Search

Find a vulnerability

Search criteria

    6 vulnerabilities found for jobscheduler by sos

    CVE-2014-5392 (GCVE-0-2014-5392)

    Vulnerability from nvd – Published: 2014-09-23 15:00 – Updated: 2024-08-06 11:41
    VLAI
    Summary
    XML External Entity (XXE) vulnerability in JobScheduler before 1.6.4246 and 7.x before 1.7.4241 allows remote attackers to cause a denial of service and read arbitrary files or directories via a request containing an XML external entity declaration in conjunction with an entity reference.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Date Public
    2014-09-07 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T11:41:49.209Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.sos-berlin.com/modules/news/article.php?storyid=73"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.christian-schneider.net/advisories/CVE-2014-5392.txt"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://change.sos-berlin.com/browse/JS-1204"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/128181/JobScheduler-XML-eXternal-Entity-Injection.html"
              },
              {
                "name": "20140907 CVE-2014-5392 XML eXternal Entity (XXE) in \"JobScheduler\"",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/533374/100/0/threaded"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2014-09-07T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "XML External Entity (XXE) vulnerability in JobScheduler before 1.6.4246 and 7.x before 1.7.4241 allows remote attackers to cause a denial of service and read arbitrary files or directories via a request containing an XML external entity declaration in conjunction with an entity reference."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-09T18:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.sos-berlin.com/modules/news/article.php?storyid=73"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.christian-schneider.net/advisories/CVE-2014-5392.txt"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://change.sos-berlin.com/browse/JS-1204"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/128181/JobScheduler-XML-eXternal-Entity-Injection.html"
            },
            {
              "name": "20140907 CVE-2014-5392 XML eXternal Entity (XXE) in \"JobScheduler\"",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/533374/100/0/threaded"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2014-5392",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "XML External Entity (XXE) vulnerability in JobScheduler before 1.6.4246 and 7.x before 1.7.4241 allows remote attackers to cause a denial of service and read arbitrary files or directories via a request containing an XML external entity declaration in conjunction with an entity reference."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.sos-berlin.com/modules/news/article.php?storyid=73",
                  "refsource": "CONFIRM",
                  "url": "http://www.sos-berlin.com/modules/news/article.php?storyid=73"
                },
                {
                  "name": "http://www.christian-schneider.net/advisories/CVE-2014-5392.txt",
                  "refsource": "MISC",
                  "url": "http://www.christian-schneider.net/advisories/CVE-2014-5392.txt"
                },
                {
                  "name": "https://change.sos-berlin.com/browse/JS-1204",
                  "refsource": "CONFIRM",
                  "url": "https://change.sos-berlin.com/browse/JS-1204"
                },
                {
                  "name": "http://packetstormsecurity.com/files/128181/JobScheduler-XML-eXternal-Entity-Injection.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/128181/JobScheduler-XML-eXternal-Entity-Injection.html"
                },
                {
                  "name": "20140907 CVE-2014-5392 XML eXternal Entity (XXE) in \"JobScheduler\"",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/533374/100/0/threaded"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2014-5392",
        "datePublished": "2014-09-23T15:00:00.000Z",
        "dateReserved": "2014-08-22T00:00:00.000Z",
        "dateUpdated": "2024-08-06T11:41:49.209Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2014-5393 (GCVE-0-2014-5393)

    Vulnerability from nvd – Published: 2014-09-11 15:00 – Updated: 2024-08-06 11:41
    VLAI
    Summary
    Directory traversal vulnerability in the JobScheduler Operations Center (JOC) in SOS JobScheduler before 1.6.4246 and 1.7.x before 1.7.4241 allows remote authenticated users with the info permission to read arbitrary files in the webroot via unspecified vectors.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Date Public
    2014-09-01 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T11:41:49.222Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.christian-schneider.net/advisories/CVE-2014-5393.txt"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.sos-berlin.com/modules/news/article.php?storyid=73"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.sos-berlin.com/modules/news/article.php?storyid=74"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/128192/JobScheduler-Path-Traversal.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://change.sos-berlin.com/browse/JS-1205"
              },
              {
                "name": "20140907 CVE-2014-5393 Path Traversal to Sensitive Files in Webroot in \"JobScheduler\"",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/533373/100/0/threaded"
              },
              {
                "name": "jobscheduler-cve20145393-dir-traversal(95796)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95796"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2014-09-01T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Directory traversal vulnerability in the JobScheduler Operations Center (JOC) in SOS JobScheduler before 1.6.4246 and 1.7.x before 1.7.4241 allows remote authenticated users with the info permission to read arbitrary files in the webroot via unspecified vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-09T18:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.christian-schneider.net/advisories/CVE-2014-5393.txt"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.sos-berlin.com/modules/news/article.php?storyid=73"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.sos-berlin.com/modules/news/article.php?storyid=74"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/128192/JobScheduler-Path-Traversal.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://change.sos-berlin.com/browse/JS-1205"
            },
            {
              "name": "20140907 CVE-2014-5393 Path Traversal to Sensitive Files in Webroot in \"JobScheduler\"",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/533373/100/0/threaded"
            },
            {
              "name": "jobscheduler-cve20145393-dir-traversal(95796)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95796"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2014-5393",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Directory traversal vulnerability in the JobScheduler Operations Center (JOC) in SOS JobScheduler before 1.6.4246 and 1.7.x before 1.7.4241 allows remote authenticated users with the info permission to read arbitrary files in the webroot via unspecified vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.christian-schneider.net/advisories/CVE-2014-5393.txt",
                  "refsource": "MISC",
                  "url": "http://www.christian-schneider.net/advisories/CVE-2014-5393.txt"
                },
                {
                  "name": "http://www.sos-berlin.com/modules/news/article.php?storyid=73",
                  "refsource": "CONFIRM",
                  "url": "http://www.sos-berlin.com/modules/news/article.php?storyid=73"
                },
                {
                  "name": "http://www.sos-berlin.com/modules/news/article.php?storyid=74",
                  "refsource": "CONFIRM",
                  "url": "http://www.sos-berlin.com/modules/news/article.php?storyid=74"
                },
                {
                  "name": "http://packetstormsecurity.com/files/128192/JobScheduler-Path-Traversal.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/128192/JobScheduler-Path-Traversal.html"
                },
                {
                  "name": "https://change.sos-berlin.com/browse/JS-1205",
                  "refsource": "CONFIRM",
                  "url": "https://change.sos-berlin.com/browse/JS-1205"
                },
                {
                  "name": "20140907 CVE-2014-5393 Path Traversal to Sensitive Files in Webroot in \"JobScheduler\"",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/533373/100/0/threaded"
                },
                {
                  "name": "jobscheduler-cve20145393-dir-traversal(95796)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95796"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2014-5393",
        "datePublished": "2014-09-11T15:00:00.000Z",
        "dateReserved": "2014-08-22T00:00:00.000Z",
        "dateUpdated": "2024-08-06T11:41:49.222Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2014-5391 (GCVE-0-2014-5391)

    Vulnerability from nvd – Published: 2014-09-11 15:00 – Updated: 2024-08-06 11:41
    VLAI
    Summary
    Cross-site scripting (XSS) vulnerability in the JobScheduler Operations Center (JOC) in SOS JobScheduler before 1.6.4246 and 1.7.x before 1.7.4241 allows remote attackers to inject arbitrary web script or HTML via the hash property (location.hash).
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Date Public
    2014-09-01 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T11:41:49.066Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "69660",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/69660"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/128180/JobScheduler-Cross-Site-Scripting.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.sos-berlin.com/modules/news/article.php?storyid=73"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.sos-berlin.com/modules/news/article.php?storyid=74"
              },
              {
                "name": "20140907 CVE-2014-5391 DOM-based Cross-Site Scripting (XSS) in \"JobScheduler\"",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/533372/100/0/threaded"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://change.sos-berlin.com/browse/JS-1203"
              },
              {
                "name": "jobscheduler-cve20145391-xss(95797)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95797"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.christian-schneider.net/advisories/CVE-2014-5391.txt"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2014-09-01T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site scripting (XSS) vulnerability in the JobScheduler Operations Center (JOC) in SOS JobScheduler before 1.6.4246 and 1.7.x before 1.7.4241 allows remote attackers to inject arbitrary web script or HTML via the hash property (location.hash)."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-09T18:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "69660",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/69660"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/128180/JobScheduler-Cross-Site-Scripting.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.sos-berlin.com/modules/news/article.php?storyid=73"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.sos-berlin.com/modules/news/article.php?storyid=74"
            },
            {
              "name": "20140907 CVE-2014-5391 DOM-based Cross-Site Scripting (XSS) in \"JobScheduler\"",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/533372/100/0/threaded"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://change.sos-berlin.com/browse/JS-1203"
            },
            {
              "name": "jobscheduler-cve20145391-xss(95797)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95797"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.christian-schneider.net/advisories/CVE-2014-5391.txt"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2014-5391",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site scripting (XSS) vulnerability in the JobScheduler Operations Center (JOC) in SOS JobScheduler before 1.6.4246 and 1.7.x before 1.7.4241 allows remote attackers to inject arbitrary web script or HTML via the hash property (location.hash)."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "69660",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/69660"
                },
                {
                  "name": "http://packetstormsecurity.com/files/128180/JobScheduler-Cross-Site-Scripting.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/128180/JobScheduler-Cross-Site-Scripting.html"
                },
                {
                  "name": "http://www.sos-berlin.com/modules/news/article.php?storyid=73",
                  "refsource": "CONFIRM",
                  "url": "http://www.sos-berlin.com/modules/news/article.php?storyid=73"
                },
                {
                  "name": "http://www.sos-berlin.com/modules/news/article.php?storyid=74",
                  "refsource": "CONFIRM",
                  "url": "http://www.sos-berlin.com/modules/news/article.php?storyid=74"
                },
                {
                  "name": "20140907 CVE-2014-5391 DOM-based Cross-Site Scripting (XSS) in \"JobScheduler\"",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/533372/100/0/threaded"
                },
                {
                  "name": "https://change.sos-berlin.com/browse/JS-1203",
                  "refsource": "CONFIRM",
                  "url": "https://change.sos-berlin.com/browse/JS-1203"
                },
                {
                  "name": "jobscheduler-cve20145391-xss(95797)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95797"
                },
                {
                  "name": "http://www.christian-schneider.net/advisories/CVE-2014-5391.txt",
                  "refsource": "MISC",
                  "url": "http://www.christian-schneider.net/advisories/CVE-2014-5391.txt"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2014-5391",
        "datePublished": "2014-09-11T15:00:00.000Z",
        "dateReserved": "2014-08-22T00:00:00.000Z",
        "dateUpdated": "2024-08-06T11:41:49.066Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2014-5392 (GCVE-0-2014-5392)

    Vulnerability from cvelistv5 – Published: 2014-09-23 15:00 – Updated: 2024-08-06 11:41
    VLAI
    Summary
    XML External Entity (XXE) vulnerability in JobScheduler before 1.6.4246 and 7.x before 1.7.4241 allows remote attackers to cause a denial of service and read arbitrary files or directories via a request containing an XML external entity declaration in conjunction with an entity reference.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Date Public
    2014-09-07 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T11:41:49.209Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.sos-berlin.com/modules/news/article.php?storyid=73"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.christian-schneider.net/advisories/CVE-2014-5392.txt"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://change.sos-berlin.com/browse/JS-1204"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/128181/JobScheduler-XML-eXternal-Entity-Injection.html"
              },
              {
                "name": "20140907 CVE-2014-5392 XML eXternal Entity (XXE) in \"JobScheduler\"",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/533374/100/0/threaded"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2014-09-07T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "XML External Entity (XXE) vulnerability in JobScheduler before 1.6.4246 and 7.x before 1.7.4241 allows remote attackers to cause a denial of service and read arbitrary files or directories via a request containing an XML external entity declaration in conjunction with an entity reference."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-09T18:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.sos-berlin.com/modules/news/article.php?storyid=73"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.christian-schneider.net/advisories/CVE-2014-5392.txt"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://change.sos-berlin.com/browse/JS-1204"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/128181/JobScheduler-XML-eXternal-Entity-Injection.html"
            },
            {
              "name": "20140907 CVE-2014-5392 XML eXternal Entity (XXE) in \"JobScheduler\"",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/533374/100/0/threaded"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2014-5392",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "XML External Entity (XXE) vulnerability in JobScheduler before 1.6.4246 and 7.x before 1.7.4241 allows remote attackers to cause a denial of service and read arbitrary files or directories via a request containing an XML external entity declaration in conjunction with an entity reference."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.sos-berlin.com/modules/news/article.php?storyid=73",
                  "refsource": "CONFIRM",
                  "url": "http://www.sos-berlin.com/modules/news/article.php?storyid=73"
                },
                {
                  "name": "http://www.christian-schneider.net/advisories/CVE-2014-5392.txt",
                  "refsource": "MISC",
                  "url": "http://www.christian-schneider.net/advisories/CVE-2014-5392.txt"
                },
                {
                  "name": "https://change.sos-berlin.com/browse/JS-1204",
                  "refsource": "CONFIRM",
                  "url": "https://change.sos-berlin.com/browse/JS-1204"
                },
                {
                  "name": "http://packetstormsecurity.com/files/128181/JobScheduler-XML-eXternal-Entity-Injection.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/128181/JobScheduler-XML-eXternal-Entity-Injection.html"
                },
                {
                  "name": "20140907 CVE-2014-5392 XML eXternal Entity (XXE) in \"JobScheduler\"",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/533374/100/0/threaded"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2014-5392",
        "datePublished": "2014-09-23T15:00:00.000Z",
        "dateReserved": "2014-08-22T00:00:00.000Z",
        "dateUpdated": "2024-08-06T11:41:49.209Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2014-5391 (GCVE-0-2014-5391)

    Vulnerability from cvelistv5 – Published: 2014-09-11 15:00 – Updated: 2024-08-06 11:41
    VLAI
    Summary
    Cross-site scripting (XSS) vulnerability in the JobScheduler Operations Center (JOC) in SOS JobScheduler before 1.6.4246 and 1.7.x before 1.7.4241 allows remote attackers to inject arbitrary web script or HTML via the hash property (location.hash).
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Date Public
    2014-09-01 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T11:41:49.066Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "69660",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/69660"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/128180/JobScheduler-Cross-Site-Scripting.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.sos-berlin.com/modules/news/article.php?storyid=73"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.sos-berlin.com/modules/news/article.php?storyid=74"
              },
              {
                "name": "20140907 CVE-2014-5391 DOM-based Cross-Site Scripting (XSS) in \"JobScheduler\"",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/533372/100/0/threaded"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://change.sos-berlin.com/browse/JS-1203"
              },
              {
                "name": "jobscheduler-cve20145391-xss(95797)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95797"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.christian-schneider.net/advisories/CVE-2014-5391.txt"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2014-09-01T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site scripting (XSS) vulnerability in the JobScheduler Operations Center (JOC) in SOS JobScheduler before 1.6.4246 and 1.7.x before 1.7.4241 allows remote attackers to inject arbitrary web script or HTML via the hash property (location.hash)."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-09T18:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "69660",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/69660"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/128180/JobScheduler-Cross-Site-Scripting.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.sos-berlin.com/modules/news/article.php?storyid=73"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.sos-berlin.com/modules/news/article.php?storyid=74"
            },
            {
              "name": "20140907 CVE-2014-5391 DOM-based Cross-Site Scripting (XSS) in \"JobScheduler\"",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/533372/100/0/threaded"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://change.sos-berlin.com/browse/JS-1203"
            },
            {
              "name": "jobscheduler-cve20145391-xss(95797)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95797"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.christian-schneider.net/advisories/CVE-2014-5391.txt"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2014-5391",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site scripting (XSS) vulnerability in the JobScheduler Operations Center (JOC) in SOS JobScheduler before 1.6.4246 and 1.7.x before 1.7.4241 allows remote attackers to inject arbitrary web script or HTML via the hash property (location.hash)."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "69660",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/69660"
                },
                {
                  "name": "http://packetstormsecurity.com/files/128180/JobScheduler-Cross-Site-Scripting.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/128180/JobScheduler-Cross-Site-Scripting.html"
                },
                {
                  "name": "http://www.sos-berlin.com/modules/news/article.php?storyid=73",
                  "refsource": "CONFIRM",
                  "url": "http://www.sos-berlin.com/modules/news/article.php?storyid=73"
                },
                {
                  "name": "http://www.sos-berlin.com/modules/news/article.php?storyid=74",
                  "refsource": "CONFIRM",
                  "url": "http://www.sos-berlin.com/modules/news/article.php?storyid=74"
                },
                {
                  "name": "20140907 CVE-2014-5391 DOM-based Cross-Site Scripting (XSS) in \"JobScheduler\"",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/533372/100/0/threaded"
                },
                {
                  "name": "https://change.sos-berlin.com/browse/JS-1203",
                  "refsource": "CONFIRM",
                  "url": "https://change.sos-berlin.com/browse/JS-1203"
                },
                {
                  "name": "jobscheduler-cve20145391-xss(95797)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95797"
                },
                {
                  "name": "http://www.christian-schneider.net/advisories/CVE-2014-5391.txt",
                  "refsource": "MISC",
                  "url": "http://www.christian-schneider.net/advisories/CVE-2014-5391.txt"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2014-5391",
        "datePublished": "2014-09-11T15:00:00.000Z",
        "dateReserved": "2014-08-22T00:00:00.000Z",
        "dateUpdated": "2024-08-06T11:41:49.066Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2014-5393 (GCVE-0-2014-5393)

    Vulnerability from cvelistv5 – Published: 2014-09-11 15:00 – Updated: 2024-08-06 11:41
    VLAI
    Summary
    Directory traversal vulnerability in the JobScheduler Operations Center (JOC) in SOS JobScheduler before 1.6.4246 and 1.7.x before 1.7.4241 allows remote authenticated users with the info permission to read arbitrary files in the webroot via unspecified vectors.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Date Public
    2014-09-01 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T11:41:49.222Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.christian-schneider.net/advisories/CVE-2014-5393.txt"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.sos-berlin.com/modules/news/article.php?storyid=73"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.sos-berlin.com/modules/news/article.php?storyid=74"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/128192/JobScheduler-Path-Traversal.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://change.sos-berlin.com/browse/JS-1205"
              },
              {
                "name": "20140907 CVE-2014-5393 Path Traversal to Sensitive Files in Webroot in \"JobScheduler\"",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/533373/100/0/threaded"
              },
              {
                "name": "jobscheduler-cve20145393-dir-traversal(95796)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95796"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2014-09-01T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Directory traversal vulnerability in the JobScheduler Operations Center (JOC) in SOS JobScheduler before 1.6.4246 and 1.7.x before 1.7.4241 allows remote authenticated users with the info permission to read arbitrary files in the webroot via unspecified vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-09T18:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.christian-schneider.net/advisories/CVE-2014-5393.txt"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.sos-berlin.com/modules/news/article.php?storyid=73"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.sos-berlin.com/modules/news/article.php?storyid=74"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/128192/JobScheduler-Path-Traversal.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://change.sos-berlin.com/browse/JS-1205"
            },
            {
              "name": "20140907 CVE-2014-5393 Path Traversal to Sensitive Files in Webroot in \"JobScheduler\"",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/533373/100/0/threaded"
            },
            {
              "name": "jobscheduler-cve20145393-dir-traversal(95796)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95796"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2014-5393",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Directory traversal vulnerability in the JobScheduler Operations Center (JOC) in SOS JobScheduler before 1.6.4246 and 1.7.x before 1.7.4241 allows remote authenticated users with the info permission to read arbitrary files in the webroot via unspecified vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.christian-schneider.net/advisories/CVE-2014-5393.txt",
                  "refsource": "MISC",
                  "url": "http://www.christian-schneider.net/advisories/CVE-2014-5393.txt"
                },
                {
                  "name": "http://www.sos-berlin.com/modules/news/article.php?storyid=73",
                  "refsource": "CONFIRM",
                  "url": "http://www.sos-berlin.com/modules/news/article.php?storyid=73"
                },
                {
                  "name": "http://www.sos-berlin.com/modules/news/article.php?storyid=74",
                  "refsource": "CONFIRM",
                  "url": "http://www.sos-berlin.com/modules/news/article.php?storyid=74"
                },
                {
                  "name": "http://packetstormsecurity.com/files/128192/JobScheduler-Path-Traversal.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/128192/JobScheduler-Path-Traversal.html"
                },
                {
                  "name": "https://change.sos-berlin.com/browse/JS-1205",
                  "refsource": "CONFIRM",
                  "url": "https://change.sos-berlin.com/browse/JS-1205"
                },
                {
                  "name": "20140907 CVE-2014-5393 Path Traversal to Sensitive Files in Webroot in \"JobScheduler\"",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/533373/100/0/threaded"
                },
                {
                  "name": "jobscheduler-cve20145393-dir-traversal(95796)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95796"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2014-5393",
        "datePublished": "2014-09-11T15:00:00.000Z",
        "dateReserved": "2014-08-22T00:00:00.000Z",
        "dateUpdated": "2024-08-06T11:41:49.222Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }