Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
12 vulnerabilities found for newscoop by sourcefabric
CVE-2020-11807 (GCVE-0-2020-11807)
Vulnerability from nvd – Published: 2020-05-19 16:00 – Updated: 2024-08-04 11:42
VLAI?
Summary
Because of Unrestricted Upload of a File with a Dangerous Type, Sourcefabric Newscoop 4.4.7 allows an authenticated user to execute arbitrary PHP code (and sometimes terminal commands) on a server by making an avatar update and then visiting the avatar file under the /images/ path.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Date Public ?
2020-05-08 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:42:00.675Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/sourcefabric/Newscoop/blob/3df835637609a5a42530b2a4611177c634ad6274/newscoop/library/Newscoop/Image/ImageService.php#L226"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gist.github.com/V-Rico/82e9e52ac451dc20eef87b0999b3b1ee"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2020-05-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Because of Unrestricted Upload of a File with a Dangerous Type, Sourcefabric Newscoop 4.4.7 allows an authenticated user to execute arbitrary PHP code (and sometimes terminal commands) on a server by making an avatar update and then visiting the avatar file under the /images/ path."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-05-19T16:00:50.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/sourcefabric/Newscoop/blob/3df835637609a5a42530b2a4611177c634ad6274/newscoop/library/Newscoop/Image/ImageService.php#L226"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gist.github.com/V-Rico/82e9e52ac451dc20eef87b0999b3b1ee"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-11807",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Because of Unrestricted Upload of a File with a Dangerous Type, Sourcefabric Newscoop 4.4.7 allows an authenticated user to execute arbitrary PHP code (and sometimes terminal commands) on a server by making an avatar update and then visiting the avatar file under the /images/ path."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/sourcefabric/Newscoop/blob/3df835637609a5a42530b2a4611177c634ad6274/newscoop/library/Newscoop/Image/ImageService.php#L226",
"refsource": "MISC",
"url": "https://github.com/sourcefabric/Newscoop/blob/3df835637609a5a42530b2a4611177c634ad6274/newscoop/library/Newscoop/Image/ImageService.php#L226"
},
{
"name": "https://gist.github.com/V-Rico/82e9e52ac451dc20eef87b0999b3b1ee",
"refsource": "MISC",
"url": "https://gist.github.com/V-Rico/82e9e52ac451dc20eef87b0999b3b1ee"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-11807",
"datePublished": "2020-05-19T16:00:50.000Z",
"dateReserved": "2020-04-15T00:00:00.000Z",
"dateUpdated": "2024-08-04T11:42:00.675Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-0730 (GCVE-0-2013-0730)
Vulnerability from nvd – Published: 2013-02-22 00:00 – Updated: 2024-09-17 02:47
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Newscoop 4.x through 4.1.0 allow remote attackers to inject arbitrary web script or HTML via vectors involving the (1) language parameter to application/modules/admin/controllers/LanguagesController.php or (2) user parameter to application/modules/admin/controllers/UserController.php.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T14:33:05.792Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://forum.sourcefabric.org/discussion/15052/security-patch-released-for-newscoop-4-1"
},
{
"name": "51921",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/51921"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/sourcefabric/Newscoop/commit/4f948ba3afaaeb616006cbabc85906ef3254169d"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Newscoop 4.x through 4.1.0 allow remote attackers to inject arbitrary web script or HTML via vectors involving the (1) language parameter to application/modules/admin/controllers/LanguagesController.php or (2) user parameter to application/modules/admin/controllers/UserController.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-02-22T00:00:00.000Z",
"orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"shortName": "flexera"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://forum.sourcefabric.org/discussion/15052/security-patch-released-for-newscoop-4-1"
},
{
"name": "51921",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/51921"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/sourcefabric/Newscoop/commit/4f948ba3afaaeb616006cbabc85906ef3254169d"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID": "CVE-2013-0730",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Newscoop 4.x through 4.1.0 allow remote attackers to inject arbitrary web script or HTML via vectors involving the (1) language parameter to application/modules/admin/controllers/LanguagesController.php or (2) user parameter to application/modules/admin/controllers/UserController.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://forum.sourcefabric.org/discussion/15052/security-patch-released-for-newscoop-4-1",
"refsource": "CONFIRM",
"url": "http://forum.sourcefabric.org/discussion/15052/security-patch-released-for-newscoop-4-1"
},
{
"name": "51921",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51921"
},
{
"name": "https://github.com/sourcefabric/Newscoop/commit/4f948ba3afaaeb616006cbabc85906ef3254169d",
"refsource": "CONFIRM",
"url": "https://github.com/sourcefabric/Newscoop/commit/4f948ba3afaaeb616006cbabc85906ef3254169d"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"assignerShortName": "flexera",
"cveId": "CVE-2013-0730",
"datePublished": "2013-02-22T00:00:00.000Z",
"dateReserved": "2013-01-02T00:00:00.000Z",
"dateUpdated": "2024-09-17T02:47:25.904Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-4679 (GCVE-0-2012-4679)
Vulnerability from nvd – Published: 2012-08-27 21:00 – Updated: 2024-08-06 20:42
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in admin/login.php in Newscoop before 3.5.5 allows remote attackers to inject arbitrary web script or HTML via the f_user_name parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Date Public ?
2012-04-02 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:42:55.012Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "52941",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/52941"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.sourcefabric.org/en/newscoop/latestrelease/1141/Newscoop-355-and-Newscoop-4-RC4-security-releases.htm"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://dev.sourcefabric.org/browse/CS-4184"
},
{
"name": "48769",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48769"
},
{
"name": "newscoop-multiple-xss(74781)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74781"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.htbridge.com/advisory/HTB23084"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-04-02T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in admin/login.php in Newscoop before 3.5.5 allows remote attackers to inject arbitrary web script or HTML via the f_user_name parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "52941",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/52941"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.sourcefabric.org/en/newscoop/latestrelease/1141/Newscoop-355-and-Newscoop-4-RC4-security-releases.htm"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://dev.sourcefabric.org/browse/CS-4184"
},
{
"name": "48769",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48769"
},
{
"name": "newscoop-multiple-xss(74781)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74781"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.htbridge.com/advisory/HTB23084"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-4679",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in admin/login.php in Newscoop before 3.5.5 allows remote attackers to inject arbitrary web script or HTML via the f_user_name parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "52941",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/52941"
},
{
"name": "http://www.sourcefabric.org/en/newscoop/latestrelease/1141/Newscoop-355-and-Newscoop-4-RC4-security-releases.htm",
"refsource": "CONFIRM",
"url": "http://www.sourcefabric.org/en/newscoop/latestrelease/1141/Newscoop-355-and-Newscoop-4-RC4-security-releases.htm"
},
{
"name": "http://dev.sourcefabric.org/browse/CS-4184",
"refsource": "CONFIRM",
"url": "http://dev.sourcefabric.org/browse/CS-4184"
},
{
"name": "48769",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48769"
},
{
"name": "newscoop-multiple-xss(74781)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74781"
},
{
"name": "https://www.htbridge.com/advisory/HTB23084",
"refsource": "MISC",
"url": "https://www.htbridge.com/advisory/HTB23084"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-4679",
"datePublished": "2012-08-27T21:00:00.000Z",
"dateReserved": "2012-08-27T00:00:00.000Z",
"dateUpdated": "2024-08-06T20:42:55.012Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-1935 (GCVE-0-2012-1935)
Vulnerability from nvd – Published: 2012-08-27 21:00 – Updated: 2024-08-06 19:17
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Newscoop 3.5.x before 3.5.5 and 4.x before 4 RC4 allow remote attackers to inject arbitrary web script or HTML via the (1) Back parameter to admin/ad.php, or the (2) token or (3) f_email parameter to admin/password_check_token.php.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
Date Public ?
2012-04-02 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:17:27.117Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "52941",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/52941"
},
{
"name": "18752",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/18752"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.sourcefabric.org/en/newscoop/latestrelease/1141/Newscoop-355-and-Newscoop-4-RC4-security-releases.htm"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://dev.sourcefabric.org/browse/CS-4182"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://dev.sourcefabric.org/browse/CS-4183"
},
{
"name": "20120418 Multiple vulnerabilities in Newscoop",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-04/0130.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://dev.sourcefabric.org/browse/CS-4179"
},
{
"name": "48769",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48769"
},
{
"name": "newscoop-multiple-xss(74781)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74781"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.htbridge.com/advisory/HTB23084"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-04-02T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Newscoop 3.5.x before 3.5.5 and 4.x before 4 RC4 allow remote attackers to inject arbitrary web script or HTML via the (1) Back parameter to admin/ad.php, or the (2) token or (3) f_email parameter to admin/password_check_token.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "52941",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/52941"
},
{
"name": "18752",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/18752"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.sourcefabric.org/en/newscoop/latestrelease/1141/Newscoop-355-and-Newscoop-4-RC4-security-releases.htm"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://dev.sourcefabric.org/browse/CS-4182"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://dev.sourcefabric.org/browse/CS-4183"
},
{
"name": "20120418 Multiple vulnerabilities in Newscoop",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-04/0130.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://dev.sourcefabric.org/browse/CS-4179"
},
{
"name": "48769",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48769"
},
{
"name": "newscoop-multiple-xss(74781)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74781"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.htbridge.com/advisory/HTB23084"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-1935",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Newscoop 3.5.x before 3.5.5 and 4.x before 4 RC4 allow remote attackers to inject arbitrary web script or HTML via the (1) Back parameter to admin/ad.php, or the (2) token or (3) f_email parameter to admin/password_check_token.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "52941",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/52941"
},
{
"name": "18752",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/18752"
},
{
"name": "http://www.sourcefabric.org/en/newscoop/latestrelease/1141/Newscoop-355-and-Newscoop-4-RC4-security-releases.htm",
"refsource": "CONFIRM",
"url": "http://www.sourcefabric.org/en/newscoop/latestrelease/1141/Newscoop-355-and-Newscoop-4-RC4-security-releases.htm"
},
{
"name": "http://dev.sourcefabric.org/browse/CS-4182",
"refsource": "CONFIRM",
"url": "http://dev.sourcefabric.org/browse/CS-4182"
},
{
"name": "http://dev.sourcefabric.org/browse/CS-4183",
"refsource": "CONFIRM",
"url": "http://dev.sourcefabric.org/browse/CS-4183"
},
{
"name": "20120418 Multiple vulnerabilities in Newscoop",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-04/0130.html"
},
{
"name": "http://dev.sourcefabric.org/browse/CS-4179",
"refsource": "CONFIRM",
"url": "http://dev.sourcefabric.org/browse/CS-4179"
},
{
"name": "48769",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48769"
},
{
"name": "newscoop-multiple-xss(74781)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74781"
},
{
"name": "https://www.htbridge.com/advisory/HTB23084",
"refsource": "MISC",
"url": "https://www.htbridge.com/advisory/HTB23084"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-1935",
"datePublished": "2012-08-27T21:00:00.000Z",
"dateReserved": "2012-03-28T00:00:00.000Z",
"dateUpdated": "2024-08-06T19:17:27.117Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-1934 (GCVE-0-2012-1934)
Vulnerability from nvd – Published: 2012-08-27 21:00 – Updated: 2024-08-06 19:17
VLAI?
Summary
SQL injection vulnerability in admin/country/edit.php in Newscoop before 3.5.5 and 4.x before 4 RC4 allows remote attackers to execute arbitrary SQL commands via the f_country_code parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Date Public ?
2012-04-02 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:17:27.521Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "52941",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/52941"
},
{
"name": "18752",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/18752"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.sourcefabric.org/en/newscoop/latestrelease/1141/Newscoop-355-and-Newscoop-4-RC4-security-releases.htm"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://dev.sourcefabric.org/browse/CS-4181"
},
{
"name": "20120418 Multiple vulnerabilities in Newscoop",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-04/0130.html"
},
{
"name": "newscoop-edit-sql-injection(74780)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74780"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://dev.sourcefabric.org/browse/CS-4179"
},
{
"name": "48769",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48769"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.htbridge.com/advisory/HTB23084"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-04-02T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in admin/country/edit.php in Newscoop before 3.5.5 and 4.x before 4 RC4 allows remote attackers to execute arbitrary SQL commands via the f_country_code parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "52941",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/52941"
},
{
"name": "18752",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/18752"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.sourcefabric.org/en/newscoop/latestrelease/1141/Newscoop-355-and-Newscoop-4-RC4-security-releases.htm"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://dev.sourcefabric.org/browse/CS-4181"
},
{
"name": "20120418 Multiple vulnerabilities in Newscoop",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-04/0130.html"
},
{
"name": "newscoop-edit-sql-injection(74780)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74780"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://dev.sourcefabric.org/browse/CS-4179"
},
{
"name": "48769",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48769"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.htbridge.com/advisory/HTB23084"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-1934",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in admin/country/edit.php in Newscoop before 3.5.5 and 4.x before 4 RC4 allows remote attackers to execute arbitrary SQL commands via the f_country_code parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "52941",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/52941"
},
{
"name": "18752",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/18752"
},
{
"name": "http://www.sourcefabric.org/en/newscoop/latestrelease/1141/Newscoop-355-and-Newscoop-4-RC4-security-releases.htm",
"refsource": "CONFIRM",
"url": "http://www.sourcefabric.org/en/newscoop/latestrelease/1141/Newscoop-355-and-Newscoop-4-RC4-security-releases.htm"
},
{
"name": "http://dev.sourcefabric.org/browse/CS-4181",
"refsource": "CONFIRM",
"url": "http://dev.sourcefabric.org/browse/CS-4181"
},
{
"name": "20120418 Multiple vulnerabilities in Newscoop",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-04/0130.html"
},
{
"name": "newscoop-edit-sql-injection(74780)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74780"
},
{
"name": "http://dev.sourcefabric.org/browse/CS-4179",
"refsource": "CONFIRM",
"url": "http://dev.sourcefabric.org/browse/CS-4179"
},
{
"name": "48769",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48769"
},
{
"name": "https://www.htbridge.com/advisory/HTB23084",
"refsource": "MISC",
"url": "https://www.htbridge.com/advisory/HTB23084"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-1934",
"datePublished": "2012-08-27T21:00:00.000Z",
"dateReserved": "2012-03-28T00:00:00.000Z",
"dateUpdated": "2024-08-06T19:17:27.521Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-1933 (GCVE-0-2012-1933)
Vulnerability from nvd – Published: 2012-08-27 21:00 – Updated: 2024-08-06 19:17
VLAI?
Summary
Multiple PHP remote file inclusion vulnerabilities in Newscoop 3.5.x before 3.5.5 and 4 before RC4, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[g_campsiteDir] parameter to (1) include/phorum_load.php, (2) conf/install_conf.php, or (3) conf/liveuser_configuration.php.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Date Public ?
2012-04-02 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:17:27.104Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "18752",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/18752"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.sourcefabric.org/en/newscoop/latestrelease/1141/Newscoop-355-and-Newscoop-4-RC4-security-releases.htm"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://dev.sourcefabric.org/browse/CS-4179"
},
{
"name": "20120418 Multiple vulnerabilities in Newscoop",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-04/0130.html"
},
{
"name": "53147",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/53147"
},
{
"name": "48769",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48769"
},
{
"name": "newscoop-gcampsitedir-file-include(75031)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75031"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.htbridge.com/advisory/HTB23084"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-04-02T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple PHP remote file inclusion vulnerabilities in Newscoop 3.5.x before 3.5.5 and 4 before RC4, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[g_campsiteDir] parameter to (1) include/phorum_load.php, (2) conf/install_conf.php, or (3) conf/liveuser_configuration.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "18752",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/18752"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.sourcefabric.org/en/newscoop/latestrelease/1141/Newscoop-355-and-Newscoop-4-RC4-security-releases.htm"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://dev.sourcefabric.org/browse/CS-4179"
},
{
"name": "20120418 Multiple vulnerabilities in Newscoop",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-04/0130.html"
},
{
"name": "53147",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/53147"
},
{
"name": "48769",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48769"
},
{
"name": "newscoop-gcampsitedir-file-include(75031)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75031"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.htbridge.com/advisory/HTB23084"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-1933",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple PHP remote file inclusion vulnerabilities in Newscoop 3.5.x before 3.5.5 and 4 before RC4, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[g_campsiteDir] parameter to (1) include/phorum_load.php, (2) conf/install_conf.php, or (3) conf/liveuser_configuration.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "18752",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/18752"
},
{
"name": "http://www.sourcefabric.org/en/newscoop/latestrelease/1141/Newscoop-355-and-Newscoop-4-RC4-security-releases.htm",
"refsource": "CONFIRM",
"url": "http://www.sourcefabric.org/en/newscoop/latestrelease/1141/Newscoop-355-and-Newscoop-4-RC4-security-releases.htm"
},
{
"name": "http://dev.sourcefabric.org/browse/CS-4179",
"refsource": "MISC",
"url": "http://dev.sourcefabric.org/browse/CS-4179"
},
{
"name": "20120418 Multiple vulnerabilities in Newscoop",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-04/0130.html"
},
{
"name": "53147",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/53147"
},
{
"name": "48769",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48769"
},
{
"name": "newscoop-gcampsitedir-file-include(75031)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75031"
},
{
"name": "https://www.htbridge.com/advisory/HTB23084",
"refsource": "MISC",
"url": "https://www.htbridge.com/advisory/HTB23084"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-1933",
"datePublished": "2012-08-27T21:00:00.000Z",
"dateReserved": "2012-03-28T00:00:00.000Z",
"dateUpdated": "2024-08-06T19:17:27.104Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-11807 (GCVE-0-2020-11807)
Vulnerability from cvelistv5 – Published: 2020-05-19 16:00 – Updated: 2024-08-04 11:42
VLAI?
Summary
Because of Unrestricted Upload of a File with a Dangerous Type, Sourcefabric Newscoop 4.4.7 allows an authenticated user to execute arbitrary PHP code (and sometimes terminal commands) on a server by making an avatar update and then visiting the avatar file under the /images/ path.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Date Public ?
2020-05-08 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:42:00.675Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/sourcefabric/Newscoop/blob/3df835637609a5a42530b2a4611177c634ad6274/newscoop/library/Newscoop/Image/ImageService.php#L226"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gist.github.com/V-Rico/82e9e52ac451dc20eef87b0999b3b1ee"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2020-05-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Because of Unrestricted Upload of a File with a Dangerous Type, Sourcefabric Newscoop 4.4.7 allows an authenticated user to execute arbitrary PHP code (and sometimes terminal commands) on a server by making an avatar update and then visiting the avatar file under the /images/ path."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-05-19T16:00:50.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/sourcefabric/Newscoop/blob/3df835637609a5a42530b2a4611177c634ad6274/newscoop/library/Newscoop/Image/ImageService.php#L226"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gist.github.com/V-Rico/82e9e52ac451dc20eef87b0999b3b1ee"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-11807",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Because of Unrestricted Upload of a File with a Dangerous Type, Sourcefabric Newscoop 4.4.7 allows an authenticated user to execute arbitrary PHP code (and sometimes terminal commands) on a server by making an avatar update and then visiting the avatar file under the /images/ path."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/sourcefabric/Newscoop/blob/3df835637609a5a42530b2a4611177c634ad6274/newscoop/library/Newscoop/Image/ImageService.php#L226",
"refsource": "MISC",
"url": "https://github.com/sourcefabric/Newscoop/blob/3df835637609a5a42530b2a4611177c634ad6274/newscoop/library/Newscoop/Image/ImageService.php#L226"
},
{
"name": "https://gist.github.com/V-Rico/82e9e52ac451dc20eef87b0999b3b1ee",
"refsource": "MISC",
"url": "https://gist.github.com/V-Rico/82e9e52ac451dc20eef87b0999b3b1ee"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-11807",
"datePublished": "2020-05-19T16:00:50.000Z",
"dateReserved": "2020-04-15T00:00:00.000Z",
"dateUpdated": "2024-08-04T11:42:00.675Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-0730 (GCVE-0-2013-0730)
Vulnerability from cvelistv5 – Published: 2013-02-22 00:00 – Updated: 2024-09-17 02:47
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Newscoop 4.x through 4.1.0 allow remote attackers to inject arbitrary web script or HTML via vectors involving the (1) language parameter to application/modules/admin/controllers/LanguagesController.php or (2) user parameter to application/modules/admin/controllers/UserController.php.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T14:33:05.792Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://forum.sourcefabric.org/discussion/15052/security-patch-released-for-newscoop-4-1"
},
{
"name": "51921",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/51921"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/sourcefabric/Newscoop/commit/4f948ba3afaaeb616006cbabc85906ef3254169d"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Newscoop 4.x through 4.1.0 allow remote attackers to inject arbitrary web script or HTML via vectors involving the (1) language parameter to application/modules/admin/controllers/LanguagesController.php or (2) user parameter to application/modules/admin/controllers/UserController.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-02-22T00:00:00.000Z",
"orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"shortName": "flexera"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://forum.sourcefabric.org/discussion/15052/security-patch-released-for-newscoop-4-1"
},
{
"name": "51921",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/51921"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/sourcefabric/Newscoop/commit/4f948ba3afaaeb616006cbabc85906ef3254169d"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID": "CVE-2013-0730",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Newscoop 4.x through 4.1.0 allow remote attackers to inject arbitrary web script or HTML via vectors involving the (1) language parameter to application/modules/admin/controllers/LanguagesController.php or (2) user parameter to application/modules/admin/controllers/UserController.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://forum.sourcefabric.org/discussion/15052/security-patch-released-for-newscoop-4-1",
"refsource": "CONFIRM",
"url": "http://forum.sourcefabric.org/discussion/15052/security-patch-released-for-newscoop-4-1"
},
{
"name": "51921",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51921"
},
{
"name": "https://github.com/sourcefabric/Newscoop/commit/4f948ba3afaaeb616006cbabc85906ef3254169d",
"refsource": "CONFIRM",
"url": "https://github.com/sourcefabric/Newscoop/commit/4f948ba3afaaeb616006cbabc85906ef3254169d"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"assignerShortName": "flexera",
"cveId": "CVE-2013-0730",
"datePublished": "2013-02-22T00:00:00.000Z",
"dateReserved": "2013-01-02T00:00:00.000Z",
"dateUpdated": "2024-09-17T02:47:25.904Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-1933 (GCVE-0-2012-1933)
Vulnerability from cvelistv5 – Published: 2012-08-27 21:00 – Updated: 2024-08-06 19:17
VLAI?
Summary
Multiple PHP remote file inclusion vulnerabilities in Newscoop 3.5.x before 3.5.5 and 4 before RC4, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[g_campsiteDir] parameter to (1) include/phorum_load.php, (2) conf/install_conf.php, or (3) conf/liveuser_configuration.php.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Date Public ?
2012-04-02 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:17:27.104Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "18752",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/18752"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.sourcefabric.org/en/newscoop/latestrelease/1141/Newscoop-355-and-Newscoop-4-RC4-security-releases.htm"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://dev.sourcefabric.org/browse/CS-4179"
},
{
"name": "20120418 Multiple vulnerabilities in Newscoop",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-04/0130.html"
},
{
"name": "53147",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/53147"
},
{
"name": "48769",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48769"
},
{
"name": "newscoop-gcampsitedir-file-include(75031)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75031"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.htbridge.com/advisory/HTB23084"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-04-02T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple PHP remote file inclusion vulnerabilities in Newscoop 3.5.x before 3.5.5 and 4 before RC4, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[g_campsiteDir] parameter to (1) include/phorum_load.php, (2) conf/install_conf.php, or (3) conf/liveuser_configuration.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "18752",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/18752"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.sourcefabric.org/en/newscoop/latestrelease/1141/Newscoop-355-and-Newscoop-4-RC4-security-releases.htm"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://dev.sourcefabric.org/browse/CS-4179"
},
{
"name": "20120418 Multiple vulnerabilities in Newscoop",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-04/0130.html"
},
{
"name": "53147",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/53147"
},
{
"name": "48769",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48769"
},
{
"name": "newscoop-gcampsitedir-file-include(75031)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75031"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.htbridge.com/advisory/HTB23084"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-1933",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple PHP remote file inclusion vulnerabilities in Newscoop 3.5.x before 3.5.5 and 4 before RC4, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[g_campsiteDir] parameter to (1) include/phorum_load.php, (2) conf/install_conf.php, or (3) conf/liveuser_configuration.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "18752",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/18752"
},
{
"name": "http://www.sourcefabric.org/en/newscoop/latestrelease/1141/Newscoop-355-and-Newscoop-4-RC4-security-releases.htm",
"refsource": "CONFIRM",
"url": "http://www.sourcefabric.org/en/newscoop/latestrelease/1141/Newscoop-355-and-Newscoop-4-RC4-security-releases.htm"
},
{
"name": "http://dev.sourcefabric.org/browse/CS-4179",
"refsource": "MISC",
"url": "http://dev.sourcefabric.org/browse/CS-4179"
},
{
"name": "20120418 Multiple vulnerabilities in Newscoop",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-04/0130.html"
},
{
"name": "53147",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/53147"
},
{
"name": "48769",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48769"
},
{
"name": "newscoop-gcampsitedir-file-include(75031)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75031"
},
{
"name": "https://www.htbridge.com/advisory/HTB23084",
"refsource": "MISC",
"url": "https://www.htbridge.com/advisory/HTB23084"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-1933",
"datePublished": "2012-08-27T21:00:00.000Z",
"dateReserved": "2012-03-28T00:00:00.000Z",
"dateUpdated": "2024-08-06T19:17:27.104Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-4679 (GCVE-0-2012-4679)
Vulnerability from cvelistv5 – Published: 2012-08-27 21:00 – Updated: 2024-08-06 20:42
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in admin/login.php in Newscoop before 3.5.5 allows remote attackers to inject arbitrary web script or HTML via the f_user_name parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Date Public ?
2012-04-02 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:42:55.012Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "52941",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/52941"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.sourcefabric.org/en/newscoop/latestrelease/1141/Newscoop-355-and-Newscoop-4-RC4-security-releases.htm"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://dev.sourcefabric.org/browse/CS-4184"
},
{
"name": "48769",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48769"
},
{
"name": "newscoop-multiple-xss(74781)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74781"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.htbridge.com/advisory/HTB23084"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-04-02T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in admin/login.php in Newscoop before 3.5.5 allows remote attackers to inject arbitrary web script or HTML via the f_user_name parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "52941",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/52941"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.sourcefabric.org/en/newscoop/latestrelease/1141/Newscoop-355-and-Newscoop-4-RC4-security-releases.htm"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://dev.sourcefabric.org/browse/CS-4184"
},
{
"name": "48769",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48769"
},
{
"name": "newscoop-multiple-xss(74781)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74781"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.htbridge.com/advisory/HTB23084"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-4679",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in admin/login.php in Newscoop before 3.5.5 allows remote attackers to inject arbitrary web script or HTML via the f_user_name parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "52941",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/52941"
},
{
"name": "http://www.sourcefabric.org/en/newscoop/latestrelease/1141/Newscoop-355-and-Newscoop-4-RC4-security-releases.htm",
"refsource": "CONFIRM",
"url": "http://www.sourcefabric.org/en/newscoop/latestrelease/1141/Newscoop-355-and-Newscoop-4-RC4-security-releases.htm"
},
{
"name": "http://dev.sourcefabric.org/browse/CS-4184",
"refsource": "CONFIRM",
"url": "http://dev.sourcefabric.org/browse/CS-4184"
},
{
"name": "48769",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48769"
},
{
"name": "newscoop-multiple-xss(74781)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74781"
},
{
"name": "https://www.htbridge.com/advisory/HTB23084",
"refsource": "MISC",
"url": "https://www.htbridge.com/advisory/HTB23084"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-4679",
"datePublished": "2012-08-27T21:00:00.000Z",
"dateReserved": "2012-08-27T00:00:00.000Z",
"dateUpdated": "2024-08-06T20:42:55.012Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-1934 (GCVE-0-2012-1934)
Vulnerability from cvelistv5 – Published: 2012-08-27 21:00 – Updated: 2024-08-06 19:17
VLAI?
Summary
SQL injection vulnerability in admin/country/edit.php in Newscoop before 3.5.5 and 4.x before 4 RC4 allows remote attackers to execute arbitrary SQL commands via the f_country_code parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Date Public ?
2012-04-02 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:17:27.521Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "52941",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/52941"
},
{
"name": "18752",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/18752"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.sourcefabric.org/en/newscoop/latestrelease/1141/Newscoop-355-and-Newscoop-4-RC4-security-releases.htm"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://dev.sourcefabric.org/browse/CS-4181"
},
{
"name": "20120418 Multiple vulnerabilities in Newscoop",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-04/0130.html"
},
{
"name": "newscoop-edit-sql-injection(74780)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74780"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://dev.sourcefabric.org/browse/CS-4179"
},
{
"name": "48769",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48769"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.htbridge.com/advisory/HTB23084"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-04-02T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in admin/country/edit.php in Newscoop before 3.5.5 and 4.x before 4 RC4 allows remote attackers to execute arbitrary SQL commands via the f_country_code parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "52941",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/52941"
},
{
"name": "18752",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/18752"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.sourcefabric.org/en/newscoop/latestrelease/1141/Newscoop-355-and-Newscoop-4-RC4-security-releases.htm"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://dev.sourcefabric.org/browse/CS-4181"
},
{
"name": "20120418 Multiple vulnerabilities in Newscoop",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-04/0130.html"
},
{
"name": "newscoop-edit-sql-injection(74780)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74780"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://dev.sourcefabric.org/browse/CS-4179"
},
{
"name": "48769",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48769"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.htbridge.com/advisory/HTB23084"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-1934",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in admin/country/edit.php in Newscoop before 3.5.5 and 4.x before 4 RC4 allows remote attackers to execute arbitrary SQL commands via the f_country_code parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "52941",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/52941"
},
{
"name": "18752",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/18752"
},
{
"name": "http://www.sourcefabric.org/en/newscoop/latestrelease/1141/Newscoop-355-and-Newscoop-4-RC4-security-releases.htm",
"refsource": "CONFIRM",
"url": "http://www.sourcefabric.org/en/newscoop/latestrelease/1141/Newscoop-355-and-Newscoop-4-RC4-security-releases.htm"
},
{
"name": "http://dev.sourcefabric.org/browse/CS-4181",
"refsource": "CONFIRM",
"url": "http://dev.sourcefabric.org/browse/CS-4181"
},
{
"name": "20120418 Multiple vulnerabilities in Newscoop",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-04/0130.html"
},
{
"name": "newscoop-edit-sql-injection(74780)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74780"
},
{
"name": "http://dev.sourcefabric.org/browse/CS-4179",
"refsource": "CONFIRM",
"url": "http://dev.sourcefabric.org/browse/CS-4179"
},
{
"name": "48769",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48769"
},
{
"name": "https://www.htbridge.com/advisory/HTB23084",
"refsource": "MISC",
"url": "https://www.htbridge.com/advisory/HTB23084"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-1934",
"datePublished": "2012-08-27T21:00:00.000Z",
"dateReserved": "2012-03-28T00:00:00.000Z",
"dateUpdated": "2024-08-06T19:17:27.521Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-1935 (GCVE-0-2012-1935)
Vulnerability from cvelistv5 – Published: 2012-08-27 21:00 – Updated: 2024-08-06 19:17
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Newscoop 3.5.x before 3.5.5 and 4.x before 4 RC4 allow remote attackers to inject arbitrary web script or HTML via the (1) Back parameter to admin/ad.php, or the (2) token or (3) f_email parameter to admin/password_check_token.php.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
Date Public ?
2012-04-02 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:17:27.117Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "52941",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/52941"
},
{
"name": "18752",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/18752"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.sourcefabric.org/en/newscoop/latestrelease/1141/Newscoop-355-and-Newscoop-4-RC4-security-releases.htm"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://dev.sourcefabric.org/browse/CS-4182"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://dev.sourcefabric.org/browse/CS-4183"
},
{
"name": "20120418 Multiple vulnerabilities in Newscoop",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-04/0130.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://dev.sourcefabric.org/browse/CS-4179"
},
{
"name": "48769",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48769"
},
{
"name": "newscoop-multiple-xss(74781)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74781"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.htbridge.com/advisory/HTB23084"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-04-02T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Newscoop 3.5.x before 3.5.5 and 4.x before 4 RC4 allow remote attackers to inject arbitrary web script or HTML via the (1) Back parameter to admin/ad.php, or the (2) token or (3) f_email parameter to admin/password_check_token.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "52941",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/52941"
},
{
"name": "18752",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/18752"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.sourcefabric.org/en/newscoop/latestrelease/1141/Newscoop-355-and-Newscoop-4-RC4-security-releases.htm"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://dev.sourcefabric.org/browse/CS-4182"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://dev.sourcefabric.org/browse/CS-4183"
},
{
"name": "20120418 Multiple vulnerabilities in Newscoop",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-04/0130.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://dev.sourcefabric.org/browse/CS-4179"
},
{
"name": "48769",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48769"
},
{
"name": "newscoop-multiple-xss(74781)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74781"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.htbridge.com/advisory/HTB23084"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-1935",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Newscoop 3.5.x before 3.5.5 and 4.x before 4 RC4 allow remote attackers to inject arbitrary web script or HTML via the (1) Back parameter to admin/ad.php, or the (2) token or (3) f_email parameter to admin/password_check_token.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "52941",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/52941"
},
{
"name": "18752",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/18752"
},
{
"name": "http://www.sourcefabric.org/en/newscoop/latestrelease/1141/Newscoop-355-and-Newscoop-4-RC4-security-releases.htm",
"refsource": "CONFIRM",
"url": "http://www.sourcefabric.org/en/newscoop/latestrelease/1141/Newscoop-355-and-Newscoop-4-RC4-security-releases.htm"
},
{
"name": "http://dev.sourcefabric.org/browse/CS-4182",
"refsource": "CONFIRM",
"url": "http://dev.sourcefabric.org/browse/CS-4182"
},
{
"name": "http://dev.sourcefabric.org/browse/CS-4183",
"refsource": "CONFIRM",
"url": "http://dev.sourcefabric.org/browse/CS-4183"
},
{
"name": "20120418 Multiple vulnerabilities in Newscoop",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-04/0130.html"
},
{
"name": "http://dev.sourcefabric.org/browse/CS-4179",
"refsource": "CONFIRM",
"url": "http://dev.sourcefabric.org/browse/CS-4179"
},
{
"name": "48769",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48769"
},
{
"name": "newscoop-multiple-xss(74781)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74781"
},
{
"name": "https://www.htbridge.com/advisory/HTB23084",
"refsource": "MISC",
"url": "https://www.htbridge.com/advisory/HTB23084"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-1935",
"datePublished": "2012-08-27T21:00:00.000Z",
"dateReserved": "2012-03-28T00:00:00.000Z",
"dateUpdated": "2024-08-06T19:17:27.117Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}