Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
18 vulnerabilities by jaws
CVE-2009-0645 (GCVE-0-2009-0645)
Vulnerability from nvd – Published: 2009-02-18 23:00 – Updated: 2024-08-07 04:40
VLAI
Summary
Directory traversal vulnerability in index.php in Jaws 0.8.8 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the (1) language, (2) Introduction_complete, and (3) use_log parameters, different vectors than CVE-2004-2445.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/33607 | vdb-entryx_refsource_BID |
| https://www.exploit-db.com/exploits/7976 | exploitx_refsource_EXPLOIT-DB |
| http://www.jaws-project.com/blog/show/jaws-089-released | x_refsource_MISC |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Date Public
2009-02-04 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:40:05.342Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "33607",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/33607"
},
{
"name": "7976",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/7976"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.jaws-project.com/blog/show/jaws-089-released"
},
{
"name": "jaws-index-file-include(48476)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48476"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-02-04T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in index.php in Jaws 0.8.8 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the (1) language, (2) Introduction_complete, and (3) use_log parameters, different vectors than CVE-2004-2445."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "33607",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/33607"
},
{
"name": "7976",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/7976"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.jaws-project.com/blog/show/jaws-089-released"
},
{
"name": "jaws-index-file-include(48476)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48476"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0645",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in index.php in Jaws 0.8.8 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the (1) language, (2) Introduction_complete, and (3) use_log parameters, different vectors than CVE-2004-2445."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "33607",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/33607"
},
{
"name": "7976",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/7976"
},
{
"name": "http://www.jaws-project.com/blog/show/jaws-089-released",
"refsource": "MISC",
"url": "http://www.jaws-project.com/blog/show/jaws-089-released"
},
{
"name": "jaws-index-file-include(48476)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48476"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-0645",
"datePublished": "2009-02-18T23:00:00.000Z",
"dateReserved": "2009-02-18T00:00:00.000Z",
"dateUpdated": "2024-08-07T04:40:05.342Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-3292 (GCVE-0-2006-3292)
Vulnerability from nvd – Published: 2006-06-28 23:00 – Updated: 2024-08-07 18:23
VLAI
Summary
SQL injection vulnerability in the Search gadget in Jaws 0.6.2 allows remote attackers to execute arbitrary SQL commands via queries with the "LIKE" keyword in the searchdata parameter (search field).
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| http://retrogod.altervista.org/JAWS_062_sql.html | x_refsource_MISC |
| http://secunia.com/advisories/20842 | third-party-advisoryx_refsource_SECUNIA |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.jaws-project.com/index.php?blog/show/29 | x_refsource_CONFIRM |
| http://securityreason.com/securityalert/1165 | third-party-advisoryx_refsource_SREASON |
| http://www.securityfocus.com/archive/1/438434/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.vupen.com/english/advisories/2006/2546 | vdb-entryx_refsource_VUPEN |
| http://www.securityfocus.com/bid/18665 | vdb-entryx_refsource_BID |
Date Public
2006-06-26 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:23:21.124Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://retrogod.altervista.org/JAWS_062_sql.html"
},
{
"name": "20842",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20842"
},
{
"name": "jaws-search-gadget-sql-injection(27334)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27334"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.jaws-project.com/index.php?blog/show/29"
},
{
"name": "1165",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/1165"
},
{
"name": "20060626 Jaws \u003c= 0.6.2 \u0027Search gadget\u0027 SQL injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/438434/100/0/threaded"
},
{
"name": "ADV-2006-2546",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/2546"
},
{
"name": "18665",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/18665"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-06-26T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the Search gadget in Jaws 0.6.2 allows remote attackers to execute arbitrary SQL commands via queries with the \"LIKE\" keyword in the searchdata parameter (search field)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://retrogod.altervista.org/JAWS_062_sql.html"
},
{
"name": "20842",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20842"
},
{
"name": "jaws-search-gadget-sql-injection(27334)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27334"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.jaws-project.com/index.php?blog/show/29"
},
{
"name": "1165",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/1165"
},
{
"name": "20060626 Jaws \u003c= 0.6.2 \u0027Search gadget\u0027 SQL injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/438434/100/0/threaded"
},
{
"name": "ADV-2006-2546",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/2546"
},
{
"name": "18665",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/18665"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3292",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the Search gadget in Jaws 0.6.2 allows remote attackers to execute arbitrary SQL commands via queries with the \"LIKE\" keyword in the searchdata parameter (search field)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://retrogod.altervista.org/JAWS_062_sql.html",
"refsource": "MISC",
"url": "http://retrogod.altervista.org/JAWS_062_sql.html"
},
{
"name": "20842",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20842"
},
{
"name": "jaws-search-gadget-sql-injection(27334)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27334"
},
{
"name": "http://www.jaws-project.com/index.php?blog/show/29",
"refsource": "CONFIRM",
"url": "http://www.jaws-project.com/index.php?blog/show/29"
},
{
"name": "1165",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1165"
},
{
"name": "20060626 Jaws \u003c= 0.6.2 \u0027Search gadget\u0027 SQL injection",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/438434/100/0/threaded"
},
{
"name": "ADV-2006-2546",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2546"
},
{
"name": "18665",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18665"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-3292",
"datePublished": "2006-06-28T23:00:00.000Z",
"dateReserved": "2006-06-28T00:00:00.000Z",
"dateUpdated": "2024-08-07T18:23:21.124Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-3955 (GCVE-0-2005-3955)
Vulnerability from nvd – Published: 2005-12-01 11:00 – Updated: 2024-08-07 23:31
VLAI
Summary
Multiple cross-site scripting (XSS) vulnerabilities in MagpieRSS 7.1, as used in (a) blogBuddiesv 0.3, (b) Jaws 0.6.2, and possibly other products, allow remote attackers to inject arbitrary web script or HTML via the (1) url parameter to (a) magpie_debug.php and (2) rss_url parameter to (b) magpie_slashbox.php and (c) simple_smarty.php.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
15 references
Date Public
2005-11-24 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:31:48.767Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://retrogod.altervista.org/JAWS_062_sql.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/tracker/index.php?func=detail\u0026aid=1366743\u0026group_id=127552\u0026atid=708847"
},
{
"name": "jaws-magpieslashbox-xss(27337)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27337"
},
{
"name": "20842",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20842"
},
{
"name": "20150508 Feed2JS v1.7 XSS (Cross-site Scripting) Web Security Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2015/May/35"
},
{
"name": "17741",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17741"
},
{
"name": "1015264",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015264"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.jaws-project.com/index.php?blog/show/29"
},
{
"name": "21113",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/21113"
},
{
"name": "15555",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15555"
},
{
"name": "20060626 Jaws \u003c= 0.6.2 \u0027Search gadget\u0027 SQL injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/438434/100/0/threaded"
},
{
"name": "21112",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/21112"
},
{
"name": "ADV-2006-2546",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/2546"
},
{
"name": "21643",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/21643"
},
{
"name": "18665",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/18665"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-11-24T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in MagpieRSS 7.1, as used in (a) blogBuddiesv 0.3, (b) Jaws 0.6.2, and possibly other products, allow remote attackers to inject arbitrary web script or HTML via the (1) url parameter to (a) magpie_debug.php and (2) rss_url parameter to (b) magpie_slashbox.php and (c) simple_smarty.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-19T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://retrogod.altervista.org/JAWS_062_sql.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/tracker/index.php?func=detail\u0026aid=1366743\u0026group_id=127552\u0026atid=708847"
},
{
"name": "jaws-magpieslashbox-xss(27337)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27337"
},
{
"name": "20842",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20842"
},
{
"name": "20150508 Feed2JS v1.7 XSS (Cross-site Scripting) Web Security Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2015/May/35"
},
{
"name": "17741",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17741"
},
{
"name": "1015264",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015264"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.jaws-project.com/index.php?blog/show/29"
},
{
"name": "21113",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/21113"
},
{
"name": "15555",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15555"
},
{
"name": "20060626 Jaws \u003c= 0.6.2 \u0027Search gadget\u0027 SQL injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/438434/100/0/threaded"
},
{
"name": "21112",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/21112"
},
{
"name": "ADV-2006-2546",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/2546"
},
{
"name": "21643",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/21643"
},
{
"name": "18665",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/18665"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3955",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in MagpieRSS 7.1, as used in (a) blogBuddiesv 0.3, (b) Jaws 0.6.2, and possibly other products, allow remote attackers to inject arbitrary web script or HTML via the (1) url parameter to (a) magpie_debug.php and (2) rss_url parameter to (b) magpie_slashbox.php and (c) simple_smarty.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://retrogod.altervista.org/JAWS_062_sql.html",
"refsource": "MISC",
"url": "http://retrogod.altervista.org/JAWS_062_sql.html"
},
{
"name": "http://sourceforge.net/tracker/index.php?func=detail\u0026aid=1366743\u0026group_id=127552\u0026atid=708847",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/tracker/index.php?func=detail\u0026aid=1366743\u0026group_id=127552\u0026atid=708847"
},
{
"name": "jaws-magpieslashbox-xss(27337)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27337"
},
{
"name": "20842",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20842"
},
{
"name": "20150508 Feed2JS v1.7 XSS (Cross-site Scripting) Web Security Vulnerabilities",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2015/May/35"
},
{
"name": "17741",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17741"
},
{
"name": "1015264",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015264"
},
{
"name": "http://www.jaws-project.com/index.php?blog/show/29",
"refsource": "MISC",
"url": "http://www.jaws-project.com/index.php?blog/show/29"
},
{
"name": "21113",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/21113"
},
{
"name": "15555",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15555"
},
{
"name": "20060626 Jaws \u003c= 0.6.2 \u0027Search gadget\u0027 SQL injection",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/438434/100/0/threaded"
},
{
"name": "21112",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/21112"
},
{
"name": "ADV-2006-2546",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2546"
},
{
"name": "21643",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/21643"
},
{
"name": "18665",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18665"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-3955",
"datePublished": "2005-12-01T11:00:00.000Z",
"dateReserved": "2005-12-01T00:00:00.000Z",
"dateUpdated": "2024-08-07T23:31:48.767Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-2179 (GCVE-0-2005-2179)
Vulnerability from nvd – Published: 2005-07-10 04:00 – Updated: 2024-08-07 22:15
VLAI
Summary
PHP remote file inclusion vulnerability in BlogModel.php in Jaws 0.5.2 and earlier allows remote attackers to execute arbitrary PHP code via the path parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://securitytracker.com/id?1014395 | vdb-entryx_refsource_SECTRACK |
| http://www.hardened-php.net/advisory-072005.php | x_refsource_MISC |
| http://marc.info/?l=bugtraq&m=112067013827970&w=2 | mailing-listx_refsource_BUGTRAQ |
Date Public
2005-07-06 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T22:15:37.684Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1014395",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1014395"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.hardened-php.net/advisory-072005.php"
},
{
"name": "20050706 Advisory 07/2005: Jaws Multiple Remote Code Execution Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=112067013827970\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-07-06T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "PHP remote file inclusion vulnerability in BlogModel.php in Jaws 0.5.2 and earlier allows remote attackers to execute arbitrary PHP code via the path parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1014395",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1014395"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.hardened-php.net/advisory-072005.php"
},
{
"name": "20050706 Advisory 07/2005: Jaws Multiple Remote Code Execution Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=112067013827970\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-2179",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in BlogModel.php in Jaws 0.5.2 and earlier allows remote attackers to execute arbitrary PHP code via the path parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1014395",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1014395"
},
{
"name": "http://www.hardened-php.net/advisory-072005.php",
"refsource": "MISC",
"url": "http://www.hardened-php.net/advisory-072005.php"
},
{
"name": "20050706 Advisory 07/2005: Jaws Multiple Remote Code Execution Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=112067013827970\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-2179",
"datePublished": "2005-07-10T04:00:00.000Z",
"dateReserved": "2005-07-10T00:00:00.000Z",
"dateUpdated": "2024-08-07T22:15:37.684Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-1231 (GCVE-0-2005-1231)
Vulnerability from nvd – Published: 2005-04-24 04:00 – Updated: 2024-08-07 21:44
VLAI
Summary
Cross-site scripting (XSS) vulnerability in the NewTerm function in GlossaryModel.php in JAWS 0.4 allows remote attackers to inject arbitrary web script or HTML via the (1) term or (2) description.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://seclists.org/lists/fulldisclosure/2005/Apr… | mailing-listx_refsource_FULLDISC |
| http://www.securityfocus.com/bid/13254 | vdb-entryx_refsource_BID |
| http://www.securiteam.com/unixfocus/5RP0M0AFFS.html | x_refsource_MISC |
Date Public
2005-04-21 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:44:05.390Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20050418 XSS bug in JAWS gadget Glossary (0.4-latestbeta (beta 2))",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/lists/fulldisclosure/2005/Apr/0416.html"
},
{
"name": "13254",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/13254"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.securiteam.com/unixfocus/5RP0M0AFFS.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-04-21T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the NewTerm function in GlossaryModel.php in JAWS 0.4 allows remote attackers to inject arbitrary web script or HTML via the (1) term or (2) description."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-15T16:37:38.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20050418 XSS bug in JAWS gadget Glossary (0.4-latestbeta (beta 2))",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/lists/fulldisclosure/2005/Apr/0416.html"
},
{
"name": "13254",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/13254"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.securiteam.com/unixfocus/5RP0M0AFFS.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1231",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the NewTerm function in GlossaryModel.php in JAWS 0.4 allows remote attackers to inject arbitrary web script or HTML via the (1) term or (2) description."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20050418 XSS bug in JAWS gadget Glossary (0.4-latestbeta (beta 2))",
"refsource": "FULLDISC",
"url": "http://seclists.org/lists/fulldisclosure/2005/Apr/0416.html"
},
{
"name": "13254",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/13254"
},
{
"name": "http://www.securiteam.com/unixfocus/5RP0M0AFFS.html",
"refsource": "MISC",
"url": "http://www.securiteam.com/unixfocus/5RP0M0AFFS.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-1231",
"datePublished": "2005-04-24T04:00:00.000Z",
"dateReserved": "2005-04-24T00:00:00.000Z",
"dateUpdated": "2024-08-07T21:44:05.390Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-2444 (GCVE-0-2004-2444)
Vulnerability from nvd – Published: 2005-08-20 04:00 – Updated: 2024-08-08 01:29
VLAI
Summary
Cross-site scripting (XSS) vulnerability in index.php in Jaws 0.3 allows remote attackers to inject arbitrary web script or HTML via the action parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://securitytracker.com/id?1010651 | vdb-entryx_refsource_SECTRACK |
| http://archives.neohapsis.com/archives/fulldisclo… | mailing-listx_refsource_FULLDISC |
| http://www.osvdb.org/7723 | vdb-entryx_refsource_OSVDB |
| http://www.securityfocus.com/bid/10670 | vdb-entryx_refsource_BID |
Date Public
2004-07-06 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:29:13.463Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "jaws-indexphp-xss(16621)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16621"
},
{
"name": "1010651",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1010651"
},
{
"name": "20040705 Multiples vulnerabilities in JAWS",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-07/0226.html"
},
{
"name": "7723",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/7723"
},
{
"name": "10670",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/10670"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-07-06T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in index.php in Jaws 0.3 allows remote attackers to inject arbitrary web script or HTML via the action parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "jaws-indexphp-xss(16621)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16621"
},
{
"name": "1010651",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1010651"
},
{
"name": "20040705 Multiples vulnerabilities in JAWS",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-07/0226.html"
},
{
"name": "7723",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/7723"
},
{
"name": "10670",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/10670"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2444",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in index.php in Jaws 0.3 allows remote attackers to inject arbitrary web script or HTML via the action parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "jaws-indexphp-xss(16621)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16621"
},
{
"name": "1010651",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1010651"
},
{
"name": "20040705 Multiples vulnerabilities in JAWS",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-07/0226.html"
},
{
"name": "7723",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/7723"
},
{
"name": "10670",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10670"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-2444",
"datePublished": "2005-08-20T04:00:00.000Z",
"dateReserved": "2005-08-20T00:00:00.000Z",
"dateUpdated": "2024-08-08T01:29:13.463Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-2445 (GCVE-0-2004-2445)
Vulnerability from nvd – Published: 2005-08-20 04:00 – Updated: 2024-08-08 01:29
VLAI
Summary
Directory traversal vulnerability in index.php in Jaws 0.3 BETA allows remote attackers to view arbitrary files via a .. (dot dot) in the gadget parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://www.osvdb.org/7722 | vdb-entryx_refsource_OSVDB |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://securitytracker.com/id?1010651 | vdb-entryx_refsource_SECTRACK |
| http://archives.neohapsis.com/archives/fulldisclo… | mailing-listx_refsource_FULLDISC |
| http://www.securityfocus.com/bid/10670 | vdb-entryx_refsource_BID |
Date Public
2004-07-06 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:29:12.824Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "7722",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/7722"
},
{
"name": "jaws-index-file-disclosure(16620)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16620"
},
{
"name": "1010651",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1010651"
},
{
"name": "20040705 Multiples vulnerabilities in JAWS",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-07/0226.html"
},
{
"name": "10670",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/10670"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-07-06T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in index.php in Jaws 0.3 BETA allows remote attackers to view arbitrary files via a .. (dot dot) in the gadget parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "7722",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/7722"
},
{
"name": "jaws-index-file-disclosure(16620)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16620"
},
{
"name": "1010651",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1010651"
},
{
"name": "20040705 Multiples vulnerabilities in JAWS",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-07/0226.html"
},
{
"name": "10670",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/10670"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2445",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in index.php in Jaws 0.3 BETA allows remote attackers to view arbitrary files via a .. (dot dot) in the gadget parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "7722",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/7722"
},
{
"name": "jaws-index-file-disclosure(16620)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16620"
},
{
"name": "1010651",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1010651"
},
{
"name": "20040705 Multiples vulnerabilities in JAWS",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-07/0226.html"
},
{
"name": "10670",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10670"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-2445",
"datePublished": "2005-08-20T04:00:00.000Z",
"dateReserved": "2005-08-20T00:00:00.000Z",
"dateUpdated": "2024-08-08T01:29:12.824Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-2443 (GCVE-0-2004-2443)
Vulnerability from nvd – Published: 2005-08-20 04:00 – Updated: 2024-08-08 01:29
VLAI
Summary
Jaws 0.3 allows remote attackers to bypass authentication and via an HTTP request to admin.php with the logged cookie set to the MD5 hash of a null password, which is compared against the logged session variable by the logged_on function in application.php.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://archives.neohapsis.com/archives/fulldisclo… | mailing-listx_refsource_FULLDISC |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://securitytracker.com/id?1010651 | vdb-entryx_refsource_SECTRACK |
| http://www.securityfocus.com/bid/10670 | vdb-entryx_refsource_BID |
| http://www.osvdb.org/7724 | vdb-entryx_refsource_OSVDB |
Date Public
2004-07-06 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:29:13.602Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20040706 Multiples vulnerabilities in JAWS",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-07/0226.html"
},
{
"name": "jaws-cookie-bypass-authentication(16622)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16622"
},
{
"name": "1010651",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1010651"
},
{
"name": "10670",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/10670"
},
{
"name": "7724",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/7724"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-07-06T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Jaws 0.3 allows remote attackers to bypass authentication and via an HTTP request to admin.php with the logged cookie set to the MD5 hash of a null password, which is compared against the logged session variable by the logged_on function in application.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20040706 Multiples vulnerabilities in JAWS",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-07/0226.html"
},
{
"name": "jaws-cookie-bypass-authentication(16622)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16622"
},
{
"name": "1010651",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1010651"
},
{
"name": "10670",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/10670"
},
{
"name": "7724",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/7724"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2443",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Jaws 0.3 allows remote attackers to bypass authentication and via an HTTP request to admin.php with the logged cookie set to the MD5 hash of a null password, which is compared against the logged session variable by the logged_on function in application.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20040706 Multiples vulnerabilities in JAWS",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-07/0226.html"
},
{
"name": "jaws-cookie-bypass-authentication(16622)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16622"
},
{
"name": "1010651",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1010651"
},
{
"name": "10670",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10670"
},
{
"name": "7724",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/7724"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-2443",
"datePublished": "2005-08-20T04:00:00.000Z",
"dateReserved": "2005-08-20T00:00:00.000Z",
"dateUpdated": "2024-08-08T01:29:13.602Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-2067 (GCVE-0-2004-2067)
Vulnerability from nvd – Published: 2005-05-10 04:00 – Updated: 2024-08-08 01:15
VLAI
Summary
SQL injection vulnerability in controlpanel.php in Jaws Framework and Content Management System 0.4 allows remote attackers to execute arbitrary SQL and bypass authentication via the (1) user, (2) password, or (3) crypted_password parameters.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/10826 | vdb-entryx_refsource_BID |
| http://www.jaws.com.mx/index.php?gadget=blog&acti… | x_refsource_CONFIRM |
| http://marc.info/?l=bugtraq&m=109116345930380&w=2 | mailing-listx_refsource_BUGTRAQ |
| http://www.osvdb.org/8320 | vdb-entryx_refsource_OSVDB |
| http://securitytracker.com/id?1010815 | vdb-entryx_refsource_SECTRACK |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Date Public
2004-07-29 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:15:01.357Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "10826",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/10826"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.jaws.com.mx/index.php?gadget=blog\u0026action=single_view\u0026id=10"
},
{
"name": "20040729 Jaws 0.4: authentication bypass",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=109116345930380\u0026w=2"
},
{
"name": "8320",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/8320"
},
{
"name": "1010815",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1010815"
},
{
"name": "jaws-controlpanel-sql-injection(16847)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16847"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-07-29T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in controlpanel.php in Jaws Framework and Content Management System 0.4 allows remote attackers to execute arbitrary SQL and bypass authentication via the (1) user, (2) password, or (3) crypted_password parameters."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "10826",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/10826"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.jaws.com.mx/index.php?gadget=blog\u0026action=single_view\u0026id=10"
},
{
"name": "20040729 Jaws 0.4: authentication bypass",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=109116345930380\u0026w=2"
},
{
"name": "8320",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/8320"
},
{
"name": "1010815",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1010815"
},
{
"name": "jaws-controlpanel-sql-injection(16847)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16847"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2067",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in controlpanel.php in Jaws Framework and Content Management System 0.4 allows remote attackers to execute arbitrary SQL and bypass authentication via the (1) user, (2) password, or (3) crypted_password parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "10826",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10826"
},
{
"name": "http://www.jaws.com.mx/index.php?gadget=blog\u0026action=single_view\u0026id=10",
"refsource": "CONFIRM",
"url": "http://www.jaws.com.mx/index.php?gadget=blog\u0026action=single_view\u0026id=10"
},
{
"name": "20040729 Jaws 0.4: authentication bypass",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=109116345930380\u0026w=2"
},
{
"name": "8320",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/8320"
},
{
"name": "1010815",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1010815"
},
{
"name": "jaws-controlpanel-sql-injection(16847)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16847"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-2067",
"datePublished": "2005-05-10T04:00:00.000Z",
"dateReserved": "2005-05-04T00:00:00.000Z",
"dateUpdated": "2024-08-08T01:15:01.357Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-0645 (GCVE-0-2009-0645)
Vulnerability from cvelistv5 – Published: 2009-02-18 23:00 – Updated: 2024-08-07 04:40
VLAI
Summary
Directory traversal vulnerability in index.php in Jaws 0.8.8 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the (1) language, (2) Introduction_complete, and (3) use_log parameters, different vectors than CVE-2004-2445.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/33607 | vdb-entryx_refsource_BID |
| https://www.exploit-db.com/exploits/7976 | exploitx_refsource_EXPLOIT-DB |
| http://www.jaws-project.com/blog/show/jaws-089-released | x_refsource_MISC |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Date Public
2009-02-04 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:40:05.342Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "33607",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/33607"
},
{
"name": "7976",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/7976"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.jaws-project.com/blog/show/jaws-089-released"
},
{
"name": "jaws-index-file-include(48476)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48476"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-02-04T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in index.php in Jaws 0.8.8 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the (1) language, (2) Introduction_complete, and (3) use_log parameters, different vectors than CVE-2004-2445."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "33607",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/33607"
},
{
"name": "7976",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/7976"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.jaws-project.com/blog/show/jaws-089-released"
},
{
"name": "jaws-index-file-include(48476)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48476"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0645",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in index.php in Jaws 0.8.8 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the (1) language, (2) Introduction_complete, and (3) use_log parameters, different vectors than CVE-2004-2445."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "33607",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/33607"
},
{
"name": "7976",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/7976"
},
{
"name": "http://www.jaws-project.com/blog/show/jaws-089-released",
"refsource": "MISC",
"url": "http://www.jaws-project.com/blog/show/jaws-089-released"
},
{
"name": "jaws-index-file-include(48476)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48476"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-0645",
"datePublished": "2009-02-18T23:00:00.000Z",
"dateReserved": "2009-02-18T00:00:00.000Z",
"dateUpdated": "2024-08-07T04:40:05.342Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-3292 (GCVE-0-2006-3292)
Vulnerability from cvelistv5 – Published: 2006-06-28 23:00 – Updated: 2024-08-07 18:23
VLAI
Summary
SQL injection vulnerability in the Search gadget in Jaws 0.6.2 allows remote attackers to execute arbitrary SQL commands via queries with the "LIKE" keyword in the searchdata parameter (search field).
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| http://retrogod.altervista.org/JAWS_062_sql.html | x_refsource_MISC |
| http://secunia.com/advisories/20842 | third-party-advisoryx_refsource_SECUNIA |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.jaws-project.com/index.php?blog/show/29 | x_refsource_CONFIRM |
| http://securityreason.com/securityalert/1165 | third-party-advisoryx_refsource_SREASON |
| http://www.securityfocus.com/archive/1/438434/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.vupen.com/english/advisories/2006/2546 | vdb-entryx_refsource_VUPEN |
| http://www.securityfocus.com/bid/18665 | vdb-entryx_refsource_BID |
Date Public
2006-06-26 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:23:21.124Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://retrogod.altervista.org/JAWS_062_sql.html"
},
{
"name": "20842",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20842"
},
{
"name": "jaws-search-gadget-sql-injection(27334)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27334"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.jaws-project.com/index.php?blog/show/29"
},
{
"name": "1165",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/1165"
},
{
"name": "20060626 Jaws \u003c= 0.6.2 \u0027Search gadget\u0027 SQL injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/438434/100/0/threaded"
},
{
"name": "ADV-2006-2546",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/2546"
},
{
"name": "18665",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/18665"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-06-26T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the Search gadget in Jaws 0.6.2 allows remote attackers to execute arbitrary SQL commands via queries with the \"LIKE\" keyword in the searchdata parameter (search field)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://retrogod.altervista.org/JAWS_062_sql.html"
},
{
"name": "20842",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20842"
},
{
"name": "jaws-search-gadget-sql-injection(27334)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27334"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.jaws-project.com/index.php?blog/show/29"
},
{
"name": "1165",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/1165"
},
{
"name": "20060626 Jaws \u003c= 0.6.2 \u0027Search gadget\u0027 SQL injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/438434/100/0/threaded"
},
{
"name": "ADV-2006-2546",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/2546"
},
{
"name": "18665",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/18665"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3292",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the Search gadget in Jaws 0.6.2 allows remote attackers to execute arbitrary SQL commands via queries with the \"LIKE\" keyword in the searchdata parameter (search field)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://retrogod.altervista.org/JAWS_062_sql.html",
"refsource": "MISC",
"url": "http://retrogod.altervista.org/JAWS_062_sql.html"
},
{
"name": "20842",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20842"
},
{
"name": "jaws-search-gadget-sql-injection(27334)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27334"
},
{
"name": "http://www.jaws-project.com/index.php?blog/show/29",
"refsource": "CONFIRM",
"url": "http://www.jaws-project.com/index.php?blog/show/29"
},
{
"name": "1165",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1165"
},
{
"name": "20060626 Jaws \u003c= 0.6.2 \u0027Search gadget\u0027 SQL injection",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/438434/100/0/threaded"
},
{
"name": "ADV-2006-2546",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2546"
},
{
"name": "18665",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18665"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-3292",
"datePublished": "2006-06-28T23:00:00.000Z",
"dateReserved": "2006-06-28T00:00:00.000Z",
"dateUpdated": "2024-08-07T18:23:21.124Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-3955 (GCVE-0-2005-3955)
Vulnerability from cvelistv5 – Published: 2005-12-01 11:00 – Updated: 2024-08-07 23:31
VLAI
Summary
Multiple cross-site scripting (XSS) vulnerabilities in MagpieRSS 7.1, as used in (a) blogBuddiesv 0.3, (b) Jaws 0.6.2, and possibly other products, allow remote attackers to inject arbitrary web script or HTML via the (1) url parameter to (a) magpie_debug.php and (2) rss_url parameter to (b) magpie_slashbox.php and (c) simple_smarty.php.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
15 references
Date Public
2005-11-24 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:31:48.767Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://retrogod.altervista.org/JAWS_062_sql.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/tracker/index.php?func=detail\u0026aid=1366743\u0026group_id=127552\u0026atid=708847"
},
{
"name": "jaws-magpieslashbox-xss(27337)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27337"
},
{
"name": "20842",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20842"
},
{
"name": "20150508 Feed2JS v1.7 XSS (Cross-site Scripting) Web Security Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2015/May/35"
},
{
"name": "17741",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17741"
},
{
"name": "1015264",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015264"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.jaws-project.com/index.php?blog/show/29"
},
{
"name": "21113",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/21113"
},
{
"name": "15555",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15555"
},
{
"name": "20060626 Jaws \u003c= 0.6.2 \u0027Search gadget\u0027 SQL injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/438434/100/0/threaded"
},
{
"name": "21112",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/21112"
},
{
"name": "ADV-2006-2546",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/2546"
},
{
"name": "21643",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/21643"
},
{
"name": "18665",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/18665"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-11-24T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in MagpieRSS 7.1, as used in (a) blogBuddiesv 0.3, (b) Jaws 0.6.2, and possibly other products, allow remote attackers to inject arbitrary web script or HTML via the (1) url parameter to (a) magpie_debug.php and (2) rss_url parameter to (b) magpie_slashbox.php and (c) simple_smarty.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-19T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://retrogod.altervista.org/JAWS_062_sql.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/tracker/index.php?func=detail\u0026aid=1366743\u0026group_id=127552\u0026atid=708847"
},
{
"name": "jaws-magpieslashbox-xss(27337)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27337"
},
{
"name": "20842",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20842"
},
{
"name": "20150508 Feed2JS v1.7 XSS (Cross-site Scripting) Web Security Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2015/May/35"
},
{
"name": "17741",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17741"
},
{
"name": "1015264",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015264"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.jaws-project.com/index.php?blog/show/29"
},
{
"name": "21113",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/21113"
},
{
"name": "15555",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15555"
},
{
"name": "20060626 Jaws \u003c= 0.6.2 \u0027Search gadget\u0027 SQL injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/438434/100/0/threaded"
},
{
"name": "21112",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/21112"
},
{
"name": "ADV-2006-2546",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/2546"
},
{
"name": "21643",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/21643"
},
{
"name": "18665",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/18665"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3955",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in MagpieRSS 7.1, as used in (a) blogBuddiesv 0.3, (b) Jaws 0.6.2, and possibly other products, allow remote attackers to inject arbitrary web script or HTML via the (1) url parameter to (a) magpie_debug.php and (2) rss_url parameter to (b) magpie_slashbox.php and (c) simple_smarty.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://retrogod.altervista.org/JAWS_062_sql.html",
"refsource": "MISC",
"url": "http://retrogod.altervista.org/JAWS_062_sql.html"
},
{
"name": "http://sourceforge.net/tracker/index.php?func=detail\u0026aid=1366743\u0026group_id=127552\u0026atid=708847",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/tracker/index.php?func=detail\u0026aid=1366743\u0026group_id=127552\u0026atid=708847"
},
{
"name": "jaws-magpieslashbox-xss(27337)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27337"
},
{
"name": "20842",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20842"
},
{
"name": "20150508 Feed2JS v1.7 XSS (Cross-site Scripting) Web Security Vulnerabilities",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2015/May/35"
},
{
"name": "17741",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17741"
},
{
"name": "1015264",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015264"
},
{
"name": "http://www.jaws-project.com/index.php?blog/show/29",
"refsource": "MISC",
"url": "http://www.jaws-project.com/index.php?blog/show/29"
},
{
"name": "21113",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/21113"
},
{
"name": "15555",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15555"
},
{
"name": "20060626 Jaws \u003c= 0.6.2 \u0027Search gadget\u0027 SQL injection",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/438434/100/0/threaded"
},
{
"name": "21112",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/21112"
},
{
"name": "ADV-2006-2546",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2546"
},
{
"name": "21643",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/21643"
},
{
"name": "18665",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18665"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-3955",
"datePublished": "2005-12-01T11:00:00.000Z",
"dateReserved": "2005-12-01T00:00:00.000Z",
"dateUpdated": "2024-08-07T23:31:48.767Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-2444 (GCVE-0-2004-2444)
Vulnerability from cvelistv5 – Published: 2005-08-20 04:00 – Updated: 2024-08-08 01:29
VLAI
Summary
Cross-site scripting (XSS) vulnerability in index.php in Jaws 0.3 allows remote attackers to inject arbitrary web script or HTML via the action parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://securitytracker.com/id?1010651 | vdb-entryx_refsource_SECTRACK |
| http://archives.neohapsis.com/archives/fulldisclo… | mailing-listx_refsource_FULLDISC |
| http://www.osvdb.org/7723 | vdb-entryx_refsource_OSVDB |
| http://www.securityfocus.com/bid/10670 | vdb-entryx_refsource_BID |
Date Public
2004-07-06 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:29:13.463Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "jaws-indexphp-xss(16621)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16621"
},
{
"name": "1010651",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1010651"
},
{
"name": "20040705 Multiples vulnerabilities in JAWS",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-07/0226.html"
},
{
"name": "7723",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/7723"
},
{
"name": "10670",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/10670"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-07-06T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in index.php in Jaws 0.3 allows remote attackers to inject arbitrary web script or HTML via the action parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "jaws-indexphp-xss(16621)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16621"
},
{
"name": "1010651",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1010651"
},
{
"name": "20040705 Multiples vulnerabilities in JAWS",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-07/0226.html"
},
{
"name": "7723",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/7723"
},
{
"name": "10670",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/10670"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2444",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in index.php in Jaws 0.3 allows remote attackers to inject arbitrary web script or HTML via the action parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "jaws-indexphp-xss(16621)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16621"
},
{
"name": "1010651",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1010651"
},
{
"name": "20040705 Multiples vulnerabilities in JAWS",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-07/0226.html"
},
{
"name": "7723",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/7723"
},
{
"name": "10670",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10670"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-2444",
"datePublished": "2005-08-20T04:00:00.000Z",
"dateReserved": "2005-08-20T00:00:00.000Z",
"dateUpdated": "2024-08-08T01:29:13.463Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-2445 (GCVE-0-2004-2445)
Vulnerability from cvelistv5 – Published: 2005-08-20 04:00 – Updated: 2024-08-08 01:29
VLAI
Summary
Directory traversal vulnerability in index.php in Jaws 0.3 BETA allows remote attackers to view arbitrary files via a .. (dot dot) in the gadget parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://www.osvdb.org/7722 | vdb-entryx_refsource_OSVDB |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://securitytracker.com/id?1010651 | vdb-entryx_refsource_SECTRACK |
| http://archives.neohapsis.com/archives/fulldisclo… | mailing-listx_refsource_FULLDISC |
| http://www.securityfocus.com/bid/10670 | vdb-entryx_refsource_BID |
Date Public
2004-07-06 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:29:12.824Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "7722",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/7722"
},
{
"name": "jaws-index-file-disclosure(16620)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16620"
},
{
"name": "1010651",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1010651"
},
{
"name": "20040705 Multiples vulnerabilities in JAWS",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-07/0226.html"
},
{
"name": "10670",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/10670"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-07-06T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in index.php in Jaws 0.3 BETA allows remote attackers to view arbitrary files via a .. (dot dot) in the gadget parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "7722",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/7722"
},
{
"name": "jaws-index-file-disclosure(16620)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16620"
},
{
"name": "1010651",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1010651"
},
{
"name": "20040705 Multiples vulnerabilities in JAWS",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-07/0226.html"
},
{
"name": "10670",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/10670"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2445",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in index.php in Jaws 0.3 BETA allows remote attackers to view arbitrary files via a .. (dot dot) in the gadget parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "7722",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/7722"
},
{
"name": "jaws-index-file-disclosure(16620)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16620"
},
{
"name": "1010651",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1010651"
},
{
"name": "20040705 Multiples vulnerabilities in JAWS",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-07/0226.html"
},
{
"name": "10670",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10670"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-2445",
"datePublished": "2005-08-20T04:00:00.000Z",
"dateReserved": "2005-08-20T00:00:00.000Z",
"dateUpdated": "2024-08-08T01:29:12.824Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-2443 (GCVE-0-2004-2443)
Vulnerability from cvelistv5 – Published: 2005-08-20 04:00 – Updated: 2024-08-08 01:29
VLAI
Summary
Jaws 0.3 allows remote attackers to bypass authentication and via an HTTP request to admin.php with the logged cookie set to the MD5 hash of a null password, which is compared against the logged session variable by the logged_on function in application.php.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://archives.neohapsis.com/archives/fulldisclo… | mailing-listx_refsource_FULLDISC |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://securitytracker.com/id?1010651 | vdb-entryx_refsource_SECTRACK |
| http://www.securityfocus.com/bid/10670 | vdb-entryx_refsource_BID |
| http://www.osvdb.org/7724 | vdb-entryx_refsource_OSVDB |
Date Public
2004-07-06 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:29:13.602Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20040706 Multiples vulnerabilities in JAWS",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-07/0226.html"
},
{
"name": "jaws-cookie-bypass-authentication(16622)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16622"
},
{
"name": "1010651",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1010651"
},
{
"name": "10670",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/10670"
},
{
"name": "7724",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/7724"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-07-06T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Jaws 0.3 allows remote attackers to bypass authentication and via an HTTP request to admin.php with the logged cookie set to the MD5 hash of a null password, which is compared against the logged session variable by the logged_on function in application.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20040706 Multiples vulnerabilities in JAWS",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-07/0226.html"
},
{
"name": "jaws-cookie-bypass-authentication(16622)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16622"
},
{
"name": "1010651",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1010651"
},
{
"name": "10670",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/10670"
},
{
"name": "7724",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/7724"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2443",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Jaws 0.3 allows remote attackers to bypass authentication and via an HTTP request to admin.php with the logged cookie set to the MD5 hash of a null password, which is compared against the logged session variable by the logged_on function in application.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20040706 Multiples vulnerabilities in JAWS",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-07/0226.html"
},
{
"name": "jaws-cookie-bypass-authentication(16622)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16622"
},
{
"name": "1010651",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1010651"
},
{
"name": "10670",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10670"
},
{
"name": "7724",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/7724"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-2443",
"datePublished": "2005-08-20T04:00:00.000Z",
"dateReserved": "2005-08-20T00:00:00.000Z",
"dateUpdated": "2024-08-08T01:29:13.602Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-2179 (GCVE-0-2005-2179)
Vulnerability from cvelistv5 – Published: 2005-07-10 04:00 – Updated: 2024-08-07 22:15
VLAI
Summary
PHP remote file inclusion vulnerability in BlogModel.php in Jaws 0.5.2 and earlier allows remote attackers to execute arbitrary PHP code via the path parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://securitytracker.com/id?1014395 | vdb-entryx_refsource_SECTRACK |
| http://www.hardened-php.net/advisory-072005.php | x_refsource_MISC |
| http://marc.info/?l=bugtraq&m=112067013827970&w=2 | mailing-listx_refsource_BUGTRAQ |
Date Public
2005-07-06 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T22:15:37.684Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1014395",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1014395"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.hardened-php.net/advisory-072005.php"
},
{
"name": "20050706 Advisory 07/2005: Jaws Multiple Remote Code Execution Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=112067013827970\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-07-06T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "PHP remote file inclusion vulnerability in BlogModel.php in Jaws 0.5.2 and earlier allows remote attackers to execute arbitrary PHP code via the path parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1014395",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1014395"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.hardened-php.net/advisory-072005.php"
},
{
"name": "20050706 Advisory 07/2005: Jaws Multiple Remote Code Execution Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=112067013827970\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-2179",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in BlogModel.php in Jaws 0.5.2 and earlier allows remote attackers to execute arbitrary PHP code via the path parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1014395",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1014395"
},
{
"name": "http://www.hardened-php.net/advisory-072005.php",
"refsource": "MISC",
"url": "http://www.hardened-php.net/advisory-072005.php"
},
{
"name": "20050706 Advisory 07/2005: Jaws Multiple Remote Code Execution Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=112067013827970\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-2179",
"datePublished": "2005-07-10T04:00:00.000Z",
"dateReserved": "2005-07-10T00:00:00.000Z",
"dateUpdated": "2024-08-07T22:15:37.684Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-2067 (GCVE-0-2004-2067)
Vulnerability from cvelistv5 – Published: 2005-05-10 04:00 – Updated: 2024-08-08 01:15
VLAI
Summary
SQL injection vulnerability in controlpanel.php in Jaws Framework and Content Management System 0.4 allows remote attackers to execute arbitrary SQL and bypass authentication via the (1) user, (2) password, or (3) crypted_password parameters.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/10826 | vdb-entryx_refsource_BID |
| http://www.jaws.com.mx/index.php?gadget=blog&acti… | x_refsource_CONFIRM |
| http://marc.info/?l=bugtraq&m=109116345930380&w=2 | mailing-listx_refsource_BUGTRAQ |
| http://www.osvdb.org/8320 | vdb-entryx_refsource_OSVDB |
| http://securitytracker.com/id?1010815 | vdb-entryx_refsource_SECTRACK |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Date Public
2004-07-29 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:15:01.357Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "10826",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/10826"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.jaws.com.mx/index.php?gadget=blog\u0026action=single_view\u0026id=10"
},
{
"name": "20040729 Jaws 0.4: authentication bypass",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=109116345930380\u0026w=2"
},
{
"name": "8320",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/8320"
},
{
"name": "1010815",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1010815"
},
{
"name": "jaws-controlpanel-sql-injection(16847)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16847"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-07-29T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in controlpanel.php in Jaws Framework and Content Management System 0.4 allows remote attackers to execute arbitrary SQL and bypass authentication via the (1) user, (2) password, or (3) crypted_password parameters."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "10826",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/10826"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.jaws.com.mx/index.php?gadget=blog\u0026action=single_view\u0026id=10"
},
{
"name": "20040729 Jaws 0.4: authentication bypass",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=109116345930380\u0026w=2"
},
{
"name": "8320",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/8320"
},
{
"name": "1010815",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1010815"
},
{
"name": "jaws-controlpanel-sql-injection(16847)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16847"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2067",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in controlpanel.php in Jaws Framework and Content Management System 0.4 allows remote attackers to execute arbitrary SQL and bypass authentication via the (1) user, (2) password, or (3) crypted_password parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "10826",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10826"
},
{
"name": "http://www.jaws.com.mx/index.php?gadget=blog\u0026action=single_view\u0026id=10",
"refsource": "CONFIRM",
"url": "http://www.jaws.com.mx/index.php?gadget=blog\u0026action=single_view\u0026id=10"
},
{
"name": "20040729 Jaws 0.4: authentication bypass",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=109116345930380\u0026w=2"
},
{
"name": "8320",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/8320"
},
{
"name": "1010815",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1010815"
},
{
"name": "jaws-controlpanel-sql-injection(16847)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16847"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-2067",
"datePublished": "2005-05-10T04:00:00.000Z",
"dateReserved": "2005-05-04T00:00:00.000Z",
"dateUpdated": "2024-08-08T01:15:01.357Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-1231 (GCVE-0-2005-1231)
Vulnerability from cvelistv5 – Published: 2005-04-24 04:00 – Updated: 2024-08-07 21:44
VLAI
Summary
Cross-site scripting (XSS) vulnerability in the NewTerm function in GlossaryModel.php in JAWS 0.4 allows remote attackers to inject arbitrary web script or HTML via the (1) term or (2) description.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://seclists.org/lists/fulldisclosure/2005/Apr… | mailing-listx_refsource_FULLDISC |
| http://www.securityfocus.com/bid/13254 | vdb-entryx_refsource_BID |
| http://www.securiteam.com/unixfocus/5RP0M0AFFS.html | x_refsource_MISC |
Date Public
2005-04-21 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:44:05.390Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20050418 XSS bug in JAWS gadget Glossary (0.4-latestbeta (beta 2))",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/lists/fulldisclosure/2005/Apr/0416.html"
},
{
"name": "13254",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/13254"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.securiteam.com/unixfocus/5RP0M0AFFS.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-04-21T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the NewTerm function in GlossaryModel.php in JAWS 0.4 allows remote attackers to inject arbitrary web script or HTML via the (1) term or (2) description."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-15T16:37:38.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20050418 XSS bug in JAWS gadget Glossary (0.4-latestbeta (beta 2))",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/lists/fulldisclosure/2005/Apr/0416.html"
},
{
"name": "13254",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/13254"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.securiteam.com/unixfocus/5RP0M0AFFS.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1231",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the NewTerm function in GlossaryModel.php in JAWS 0.4 allows remote attackers to inject arbitrary web script or HTML via the (1) term or (2) description."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20050418 XSS bug in JAWS gadget Glossary (0.4-latestbeta (beta 2))",
"refsource": "FULLDISC",
"url": "http://seclists.org/lists/fulldisclosure/2005/Apr/0416.html"
},
{
"name": "13254",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/13254"
},
{
"name": "http://www.securiteam.com/unixfocus/5RP0M0AFFS.html",
"refsource": "MISC",
"url": "http://www.securiteam.com/unixfocus/5RP0M0AFFS.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-1231",
"datePublished": "2005-04-24T04:00:00.000Z",
"dateReserved": "2005-04-24T00:00:00.000Z",
"dateUpdated": "2024-08-07T21:44:05.390Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}