Search criteria
5 vulnerabilities by lunascape
CVE-2012-1249 (GCVE-0-2012-1249)
Vulnerability from cvelistv5 – Published: 2012-05-21 20:00 – Updated: 2024-08-06 18:53
VLAI
Summary
The iLunascape application 1.0.4.0 and earlier for Android does not properly implement the WebView class, which allows remote attackers to obtain sensitive stored information via a crafted application.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://jvndb.jvn.jp/jvndb/JVNDB-2012-000044 | third-party-advisoryx_refsource_JVNDB |
| http://osvdb.org/82035 | vdb-entryx_refsource_OSVDB |
| https://play.google.com/store/apps/details?id=jp.… | x_refsource_CONFIRM |
| http://jvn.jp/en/jp/JVN86044443/index.html | third-party-advisoryx_refsource_JVN |
| http://secunia.com/advisories/49253 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/bid/53619 | vdb-entryx_refsource_BID |
Date Public
2012-05-21 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:53:36.372Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVNDB-2012-000044",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000044"
},
{
"name": "82035",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/82035"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://play.google.com/store/apps/details?id=jp.co.lunascape.android.ilunascape"
},
{
"name": "JVN#86044443",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN86044443/index.html"
},
{
"name": "49253",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/49253"
},
{
"name": "53619",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/53619"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-05-21T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The iLunascape application 1.0.4.0 and earlier for Android does not properly implement the WebView class, which allows remote attackers to obtain sensitive stored information via a crafted application."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-05-30T09:00:00.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVNDB-2012-000044",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000044"
},
{
"name": "82035",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/82035"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://play.google.com/store/apps/details?id=jp.co.lunascape.android.ilunascape"
},
{
"name": "JVN#86044443",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN86044443/index.html"
},
{
"name": "49253",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/49253"
},
{
"name": "53619",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/53619"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2012-1249",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The iLunascape application 1.0.4.0 and earlier for Android does not properly implement the WebView class, which allows remote attackers to obtain sensitive stored information via a crafted application."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVNDB-2012-000044",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000044"
},
{
"name": "82035",
"refsource": "OSVDB",
"url": "http://osvdb.org/82035"
},
{
"name": "https://play.google.com/store/apps/details?id=jp.co.lunascape.android.ilunascape",
"refsource": "CONFIRM",
"url": "https://play.google.com/store/apps/details?id=jp.co.lunascape.android.ilunascape"
},
{
"name": "JVN#86044443",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN86044443/index.html"
},
{
"name": "49253",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/49253"
},
{
"name": "53619",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/53619"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2012-1249",
"datePublished": "2012-05-21T20:00:00.000Z",
"dateReserved": "2012-02-21T00:00:00.000Z",
"dateUpdated": "2024-08-06T18:53:36.372Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-0452 (GCVE-0-2011-0452)
Vulnerability from cvelistv5 – Published: 2011-02-24 20:00 – Updated: 2024-08-06 21:51
VLAI
Summary
Untrusted search path vulnerability in the script function in Lunascape before 6.4.3 allows local users to gain privileges via a Trojan horse executable file in the current working directory.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://jvn.jp/en/jp/JVN38362957/ | third-party-advisoryx_refsource_JVN |
| http://lunapedia.lunascape.jp/index.php?title=Lun… | x_refsource_CONFIRM |
| http://secunia.com/advisories/43441 | third-party-advisoryx_refsource_SECUNIA |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-0… | third-party-advisoryx_refsource_JVNDB |
Date Public
2011-02-18 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:51:08.960Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#38362957",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN38362957/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://lunapedia.lunascape.jp/index.php?title=Lunascape6#2011.2F02.2F18_ver_6.4.3"
},
{
"name": "43441",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43441"
},
{
"name": "lunascape-dll-code-execution(65592)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65592"
},
{
"name": "JVNDB-2011-000012",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000012.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-02-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Untrusted search path vulnerability in the script function in Lunascape before 6.4.3 allows local users to gain privileges via a Trojan horse executable file in the current working directory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#38362957",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN38362957/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://lunapedia.lunascape.jp/index.php?title=Lunascape6#2011.2F02.2F18_ver_6.4.3"
},
{
"name": "43441",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43441"
},
{
"name": "lunascape-dll-code-execution(65592)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65592"
},
{
"name": "JVNDB-2011-000012",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000012.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2011-0452",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in the script function in Lunascape before 6.4.3 allows local users to gain privileges via a Trojan horse executable file in the current working directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#38362957",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN38362957/"
},
{
"name": "http://lunapedia.lunascape.jp/index.php?title=Lunascape6#2011.2F02.2F18_ver_6.4.3",
"refsource": "CONFIRM",
"url": "http://lunapedia.lunascape.jp/index.php?title=Lunascape6#2011.2F02.2F18_ver_6.4.3"
},
{
"name": "43441",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43441"
},
{
"name": "lunascape-dll-code-execution(65592)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65592"
},
{
"name": "JVNDB-2011-000012",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000012.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2011-0452",
"datePublished": "2011-02-24T20:00:00.000Z",
"dateReserved": "2011-01-14T00:00:00.000Z",
"dateUpdated": "2024-08-06T21:51:08.960Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-3927 (GCVE-0-2010-3927)
Vulnerability from cvelistv5 – Published: 2011-01-24 17:00 – Updated: 2024-08-07 03:26
VLAI
Summary
Untrusted search path vulnerability in Lunascape before 6.4.0 allows local users to gain privileges via a Trojan horse DLL in the current working directory.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
9 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/45945 | vdb-entryx_refsource_BID |
| http://lunapedia.lunascape.jp/index.php?title=Lun… | x_refsource_CONFIRM |
| http://jvn.jp/en/jp/JVN94695018/296426/index.html | x_refsource_MISC |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://help.lunascape.tv/LunascapeHelp-en/page.as… | x_refsource_CONFIRM |
| http://osvdb.org/70604 | vdb-entryx_refsource_OSVDB |
| http://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-0… | third-party-advisoryx_refsource_JVNDB |
| http://secunia.com/advisories/43003 | third-party-advisoryx_refsource_SECUNIA |
| http://jvn.jp/en/jp/JVN94695018/index.html | third-party-advisoryx_refsource_JVN |
Date Public
2011-01-19 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:26:12.205Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "45945",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/45945"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://lunapedia.lunascape.jp/index.php?title=Lunascape6#2011.2F01.2F19_ver_6.4.1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN94695018/296426/index.html"
},
{
"name": "lunascape-library-code-execution(64849)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64849"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://help.lunascape.tv/LunascapeHelp-en/page.aspx?pageid=ver_6_4_11"
},
{
"name": "70604",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/70604"
},
{
"name": "JVNDB-2011-000004",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000004.html"
},
{
"name": "43003",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43003"
},
{
"name": "JVN#94695018",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN94695018/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-01-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Untrusted search path vulnerability in Lunascape before 6.4.0 allows local users to gain privileges via a Trojan horse DLL in the current working directory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "45945",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/45945"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://lunapedia.lunascape.jp/index.php?title=Lunascape6#2011.2F01.2F19_ver_6.4.1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://jvn.jp/en/jp/JVN94695018/296426/index.html"
},
{
"name": "lunascape-library-code-execution(64849)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64849"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://help.lunascape.tv/LunascapeHelp-en/page.aspx?pageid=ver_6_4_11"
},
{
"name": "70604",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/70604"
},
{
"name": "JVNDB-2011-000004",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000004.html"
},
{
"name": "43003",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43003"
},
{
"name": "JVN#94695018",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN94695018/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2010-3927",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in Lunascape before 6.4.0 allows local users to gain privileges via a Trojan horse DLL in the current working directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "45945",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/45945"
},
{
"name": "http://lunapedia.lunascape.jp/index.php?title=Lunascape6#2011.2F01.2F19_ver_6.4.1",
"refsource": "CONFIRM",
"url": "http://lunapedia.lunascape.jp/index.php?title=Lunascape6#2011.2F01.2F19_ver_6.4.1"
},
{
"name": "http://jvn.jp/en/jp/JVN94695018/296426/index.html",
"refsource": "MISC",
"url": "http://jvn.jp/en/jp/JVN94695018/296426/index.html"
},
{
"name": "lunascape-library-code-execution(64849)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64849"
},
{
"name": "http://help.lunascape.tv/LunascapeHelp-en/page.aspx?pageid=ver_6_4_11",
"refsource": "CONFIRM",
"url": "http://help.lunascape.tv/LunascapeHelp-en/page.aspx?pageid=ver_6_4_11"
},
{
"name": "70604",
"refsource": "OSVDB",
"url": "http://osvdb.org/70604"
},
{
"name": "JVNDB-2011-000004",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000004.html"
},
{
"name": "43003",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43003"
},
{
"name": "JVN#94695018",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN94695018/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2010-3927",
"datePublished": "2011-01-24T17:00:00.000Z",
"dateReserved": "2010-10-12T00:00:00.000Z",
"dateUpdated": "2024-08-07T03:26:12.205Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-3005 (GCVE-0-2009-3005)
Vulnerability from cvelistv5 – Published: 2009-08-28 15:00 – Updated: 2024-08-07 06:14
VLAI
Summary
Lunascape 5.1.3 and 5.1.4 allows remote attackers to spoof the address bar, via window.open with a relative URI, to show an arbitrary URL on the web site visited by the victim, as demonstrated by a visit to an attacker-controlled web page, which triggers a spoofed login form for the site containing that page. NOTE: a related attack was reported in which an arbitrary file: URL is shown.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://lostmon.blogspot.com/2009/08/multiple-brow… | x_refsource_MISC |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Date Public
2009-08-15 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:14:55.219Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://lostmon.blogspot.com/2009/08/multiple-browsers-fake-url-folder-file.html"
},
{
"name": "lunascape-windowopen-spoofing(53008)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53008"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-08-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Lunascape 5.1.3 and 5.1.4 allows remote attackers to spoof the address bar, via window.open with a relative URI, to show an arbitrary URL on the web site visited by the victim, as demonstrated by a visit to an attacker-controlled web page, which triggers a spoofed login form for the site containing that page. NOTE: a related attack was reported in which an arbitrary file: URL is shown."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://lostmon.blogspot.com/2009/08/multiple-browsers-fake-url-folder-file.html"
},
{
"name": "lunascape-windowopen-spoofing(53008)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53008"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-3005",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Lunascape 5.1.3 and 5.1.4 allows remote attackers to spoof the address bar, via window.open with a relative URI, to show an arbitrary URL on the web site visited by the victim, as demonstrated by a visit to an attacker-controlled web page, which triggers a spoofed login form for the site containing that page. NOTE: a related attack was reported in which an arbitrary file: URL is shown."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://lostmon.blogspot.com/2009/08/multiple-browsers-fake-url-folder-file.html",
"refsource": "MISC",
"url": "http://lostmon.blogspot.com/2009/08/multiple-browsers-fake-url-folder-file.html"
},
{
"name": "lunascape-windowopen-spoofing(53008)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53008"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-3005",
"datePublished": "2009-08-28T15:00:00.000Z",
"dateReserved": "2009-08-28T00:00:00.000Z",
"dateUpdated": "2024-08-07T06:14:55.219Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-2335 (GCVE-0-2007-2335)
Vulnerability from cvelistv5 – Published: 2007-04-27 16:00 – Updated: 2024-08-07 13:33
VLAI
Summary
Cross-site scripting (XSS) vulnerability in the RSS feed reader functionality in Lunascape 4.1.3 build2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| http://osvdb.org/35364 | vdb-entryx_refsource_OSVDB |
| http://www.vupen.com/english/advisories/2007/1538 | vdb-entryx_refsource_VUPEN |
| http://www.securityfocus.com/bid/23665 | vdb-entryx_refsource_BID |
| http://jvn.jp/jp/JVN%2336628264/index.html | third-party-advisoryx_refsource_JVN |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://lunapedia.lunascape.jp/index.php?title=Lun… | x_refsource_CONFIRM |
| http://secunia.com/advisories/25000 | third-party-advisoryx_refsource_SECUNIA |
Date Public
2007-04-26 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T13:33:28.797Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "35364",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/35364"
},
{
"name": "ADV-2007-1538",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/1538"
},
{
"name": "23665",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/23665"
},
{
"name": "JVN#36628264",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/jp/JVN%2336628264/index.html"
},
{
"name": "lunascape-rssfeed-xss(34074)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34074"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://lunapedia.lunascape.jp/index.php?title=Lunascape_4#2007.2F04.2F25_ver_4.2.0"
},
{
"name": "25000",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25000"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-04-26T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the RSS feed reader functionality in Lunascape 4.1.3 build2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "35364",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/35364"
},
{
"name": "ADV-2007-1538",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/1538"
},
{
"name": "23665",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/23665"
},
{
"name": "JVN#36628264",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/jp/JVN%2336628264/index.html"
},
{
"name": "lunascape-rssfeed-xss(34074)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34074"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://lunapedia.lunascape.jp/index.php?title=Lunascape_4#2007.2F04.2F25_ver_4.2.0"
},
{
"name": "25000",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25000"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2335",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the RSS feed reader functionality in Lunascape 4.1.3 build2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "35364",
"refsource": "OSVDB",
"url": "http://osvdb.org/35364"
},
{
"name": "ADV-2007-1538",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1538"
},
{
"name": "23665",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23665"
},
{
"name": "JVN#36628264",
"refsource": "JVN",
"url": "http://jvn.jp/jp/JVN%2336628264/index.html"
},
{
"name": "lunascape-rssfeed-xss(34074)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34074"
},
{
"name": "http://lunapedia.lunascape.jp/index.php?title=Lunascape_4#2007.2F04.2F25_ver_4.2.0",
"refsource": "CONFIRM",
"url": "http://lunapedia.lunascape.jp/index.php?title=Lunascape_4#2007.2F04.2F25_ver_4.2.0"
},
{
"name": "25000",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25000"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-2335",
"datePublished": "2007-04-27T16:00:00.000Z",
"dateReserved": "2007-04-27T00:00:00.000Z",
"dateUpdated": "2024-08-07T13:33:28.797Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}