Search

Find a vulnerability

Search criteria

    4 vulnerabilities found for gbrowse by gmod

    CVE-2023-32637 (GCVE-0-2023-32637)

    Vulnerability from nvd – Published: 2023-07-25 05:01 – Updated: 2024-10-23 19:13 Unsupported When Assigned
    VLAI
    Summary
    GBrowse accepts files with any formats uploaded and places them in the area accessible through unauthenticated web requests. Therefore, anyone who can upload files through the product may execute arbitrary code on the server.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Unrestricted Upload of File with Dangerous Type
    Assigner
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T15:25:36.265Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://gmod.org/wiki/GBrowse"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://jbrowse.org/jb2/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN35897618/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-32637",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-23T19:13:16.328467Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-23T19:13:27.167Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "GBrowse",
              "vendor": "Generic Model Organism Database Project",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "GBrowse accepts files with any formats uploaded and places them in the area accessible through unauthenticated web requests. Therefore, anyone who can upload files through the product may execute arbitrary code on the server."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Unrestricted Upload of File with Dangerous Type",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-07-25T05:01:48.955Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "http://gmod.org/wiki/GBrowse"
            },
            {
              "url": "https://jbrowse.org/jb2/"
            },
            {
              "url": "https://jvn.jp/en/jp/JVN35897618/"
            }
          ],
          "tags": [
            "unsupported-when-assigned"
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2023-32637",
        "datePublished": "2023-07-25T05:01:48.955Z",
        "dateReserved": "2023-05-11T04:09:45.896Z",
        "dateUpdated": "2024-10-23T19:13:27.167Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-3781 (GCVE-0-2008-3781)

    Vulnerability from nvd – Published: 2008-08-26 14:06 – Updated: 2024-08-07 09:53
    VLAI
    Summary
    Cross-site scripting (XSS) vulnerability in GMOD GBrowse before 1.69 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2008-08-22 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T09:53:00.331Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "gbrowse-unspecified-xss(44632)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44632"
              },
              {
                "name": "30812",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/30812"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://gmod.org/wiki/GMOD_News#GBrowse_1.69_Released"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://sourceforge.net/project/shownotes.php?release_id=621342\u0026group_id=27707"
              },
              {
                "name": "31596",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/31596"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-08-22T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site scripting (XSS) vulnerability in GMOD GBrowse before 1.69 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-07T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "gbrowse-unspecified-xss(44632)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44632"
            },
            {
              "name": "30812",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/30812"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://gmod.org/wiki/GMOD_News#GBrowse_1.69_Released"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://sourceforge.net/project/shownotes.php?release_id=621342\u0026group_id=27707"
            },
            {
              "name": "31596",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/31596"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2008-3781",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site scripting (XSS) vulnerability in GMOD GBrowse before 1.69 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "gbrowse-unspecified-xss(44632)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44632"
                },
                {
                  "name": "30812",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/30812"
                },
                {
                  "name": "http://gmod.org/wiki/GMOD_News#GBrowse_1.69_Released",
                  "refsource": "CONFIRM",
                  "url": "http://gmod.org/wiki/GMOD_News#GBrowse_1.69_Released"
                },
                {
                  "name": "http://sourceforge.net/project/shownotes.php?release_id=621342\u0026group_id=27707",
                  "refsource": "CONFIRM",
                  "url": "http://sourceforge.net/project/shownotes.php?release_id=621342\u0026group_id=27707"
                },
                {
                  "name": "31596",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/31596"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2008-3781",
        "datePublished": "2008-08-26T14:06:00.000Z",
        "dateReserved": "2008-08-26T00:00:00.000Z",
        "dateUpdated": "2024-08-07T09:53:00.331Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-32637 (GCVE-0-2023-32637)

    Vulnerability from cvelistv5 – Published: 2023-07-25 05:01 – Updated: 2024-10-23 19:13 Unsupported When Assigned
    VLAI
    Summary
    GBrowse accepts files with any formats uploaded and places them in the area accessible through unauthenticated web requests. Therefore, anyone who can upload files through the product may execute arbitrary code on the server.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Unrestricted Upload of File with Dangerous Type
    Assigner
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T15:25:36.265Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://gmod.org/wiki/GBrowse"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://jbrowse.org/jb2/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN35897618/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-32637",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-23T19:13:16.328467Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-23T19:13:27.167Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "GBrowse",
              "vendor": "Generic Model Organism Database Project",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "GBrowse accepts files with any formats uploaded and places them in the area accessible through unauthenticated web requests. Therefore, anyone who can upload files through the product may execute arbitrary code on the server."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Unrestricted Upload of File with Dangerous Type",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-07-25T05:01:48.955Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "http://gmod.org/wiki/GBrowse"
            },
            {
              "url": "https://jbrowse.org/jb2/"
            },
            {
              "url": "https://jvn.jp/en/jp/JVN35897618/"
            }
          ],
          "tags": [
            "unsupported-when-assigned"
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2023-32637",
        "datePublished": "2023-07-25T05:01:48.955Z",
        "dateReserved": "2023-05-11T04:09:45.896Z",
        "dateUpdated": "2024-10-23T19:13:27.167Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-3781 (GCVE-0-2008-3781)

    Vulnerability from cvelistv5 – Published: 2008-08-26 14:06 – Updated: 2024-08-07 09:53
    VLAI
    Summary
    Cross-site scripting (XSS) vulnerability in GMOD GBrowse before 1.69 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2008-08-22 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T09:53:00.331Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "gbrowse-unspecified-xss(44632)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44632"
              },
              {
                "name": "30812",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/30812"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://gmod.org/wiki/GMOD_News#GBrowse_1.69_Released"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://sourceforge.net/project/shownotes.php?release_id=621342\u0026group_id=27707"
              },
              {
                "name": "31596",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/31596"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-08-22T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site scripting (XSS) vulnerability in GMOD GBrowse before 1.69 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-07T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "gbrowse-unspecified-xss(44632)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44632"
            },
            {
              "name": "30812",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/30812"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://gmod.org/wiki/GMOD_News#GBrowse_1.69_Released"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://sourceforge.net/project/shownotes.php?release_id=621342\u0026group_id=27707"
            },
            {
              "name": "31596",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/31596"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2008-3781",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site scripting (XSS) vulnerability in GMOD GBrowse before 1.69 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "gbrowse-unspecified-xss(44632)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44632"
                },
                {
                  "name": "30812",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/30812"
                },
                {
                  "name": "http://gmod.org/wiki/GMOD_News#GBrowse_1.69_Released",
                  "refsource": "CONFIRM",
                  "url": "http://gmod.org/wiki/GMOD_News#GBrowse_1.69_Released"
                },
                {
                  "name": "http://sourceforge.net/project/shownotes.php?release_id=621342\u0026group_id=27707",
                  "refsource": "CONFIRM",
                  "url": "http://sourceforge.net/project/shownotes.php?release_id=621342\u0026group_id=27707"
                },
                {
                  "name": "31596",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/31596"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2008-3781",
        "datePublished": "2008-08-26T14:06:00.000Z",
        "dateReserved": "2008-08-26T00:00:00.000Z",
        "dateUpdated": "2024-08-07T09:53:00.331Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }