Vulnerability-Lookup - Search a vulnerability

All the vulnerabilites related to tony_freixas - ubercart_product_keys

Vulnerability from fkie_nvd

Published

2012-06-27 00:55

Modified

2024-11-21 01:39

Severity ?

Summary

The Ubercart Product Keys module 6.x-1.x before 6.x-1.1 for Drupal does not properly check access for product keys, which allows remote attackers to read all unassigned product keys via certain conditions related to the uid.

References

URL	Tags
secalert@redhat.com	http://drupal.org/node/1580752	Patch, Vendor Advisory
secalert@redhat.com	http://drupal.org/node/1585532	Patch, Vendor Advisory
secalert@redhat.com	http://drupalcode.org/project/uc_product_keys.git/commitdiff/19fa261	Exploit, Patch
secalert@redhat.com	http://osvdb.org/82005
secalert@redhat.com	http://secunia.com/advisories/49169
secalert@redhat.com	http://www.openwall.com/lists/oss-security/2012/06/14/3
secalert@redhat.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/75720
af854a3a-2127-422b-91ae-364da2661108	http://drupal.org/node/1580752	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://drupal.org/node/1585532	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://drupalcode.org/project/uc_product_keys.git/commitdiff/19fa261	Exploit, Patch
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/82005
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/49169
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2012/06/14/3
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/75720

Impacted products

Vendor	Product	Version
tony_freixas	ubercart_product_keys	6.x-1.0
tony_freixas	ubercart_product_keys	6.x-1.0
tony_freixas	ubercart_product_keys	6.x-1.0
tony_freixas	ubercart_product_keys	6.x-1.0
tony_freixas	ubercart_product_keys	6.x-1.0
tony_freixas	ubercart_product_keys	6.x-1.0
tony_freixas	ubercart_product_keys	6.x-1.0
drupal	drupal	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:tony_freixas:ubercart_product_keys:6.x-1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "73A2ABE5-70AA-4E9B-901F-DD59E1D025E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tony_freixas:ubercart_product_keys:6.x-1.0:alpha1:*:*:*:*:*:*",
              "matchCriteriaId": "F989887D-9D86-49CB-992A-6A1618C62C1A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tony_freixas:ubercart_product_keys:6.x-1.0:alpha2:*:*:*:*:*:*",
              "matchCriteriaId": "ECF7D83C-16F6-499C-AD0E-C086BEF8ECC3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tony_freixas:ubercart_product_keys:6.x-1.0:alpha3:*:*:*:*:*:*",
              "matchCriteriaId": "B90AE107-8418-4364-8C73-F749D352F246",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tony_freixas:ubercart_product_keys:6.x-1.0:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "AE346CF7-4007-42F2-BE0C-5D4F3EA52855",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tony_freixas:ubercart_product_keys:6.x-1.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "53FC3D4D-D2ED-4ECC-A683-515B3E729EE6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tony_freixas:ubercart_product_keys:6.x-1.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "6BF7C951-4ACA-45F4-81FA-F18487F72169",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:drupal:drupal:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F8B1170D-AD33-4C7A-892D-63AC71B032CF",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The Ubercart Product Keys module 6.x-1.x before 6.x-1.1 for Drupal does not properly check access for product keys, which allows remote attackers to read all unassigned product keys via certain conditions related to the uid."
    },
    {
      "lang": "es",
      "value": "El m\u00f3dulo Ubercart Product Keys v6.x-1.x anterior a v6.x-1.1 para Drupal no comprueba correctamente el acceso a las claves, lo que permite a atacantes remotos leer todas las claves del producto no asignadas a trav\u00e9s de ciertas condiciones relacionadas con el uid."
    }
  ],
  "id": "CVE-2012-2702",
  "lastModified": "2024-11-21T01:39:28.380",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2012-06-27T00:55:02.880",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://drupal.org/node/1580752"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://drupal.org/node/1585532"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "http://drupalcode.org/project/uc_product_keys.git/commitdiff/19fa261"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://osvdb.org/82005"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/49169"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.openwall.com/lists/oss-security/2012/06/14/3"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75720"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://drupal.org/node/1580752"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://drupal.org/node/1585532"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "http://drupalcode.org/project/uc_product_keys.git/commitdiff/19fa261"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/82005"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/49169"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2012/06/14/3"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75720"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

cve-2012-2702

Vulnerability from cvelistv5

Published

2012-06-27 00:00

Modified

2024-08-06 19:42

Severity ?

Summary

References

▼	URL	Tags
	http://drupalcode.org/project/uc_product_keys.git/commitdiff/19fa261	x_refsource_CONFIRM
	http://drupal.org/node/1585532	x_refsource_MISC
	https://exchange.xforce.ibmcloud.com/vulnerabilities/75720	vdb-entry, x_refsource_XF
	http://www.openwall.com/lists/oss-security/2012/06/14/3	mailing-list, x_refsource_MLIST
	http://secunia.com/advisories/49169	third-party-advisory, x_refsource_SECUNIA
	http://osvdb.org/82005	vdb-entry, x_refsource_OSVDB
	http://drupal.org/node/1580752	x_refsource_CONFIRM

Impacted products

Vendor

Product

Version

▼

n/a

Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T19:42:31.846Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://drupalcode.org/project/uc_product_keys.git/commitdiff/19fa261"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://drupal.org/node/1585532"
          },
          {
            "name": "ubercartproductkeys-keys-security-bypass(75720)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75720"
          },
          {
            "name": "[oss-security] 20120613 Re: CVE Request for Drupal contributed modules",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2012/06/14/3"
          },
          {
            "name": "49169",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/49169"
          },
          {
            "name": "82005",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/82005"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://drupal.org/node/1580752"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2012-05-15T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The Ubercart Product Keys module 6.x-1.x before 6.x-1.1 for Drupal does not properly check access for product keys, which allows remote attackers to read all unassigned product keys via certain conditions related to the uid."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://drupalcode.org/project/uc_product_keys.git/commitdiff/19fa261"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://drupal.org/node/1585532"
        },
        {
          "name": "ubercartproductkeys-keys-security-bypass(75720)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75720"
        },
        {
          "name": "[oss-security] 20120613 Re: CVE Request for Drupal contributed modules",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2012/06/14/3"
        },
        {
          "name": "49169",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/49169"
        },
        {
          "name": "82005",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/82005"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://drupal.org/node/1580752"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2012-2702",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The Ubercart Product Keys module 6.x-1.x before 6.x-1.1 for Drupal does not properly check access for product keys, which allows remote attackers to read all unassigned product keys via certain conditions related to the uid."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://drupalcode.org/project/uc_product_keys.git/commitdiff/19fa261",
              "refsource": "CONFIRM",
              "url": "http://drupalcode.org/project/uc_product_keys.git/commitdiff/19fa261"
            },
            {
              "name": "http://drupal.org/node/1585532",
              "refsource": "MISC",
              "url": "http://drupal.org/node/1585532"
            },
            {
              "name": "ubercartproductkeys-keys-security-bypass(75720)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75720"
            },
            {
              "name": "[oss-security] 20120613 Re: CVE Request for Drupal contributed modules",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2012/06/14/3"
            },
            {
              "name": "49169",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/49169"
            },
            {
              "name": "82005",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/82005"
            },
            {
              "name": "http://drupal.org/node/1580752",
              "refsource": "CONFIRM",
              "url": "http://drupal.org/node/1580752"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2012-2702",
    "datePublished": "2012-06-27T00:00:00",
    "dateReserved": "2012-05-14T00:00:00",
    "dateUpdated": "2024-08-06T19:42:31.846Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}