Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
12 vulnerabilities by jinzora
CVE-2009-2313 (GCVE-0-2009-2313)
Vulnerability from nvd – Published: 2009-07-02 10:00 – Updated: 2024-08-07 05:44
VLAI
Summary
Directory traversal vulnerability in index.php in Jinzora Media Jukebox 2.8 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the name parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| http://www.exploit-db.com/exploits/8278 | exploitx_refsource_EXPLOIT-DB |
Date Public
2009-03-24 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:44:56.073Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "8278",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/8278"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-03-24T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in index.php in Jinzora Media Jukebox 2.8 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the name parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-18T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "8278",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/8278"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-2313",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in index.php in Jinzora Media Jukebox 2.8 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the name parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "8278",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/8278"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-2313",
"datePublished": "2009-07-02T10:00:00.000Z",
"dateReserved": "2009-07-02T00:00:00.000Z",
"dateUpdated": "2024-08-07T05:44:56.073Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-0877 (GCVE-0-2008-0877)
Vulnerability from nvd – Published: 2008-02-21 19:00 – Updated: 2024-08-07 08:01
VLAI
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Jinzora Media Jukebox 2.7.5 allow remote attackers to inject arbitrary web script or HTML via the (1) frontend, (2) set_frontend, (3) jz_path, (4) theme, and (5) set_theme parameters to (a) index.php; the frontend, theme, and (6) language parameters to (b) ajax_request.php; the jz_path parameter to (c) slim.php; the frontend, theme, and jz_path parameters to (d) popup.php; the (13) PATH_INFO to index.php and (e) slim.php; and the (14) query parameter in a playlistedit action and (15) siteNewsData parameter in a sitenews action to (f) popup.php.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/27876 | vdb-entryx_refsource_BID |
| http://secunia.com/advisories/29023 | third-party-advisoryx_refsource_SECUNIA |
| http://securityreason.com/securityalert/3683 | third-party-advisoryx_refsource_SREASON |
| http://www.securityfocus.com/archive/1/488326/100… | mailing-listx_refsource_BUGTRAQ |
Date Public
2008-02-19 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:01:39.786Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "27876",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/27876"
},
{
"name": "29023",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29023"
},
{
"name": "3683",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3683"
},
{
"name": "20080219 [DSECRG-08-016] Jinzora 2.7.5 Multiple XSS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/488326/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-02-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Jinzora Media Jukebox 2.7.5 allow remote attackers to inject arbitrary web script or HTML via the (1) frontend, (2) set_frontend, (3) jz_path, (4) theme, and (5) set_theme parameters to (a) index.php; the frontend, theme, and (6) language parameters to (b) ajax_request.php; the jz_path parameter to (c) slim.php; the frontend, theme, and jz_path parameters to (d) popup.php; the (13) PATH_INFO to index.php and (e) slim.php; and the (14) query parameter in a playlistedit action and (15) siteNewsData parameter in a sitenews action to (f) popup.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "27876",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/27876"
},
{
"name": "29023",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29023"
},
{
"name": "3683",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3683"
},
{
"name": "20080219 [DSECRG-08-016] Jinzora 2.7.5 Multiple XSS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/488326/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0877",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Jinzora Media Jukebox 2.7.5 allow remote attackers to inject arbitrary web script or HTML via the (1) frontend, (2) set_frontend, (3) jz_path, (4) theme, and (5) set_theme parameters to (a) index.php; the frontend, theme, and (6) language parameters to (b) ajax_request.php; the jz_path parameter to (c) slim.php; the frontend, theme, and jz_path parameters to (d) popup.php; the (13) PATH_INFO to index.php and (e) slim.php; and the (14) query parameter in a playlistedit action and (15) siteNewsData parameter in a sitenews action to (f) popup.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "27876",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27876"
},
{
"name": "29023",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29023"
},
{
"name": "3683",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3683"
},
{
"name": "20080219 [DSECRG-08-016] Jinzora 2.7.5 Multiple XSS",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/488326/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-0877",
"datePublished": "2008-02-21T19:00:00.000Z",
"dateReserved": "2008-02-21T00:00:00.000Z",
"dateUpdated": "2024-08-07T08:01:39.786Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-7130 (GCVE-0-2006-7130)
Vulnerability from nvd – Published: 2007-03-06 01:00 – Updated: 2024-08-07 20:50
VLAI
Summary
PHP remote file inclusion vulnerability in backend/primitives/cache/media.php in Jinzora 2.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the include_path parameter, a different vector than CVE-2006-6770.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/2512 | exploitx_refsource_EXPLOIT-DB |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://securityreason.com/securityalert/2351 | third-party-advisoryx_refsource_SREASON |
| http://www.securityfocus.com/archive/1/448290/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.securityfocus.com/bid/20446 | vdb-entryx_refsource_BID |
Date Public
2006-10-10 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:50:06.081Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "2512",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/2512"
},
{
"name": "jinzora-media-file-include(29436)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29436"
},
{
"name": "2351",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/2351"
},
{
"name": "20061010 Jinzora \u003c= 2.1 Remote File Inclusion",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/448290/100/0/threaded"
},
{
"name": "20446",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/20446"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-10-10T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "PHP remote file inclusion vulnerability in backend/primitives/cache/media.php in Jinzora 2.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the include_path parameter, a different vector than CVE-2006-6770."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "2512",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/2512"
},
{
"name": "jinzora-media-file-include(29436)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29436"
},
{
"name": "2351",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/2351"
},
{
"name": "20061010 Jinzora \u003c= 2.1 Remote File Inclusion",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/448290/100/0/threaded"
},
{
"name": "20446",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/20446"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-7130",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in backend/primitives/cache/media.php in Jinzora 2.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the include_path parameter, a different vector than CVE-2006-6770."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "2512",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/2512"
},
{
"name": "jinzora-media-file-include(29436)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29436"
},
{
"name": "2351",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2351"
},
{
"name": "20061010 Jinzora \u003c= 2.1 Remote File Inclusion",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/448290/100/0/threaded"
},
{
"name": "20446",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20446"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-7130",
"datePublished": "2007-03-06T01:00:00.000Z",
"dateReserved": "2007-03-05T00:00:00.000Z",
"dateUpdated": "2024-08-07T20:50:06.081Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-7131 (GCVE-0-2006-7131)
Vulnerability from nvd – Published: 2007-03-06 01:00 – Updated: 2024-08-07 20:50
VLAI
Summary
PHP remote file inclusion vulnerability in extras/mt.php in Jinzora 2.6 allows remote attackers to execute arbitrary PHP code via the web_root parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://securityreason.com/securityalert/2352 | third-party-advisoryx_refsource_SREASON |
| https://www.exploit-db.com/exploits/2558 | exploitx_refsource_EXPLOIT-DB |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.securityfocus.com/archive/1/448703/100… | mailing-listx_refsource_BUGTRAQ |
Date Public
2006-10-14 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:50:06.379Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "2352",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/2352"
},
{
"name": "2558",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/2558"
},
{
"name": "jinzora-extras-file-include(29556)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29556"
},
{
"name": "20061014 Jinzora 2.6 - Remote File Include Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/448703/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-10-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "PHP remote file inclusion vulnerability in extras/mt.php in Jinzora 2.6 allows remote attackers to execute arbitrary PHP code via the web_root parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "2352",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/2352"
},
{
"name": "2558",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/2558"
},
{
"name": "jinzora-extras-file-include(29556)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29556"
},
{
"name": "20061014 Jinzora 2.6 - Remote File Include Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/448703/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-7131",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in extras/mt.php in Jinzora 2.6 allows remote attackers to execute arbitrary PHP code via the web_root parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "2352",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2352"
},
{
"name": "2558",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/2558"
},
{
"name": "jinzora-extras-file-include(29556)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29556"
},
{
"name": "20061014 Jinzora 2.6 - Remote File Include Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/448703/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-7131",
"datePublished": "2007-03-06T01:00:00.000Z",
"dateReserved": "2007-03-05T00:00:00.000Z",
"dateUpdated": "2024-08-07T20:50:06.379Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-6770 (GCVE-0-2006-6770)
Vulnerability from nvd – Published: 2006-12-27 23:00 – Updated: 2024-08-07 20:42
VLAI
Summary
Multiple PHP remote file inclusion vulnerabilities in Jinzora Media Jukebox 2.7 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the include_path parameter in (1) popup.php, (2) rss.php, (3) ajax_request.php, and (4) mediabroadcast.php.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/21741 | vdb-entryx_refsource_BID |
| https://www.exploit-db.com/exploits/3003 | exploitx_refsource_EXPLOIT-DB |
| http://secunia.com/advisories/23501 | third-party-advisoryx_refsource_SECUNIA |
| http://www.vupen.com/english/advisories/2006/5177 | vdb-entryx_refsource_VUPEN |
Date Public
2006-12-25 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:42:06.495Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "21741",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/21741"
},
{
"name": "3003",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/3003"
},
{
"name": "23501",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23501"
},
{
"name": "ADV-2006-5177",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/5177"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-12-25T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple PHP remote file inclusion vulnerabilities in Jinzora Media Jukebox 2.7 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the include_path parameter in (1) popup.php, (2) rss.php, (3) ajax_request.php, and (4) mediabroadcast.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-18T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "21741",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/21741"
},
{
"name": "3003",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/3003"
},
{
"name": "23501",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23501"
},
{
"name": "ADV-2006-5177",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/5177"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6770",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple PHP remote file inclusion vulnerabilities in Jinzora Media Jukebox 2.7 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the include_path parameter in (1) popup.php, (2) rss.php, (3) ajax_request.php, and (4) mediabroadcast.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "21741",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21741"
},
{
"name": "3003",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/3003"
},
{
"name": "23501",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23501"
},
{
"name": "ADV-2006-5177",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/5177"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-6770",
"datePublished": "2006-12-27T23:00:00.000Z",
"dateReserved": "2006-12-27T00:00:00.000Z",
"dateUpdated": "2024-08-07T20:42:06.495Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-2249 (GCVE-0-2005-2249)
Vulnerability from nvd – Published: 2005-07-13 04:00 – Updated: 2024-09-16 23:21
VLAI
Summary
Multiple unknown vulnerabilities in Jinzora 2.0.1 have unknown impact and attack vectors, possibly involving a PHP file inclusion vulnerability.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://secunia.com/advisories/15952 | third-party-advisoryx_refsource_SECUNIA |
| http://freshmeat.net/projects/jinzora/?branch_id=… | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T22:22:48.643Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "15952",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/15952"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://freshmeat.net/projects/jinzora/?branch_id=43140\u0026release_id=200390"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple unknown vulnerabilities in Jinzora 2.0.1 have unknown impact and attack vectors, possibly involving a PHP file inclusion vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-07-13T04:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "15952",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/15952"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://freshmeat.net/projects/jinzora/?branch_id=43140\u0026release_id=200390"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-2249",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple unknown vulnerabilities in Jinzora 2.0.1 have unknown impact and attack vectors, possibly involving a PHP file inclusion vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "15952",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/15952"
},
{
"name": "http://freshmeat.net/projects/jinzora/?branch_id=43140\u0026release_id=200390",
"refsource": "CONFIRM",
"url": "http://freshmeat.net/projects/jinzora/?branch_id=43140\u0026release_id=200390"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-2249",
"datePublished": "2005-07-13T04:00:00.000Z",
"dateReserved": "2005-07-13T00:00:00.000Z",
"dateUpdated": "2024-09-16T23:21:06.739Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-2313 (GCVE-0-2009-2313)
Vulnerability from cvelistv5 – Published: 2009-07-02 10:00 – Updated: 2024-08-07 05:44
VLAI
Summary
Directory traversal vulnerability in index.php in Jinzora Media Jukebox 2.8 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the name parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| http://www.exploit-db.com/exploits/8278 | exploitx_refsource_EXPLOIT-DB |
Date Public
2009-03-24 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:44:56.073Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "8278",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/8278"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-03-24T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in index.php in Jinzora Media Jukebox 2.8 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the name parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-18T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "8278",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/8278"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-2313",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in index.php in Jinzora Media Jukebox 2.8 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the name parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "8278",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/8278"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-2313",
"datePublished": "2009-07-02T10:00:00.000Z",
"dateReserved": "2009-07-02T00:00:00.000Z",
"dateUpdated": "2024-08-07T05:44:56.073Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-0877 (GCVE-0-2008-0877)
Vulnerability from cvelistv5 – Published: 2008-02-21 19:00 – Updated: 2024-08-07 08:01
VLAI
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Jinzora Media Jukebox 2.7.5 allow remote attackers to inject arbitrary web script or HTML via the (1) frontend, (2) set_frontend, (3) jz_path, (4) theme, and (5) set_theme parameters to (a) index.php; the frontend, theme, and (6) language parameters to (b) ajax_request.php; the jz_path parameter to (c) slim.php; the frontend, theme, and jz_path parameters to (d) popup.php; the (13) PATH_INFO to index.php and (e) slim.php; and the (14) query parameter in a playlistedit action and (15) siteNewsData parameter in a sitenews action to (f) popup.php.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/27876 | vdb-entryx_refsource_BID |
| http://secunia.com/advisories/29023 | third-party-advisoryx_refsource_SECUNIA |
| http://securityreason.com/securityalert/3683 | third-party-advisoryx_refsource_SREASON |
| http://www.securityfocus.com/archive/1/488326/100… | mailing-listx_refsource_BUGTRAQ |
Date Public
2008-02-19 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:01:39.786Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "27876",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/27876"
},
{
"name": "29023",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29023"
},
{
"name": "3683",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3683"
},
{
"name": "20080219 [DSECRG-08-016] Jinzora 2.7.5 Multiple XSS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/488326/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-02-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Jinzora Media Jukebox 2.7.5 allow remote attackers to inject arbitrary web script or HTML via the (1) frontend, (2) set_frontend, (3) jz_path, (4) theme, and (5) set_theme parameters to (a) index.php; the frontend, theme, and (6) language parameters to (b) ajax_request.php; the jz_path parameter to (c) slim.php; the frontend, theme, and jz_path parameters to (d) popup.php; the (13) PATH_INFO to index.php and (e) slim.php; and the (14) query parameter in a playlistedit action and (15) siteNewsData parameter in a sitenews action to (f) popup.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "27876",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/27876"
},
{
"name": "29023",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29023"
},
{
"name": "3683",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3683"
},
{
"name": "20080219 [DSECRG-08-016] Jinzora 2.7.5 Multiple XSS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/488326/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0877",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Jinzora Media Jukebox 2.7.5 allow remote attackers to inject arbitrary web script or HTML via the (1) frontend, (2) set_frontend, (3) jz_path, (4) theme, and (5) set_theme parameters to (a) index.php; the frontend, theme, and (6) language parameters to (b) ajax_request.php; the jz_path parameter to (c) slim.php; the frontend, theme, and jz_path parameters to (d) popup.php; the (13) PATH_INFO to index.php and (e) slim.php; and the (14) query parameter in a playlistedit action and (15) siteNewsData parameter in a sitenews action to (f) popup.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "27876",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27876"
},
{
"name": "29023",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29023"
},
{
"name": "3683",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3683"
},
{
"name": "20080219 [DSECRG-08-016] Jinzora 2.7.5 Multiple XSS",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/488326/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-0877",
"datePublished": "2008-02-21T19:00:00.000Z",
"dateReserved": "2008-02-21T00:00:00.000Z",
"dateUpdated": "2024-08-07T08:01:39.786Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-7130 (GCVE-0-2006-7130)
Vulnerability from cvelistv5 – Published: 2007-03-06 01:00 – Updated: 2024-08-07 20:50
VLAI
Summary
PHP remote file inclusion vulnerability in backend/primitives/cache/media.php in Jinzora 2.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the include_path parameter, a different vector than CVE-2006-6770.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/2512 | exploitx_refsource_EXPLOIT-DB |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://securityreason.com/securityalert/2351 | third-party-advisoryx_refsource_SREASON |
| http://www.securityfocus.com/archive/1/448290/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.securityfocus.com/bid/20446 | vdb-entryx_refsource_BID |
Date Public
2006-10-10 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:50:06.081Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "2512",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/2512"
},
{
"name": "jinzora-media-file-include(29436)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29436"
},
{
"name": "2351",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/2351"
},
{
"name": "20061010 Jinzora \u003c= 2.1 Remote File Inclusion",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/448290/100/0/threaded"
},
{
"name": "20446",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/20446"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-10-10T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "PHP remote file inclusion vulnerability in backend/primitives/cache/media.php in Jinzora 2.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the include_path parameter, a different vector than CVE-2006-6770."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "2512",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/2512"
},
{
"name": "jinzora-media-file-include(29436)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29436"
},
{
"name": "2351",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/2351"
},
{
"name": "20061010 Jinzora \u003c= 2.1 Remote File Inclusion",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/448290/100/0/threaded"
},
{
"name": "20446",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/20446"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-7130",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in backend/primitives/cache/media.php in Jinzora 2.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the include_path parameter, a different vector than CVE-2006-6770."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "2512",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/2512"
},
{
"name": "jinzora-media-file-include(29436)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29436"
},
{
"name": "2351",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2351"
},
{
"name": "20061010 Jinzora \u003c= 2.1 Remote File Inclusion",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/448290/100/0/threaded"
},
{
"name": "20446",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20446"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-7130",
"datePublished": "2007-03-06T01:00:00.000Z",
"dateReserved": "2007-03-05T00:00:00.000Z",
"dateUpdated": "2024-08-07T20:50:06.081Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-7131 (GCVE-0-2006-7131)
Vulnerability from cvelistv5 – Published: 2007-03-06 01:00 – Updated: 2024-08-07 20:50
VLAI
Summary
PHP remote file inclusion vulnerability in extras/mt.php in Jinzora 2.6 allows remote attackers to execute arbitrary PHP code via the web_root parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://securityreason.com/securityalert/2352 | third-party-advisoryx_refsource_SREASON |
| https://www.exploit-db.com/exploits/2558 | exploitx_refsource_EXPLOIT-DB |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.securityfocus.com/archive/1/448703/100… | mailing-listx_refsource_BUGTRAQ |
Date Public
2006-10-14 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:50:06.379Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "2352",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/2352"
},
{
"name": "2558",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/2558"
},
{
"name": "jinzora-extras-file-include(29556)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29556"
},
{
"name": "20061014 Jinzora 2.6 - Remote File Include Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/448703/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-10-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "PHP remote file inclusion vulnerability in extras/mt.php in Jinzora 2.6 allows remote attackers to execute arbitrary PHP code via the web_root parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "2352",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/2352"
},
{
"name": "2558",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/2558"
},
{
"name": "jinzora-extras-file-include(29556)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29556"
},
{
"name": "20061014 Jinzora 2.6 - Remote File Include Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/448703/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-7131",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in extras/mt.php in Jinzora 2.6 allows remote attackers to execute arbitrary PHP code via the web_root parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "2352",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2352"
},
{
"name": "2558",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/2558"
},
{
"name": "jinzora-extras-file-include(29556)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29556"
},
{
"name": "20061014 Jinzora 2.6 - Remote File Include Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/448703/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-7131",
"datePublished": "2007-03-06T01:00:00.000Z",
"dateReserved": "2007-03-05T00:00:00.000Z",
"dateUpdated": "2024-08-07T20:50:06.379Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-6770 (GCVE-0-2006-6770)
Vulnerability from cvelistv5 – Published: 2006-12-27 23:00 – Updated: 2024-08-07 20:42
VLAI
Summary
Multiple PHP remote file inclusion vulnerabilities in Jinzora Media Jukebox 2.7 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the include_path parameter in (1) popup.php, (2) rss.php, (3) ajax_request.php, and (4) mediabroadcast.php.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/21741 | vdb-entryx_refsource_BID |
| https://www.exploit-db.com/exploits/3003 | exploitx_refsource_EXPLOIT-DB |
| http://secunia.com/advisories/23501 | third-party-advisoryx_refsource_SECUNIA |
| http://www.vupen.com/english/advisories/2006/5177 | vdb-entryx_refsource_VUPEN |
Date Public
2006-12-25 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:42:06.495Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "21741",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/21741"
},
{
"name": "3003",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/3003"
},
{
"name": "23501",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23501"
},
{
"name": "ADV-2006-5177",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/5177"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-12-25T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple PHP remote file inclusion vulnerabilities in Jinzora Media Jukebox 2.7 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the include_path parameter in (1) popup.php, (2) rss.php, (3) ajax_request.php, and (4) mediabroadcast.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-18T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "21741",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/21741"
},
{
"name": "3003",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/3003"
},
{
"name": "23501",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23501"
},
{
"name": "ADV-2006-5177",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/5177"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6770",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple PHP remote file inclusion vulnerabilities in Jinzora Media Jukebox 2.7 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the include_path parameter in (1) popup.php, (2) rss.php, (3) ajax_request.php, and (4) mediabroadcast.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "21741",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21741"
},
{
"name": "3003",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/3003"
},
{
"name": "23501",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23501"
},
{
"name": "ADV-2006-5177",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/5177"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-6770",
"datePublished": "2006-12-27T23:00:00.000Z",
"dateReserved": "2006-12-27T00:00:00.000Z",
"dateUpdated": "2024-08-07T20:42:06.495Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-2249 (GCVE-0-2005-2249)
Vulnerability from cvelistv5 – Published: 2005-07-13 04:00 – Updated: 2024-09-16 23:21
VLAI
Summary
Multiple unknown vulnerabilities in Jinzora 2.0.1 have unknown impact and attack vectors, possibly involving a PHP file inclusion vulnerability.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://secunia.com/advisories/15952 | third-party-advisoryx_refsource_SECUNIA |
| http://freshmeat.net/projects/jinzora/?branch_id=… | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T22:22:48.643Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "15952",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/15952"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://freshmeat.net/projects/jinzora/?branch_id=43140\u0026release_id=200390"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple unknown vulnerabilities in Jinzora 2.0.1 have unknown impact and attack vectors, possibly involving a PHP file inclusion vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-07-13T04:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "15952",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/15952"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://freshmeat.net/projects/jinzora/?branch_id=43140\u0026release_id=200390"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-2249",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple unknown vulnerabilities in Jinzora 2.0.1 have unknown impact and attack vectors, possibly involving a PHP file inclusion vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "15952",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/15952"
},
{
"name": "http://freshmeat.net/projects/jinzora/?branch_id=43140\u0026release_id=200390",
"refsource": "CONFIRM",
"url": "http://freshmeat.net/projects/jinzora/?branch_id=43140\u0026release_id=200390"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-2249",
"datePublished": "2005-07-13T04:00:00.000Z",
"dateReserved": "2005-07-13T00:00:00.000Z",
"dateUpdated": "2024-09-16T23:21:06.739Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}