Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
8 vulnerabilities by Vembu
CVE-2016-20086 (GCVE-0-2016-20086)
Vulnerability from cvelistv5 – Published: 2026-06-19 14:16 – Updated: 2026-06-22 12:55
VLAI
Title
Vembu StoreGrid 4.0 Unquoted Service Path Privilege Escalation
Summary
Vembu StoreGrid 4.0 contains an unquoted service path vulnerability in the RemoteBackup and RemoteBackup_webServer services that allows local attackers to escalate privileges. Attackers can place a malicious executable in the unquoted path and restart the service to execute code with LocalSystem privileges.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-428 - Unquoted Search Path or Element
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/40582 | exploit |
| https://www.vulncheck.com/advisories/vembu-storeg… | third-party-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Vembu | Vembu StoreGrid |
Affected:
4.0
|
Date Public
2016-10-19 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2016-20086",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-22T12:55:01.326832Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-22T12:55:18.548Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Vembu StoreGrid",
"vendor": "Vembu",
"versions": [
{
"status": "affected",
"version": "4.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Joey Lane"
}
],
"datePublic": "2016-10-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Vembu StoreGrid 4.0 contains an unquoted service path vulnerability in the RemoteBackup and RemoteBackup_webServer services that allows local attackers to escalate privileges. Attackers can place a malicious executable in the unquoted path and restart the service to execute code with LocalSystem privileges."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS"
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-428",
"description": "Unquoted Search Path or Element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-19T14:16:41.759Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "ExploitDB-40582",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/40582"
},
{
"name": "VulnCheck Advisory: Vembu StoreGrid 4.0 Unquoted Service Path Privilege Escalation",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/vembu-storegrid-unquoted-service-path-privilege-escalation"
}
],
"title": "Vembu StoreGrid 4.0 Unquoted Service Path Privilege Escalation",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2016-20086",
"datePublished": "2026-06-19T14:16:41.759Z",
"dateReserved": "2026-06-19T13:14:57.984Z",
"dateUpdated": "2026-06-22T12:55:18.548Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2021-43458 (GCVE-0-2021-43458)
Vulnerability from cvelistv5 – Published: 2022-04-04 14:53 – Updated: 2024-08-04 03:55
VLAI
Summary
An Unquoted Service Path vulnerability exits in Vembu BDR 4.2.0.1 via a specially crafted file in the (1) hsflowd, (2) VembuBDR360Agent, or (3) VembuOffice365Agent service paths.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/M507/Miner | x_refsource_MISC |
| https://www.exploit-db.com/exploits/49641 | x_refsource_MISC |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:55:29.017Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/M507/Miner"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/49641"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/198151"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An Unquoted Service Path vulnerability exits in Vembu BDR 4.2.0.1 via a specially crafted file in the (1) hsflowd, (2) VembuBDR360Agent, or (3) VembuOffice365Agent service paths."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-04T14:53:12.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/M507/Miner"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.exploit-db.com/exploits/49641"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/198151"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-43458",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An Unquoted Service Path vulnerability exits in Vembu BDR 4.2.0.1 via a specially crafted file in the (1) hsflowd, (2) VembuBDR360Agent, or (3) VembuOffice365Agent service paths."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/M507/Miner",
"refsource": "MISC",
"url": "https://github.com/M507/Miner"
},
{
"name": "https://www.exploit-db.com/exploits/49641",
"refsource": "MISC",
"url": "https://www.exploit-db.com/exploits/49641"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/198151",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/198151"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-43458",
"datePublished": "2022-04-04T14:53:12.000Z",
"dateReserved": "2021-11-08T00:00:00.000Z",
"dateUpdated": "2024-08-04T03:55:29.017Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-26474 (GCVE-0-2021-26474)
Vulnerability from cvelistv5 – Published: 2021-06-08 18:39 – Updated: 2024-09-16 18:34
VLAI
Title
UNAUTHENTICATED SERVER SIDE REQUEST FORGERY IN VEMBU PRODUCTS
Summary
Various Vembu products allow an attacker to execute a (non-blind) http-only Cross Site Request Forgery (Other products or versions of products in this family may be affected too.)
Severity
8.6 (High)
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://csirt.divd.nl/cases/DIVD-2020-00011/ | x_refsource_CONFIRM |
| https://csirt.divd.nl/2021/05/11/Vembu-zero-days/ | x_refsource_CONFIRM |
| https://www.wbsec.nl/vembu | x_refsource_CONFIRM |
| https://csirt.divd.nl/cves/CVE-2021-26474/ | x_refsource_CONFIRM |
Date Public
2021-07-07 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:26:25.409Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://csirt.divd.nl/cases/DIVD-2020-00011/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://csirt.divd.nl/2021/05/11/Vembu-zero-days/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.wbsec.nl/vembu"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://csirt.divd.nl/cves/CVE-2021-26474/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Discovered by Wietse Boonstra"
},
{
"lang": "en",
"value": "Addional research by Frank Breedijk"
}
],
"datePublic": "2021-07-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Various Vembu products allow an attacker to execute a (non-blind) http-only Cross Site Request Forgery (Other products or versions of products in this family may be affected too.)"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-04T22:33:13.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://csirt.divd.nl/cases/DIVD-2020-00011/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://csirt.divd.nl/2021/05/11/Vembu-zero-days/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.wbsec.nl/vembu"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://csirt.divd.nl/cves/CVE-2021-26474/"
}
],
"source": {
"advisory": "DIVD-2020-00011",
"discovery": "EXTERNAL"
},
"title": "UNAUTHENTICATED SERVER SIDE REQUEST FORGERY IN VEMBU PRODUCTS",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_PUBLIC": "2021-07-07T10:49:00.000Z",
"ID": "CVE-2021-26474",
"STATE": "PUBLIC",
"TITLE": "UNAUTHENTICATED SERVER SIDE REQUEST FORGERY IN VEMBU PRODUCTS"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Discovered by Wietse Boonstra"
},
{
"lang": "eng",
"value": "Addional research by Frank Breedijk"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Various Vembu products allow an attacker to execute a (non-blind) http-only Cross Site Request Forgery (Other products or versions of products in this family may be affected too.)"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://csirt.divd.nl/cases/DIVD-2020-00011/",
"refsource": "CONFIRM",
"url": "https://csirt.divd.nl/cases/DIVD-2020-00011/"
},
{
"name": "https://csirt.divd.nl/2021/05/11/Vembu-zero-days/",
"refsource": "CONFIRM",
"url": "https://csirt.divd.nl/2021/05/11/Vembu-zero-days/"
},
{
"name": "https://www.wbsec.nl/vembu",
"refsource": "CONFIRM",
"url": "https://www.wbsec.nl/vembu"
},
{
"name": "https://csirt.divd.nl/cves/CVE-2021-26474/",
"refsource": "CONFIRM",
"url": "https://csirt.divd.nl/cves/CVE-2021-26474/"
}
]
},
"source": {
"advisory": "DIVD-2020-00011",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-26474",
"datePublished": "2021-06-08T18:39:55.493Z",
"dateReserved": "2021-02-01T00:00:00.000Z",
"dateUpdated": "2024-09-16T18:34:03.679Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-26473 (GCVE-0-2021-26473)
Vulnerability from cvelistv5 – Published: 2021-06-08 18:38 – Updated: 2024-09-16 22:31
VLAI
Title
Unauthenticated arbitrary file upload and command execution in Vembu products
Summary
In VembuBDR before 4.2.0.1 and VembuOffsiteDR before 4.2.0.1 the http API located at /sgwebservice_o.php action logFilePath allows an attacker to write arbitrary files in the context of the web server process. These files can then be executed remotely by calling the file via the web server.
Severity
9.8 (Critical)
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://csirt.divd.nl/cases/DIVD-2020-00011/ | x_refsource_CONFIRM |
| https://csirt.divd.nl/2021/05/11/Vembu-zero-days/ | x_refsource_CONFIRM |
| https://www.wbsec.nl/vembu | x_refsource_CONFIRM |
| https://csirt.divd.nl/cves/CVE-2021-26473/ | x_refsource_CONFIRM |
Date Public
2021-07-07 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:26:25.365Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://csirt.divd.nl/cases/DIVD-2020-00011/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://csirt.divd.nl/2021/05/11/Vembu-zero-days/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.wbsec.nl/vembu"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://csirt.divd.nl/cves/CVE-2021-26473/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Discovered by Wietse Boonstra"
},
{
"lang": "en",
"value": "Addional research by Frank Breedijk"
}
],
"datePublic": "2021-07-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "In VembuBDR before 4.2.0.1 and VembuOffsiteDR before 4.2.0.1 the http API located at /sgwebservice_o.php action logFilePath allows an attacker to write arbitrary files in the context of the web server process. These files can then be executed remotely by calling the file via the web server."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-04T22:33:12.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://csirt.divd.nl/cases/DIVD-2020-00011/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://csirt.divd.nl/2021/05/11/Vembu-zero-days/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.wbsec.nl/vembu"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://csirt.divd.nl/cves/CVE-2021-26473/"
}
],
"source": {
"advisory": "DIVD-2020-00011",
"discovery": "EXTERNAL"
},
"title": "Unauthenticated arbitrary file upload and command execution in Vembu products",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_PUBLIC": "2021-07-07T10:49:00.000Z",
"ID": "CVE-2021-26473",
"STATE": "PUBLIC",
"TITLE": "Unauthenticated arbitrary file upload and command execution in Vembu products"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Discovered by Wietse Boonstra"
},
{
"lang": "eng",
"value": "Addional research by Frank Breedijk"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In VembuBDR before 4.2.0.1 and VembuOffsiteDR before 4.2.0.1 the http API located at /sgwebservice_o.php action logFilePath allows an attacker to write arbitrary files in the context of the web server process. These files can then be executed remotely by calling the file via the web server."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://csirt.divd.nl/cases/DIVD-2020-00011/",
"refsource": "CONFIRM",
"url": "https://csirt.divd.nl/cases/DIVD-2020-00011/"
},
{
"name": "https://csirt.divd.nl/2021/05/11/Vembu-zero-days/",
"refsource": "CONFIRM",
"url": "https://csirt.divd.nl/2021/05/11/Vembu-zero-days/"
},
{
"name": "https://www.wbsec.nl/vembu",
"refsource": "CONFIRM",
"url": "https://www.wbsec.nl/vembu"
},
{
"name": "https://csirt.divd.nl/cves/CVE-2021-26473/",
"refsource": "CONFIRM",
"url": "https://csirt.divd.nl/cves/CVE-2021-26473/"
}
]
},
"source": {
"advisory": "DIVD-2020-00011",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-26473",
"datePublished": "2021-06-08T18:38:48.809Z",
"dateReserved": "2021-02-01T00:00:00.000Z",
"dateUpdated": "2024-09-16T22:31:08.161Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-26472 (GCVE-0-2021-26472)
Vulnerability from cvelistv5 – Published: 2021-06-08 18:37 – Updated: 2024-09-16 22:08
VLAI
Title
Unauthenticated remote command execution with SYSTEM privileges in Vembu products
Summary
In VembuBDR before 4.2.0.1 and VembuOffsiteDR before 4.2.0.1 installed on Windows, the http API located at /consumerweb/secure/download.php. Using this command argument an unauthenticated attacker can execute arbitrary OS commands with SYSTEM privileges.
Severity
10 (Critical)
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://csirt.divd.nl/cases/DIVD-2020-00011/ | x_refsource_CONFIRM |
| https://csirt.divd.nl/2021/05/11/Vembu-zero-days/ | x_refsource_CONFIRM |
| https://www.wbsec.nl/vembu | x_refsource_CONFIRM |
| https://csirt.divd.nl/cves/CVE-2021-26472/ | x_refsource_CONFIRM |
Date Public
2021-07-07 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:26:25.398Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://csirt.divd.nl/cases/DIVD-2020-00011/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://csirt.divd.nl/2021/05/11/Vembu-zero-days/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.wbsec.nl/vembu"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://csirt.divd.nl/cves/CVE-2021-26472/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Discovered by Wietse Boonstra"
},
{
"lang": "en",
"value": "Addional research by Frank Breedijk"
}
],
"datePublic": "2021-07-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "In VembuBDR before 4.2.0.1 and VembuOffsiteDR before 4.2.0.1 installed on Windows, the http API located at /consumerweb/secure/download.php. Using this command argument an unauthenticated attacker can execute arbitrary OS commands with SYSTEM privileges."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-04T22:33:10.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://csirt.divd.nl/cases/DIVD-2020-00011/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://csirt.divd.nl/2021/05/11/Vembu-zero-days/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.wbsec.nl/vembu"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://csirt.divd.nl/cves/CVE-2021-26472/"
}
],
"source": {
"advisory": "DIVD-2020-00011",
"discovery": "EXTERNAL"
},
"title": "Unauthenticated remote command execution with SYSTEM privileges in Vembu products",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_PUBLIC": "2021-07-07T10:49:00.000Z",
"ID": "CVE-2021-26472",
"STATE": "PUBLIC",
"TITLE": "Unauthenticated remote command execution with SYSTEM privileges in Vembu products"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Discovered by Wietse Boonstra"
},
{
"lang": "eng",
"value": "Addional research by Frank Breedijk"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In VembuBDR before 4.2.0.1 and VembuOffsiteDR before 4.2.0.1 installed on Windows, the http API located at /consumerweb/secure/download.php. Using this command argument an unauthenticated attacker can execute arbitrary OS commands with SYSTEM privileges."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://csirt.divd.nl/cases/DIVD-2020-00011/",
"refsource": "CONFIRM",
"url": "https://csirt.divd.nl/cases/DIVD-2020-00011/"
},
{
"name": "https://csirt.divd.nl/2021/05/11/Vembu-zero-days/",
"refsource": "CONFIRM",
"url": "https://csirt.divd.nl/2021/05/11/Vembu-zero-days/"
},
{
"name": "https://www.wbsec.nl/vembu",
"refsource": "CONFIRM",
"url": "https://www.wbsec.nl/vembu"
},
{
"name": "https://csirt.divd.nl/cves/CVE-2021-26472/",
"refsource": "CONFIRM",
"url": "https://csirt.divd.nl/cves/CVE-2021-26472/"
}
]
},
"source": {
"advisory": "DIVD-2020-00011",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-26472",
"datePublished": "2021-06-08T18:37:29.497Z",
"dateReserved": "2021-02-01T00:00:00.000Z",
"dateUpdated": "2024-09-16T22:08:25.211Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-26471 (GCVE-0-2021-26471)
Vulnerability from cvelistv5 – Published: 2021-06-08 18:36 – Updated: 2024-09-16 16:22
VLAI
Title
Unauthenticated remote command execution in Vembu products
Summary
In VembuBDR before 4.2.0.1 and VembuOffsiteDR before 4.2.0.1, the http API located at /sgwebservice_o.php accepts a command argument. Using this command argument an unauthenticated attacker can execute arbitrary shell commands.
Severity
9.8 (Critical)
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://csirt.divd.nl/cves/CVE-2021-26471/ | x_refsource_CONFIRM |
| https://csirt.divd.nl/cases/DIVD-2020-00011/ | x_refsource_CONFIRM |
| https://csirt.divd.nl/2021/05/11/Vembu-zero-days/ | x_refsource_CONFIRM |
| https://www.wbsec.nl/vembu | x_refsource_CONFIRM |
Date Public
2021-07-07 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:26:25.306Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://csirt.divd.nl/cves/CVE-2021-26471/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://csirt.divd.nl/cases/DIVD-2020-00011/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://csirt.divd.nl/2021/05/11/Vembu-zero-days/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.wbsec.nl/vembu"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Discovered by Wietse Boonstra"
},
{
"lang": "en",
"value": "Addional research by Frank Breedijk"
}
],
"datePublic": "2021-07-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "In VembuBDR before 4.2.0.1 and VembuOffsiteDR before 4.2.0.1, the http API located at /sgwebservice_o.php accepts a command argument. Using this command argument an unauthenticated attacker can execute arbitrary shell commands."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-04T22:33:09.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://csirt.divd.nl/cves/CVE-2021-26471/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://csirt.divd.nl/cases/DIVD-2020-00011/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://csirt.divd.nl/2021/05/11/Vembu-zero-days/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.wbsec.nl/vembu"
}
],
"source": {
"advisory": "DIVD-2020-00011",
"discovery": "EXTERNAL"
},
"title": "Unauthenticated remote command execution in Vembu products",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_PUBLIC": "2021-07-07T10:49:00.000Z",
"ID": "CVE-2021-26471",
"STATE": "PUBLIC",
"TITLE": "Unauthenticated remote command execution in Vembu products"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Discovered by Wietse Boonstra"
},
{
"lang": "eng",
"value": "Addional research by Frank Breedijk"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In VembuBDR before 4.2.0.1 and VembuOffsiteDR before 4.2.0.1, the http API located at /sgwebservice_o.php accepts a command argument. Using this command argument an unauthenticated attacker can execute arbitrary shell commands."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://csirt.divd.nl/cves/CVE-2021-26471/",
"refsource": "CONFIRM",
"url": "https://csirt.divd.nl/cves/CVE-2021-26471/"
},
{
"name": "https://csirt.divd.nl/cases/DIVD-2020-00011/",
"refsource": "CONFIRM",
"url": "https://csirt.divd.nl/cases/DIVD-2020-00011/"
},
{
"name": "https://csirt.divd.nl/2021/05/11/Vembu-zero-days/",
"refsource": "CONFIRM",
"url": "https://csirt.divd.nl/2021/05/11/Vembu-zero-days/"
},
{
"name": "https://www.wbsec.nl/vembu",
"refsource": "CONFIRM",
"url": "https://www.wbsec.nl/vembu"
}
]
},
"source": {
"advisory": "DIVD-2020-00011",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-26471",
"datePublished": "2021-06-08T18:36:14.329Z",
"dateReserved": "2021-02-01T00:00:00.000Z",
"dateUpdated": "2024-09-16T16:22:33.725Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-10078 (GCVE-0-2014-10078)
Vulnerability from cvelistv5 – Published: 2019-02-23 14:00 – Updated: 2024-08-06 14:02
VLAI
Summary
Vembu StoreGrid 4.4.x has XSS in interface/registercustomer/onlineregsuccess.php, interface/registerreseller/onlineregfailure.php, interface/registerclient/onlineregfailure.php, and interface/registercustomer/onlineregfailure.php.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://cxsecurity.com/issue/WLB-2018120091 | x_refsource_MISC |
| https://seclists.org/fulldisclosure/2014/Aug/8 | x_refsource_MISC |
| https://www.exploit-db.com/exploits/46549/ | exploitx_refsource_EXPLOIT-DB |
Date Public
2019-02-23 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T14:02:38.322Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cxsecurity.com/issue/WLB-2018120091"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://seclists.org/fulldisclosure/2014/Aug/8"
},
{
"name": "46549",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/46549/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-02-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Vembu StoreGrid 4.4.x has XSS in interface/registercustomer/onlineregsuccess.php, interface/registerreseller/onlineregfailure.php, interface/registerclient/onlineregfailure.php, and interface/registercustomer/onlineregfailure.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-03-16T09:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cxsecurity.com/issue/WLB-2018120091"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://seclists.org/fulldisclosure/2014/Aug/8"
},
{
"name": "46549",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/46549/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-10078",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vembu StoreGrid 4.4.x has XSS in interface/registercustomer/onlineregsuccess.php, interface/registerreseller/onlineregfailure.php, interface/registerclient/onlineregfailure.php, and interface/registercustomer/onlineregfailure.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cxsecurity.com/issue/WLB-2018120091",
"refsource": "MISC",
"url": "https://cxsecurity.com/issue/WLB-2018120091"
},
{
"name": "https://seclists.org/fulldisclosure/2014/Aug/8",
"refsource": "MISC",
"url": "https://seclists.org/fulldisclosure/2014/Aug/8"
},
{
"name": "46549",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/46549/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-10078",
"datePublished": "2019-02-23T14:00:00.000Z",
"dateReserved": "2019-02-23T00:00:00.000Z",
"dateUpdated": "2024-08-06T14:02:38.322Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-10079 (GCVE-0-2014-10079)
Vulnerability from cvelistv5 – Published: 2019-02-23 14:00 – Updated: 2024-08-06 14:02
VLAI
Summary
In Vembu StoreGrid 4.4.x, the front page of the server web interface leaks the private IP address in the "ipaddress" hidden form value of the HTML source code, which is disclosed because of incorrect processing of an index.php/ trailing slash.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://packetstormsecurity.com/files/127786/Vemb… | x_refsource_MISC |
| https://cxsecurity.com/issue/WLB-2018120091 | x_refsource_MISC |
| https://seclists.org/fulldisclosure/2014/Aug/8 | x_refsource_MISC |
| https://www.exploit-db.com/exploits/46549/ | exploitx_refsource_EXPLOIT-DB |
Date Public
2019-02-23 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T14:02:38.382Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://packetstormsecurity.com/files/127786/Vembu-Backup-Disaster-Recovery-6.1-Follow-Up.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cxsecurity.com/issue/WLB-2018120091"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://seclists.org/fulldisclosure/2014/Aug/8"
},
{
"name": "46549",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/46549/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-02-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "In Vembu StoreGrid 4.4.x, the front page of the server web interface leaks the private IP address in the \"ipaddress\" hidden form value of the HTML source code, which is disclosed because of incorrect processing of an index.php/ trailing slash."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-03-16T09:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://packetstormsecurity.com/files/127786/Vembu-Backup-Disaster-Recovery-6.1-Follow-Up.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cxsecurity.com/issue/WLB-2018120091"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://seclists.org/fulldisclosure/2014/Aug/8"
},
{
"name": "46549",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/46549/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-10079",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Vembu StoreGrid 4.4.x, the front page of the server web interface leaks the private IP address in the \"ipaddress\" hidden form value of the HTML source code, which is disclosed because of incorrect processing of an index.php/ trailing slash."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://packetstormsecurity.com/files/127786/Vembu-Backup-Disaster-Recovery-6.1-Follow-Up.html",
"refsource": "MISC",
"url": "https://packetstormsecurity.com/files/127786/Vembu-Backup-Disaster-Recovery-6.1-Follow-Up.html"
},
{
"name": "https://cxsecurity.com/issue/WLB-2018120091",
"refsource": "MISC",
"url": "https://cxsecurity.com/issue/WLB-2018120091"
},
{
"name": "https://seclists.org/fulldisclosure/2014/Aug/8",
"refsource": "MISC",
"url": "https://seclists.org/fulldisclosure/2014/Aug/8"
},
{
"name": "46549",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/46549/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-10079",
"datePublished": "2019-02-23T14:00:00.000Z",
"dateReserved": "2019-02-23T00:00:00.000Z",
"dateUpdated": "2024-08-06T14:02:38.382Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}