Search

Find a vulnerability

Search criteria

    8 vulnerabilities found for openpne by tejimaya

    CVE-2013-4333 (GCVE-0-2013-4333)

    Vulnerability from nvd – Published: 2020-01-24 14:44 – Updated: 2024-08-06 16:38
    VLAI
    Summary
    OpenPNE 3 versions 3.8.7, 3.6.11, 3.4.21.1, 3.2.7.6, 3.0.8.5 has an External Entity Injection Vulnerability
    Severity
    No CVSS data available.
    CWE
    • XXE
    Assigner
    Impacted products
    Vendor Product Version
    OpenPNE OpenPNE Affected: 3.8.7
    Affected: 3.6.11
    Affected: 3.4.21.1
    Affected: 3.2.7.6
    Affected: 3.0.8.5 (Fixed: 3.8.7.1
    Affected: 3.6.11.1
    Affected: 3.4.21.2
    Affected: 3.2.7.7
    Affected: 3.0.8.6)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T16:38:01.887Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/62285"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87031"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2013/09/11/6"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "OpenPNE",
              "vendor": "OpenPNE",
              "versions": [
                {
                  "status": "affected",
                  "version": "3.8.7"
                },
                {
                  "status": "affected",
                  "version": "3.6.11"
                },
                {
                  "status": "affected",
                  "version": "3.4.21.1"
                },
                {
                  "status": "affected",
                  "version": "3.2.7.6"
                },
                {
                  "status": "affected",
                  "version": "3.0.8.5 (Fixed: 3.8.7.1"
                },
                {
                  "status": "affected",
                  "version": "3.6.11.1"
                },
                {
                  "status": "affected",
                  "version": "3.4.21.2"
                },
                {
                  "status": "affected",
                  "version": "3.2.7.7"
                },
                {
                  "status": "affected",
                  "version": "3.0.8.6)"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "OpenPNE 3 versions 3.8.7, 3.6.11, 3.4.21.1, 3.2.7.6, 3.0.8.5 has an External Entity Injection Vulnerability"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "XXE",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-01-24T14:44:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.securityfocus.com/bid/62285"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87031"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2013/09/11/6"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert@redhat.com",
              "ID": "CVE-2013-4333",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "OpenPNE",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "3.8.7"
                              },
                              {
                                "version_value": "3.6.11"
                              },
                              {
                                "version_value": "3.4.21.1"
                              },
                              {
                                "version_value": "3.2.7.6"
                              },
                              {
                                "version_value": "3.0.8.5 (Fixed: 3.8.7.1"
                              },
                              {
                                "version_value": "3.6.11.1"
                              },
                              {
                                "version_value": "3.4.21.2"
                              },
                              {
                                "version_value": "3.2.7.7"
                              },
                              {
                                "version_value": "3.0.8.6)"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "OpenPNE"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "OpenPNE 3 versions 3.8.7, 3.6.11, 3.4.21.1, 3.2.7.6, 3.0.8.5 has an External Entity Injection Vulnerability"
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "XXE"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.securityfocus.com/bid/62285",
                  "refsource": "MISC",
                  "url": "http://www.securityfocus.com/bid/62285"
                },
                {
                  "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87031",
                  "refsource": "MISC",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87031"
                },
                {
                  "name": "http://www.openwall.com/lists/oss-security/2013/09/11/6",
                  "refsource": "MISC",
                  "url": "http://www.openwall.com/lists/oss-security/2013/09/11/6"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2013-4333",
        "datePublished": "2020-01-24T14:44:01.000Z",
        "dateReserved": "2013-06-12T00:00:00.000Z",
        "dateUpdated": "2024-08-06T16:38:01.887Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2013-5350 (GCVE-0-2013-5350)

    Vulnerability from nvd – Published: 2014-01-24 15:00 – Updated: 2024-08-06 17:06
    VLAI
    Summary
    The "Remember me" feature in the opSecurityUser::getRememberLoginCookie function in lib/user/opSecurityUser.class.php in OpenPNE 3.6.13 before 3.6.13.1 and 3.8.9 before 3.8.9.1 does not properly validate login data in HTTP Cookie headers, which allows remote attackers to conduct PHP object injection attacks, and execute arbitrary PHP code, via a crafted serialized object.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://www.openpne.jp/archives/12293/ x_refsource_CONFIRM
    http://jvn.jp/en/jp/JVN69986880/index.html third-party-advisoryx_refsource_JVN
    http://secunia.com/advisories/54043 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/secunia_research/2014-1/ x_refsource_MISC
    http://jvndb.jvn.jp/jvndb/JVNDB-2014-000009 third-party-advisoryx_refsource_JVNDB
    Date Public
    2014-01-20 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T17:06:52.363Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.openpne.jp/archives/12293/"
              },
              {
                "name": "JVN#69986880",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVN",
                  "x_transferred"
                ],
                "url": "http://jvn.jp/en/jp/JVN69986880/index.html"
              },
              {
                "name": "54043",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/54043"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://secunia.com/secunia_research/2014-1/"
              },
              {
                "name": "JVNDB-2014-000009",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVNDB",
                  "x_transferred"
                ],
                "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000009"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2014-01-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The \"Remember me\" feature in the opSecurityUser::getRememberLoginCookie function in lib/user/opSecurityUser.class.php in OpenPNE 3.6.13 before 3.6.13.1 and 3.8.9 before 3.8.9.1 does not properly validate login data in HTTP Cookie headers, which allows remote attackers to conduct PHP object injection attacks, and execute arbitrary PHP code, via a crafted serialized object."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2014-01-24T14:57:00.000Z",
            "orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
            "shortName": "flexera"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.openpne.jp/archives/12293/"
            },
            {
              "name": "JVN#69986880",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVN"
              ],
              "url": "http://jvn.jp/en/jp/JVN69986880/index.html"
            },
            {
              "name": "54043",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/54043"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://secunia.com/secunia_research/2014-1/"
            },
            {
              "name": "JVNDB-2014-000009",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVNDB"
              ],
              "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000009"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
              "ID": "CVE-2013-5350",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The \"Remember me\" feature in the opSecurityUser::getRememberLoginCookie function in lib/user/opSecurityUser.class.php in OpenPNE 3.6.13 before 3.6.13.1 and 3.8.9 before 3.8.9.1 does not properly validate login data in HTTP Cookie headers, which allows remote attackers to conduct PHP object injection attacks, and execute arbitrary PHP code, via a crafted serialized object."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.openpne.jp/archives/12293/",
                  "refsource": "CONFIRM",
                  "url": "https://www.openpne.jp/archives/12293/"
                },
                {
                  "name": "JVN#69986880",
                  "refsource": "JVN",
                  "url": "http://jvn.jp/en/jp/JVN69986880/index.html"
                },
                {
                  "name": "54043",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/54043"
                },
                {
                  "name": "http://secunia.com/secunia_research/2014-1/",
                  "refsource": "MISC",
                  "url": "http://secunia.com/secunia_research/2014-1/"
                },
                {
                  "name": "JVNDB-2014-000009",
                  "refsource": "JVNDB",
                  "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000009"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
        "assignerShortName": "flexera",
        "cveId": "CVE-2013-5350",
        "datePublished": "2014-01-24T15:00:00.000Z",
        "dateReserved": "2013-08-21T00:00:00.000Z",
        "dateUpdated": "2024-08-06T17:06:52.363Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2013-2309 (GCVE-0-2013-2309)

    Vulnerability from nvd – Published: 2013-06-17 01:00 – Updated: 2024-09-16 17:18
    VLAI
    Summary
    Cross-site scripting (XSS) vulnerability in the management screen in OpenPNE 3.4.x before 3.4.21.1, 3.6.x before 3.6.9.1, and 3.8.x before 3.8.5.1 allows remote attackers to inject arbitrary web script or HTML via vectors involving the "mobile version color scheme."
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.openpne.jp/archives/11096/ x_refsource_CONFIRM
    http://jvndb.jvn.jp/jvndb/JVNDB-2013-000038 third-party-advisoryx_refsource_JVNDB
    http://jvn.jp/en/jp/JVN18501376/index.html third-party-advisoryx_refsource_JVN
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T15:36:45.930Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.openpne.jp/archives/11096/"
              },
              {
                "name": "JVNDB-2013-000038",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVNDB",
                  "x_transferred"
                ],
                "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000038"
              },
              {
                "name": "JVN#18501376",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVN",
                  "x_transferred"
                ],
                "url": "http://jvn.jp/en/jp/JVN18501376/index.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site scripting (XSS) vulnerability in the management screen in OpenPNE 3.4.x before 3.4.21.1, 3.6.x before 3.6.9.1, and 3.8.x before 3.8.5.1 allows remote attackers to inject arbitrary web script or HTML via vectors involving the \"mobile version color scheme.\""
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2013-06-17T01:00:00.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.openpne.jp/archives/11096/"
            },
            {
              "name": "JVNDB-2013-000038",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVNDB"
              ],
              "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000038"
            },
            {
              "name": "JVN#18501376",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVN"
              ],
              "url": "http://jvn.jp/en/jp/JVN18501376/index.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2013-2309",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site scripting (XSS) vulnerability in the management screen in OpenPNE 3.4.x before 3.4.21.1, 3.6.x before 3.6.9.1, and 3.8.x before 3.8.5.1 allows remote attackers to inject arbitrary web script or HTML via vectors involving the \"mobile version color scheme.\""
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.openpne.jp/archives/11096/",
                  "refsource": "CONFIRM",
                  "url": "http://www.openpne.jp/archives/11096/"
                },
                {
                  "name": "JVNDB-2013-000038",
                  "refsource": "JVNDB",
                  "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000038"
                },
                {
                  "name": "JVN#18501376",
                  "refsource": "JVN",
                  "url": "http://jvn.jp/en/jp/JVN18501376/index.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2013-2309",
        "datePublished": "2013-06-17T01:00:00.000Z",
        "dateReserved": "2013-03-04T00:00:00.000Z",
        "dateUpdated": "2024-09-16T17:18:50.692Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2010-1040 (GCVE-0-2010-1040)

    Vulnerability from nvd – Published: 2010-03-23 18:00 – Updated: 2024-09-16 20:06
    VLAI
    Summary
    The "IP address range limitation" function in OpenPNE 1.6 through 1.8, 2.0 through 2.8, 2.10 through 2.14, and 3.0 through 3.4, when mobile device support is enabled, allows remote attackers to bypass the "simple login" functionality via unknown vectors related to spoofing.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.openpne.jp/archives/4612/ x_refsource_CONFIRM
    http://www.ipa.go.jp/security/vuln/alert/201003_o… x_refsource_MISC
    http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-0… third-party-advisoryx_refsource_JVNDB
    http://secunia.com/advisories/38857 third-party-advisoryx_refsource_SECUNIA
    http://jvn.jp/en/jp/JVN06874657/index.html third-party-advisoryx_refsource_JVN
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T01:06:52.695Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.openpne.jp/archives/4612/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.ipa.go.jp/security/vuln/alert/201003_openpne.html"
              },
              {
                "name": "JVNDB-2010-000006",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVNDB",
                  "x_transferred"
                ],
                "url": "http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-000006.html"
              },
              {
                "name": "38857",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/38857"
              },
              {
                "name": "JVN#06874657",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVN",
                  "x_transferred"
                ],
                "url": "http://jvn.jp/en/jp/JVN06874657/index.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The \"IP address range limitation\" function in OpenPNE 1.6 through 1.8, 2.0 through 2.8, 2.10 through 2.14, and 3.0 through 3.4, when mobile device support is enabled, allows remote attackers to bypass the \"simple login\" functionality via unknown vectors related to spoofing."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2010-03-23T18:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.openpne.jp/archives/4612/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.ipa.go.jp/security/vuln/alert/201003_openpne.html"
            },
            {
              "name": "JVNDB-2010-000006",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVNDB"
              ],
              "url": "http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-000006.html"
            },
            {
              "name": "38857",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/38857"
            },
            {
              "name": "JVN#06874657",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVN"
              ],
              "url": "http://jvn.jp/en/jp/JVN06874657/index.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2010-1040",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The \"IP address range limitation\" function in OpenPNE 1.6 through 1.8, 2.0 through 2.8, 2.10 through 2.14, and 3.0 through 3.4, when mobile device support is enabled, allows remote attackers to bypass the \"simple login\" functionality via unknown vectors related to spoofing."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.openpne.jp/archives/4612/",
                  "refsource": "CONFIRM",
                  "url": "http://www.openpne.jp/archives/4612/"
                },
                {
                  "name": "http://www.ipa.go.jp/security/vuln/alert/201003_openpne.html",
                  "refsource": "MISC",
                  "url": "http://www.ipa.go.jp/security/vuln/alert/201003_openpne.html"
                },
                {
                  "name": "JVNDB-2010-000006",
                  "refsource": "JVNDB",
                  "url": "http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-000006.html"
                },
                {
                  "name": "38857",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/38857"
                },
                {
                  "name": "JVN#06874657",
                  "refsource": "JVN",
                  "url": "http://jvn.jp/en/jp/JVN06874657/index.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2010-1040",
        "datePublished": "2010-03-23T18:00:00.000Z",
        "dateReserved": "2010-03-19T00:00:00.000Z",
        "dateUpdated": "2024-09-16T20:06:22.595Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2013-4333 (GCVE-0-2013-4333)

    Vulnerability from cvelistv5 – Published: 2020-01-24 14:44 – Updated: 2024-08-06 16:38
    VLAI
    Summary
    OpenPNE 3 versions 3.8.7, 3.6.11, 3.4.21.1, 3.2.7.6, 3.0.8.5 has an External Entity Injection Vulnerability
    Severity
    No CVSS data available.
    CWE
    • XXE
    Assigner
    Impacted products
    Vendor Product Version
    OpenPNE OpenPNE Affected: 3.8.7
    Affected: 3.6.11
    Affected: 3.4.21.1
    Affected: 3.2.7.6
    Affected: 3.0.8.5 (Fixed: 3.8.7.1
    Affected: 3.6.11.1
    Affected: 3.4.21.2
    Affected: 3.2.7.7
    Affected: 3.0.8.6)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T16:38:01.887Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/62285"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87031"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2013/09/11/6"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "OpenPNE",
              "vendor": "OpenPNE",
              "versions": [
                {
                  "status": "affected",
                  "version": "3.8.7"
                },
                {
                  "status": "affected",
                  "version": "3.6.11"
                },
                {
                  "status": "affected",
                  "version": "3.4.21.1"
                },
                {
                  "status": "affected",
                  "version": "3.2.7.6"
                },
                {
                  "status": "affected",
                  "version": "3.0.8.5 (Fixed: 3.8.7.1"
                },
                {
                  "status": "affected",
                  "version": "3.6.11.1"
                },
                {
                  "status": "affected",
                  "version": "3.4.21.2"
                },
                {
                  "status": "affected",
                  "version": "3.2.7.7"
                },
                {
                  "status": "affected",
                  "version": "3.0.8.6)"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "OpenPNE 3 versions 3.8.7, 3.6.11, 3.4.21.1, 3.2.7.6, 3.0.8.5 has an External Entity Injection Vulnerability"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "XXE",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-01-24T14:44:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.securityfocus.com/bid/62285"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87031"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2013/09/11/6"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert@redhat.com",
              "ID": "CVE-2013-4333",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "OpenPNE",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "3.8.7"
                              },
                              {
                                "version_value": "3.6.11"
                              },
                              {
                                "version_value": "3.4.21.1"
                              },
                              {
                                "version_value": "3.2.7.6"
                              },
                              {
                                "version_value": "3.0.8.5 (Fixed: 3.8.7.1"
                              },
                              {
                                "version_value": "3.6.11.1"
                              },
                              {
                                "version_value": "3.4.21.2"
                              },
                              {
                                "version_value": "3.2.7.7"
                              },
                              {
                                "version_value": "3.0.8.6)"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "OpenPNE"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "OpenPNE 3 versions 3.8.7, 3.6.11, 3.4.21.1, 3.2.7.6, 3.0.8.5 has an External Entity Injection Vulnerability"
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "XXE"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.securityfocus.com/bid/62285",
                  "refsource": "MISC",
                  "url": "http://www.securityfocus.com/bid/62285"
                },
                {
                  "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87031",
                  "refsource": "MISC",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87031"
                },
                {
                  "name": "http://www.openwall.com/lists/oss-security/2013/09/11/6",
                  "refsource": "MISC",
                  "url": "http://www.openwall.com/lists/oss-security/2013/09/11/6"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2013-4333",
        "datePublished": "2020-01-24T14:44:01.000Z",
        "dateReserved": "2013-06-12T00:00:00.000Z",
        "dateUpdated": "2024-08-06T16:38:01.887Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2013-5350 (GCVE-0-2013-5350)

    Vulnerability from cvelistv5 – Published: 2014-01-24 15:00 – Updated: 2024-08-06 17:06
    VLAI
    Summary
    The "Remember me" feature in the opSecurityUser::getRememberLoginCookie function in lib/user/opSecurityUser.class.php in OpenPNE 3.6.13 before 3.6.13.1 and 3.8.9 before 3.8.9.1 does not properly validate login data in HTTP Cookie headers, which allows remote attackers to conduct PHP object injection attacks, and execute arbitrary PHP code, via a crafted serialized object.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://www.openpne.jp/archives/12293/ x_refsource_CONFIRM
    http://jvn.jp/en/jp/JVN69986880/index.html third-party-advisoryx_refsource_JVN
    http://secunia.com/advisories/54043 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/secunia_research/2014-1/ x_refsource_MISC
    http://jvndb.jvn.jp/jvndb/JVNDB-2014-000009 third-party-advisoryx_refsource_JVNDB
    Date Public
    2014-01-20 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T17:06:52.363Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.openpne.jp/archives/12293/"
              },
              {
                "name": "JVN#69986880",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVN",
                  "x_transferred"
                ],
                "url": "http://jvn.jp/en/jp/JVN69986880/index.html"
              },
              {
                "name": "54043",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/54043"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://secunia.com/secunia_research/2014-1/"
              },
              {
                "name": "JVNDB-2014-000009",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVNDB",
                  "x_transferred"
                ],
                "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000009"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2014-01-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The \"Remember me\" feature in the opSecurityUser::getRememberLoginCookie function in lib/user/opSecurityUser.class.php in OpenPNE 3.6.13 before 3.6.13.1 and 3.8.9 before 3.8.9.1 does not properly validate login data in HTTP Cookie headers, which allows remote attackers to conduct PHP object injection attacks, and execute arbitrary PHP code, via a crafted serialized object."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2014-01-24T14:57:00.000Z",
            "orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
            "shortName": "flexera"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.openpne.jp/archives/12293/"
            },
            {
              "name": "JVN#69986880",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVN"
              ],
              "url": "http://jvn.jp/en/jp/JVN69986880/index.html"
            },
            {
              "name": "54043",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/54043"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://secunia.com/secunia_research/2014-1/"
            },
            {
              "name": "JVNDB-2014-000009",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVNDB"
              ],
              "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000009"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
              "ID": "CVE-2013-5350",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The \"Remember me\" feature in the opSecurityUser::getRememberLoginCookie function in lib/user/opSecurityUser.class.php in OpenPNE 3.6.13 before 3.6.13.1 and 3.8.9 before 3.8.9.1 does not properly validate login data in HTTP Cookie headers, which allows remote attackers to conduct PHP object injection attacks, and execute arbitrary PHP code, via a crafted serialized object."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.openpne.jp/archives/12293/",
                  "refsource": "CONFIRM",
                  "url": "https://www.openpne.jp/archives/12293/"
                },
                {
                  "name": "JVN#69986880",
                  "refsource": "JVN",
                  "url": "http://jvn.jp/en/jp/JVN69986880/index.html"
                },
                {
                  "name": "54043",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/54043"
                },
                {
                  "name": "http://secunia.com/secunia_research/2014-1/",
                  "refsource": "MISC",
                  "url": "http://secunia.com/secunia_research/2014-1/"
                },
                {
                  "name": "JVNDB-2014-000009",
                  "refsource": "JVNDB",
                  "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000009"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
        "assignerShortName": "flexera",
        "cveId": "CVE-2013-5350",
        "datePublished": "2014-01-24T15:00:00.000Z",
        "dateReserved": "2013-08-21T00:00:00.000Z",
        "dateUpdated": "2024-08-06T17:06:52.363Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2013-2309 (GCVE-0-2013-2309)

    Vulnerability from cvelistv5 – Published: 2013-06-17 01:00 – Updated: 2024-09-16 17:18
    VLAI
    Summary
    Cross-site scripting (XSS) vulnerability in the management screen in OpenPNE 3.4.x before 3.4.21.1, 3.6.x before 3.6.9.1, and 3.8.x before 3.8.5.1 allows remote attackers to inject arbitrary web script or HTML via vectors involving the "mobile version color scheme."
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.openpne.jp/archives/11096/ x_refsource_CONFIRM
    http://jvndb.jvn.jp/jvndb/JVNDB-2013-000038 third-party-advisoryx_refsource_JVNDB
    http://jvn.jp/en/jp/JVN18501376/index.html third-party-advisoryx_refsource_JVN
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T15:36:45.930Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.openpne.jp/archives/11096/"
              },
              {
                "name": "JVNDB-2013-000038",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVNDB",
                  "x_transferred"
                ],
                "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000038"
              },
              {
                "name": "JVN#18501376",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVN",
                  "x_transferred"
                ],
                "url": "http://jvn.jp/en/jp/JVN18501376/index.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site scripting (XSS) vulnerability in the management screen in OpenPNE 3.4.x before 3.4.21.1, 3.6.x before 3.6.9.1, and 3.8.x before 3.8.5.1 allows remote attackers to inject arbitrary web script or HTML via vectors involving the \"mobile version color scheme.\""
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2013-06-17T01:00:00.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.openpne.jp/archives/11096/"
            },
            {
              "name": "JVNDB-2013-000038",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVNDB"
              ],
              "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000038"
            },
            {
              "name": "JVN#18501376",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVN"
              ],
              "url": "http://jvn.jp/en/jp/JVN18501376/index.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2013-2309",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site scripting (XSS) vulnerability in the management screen in OpenPNE 3.4.x before 3.4.21.1, 3.6.x before 3.6.9.1, and 3.8.x before 3.8.5.1 allows remote attackers to inject arbitrary web script or HTML via vectors involving the \"mobile version color scheme.\""
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.openpne.jp/archives/11096/",
                  "refsource": "CONFIRM",
                  "url": "http://www.openpne.jp/archives/11096/"
                },
                {
                  "name": "JVNDB-2013-000038",
                  "refsource": "JVNDB",
                  "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000038"
                },
                {
                  "name": "JVN#18501376",
                  "refsource": "JVN",
                  "url": "http://jvn.jp/en/jp/JVN18501376/index.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2013-2309",
        "datePublished": "2013-06-17T01:00:00.000Z",
        "dateReserved": "2013-03-04T00:00:00.000Z",
        "dateUpdated": "2024-09-16T17:18:50.692Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2010-1040 (GCVE-0-2010-1040)

    Vulnerability from cvelistv5 – Published: 2010-03-23 18:00 – Updated: 2024-09-16 20:06
    VLAI
    Summary
    The "IP address range limitation" function in OpenPNE 1.6 through 1.8, 2.0 through 2.8, 2.10 through 2.14, and 3.0 through 3.4, when mobile device support is enabled, allows remote attackers to bypass the "simple login" functionality via unknown vectors related to spoofing.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.openpne.jp/archives/4612/ x_refsource_CONFIRM
    http://www.ipa.go.jp/security/vuln/alert/201003_o… x_refsource_MISC
    http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-0… third-party-advisoryx_refsource_JVNDB
    http://secunia.com/advisories/38857 third-party-advisoryx_refsource_SECUNIA
    http://jvn.jp/en/jp/JVN06874657/index.html third-party-advisoryx_refsource_JVN
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T01:06:52.695Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.openpne.jp/archives/4612/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.ipa.go.jp/security/vuln/alert/201003_openpne.html"
              },
              {
                "name": "JVNDB-2010-000006",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVNDB",
                  "x_transferred"
                ],
                "url": "http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-000006.html"
              },
              {
                "name": "38857",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/38857"
              },
              {
                "name": "JVN#06874657",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVN",
                  "x_transferred"
                ],
                "url": "http://jvn.jp/en/jp/JVN06874657/index.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The \"IP address range limitation\" function in OpenPNE 1.6 through 1.8, 2.0 through 2.8, 2.10 through 2.14, and 3.0 through 3.4, when mobile device support is enabled, allows remote attackers to bypass the \"simple login\" functionality via unknown vectors related to spoofing."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2010-03-23T18:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.openpne.jp/archives/4612/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.ipa.go.jp/security/vuln/alert/201003_openpne.html"
            },
            {
              "name": "JVNDB-2010-000006",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVNDB"
              ],
              "url": "http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-000006.html"
            },
            {
              "name": "38857",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/38857"
            },
            {
              "name": "JVN#06874657",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVN"
              ],
              "url": "http://jvn.jp/en/jp/JVN06874657/index.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2010-1040",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The \"IP address range limitation\" function in OpenPNE 1.6 through 1.8, 2.0 through 2.8, 2.10 through 2.14, and 3.0 through 3.4, when mobile device support is enabled, allows remote attackers to bypass the \"simple login\" functionality via unknown vectors related to spoofing."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.openpne.jp/archives/4612/",
                  "refsource": "CONFIRM",
                  "url": "http://www.openpne.jp/archives/4612/"
                },
                {
                  "name": "http://www.ipa.go.jp/security/vuln/alert/201003_openpne.html",
                  "refsource": "MISC",
                  "url": "http://www.ipa.go.jp/security/vuln/alert/201003_openpne.html"
                },
                {
                  "name": "JVNDB-2010-000006",
                  "refsource": "JVNDB",
                  "url": "http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-000006.html"
                },
                {
                  "name": "38857",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/38857"
                },
                {
                  "name": "JVN#06874657",
                  "refsource": "JVN",
                  "url": "http://jvn.jp/en/jp/JVN06874657/index.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2010-1040",
        "datePublished": "2010-03-23T18:00:00.000Z",
        "dateReserved": "2010-03-19T00:00:00.000Z",
        "dateUpdated": "2024-09-16T20:06:22.595Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }