Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    6 vulnerabilities by dream

    VAR-201710-1140

    Vulnerability from variot - Updated: 2024-02-13 23:04

    There is XSS in the BouquetEditor WebPlugin for Dream Multimedia Dreambox devices, as demonstrated by the "Name des Bouquets" field, or the file parameter to the /file URI. Dream Multimedia Dreambox For devices BouquetEditor Web The plug-in contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. DreamMultimediaDreamboxdevices is a Linux-based digital TV set-top box produced by DreamMultimedia of Germany. BouquetEditorWebPlugin is one of the plugins with channel naming, sorting and more. A cross-site scripting vulnerability exists in BouquetEditorWebPlugin in the DreamMultimediaDreambox device. A remote attacker can exploit this vulnerability to inject arbitrary web scripts or HTML

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201710-1140",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "bouqueteditor",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "bouqueteditor",
            "version": "2.0.0"
          },
          {
            "model": "bouqueteditor",
            "scope": null,
            "trust": 0.8,
            "vendor": "bouqueteditor",
            "version": null
          },
          {
            "model": "multimedia bouqueteditor",
            "scope": null,
            "trust": 0.6,
            "vendor": "dream",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-36384"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-009207"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201710-257"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-15287"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:bouqueteditor_project:bouqueteditor:2.0.0:*:*:*:*:dreambox:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-15287"
          }
        ]
      },
      "cve": "CVE-2017-15287",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "MEDIUM",
                "trust": 1.0,
                "userInteractionRequired": true,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Medium",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 4.3,
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "CVE-2017-15287",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.9,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "CNVD-2017-36384",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "NVD",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 2.8,
                "impactScore": 2.7,
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 6.1,
                "baseSeverity": "Medium",
                "confidentialityImpact": "Low",
                "exploitabilityScore": null,
                "id": "CVE-2017-15287",
                "impactScore": null,
                "integrityImpact": "Low",
                "privilegesRequired": "None",
                "scope": "Changed",
                "trust": 0.8,
                "userInteraction": "Required",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2017-15287",
                "trust": 1.8,
                "value": "MEDIUM"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2017-36384",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201710-257",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULMON",
                "id": "CVE-2017-15287",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-36384"
          },
          {
            "db": "VULMON",
            "id": "CVE-2017-15287"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-009207"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201710-257"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-15287"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "There is XSS in the BouquetEditor WebPlugin for Dream Multimedia Dreambox devices, as demonstrated by the \"Name des Bouquets\" field, or the file parameter to the /file URI. Dream Multimedia Dreambox For devices BouquetEditor Web The plug-in contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. DreamMultimediaDreamboxdevices is a Linux-based digital TV set-top box produced by DreamMultimedia of Germany. BouquetEditorWebPlugin is one of the plugins with channel naming, sorting and more. A cross-site scripting vulnerability exists in BouquetEditorWebPlugin in the DreamMultimediaDreambox device. A remote attacker can exploit this vulnerability to inject arbitrary web scripts or HTML",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-15287"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-009207"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-36384"
          },
          {
            "db": "VULMON",
            "id": "CVE-2017-15287"
          }
        ],
        "trust": 2.25
      },
      "exploit_availability": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=42986",
            "trust": 0.1,
            "type": "exploit"
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2017-15287"
          }
        ]
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2017-15287",
            "trust": 3.1
          },
          {
            "db": "EXPLOIT-DB",
            "id": "42986",
            "trust": 2.5
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-009207",
            "trust": 0.8
          },
          {
            "db": "EXPLOITDB",
            "id": "42986",
            "trust": 0.6
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-36384",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201710-257",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2017-15287",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-36384"
          },
          {
            "db": "VULMON",
            "id": "CVE-2017-15287"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-009207"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201710-257"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-15287"
          }
        ]
      },
      "id": "VAR-201710-1140",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-36384"
          }
        ],
        "trust": 1.6
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-36384"
          }
        ]
      },
      "last_update_date": "2024-02-13T23:04:08.030000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Patch for DreamMultimediaDreambox device BouquetEditorWebPlugin cross-site scripting vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchinfo/show/107857"
          },
          {
            "title": "Kenzer Templates [5170] [DEPRECATED]",
            "trust": 0.1,
            "url": "https://github.com/arpsyndicate/kenzer-templates "
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-36384"
          },
          {
            "db": "VULMON",
            "id": "CVE-2017-15287"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-79",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-009207"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-15287"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.6,
            "url": "https://www.exploit-db.com/exploits/42986/"
          },
          {
            "trust": 2.3,
            "url": "https://fireshellsecurity.team/assets/pdf/vulnerability-xss-dreambox.pdf"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-15287"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-15287"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/79.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          },
          {
            "trust": 0.1,
            "url": "https://github.com/arpsyndicate/kenzer-templates"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-36384"
          },
          {
            "db": "VULMON",
            "id": "CVE-2017-15287"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-009207"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201710-257"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-15287"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-36384"
          },
          {
            "db": "VULMON",
            "id": "CVE-2017-15287"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-009207"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201710-257"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-15287"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-12-06T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-36384"
          },
          {
            "date": "2017-10-12T00:00:00",
            "db": "VULMON",
            "id": "CVE-2017-15287"
          },
          {
            "date": "2017-11-06T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-009207"
          },
          {
            "date": "2017-10-12T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201710-257"
          },
          {
            "date": "2017-10-12T15:29:00.373000",
            "db": "NVD",
            "id": "CVE-2017-15287"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-12-06T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-36384"
          },
          {
            "date": "2017-10-27T00:00:00",
            "db": "VULMON",
            "id": "CVE-2017-15287"
          },
          {
            "date": "2017-11-06T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-009207"
          },
          {
            "date": "2017-11-08T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201710-257"
          },
          {
            "date": "2017-10-27T18:45:59.497000",
            "db": "NVD",
            "id": "CVE-2017-15287"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201710-257"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Dream Multimedia Dreambox Device BouquetEditor WebPlugin Cross-Site Scripting Vulnerability",
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-36384"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201710-257"
          }
        ],
        "trust": 1.2
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "XSS",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201710-257"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-200809-0222

    Vulnerability from variot - Updated: 2023-12-18 12:58

    The web interface in Dreambox DM500C allows remote attackers to cause a denial of service (application hang) via a long URI. The DreamBox DM500 series is an intelligent set-top box device. DreamBox DM500 incorrectly submits a URL request containing a directory traversal character. A remote attacker can exploit the vulnerability to view system file information in the application context. Dreambox is prone to a remote denial-of-service vulnerability. Attackers can exploit this issue to crash the affected device, denying service to legitimate users. Given the nature of this issue, attackers may also be able to run arbitrary code, but this has not been confirmed. Dreambox DM500C is vulnerable; other models may also be affected. DreamBox DM500 products are prone to a directory-traversal vulnerability because they fail to sufficiently sanitize user-supplied input. Information harvested may aid in launching further attacks. The Dreambox is a series of Linux-powered DVB satellite, terrestrial and cable digital television receivers (set-top box).Dreambox suffers from a file download vulnerability thru directory traversal with appending the '/' character in the HTTP GET method of the affected host address. The attacker can get to sensitive information like paid channel keys, usernames, passwords, config and plug-ins info, etc.Tested on: Linux Kernel 2.6.9, The Gemini Project, Enigma. ----------------------------------------------------------------------

    Want a new job?

    http://secunia.com/secunia_security_specialist/ http://secunia.com/hardcore_disassembler_and_reverse_engineer/


    TITLE: Dreambox DM500 Long Requests Denial of Service Vulnerability

    SECUNIA ADVISORY ID: SA31650

    VERIFY ADVISORY: http://secunia.com/advisories/31650/

    CRITICAL: Not critical

    IMPACT: DoS

    WHERE:

    From local network

    OPERATING SYSTEM: Dreambox DM500 http://secunia.com/product/19701/

    DESCRIPTION: Marc Ruef has reported a vulnerability in Dreambox DM500, which can be exploited by malicious people to cause a DoS (Denial of Service).

    The vulnerability is caused due to an error within the web interface when processing overly long requests. This can be exploited to cause a DoS by sending malicious requests to a vulnerable device.

    SOLUTION: Use a firewall or proxy to filter malicious requests.

    PROVIDED AND/OR DISCOVERED BY: Marc Ruef, scip AG

    ORIGINAL ADVISORY: http://www.scip.ch/cgi-bin/smss/showadvf.pl?id=3807

    http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064115.html


    About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.

    Subscribe: http://secunia.com/secunia_security_advisories/

    Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/

    Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.


    Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org


    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-200809-0222",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "dm500c",
            "scope": null,
            "trust": 1.4,
            "vendor": "dreambox",
            "version": null
          },
          {
            "model": "dm500c",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "dreambox",
            "version": "*"
          },
          {
            "model": "multimedia dreambox dm500s",
            "scope": null,
            "trust": 0.9,
            "vendor": "dream",
            "version": null
          },
          {
            "model": "multimedia dreambox dm500",
            "scope": null,
            "trust": 0.9,
            "vendor": "dream",
            "version": null
          },
          {
            "model": "multimedia dreambox dm500+",
            "scope": null,
            "trust": 0.9,
            "vendor": "dream",
            "version": null
          },
          {
            "model": "multimedia dreambox dm500hd",
            "scope": null,
            "trust": 0.9,
            "vendor": "dream",
            "version": null
          },
          {
            "model": "multimedia dreambox dm500c",
            "scope": null,
            "trust": 0.3,
            "vendor": "dream",
            "version": null
          },
          {
            "model": "multimedia dreambox dm800",
            "scope": null,
            "trust": 0.3,
            "vendor": "dream",
            "version": null
          },
          {
            "model": "dreambox dm",
            "scope": "eq",
            "trust": 0.1,
            "vendor": "dream multimedia",
            "version": "dm500hd and dm500s"
          }
        ],
        "sources": [
          {
            "db": "ZSL",
            "id": "ZSL-2011-5013"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-1870"
          },
          {
            "db": "BID",
            "id": "30919"
          },
          {
            "db": "BID",
            "id": "47844"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2008-003408"
          },
          {
            "db": "NVD",
            "id": "CVE-2008-3936"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200809-092"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:dreambox:dm500c:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2008-3936"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Marc Ruef",
        "sources": [
          {
            "db": "BID",
            "id": "30919"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2008-3936",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.8,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "HIGH",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Complete",
                "baseScore": 7.8,
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "CVE-2008-3936",
                "impactScore": null,
                "integrityImpact": "None",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "High",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2008-3936",
                "trust": 1.8,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-200809-092",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "ZSL",
                "id": "ZSL-2011-5013",
                "trust": 0.1,
                "value": "(3/5)"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "ZSL",
            "id": "ZSL-2011-5013"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2008-003408"
          },
          {
            "db": "NVD",
            "id": "CVE-2008-3936"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200809-092"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "The web interface in Dreambox DM500C allows remote attackers to cause a denial of service (application hang) via a long URI. The DreamBox DM500 series is an intelligent set-top box device. DreamBox DM500 incorrectly submits a URL request containing a directory traversal character. A remote attacker can exploit the vulnerability to view system file information in the application context. Dreambox is prone to a remote denial-of-service vulnerability. \nAttackers can exploit this issue to crash the affected device, denying service to legitimate users. Given the nature of this issue, attackers may also be able to run arbitrary code, but this has not been confirmed. \nDreambox DM500C is vulnerable; other models may also be affected. DreamBox DM500 products are prone to a directory-traversal vulnerability because they fail to sufficiently sanitize user-supplied input. Information harvested may aid in launching further attacks. The Dreambox is a series of Linux-powered DVB satellite, terrestrial and cable digital television receivers (set-top box).Dreambox suffers from a file download vulnerability thru directory traversal with appending the \u0027/\u0027 character in the HTTP GET method of the affected host address. The attacker can get to sensitive information like paid channel keys, usernames, passwords, config and plug-ins info, etc.Tested on: Linux Kernel 2.6.9, The Gemini Project, Enigma. ----------------------------------------------------------------------\n\nWant a new job?\n\nhttp://secunia.com/secunia_security_specialist/\nhttp://secunia.com/hardcore_disassembler_and_reverse_engineer/\n\n----------------------------------------------------------------------\n\nTITLE:\nDreambox DM500 Long Requests Denial of Service Vulnerability\n\nSECUNIA ADVISORY ID:\nSA31650\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/31650/\n\nCRITICAL:\nNot critical\n\nIMPACT:\nDoS\n\nWHERE:\n\u003eFrom local network\n\nOPERATING SYSTEM:\nDreambox DM500\nhttp://secunia.com/product/19701/\n\nDESCRIPTION:\nMarc Ruef has reported a vulnerability in Dreambox DM500, which can\nbe exploited by malicious people to cause a DoS (Denial of Service). \n\nThe vulnerability is caused due to an error within the web interface\nwhen processing overly long requests. This can be exploited to cause\na DoS by sending malicious requests to a vulnerable device. \n\nSOLUTION:\nUse a firewall or proxy to filter malicious requests. \n\nPROVIDED AND/OR DISCOVERED BY:\nMarc Ruef, scip AG\n\nORIGINAL ADVISORY:\nhttp://www.scip.ch/cgi-bin/smss/showadvf.pl?id=3807\n\nhttp://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064115.html\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2008-3936"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2008-003408"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-1870"
          },
          {
            "db": "BID",
            "id": "30919"
          },
          {
            "db": "BID",
            "id": "47844"
          },
          {
            "db": "ZSL",
            "id": "ZSL-2011-5013"
          },
          {
            "db": "PACKETSTORM",
            "id": "69522"
          }
        ],
        "trust": 2.88
      },
      "exploit_availability": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "reference": "https://www.zeroscience.mk/codes/dreambox_fd.txt",
            "trust": 0.1,
            "type": "poc"
          }
        ],
        "sources": [
          {
            "db": "ZSL",
            "id": "ZSL-2011-5013"
          }
        ]
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2008-3936",
            "trust": 2.7
          },
          {
            "db": "BID",
            "id": "30919",
            "trust": 1.9
          },
          {
            "db": "SECUNIA",
            "id": "31650",
            "trust": 1.8
          },
          {
            "db": "VUPEN",
            "id": "ADV-2008-2472",
            "trust": 1.6
          },
          {
            "db": "SECTRACK",
            "id": "1020784",
            "trust": 1.6
          },
          {
            "db": "SREASON",
            "id": "4221",
            "trust": 1.6
          },
          {
            "db": "BID",
            "id": "47844",
            "trust": 1.0
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2008-003408",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-1870",
            "trust": 0.6
          },
          {
            "db": "FULLDISC",
            "id": "20080829 [SCIP_ADVISORY 3807] DREAMBOX DM500 WEBSERVER LONG URL REQUEST DENIAL OF SERVICE",
            "trust": 0.6
          },
          {
            "db": "XF",
            "id": "44788",
            "trust": 0.6
          },
          {
            "db": "BUGTRAQ",
            "id": "20080829 [SCIP_ADVISORY 3807] DREAMBOX DM500 WEBSERVER LONG URL REQUEST DENIAL OF SERVICE",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200809-092",
            "trust": 0.6
          },
          {
            "db": "EXPLOIT-DB",
            "id": "17279",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "67456",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "101385",
            "trust": 0.1
          },
          {
            "db": "ZSL",
            "id": "ZSL-2011-5013",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "69522",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "ZSL",
            "id": "ZSL-2011-5013"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-1870"
          },
          {
            "db": "BID",
            "id": "30919"
          },
          {
            "db": "BID",
            "id": "47844"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2008-003408"
          },
          {
            "db": "PACKETSTORM",
            "id": "69522"
          },
          {
            "db": "NVD",
            "id": "CVE-2008-3936"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200809-092"
          }
        ]
      },
      "id": "VAR-200809-0222",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2011-1870"
          }
        ],
        "trust": 1.35
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2011-1870"
          }
        ]
      },
      "last_update_date": "2023-12-18T12:58:50.320000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "http://www.dream-multimedia-tv.de/"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2008-003408"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-20",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2008-003408"
          },
          {
            "db": "NVD",
            "id": "CVE-2008-3936"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.7,
            "url": "http://www.scip.ch/cgi-bin/smss/showadvf.pl?id=3807"
          },
          {
            "trust": 1.7,
            "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-august/064115.html"
          },
          {
            "trust": 1.6,
            "url": "http://secunia.com/advisories/31650"
          },
          {
            "trust": 1.6,
            "url": "http://securityreason.com/securityalert/4221"
          },
          {
            "trust": 1.6,
            "url": "http://www.securityfocus.com/bid/30919"
          },
          {
            "trust": 1.6,
            "url": "http://www.securitytracker.com/id?1020784"
          },
          {
            "trust": 1.0,
            "url": "http://www.securityfocus.com/archive/1/495837/100/0/threaded"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2008/2472"
          },
          {
            "trust": 1.0,
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44788"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-3936"
          },
          {
            "trust": 0.8,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2008-3936"
          },
          {
            "trust": 0.6,
            "url": "http://www.securityfocus.com/bid/47844/"
          },
          {
            "trust": 0.6,
            "url": "http://xforce.iss.net/xforce/xfdb/44788"
          },
          {
            "trust": 0.6,
            "url": "http://www.securityfocus.com/archive/1/archive/1/495837/100/0/threaded"
          },
          {
            "trust": 0.6,
            "url": "http://www.frsirt.com/english/advisories/2008/2472"
          },
          {
            "trust": 0.3,
            "url": "http://www.dream-multimedia-tv.de/english/products_dm500.php"
          },
          {
            "trust": 0.3,
            "url": "/archive/1/495837"
          },
          {
            "trust": 0.3,
            "url": "http://www.dream-multimedia-tv.de"
          },
          {
            "trust": 0.2,
            "url": "http://secunia.com/advisories/31650/"
          },
          {
            "trust": 0.1,
            "url": "http://packetstormsecurity.org/files/101385"
          },
          {
            "trust": 0.1,
            "url": "http://www.exploit-db.com/exploits/17279/"
          },
          {
            "trust": 0.1,
            "url": "http://www.securityfocus.com/bid/47844"
          },
          {
            "trust": 0.1,
            "url": "http://securityreason.com/exploitalert/10427"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/xforce/xfdb/67456"
          },
          {
            "trust": 0.1,
            "url": "http://www.vfocus.net/art/20110517/9000.html"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/secunia_security_advisories/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/hardcore_disassembler_and_reverse_engineer/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/product/19701/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/secunia_security_specialist/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/about_secunia_advisories/"
          }
        ],
        "sources": [
          {
            "db": "ZSL",
            "id": "ZSL-2011-5013"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-1870"
          },
          {
            "db": "BID",
            "id": "30919"
          },
          {
            "db": "BID",
            "id": "47844"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2008-003408"
          },
          {
            "db": "PACKETSTORM",
            "id": "69522"
          },
          {
            "db": "NVD",
            "id": "CVE-2008-3936"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200809-092"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "ZSL",
            "id": "ZSL-2011-5013"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-1870"
          },
          {
            "db": "BID",
            "id": "30919"
          },
          {
            "db": "BID",
            "id": "47844"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2008-003408"
          },
          {
            "db": "PACKETSTORM",
            "id": "69522"
          },
          {
            "db": "NVD",
            "id": "CVE-2008-3936"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200809-092"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2011-05-13T00:00:00",
            "db": "ZSL",
            "id": "ZSL-2011-5013"
          },
          {
            "date": "2011-05-16T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2011-1870"
          },
          {
            "date": "2008-08-29T00:00:00",
            "db": "BID",
            "id": "30919"
          },
          {
            "date": "2011-05-13T00:00:00",
            "db": "BID",
            "id": "47844"
          },
          {
            "date": "2012-06-26T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2008-003408"
          },
          {
            "date": "2008-09-03T00:17:02",
            "db": "PACKETSTORM",
            "id": "69522"
          },
          {
            "date": "2008-09-05T15:08:00",
            "db": "NVD",
            "id": "CVE-2008-3936"
          },
          {
            "date": "2008-09-05T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-200809-092"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2011-06-27T00:00:00",
            "db": "ZSL",
            "id": "ZSL-2011-5013"
          },
          {
            "date": "2011-05-16T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2011-1870"
          },
          {
            "date": "2015-05-07T17:24:00",
            "db": "BID",
            "id": "30919"
          },
          {
            "date": "2011-06-28T17:00:00",
            "db": "BID",
            "id": "47844"
          },
          {
            "date": "2012-06-26T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2008-003408"
          },
          {
            "date": "2018-10-11T20:50:35.030000",
            "db": "NVD",
            "id": "CVE-2008-3936"
          },
          {
            "date": "2009-01-29T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-200809-092"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "network",
        "sources": [
          {
            "db": "BID",
            "id": "30919"
          },
          {
            "db": "BID",
            "id": "47844"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Dreambox DM500C of  Web Service disruption at the interface  (DoS) Vulnerabilities",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2008-003408"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "input validation",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-200809-092"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201112-0306

    Vulnerability from variot - Updated: 2023-12-18 12:52

    Directory traversal vulnerability in file in DreamBox DM800 1.6rc3, 1.5rc1, and earlier allows remote attackers to read arbitrary files via the file parameter. DreamBox DM800 is prone to a local file-disclosure vulnerability because it fails to adequately validate user-supplied input. Exploiting this vulnerability would allow an attacker to obtain potentially sensitive information from local files on computers running the vulnerable application. This may aid in further attacks. DreamBox DM800 versions 1.5rc1 and prior are vulnerable. Dreambox is a Linux-based digital TV set-top box produced by Dream Multimedia in Germany

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201112-0306",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "dreambox dm800 hd pvr",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "dream multimedia tv",
            "version": "1.6"
          },
          {
            "model": "dreambox dm800 hd se",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "dream multimedia tv",
            "version": "1.5"
          },
          {
            "model": "dreambox dm800 hd pvr",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "dream multimedia tv",
            "version": "1.5"
          },
          {
            "model": "dreambox dm800 hd se",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "dream multimedia tv",
            "version": null
          },
          {
            "model": "dreambox dm800 hd pvr",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "dream multimedia tv",
            "version": null
          },
          {
            "model": "dreambox dm800 hd se",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "dream multimedia tv",
            "version": "1.6"
          },
          {
            "model": "dm800 hd pvr",
            "scope": null,
            "trust": 0.8,
            "vendor": "dream property",
            "version": null
          },
          {
            "model": "dm800 hd pvr",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "dream property",
            "version": "1.5rc1"
          },
          {
            "model": "dm800 hd pvr",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "dream property",
            "version": "1.6rc3"
          },
          {
            "model": "dm800 hd se",
            "scope": null,
            "trust": 0.8,
            "vendor": "dream property",
            "version": null
          },
          {
            "model": "dm800 hd se",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "dream property",
            "version": "1.5rc1"
          },
          {
            "model": "dm800 hd se",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "dream property",
            "version": "1.6rc3"
          },
          {
            "model": "dreambox dm800 hd se",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "dream multimedia tv",
            "version": "1.6"
          },
          {
            "model": "multimedia dreambox dm800",
            "scope": null,
            "trust": 0.3,
            "vendor": "dream",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "BID",
            "id": "50520"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2011-003334"
          },
          {
            "db": "NVD",
            "id": "CVE-2011-4716"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201112-131"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:a:dream-multimedia-tv:dreambox_dm800_hd_se_firmware:*:rc3:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "1.6",
                        "vulnerable": true
                      },
                      {
                        "cpe23Uri": "cpe:2.3:a:dream-multimedia-tv:dreambox_dm800_hd_se_firmware:1.5:rc1:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:dream-multimedia-tv:dreambox_dm800_hd_se:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:a:dream-multimedia-tv:dreambox_dm800_hd_pvr_firmware:1.5:rc1:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      },
                      {
                        "cpe23Uri": "cpe:2.3:a:dream-multimedia-tv:dreambox_dm800_hd_pvr_firmware:1.6:rc3:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:dream-multimedia-tv:dreambox_dm800_hd_pvr:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2011-4716"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Todor Donev",
        "sources": [
          {
            "db": "BID",
            "id": "50520"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201111-167"
          }
        ],
        "trust": 0.9
      },
      "cve": "CVE-2011-4716",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "MEDIUM",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 5.0,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "CVE-2011-4716",
                "impactScore": null,
                "integrityImpact": "None",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "VHN-52661",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2011-4716",
                "trust": 1.8,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201112-131",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-52661",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-52661"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2011-003334"
          },
          {
            "db": "NVD",
            "id": "CVE-2011-4716"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201112-131"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Directory traversal vulnerability in file in DreamBox DM800 1.6rc3, 1.5rc1, and earlier allows remote attackers to read arbitrary files via the file parameter. DreamBox DM800 is prone to a local file-disclosure vulnerability because it fails to adequately validate user-supplied input. \nExploiting this vulnerability would allow an attacker to obtain potentially sensitive information from local files on computers running the vulnerable application. This may aid in further attacks. \nDreamBox DM800 versions 1.5rc1 and prior are vulnerable. Dreambox is a Linux-based digital TV set-top box produced by Dream Multimedia in Germany",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2011-4716"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2011-003334"
          },
          {
            "db": "BID",
            "id": "50520"
          },
          {
            "db": "VULHUB",
            "id": "VHN-52661"
          }
        ],
        "trust": 1.98
      },
      "exploit_availability": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "reference": "https://www.scap.org.cn/vuln/vhn-52661",
            "trust": 0.1,
            "type": "unknown"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-52661"
          }
        ]
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2011-4716",
            "trust": 2.8
          },
          {
            "db": "BID",
            "id": "50520",
            "trust": 2.0
          },
          {
            "db": "EXPLOIT-DB",
            "id": "18079",
            "trust": 1.7
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2011-003334",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201112-131",
            "trust": 0.7
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201111-167",
            "trust": 0.6
          },
          {
            "db": "SEEBUG",
            "id": "SSVID-71796",
            "trust": 0.1
          },
          {
            "db": "SEEBUG",
            "id": "SSVID-72301",
            "trust": 0.1
          },
          {
            "db": "EXPLOIT-DB",
            "id": "17422",
            "trust": 0.1
          },
          {
            "db": "EXPLOIT-DB",
            "id": "36286",
            "trust": 0.1
          },
          {
            "db": "VULHUB",
            "id": "VHN-52661",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-52661"
          },
          {
            "db": "BID",
            "id": "50520"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2011-003334"
          },
          {
            "db": "NVD",
            "id": "CVE-2011-4716"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201111-167"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201112-131"
          }
        ]
      },
      "id": "VAR-201112-0306",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-52661"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2023-12-18T12:52:19.540000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "http://www.dream-multimedia-tv.de/"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2011-003334"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-22",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-52661"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2011-003334"
          },
          {
            "db": "NVD",
            "id": "CVE-2011-4716"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.7,
            "url": "http://www.securityfocus.com/bid/50520"
          },
          {
            "trust": 1.7,
            "url": "http://www.exploit-db.com/exploits/18079"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-4716"
          },
          {
            "trust": 0.8,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-4716"
          },
          {
            "trust": 0.3,
            "url": "http://www.dream-multimedia-tv.de"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-52661"
          },
          {
            "db": "BID",
            "id": "50520"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2011-003334"
          },
          {
            "db": "NVD",
            "id": "CVE-2011-4716"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201111-167"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201112-131"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-52661"
          },
          {
            "db": "BID",
            "id": "50520"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2011-003334"
          },
          {
            "db": "NVD",
            "id": "CVE-2011-4716"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201111-167"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201112-131"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2011-12-08T00:00:00",
            "db": "VULHUB",
            "id": "VHN-52661"
          },
          {
            "date": "2011-11-04T00:00:00",
            "db": "BID",
            "id": "50520"
          },
          {
            "date": "2011-12-13T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2011-003334"
          },
          {
            "date": "2011-12-08T19:55:08.233000",
            "db": "NVD",
            "id": "CVE-2011-4716"
          },
          {
            "date": "1900-01-01T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201111-167"
          },
          {
            "date": "2011-12-09T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201112-131"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2013-08-22T00:00:00",
            "db": "VULHUB",
            "id": "VHN-52661"
          },
          {
            "date": "2011-12-13T18:28:00",
            "db": "BID",
            "id": "50520"
          },
          {
            "date": "2011-12-13T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2011-003334"
          },
          {
            "date": "2013-08-22T06:36:47.970000",
            "db": "NVD",
            "id": "CVE-2011-4716"
          },
          {
            "date": "2011-11-08T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201111-167"
          },
          {
            "date": "2012-01-06T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201112-131"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201111-167"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201112-131"
          }
        ],
        "trust": 1.2
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "DreamBox DM800 Vulnerable to directory traversal",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2011-003334"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "path traversal",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201112-131"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201708-1651

    Vulnerability from variot - Updated: 2022-05-17 02:05

    Dreambox is a wireless routing system similar to openwrt. The OpenDreamBox plugin has a remote code execution vulnerability that allows an attacker to exploit a vulnerability to illegally execute arbitrary commands.

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201708-1651",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "multimedia dreambox",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "dream",
            "version": "2.0.0"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-22156"
          }
        ]
      },
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2017-22156",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "CNVD",
                "id": "CNVD-2017-22156",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-22156"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Dreambox is a wireless routing system similar to openwrt. The OpenDreamBox plugin has a remote code execution vulnerability that allows an attacker to exploit a vulnerability to illegally execute arbitrary commands.",
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-22156"
          }
        ],
        "trust": 0.6
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "EXPLOITDB",
            "id": "42293",
            "trust": 0.6
          },
          {
            "db": "EXPLOIT-DB",
            "id": "42293",
            "trust": 0.6
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-22156",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-22156"
          }
        ]
      },
      "id": "VAR-201708-1651",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-22156"
          }
        ],
        "trust": 1.6
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-22156"
          }
        ]
      },
      "last_update_date": "2022-05-17T02:05:50.422000Z",
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 0.6,
            "url": "https://www.exploit-db.com/exploits/42293/"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-22156"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-22156"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-08-21T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-22156"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-08-21T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-22156"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "OpenDreamBox plugin remote code execution vulnerability",
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-22156"
          }
        ],
        "trust": 0.6
      }
    }

    CVE-2009-2172 (GCVE-0-2009-2172)

    Vulnerability from nvd – Published: 2009-06-23 21:21 – Updated: 2024-08-07 05:44
    VLAI
    Summary
    Cross-site scripting (XSS) vulnerability in forum/radioandtv.php in the Radio and TV Player addon for vBulletin allows remote registered users to inject arbitrary web script or HTML via the station parameter.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/35385 vdb-entryx_refsource_BID
    https://www.exploit-db.com/exploits/8965 exploitx_refsource_EXPLOIT-DB
    Date Public
    2009-06-15 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T05:44:55.024Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "35385",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/35385"
              },
              {
                "name": "8965",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/8965"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2009-06-15T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site scripting (XSS) vulnerability in forum/radioandtv.php in the Radio and TV Player addon for vBulletin allows remote registered users to inject arbitrary web script or HTML via the station parameter."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-09-28T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "35385",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/35385"
            },
            {
              "name": "8965",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/8965"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2009-2172",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site scripting (XSS) vulnerability in forum/radioandtv.php in the Radio and TV Player addon for vBulletin allows remote registered users to inject arbitrary web script or HTML via the station parameter."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "35385",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/35385"
                },
                {
                  "name": "8965",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/8965"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2009-2172",
        "datePublished": "2009-06-23T21:21:00.000Z",
        "dateReserved": "2009-06-23T00:00:00.000Z",
        "dateUpdated": "2024-08-07T05:44:55.024Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2009-2172 (GCVE-0-2009-2172)

    Vulnerability from cvelistv5 – Published: 2009-06-23 21:21 – Updated: 2024-08-07 05:44
    VLAI
    Summary
    Cross-site scripting (XSS) vulnerability in forum/radioandtv.php in the Radio and TV Player addon for vBulletin allows remote registered users to inject arbitrary web script or HTML via the station parameter.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/35385 vdb-entryx_refsource_BID
    https://www.exploit-db.com/exploits/8965 exploitx_refsource_EXPLOIT-DB
    Date Public
    2009-06-15 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T05:44:55.024Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "35385",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/35385"
              },
              {
                "name": "8965",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/8965"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2009-06-15T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site scripting (XSS) vulnerability in forum/radioandtv.php in the Radio and TV Player addon for vBulletin allows remote registered users to inject arbitrary web script or HTML via the station parameter."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-09-28T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "35385",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/35385"
            },
            {
              "name": "8965",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/8965"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2009-2172",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site scripting (XSS) vulnerability in forum/radioandtv.php in the Radio and TV Player addon for vBulletin allows remote registered users to inject arbitrary web script or HTML via the station parameter."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "35385",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/35385"
                },
                {
                  "name": "8965",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/8965"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2009-2172",
        "datePublished": "2009-06-23T21:21:00.000Z",
        "dateReserved": "2009-06-23T00:00:00.000Z",
        "dateUpdated": "2024-08-07T05:44:55.024Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }