Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
11 vulnerabilities by ushahidi
CVE-2012-5618 (GCVE-0-2012-5618)
Vulnerability from cvelistv5 – Published: 2020-02-04 13:17 – Updated: 2024-08-06 21:14
VLAI
Summary
Ushahidi before 2.6.1 has insufficient entropy for forgot-password tokens.
Severity
No CVSS data available.
CWE
- insufficient entropy
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.openwall.com/lists/oss-security/2012/12/04/1 | x_refsource_MISC |
| https://github.com/ushahidi/Ushahidi_Web/commit/e… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:14:16.239Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/12/04/1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/ushahidi/Ushahidi_Web/commit/e8c7ecd42818c331db8945d20f8b1865bc6d157e"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Ushahidi",
"vendor": "Ushahidi",
"versions": [
{
"status": "affected",
"version": "before 2.6.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Ushahidi before 2.6.1 has insufficient entropy for forgot-password tokens."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "insufficient entropy",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-04T13:17:59.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2012/12/04/1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/ushahidi/Ushahidi_Web/commit/e8c7ecd42818c331db8945d20f8b1865bc6d157e"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-5618",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Ushahidi",
"version": {
"version_data": [
{
"version_value": "before 2.6.1"
}
]
}
}
]
},
"vendor_name": "Ushahidi"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Ushahidi before 2.6.1 has insufficient entropy for forgot-password tokens."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "insufficient entropy"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.openwall.com/lists/oss-security/2012/12/04/1",
"refsource": "MISC",
"url": "http://www.openwall.com/lists/oss-security/2012/12/04/1"
},
{
"name": "https://github.com/ushahidi/Ushahidi_Web/commit/e8c7ecd42818c331db8945d20f8b1865bc6d157e",
"refsource": "MISC",
"url": "https://github.com/ushahidi/Ushahidi_Web/commit/e8c7ecd42818c331db8945d20f8b1865bc6d157e"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-5618",
"datePublished": "2020-02-04T13:17:59.000Z",
"dateReserved": "2012-10-24T00:00:00.000Z",
"dateUpdated": "2024-08-06T21:14:16.239Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-2025 (GCVE-0-2013-2025)
Vulnerability from cvelistv5 – Published: 2014-04-25 17:00 – Updated: 2024-08-06 15:20
VLAI
Summary
Cross-site scripting (XSS) vulnerability in Ushahidi Platform 2.5.x through 2.6.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://github.com/ushahidi/Ushahidi_Web/issues/1009 | x_refsource_CONFIRM |
| https://github.com/ushahidi/Ushahidi_Web/pull/1056 | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/59410 | vdb-entryx_refsource_BID |
| https://github.com/rjmackay/Ushahidi_Web/commit/5… | x_refsource_MISC |
| https://wiki.ushahidi.com/display/WIKI/1+May+2013… | x_refsource_CONFIRM |
Date Public
2013-02-07 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:20:37.451Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/ushahidi/Ushahidi_Web/issues/1009"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/ushahidi/Ushahidi_Web/pull/1056"
},
{
"name": "59410",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/59410"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/rjmackay/Ushahidi_Web/commit/593719ff805a302e3ab2f2e535c875f90a04ea56"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wiki.ushahidi.com/display/WIKI/1+May+2013+-+CVE-2013-2025"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-02-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Ushahidi Platform 2.5.x through 2.6.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-04-25T16:57:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/ushahidi/Ushahidi_Web/issues/1009"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/ushahidi/Ushahidi_Web/pull/1056"
},
{
"name": "59410",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/59410"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/rjmackay/Ushahidi_Web/commit/593719ff805a302e3ab2f2e535c875f90a04ea56"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wiki.ushahidi.com/display/WIKI/1+May+2013+-+CVE-2013-2025"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-2025",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Ushahidi Platform 2.5.x through 2.6.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/ushahidi/Ushahidi_Web/issues/1009",
"refsource": "CONFIRM",
"url": "https://github.com/ushahidi/Ushahidi_Web/issues/1009"
},
{
"name": "https://github.com/ushahidi/Ushahidi_Web/pull/1056",
"refsource": "CONFIRM",
"url": "https://github.com/ushahidi/Ushahidi_Web/pull/1056"
},
{
"name": "59410",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/59410"
},
{
"name": "https://github.com/rjmackay/Ushahidi_Web/commit/593719ff805a302e3ab2f2e535c875f90a04ea56",
"refsource": "MISC",
"url": "https://github.com/rjmackay/Ushahidi_Web/commit/593719ff805a302e3ab2f2e535c875f90a04ea56"
},
{
"name": "https://wiki.ushahidi.com/display/WIKI/1+May+2013+-+CVE-2013-2025",
"refsource": "CONFIRM",
"url": "https://wiki.ushahidi.com/display/WIKI/1+May+2013+-+CVE-2013-2025"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-2025",
"datePublished": "2014-04-25T17:00:00.000Z",
"dateReserved": "2013-02-19T00:00:00.000Z",
"dateUpdated": "2024-08-06T15:20:37.451Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-3469 (GCVE-0-2012-3469)
Vulnerability from cvelistv5 – Published: 2012-08-12 21:00 – Updated: 2024-09-17 03:37
VLAI
Summary
Multiple SQL injection vulnerabilities in the Ushahidi Platform before 2.5 allow remote attackers to execute arbitrary SQL commands via vectors related to (1) the messages admin functionality in application/controllers/admin/messages.php, (2) application/libraries/api/MY_Checkin_Api_Object.php, (3) application/controllers/admin/messages/reporters.php, or (4) the location API in application/libraries/api/MY_Locations_Api_Object.php and application/models/location.php.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://github.com/ushahidi/Ushahidi_Web/commit/e0e2b66 | x_refsource_CONFIRM |
| https://github.com/ushahidi/Ushahidi_Web/commit/6f6a919 | x_refsource_CONFIRM |
| https://github.com/ushahidi/Ushahidi_Web/commit/68d9916 | x_refsource_CONFIRM |
| http://openwall.com/lists/oss-security/2012/08/09/5 | mailing-listx_refsource_MLIST |
| https://github.com/ushahidi/Ushahidi_Web/commit/a11d43c | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:05:12.648Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/ushahidi/Ushahidi_Web/commit/e0e2b66"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/ushahidi/Ushahidi_Web/commit/6f6a919"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/ushahidi/Ushahidi_Web/commit/68d9916"
},
{
"name": "[oss-security] 20120809 Re: CVE request for Ushahidi",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2012/08/09/5"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/ushahidi/Ushahidi_Web/commit/a11d43c"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in the Ushahidi Platform before 2.5 allow remote attackers to execute arbitrary SQL commands via vectors related to (1) the messages admin functionality in application/controllers/admin/messages.php, (2) application/libraries/api/MY_Checkin_Api_Object.php, (3) application/controllers/admin/messages/reporters.php, or (4) the location API in application/libraries/api/MY_Locations_Api_Object.php and application/models/location.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-08-12T21:00:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/ushahidi/Ushahidi_Web/commit/e0e2b66"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/ushahidi/Ushahidi_Web/commit/6f6a919"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/ushahidi/Ushahidi_Web/commit/68d9916"
},
{
"name": "[oss-security] 20120809 Re: CVE request for Ushahidi",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2012/08/09/5"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/ushahidi/Ushahidi_Web/commit/a11d43c"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-3469",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in the Ushahidi Platform before 2.5 allow remote attackers to execute arbitrary SQL commands via vectors related to (1) the messages admin functionality in application/controllers/admin/messages.php, (2) application/libraries/api/MY_Checkin_Api_Object.php, (3) application/controllers/admin/messages/reporters.php, or (4) the location API in application/libraries/api/MY_Locations_Api_Object.php and application/models/location.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/ushahidi/Ushahidi_Web/commit/e0e2b66",
"refsource": "CONFIRM",
"url": "https://github.com/ushahidi/Ushahidi_Web/commit/e0e2b66"
},
{
"name": "https://github.com/ushahidi/Ushahidi_Web/commit/6f6a919",
"refsource": "CONFIRM",
"url": "https://github.com/ushahidi/Ushahidi_Web/commit/6f6a919"
},
{
"name": "https://github.com/ushahidi/Ushahidi_Web/commit/68d9916",
"refsource": "CONFIRM",
"url": "https://github.com/ushahidi/Ushahidi_Web/commit/68d9916"
},
{
"name": "[oss-security] 20120809 Re: CVE request for Ushahidi",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2012/08/09/5"
},
{
"name": "https://github.com/ushahidi/Ushahidi_Web/commit/a11d43c",
"refsource": "CONFIRM",
"url": "https://github.com/ushahidi/Ushahidi_Web/commit/a11d43c"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-3469",
"datePublished": "2012-08-12T21:00:00.000Z",
"dateReserved": "2012-06-14T00:00:00.000Z",
"dateUpdated": "2024-09-17T03:37:24.200Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-3473 (GCVE-0-2012-3473)
Vulnerability from cvelistv5 – Published: 2012-08-12 21:00 – Updated: 2024-09-16 16:27
VLAI
Summary
The (1) reports API and (2) administration feature in the comments API in the Ushahidi Platform before 2.5 do not require authentication, which allows remote attackers to generate reports and organize comments via API functions.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/ushahidi/Ushahidi_Web/commit/13ca6f4 | x_refsource_CONFIRM |
| http://openwall.com/lists/oss-security/2012/08/09/5 | mailing-listx_refsource_MLIST |
| https://github.com/ushahidi/Ushahidi_Web/commit/f67f4ad | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:05:12.650Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/ushahidi/Ushahidi_Web/commit/13ca6f4"
},
{
"name": "[oss-security] 20120809 Re: CVE request for Ushahidi",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2012/08/09/5"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/ushahidi/Ushahidi_Web/commit/f67f4ad"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The (1) reports API and (2) administration feature in the comments API in the Ushahidi Platform before 2.5 do not require authentication, which allows remote attackers to generate reports and organize comments via API functions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-08-12T21:00:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/ushahidi/Ushahidi_Web/commit/13ca6f4"
},
{
"name": "[oss-security] 20120809 Re: CVE request for Ushahidi",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2012/08/09/5"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/ushahidi/Ushahidi_Web/commit/f67f4ad"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-3473",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The (1) reports API and (2) administration feature in the comments API in the Ushahidi Platform before 2.5 do not require authentication, which allows remote attackers to generate reports and organize comments via API functions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/ushahidi/Ushahidi_Web/commit/13ca6f4",
"refsource": "CONFIRM",
"url": "https://github.com/ushahidi/Ushahidi_Web/commit/13ca6f4"
},
{
"name": "[oss-security] 20120809 Re: CVE request for Ushahidi",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2012/08/09/5"
},
{
"name": "https://github.com/ushahidi/Ushahidi_Web/commit/f67f4ad",
"refsource": "CONFIRM",
"url": "https://github.com/ushahidi/Ushahidi_Web/commit/f67f4ad"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-3473",
"datePublished": "2012-08-12T21:00:00.000Z",
"dateReserved": "2012-06-14T00:00:00.000Z",
"dateUpdated": "2024-09-16T16:27:36.345Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-3470 (GCVE-0-2012-3470)
Vulnerability from cvelistv5 – Published: 2012-08-12 21:00 – Updated: 2024-09-16 19:09
VLAI
Summary
Multiple SQL injection vulnerabilities in application/libraries/api/MY_Countries_Api_Object.php in the Ushahidi Platform before 2.5 allow remote attackers to execute arbitrary SQL commands via vectors related to _get_countries functions.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://openwall.com/lists/oss-security/2012/08/09/5 | mailing-listx_refsource_MLIST |
| https://github.com/ushahidi/Ushahidi_Web/commit/3301e48 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:05:12.613Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20120809 Re: CVE request for Ushahidi",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2012/08/09/5"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/ushahidi/Ushahidi_Web/commit/3301e48"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in application/libraries/api/MY_Countries_Api_Object.php in the Ushahidi Platform before 2.5 allow remote attackers to execute arbitrary SQL commands via vectors related to _get_countries functions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-08-12T21:00:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20120809 Re: CVE request for Ushahidi",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2012/08/09/5"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/ushahidi/Ushahidi_Web/commit/3301e48"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-3470",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in application/libraries/api/MY_Countries_Api_Object.php in the Ushahidi Platform before 2.5 allow remote attackers to execute arbitrary SQL commands via vectors related to _get_countries functions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20120809 Re: CVE request for Ushahidi",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2012/08/09/5"
},
{
"name": "https://github.com/ushahidi/Ushahidi_Web/commit/3301e48",
"refsource": "CONFIRM",
"url": "https://github.com/ushahidi/Ushahidi_Web/commit/3301e48"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-3470",
"datePublished": "2012-08-12T21:00:00.000Z",
"dateReserved": "2012-06-14T00:00:00.000Z",
"dateUpdated": "2024-09-16T19:09:04.713Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-3468 (GCVE-0-2012-3468)
Vulnerability from cvelistv5 – Published: 2012-08-12 21:00 – Updated: 2024-09-17 01:12
VLAI
Summary
Multiple SQL injection vulnerabilities in the Ushahidi Platform before 2.5 allow remote attackers to execute arbitrary SQL commands via vectors related to (1) the verify function in application/controllers/alerts.php, (2) the save_all function in application/models/settings.php, or (3) the media type to the timeline function in application/controllers/json.php.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://github.com/ushahidi/Ushahidi_Web/commit/d954093 | x_refsource_CONFIRM |
| http://openwall.com/lists/oss-security/2012/08/09/5 | mailing-listx_refsource_MLIST |
| https://github.com/ushahidi/Ushahidi_Web/commit/4764792 | x_refsource_CONFIRM |
| https://github.com/ushahidi/Ushahidi_Web/commit/fdb48d1 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:05:12.560Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/ushahidi/Ushahidi_Web/commit/d954093"
},
{
"name": "[oss-security] 20120809 Re: CVE request for Ushahidi",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2012/08/09/5"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/ushahidi/Ushahidi_Web/commit/4764792"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/ushahidi/Ushahidi_Web/commit/fdb48d1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in the Ushahidi Platform before 2.5 allow remote attackers to execute arbitrary SQL commands via vectors related to (1) the verify function in application/controllers/alerts.php, (2) the save_all function in application/models/settings.php, or (3) the media type to the timeline function in application/controllers/json.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-08-12T21:00:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/ushahidi/Ushahidi_Web/commit/d954093"
},
{
"name": "[oss-security] 20120809 Re: CVE request for Ushahidi",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2012/08/09/5"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/ushahidi/Ushahidi_Web/commit/4764792"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/ushahidi/Ushahidi_Web/commit/fdb48d1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-3468",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in the Ushahidi Platform before 2.5 allow remote attackers to execute arbitrary SQL commands via vectors related to (1) the verify function in application/controllers/alerts.php, (2) the save_all function in application/models/settings.php, or (3) the media type to the timeline function in application/controllers/json.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/ushahidi/Ushahidi_Web/commit/d954093",
"refsource": "CONFIRM",
"url": "https://github.com/ushahidi/Ushahidi_Web/commit/d954093"
},
{
"name": "[oss-security] 20120809 Re: CVE request for Ushahidi",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2012/08/09/5"
},
{
"name": "https://github.com/ushahidi/Ushahidi_Web/commit/4764792",
"refsource": "CONFIRM",
"url": "https://github.com/ushahidi/Ushahidi_Web/commit/4764792"
},
{
"name": "https://github.com/ushahidi/Ushahidi_Web/commit/fdb48d1",
"refsource": "CONFIRM",
"url": "https://github.com/ushahidi/Ushahidi_Web/commit/fdb48d1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-3468",
"datePublished": "2012-08-12T21:00:00.000Z",
"dateReserved": "2012-06-14T00:00:00.000Z",
"dateUpdated": "2024-09-17T01:12:00.485Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-3474 (GCVE-0-2012-3474)
Vulnerability from cvelistv5 – Published: 2012-08-12 21:00 – Updated: 2024-09-17 02:48
VLAI
Summary
The comments API in application/libraries/api/MY_Comments_Api_Object.php in the Ushahidi Platform before 2.5 allows remote attackers to obtain sensitive information about the e-mail address, IP address, and other attributes of the author of a comment via an API function call.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://openwall.com/lists/oss-security/2012/08/09/5 | mailing-listx_refsource_MLIST |
| https://github.com/ushahidi/Ushahidi_Web/commit/529f353 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:05:12.667Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20120809 Re: CVE request for Ushahidi",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2012/08/09/5"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/ushahidi/Ushahidi_Web/commit/529f353"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The comments API in application/libraries/api/MY_Comments_Api_Object.php in the Ushahidi Platform before 2.5 allows remote attackers to obtain sensitive information about the e-mail address, IP address, and other attributes of the author of a comment via an API function call."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-08-12T21:00:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20120809 Re: CVE request for Ushahidi",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2012/08/09/5"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/ushahidi/Ushahidi_Web/commit/529f353"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-3474",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The comments API in application/libraries/api/MY_Comments_Api_Object.php in the Ushahidi Platform before 2.5 allows remote attackers to obtain sensitive information about the e-mail address, IP address, and other attributes of the author of a comment via an API function call."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20120809 Re: CVE request for Ushahidi",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2012/08/09/5"
},
{
"name": "https://github.com/ushahidi/Ushahidi_Web/commit/529f353",
"refsource": "CONFIRM",
"url": "https://github.com/ushahidi/Ushahidi_Web/commit/529f353"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-3474",
"datePublished": "2012-08-12T21:00:00.000Z",
"dateReserved": "2012-06-14T00:00:00.000Z",
"dateUpdated": "2024-09-17T02:48:09.605Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-3471 (GCVE-0-2012-3471)
Vulnerability from cvelistv5 – Published: 2012-08-12 21:00 – Updated: 2024-09-16 16:17
VLAI
Summary
Multiple SQL injection vulnerabilities in the edit functions in (1) application/controllers/admin/reports.php and (2) application/controllers/members/reports.php in the Ushahidi Platform before 2.5 allow remote attackers to execute arbitrary SQL commands via an incident id.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://openwall.com/lists/oss-security/2012/08/09/5 | mailing-listx_refsource_MLIST |
| https://github.com/ushahidi/Ushahidi_Web/commit/3f14fa0 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:05:12.481Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20120809 Re: CVE request for Ushahidi",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2012/08/09/5"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/ushahidi/Ushahidi_Web/commit/3f14fa0"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in the edit functions in (1) application/controllers/admin/reports.php and (2) application/controllers/members/reports.php in the Ushahidi Platform before 2.5 allow remote attackers to execute arbitrary SQL commands via an incident id."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-08-12T21:00:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20120809 Re: CVE request for Ushahidi",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2012/08/09/5"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/ushahidi/Ushahidi_Web/commit/3f14fa0"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-3471",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in the edit functions in (1) application/controllers/admin/reports.php and (2) application/controllers/members/reports.php in the Ushahidi Platform before 2.5 allow remote attackers to execute arbitrary SQL commands via an incident id."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20120809 Re: CVE request for Ushahidi",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2012/08/09/5"
},
{
"name": "https://github.com/ushahidi/Ushahidi_Web/commit/3f14fa0",
"refsource": "CONFIRM",
"url": "https://github.com/ushahidi/Ushahidi_Web/commit/3f14fa0"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-3471",
"datePublished": "2012-08-12T21:00:00.000Z",
"dateReserved": "2012-06-14T00:00:00.000Z",
"dateUpdated": "2024-09-16T16:17:36.708Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-3472 (GCVE-0-2012-3472)
Vulnerability from cvelistv5 – Published: 2012-08-12 21:00 – Updated: 2024-09-16 17:43
VLAI
Summary
The email API in application/libraries/api/MY_Email_Api_Object.php in the Ushahidi Platform before 2.5 does not require authentication, which allows remote attackers to list, delete, or organize messages via a GET request.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://openwall.com/lists/oss-security/2012/08/09/5 | mailing-listx_refsource_MLIST |
| https://github.com/ushahidi/Ushahidi_Web/commit/4c24325 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:05:12.675Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20120809 Re: CVE request for Ushahidi",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2012/08/09/5"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/ushahidi/Ushahidi_Web/commit/4c24325"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The email API in application/libraries/api/MY_Email_Api_Object.php in the Ushahidi Platform before 2.5 does not require authentication, which allows remote attackers to list, delete, or organize messages via a GET request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-08-12T21:00:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20120809 Re: CVE request for Ushahidi",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2012/08/09/5"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/ushahidi/Ushahidi_Web/commit/4c24325"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-3472",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The email API in application/libraries/api/MY_Email_Api_Object.php in the Ushahidi Platform before 2.5 does not require authentication, which allows remote attackers to list, delete, or organize messages via a GET request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20120809 Re: CVE request for Ushahidi",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2012/08/09/5"
},
{
"name": "https://github.com/ushahidi/Ushahidi_Web/commit/4c24325",
"refsource": "CONFIRM",
"url": "https://github.com/ushahidi/Ushahidi_Web/commit/4c24325"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-3472",
"datePublished": "2012-08-12T21:00:00.000Z",
"dateReserved": "2012-06-14T00:00:00.000Z",
"dateUpdated": "2024-09-16T17:43:45.629Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-3475 (GCVE-0-2012-3475)
Vulnerability from cvelistv5 – Published: 2012-08-12 21:00 – Updated: 2024-09-17 00:55
VLAI
Summary
The installer in the Ushahidi Platform before 2.5 omits certain calls to the exit function, which allows remote attackers to obtain administrative privileges via unspecified vectors.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://openwall.com/lists/oss-security/2012/08/09/5 | mailing-listx_refsource_MLIST |
| https://github.com/ushahidi/Ushahidi_Web/commit/7892559 | x_refsource_CONFIRM |
| https://github.com/ushahidi/Ushahidi_Web/commit/fcdad03 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:05:12.668Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20120809 Re: CVE request for Ushahidi",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2012/08/09/5"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/ushahidi/Ushahidi_Web/commit/7892559"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/ushahidi/Ushahidi_Web/commit/fcdad03"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The installer in the Ushahidi Platform before 2.5 omits certain calls to the exit function, which allows remote attackers to obtain administrative privileges via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-08-12T21:00:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20120809 Re: CVE request for Ushahidi",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2012/08/09/5"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/ushahidi/Ushahidi_Web/commit/7892559"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/ushahidi/Ushahidi_Web/commit/fcdad03"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-3475",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The installer in the Ushahidi Platform before 2.5 omits certain calls to the exit function, which allows remote attackers to obtain administrative privileges via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20120809 Re: CVE request for Ushahidi",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2012/08/09/5"
},
{
"name": "https://github.com/ushahidi/Ushahidi_Web/commit/7892559",
"refsource": "CONFIRM",
"url": "https://github.com/ushahidi/Ushahidi_Web/commit/7892559"
},
{
"name": "https://github.com/ushahidi/Ushahidi_Web/commit/fcdad03",
"refsource": "CONFIRM",
"url": "https://github.com/ushahidi/Ushahidi_Web/commit/fcdad03"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-3475",
"datePublished": "2012-08-12T21:00:00.000Z",
"dateReserved": "2012-06-14T00:00:00.000Z",
"dateUpdated": "2024-09-17T00:55:34.320Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-3476 (GCVE-0-2012-3476)
Vulnerability from cvelistv5 – Published: 2012-08-12 21:00 – Updated: 2024-09-17 02:56
VLAI
Summary
Multiple cross-site scripting (XSS) vulnerabilities in (1) application/views/admin/layout.php and (2) themes/default/views/header.php in the Ushahidi Platform before 2.5 allow remote authenticated users to inject arbitrary web script or HTML via vectors related to a site name.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://openwall.com/lists/oss-security/2012/08/09/5 | mailing-listx_refsource_MLIST |
| https://github.com/ushahidi/Ushahidi_Web/commit/00eae4f | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:05:12.717Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20120809 Re: CVE request for Ushahidi",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2012/08/09/5"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/ushahidi/Ushahidi_Web/commit/00eae4f"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in (1) application/views/admin/layout.php and (2) themes/default/views/header.php in the Ushahidi Platform before 2.5 allow remote authenticated users to inject arbitrary web script or HTML via vectors related to a site name."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-08-12T21:00:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20120809 Re: CVE request for Ushahidi",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2012/08/09/5"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/ushahidi/Ushahidi_Web/commit/00eae4f"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-3476",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in (1) application/views/admin/layout.php and (2) themes/default/views/header.php in the Ushahidi Platform before 2.5 allow remote authenticated users to inject arbitrary web script or HTML via vectors related to a site name."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20120809 Re: CVE request for Ushahidi",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2012/08/09/5"
},
{
"name": "https://github.com/ushahidi/Ushahidi_Web/commit/00eae4f",
"refsource": "CONFIRM",
"url": "https://github.com/ushahidi/Ushahidi_Web/commit/00eae4f"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-3476",
"datePublished": "2012-08-12T21:00:00.000Z",
"dateReserved": "2012-06-14T00:00:00.000Z",
"dateUpdated": "2024-09-17T02:56:59.207Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}