Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
20 vulnerabilities by extensis
CVE-2022-24255 (GCVE-0-2022-24255)
Vulnerability from nvd – Published: 2022-03-01 23:00 – Updated: 2024-08-03 04:07
VLAI
Summary
Extensis Portfolio v4.0 was discovered to contain hardcoded credentials which allows attackers to gain administrator privileges.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://extensis.com | x_refsource_MISC |
| http://portfolio.com | x_refsource_MISC |
| https://www.whiteoaksecurity.com/blog/extensis-po… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:07:02.319Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://extensis.com"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://portfolio.com"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.whiteoaksecurity.com/blog/extensis-portfolio-vulnerability-disclosure/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Extensis Portfolio v4.0 was discovered to contain hardcoded credentials which allows attackers to gain administrator privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-01T23:00:32.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://extensis.com"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://portfolio.com"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.whiteoaksecurity.com/blog/extensis-portfolio-vulnerability-disclosure/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-24255",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Extensis Portfolio v4.0 was discovered to contain hardcoded credentials which allows attackers to gain administrator privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://extensis.com",
"refsource": "MISC",
"url": "http://extensis.com"
},
{
"name": "http://portfolio.com",
"refsource": "MISC",
"url": "http://portfolio.com"
},
{
"name": "https://www.whiteoaksecurity.com/blog/extensis-portfolio-vulnerability-disclosure/",
"refsource": "MISC",
"url": "https://www.whiteoaksecurity.com/blog/extensis-portfolio-vulnerability-disclosure/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-24255",
"datePublished": "2022-03-01T23:00:32.000Z",
"dateReserved": "2022-01-31T00:00:00.000Z",
"dateUpdated": "2024-08-03T04:07:02.319Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-24254 (GCVE-0-2022-24254)
Vulnerability from nvd – Published: 2022-03-01 23:00 – Updated: 2024-08-03 04:07
VLAI
Summary
An unrestricted file upload vulnerability in the Backup/Restore Archive component of Extensis Portfolio v4.0 allows remote attackers to execute arbitrary code via a crafted ZIP file.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://snyk.io/research/zip-slip-vulnerability | x_refsource_MISC |
| http://extensis.com | x_refsource_MISC |
| http://portfolio.com | x_refsource_MISC |
| https://www.whiteoaksecurity.com/blog/extensis-po… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:07:01.869Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://snyk.io/research/zip-slip-vulnerability"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://extensis.com"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://portfolio.com"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.whiteoaksecurity.com/blog/extensis-portfolio-vulnerability-disclosure/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An unrestricted file upload vulnerability in the Backup/Restore Archive component of Extensis Portfolio v4.0 allows remote attackers to execute arbitrary code via a crafted ZIP file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-01T23:00:26.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://snyk.io/research/zip-slip-vulnerability"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://extensis.com"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://portfolio.com"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.whiteoaksecurity.com/blog/extensis-portfolio-vulnerability-disclosure/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-24254",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An unrestricted file upload vulnerability in the Backup/Restore Archive component of Extensis Portfolio v4.0 allows remote attackers to execute arbitrary code via a crafted ZIP file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://snyk.io/research/zip-slip-vulnerability",
"refsource": "MISC",
"url": "https://snyk.io/research/zip-slip-vulnerability"
},
{
"name": "http://extensis.com",
"refsource": "MISC",
"url": "http://extensis.com"
},
{
"name": "http://portfolio.com",
"refsource": "MISC",
"url": "http://portfolio.com"
},
{
"name": "https://www.whiteoaksecurity.com/blog/extensis-portfolio-vulnerability-disclosure/",
"refsource": "MISC",
"url": "https://www.whiteoaksecurity.com/blog/extensis-portfolio-vulnerability-disclosure/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-24254",
"datePublished": "2022-03-01T23:00:26.000Z",
"dateReserved": "2022-01-31T00:00:00.000Z",
"dateUpdated": "2024-08-03T04:07:01.869Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-24253 (GCVE-0-2022-24253)
Vulnerability from nvd – Published: 2022-03-01 23:00 – Updated: 2024-08-03 04:07
VLAI
Summary
Extensis Portfolio v4.0 was discovered to contain an authenticated unrestricted file upload vulnerability via the component AdminFileTransferServlet.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://extensis.com | x_refsource_MISC |
| http://portfolio.com | x_refsource_MISC |
| https://www.whiteoaksecurity.com/blog/extensis-po… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:07:02.369Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://extensis.com"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://portfolio.com"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.whiteoaksecurity.com/blog/extensis-portfolio-vulnerability-disclosure/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Extensis Portfolio v4.0 was discovered to contain an authenticated unrestricted file upload vulnerability via the component AdminFileTransferServlet."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-01T23:00:21.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://extensis.com"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://portfolio.com"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.whiteoaksecurity.com/blog/extensis-portfolio-vulnerability-disclosure/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-24253",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Extensis Portfolio v4.0 was discovered to contain an authenticated unrestricted file upload vulnerability via the component AdminFileTransferServlet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://extensis.com",
"refsource": "MISC",
"url": "http://extensis.com"
},
{
"name": "http://portfolio.com",
"refsource": "MISC",
"url": "http://portfolio.com"
},
{
"name": "https://www.whiteoaksecurity.com/blog/extensis-portfolio-vulnerability-disclosure/",
"refsource": "MISC",
"url": "https://www.whiteoaksecurity.com/blog/extensis-portfolio-vulnerability-disclosure/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-24253",
"datePublished": "2022-03-01T23:00:21.000Z",
"dateReserved": "2022-01-31T00:00:00.000Z",
"dateUpdated": "2024-08-03T04:07:02.369Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-24252 (GCVE-0-2022-24252)
Vulnerability from nvd – Published: 2022-03-01 23:00 – Updated: 2024-08-03 04:07
VLAI
Summary
An unrestricted file upload vulnerability in the FileTransferServlet component of Extensis Portfolio v4.0 allows remote attackers to execute arbitrary code via a crafted file.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://extensis.com | x_refsource_MISC |
| http://portfolio.com | x_refsource_MISC |
| https://www.whiteoaksecurity.com/blog/extensis-po… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:07:02.340Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://extensis.com"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://portfolio.com"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.whiteoaksecurity.com/blog/extensis-portfolio-vulnerability-disclosure/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An unrestricted file upload vulnerability in the FileTransferServlet component of Extensis Portfolio v4.0 allows remote attackers to execute arbitrary code via a crafted file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-01T23:00:15.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://extensis.com"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://portfolio.com"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.whiteoaksecurity.com/blog/extensis-portfolio-vulnerability-disclosure/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-24252",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An unrestricted file upload vulnerability in the FileTransferServlet component of Extensis Portfolio v4.0 allows remote attackers to execute arbitrary code via a crafted file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://extensis.com",
"refsource": "MISC",
"url": "http://extensis.com"
},
{
"name": "http://portfolio.com",
"refsource": "MISC",
"url": "http://portfolio.com"
},
{
"name": "https://www.whiteoaksecurity.com/blog/extensis-portfolio-vulnerability-disclosure/",
"refsource": "MISC",
"url": "https://www.whiteoaksecurity.com/blog/extensis-portfolio-vulnerability-disclosure/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-24252",
"datePublished": "2022-03-01T23:00:15.000Z",
"dateReserved": "2022-01-31T00:00:00.000Z",
"dateUpdated": "2024-08-03T04:07:02.340Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-24251 (GCVE-0-2022-24251)
Vulnerability from nvd – Published: 2022-03-01 23:00 – Updated: 2024-08-03 04:07
VLAI
Summary
Extensis Portfolio v4.0 was discovered to contain an authenticated unrestricted file upload vulnerability via the Catalog Asset Upload function.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://extensis.com | x_refsource_MISC |
| http://portfolio.com | x_refsource_MISC |
| https://www.whiteoaksecurity.com/blog/extensis-po… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:07:02.360Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://extensis.com"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://portfolio.com"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.whiteoaksecurity.com/blog/extensis-portfolio-vulnerability-disclosure/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Extensis Portfolio v4.0 was discovered to contain an authenticated unrestricted file upload vulnerability via the Catalog Asset Upload function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-01T23:00:09.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://extensis.com"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://portfolio.com"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.whiteoaksecurity.com/blog/extensis-portfolio-vulnerability-disclosure/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-24251",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Extensis Portfolio v4.0 was discovered to contain an authenticated unrestricted file upload vulnerability via the Catalog Asset Upload function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://extensis.com",
"refsource": "MISC",
"url": "http://extensis.com"
},
{
"name": "http://portfolio.com",
"refsource": "MISC",
"url": "http://portfolio.com"
},
{
"name": "https://www.whiteoaksecurity.com/blog/extensis-portfolio-vulnerability-disclosure/",
"refsource": "MISC",
"url": "https://www.whiteoaksecurity.com/blog/extensis-portfolio-vulnerability-disclosure/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-24251",
"datePublished": "2022-03-01T23:00:09.000Z",
"dateReserved": "2022-01-31T00:00:00.000Z",
"dateUpdated": "2024-08-03T04:07:02.360Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-3944 (GCVE-0-2013-3944)
Vulnerability from nvd – Published: 2020-01-02 18:43 – Updated: 2024-08-06 16:30
VLAI
Summary
Stack-based buffer overflow in the MrSID plugin (MrSID.dll) before 4.37 for IrfanView allows remote attackers to execute arbitrary code via an IMAGE tag.
Severity
No CVSS data available.
CWE
- Buffer Overflow
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/64385 | x_refsource_MISC |
| https://www.irfanview.com/history_old.htm | x_refsource_CONFIRM |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| IrfanView | MrSID plugin |
Affected:
before 4.37
|
Date Public
2013-12-17 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:30:48.201Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/64385"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.irfanview.com/history_old.htm"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89804"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "MrSID plugin",
"vendor": "IrfanView",
"versions": [
{
"status": "affected",
"version": "before 4.37"
}
]
}
],
"datePublic": "2013-12-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the MrSID plugin (MrSID.dll) before 4.37 for IrfanView allows remote attackers to execute arbitrary code via an IMAGE tag."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Buffer Overflow",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-02T18:43:09.000Z",
"orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"shortName": "flexera"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.securityfocus.com/bid/64385"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.irfanview.com/history_old.htm"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89804"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID": "CVE-2013-3944",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MrSID plugin",
"version": {
"version_data": [
{
"version_value": "before 4.37"
}
]
}
}
]
},
"vendor_name": "IrfanView"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the MrSID plugin (MrSID.dll) before 4.37 for IrfanView allows remote attackers to execute arbitrary code via an IMAGE tag."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.securityfocus.com/bid/64385",
"refsource": "MISC",
"url": "http://www.securityfocus.com/bid/64385"
},
{
"name": "https://www.irfanview.com/history_old.htm",
"refsource": "CONFIRM",
"url": "https://www.irfanview.com/history_old.htm"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89804",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89804"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"assignerShortName": "flexera",
"cveId": "CVE-2013-3944",
"datePublished": "2020-01-02T18:43:09.000Z",
"dateReserved": "2013-06-04T00:00:00.000Z",
"dateUpdated": "2024-08-06T16:30:48.201Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-3945 (GCVE-0-2013-3945)
Vulnerability from nvd – Published: 2020-01-02 18:43 – Updated: 2024-08-06 16:30
VLAI
Summary
The MrSID plugin (MrSID.dll) before 4.37 for IrfanView allows remote attackers to execute arbitrary code via a nband tag.
Severity
No CVSS data available.
CWE
- Buffer Overflow
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | x_refsource_MISC |
| https://www.irfanview.com/history_old.htm | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| IrfanView | MrSID plugin |
Affected:
before 4.37
|
Date Public
2013-12-17 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:30:48.178Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89805"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.irfanview.com/history_old.htm"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "MrSID plugin",
"vendor": "IrfanView",
"versions": [
{
"status": "affected",
"version": "before 4.37"
}
]
}
],
"datePublic": "2013-12-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The MrSID plugin (MrSID.dll) before 4.37 for IrfanView allows remote attackers to execute arbitrary code via a nband tag."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Buffer Overflow",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-02T18:43:05.000Z",
"orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"shortName": "flexera"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89805"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.irfanview.com/history_old.htm"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID": "CVE-2013-3945",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MrSID plugin",
"version": {
"version_data": [
{
"version_value": "before 4.37"
}
]
}
}
]
},
"vendor_name": "IrfanView"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The MrSID plugin (MrSID.dll) before 4.37 for IrfanView allows remote attackers to execute arbitrary code via a nband tag."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89805",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89805"
},
{
"name": "https://www.irfanview.com/history_old.htm",
"refsource": "CONFIRM",
"url": "https://www.irfanview.com/history_old.htm"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"assignerShortName": "flexera",
"cveId": "CVE-2013-3945",
"datePublished": "2020-01-02T18:43:05.000Z",
"dateReserved": "2013-06-04T00:00:00.000Z",
"dateUpdated": "2024-08-06T16:30:48.178Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-3946 (GCVE-0-2013-3946)
Vulnerability from nvd – Published: 2020-01-02 18:43 – Updated: 2024-08-06 16:30
VLAI
Summary
Heap-based buffer overflow in the MrSID plugin (MrSID.dll) before 4.37 for IrfanView allows remote attackers to execute arbitrary code via a levels header.
Severity
No CVSS data available.
CWE
- Buffer Overflow
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | x_refsource_MISC |
| https://www.irfanview.com/history_old.htm | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| IrfanView | MrSID plugin |
Affected:
before 4.37
|
Date Public
2013-12-17 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:30:49.080Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89806"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.irfanview.com/history_old.htm"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "MrSID plugin",
"vendor": "IrfanView",
"versions": [
{
"status": "affected",
"version": "before 4.37"
}
]
}
],
"datePublic": "2013-12-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the MrSID plugin (MrSID.dll) before 4.37 for IrfanView allows remote attackers to execute arbitrary code via a levels header."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Buffer Overflow",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-02T18:43:01.000Z",
"orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"shortName": "flexera"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89806"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.irfanview.com/history_old.htm"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID": "CVE-2013-3946",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MrSID plugin",
"version": {
"version_data": [
{
"version_value": "before 4.37"
}
]
}
}
]
},
"vendor_name": "IrfanView"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in the MrSID plugin (MrSID.dll) before 4.37 for IrfanView allows remote attackers to execute arbitrary code via a levels header."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89806",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89806"
},
{
"name": "https://www.irfanview.com/history_old.htm",
"refsource": "CONFIRM",
"url": "https://www.irfanview.com/history_old.htm"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"assignerShortName": "flexera",
"cveId": "CVE-2013-3946",
"datePublished": "2020-01-02T18:43:01.000Z",
"dateReserved": "2013-06-04T00:00:00.000Z",
"dateUpdated": "2024-08-06T16:30:49.080Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-18006 (GCVE-0-2017-18006)
Vulnerability from nvd – Published: 2018-01-01 00:00 – Updated: 2024-09-17 03:27
VLAI
Summary
netpub/server.np in Extensis Portfolio NetPublish has XSS in the quickfind parameter, aka Open Bug Bounty ID OBB-290447.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.openbugbounty.org/reports/290447/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:06:49.777Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.openbugbounty.org/reports/290447/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "netpub/server.np in Extensis Portfolio NetPublish has XSS in the quickfind parameter, aka Open Bug Bounty ID OBB-290447."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-01T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.openbugbounty.org/reports/290447/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-18006",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "netpub/server.np in Extensis Portfolio NetPublish has XSS in the quickfind parameter, aka Open Bug Bounty ID OBB-290447."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.openbugbounty.org/reports/290447/",
"refsource": "MISC",
"url": "https://www.openbugbounty.org/reports/290447/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-18006",
"datePublished": "2018-01-01T00:00:00.000Z",
"dateReserved": "2017-12-31T00:00:00.000Z",
"dateUpdated": "2024-09-17T03:27:30.250Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-4510 (GCVE-0-2005-4510)
Vulnerability from nvd – Published: 2005-12-23 01:00 – Updated: 2024-08-07 23:46
VLAI
Summary
Directory traversal vulnerability in server.np in NetPublish Server 7 allows remote attackers to read arbitrary files via "../" sequences in the template parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://secunia.com/advisories/18173 | third-party-advisoryx_refsource_SECUNIA |
| http://www.extensis.com/en/support/kb_article.jsp… | x_refsource_MISC |
| http://www.securityfocus.com/bid/15974 | vdb-entryx_refsource_BID |
| http://marc.info/?l=bugtraq&m=113511429307550&w=2 | mailing-listx_refsource_BUGTRAQ |
| http://securitytracker.com/id?1015393 | vdb-entryx_refsource_SECTRACK |
| http://www.vupen.com/english/advisories/2005/3045 | vdb-entryx_refsource_VUPEN |
Date Public
2005-12-20 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:46:05.526Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "18173",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18173"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.extensis.com/en/support/kb_article.jsp?articleNumber=3302201"
},
{
"name": "15974",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15974"
},
{
"name": "20051220 IRM 012: Portfolio Netpublish Server 7 is vulnerable to a Directory Traversal Attack",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=113511429307550\u0026w=2"
},
{
"name": "1015393",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015393"
},
{
"name": "ADV-2005-3045",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/3045"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-12-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in server.np in NetPublish Server 7 allows remote attackers to read arbitrary files via \"../\" sequences in the template parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "18173",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18173"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.extensis.com/en/support/kb_article.jsp?articleNumber=3302201"
},
{
"name": "15974",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15974"
},
{
"name": "20051220 IRM 012: Portfolio Netpublish Server 7 is vulnerable to a Directory Traversal Attack",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=113511429307550\u0026w=2"
},
{
"name": "1015393",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015393"
},
{
"name": "ADV-2005-3045",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/3045"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4510",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in server.np in NetPublish Server 7 allows remote attackers to read arbitrary files via \"../\" sequences in the template parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "18173",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18173"
},
{
"name": "http://www.extensis.com/en/support/kb_article.jsp?articleNumber=3302201",
"refsource": "MISC",
"url": "http://www.extensis.com/en/support/kb_article.jsp?articleNumber=3302201"
},
{
"name": "15974",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15974"
},
{
"name": "20051220 IRM 012: Portfolio Netpublish Server 7 is vulnerable to a Directory Traversal Attack",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=113511429307550\u0026w=2"
},
{
"name": "1015393",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015393"
},
{
"name": "ADV-2005-3045",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/3045"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-4510",
"datePublished": "2005-12-23T01:00:00.000Z",
"dateReserved": "2005-12-23T00:00:00.000Z",
"dateUpdated": "2024-08-07T23:46:05.526Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-24255 (GCVE-0-2022-24255)
Vulnerability from cvelistv5 – Published: 2022-03-01 23:00 – Updated: 2024-08-03 04:07
VLAI
Summary
Extensis Portfolio v4.0 was discovered to contain hardcoded credentials which allows attackers to gain administrator privileges.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://extensis.com | x_refsource_MISC |
| http://portfolio.com | x_refsource_MISC |
| https://www.whiteoaksecurity.com/blog/extensis-po… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:07:02.319Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://extensis.com"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://portfolio.com"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.whiteoaksecurity.com/blog/extensis-portfolio-vulnerability-disclosure/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Extensis Portfolio v4.0 was discovered to contain hardcoded credentials which allows attackers to gain administrator privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-01T23:00:32.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://extensis.com"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://portfolio.com"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.whiteoaksecurity.com/blog/extensis-portfolio-vulnerability-disclosure/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-24255",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Extensis Portfolio v4.0 was discovered to contain hardcoded credentials which allows attackers to gain administrator privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://extensis.com",
"refsource": "MISC",
"url": "http://extensis.com"
},
{
"name": "http://portfolio.com",
"refsource": "MISC",
"url": "http://portfolio.com"
},
{
"name": "https://www.whiteoaksecurity.com/blog/extensis-portfolio-vulnerability-disclosure/",
"refsource": "MISC",
"url": "https://www.whiteoaksecurity.com/blog/extensis-portfolio-vulnerability-disclosure/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-24255",
"datePublished": "2022-03-01T23:00:32.000Z",
"dateReserved": "2022-01-31T00:00:00.000Z",
"dateUpdated": "2024-08-03T04:07:02.319Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-24254 (GCVE-0-2022-24254)
Vulnerability from cvelistv5 – Published: 2022-03-01 23:00 – Updated: 2024-08-03 04:07
VLAI
Summary
An unrestricted file upload vulnerability in the Backup/Restore Archive component of Extensis Portfolio v4.0 allows remote attackers to execute arbitrary code via a crafted ZIP file.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://snyk.io/research/zip-slip-vulnerability | x_refsource_MISC |
| http://extensis.com | x_refsource_MISC |
| http://portfolio.com | x_refsource_MISC |
| https://www.whiteoaksecurity.com/blog/extensis-po… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:07:01.869Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://snyk.io/research/zip-slip-vulnerability"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://extensis.com"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://portfolio.com"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.whiteoaksecurity.com/blog/extensis-portfolio-vulnerability-disclosure/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An unrestricted file upload vulnerability in the Backup/Restore Archive component of Extensis Portfolio v4.0 allows remote attackers to execute arbitrary code via a crafted ZIP file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-01T23:00:26.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://snyk.io/research/zip-slip-vulnerability"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://extensis.com"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://portfolio.com"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.whiteoaksecurity.com/blog/extensis-portfolio-vulnerability-disclosure/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-24254",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An unrestricted file upload vulnerability in the Backup/Restore Archive component of Extensis Portfolio v4.0 allows remote attackers to execute arbitrary code via a crafted ZIP file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://snyk.io/research/zip-slip-vulnerability",
"refsource": "MISC",
"url": "https://snyk.io/research/zip-slip-vulnerability"
},
{
"name": "http://extensis.com",
"refsource": "MISC",
"url": "http://extensis.com"
},
{
"name": "http://portfolio.com",
"refsource": "MISC",
"url": "http://portfolio.com"
},
{
"name": "https://www.whiteoaksecurity.com/blog/extensis-portfolio-vulnerability-disclosure/",
"refsource": "MISC",
"url": "https://www.whiteoaksecurity.com/blog/extensis-portfolio-vulnerability-disclosure/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-24254",
"datePublished": "2022-03-01T23:00:26.000Z",
"dateReserved": "2022-01-31T00:00:00.000Z",
"dateUpdated": "2024-08-03T04:07:01.869Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-24253 (GCVE-0-2022-24253)
Vulnerability from cvelistv5 – Published: 2022-03-01 23:00 – Updated: 2024-08-03 04:07
VLAI
Summary
Extensis Portfolio v4.0 was discovered to contain an authenticated unrestricted file upload vulnerability via the component AdminFileTransferServlet.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://extensis.com | x_refsource_MISC |
| http://portfolio.com | x_refsource_MISC |
| https://www.whiteoaksecurity.com/blog/extensis-po… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:07:02.369Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://extensis.com"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://portfolio.com"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.whiteoaksecurity.com/blog/extensis-portfolio-vulnerability-disclosure/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Extensis Portfolio v4.0 was discovered to contain an authenticated unrestricted file upload vulnerability via the component AdminFileTransferServlet."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-01T23:00:21.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://extensis.com"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://portfolio.com"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.whiteoaksecurity.com/blog/extensis-portfolio-vulnerability-disclosure/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-24253",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Extensis Portfolio v4.0 was discovered to contain an authenticated unrestricted file upload vulnerability via the component AdminFileTransferServlet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://extensis.com",
"refsource": "MISC",
"url": "http://extensis.com"
},
{
"name": "http://portfolio.com",
"refsource": "MISC",
"url": "http://portfolio.com"
},
{
"name": "https://www.whiteoaksecurity.com/blog/extensis-portfolio-vulnerability-disclosure/",
"refsource": "MISC",
"url": "https://www.whiteoaksecurity.com/blog/extensis-portfolio-vulnerability-disclosure/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-24253",
"datePublished": "2022-03-01T23:00:21.000Z",
"dateReserved": "2022-01-31T00:00:00.000Z",
"dateUpdated": "2024-08-03T04:07:02.369Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-24252 (GCVE-0-2022-24252)
Vulnerability from cvelistv5 – Published: 2022-03-01 23:00 – Updated: 2024-08-03 04:07
VLAI
Summary
An unrestricted file upload vulnerability in the FileTransferServlet component of Extensis Portfolio v4.0 allows remote attackers to execute arbitrary code via a crafted file.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://extensis.com | x_refsource_MISC |
| http://portfolio.com | x_refsource_MISC |
| https://www.whiteoaksecurity.com/blog/extensis-po… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:07:02.340Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://extensis.com"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://portfolio.com"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.whiteoaksecurity.com/blog/extensis-portfolio-vulnerability-disclosure/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An unrestricted file upload vulnerability in the FileTransferServlet component of Extensis Portfolio v4.0 allows remote attackers to execute arbitrary code via a crafted file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-01T23:00:15.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://extensis.com"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://portfolio.com"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.whiteoaksecurity.com/blog/extensis-portfolio-vulnerability-disclosure/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-24252",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An unrestricted file upload vulnerability in the FileTransferServlet component of Extensis Portfolio v4.0 allows remote attackers to execute arbitrary code via a crafted file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://extensis.com",
"refsource": "MISC",
"url": "http://extensis.com"
},
{
"name": "http://portfolio.com",
"refsource": "MISC",
"url": "http://portfolio.com"
},
{
"name": "https://www.whiteoaksecurity.com/blog/extensis-portfolio-vulnerability-disclosure/",
"refsource": "MISC",
"url": "https://www.whiteoaksecurity.com/blog/extensis-portfolio-vulnerability-disclosure/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-24252",
"datePublished": "2022-03-01T23:00:15.000Z",
"dateReserved": "2022-01-31T00:00:00.000Z",
"dateUpdated": "2024-08-03T04:07:02.340Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-24251 (GCVE-0-2022-24251)
Vulnerability from cvelistv5 – Published: 2022-03-01 23:00 – Updated: 2024-08-03 04:07
VLAI
Summary
Extensis Portfolio v4.0 was discovered to contain an authenticated unrestricted file upload vulnerability via the Catalog Asset Upload function.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://extensis.com | x_refsource_MISC |
| http://portfolio.com | x_refsource_MISC |
| https://www.whiteoaksecurity.com/blog/extensis-po… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:07:02.360Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://extensis.com"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://portfolio.com"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.whiteoaksecurity.com/blog/extensis-portfolio-vulnerability-disclosure/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Extensis Portfolio v4.0 was discovered to contain an authenticated unrestricted file upload vulnerability via the Catalog Asset Upload function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-01T23:00:09.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://extensis.com"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://portfolio.com"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.whiteoaksecurity.com/blog/extensis-portfolio-vulnerability-disclosure/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-24251",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Extensis Portfolio v4.0 was discovered to contain an authenticated unrestricted file upload vulnerability via the Catalog Asset Upload function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://extensis.com",
"refsource": "MISC",
"url": "http://extensis.com"
},
{
"name": "http://portfolio.com",
"refsource": "MISC",
"url": "http://portfolio.com"
},
{
"name": "https://www.whiteoaksecurity.com/blog/extensis-portfolio-vulnerability-disclosure/",
"refsource": "MISC",
"url": "https://www.whiteoaksecurity.com/blog/extensis-portfolio-vulnerability-disclosure/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-24251",
"datePublished": "2022-03-01T23:00:09.000Z",
"dateReserved": "2022-01-31T00:00:00.000Z",
"dateUpdated": "2024-08-03T04:07:02.360Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-3944 (GCVE-0-2013-3944)
Vulnerability from cvelistv5 – Published: 2020-01-02 18:43 – Updated: 2024-08-06 16:30
VLAI
Summary
Stack-based buffer overflow in the MrSID plugin (MrSID.dll) before 4.37 for IrfanView allows remote attackers to execute arbitrary code via an IMAGE tag.
Severity
No CVSS data available.
CWE
- Buffer Overflow
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/64385 | x_refsource_MISC |
| https://www.irfanview.com/history_old.htm | x_refsource_CONFIRM |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| IrfanView | MrSID plugin |
Affected:
before 4.37
|
Date Public
2013-12-17 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:30:48.201Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/64385"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.irfanview.com/history_old.htm"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89804"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "MrSID plugin",
"vendor": "IrfanView",
"versions": [
{
"status": "affected",
"version": "before 4.37"
}
]
}
],
"datePublic": "2013-12-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the MrSID plugin (MrSID.dll) before 4.37 for IrfanView allows remote attackers to execute arbitrary code via an IMAGE tag."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Buffer Overflow",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-02T18:43:09.000Z",
"orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"shortName": "flexera"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.securityfocus.com/bid/64385"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.irfanview.com/history_old.htm"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89804"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID": "CVE-2013-3944",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MrSID plugin",
"version": {
"version_data": [
{
"version_value": "before 4.37"
}
]
}
}
]
},
"vendor_name": "IrfanView"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the MrSID plugin (MrSID.dll) before 4.37 for IrfanView allows remote attackers to execute arbitrary code via an IMAGE tag."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.securityfocus.com/bid/64385",
"refsource": "MISC",
"url": "http://www.securityfocus.com/bid/64385"
},
{
"name": "https://www.irfanview.com/history_old.htm",
"refsource": "CONFIRM",
"url": "https://www.irfanview.com/history_old.htm"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89804",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89804"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"assignerShortName": "flexera",
"cveId": "CVE-2013-3944",
"datePublished": "2020-01-02T18:43:09.000Z",
"dateReserved": "2013-06-04T00:00:00.000Z",
"dateUpdated": "2024-08-06T16:30:48.201Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-3945 (GCVE-0-2013-3945)
Vulnerability from cvelistv5 – Published: 2020-01-02 18:43 – Updated: 2024-08-06 16:30
VLAI
Summary
The MrSID plugin (MrSID.dll) before 4.37 for IrfanView allows remote attackers to execute arbitrary code via a nband tag.
Severity
No CVSS data available.
CWE
- Buffer Overflow
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | x_refsource_MISC |
| https://www.irfanview.com/history_old.htm | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| IrfanView | MrSID plugin |
Affected:
before 4.37
|
Date Public
2013-12-17 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:30:48.178Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89805"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.irfanview.com/history_old.htm"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "MrSID plugin",
"vendor": "IrfanView",
"versions": [
{
"status": "affected",
"version": "before 4.37"
}
]
}
],
"datePublic": "2013-12-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The MrSID plugin (MrSID.dll) before 4.37 for IrfanView allows remote attackers to execute arbitrary code via a nband tag."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Buffer Overflow",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-02T18:43:05.000Z",
"orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"shortName": "flexera"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89805"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.irfanview.com/history_old.htm"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID": "CVE-2013-3945",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MrSID plugin",
"version": {
"version_data": [
{
"version_value": "before 4.37"
}
]
}
}
]
},
"vendor_name": "IrfanView"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The MrSID plugin (MrSID.dll) before 4.37 for IrfanView allows remote attackers to execute arbitrary code via a nband tag."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89805",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89805"
},
{
"name": "https://www.irfanview.com/history_old.htm",
"refsource": "CONFIRM",
"url": "https://www.irfanview.com/history_old.htm"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"assignerShortName": "flexera",
"cveId": "CVE-2013-3945",
"datePublished": "2020-01-02T18:43:05.000Z",
"dateReserved": "2013-06-04T00:00:00.000Z",
"dateUpdated": "2024-08-06T16:30:48.178Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-3946 (GCVE-0-2013-3946)
Vulnerability from cvelistv5 – Published: 2020-01-02 18:43 – Updated: 2024-08-06 16:30
VLAI
Summary
Heap-based buffer overflow in the MrSID plugin (MrSID.dll) before 4.37 for IrfanView allows remote attackers to execute arbitrary code via a levels header.
Severity
No CVSS data available.
CWE
- Buffer Overflow
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | x_refsource_MISC |
| https://www.irfanview.com/history_old.htm | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| IrfanView | MrSID plugin |
Affected:
before 4.37
|
Date Public
2013-12-17 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:30:49.080Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89806"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.irfanview.com/history_old.htm"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "MrSID plugin",
"vendor": "IrfanView",
"versions": [
{
"status": "affected",
"version": "before 4.37"
}
]
}
],
"datePublic": "2013-12-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the MrSID plugin (MrSID.dll) before 4.37 for IrfanView allows remote attackers to execute arbitrary code via a levels header."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Buffer Overflow",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-02T18:43:01.000Z",
"orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"shortName": "flexera"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89806"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.irfanview.com/history_old.htm"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID": "CVE-2013-3946",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MrSID plugin",
"version": {
"version_data": [
{
"version_value": "before 4.37"
}
]
}
}
]
},
"vendor_name": "IrfanView"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in the MrSID plugin (MrSID.dll) before 4.37 for IrfanView allows remote attackers to execute arbitrary code via a levels header."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89806",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89806"
},
{
"name": "https://www.irfanview.com/history_old.htm",
"refsource": "CONFIRM",
"url": "https://www.irfanview.com/history_old.htm"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"assignerShortName": "flexera",
"cveId": "CVE-2013-3946",
"datePublished": "2020-01-02T18:43:01.000Z",
"dateReserved": "2013-06-04T00:00:00.000Z",
"dateUpdated": "2024-08-06T16:30:49.080Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-18006 (GCVE-0-2017-18006)
Vulnerability from cvelistv5 – Published: 2018-01-01 00:00 – Updated: 2024-09-17 03:27
VLAI
Summary
netpub/server.np in Extensis Portfolio NetPublish has XSS in the quickfind parameter, aka Open Bug Bounty ID OBB-290447.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.openbugbounty.org/reports/290447/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:06:49.777Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.openbugbounty.org/reports/290447/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "netpub/server.np in Extensis Portfolio NetPublish has XSS in the quickfind parameter, aka Open Bug Bounty ID OBB-290447."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-01T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.openbugbounty.org/reports/290447/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-18006",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "netpub/server.np in Extensis Portfolio NetPublish has XSS in the quickfind parameter, aka Open Bug Bounty ID OBB-290447."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.openbugbounty.org/reports/290447/",
"refsource": "MISC",
"url": "https://www.openbugbounty.org/reports/290447/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-18006",
"datePublished": "2018-01-01T00:00:00.000Z",
"dateReserved": "2017-12-31T00:00:00.000Z",
"dateUpdated": "2024-09-17T03:27:30.250Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-4510 (GCVE-0-2005-4510)
Vulnerability from cvelistv5 – Published: 2005-12-23 01:00 – Updated: 2024-08-07 23:46
VLAI
Summary
Directory traversal vulnerability in server.np in NetPublish Server 7 allows remote attackers to read arbitrary files via "../" sequences in the template parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://secunia.com/advisories/18173 | third-party-advisoryx_refsource_SECUNIA |
| http://www.extensis.com/en/support/kb_article.jsp… | x_refsource_MISC |
| http://www.securityfocus.com/bid/15974 | vdb-entryx_refsource_BID |
| http://marc.info/?l=bugtraq&m=113511429307550&w=2 | mailing-listx_refsource_BUGTRAQ |
| http://securitytracker.com/id?1015393 | vdb-entryx_refsource_SECTRACK |
| http://www.vupen.com/english/advisories/2005/3045 | vdb-entryx_refsource_VUPEN |
Date Public
2005-12-20 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:46:05.526Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "18173",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18173"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.extensis.com/en/support/kb_article.jsp?articleNumber=3302201"
},
{
"name": "15974",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15974"
},
{
"name": "20051220 IRM 012: Portfolio Netpublish Server 7 is vulnerable to a Directory Traversal Attack",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=113511429307550\u0026w=2"
},
{
"name": "1015393",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015393"
},
{
"name": "ADV-2005-3045",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/3045"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-12-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in server.np in NetPublish Server 7 allows remote attackers to read arbitrary files via \"../\" sequences in the template parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "18173",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18173"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.extensis.com/en/support/kb_article.jsp?articleNumber=3302201"
},
{
"name": "15974",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15974"
},
{
"name": "20051220 IRM 012: Portfolio Netpublish Server 7 is vulnerable to a Directory Traversal Attack",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=113511429307550\u0026w=2"
},
{
"name": "1015393",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015393"
},
{
"name": "ADV-2005-3045",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/3045"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4510",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in server.np in NetPublish Server 7 allows remote attackers to read arbitrary files via \"../\" sequences in the template parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "18173",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18173"
},
{
"name": "http://www.extensis.com/en/support/kb_article.jsp?articleNumber=3302201",
"refsource": "MISC",
"url": "http://www.extensis.com/en/support/kb_article.jsp?articleNumber=3302201"
},
{
"name": "15974",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15974"
},
{
"name": "20051220 IRM 012: Portfolio Netpublish Server 7 is vulnerable to a Directory Traversal Attack",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=113511429307550\u0026w=2"
},
{
"name": "1015393",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015393"
},
{
"name": "ADV-2005-3045",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/3045"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-4510",
"datePublished": "2005-12-23T01:00:00.000Z",
"dateReserved": "2005-12-23T00:00:00.000Z",
"dateUpdated": "2024-08-07T23:46:05.526Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}