opSecurityUser::getRememberLoginCookie function in lib/user/opSecurityUser.class.php in OpenPNE 3.6.13 before 3.6.13.1 and 3.8.9 before 3.8.9.1 does not properly validate login data in HTTP Cookie headers, which allows remote attackers to conduct PHP object injection attacks, and execute arbitrary PHP code, via a crafted serialized object."
},
{
"lang": "es",
"value": "La funcionalidad \"Remember me\" en la funci\u00f3n opSecurityUser::getRememberLoginCookie en lib/user/opSecurityUser.class.php en OpenPNE 3.6.13 anteriores a 3.6.13.1 y 3.8.9 anteriores a 3.8.9.1 no valida correctamente los datos de login en las cabeceras HTTP Cookie, lo cual permite a atacantes remotos efectuar ataques de inyecci\u00f3n de objetos PHP, y ejecutar c\u00f3digo PHP arbitrario, a trav\u00e9s de un objeto serializado manipulado."
}
],
"id": "CVE-2013-5350",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-01-24T15:08:00.653",
"references": [
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://jvn.jp/en/jp/JVN69986880/index.html"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000009"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/54043"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/secunia_research/2014-1/"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.openpne.jp/archives/12293/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvn.jp/en/jp/JVN69986880/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000009"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/54043"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/secunia_research/2014-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.openpne.jp/archives/12293/"
}
],
"sourceIdentifier": "PSIRT-CNA@flexerasoftware.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2013-2309
Vulnerability from fkie_nvd - Published: 2013-06-17 03:29 - Updated: 2025-04-11 00:51
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the management screen in OpenPNE 3.4.x before 3.4.21.1, 3.6.x before 3.6.9.1, and 3.8.x before 3.8.5.1 allows remote attackers to inject arbitrary web script or HTML via vectors involving the "mobile version color scheme."
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tejimaya:openpne:3.4:rc1:*:*:*:*:*:*",
"matchCriteriaId": "1ABB1D4F-1030-4FDA-9F76-8AFFDAE2AD7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tejimaya:openpne:3.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "30F1CE69-1510-49E6-AA85-6C9FB171C1FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tejimaya:openpne:3.4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A5FDFF3C-C266-4B7D-9EF2-C7157BDEAC0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tejimaya:openpne:3.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "75A5B71B-CC3F-4027-9B7D-4E871FFB0F1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tejimaya:openpne:3.4.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C6F151AF-E151-4712-BA46-73E08CFB7E3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tejimaya:openpne:3.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C31EECCE-9D97-4E73-AE38-1452617CBA5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tejimaya:openpne:3.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C15DE721-B309-4DB8-B3EF-91A0B3A506B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tejimaya:openpne:3.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8E1F0D12-4D9F-4D9D-AE17-1C20A29407A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tejimaya:openpne:3.4.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C43A1D0F-1388-405A-AA63-ED6FF470492C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tejimaya:openpne:3.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "CAFD674B-5FAA-4A73-B98D-4DE1F9416603",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tejimaya:openpne:3.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "054B5BB3-839A-479A-B3F4-0138E69BB91C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tejimaya:openpne:3.4.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7BBB540F-13AA-4C1C-A4DC-776A6159E57B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tejimaya:openpne:3.4.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D339E485-05CD-47D5-8BB5-D310A35FDEDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tejimaya:openpne:3.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "CE17BE24-B19F-43D7-911B-DA1C29761C12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tejimaya:openpne:3.4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "6AC86116-CEE9-4649-B23F-A9A05B305479",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tejimaya:openpne:3.4.9:*:*:*:*:*:*:*",
"matchCriteriaId": "D46F963A-F39E-413D-99DB-9CA1DEF8F0E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tejimaya:openpne:3.4.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F4225D03-C36B-479D-BD64-4901BDF7F9E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tejimaya:openpne:3.4.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "45E85C7B-9B74-4203-90ED-5B58F2944979",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tejimaya:openpne:3.4.10:*:*:*:*:*:*:*",
"matchCriteriaId": "D9E7C7CA-3F38-4A97-ABB6-209234B6B828",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tejimaya:openpne:3.4.11:*:*:*:*:*:*:*",
"matchCriteriaId": "A46AD478-06AA-41CF-AA67-2A1C7D6EAF4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tejimaya:openpne:3.4.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C555B92A-7463-40CF-A8AB-F161EA7F2563",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tejimaya:openpne:3.4.12:*:*:*:*:*:*:*",
"matchCriteriaId": "53154000-87D9-4443-BCDE-5FF543B1FEE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tejimaya:openpne:3.4.12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E31EF04D-A8CD-4619-987D-E36DC9D83F60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tejimaya:openpne:3.4.13:*:*:*:*:*:*:*",
"matchCriteriaId": "18331AA6-0200-4E3A-9FAE-271CFED0B214",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tejimaya:openpne:3.4.14:*:*:*:*:*:*:*",
"matchCriteriaId": "4E86563C-FE1C-4DDF-B6C1-80B8FB5A7D46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tejimaya:openpne:3.4.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FCE21F7D-2EB5-4447-8394-F22249079E04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tejimaya:openpne:3.4.15:*:*:*:*:*:*:*",
"matchCriteriaId": "939A339B-220A-4585-BEFD-5B5C88D596F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tejimaya:openpne:3.4.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1ABA7F36-1675-4CE0-9D02-CD9B366556B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tejimaya:openpne:3.4.16:*:*:*:*:*:*:*",
"matchCriteriaId": "31D62BF5-1050-4C61-97EA-1F1BAAF484DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tejimaya:openpne:3.4.17:*:*:*:*:*:*:*",
"matchCriteriaId": "75E95236-144B-48A0-9DF6-9FAEC12A01F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tejimaya:openpne:3.4.18:*:*:*:*:*:*:*",
"matchCriteriaId": "FFD16C57-1C68-432B-9345-7FDF42CA7CA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tejimaya:openpne:3.4.19:*:*:*:*:*:*:*",
"matchCriteriaId": "58CABFCA-F4A3-435C-A5CB-DBC534066FBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tejimaya:openpne:3.4.21:*:*:*:*:*:*:*",
"matchCriteriaId": "EC00CCC6-0834-4FAD-82CB-45F23366944F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tejimaya:openpne:3.4b:*:*:*:*:*:*:*",
"matchCriteriaId": "62F9FBD5-3AF7-4008-A4B8-CC755687C58C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tejimaya:openpne:3.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "595424AD-700E-4DA1-81E8-1ADBD4E3B00B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tejimaya:openpne:3.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DE15148F-80E3-4446-99A3-0F93A55F1F80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tejimaya:openpne:3.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "58DB7FFF-A505-4A17-A315-DAD95D61C166",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tejimaya:openpne:3.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "89C6F9FC-8C4E-4CEC-BE5B-324CC90E0EE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tejimaya:openpne:3.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C10B98DA-069C-46AC-87C8-B51CB022E581",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tejimaya:openpne:3.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0BDD02F8-CB23-4397-8A41-44BE9925238D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tejimaya:openpne:3.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "8EBCE5F3-C4FE-4619-A085-D9F008168982",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tejimaya:openpne:3.6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "F2E36111-87F4-4FC8-85F4-B7482843494D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tejimaya:openpne:3.6.8:*:*:*:*:*:*:*",
"matchCriteriaId": "2E877FC0-CDA4-4335-8A4D-5FD375AD6D7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tejimaya:openpne:3.6.9:*:*:*:*:*:*:*",
"matchCriteriaId": "EBBF5F4E-2BD6-42CC-9BCD-B794EDA7193E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tejimaya:openpne:3.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A2EE094E-81D8-4417-8A77-6F11AEF7614C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tejimaya:openpne:3.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "42B44ECD-DA1E-4B91-846E-19240690969A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tejimaya:openpne:3.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "26A124D4-EE08-4CB7-845F-5E88E2EC8D0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tejimaya:openpne:3.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "71F39F10-2C66-4A9F-A759-70FD217E4646",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tejimaya:openpne:3.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "17D56C3D-E96A-49C4-91E0-ADC7B2E2EEA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tejimaya:openpne:3.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "368A4FCC-D252-4832-9521-13ABC77BA22D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tejimaya:openpne:3.8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "DEC0E461-714C-413B-B552-AD3EF1CE46DD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the management screen in OpenPNE 3.4.x before 3.4.21.1, 3.6.x before 3.6.9.1, and 3.8.x before 3.8.5.1 allows remote attackers to inject arbitrary web script or HTML via vectors involving the \"mobile version color scheme.\""
},
{
"lang": "es",
"value": "Vulnerabilidad XSS en la pantalla de gesti\u00f3n de OpenPNE 3.4.x anteior a 3.4.21.1, 3.6.x anterior a 3.6.9.1, y 3.8.x anterior a 3.8.5.1,\r\npermite a atacantes remotos inyectar secuencias arbitrarias de comandos web o HTML a trav\u00e9s de vectores que involucran a la \"versi\u00f3n del esquema de color m\u00f3vil\"."
}
],
"id": "CVE-2013-2309",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2013-06-17T03:29:44.093",
"references": [
{
"source": "vultures@jpcert.or.jp",
"url": "http://jvn.jp/en/jp/JVN18501376/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000038"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.openpne.jp/archives/11096/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvn.jp/en/jp/JVN18501376/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000038"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.openpne.jp/archives/11096/"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2010-1040
Vulnerability from fkie_nvd - Published: 2010-03-23 18:30 - Updated: 2025-04-11 00:51
Severity ?
Summary
The "IP address range limitation" function in OpenPNE 1.6 through 1.8, 2.0 through 2.8, 2.10 through 2.14, and 3.0 through 3.4, when mobile device support is enabled, allows remote attackers to bypass the "simple login" functionality via unknown vectors related to spoofing.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tejimaya:openpne:1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "3EA93E5A-FA4D-4CAC-8F14-1C2CD5950118",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tejimaya:openpne:1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "9D57EC37-A3AA-4EA4-B734-CDEEB1C0557D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tejimaya:openpne:2.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E84B2BA6-B4B0-4026-884A-F055990873EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tejimaya:openpne:2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8120869A-2EF2-40A6-90F8-718496355EE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tejimaya:openpne:2.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "130E7194-BE6F-4816-804A-4A264B40E4F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tejimaya:openpne:2.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "22FC400E-E1A2-4049-9DA1-E41583143B53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tejimaya:openpne:2.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6F1C4FEE-5084-4A5A-9C11-53079DF52F1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tejimaya:openpne:2.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DE9D62FD-3C5E-4018-8EFE-2FAED37C298A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tejimaya:openpne:2.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6977D4E5-6654-4C6C-9193-90B43CA9EF6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tejimaya:openpne:2.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7218B060-A629-416C-A1C2-688F33287434",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tejimaya:openpne:2.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4E72B86E-D217-446A-AF2B-33E303EF8A0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tejimaya:openpne:2.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "FF5B2964-C1F2-4A13-B7EA-1506DC1248A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tejimaya:openpne:2.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C0D378B7-8756-427D-B7BB-C6689951DBED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tejimaya:openpne:2.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "20EFF1A1-49BE-41E1-ADA0-D87D8E5AA474",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tejimaya:openpne:2.4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "C7A3703C-9976-423E-A1D3-56E88CCB7724",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tejimaya:openpne:2.4.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B5BFD1A0-16E2-4634-9ECE-4557BBF426DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tejimaya:openpne:2.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "63F5C2A3-7F27-430D-92CB-85A7CF607B65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tejimaya:openpne:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C4564810-1B53-4C7F-991C-B855EB31A227",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tejimaya:openpne:2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "35417F44-2FFF-4D6D-887D-A20C8819D46D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tejimaya:openpne:2.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "93F35A9D-1D9F-4235-8B22-28B1FD97C37B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tejimaya:openpne:2.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C543C5F8-DA91-4370-B745-E70736B71342",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tejimaya:openpne:2.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "08E2B5AE-D166-4C48-93A9-AE31EFAE0321",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tejimaya:openpne:2.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "70136C65-5FF9-4115-A7BA-2A53B5C8337B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tejimaya:openpne:2.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "6A033DF0-3927-46E4-95DB-CE7C78C0F482",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tejimaya:openpne:2.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "52EFE3A6-B7AD-4CC3-933D-1F94CDC873F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tejimaya:openpne:2.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B0A989CF-928B-45EC-9FC2-EB52728AE854",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tejimaya:openpne:2.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1691CA91-477F-4157-8B47-637AD762E662",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tejimaya:openpne:2.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AF59773B-62E8-4BC4-8772-10C883F61306",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tejimaya:openpne:2.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "AB2CD48C-AF78-4240-85D2-67667E2357F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tejimaya:openpne:2.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9586D0CF-5C67-4174-863C-C1054F2D13B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tejimaya:openpne:2.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "99A9AE5E-D96F-4322-B881-07C37A61EA99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tejimaya:openpne:2.6.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7ECA4C46-D972-442B-8A8C-1A258C0CFC90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tejimaya:openpne:2.6.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0AD72E27-A357-404C-8D8E-AB5EC7586C4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tejimaya:openpne:2.6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "77FF9DAE-001B-469D-A261-8C0E52DF7591",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tejimaya:openpne:2.6.8:*:*:*:*:*:*:*",
"matchCriteriaId": "4E22BDFD-D884-4BEF-A047-A956EEEB6A3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tejimaya:openpne:2.6.9:*:*:*:*:*:*:*",
"matchCriteriaId": "6E0A291F-54FD-4987-AEC2-CD9AEBADD262",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tejimaya:openpne:2.6.10:*:*:*:*:*:*:*",
"matchCriteriaId": "C86E89E4-7425-48CC-965E-B8A1A0AB9C94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tejimaya:openpne:2.6.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "80D3FA6A-236C-4A47-8239-38B4118DF3E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tejimaya:openpne:2.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5BB17553-5290-4BCA-A408-6D3FDEA0FA23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tejimaya:openpne:2.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E7F63D2B-8BF6-4393-8F14-E75EE0CF5F91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tejimaya:openpne:2.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "63F77666-0274-435E-B36A-E9AAE971C6B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tejimaya:openpne:2.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "27B0B520-66FC-46F8-B109-1FE9840BBF75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tejimaya:openpne:2.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2DEADC17-0E12-4EE0-866E-377F51565C90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tejimaya:openpne:2.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8375C597-4CD1-473F-AFF6-095434129997",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tejimaya:openpne:2.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C4E39442-0EB0-4B34-A9C2-DE28EC104687",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tejimaya:openpne:2.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E3AFE207-087B-4FD2-A8F1-87B6A1AFF7CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tejimaya:openpne:2.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EDE811B5-A37F-4DB8-8845-EF6DCFF0F3CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tejimaya:openpne:2.10.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AE784A53-3122-4C3C-84BE-DE4610523531",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tejimaya:openpne:2.10.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B56E083E-A1BC-4F53-9305-4E5FD1B787F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tejimaya:openpne:2.10.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2D8759F3-5193-4835-BC97-FF370432CAB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tejimaya:openpne:2.10.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "651499BE-8209-471C-928D-2087BD394A61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tejimaya:openpne:2.10.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B537A02E-DD98-494D-AB51-93ABF638D4A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tejimaya:openpne:2.10.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "41328824-5093-40CD-8FC6-8E8A68FA0BE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tejimaya:openpne:2.10.6:*:*:*:*:*:*:*",
"matchCriteriaId": "083C6DDA-20F4-4650-B072-833FEC1E2ADE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tejimaya:openpne:2.10.7:*:*:*:*:*:*:*",
"matchCriteriaId": "3EFBB089-97BD-4763-9F93-EAC2BCA4A349",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tejimaya:openpne:2.10.8:*:*:*:*:*:*:*",
"matchCriteriaId": "F61031F2-A331-482E-BD02-B478E5F63092",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tejimaya:openpne:2.10.9:*:*:*:*:*:*:*",
"matchCriteriaId": "160151E0-9030-4637-808A-BE9696B8026E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tejimaya:openpne:2.10.10:*:*:*:*:*:*:*",
"matchCriteriaId": "DA4AABA3-703F-4044-A862-FC39D840B1C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tejimaya:openpne:2.10.11:*:*:*:*:*:*:*",
"matchCriteriaId": "36AE7823-2D9F-4FAE-88DA-10016116472F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tejimaya:openpne:2.10.12:*:*:*:*:*:*:*",
"matchCriteriaId": "BEDB34BE-47D8-4758-AF32-7FA1714AD182",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tejimaya:openpne:2.10.13:*:*:*:*:*:*:*",
"matchCriteriaId": "3A95FFEA-C9E0-40DB-873D-05E3F54398C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tejimaya:openpne:2.10.13.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5426604F-D296-4873-BE48-70D7E591BD4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tejimaya:openpne:2.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "36456FA4-B7E3-446E-9888-408630330193",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tejimaya:openpne:2.11.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8CAA8638-3D15-4C72-85CD-5D52EFBE980F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tejimaya:openpne:2.11.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C9E907E5-F734-45B0-8ADA-36D6AABF114C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tejimaya:openpne:2.11.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "723F8977-F1C7-4ABD-9E20-3DE0D39DBF9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tejimaya:openpne:2.11.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7E3FD8F6-8499-411D-9F26-DDC7BBEAA96C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tejimaya:openpne:2.11.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4435F098-D4B4-48FE-BB36-9310E257F6D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tejimaya:openpne:2.11.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "97A4FA2A-4E4D-48EC-A414-0DEFA93BE835",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tejimaya:openpne:2.11.6:*:*:*:*:*:*:*",
"matchCriteriaId": "D1CAEC22-227C-4062-A70C-76B30146D620",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tejimaya:openpne:2.11.7:*:*:*:*:*:*:*",
"matchCriteriaId": "F237351A-BE41-4213-8567-5E21D6C3D071",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tejimaya:openpne:2.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FCA70C41-9375-435F-A757-9FB1E494F96E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tejimaya:openpne:2.12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C9598E30-6039-4856-AC5B-C8FC69DE0DD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tejimaya:openpne:2.12.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E7A186A2-8932-4A18-834A-2AD6A02D6D7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tejimaya:openpne:2.12.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7765EF3F-E761-4B3E-A0EF-43D16211A979",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tejimaya:openpne:2.12.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E966E410-07EE-4BD1-8FDA-FF6012396FA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tejimaya:openpne:2.12.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A4120011-7517-4B6F-86ED-94859E64FB35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tejimaya:openpne:2.12.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5B59F75C-D73B-41AB-B0D3-F4B7839752F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tejimaya:openpne:2.12.7:*:*:*:*:*:*:*",
"matchCriteriaId": "69FD6F1A-AD0E-452F-A36B-CD178DEA2EC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tejimaya:openpne:2.12.8:*:*:*:*:*:*:*",
"matchCriteriaId": "AB156548-FDF9-47C4-A08C-A1B770D8B914",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tejimaya:openpne:2.12.9:*:*:*:*:*:*:*",
"matchCriteriaId": "6211E1CE-7905-437E-B7DD-C838CD521815",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tejimaya:openpne:2.12.10:*:*:*:*:*:*:*",
"matchCriteriaId": "18B4B76F-E32D-4184-B9FD-C5A5E8CAEF0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tejimaya:openpne:2.12.11:*:*:*:*:*:*:*",
"matchCriteriaId": "14BB8849-5D37-4FFB-BE5C-1D430AE2F20C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tejimaya:openpne:2.12.12:*:*:*:*:*:*:*",
"matchCriteriaId": "3C484BE1-65F4-4575-907B-7CAD4D082478",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tejimaya:openpne:2.12.13:*:*:*:*:*:*:*",
"matchCriteriaId": "6B9B0CC7-AA51-46C1-94AD-61EFD2E59833",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tejimaya:openpne:2.12.14:*:*:*:*:*:*:*",
"matchCriteriaId": "3432CDB2-0DC3-47E1-9D40-71C6E7238762",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tejimaya:openpne:2.12.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A293CFF3-D001-4A94-91D2-8009973ABFEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tejimaya:openpne:2.12.15:*:*:*:*:*:*:*",
"matchCriteriaId": "1B7DD944-617F-4D6D-86E9-82B7D94B1820",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tejimaya:openpne:2.12.16:*:*:*:*:*:*:*",
"matchCriteriaId": "08AD11FF-46FB-49FA-851E-164CAE8CF92D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tejimaya:openpne:2.12.17:*:*:*:*:*:*:*",
"matchCriteriaId": "3BA553CC-492D-4AFB-A396-C8D8ABD0ED1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tejimaya:openpne:2.12.17.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F17FF8E8-B5BF-4BD4-96D5-7074B4B8806E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tejimaya:openpne:2.12.18:*:*:*:*:*:*:*",
"matchCriteriaId": "D742CB0D-0663-4B61-A28B-240D08527F8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tejimaya:openpne:2.13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1A0AB51A-9298-41FE-85EA-951E097DDFDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tejimaya:openpne:2.13.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B7B3F113-1286-4967-9A28-4D4067C6E7E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tejimaya:openpne:2.13.2:*:*:*:*:*:*:*",
"matchCriteriaId": "89CD0F0E-6C66-4FE9-B859-B33708ED5554",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tejimaya:openpne:2.13.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DD9FC6FD-CED1-49BD-AE25-E3C2873BA04A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tejimaya:openpne:2.13.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2DEF6584-FDD1-4FB3-B5D7-CCE939C91393",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tejimaya:openpne:2.13.5:*:*:*:*:*:*:*",
"matchCriteriaId": "DDB01AFC-B4C1-4371-9F6B-19D6436CD005",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tejimaya:openpne:2.13.6:*:*:*:*:*:*:*",
"matchCriteriaId": "8C36977C-348F-4638-88A9-5F57C4B210A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tejimaya:openpne:2.13.7:*:*:*:*:*:*:*",
"matchCriteriaId": "7C1927F5-1794-40E6-BF84-F94D7C409C2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tejimaya:openpne:2.13.8:*:*:*:*:*:*:*",
"matchCriteriaId": "B0898BEB-DF50-48B6-AF9F-5DB0EFB91D4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tejimaya:openpne:2.14.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E0FC9783-CA9C-4AFC-B412-7CE7C3F6C02C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The \"IP address range limitation\" function in OpenPNE 1.6 through 1.8, 2.0 through 2.8, 2.10 through 2.14, and 3.0 through 3.4, when mobile device support is enabled, allows remote attackers to bypass the \"simple login\" functionality via unknown vectors related to spoofing."
},
{
"lang": "es",
"value": "La funci\u00f3n \"limitaci\u00f3n de rango de la direcci\u00f3n IP\" en OpenPNE v1.6 hasta v1.8, v2.0 hasta v2.8, v2.10 hasta v2.14 y v3.0 hasta v3.4, cuando est\u00e1 habilitado el soporte a dispositivos m\u00f3viles, permite a atacantes remotos evitar la funcionalidad \"registro simple\" -simple login- a trav\u00e9s de vectores desconocidos relacionados con la suplantaci\u00f3n -spoofing-."
}
],
"id": "CVE-2010-1040",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-03-23T18:30:00.377",
"references": [
{
"source": "cve@mitre.org",
"url": "http://jvn.jp/en/jp/JVN06874657/index.html"
},
{
"source": "cve@mitre.org",
"url": "http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-000006.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/38857"
},
{
"source": "cve@mitre.org",
"url": "http://www.ipa.go.jp/security/vuln/alert/201003_openpne.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.openpne.jp/archives/4612/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvn.jp/en/jp/JVN06874657/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-000006.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/38857"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ipa.go.jp/security/vuln/alert/201003_openpne.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.openpne.jp/archives/4612/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2013-4333 (GCVE-0-2013-4333)
Vulnerability from cvelistv5 – Published: 2020-01-24 14:44 – Updated: 2024-08-06 16:38
VLAI?
Summary
OpenPNE 3 versions 3.8.7, 3.6.11, 3.4.21.1, 3.2.7.6, 3.0.8.5 has an External Entity Injection Vulnerability
Severity ?
No CVSS data available.
CWE
- XXE
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:38:01.887Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/62285"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87031"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/09/11/6"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "OpenPNE",
"vendor": "OpenPNE",
"versions": [
{
"status": "affected",
"version": "3.8.7"
},
{
"status": "affected",
"version": "3.6.11"
},
{
"status": "affected",
"version": "3.4.21.1"
},
{
"status": "affected",
"version": "3.2.7.6"
},
{
"status": "affected",
"version": "3.0.8.5 (Fixed: 3.8.7.1"
},
{
"status": "affected",
"version": "3.6.11.1"
},
{
"status": "affected",
"version": "3.4.21.2"
},
{
"status": "affected",
"version": "3.2.7.7"
},
{
"status": "affected",
"version": "3.0.8.6)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OpenPNE 3 versions 3.8.7, 3.6.11, 3.4.21.1, 3.2.7.6, 3.0.8.5 has an External Entity Injection Vulnerability"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "XXE",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-24T14:44:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.securityfocus.com/bid/62285"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87031"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2013/09/11/6"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-4333",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "OpenPNE",
"version": {
"version_data": [
{
"version_value": "3.8.7"
},
{
"version_value": "3.6.11"
},
{
"version_value": "3.4.21.1"
},
{
"version_value": "3.2.7.6"
},
{
"version_value": "3.0.8.5 (Fixed: 3.8.7.1"
},
{
"version_value": "3.6.11.1"
},
{
"version_value": "3.4.21.2"
},
{
"version_value": "3.2.7.7"
},
{
"version_value": "3.0.8.6)"
}
]
}
}
]
},
"vendor_name": "OpenPNE"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OpenPNE 3 versions 3.8.7, 3.6.11, 3.4.21.1, 3.2.7.6, 3.0.8.5 has an External Entity Injection Vulnerability"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "XXE"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.securityfocus.com/bid/62285",
"refsource": "MISC",
"url": "http://www.securityfocus.com/bid/62285"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87031",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87031"
},
{
"name": "http://www.openwall.com/lists/oss-security/2013/09/11/6",
"refsource": "MISC",
"url": "http://www.openwall.com/lists/oss-security/2013/09/11/6"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-4333",
"datePublished": "2020-01-24T14:44:01",
"dateReserved": "2013-06-12T00:00:00",
"dateUpdated": "2024-08-06T16:38:01.887Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-5350 (GCVE-0-2013-5350)
Vulnerability from cvelistv5 – Published: 2014-01-24 15:00 – Updated: 2024-08-06 17:06
VLAI?
Summary
The "Remember me" feature in the opSecurityUser::getRememberLoginCookie function in lib/user/opSecurityUser.class.php in OpenPNE 3.6.13 before 3.6.13.1 and 3.8.9 before 3.8.9.1 does not properly validate login data in HTTP Cookie headers, which allows remote attackers to conduct PHP object injection attacks, and execute arbitrary PHP code, via a crafted serialized object.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:06:52.363Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.openpne.jp/archives/12293/"
},
{
"name": "JVN#69986880",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN69986880/index.html"
},
{
"name": "54043",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/54043"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://secunia.com/secunia_research/2014-1/"
},
{
"name": "JVNDB-2014-000009",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000009"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-01-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The \"Remember me\" feature in the opSecurityUser::getRememberLoginCookie function in lib/user/opSecurityUser.class.php in OpenPNE 3.6.13 before 3.6.13.1 and 3.8.9 before 3.8.9.1 does not properly validate login data in HTTP Cookie headers, which allows remote attackers to conduct PHP object injection attacks, and execute arbitrary PHP code, via a crafted serialized object."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-01-24T14:57:00",
"orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"shortName": "flexera"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.openpne.jp/archives/12293/"
},
{
"name": "JVN#69986880",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN69986880/index.html"
},
{
"name": "54043",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/54043"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://secunia.com/secunia_research/2014-1/"
},
{
"name": "JVNDB-2014-000009",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000009"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID": "CVE-2013-5350",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The \"Remember me\" feature in the opSecurityUser::getRememberLoginCookie function in lib/user/opSecurityUser.class.php in OpenPNE 3.6.13 before 3.6.13.1 and 3.8.9 before 3.8.9.1 does not properly validate login data in HTTP Cookie headers, which allows remote attackers to conduct PHP object injection attacks, and execute arbitrary PHP code, via a crafted serialized object."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.openpne.jp/archives/12293/",
"refsource": "CONFIRM",
"url": "https://www.openpne.jp/archives/12293/"
},
{
"name": "JVN#69986880",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN69986880/index.html"
},
{
"name": "54043",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/54043"
},
{
"name": "http://secunia.com/secunia_research/2014-1/",
"refsource": "MISC",
"url": "http://secunia.com/secunia_research/2014-1/"
},
{
"name": "JVNDB-2014-000009",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000009"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"assignerShortName": "flexera",
"cveId": "CVE-2013-5350",
"datePublished": "2014-01-24T15:00:00",
"dateReserved": "2013-08-21T00:00:00",
"dateUpdated": "2024-08-06T17:06:52.363Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-2309 (GCVE-0-2013-2309)
Vulnerability from cvelistv5 – Published: 2013-06-17 01:00 – Updated: 2024-09-16 17:18
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in the management screen in OpenPNE 3.4.x before 3.4.21.1, 3.6.x before 3.6.9.1, and 3.8.x before 3.8.5.1 allows remote attackers to inject arbitrary web script or HTML via vectors involving the "mobile version color scheme."
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:36:45.930Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.openpne.jp/archives/11096/"
},
{
"name": "JVNDB-2013-000038",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000038"
},
{
"name": "JVN#18501376",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN18501376/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the management screen in OpenPNE 3.4.x before 3.4.21.1, 3.6.x before 3.6.9.1, and 3.8.x before 3.8.5.1 allows remote attackers to inject arbitrary web script or HTML via vectors involving the \"mobile version color scheme.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-06-17T01:00:00Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.openpne.jp/archives/11096/"
},
{
"name": "JVNDB-2013-000038",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000038"
},
{
"name": "JVN#18501376",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN18501376/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2013-2309",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the management screen in OpenPNE 3.4.x before 3.4.21.1, 3.6.x before 3.6.9.1, and 3.8.x before 3.8.5.1 allows remote attackers to inject arbitrary web script or HTML via vectors involving the \"mobile version color scheme.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.openpne.jp/archives/11096/",
"refsource": "CONFIRM",
"url": "http://www.openpne.jp/archives/11096/"
},
{
"name": "JVNDB-2013-000038",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000038"
},
{
"name": "JVN#18501376",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN18501376/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2013-2309",
"datePublished": "2013-06-17T01:00:00Z",
"dateReserved": "2013-03-04T00:00:00Z",
"dateUpdated": "2024-09-16T17:18:50.692Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-1040 (GCVE-0-2010-1040)
Vulnerability from cvelistv5 – Published: 2010-03-23 18:00 – Updated: 2024-09-16 20:06
VLAI?
Summary
The "IP address range limitation" function in OpenPNE 1.6 through 1.8, 2.0 through 2.8, 2.10 through 2.14, and 3.0 through 3.4, when mobile device support is enabled, allows remote attackers to bypass the "simple login" functionality via unknown vectors related to spoofing.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T01:06:52.695Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.openpne.jp/archives/4612/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ipa.go.jp/security/vuln/alert/201003_openpne.html"
},
{
"name": "JVNDB-2010-000006",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-000006.html"
},
{
"name": "38857",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38857"
},
{
"name": "JVN#06874657",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN06874657/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The \"IP address range limitation\" function in OpenPNE 1.6 through 1.8, 2.0 through 2.8, 2.10 through 2.14, and 3.0 through 3.4, when mobile device support is enabled, allows remote attackers to bypass the \"simple login\" functionality via unknown vectors related to spoofing."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-03-23T18:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.openpne.jp/archives/4612/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ipa.go.jp/security/vuln/alert/201003_openpne.html"
},
{
"name": "JVNDB-2010-000006",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-000006.html"
},
{
"name": "38857",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38857"
},
{
"name": "JVN#06874657",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN06874657/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1040",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The \"IP address range limitation\" function in OpenPNE 1.6 through 1.8, 2.0 through 2.8, 2.10 through 2.14, and 3.0 through 3.4, when mobile device support is enabled, allows remote attackers to bypass the \"simple login\" functionality via unknown vectors related to spoofing."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.openpne.jp/archives/4612/",
"refsource": "CONFIRM",
"url": "http://www.openpne.jp/archives/4612/"
},
{
"name": "http://www.ipa.go.jp/security/vuln/alert/201003_openpne.html",
"refsource": "MISC",
"url": "http://www.ipa.go.jp/security/vuln/alert/201003_openpne.html"
},
{
"name": "JVNDB-2010-000006",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-000006.html"
},
{
"name": "38857",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38857"
},
{
"name": "JVN#06874657",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN06874657/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-1040",
"datePublished": "2010-03-23T18:00:00Z",
"dateReserved": "2010-03-19T00:00:00Z",
"dateUpdated": "2024-09-16T20:06:22.595Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-4333 (GCVE-0-2013-4333)
Vulnerability from nvd – Published: 2020-01-24 14:44 – Updated: 2024-08-06 16:38
VLAI?
Summary
OpenPNE 3 versions 3.8.7, 3.6.11, 3.4.21.1, 3.2.7.6, 3.0.8.5 has an External Entity Injection Vulnerability
Severity ?
No CVSS data available.
CWE
- XXE
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:38:01.887Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/62285"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87031"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/09/11/6"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "OpenPNE",
"vendor": "OpenPNE",
"versions": [
{
"status": "affected",
"version": "3.8.7"
},
{
"status": "affected",
"version": "3.6.11"
},
{
"status": "affected",
"version": "3.4.21.1"
},
{
"status": "affected",
"version": "3.2.7.6"
},
{
"status": "affected",
"version": "3.0.8.5 (Fixed: 3.8.7.1"
},
{
"status": "affected",
"version": "3.6.11.1"
},
{
"status": "affected",
"version": "3.4.21.2"
},
{
"status": "affected",
"version": "3.2.7.7"
},
{
"status": "affected",
"version": "3.0.8.6)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OpenPNE 3 versions 3.8.7, 3.6.11, 3.4.21.1, 3.2.7.6, 3.0.8.5 has an External Entity Injection Vulnerability"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "XXE",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-24T14:44:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.securityfocus.com/bid/62285"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87031"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2013/09/11/6"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-4333",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "OpenPNE",
"version": {
"version_data": [
{
"version_value": "3.8.7"
},
{
"version_value": "3.6.11"
},
{
"version_value": "3.4.21.1"
},
{
"version_value": "3.2.7.6"
},
{
"version_value": "3.0.8.5 (Fixed: 3.8.7.1"
},
{
"version_value": "3.6.11.1"
},
{
"version_value": "3.4.21.2"
},
{
"version_value": "3.2.7.7"
},
{
"version_value": "3.0.8.6)"
}
]
}
}
]
},
"vendor_name": "OpenPNE"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OpenPNE 3 versions 3.8.7, 3.6.11, 3.4.21.1, 3.2.7.6, 3.0.8.5 has an External Entity Injection Vulnerability"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "XXE"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.securityfocus.com/bid/62285",
"refsource": "MISC",
"url": "http://www.securityfocus.com/bid/62285"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87031",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87031"
},
{
"name": "http://www.openwall.com/lists/oss-security/2013/09/11/6",
"refsource": "MISC",
"url": "http://www.openwall.com/lists/oss-security/2013/09/11/6"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-4333",
"datePublished": "2020-01-24T14:44:01",
"dateReserved": "2013-06-12T00:00:00",
"dateUpdated": "2024-08-06T16:38:01.887Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-5350 (GCVE-0-2013-5350)
Vulnerability from nvd – Published: 2014-01-24 15:00 – Updated: 2024-08-06 17:06
VLAI?
Summary
The "Remember me" feature in the opSecurityUser::getRememberLoginCookie function in lib/user/opSecurityUser.class.php in OpenPNE 3.6.13 before 3.6.13.1 and 3.8.9 before 3.8.9.1 does not properly validate login data in HTTP Cookie headers, which allows remote attackers to conduct PHP object injection attacks, and execute arbitrary PHP code, via a crafted serialized object.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:06:52.363Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.openpne.jp/archives/12293/"
},
{
"name": "JVN#69986880",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN69986880/index.html"
},
{
"name": "54043",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/54043"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://secunia.com/secunia_research/2014-1/"
},
{
"name": "JVNDB-2014-000009",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000009"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-01-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The \"Remember me\" feature in the opSecurityUser::getRememberLoginCookie function in lib/user/opSecurityUser.class.php in OpenPNE 3.6.13 before 3.6.13.1 and 3.8.9 before 3.8.9.1 does not properly validate login data in HTTP Cookie headers, which allows remote attackers to conduct PHP object injection attacks, and execute arbitrary PHP code, via a crafted serialized object."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-01-24T14:57:00",
"orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"shortName": "flexera"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.openpne.jp/archives/12293/"
},
{
"name": "JVN#69986880",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN69986880/index.html"
},
{
"name": "54043",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/54043"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://secunia.com/secunia_research/2014-1/"
},
{
"name": "JVNDB-2014-000009",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000009"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID": "CVE-2013-5350",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The \"Remember me\" feature in the opSecurityUser::getRememberLoginCookie function in lib/user/opSecurityUser.class.php in OpenPNE 3.6.13 before 3.6.13.1 and 3.8.9 before 3.8.9.1 does not properly validate login data in HTTP Cookie headers, which allows remote attackers to conduct PHP object injection attacks, and execute arbitrary PHP code, via a crafted serialized object."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.openpne.jp/archives/12293/",
"refsource": "CONFIRM",
"url": "https://www.openpne.jp/archives/12293/"
},
{
"name": "JVN#69986880",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN69986880/index.html"
},
{
"name": "54043",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/54043"
},
{
"name": "http://secunia.com/secunia_research/2014-1/",
"refsource": "MISC",
"url": "http://secunia.com/secunia_research/2014-1/"
},
{
"name": "JVNDB-2014-000009",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000009"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"assignerShortName": "flexera",
"cveId": "CVE-2013-5350",
"datePublished": "2014-01-24T15:00:00",
"dateReserved": "2013-08-21T00:00:00",
"dateUpdated": "2024-08-06T17:06:52.363Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-2309 (GCVE-0-2013-2309)
Vulnerability from nvd – Published: 2013-06-17 01:00 – Updated: 2024-09-16 17:18
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in the management screen in OpenPNE 3.4.x before 3.4.21.1, 3.6.x before 3.6.9.1, and 3.8.x before 3.8.5.1 allows remote attackers to inject arbitrary web script or HTML via vectors involving the "mobile version color scheme."
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:36:45.930Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.openpne.jp/archives/11096/"
},
{
"name": "JVNDB-2013-000038",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000038"
},
{
"name": "JVN#18501376",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN18501376/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the management screen in OpenPNE 3.4.x before 3.4.21.1, 3.6.x before 3.6.9.1, and 3.8.x before 3.8.5.1 allows remote attackers to inject arbitrary web script or HTML via vectors involving the \"mobile version color scheme.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-06-17T01:00:00Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.openpne.jp/archives/11096/"
},
{
"name": "JVNDB-2013-000038",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000038"
},
{
"name": "JVN#18501376",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN18501376/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2013-2309",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the management screen in OpenPNE 3.4.x before 3.4.21.1, 3.6.x before 3.6.9.1, and 3.8.x before 3.8.5.1 allows remote attackers to inject arbitrary web script or HTML via vectors involving the \"mobile version color scheme.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.openpne.jp/archives/11096/",
"refsource": "CONFIRM",
"url": "http://www.openpne.jp/archives/11096/"
},
{
"name": "JVNDB-2013-000038",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000038"
},
{
"name": "JVN#18501376",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN18501376/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2013-2309",
"datePublished": "2013-06-17T01:00:00Z",
"dateReserved": "2013-03-04T00:00:00Z",
"dateUpdated": "2024-09-16T17:18:50.692Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-1040 (GCVE-0-2010-1040)
Vulnerability from nvd – Published: 2010-03-23 18:00 – Updated: 2024-09-16 20:06
VLAI?
Summary
The "IP address range limitation" function in OpenPNE 1.6 through 1.8, 2.0 through 2.8, 2.10 through 2.14, and 3.0 through 3.4, when mobile device support is enabled, allows remote attackers to bypass the "simple login" functionality via unknown vectors related to spoofing.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T01:06:52.695Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.openpne.jp/archives/4612/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ipa.go.jp/security/vuln/alert/201003_openpne.html"
},
{
"name": "JVNDB-2010-000006",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-000006.html"
},
{
"name": "38857",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38857"
},
{
"name": "JVN#06874657",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN06874657/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The \"IP address range limitation\" function in OpenPNE 1.6 through 1.8, 2.0 through 2.8, 2.10 through 2.14, and 3.0 through 3.4, when mobile device support is enabled, allows remote attackers to bypass the \"simple login\" functionality via unknown vectors related to spoofing."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-03-23T18:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.openpne.jp/archives/4612/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ipa.go.jp/security/vuln/alert/201003_openpne.html"
},
{
"name": "JVNDB-2010-000006",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-000006.html"
},
{
"name": "38857",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38857"
},
{
"name": "JVN#06874657",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN06874657/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1040",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The \"IP address range limitation\" function in OpenPNE 1.6 through 1.8, 2.0 through 2.8, 2.10 through 2.14, and 3.0 through 3.4, when mobile device support is enabled, allows remote attackers to bypass the \"simple login\" functionality via unknown vectors related to spoofing."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.openpne.jp/archives/4612/",
"refsource": "CONFIRM",
"url": "http://www.openpne.jp/archives/4612/"
},
{
"name": "http://www.ipa.go.jp/security/vuln/alert/201003_openpne.html",
"refsource": "MISC",
"url": "http://www.ipa.go.jp/security/vuln/alert/201003_openpne.html"
},
{
"name": "JVNDB-2010-000006",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-000006.html"
},
{
"name": "38857",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38857"
},
{
"name": "JVN#06874657",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN06874657/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-1040",
"datePublished": "2010-03-23T18:00:00Z",
"dateReserved": "2010-03-19T00:00:00Z",
"dateUpdated": "2024-09-16T20:06:22.595Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}