Search
Find a vulnerability
Search criteria
6 vulnerabilities found for sava_cms by blueriver
CVE-2010-3468 (GCVE-0-2010-3468)
Vulnerability from nvd – Published: 2010-09-29 16:00 – Updated: 2024-09-17 02:53
VLAI
Summary
Directory traversal vulnerability in fileManager.cfc in Mura CMS 5.1 before 5.1.498 and 5.2 before 5.2.2809, and Sava CMS 5 through 5.2, allows remote attackers to read arbitrary files via a .. (dot dot) in the FILEID parameter to the default URI under tasks/render/file/.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://www.stratsec.net/Research/Advisories/Blue-… | x_refsource_MISC |
| http://www.getmura.com/index.cfm/blog/critical-se… | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/43499 | vdb-entryx_refsource_BID |
| http://www.exploit-db.com/exploits/15120 | exploitx_refsource_EXPLOIT-DB |
| http://secunia.com/advisories/41591 | third-party-advisoryx_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:11:44.329Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.stratsec.net/Research/Advisories/Blue-River-Mura-CMS-Directory-Traversal-%28SS-2010-0"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.getmura.com/index.cfm/blog/critical-security-patch/"
},
{
"name": "43499",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/43499"
},
{
"name": "15120",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/15120"
},
{
"name": "41591",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/41591"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in fileManager.cfc in Mura CMS 5.1 before 5.1.498 and 5.2 before 5.2.2809, and Sava CMS 5 through 5.2, allows remote attackers to read arbitrary files via a .. (dot dot) in the FILEID parameter to the default URI under tasks/render/file/."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-09-29T16:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.stratsec.net/Research/Advisories/Blue-River-Mura-CMS-Directory-Traversal-%28SS-2010-0"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.getmura.com/index.cfm/blog/critical-security-patch/"
},
{
"name": "43499",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/43499"
},
{
"name": "15120",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/15120"
},
{
"name": "41591",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/41591"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-3468",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in fileManager.cfc in Mura CMS 5.1 before 5.1.498 and 5.2 before 5.2.2809, and Sava CMS 5 through 5.2, allows remote attackers to read arbitrary files via a .. (dot dot) in the FILEID parameter to the default URI under tasks/render/file/."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.stratsec.net/Research/Advisories/Blue-River-Mura-CMS-Directory-Traversal-%28SS-2010-0",
"refsource": "MISC",
"url": "http://www.stratsec.net/Research/Advisories/Blue-River-Mura-CMS-Directory-Traversal-%28SS-2010-0"
},
{
"name": "http://www.getmura.com/index.cfm/blog/critical-security-patch/",
"refsource": "CONFIRM",
"url": "http://www.getmura.com/index.cfm/blog/critical-security-patch/"
},
{
"name": "43499",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/43499"
},
{
"name": "15120",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/15120"
},
{
"name": "41591",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/41591"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-3468",
"datePublished": "2010-09-29T16:00:00.000Z",
"dateReserved": "2010-09-20T00:00:00.000Z",
"dateUpdated": "2024-09-17T02:53:22.883Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-6434 (GCVE-0-2008-6434)
Vulnerability from nvd – Published: 2009-03-06 18:00 – Updated: 2024-08-07 11:27
VLAI
Summary
SQL injection vulnerability in index.cfm in Blue River Interactive Group Sava CMS before 5.0.122 allows remote attackers to execute arbitrary SQL commands via the LinkServID parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/29346 | vdb-entryx_refsource_BID |
| http://secunia.com/advisories/30367 | third-party-advisoryx_refsource_SECUNIA |
| http://osvdb.org/45616 | vdb-entryx_refsource_OSVDB |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://holisticinfosec.org/content/view/67/45/ | x_refsource_MISC |
Date Public
2008-05-23 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:27:35.972Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "29346",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/29346"
},
{
"name": "30367",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30367"
},
{
"name": "45616",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/45616"
},
{
"name": "savacms-index-sql-injection(49225)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49225"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://holisticinfosec.org/content/view/67/45/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-05-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in index.cfm in Blue River Interactive Group Sava CMS before 5.0.122 allows remote attackers to execute arbitrary SQL commands via the LinkServID parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "29346",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/29346"
},
{
"name": "30367",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30367"
},
{
"name": "45616",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/45616"
},
{
"name": "savacms-index-sql-injection(49225)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49225"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://holisticinfosec.org/content/view/67/45/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6434",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in index.cfm in Blue River Interactive Group Sava CMS before 5.0.122 allows remote attackers to execute arbitrary SQL commands via the LinkServID parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "29346",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29346"
},
{
"name": "30367",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30367"
},
{
"name": "45616",
"refsource": "OSVDB",
"url": "http://osvdb.org/45616"
},
{
"name": "savacms-index-sql-injection(49225)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49225"
},
{
"name": "http://holisticinfosec.org/content/view/67/45/",
"refsource": "MISC",
"url": "http://holisticinfosec.org/content/view/67/45/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-6434",
"datePublished": "2009-03-06T18:00:00.000Z",
"dateReserved": "2009-03-06T00:00:00.000Z",
"dateUpdated": "2024-08-07T11:27:35.972Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-6433 (GCVE-0-2008-6433)
Vulnerability from nvd – Published: 2009-03-06 18:00 – Updated: 2024-08-07 11:27
VLAI
Summary
Cross-site scripting (XSS) vulnerability in index.cfm in Blue River Interactive Group Sava CMS before 5.0.122 allows remote attackers to inject arbitrary web script or HTML via the keywords parameter in a search action.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/29346 | vdb-entryx_refsource_BID |
| http://osvdb.org/45615 | vdb-entryx_refsource_OSVDB |
| http://secunia.com/advisories/30367 | third-party-advisoryx_refsource_SECUNIA |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://holisticinfosec.org/content/view/67/45/ | x_refsource_MISC |
Date Public
2008-05-23 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:27:35.953Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "29346",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/29346"
},
{
"name": "45615",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/45615"
},
{
"name": "30367",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30367"
},
{
"name": "savacmsindex-xss(49224)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49224"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://holisticinfosec.org/content/view/67/45/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-05-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in index.cfm in Blue River Interactive Group Sava CMS before 5.0.122 allows remote attackers to inject arbitrary web script or HTML via the keywords parameter in a search action."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "29346",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/29346"
},
{
"name": "45615",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/45615"
},
{
"name": "30367",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30367"
},
{
"name": "savacmsindex-xss(49224)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49224"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://holisticinfosec.org/content/view/67/45/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6433",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in index.cfm in Blue River Interactive Group Sava CMS before 5.0.122 allows remote attackers to inject arbitrary web script or HTML via the keywords parameter in a search action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "29346",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29346"
},
{
"name": "45615",
"refsource": "OSVDB",
"url": "http://osvdb.org/45615"
},
{
"name": "30367",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30367"
},
{
"name": "savacmsindex-xss(49224)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49224"
},
{
"name": "http://holisticinfosec.org/content/view/67/45/",
"refsource": "MISC",
"url": "http://holisticinfosec.org/content/view/67/45/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-6433",
"datePublished": "2009-03-06T18:00:00.000Z",
"dateReserved": "2009-03-06T00:00:00.000Z",
"dateUpdated": "2024-08-07T11:27:35.953Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-3468 (GCVE-0-2010-3468)
Vulnerability from cvelistv5 – Published: 2010-09-29 16:00 – Updated: 2024-09-17 02:53
VLAI
Summary
Directory traversal vulnerability in fileManager.cfc in Mura CMS 5.1 before 5.1.498 and 5.2 before 5.2.2809, and Sava CMS 5 through 5.2, allows remote attackers to read arbitrary files via a .. (dot dot) in the FILEID parameter to the default URI under tasks/render/file/.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://www.stratsec.net/Research/Advisories/Blue-… | x_refsource_MISC |
| http://www.getmura.com/index.cfm/blog/critical-se… | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/43499 | vdb-entryx_refsource_BID |
| http://www.exploit-db.com/exploits/15120 | exploitx_refsource_EXPLOIT-DB |
| http://secunia.com/advisories/41591 | third-party-advisoryx_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:11:44.329Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.stratsec.net/Research/Advisories/Blue-River-Mura-CMS-Directory-Traversal-%28SS-2010-0"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.getmura.com/index.cfm/blog/critical-security-patch/"
},
{
"name": "43499",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/43499"
},
{
"name": "15120",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/15120"
},
{
"name": "41591",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/41591"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in fileManager.cfc in Mura CMS 5.1 before 5.1.498 and 5.2 before 5.2.2809, and Sava CMS 5 through 5.2, allows remote attackers to read arbitrary files via a .. (dot dot) in the FILEID parameter to the default URI under tasks/render/file/."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-09-29T16:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.stratsec.net/Research/Advisories/Blue-River-Mura-CMS-Directory-Traversal-%28SS-2010-0"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.getmura.com/index.cfm/blog/critical-security-patch/"
},
{
"name": "43499",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/43499"
},
{
"name": "15120",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/15120"
},
{
"name": "41591",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/41591"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-3468",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in fileManager.cfc in Mura CMS 5.1 before 5.1.498 and 5.2 before 5.2.2809, and Sava CMS 5 through 5.2, allows remote attackers to read arbitrary files via a .. (dot dot) in the FILEID parameter to the default URI under tasks/render/file/."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.stratsec.net/Research/Advisories/Blue-River-Mura-CMS-Directory-Traversal-%28SS-2010-0",
"refsource": "MISC",
"url": "http://www.stratsec.net/Research/Advisories/Blue-River-Mura-CMS-Directory-Traversal-%28SS-2010-0"
},
{
"name": "http://www.getmura.com/index.cfm/blog/critical-security-patch/",
"refsource": "CONFIRM",
"url": "http://www.getmura.com/index.cfm/blog/critical-security-patch/"
},
{
"name": "43499",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/43499"
},
{
"name": "15120",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/15120"
},
{
"name": "41591",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/41591"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-3468",
"datePublished": "2010-09-29T16:00:00.000Z",
"dateReserved": "2010-09-20T00:00:00.000Z",
"dateUpdated": "2024-09-17T02:53:22.883Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-6433 (GCVE-0-2008-6433)
Vulnerability from cvelistv5 – Published: 2009-03-06 18:00 – Updated: 2024-08-07 11:27
VLAI
Summary
Cross-site scripting (XSS) vulnerability in index.cfm in Blue River Interactive Group Sava CMS before 5.0.122 allows remote attackers to inject arbitrary web script or HTML via the keywords parameter in a search action.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/29346 | vdb-entryx_refsource_BID |
| http://osvdb.org/45615 | vdb-entryx_refsource_OSVDB |
| http://secunia.com/advisories/30367 | third-party-advisoryx_refsource_SECUNIA |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://holisticinfosec.org/content/view/67/45/ | x_refsource_MISC |
Date Public
2008-05-23 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:27:35.953Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "29346",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/29346"
},
{
"name": "45615",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/45615"
},
{
"name": "30367",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30367"
},
{
"name": "savacmsindex-xss(49224)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49224"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://holisticinfosec.org/content/view/67/45/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-05-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in index.cfm in Blue River Interactive Group Sava CMS before 5.0.122 allows remote attackers to inject arbitrary web script or HTML via the keywords parameter in a search action."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "29346",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/29346"
},
{
"name": "45615",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/45615"
},
{
"name": "30367",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30367"
},
{
"name": "savacmsindex-xss(49224)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49224"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://holisticinfosec.org/content/view/67/45/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6433",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in index.cfm in Blue River Interactive Group Sava CMS before 5.0.122 allows remote attackers to inject arbitrary web script or HTML via the keywords parameter in a search action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "29346",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29346"
},
{
"name": "45615",
"refsource": "OSVDB",
"url": "http://osvdb.org/45615"
},
{
"name": "30367",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30367"
},
{
"name": "savacmsindex-xss(49224)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49224"
},
{
"name": "http://holisticinfosec.org/content/view/67/45/",
"refsource": "MISC",
"url": "http://holisticinfosec.org/content/view/67/45/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-6433",
"datePublished": "2009-03-06T18:00:00.000Z",
"dateReserved": "2009-03-06T00:00:00.000Z",
"dateUpdated": "2024-08-07T11:27:35.953Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-6434 (GCVE-0-2008-6434)
Vulnerability from cvelistv5 – Published: 2009-03-06 18:00 – Updated: 2024-08-07 11:27
VLAI
Summary
SQL injection vulnerability in index.cfm in Blue River Interactive Group Sava CMS before 5.0.122 allows remote attackers to execute arbitrary SQL commands via the LinkServID parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/29346 | vdb-entryx_refsource_BID |
| http://secunia.com/advisories/30367 | third-party-advisoryx_refsource_SECUNIA |
| http://osvdb.org/45616 | vdb-entryx_refsource_OSVDB |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://holisticinfosec.org/content/view/67/45/ | x_refsource_MISC |
Date Public
2008-05-23 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:27:35.972Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "29346",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/29346"
},
{
"name": "30367",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30367"
},
{
"name": "45616",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/45616"
},
{
"name": "savacms-index-sql-injection(49225)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49225"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://holisticinfosec.org/content/view/67/45/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-05-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in index.cfm in Blue River Interactive Group Sava CMS before 5.0.122 allows remote attackers to execute arbitrary SQL commands via the LinkServID parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "29346",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/29346"
},
{
"name": "30367",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30367"
},
{
"name": "45616",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/45616"
},
{
"name": "savacms-index-sql-injection(49225)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49225"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://holisticinfosec.org/content/view/67/45/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6434",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in index.cfm in Blue River Interactive Group Sava CMS before 5.0.122 allows remote attackers to execute arbitrary SQL commands via the LinkServID parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "29346",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29346"
},
{
"name": "30367",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30367"
},
{
"name": "45616",
"refsource": "OSVDB",
"url": "http://osvdb.org/45616"
},
{
"name": "savacms-index-sql-injection(49225)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49225"
},
{
"name": "http://holisticinfosec.org/content/view/67/45/",
"refsource": "MISC",
"url": "http://holisticinfosec.org/content/view/67/45/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-6434",
"datePublished": "2009-03-06T18:00:00.000Z",
"dateReserved": "2009-03-06T00:00:00.000Z",
"dateUpdated": "2024-08-07T11:27:35.972Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}