Search
Find a vulnerability
Search criteria
26 vulnerabilities by intervations
VAR-200910-0131
Vulnerability from variot - Updated: 2025-04-10 23:05InterVations NaviCOPA Web Server 3.01 allows remote attackers to obtain the source code for a web page via an HTTP request with the addition of ::$DATA after the HTML file name. NaviCOPA Web Server is a web server installed on a Windows system that automatically configures HTTP access. NaviCOPA Web Server is prone to a remote buffer-overflow vulnerability and an information-disclosure vulnerability because the application fails to properly bounds-check or validate user-supplied input. Successful exploits of the buffer-overflow issue may lead to the execution of arbitrary code in the context of the application or to denial-of-service conditions. Also, attackers can exploit the information-disclosure issue to retrieve arbitrary source code in the context of the webserver process. Information harvested may aid in further attacks. The CB Resume Builder ('com_cbresumebuilder') component for Joomla! is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. ----------------------------------------------------------------------
Do you have VARM strategy implemented?
(Vulnerability Assessment Remediation Management)
If not, then implement it through the most reliable vulnerability intelligence source on the market.
Implement it through Secunia.
Input passed via the "group_id" parameter to index.php (if "option" is set to "com_cbresumebuilder" and "task" is set to "group_member") is not properly sanitised before being used in an SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
SOLUTION: Edit the source code to ensure that input is properly sanitised. ----------------------------------------------------------------------
Did you know that a change in our assessment rating, exploit code availability, or if an updated patch is released by the vendor, is not part of this mailing-list?
Click here to learn more: http://secunia.com/advisories/business_solutions/
TITLE: NaviCOPA Script Source Disclosure and Buffer Overflow Vulnerabilities
SECUNIA ADVISORY ID: SA33766
VERIFY ADVISORY: http://secunia.com/advisories/33766/
CRITICAL: Highly critical
IMPACT: Exposure of sensitive information, DoS, System access
WHERE:
From remote
SOFTWARE: NaviCOPA 3.x http://secunia.com/advisories/product/21322/
DESCRIPTION: e.wiZz! has discovered two vulnerabilities in NaviCOPA, which can be exploited by malicious people to disclose potentially sensitive information, cause a DoS (Denial of Service), or potentially compromise a vulnerable system.
1) A boundary error in the processing of HTTP requests can be exploited to cause a heap-based buffer overflow via an overly long HTTP GET request. PHP scripts via specially crafted requests containing e.g. dot characters.
The vulnerabilities are confirmed in version 3.01.
SOLUTION: Restrict access to trusted users only.
PROVIDED AND/OR DISCOVERED BY: e.wiZz!
ORIGINAL ADVISORY: http://milw0rm.com/exploits/7966
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200910-0131",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "navicopa web server",
"scope": "eq",
"trust": 3.0,
"vendor": "intervations",
"version": "3.01"
},
{
"model": null,
"scope": null,
"trust": 0.6,
"vendor": "no",
"version": null
},
{
"model": "cb resume builder",
"scope": "eq",
"trust": 0.3,
"vendor": "joomlacache",
"version": "0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2009-0590"
},
{
"db": "BID",
"id": "79333"
},
{
"db": "BID",
"id": "33585"
},
{
"db": "BID",
"id": "36598"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-005046"
},
{
"db": "CNNVD",
"id": "CNNVD-200910-168"
},
{
"db": "NVD",
"id": "CVE-2009-3646"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:intervations:navicopa_web_server",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-005046"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unknown",
"sources": [
{
"db": "BID",
"id": "79333"
}
],
"trust": 0.3
},
"cve": "CVE-2009-3646",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2009-3646",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "CNVD-2009-0590",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2009-3646",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2009-3646",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2009-0590",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-200910-168",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2009-0590"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-005046"
},
{
"db": "CNNVD",
"id": "CNNVD-200910-168"
},
{
"db": "NVD",
"id": "CVE-2009-3646"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "InterVations NaviCOPA Web Server 3.01 allows remote attackers to obtain the source code for a web page via an HTTP request with the addition of ::$DATA after the HTML file name. NaviCOPA Web Server is a web server installed on a Windows system that automatically configures HTTP access. NaviCOPA Web Server is prone to a remote buffer-overflow vulnerability and an information-disclosure vulnerability because the application fails to properly bounds-check or validate user-supplied input. \nSuccessful exploits of the buffer-overflow issue may lead to the execution of arbitrary code in the context of the application or to denial-of-service conditions. Also, attackers can exploit the information-disclosure issue to retrieve arbitrary source code in the context of the webserver process. Information harvested may aid in further attacks. The CB Resume Builder (\u0027com_cbresumebuilder\u0027) component for Joomla! is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. \nExploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. ----------------------------------------------------------------------\n\nDo you have VARM strategy implemented?\n\n(Vulnerability Assessment Remediation Management) \n\nIf not, then implement it through the most reliable vulnerability\nintelligence source on the market. \n\nImplement it through Secunia. \n\nInput passed via the \"group_id\" parameter to index.php (if \"option\"\nis set to \"com_cbresumebuilder\" and \"task\" is set to \"group_member\")\nis not properly sanitised before being used in an SQL query. This can\nbe exploited to manipulate SQL queries by injecting arbitrary SQL\ncode. \n\nSOLUTION:\nEdit the source code to ensure that input is properly sanitised. ----------------------------------------------------------------------\n\nDid you know that a change in our assessment rating, exploit code\navailability, or if an updated patch is released by the vendor, is\nnot part of this mailing-list?\n\nClick here to learn more:\nhttp://secunia.com/advisories/business_solutions/\n\n----------------------------------------------------------------------\n\nTITLE:\nNaviCOPA Script Source Disclosure and Buffer Overflow Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA33766\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/33766/\n\nCRITICAL:\nHighly critical\n\nIMPACT:\nExposure of sensitive information, DoS, System access\n\nWHERE:\n\u003eFrom remote\n\nSOFTWARE:\nNaviCOPA 3.x\nhttp://secunia.com/advisories/product/21322/\n\nDESCRIPTION:\ne.wiZz! has discovered two vulnerabilities in NaviCOPA, which can be\nexploited by malicious people to disclose potentially sensitive\ninformation, cause a DoS (Denial of Service), or potentially\ncompromise a vulnerable system. \n\n1) A boundary error in the processing of HTTP requests can be\nexploited to cause a heap-based buffer overflow via an overly long\nHTTP GET request. PHP scripts via specially crafted\nrequests containing e.g. dot characters. \n\nThe vulnerabilities are confirmed in version 3.01. \n\nSOLUTION:\nRestrict access to trusted users only. \n\nPROVIDED AND/OR DISCOVERED BY:\ne.wiZz!\n\nORIGINAL ADVISORY:\nhttp://milw0rm.com/exploits/7966\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2009-3646"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-005046"
},
{
"db": "CNVD",
"id": "CNVD-2009-0590"
},
{
"db": "BID",
"id": "79333"
},
{
"db": "BID",
"id": "33585"
},
{
"db": "BID",
"id": "36598"
},
{
"db": "PACKETSTORM",
"id": "81825"
},
{
"db": "PACKETSTORM",
"id": "74658"
}
],
"trust": 3.15
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2009-3646",
"trust": 2.7
},
{
"db": "SECUNIA",
"id": "33766",
"trust": 1.8
},
{
"db": "EXPLOIT-DB",
"id": "9694",
"trust": 1.3
},
{
"db": "OSVDB",
"id": "58386",
"trust": 1.0
},
{
"db": "BID",
"id": "33585",
"trust": 0.9
},
{
"db": "BID",
"id": "36598",
"trust": 0.9
},
{
"db": "JVNDB",
"id": "JVNDB-2009-005046",
"trust": 0.8
},
{
"db": "SECUNIA",
"id": "36954",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2009-0590",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200910-168",
"trust": 0.6
},
{
"db": "XF",
"id": "53278",
"trust": 0.3
},
{
"db": "BID",
"id": "79333",
"trust": 0.3
},
{
"db": "PACKETSTORM",
"id": "81825",
"trust": 0.1
},
{
"db": "EXPLOIT-DB",
"id": "7966",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "74658",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2009-0590"
},
{
"db": "BID",
"id": "79333"
},
{
"db": "BID",
"id": "33585"
},
{
"db": "BID",
"id": "36598"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-005046"
},
{
"db": "PACKETSTORM",
"id": "81825"
},
{
"db": "PACKETSTORM",
"id": "74658"
},
{
"db": "CNNVD",
"id": "CNNVD-200910-168"
},
{
"db": "NVD",
"id": "CVE-2009-3646"
}
]
},
"id": "VAR-200910-0131",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2009-0590"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2009-0590"
}
]
},
"last_update_date": "2025-04-10T23:05:04.556000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.navicopa.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-005046"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-005046"
},
{
"db": "NVD",
"id": "CVE-2009-3646"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.0,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53278"
},
{
"trust": 1.0,
"url": "http://www.osvdb.org/58386"
},
{
"trust": 1.0,
"url": "http://www.exploit-db.com/exploits/9694"
},
{
"trust": 1.0,
"url": "http://secunia.com/advisories/33766"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3646"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-3646"
},
{
"trust": 0.7,
"url": "http://secunia.com/advisories/33766/"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/36598"
},
{
"trust": 0.6,
"url": "http://secunia.com/advisories/36954"
},
{
"trust": 0.6,
"url": "http://packetstormsecurity.org/0910-exploits/joomlacbrb-sql.txt"
},
{
"trust": 0.3,
"url": "http://www.milw0rm.com/exploits/9694"
},
{
"trust": 0.3,
"url": "http://xforce.iss.net/xforce/xfdb/53278"
},
{
"trust": 0.3,
"url": "http://www.navicopa.com/"
},
{
"trust": 0.3,
"url": "/archive/1/500626"
},
{
"trust": 0.3,
"url": "http://www.joomlacache.com/"
},
{
"trust": 0.3,
"url": "http://docs.joomla.org/vulnerable_extensions_list#new_format_feed_starts_here"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/business_solutions/"
},
{
"trust": 0.2,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/36954/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/product/21322/"
},
{
"trust": 0.1,
"url": "http://milw0rm.com/exploits/7966"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2009-0590"
},
{
"db": "BID",
"id": "79333"
},
{
"db": "BID",
"id": "33585"
},
{
"db": "BID",
"id": "36598"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-005046"
},
{
"db": "PACKETSTORM",
"id": "81825"
},
{
"db": "PACKETSTORM",
"id": "74658"
},
{
"db": "CNNVD",
"id": "CNNVD-200910-168"
},
{
"db": "NVD",
"id": "CVE-2009-3646"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2009-0590"
},
{
"db": "BID",
"id": "79333"
},
{
"db": "BID",
"id": "33585"
},
{
"db": "BID",
"id": "36598"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-005046"
},
{
"db": "PACKETSTORM",
"id": "81825"
},
{
"db": "PACKETSTORM",
"id": "74658"
},
{
"db": "CNNVD",
"id": "CNNVD-200910-168"
},
{
"db": "NVD",
"id": "CVE-2009-3646"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-02-03T00:00:00",
"db": "CNVD",
"id": "CNVD-2009-0590"
},
{
"date": "2009-10-09T00:00:00",
"db": "BID",
"id": "79333"
},
{
"date": "2009-02-03T00:00:00",
"db": "BID",
"id": "33585"
},
{
"date": "2009-10-05T00:00:00",
"db": "BID",
"id": "36598"
},
{
"date": "2012-09-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-005046"
},
{
"date": "2009-10-06T15:00:18",
"db": "PACKETSTORM",
"id": "81825"
},
{
"date": "2009-02-04T15:44:25",
"db": "PACKETSTORM",
"id": "74658"
},
{
"date": "2009-10-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200910-168"
},
{
"date": "2009-10-09T14:30:00.377000",
"db": "NVD",
"id": "CVE-2009-3646"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-01-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2009-0590"
},
{
"date": "2009-10-09T00:00:00",
"db": "BID",
"id": "79333"
},
{
"date": "2009-08-25T00:52:00",
"db": "BID",
"id": "33585"
},
{
"date": "2010-02-11T18:01:00",
"db": "BID",
"id": "36598"
},
{
"date": "2012-09-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-005046"
},
{
"date": "2009-10-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200910-168"
},
{
"date": "2025-04-09T00:30:58.490000",
"db": "NVD",
"id": "CVE-2009-3646"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "network",
"sources": [
{
"db": "BID",
"id": "79333"
},
{
"db": "BID",
"id": "33585"
},
{
"db": "BID",
"id": "36598"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "InterVations NaviCOPA Web Server In Web Vulnerability to get page source code",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-005046"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200910-168"
}
],
"trust": 0.6
}
}
VAR-200910-0132
Vulnerability from variot - Updated: 2025-04-10 23:05Cross-site scripting (XSS) vulnerability in emaullinks.php in YABSoft Mega File Hosting Script (aka MFH or MFHS) 1.2 allows remote attackers to inject arbitrary web script or HTML via the moudi parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NaviCOPA Web Server is a web server installed on a Windows system that automatically configures HTTP access. If a remote attacker submits a long HTTP GET request to the NaviCOPA Web Server, it can trigger a heap overflow, causing arbitrary code execution; in addition, submitting a specially crafted HTTP request containing a dot character to the server can also reveal the source code of the PHP script. NaviCOPA Web Server is prone to a remote buffer-overflow vulnerability and an information-disclosure vulnerability because the application fails to properly bounds-check or validate user-supplied input. Successful exploits of the buffer-overflow issue may lead to the execution of arbitrary code in the context of the application or to denial-of-service conditions. Also, attackers can exploit the information-disclosure issue to retrieve arbitrary source code in the context of the webserver process. Information harvested may aid in further attacks. This may let the attacker steal cookie-based authentication credentials and launch other attacks. ----------------------------------------------------------------------
Did you know that a change in our assessment rating, exploit code availability, or if an updated patch is released by the vendor, is not part of this mailing-list?
Click here to learn more: http://secunia.com/advisories/business_solutions/
TITLE: NaviCOPA Script Source Disclosure and Buffer Overflow Vulnerabilities
SECUNIA ADVISORY ID: SA33766
VERIFY ADVISORY: http://secunia.com/advisories/33766/
CRITICAL: Highly critical
IMPACT: Exposure of sensitive information, DoS, System access
WHERE:
From remote
SOFTWARE: NaviCOPA 3.x http://secunia.com/advisories/product/21322/
DESCRIPTION: e.wiZz! has discovered two vulnerabilities in NaviCOPA, which can be exploited by malicious people to disclose potentially sensitive information, cause a DoS (Denial of Service), or potentially compromise a vulnerable system.
1) A boundary error in the processing of HTTP requests can be exploited to cause a heap-based buffer overflow via an overly long HTTP GET request. PHP scripts via specially crafted requests containing e.g. dot characters.
The vulnerabilities are confirmed in version 3.01.
SOLUTION: Restrict access to trusted users only.
PROVIDED AND/OR DISCOVERED BY: e.wiZz!
ORIGINAL ADVISORY: http://milw0rm.com/exploits/7966
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200910-0132",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "mega file hosting script",
"scope": "eq",
"trust": 2.7,
"vendor": "yabsoft",
"version": "1.2"
},
{
"model": null,
"scope": null,
"trust": 0.6,
"vendor": "no",
"version": null
},
{
"model": "navicopa web server",
"scope": "eq",
"trust": 0.3,
"vendor": "intervations",
"version": "3.01"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2009-0590"
},
{
"db": "BID",
"id": "33585"
},
{
"db": "BID",
"id": "36413"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-006417"
},
{
"db": "CNNVD",
"id": "CNNVD-200910-169"
},
{
"db": "NVD",
"id": "CVE-2009-3647"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:yabsoft:mega_file_hosting_script",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-006417"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Moudi",
"sources": [
{
"db": "BID",
"id": "36413"
},
{
"db": "CNNVD",
"id": "CNNVD-200910-169"
}
],
"trust": 0.9
},
"cve": "CVE-2009-3647",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2009-3647",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "CNVD-2009-0590",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2009-3647",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2009-3647",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2009-0590",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-200910-169",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2009-0590"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-006417"
},
{
"db": "CNNVD",
"id": "CNNVD-200910-169"
},
{
"db": "NVD",
"id": "CVE-2009-3647"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cross-site scripting (XSS) vulnerability in emaullinks.php in YABSoft Mega File Hosting Script (aka MFH or MFHS) 1.2 allows remote attackers to inject arbitrary web script or HTML via the moudi parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NaviCOPA Web Server is a web server installed on a Windows system that automatically configures HTTP access. If a remote attacker submits a long HTTP GET request to the NaviCOPA Web Server, it can trigger a heap overflow, causing arbitrary code execution; in addition, submitting a specially crafted HTTP request containing a dot character to the server can also reveal the source code of the PHP script. NaviCOPA Web Server is prone to a remote buffer-overflow vulnerability and an information-disclosure vulnerability because the application fails to properly bounds-check or validate user-supplied input. \nSuccessful exploits of the buffer-overflow issue may lead to the execution of arbitrary code in the context of the application or to denial-of-service conditions. Also, attackers can exploit the information-disclosure issue to retrieve arbitrary source code in the context of the webserver process. Information harvested may aid in further attacks. This may let the attacker steal cookie-based authentication credentials and launch other attacks. ----------------------------------------------------------------------\n\nDid you know that a change in our assessment rating, exploit code\navailability, or if an updated patch is released by the vendor, is\nnot part of this mailing-list?\n\nClick here to learn more:\nhttp://secunia.com/advisories/business_solutions/\n\n----------------------------------------------------------------------\n\nTITLE:\nNaviCOPA Script Source Disclosure and Buffer Overflow Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA33766\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/33766/\n\nCRITICAL:\nHighly critical\n\nIMPACT:\nExposure of sensitive information, DoS, System access\n\nWHERE:\n\u003eFrom remote\n\nSOFTWARE:\nNaviCOPA 3.x\nhttp://secunia.com/advisories/product/21322/\n\nDESCRIPTION:\ne.wiZz! has discovered two vulnerabilities in NaviCOPA, which can be\nexploited by malicious people to disclose potentially sensitive\ninformation, cause a DoS (Denial of Service), or potentially\ncompromise a vulnerable system. \n\n1) A boundary error in the processing of HTTP requests can be\nexploited to cause a heap-based buffer overflow via an overly long\nHTTP GET request. PHP scripts via specially crafted\nrequests containing e.g. dot characters. \n\nThe vulnerabilities are confirmed in version 3.01. \n\nSOLUTION:\nRestrict access to trusted users only. \n\nPROVIDED AND/OR DISCOVERED BY:\ne.wiZz!\n\nORIGINAL ADVISORY:\nhttp://milw0rm.com/exploits/7966\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2009-3647"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-006417"
},
{
"db": "CNVD",
"id": "CNVD-2009-0590"
},
{
"db": "BID",
"id": "33585"
},
{
"db": "BID",
"id": "36413"
},
{
"db": "PACKETSTORM",
"id": "74658"
}
],
"trust": 2.79
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2009-3647",
"trust": 2.4
},
{
"db": "SECUNIA",
"id": "33766",
"trust": 1.4
},
{
"db": "BID",
"id": "36413",
"trust": 1.3
},
{
"db": "BID",
"id": "33585",
"trust": 0.9
},
{
"db": "JVNDB",
"id": "JVNDB-2009-006417",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2009-0590",
"trust": 0.6
},
{
"db": "MILW0RM",
"id": "9694",
"trust": 0.6
},
{
"db": "EXPLOIT-DB",
"id": "9694",
"trust": 0.6
},
{
"db": "XF",
"id": "53278",
"trust": 0.6
},
{
"db": "OSVDB",
"id": "58386",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200910-169",
"trust": 0.6
},
{
"db": "EXPLOIT-DB",
"id": "7966",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "74658",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2009-0590"
},
{
"db": "BID",
"id": "33585"
},
{
"db": "BID",
"id": "36413"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-006417"
},
{
"db": "PACKETSTORM",
"id": "74658"
},
{
"db": "CNNVD",
"id": "CNNVD-200910-169"
},
{
"db": "NVD",
"id": "CVE-2009-3647"
}
]
},
"id": "VAR-200910-0132",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2009-0590"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2009-0590"
}
]
},
"last_update_date": "2025-04-10T23:05:00.865000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Mega File Hosting Script",
"trust": 0.8,
"url": "http://yabsoft.com/mfhs-feature.php"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-006417"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-006417"
},
{
"db": "NVD",
"id": "CVE-2009-3647"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.0,
"url": "http://www.securityfocus.com/bid/36413"
},
{
"trust": 1.0,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53642"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3647"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-3647"
},
{
"trust": 0.7,
"url": "http://secunia.com/advisories/33766/"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/53278"
},
{
"trust": 0.6,
"url": "http://www.osvdb.org/58386"
},
{
"trust": 0.6,
"url": "http://www.milw0rm.com/exploits/9694"
},
{
"trust": 0.6,
"url": "http://secunia.com/advisories/33766"
},
{
"trust": 0.3,
"url": "http://www.navicopa.com/"
},
{
"trust": 0.3,
"url": "/archive/1/500626"
},
{
"trust": 0.3,
"url": "http://www.hotscripts.com/listing/mega-file-hosting-script-v1-2/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/product/21322/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/business_solutions/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://milw0rm.com/exploits/7966"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2009-0590"
},
{
"db": "BID",
"id": "33585"
},
{
"db": "BID",
"id": "36413"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-006417"
},
{
"db": "PACKETSTORM",
"id": "74658"
},
{
"db": "CNNVD",
"id": "CNNVD-200910-169"
},
{
"db": "NVD",
"id": "CVE-2009-3647"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2009-0590"
},
{
"db": "BID",
"id": "33585"
},
{
"db": "BID",
"id": "36413"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-006417"
},
{
"db": "PACKETSTORM",
"id": "74658"
},
{
"db": "CNNVD",
"id": "CNNVD-200910-169"
},
{
"db": "NVD",
"id": "CVE-2009-3647"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-02-03T00:00:00",
"db": "CNVD",
"id": "CNVD-2009-0590"
},
{
"date": "2009-02-03T00:00:00",
"db": "BID",
"id": "33585"
},
{
"date": "2009-09-16T00:00:00",
"db": "BID",
"id": "36413"
},
{
"date": "2012-12-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-006417"
},
{
"date": "2009-02-04T15:44:25",
"db": "PACKETSTORM",
"id": "74658"
},
{
"date": "2009-10-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200910-169"
},
{
"date": "2009-10-09T14:30:00.407000",
"db": "NVD",
"id": "CVE-2009-3647"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-01-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2009-0590"
},
{
"date": "2009-08-25T00:52:00",
"db": "BID",
"id": "33585"
},
{
"date": "2009-09-16T20:30:00",
"db": "BID",
"id": "36413"
},
{
"date": "2012-12-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-006417"
},
{
"date": "2009-10-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200910-169"
},
{
"date": "2025-04-09T00:30:58.490000",
"db": "NVD",
"id": "CVE-2009-3647"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "network",
"sources": [
{
"db": "BID",
"id": "33585"
},
{
"db": "BID",
"id": "36413"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "YABSoft Mega File Hosting Script of emaullinks.php Vulnerable to cross-site scripting",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-006417"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200910-169"
}
],
"trust": 0.6
}
}
CVE-2010-2112 (GCVE-0-2010-2112)
Vulnerability from nvd – Published: 2010-05-28 20:00 – Updated: 2024-09-17 04:20
VLAI
Summary
Directory traversal vulnerability in the FTP service in FileCOPA before 5.03 allows remote attackers to read or overwrite arbitrary files via unknown vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://osvdb.org/64823 | vdb-entryx_refsource_OSVDB |
| http://secunia.com/advisories/39843 | third-party-advisoryx_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T02:25:06.290Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "64823",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/64823"
},
{
"name": "39843",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/39843"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in the FTP service in FileCOPA before 5.03 allows remote attackers to read or overwrite arbitrary files via unknown vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-05-28T20:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "64823",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/64823"
},
{
"name": "39843",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/39843"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2112",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in the FTP service in FileCOPA before 5.03 allows remote attackers to read or overwrite arbitrary files via unknown vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "64823",
"refsource": "OSVDB",
"url": "http://osvdb.org/64823"
},
{
"name": "39843",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39843"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-2112",
"datePublished": "2010-05-28T20:00:00.000Z",
"dateReserved": "2010-05-28T00:00:00.000Z",
"dateUpdated": "2024-09-17T04:20:32.338Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-4529 (GCVE-0-2009-4529)
Vulnerability from nvd – Published: 2009-12-31 19:00 – Updated: 2024-08-07 07:08
VLAI
Summary
InterVations NaviCOPA Web Server 3.0.1.2 and earlier allows remote attackers to obtain the source code for a web page via a trailing encoded space character in a URI, as demonstrated by /index.html%20 and /index.php%20 URIs.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| http://secunia.com/advisories/37014 | third-party-advisoryx_refsource_SECUNIA |
| http://www.vupen.com/english/advisories/2009/2927 | vdb-entryx_refsource_VUPEN |
| http://pocoftheday.blogspot.com/2009/10/navicopa-… | x_refsource_MISC |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.packetstormsecurity.org/0910-exploits/… | x_refsource_MISC |
| http://freetexthost.com/n5l0h34pxc | x_refsource_MISC |
| http://www.securityfocus.com/bid/36705 | vdb-entryx_refsource_BID |
| http://osvdb.org/58949 | vdb-entryx_refsource_OSVDB |
Date Public
2009-10-14 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:08:37.936Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "37014",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37014"
},
{
"name": "ADV-2009-2927",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/2927"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://pocoftheday.blogspot.com/2009/10/navicopa-web-server-3012-remote-source.html"
},
{
"name": "navicopa-source-information-disclosure(53799)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53799"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.packetstormsecurity.org/0910-exploits/navicopa-disclose.txt"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://freetexthost.com/n5l0h34pxc"
},
{
"name": "36705",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/36705"
},
{
"name": "58949",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/58949"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-10-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "InterVations NaviCOPA Web Server 3.0.1.2 and earlier allows remote attackers to obtain the source code for a web page via a trailing encoded space character in a URI, as demonstrated by /index.html%20 and /index.php%20 URIs."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "37014",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37014"
},
{
"name": "ADV-2009-2927",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/2927"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://pocoftheday.blogspot.com/2009/10/navicopa-web-server-3012-remote-source.html"
},
{
"name": "navicopa-source-information-disclosure(53799)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53799"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.packetstormsecurity.org/0910-exploits/navicopa-disclose.txt"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://freetexthost.com/n5l0h34pxc"
},
{
"name": "36705",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/36705"
},
{
"name": "58949",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/58949"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4529",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "InterVations NaviCOPA Web Server 3.0.1.2 and earlier allows remote attackers to obtain the source code for a web page via a trailing encoded space character in a URI, as demonstrated by /index.html%20 and /index.php%20 URIs."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "37014",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37014"
},
{
"name": "ADV-2009-2927",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/2927"
},
{
"name": "http://pocoftheday.blogspot.com/2009/10/navicopa-web-server-3012-remote-source.html",
"refsource": "MISC",
"url": "http://pocoftheday.blogspot.com/2009/10/navicopa-web-server-3012-remote-source.html"
},
{
"name": "navicopa-source-information-disclosure(53799)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53799"
},
{
"name": "http://www.packetstormsecurity.org/0910-exploits/navicopa-disclose.txt",
"refsource": "MISC",
"url": "http://www.packetstormsecurity.org/0910-exploits/navicopa-disclose.txt"
},
{
"name": "http://freetexthost.com/n5l0h34pxc",
"refsource": "MISC",
"url": "http://freetexthost.com/n5l0h34pxc"
},
{
"name": "36705",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/36705"
},
{
"name": "58949",
"refsource": "OSVDB",
"url": "http://osvdb.org/58949"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4529",
"datePublished": "2009-12-31T19:00:00.000Z",
"dateReserved": "2009-12-31T00:00:00.000Z",
"dateUpdated": "2024-08-07T07:08:37.936Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-3646 (GCVE-0-2009-3646)
Vulnerability from nvd – Published: 2009-10-09 14:18 – Updated: 2024-08-07 06:38
VLAI
Summary
InterVations NaviCOPA Web Server 3.01 allows remote attackers to obtain the source code for a web page via an HTTP request with the addition of ::$DATA after the HTML file name.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.exploit-db.com/exploits/9694 | exploitx_refsource_EXPLOIT-DB |
| http://secunia.com/advisories/33766 | third-party-advisoryx_refsource_SECUNIA |
| http://www.osvdb.org/58386 | vdb-entryx_refsource_OSVDB |
Date Public
2009-09-16 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:38:30.239Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "navicopa-source-info-disclosure(53278)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53278"
},
{
"name": "9694",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/9694"
},
{
"name": "33766",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33766"
},
{
"name": "58386",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/58386"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-09-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "InterVations NaviCOPA Web Server 3.01 allows remote attackers to obtain the source code for a web page via an HTTP request with the addition of ::$DATA after the HTML file name."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-18T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "navicopa-source-info-disclosure(53278)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53278"
},
{
"name": "9694",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/9694"
},
{
"name": "33766",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33766"
},
{
"name": "58386",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/58386"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-3646",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "InterVations NaviCOPA Web Server 3.01 allows remote attackers to obtain the source code for a web page via an HTTP request with the addition of ::$DATA after the HTML file name."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "navicopa-source-info-disclosure(53278)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53278"
},
{
"name": "9694",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/9694"
},
{
"name": "33766",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33766"
},
{
"name": "58386",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/58386"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-3646",
"datePublished": "2009-10-09T14:18:00.000Z",
"dateReserved": "2009-10-09T00:00:00.000Z",
"dateUpdated": "2024-08-07T06:38:30.239Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-2505 (GCVE-0-2007-2505)
Vulnerability from nvd – Published: 2007-05-04 01:00 – Updated: 2024-08-07 13:42
VLAI
Summary
Stack-based buffer overflow in InterVations MailCOPA 8.01 20070323 allows user-assisted remote attackers to execute arbitrary code via a long command line argument, as demonstrated by a long string in the subject field in a mailto URI. NOTE: some of these details are obtained from third party information.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/23767 | vdb-entryx_refsource_BID |
| http://www.skilltube.com/index.php?option=com_con… | x_refsource_MISC |
| http://www.vupen.com/english/advisories/2007/1652 | vdb-entryx_refsource_VUPEN |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://secunia.com/advisories/25125 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/archive/1/467372/100… | mailing-listx_refsource_BUGTRAQ |
| http://osvdb.org/35546 | vdb-entryx_refsource_OSVDB |
Date Public
2007-05-02 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T13:42:33.385Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "23767",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/23767"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.skilltube.com/index.php?option=com_content\u0026task=view\u0026id=24\u0026Itemid=37"
},
{
"name": "ADV-2007-1652",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/1652"
},
{
"name": "mailcopa-commandline-bo(34052)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34052"
},
{
"name": "25125",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25125"
},
{
"name": "20070502 Vulnerability in InterVations\u0027 MailCopa",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/467372/100/0/threaded"
},
{
"name": "35546",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/35546"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-05-02T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in InterVations MailCOPA 8.01 20070323 allows user-assisted remote attackers to execute arbitrary code via a long command line argument, as demonstrated by a long string in the subject field in a mailto URI. NOTE: some of these details are obtained from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "23767",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/23767"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.skilltube.com/index.php?option=com_content\u0026task=view\u0026id=24\u0026Itemid=37"
},
{
"name": "ADV-2007-1652",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/1652"
},
{
"name": "mailcopa-commandline-bo(34052)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34052"
},
{
"name": "25125",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25125"
},
{
"name": "20070502 Vulnerability in InterVations\u0027 MailCopa",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/467372/100/0/threaded"
},
{
"name": "35546",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/35546"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2505",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in InterVations MailCOPA 8.01 20070323 allows user-assisted remote attackers to execute arbitrary code via a long command line argument, as demonstrated by a long string in the subject field in a mailto URI. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "23767",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23767"
},
{
"name": "http://www.skilltube.com/index.php?option=com_content\u0026task=view\u0026id=24\u0026Itemid=37",
"refsource": "MISC",
"url": "http://www.skilltube.com/index.php?option=com_content\u0026task=view\u0026id=24\u0026Itemid=37"
},
{
"name": "ADV-2007-1652",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1652"
},
{
"name": "mailcopa-commandline-bo(34052)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34052"
},
{
"name": "25125",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25125"
},
{
"name": "20070502 Vulnerability in InterVations\u0027 MailCopa",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/467372/100/0/threaded"
},
{
"name": "35546",
"refsource": "OSVDB",
"url": "http://osvdb.org/35546"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-2505",
"datePublished": "2007-05-04T01:00:00.000Z",
"dateReserved": "2007-05-03T00:00:00.000Z",
"dateUpdated": "2024-08-07T13:42:33.385Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-2336 (GCVE-0-2007-2336)
Vulnerability from nvd – Published: 2007-04-27 16:00 – Updated: 2024-08-07 13:33
VLAI
Summary
Unspecified vulnerability in InterVations NaviCOPA Web Server 2.01 20070323 allows remote attackers to cause a denial of service (daemon crash) via crafted HTTP requests, as demonstrated by long requests containing '\A' characters, probably a different issue than CVE-2006-5112 and CVE-2007-1733. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://osvdb.org/34504 | vdb-entryx_refsource_OSVDB |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://secunia.com/advisories/25049 | third-party-advisoryx_refsource_SECUNIA |
Date Public
2007-04-26 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T13:33:28.571Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "34504",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/34504"
},
{
"name": "navicopa-httpget-dos(33903)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33903"
},
{
"name": "25049",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25049"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-04-26T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in InterVations NaviCOPA Web Server 2.01 20070323 allows remote attackers to cause a denial of service (daemon crash) via crafted HTTP requests, as demonstrated by long requests containing \u0027\\A\u0027 characters, probably a different issue than CVE-2006-5112 and CVE-2007-1733. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "34504",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/34504"
},
{
"name": "navicopa-httpget-dos(33903)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33903"
},
{
"name": "25049",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25049"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2336",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in InterVations NaviCOPA Web Server 2.01 20070323 allows remote attackers to cause a denial of service (daemon crash) via crafted HTTP requests, as demonstrated by long requests containing \u0027\\A\u0027 characters, probably a different issue than CVE-2006-5112 and CVE-2007-1733. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "34504",
"refsource": "OSVDB",
"url": "http://osvdb.org/34504"
},
{
"name": "navicopa-httpget-dos(33903)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33903"
},
{
"name": "25049",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25049"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-2336",
"datePublished": "2007-04-27T16:00:00.000Z",
"dateReserved": "2007-04-27T00:00:00.000Z",
"dateUpdated": "2024-08-07T13:33:28.571Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-1733 (GCVE-0-2007-1733)
Vulnerability from nvd – Published: 2007-03-28 22:00 – Updated: 2024-08-07 13:06
VLAI
Summary
Buffer overflow in InterVations NaviCOPA HTTP Server 2.01 allows remote attackers to execute arbitrary code via a long (1) /cgi-bin/ or (2) /cgi/ pathname in an HTTP GET request, probably a different issue than CVE-2006-5112.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
9 references
| URL | Tags |
|---|---|
| http://securityreason.com/securityalert/2483 | third-party-advisoryx_refsource_SREASON |
| https://www.exploit-db.com/exploits/3589 | exploitx_refsource_EXPLOIT-DB |
| http://www.skilltube.com/index.php?option=com_con… | x_refsource_MISC |
| http://osvdb.org/34503 | vdb-entryx_refsource_OSVDB |
| http://www.securityfocus.com/bid/23179 | vdb-entryx_refsource_BID |
| http://www.securityfocus.com/archive/1/463931/100… | mailing-listx_refsource_BUGTRAQ |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://secunia.com/advisories/24673 | third-party-advisoryx_refsource_SECUNIA |
| http://www.vupen.com/english/advisories/2007/1137 | vdb-entryx_refsource_VUPEN |
Date Public
2007-03-27 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T13:06:26.218Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "2483",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/2483"
},
{
"name": "3589",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/3589"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.skilltube.com/index.php?option=com_content\u0026task=view\u0026id=13\u0026Itemid=37"
},
{
"name": "34503",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/34503"
},
{
"name": "23179",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/23179"
},
{
"name": "20070327 Buffer Overflow in InterVetions\u0027 NaviCopa HTTP server 2.01",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/463931/100/0/threaded"
},
{
"name": "navicopa-cgi-bo(33296)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33296"
},
{
"name": "24673",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24673"
},
{
"name": "ADV-2007-1137",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/1137"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-03-27T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in InterVations NaviCOPA HTTP Server 2.01 allows remote attackers to execute arbitrary code via a long (1) /cgi-bin/ or (2) /cgi/ pathname in an HTTP GET request, probably a different issue than CVE-2006-5112."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "2483",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/2483"
},
{
"name": "3589",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/3589"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.skilltube.com/index.php?option=com_content\u0026task=view\u0026id=13\u0026Itemid=37"
},
{
"name": "34503",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/34503"
},
{
"name": "23179",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/23179"
},
{
"name": "20070327 Buffer Overflow in InterVetions\u0027 NaviCopa HTTP server 2.01",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/463931/100/0/threaded"
},
{
"name": "navicopa-cgi-bo(33296)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33296"
},
{
"name": "24673",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24673"
},
{
"name": "ADV-2007-1137",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/1137"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-1733",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in InterVations NaviCOPA HTTP Server 2.01 allows remote attackers to execute arbitrary code via a long (1) /cgi-bin/ or (2) /cgi/ pathname in an HTTP GET request, probably a different issue than CVE-2006-5112."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "2483",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2483"
},
{
"name": "3589",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/3589"
},
{
"name": "http://www.skilltube.com/index.php?option=com_content\u0026task=view\u0026id=13\u0026Itemid=37",
"refsource": "MISC",
"url": "http://www.skilltube.com/index.php?option=com_content\u0026task=view\u0026id=13\u0026Itemid=37"
},
{
"name": "34503",
"refsource": "OSVDB",
"url": "http://osvdb.org/34503"
},
{
"name": "23179",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23179"
},
{
"name": "20070327 Buffer Overflow in InterVetions\u0027 NaviCopa HTTP server 2.01",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/463931/100/0/threaded"
},
{
"name": "navicopa-cgi-bo(33296)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33296"
},
{
"name": "24673",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24673"
},
{
"name": "ADV-2007-1137",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1137"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-1733",
"datePublished": "2007-03-28T22:00:00.000Z",
"dateReserved": "2007-03-28T00:00:00.000Z",
"dateUpdated": "2024-08-07T13:06:26.218Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-1598 (GCVE-0-2007-1598)
Vulnerability from nvd – Published: 2007-03-22 23:00 – Updated: 2024-08-07 12:59
VLAI
Summary
Stack-based buffer overflow in InterVations FileCOPA FTP Server 1.01 allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by filecopa.tar by Immunity. NOTE: some of these details are obtained from third party information. NOTE: As of 20070322, this disclosure has no actionable information. However, since it is from a reliable researcher, it is being assigned a CVE identifier for tracking purposes.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/23056 | vdb-entryx_refsource_BID |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://osvdb.org/43559 | vdb-entryx_refsource_OSVDB |
| http://www.immunitysec.com/partners-index.shtml | x_refsource_MISC |
| https://www.immunityinc.com/downloads/immpartners… | x_refsource_MISC |
Date Public
2007-03-20 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:59:08.983Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "23056",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/23056"
},
{
"name": "filecopa-unspecified-bo(33462)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33462"
},
{
"name": "43559",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/43559"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.immunitysec.com/partners-index.shtml"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.immunityinc.com/downloads/immpartners/filecopa.tar"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-03-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in InterVations FileCOPA FTP Server 1.01 allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by filecopa.tar by Immunity. NOTE: some of these details are obtained from third party information. NOTE: As of 20070322, this disclosure has no actionable information. However, since it is from a reliable researcher, it is being assigned a CVE identifier for tracking purposes."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "23056",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/23056"
},
{
"name": "filecopa-unspecified-bo(33462)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33462"
},
{
"name": "43559",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/43559"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.immunitysec.com/partners-index.shtml"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.immunityinc.com/downloads/immpartners/filecopa.tar"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-1598",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in InterVations FileCOPA FTP Server 1.01 allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by filecopa.tar by Immunity. NOTE: some of these details are obtained from third party information. NOTE: As of 20070322, this disclosure has no actionable information. However, since it is from a reliable researcher, it is being assigned a CVE identifier for tracking purposes."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "23056",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23056"
},
{
"name": "filecopa-unspecified-bo(33462)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33462"
},
{
"name": "43559",
"refsource": "OSVDB",
"url": "http://osvdb.org/43559"
},
{
"name": "http://www.immunitysec.com/partners-index.shtml",
"refsource": "MISC",
"url": "http://www.immunitysec.com/partners-index.shtml"
},
{
"name": "https://www.immunityinc.com/downloads/immpartners/filecopa.tar",
"refsource": "MISC",
"url": "https://www.immunityinc.com/downloads/immpartners/filecopa.tar"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-1598",
"datePublished": "2007-03-22T23:00:00.000Z",
"dateReserved": "2007-03-22T00:00:00.000Z",
"dateUpdated": "2024-08-07T12:59:08.983Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-5112 (GCVE-0-2006-5112)
Vulnerability from nvd – Published: 2006-10-02 20:00 – Updated: 2024-08-07 19:41
VLAI
Summary
Buffer overflow in InterVations NaviCOPA Web Server 2.01 allows remote attackers to execute arbitrary code via a long HTTP GET request.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://secunia.com/advisories/22124 | third-party-advisoryx_refsource_SECUNIA |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.securityfocus.com/bid/20250 | vdb-entryx_refsource_BID |
| http://www.vupen.com/english/advisories/2006/3819 | vdb-entryx_refsource_VUPEN |
| https://www.exploit-db.com/exploits/2445 | exploitx_refsource_EXPLOIT-DB |
| http://www.kb.cert.org/vuls/id/693992 | third-party-advisoryx_refsource_CERT-VN |
Date Public
2006-09-27 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:41:05.190Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "22124",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22124"
},
{
"name": "navicopa-http-get-bo(29221)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29221"
},
{
"name": "20250",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/20250"
},
{
"name": "ADV-2006-3819",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/3819"
},
{
"name": "2445",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/2445"
},
{
"name": "VU#693992",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/693992"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-09-27T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in InterVations NaviCOPA Web Server 2.01 allows remote attackers to execute arbitrary code via a long HTTP GET request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-18T16:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "22124",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22124"
},
{
"name": "navicopa-http-get-bo(29221)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29221"
},
{
"name": "20250",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/20250"
},
{
"name": "ADV-2006-3819",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/3819"
},
{
"name": "2445",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/2445"
},
{
"name": "VU#693992",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/693992"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5112",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in InterVations NaviCOPA Web Server 2.01 allows remote attackers to execute arbitrary code via a long HTTP GET request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "22124",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22124"
},
{
"name": "navicopa-http-get-bo(29221)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29221"
},
{
"name": "20250",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20250"
},
{
"name": "ADV-2006-3819",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3819"
},
{
"name": "2445",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/2445"
},
{
"name": "VU#693992",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/693992"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-5112",
"datePublished": "2006-10-02T20:00:00.000Z",
"dateReserved": "2006-10-02T00:00:00.000Z",
"dateUpdated": "2024-08-07T19:41:05.190Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-3768 (GCVE-0-2006-3768)
Vulnerability from nvd – Published: 2006-07-28 23:00 – Updated: 2024-08-07 18:39
VLAI
Summary
Integer underflow in filecpnt.exe in FileCOPA FTP Server 1.01 before 2006-07-21 allow remote authenticated users to execute arbitrary code via a long argument to the (1) CWD, (2) DELE, (3) MDTM, and (4) MKD commands, which triggers a stack-based buffer overflow.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
10 references
| URL | Tags |
|---|---|
| http://securityreason.com/securityalert/1300 | third-party-advisoryx_refsource_SREASON |
| http://secunia.com/secunia_research/2006-55/advisory/ | x_refsource_MISC |
| http://www.kb.cert.org/vuls/id/RGII-6TYN6M | x_refsource_CONFIRM |
| http://www.securityfocus.com/archive/1/441207/100… | mailing-listx_refsource_BUGTRAQ |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.kb.cert.org/vuls/id/713092 | third-party-advisoryx_refsource_CERT-VN |
| http://www.vupen.com/english/advisories/2006/2960 | vdb-entryx_refsource_VUPEN |
| http://www.osvdb.org/27486 | vdb-entryx_refsource_OSVDB |
| http://secunia.com/advisories/21097 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/bid/19153 | vdb-entryx_refsource_BID |
Date Public
2006-07-25 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:39:54.084Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1300",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/1300"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://secunia.com/secunia_research/2006-55/advisory/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/RGII-6TYN6M"
},
{
"name": "20060725 Secunia Research: FileCOPA Directory Argument Handling BufferOverflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/441207/100/0/threaded"
},
{
"name": "filecopa-ftp-dir-bo(27941)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27941"
},
{
"name": "VU#713092",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/713092"
},
{
"name": "ADV-2006-2960",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/2960"
},
{
"name": "27486",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/27486"
},
{
"name": "21097",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21097"
},
{
"name": "19153",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/19153"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-07-25T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Integer underflow in filecpnt.exe in FileCOPA FTP Server 1.01 before 2006-07-21 allow remote authenticated users to execute arbitrary code via a long argument to the (1) CWD, (2) DELE, (3) MDTM, and (4) MKD commands, which triggers a stack-based buffer overflow."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01.000Z",
"orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"shortName": "flexera"
},
"references": [
{
"name": "1300",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/1300"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://secunia.com/secunia_research/2006-55/advisory/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.kb.cert.org/vuls/id/RGII-6TYN6M"
},
{
"name": "20060725 Secunia Research: FileCOPA Directory Argument Handling BufferOverflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/441207/100/0/threaded"
},
{
"name": "filecopa-ftp-dir-bo(27941)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27941"
},
{
"name": "VU#713092",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/713092"
},
{
"name": "ADV-2006-2960",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/2960"
},
{
"name": "27486",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/27486"
},
{
"name": "21097",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21097"
},
{
"name": "19153",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/19153"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID": "CVE-2006-3768",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer underflow in filecpnt.exe in FileCOPA FTP Server 1.01 before 2006-07-21 allow remote authenticated users to execute arbitrary code via a long argument to the (1) CWD, (2) DELE, (3) MDTM, and (4) MKD commands, which triggers a stack-based buffer overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1300",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1300"
},
{
"name": "http://secunia.com/secunia_research/2006-55/advisory/",
"refsource": "MISC",
"url": "http://secunia.com/secunia_research/2006-55/advisory/"
},
{
"name": "http://www.kb.cert.org/vuls/id/RGII-6TYN6M",
"refsource": "CONFIRM",
"url": "http://www.kb.cert.org/vuls/id/RGII-6TYN6M"
},
{
"name": "20060725 Secunia Research: FileCOPA Directory Argument Handling BufferOverflow",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/441207/100/0/threaded"
},
{
"name": "filecopa-ftp-dir-bo(27941)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27941"
},
{
"name": "VU#713092",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/713092"
},
{
"name": "ADV-2006-2960",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2960"
},
{
"name": "27486",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/27486"
},
{
"name": "21097",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21097"
},
{
"name": "19153",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19153"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"assignerShortName": "flexera",
"cveId": "CVE-2006-3768",
"datePublished": "2006-07-28T23:00:00.000Z",
"dateReserved": "2006-07-21T00:00:00.000Z",
"dateUpdated": "2024-08-07T18:39:54.084Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-3726 (GCVE-0-2006-3726)
Vulnerability from nvd – Published: 2006-07-19 21:00 – Updated: 2024-08-07 18:39
VLAI
Summary
Buffer overflow in FileCOPA FTP Server before 1.01 released on 18th July 2006, allows remote authenticated attackers to execute arbitrary code via a long argument to the LIST command.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://secunia.com/advisories/21108 | third-party-advisoryx_refsource_SECUNIA |
| http://www.osvdb.org/27389 | vdb-entryx_refsource_OSVDB |
| http://www.appsec.ch/docs/2006-07-19-fileCopa.txt | x_refsource_MISC |
| http://www.vupen.com/english/advisories/2006/2870 | vdb-entryx_refsource_VUPEN |
| http://www.securityfocus.com/bid/19065 | vdb-entryx_refsource_BID |
Date Public
2006-07-19 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:39:53.916Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "filecopa-list-bo(27817)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27817"
},
{
"name": "21108",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21108"
},
{
"name": "27389",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/27389"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.appsec.ch/docs/2006-07-19-fileCopa.txt"
},
{
"name": "ADV-2006-2870",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/2870"
},
{
"name": "19065",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/19065"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-07-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in FileCOPA FTP Server before 1.01 released on 18th July 2006, allows remote authenticated attackers to execute arbitrary code via a long argument to the LIST command."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "filecopa-list-bo(27817)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27817"
},
{
"name": "21108",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21108"
},
{
"name": "27389",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/27389"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.appsec.ch/docs/2006-07-19-fileCopa.txt"
},
{
"name": "ADV-2006-2870",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/2870"
},
{
"name": "19065",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/19065"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3726",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in FileCOPA FTP Server before 1.01 released on 18th July 2006, allows remote authenticated attackers to execute arbitrary code via a long argument to the LIST command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "filecopa-list-bo(27817)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27817"
},
{
"name": "21108",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21108"
},
{
"name": "27389",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/27389"
},
{
"name": "http://www.appsec.ch/docs/2006-07-19-fileCopa.txt",
"refsource": "MISC",
"url": "http://www.appsec.ch/docs/2006-07-19-fileCopa.txt"
},
{
"name": "ADV-2006-2870",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2870"
},
{
"name": "19065",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19065"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-3726",
"datePublished": "2006-07-19T21:00:00.000Z",
"dateReserved": "2006-07-19T00:00:00.000Z",
"dateUpdated": "2024-08-07T18:39:53.916Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-2254 (GCVE-0-2006-2254)
Vulnerability from nvd – Published: 2006-05-09 10:00 – Updated: 2024-08-07 17:43
VLAI
Summary
Buffer overflow in filecpnt.exe in FileCOPA 1.01 allows remote attackers to cause a denial of service (application crash) via a username with a large number of newline characters.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://www.osvdb.org/25436 | vdb-entryx_refsource_OSVDB |
| http://blacksecurity.org/exploits/38/FILECOPA_V1.… | x_refsource_MISC |
| http://www.vupen.com/english/advisories/2006/1679 | vdb-entryx_refsource_VUPEN |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.securityfocus.com/bid/17881 | vdb-entryx_refsource_BID |
| http://secunia.com/advisories/20033 | third-party-advisoryx_refsource_SECUNIA |
Date Public
2006-05-08 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:43:28.580Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "25436",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/25436"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://blacksecurity.org/exploits/38/FILECOPA_V1.01_and_Below_Pre_Authentication_Remote_Overflow/111.html"
},
{
"name": "ADV-2006-1679",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/1679"
},
{
"name": "filecopa-user-dos(26300)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26300"
},
{
"name": "17881",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/17881"
},
{
"name": "20033",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20033"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-05-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in filecpnt.exe in FileCOPA 1.01 allows remote attackers to cause a denial of service (application crash) via a username with a large number of newline characters."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "25436",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/25436"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://blacksecurity.org/exploits/38/FILECOPA_V1.01_and_Below_Pre_Authentication_Remote_Overflow/111.html"
},
{
"name": "ADV-2006-1679",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/1679"
},
{
"name": "filecopa-user-dos(26300)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26300"
},
{
"name": "17881",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/17881"
},
{
"name": "20033",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20033"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-2254",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in filecpnt.exe in FileCOPA 1.01 allows remote attackers to cause a denial of service (application crash) via a username with a large number of newline characters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "25436",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/25436"
},
{
"name": "http://blacksecurity.org/exploits/38/FILECOPA_V1.01_and_Below_Pre_Authentication_Remote_Overflow/111.html",
"refsource": "MISC",
"url": "http://blacksecurity.org/exploits/38/FILECOPA_V1.01_and_Below_Pre_Authentication_Remote_Overflow/111.html"
},
{
"name": "ADV-2006-1679",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1679"
},
{
"name": "filecopa-user-dos(26300)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26300"
},
{
"name": "17881",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17881"
},
{
"name": "20033",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20033"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-2254",
"datePublished": "2006-05-09T10:00:00.000Z",
"dateReserved": "2006-05-08T00:00:00.000Z",
"dateUpdated": "2024-08-07T17:43:28.580Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-0344 (GCVE-0-2006-0344)
Vulnerability from nvd – Published: 2006-01-21 00:00 – Updated: 2024-08-07 16:34
VLAI
Summary
Directory traversal vulnerability in Intervations FileCOPA FTP Server 1.01 allows remote attackers to read and write arbitrary files via a .. (dot dot) in the (1) STOR and (2) RETR commands.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://secunia.com/advisories/18550 | third-party-advisoryx_refsource_SECUNIA |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.nii.co.in/vuln/filecopa.html | x_refsource_MISC |
| http://www.osvdb.org/22694 | vdb-entryx_refsource_OSVDB |
| http://www.vupen.com/english/advisories/2006/0285 | vdb-entryx_refsource_VUPEN |
| http://www.securityfocus.com/bid/16335 | vdb-entryx_refsource_BID |
Date Public
2006-01-19 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:34:13.986Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "18550",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18550"
},
{
"name": "filecopa-ftp-directory-traversal(24257)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24257"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.nii.co.in/vuln/filecopa.html"
},
{
"name": "22694",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/22694"
},
{
"name": "ADV-2006-0285",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0285"
},
{
"name": "16335",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/16335"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-01-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in Intervations FileCOPA FTP Server 1.01 allows remote attackers to read and write arbitrary files via a .. (dot dot) in the (1) STOR and (2) RETR commands."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "18550",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18550"
},
{
"name": "filecopa-ftp-directory-traversal(24257)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24257"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.nii.co.in/vuln/filecopa.html"
},
{
"name": "22694",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/22694"
},
{
"name": "ADV-2006-0285",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0285"
},
{
"name": "16335",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/16335"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0344",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in Intervations FileCOPA FTP Server 1.01 allows remote attackers to read and write arbitrary files via a .. (dot dot) in the (1) STOR and (2) RETR commands."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "18550",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18550"
},
{
"name": "filecopa-ftp-directory-traversal(24257)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24257"
},
{
"name": "http://www.nii.co.in/vuln/filecopa.html",
"refsource": "MISC",
"url": "http://www.nii.co.in/vuln/filecopa.html"
},
{
"name": "22694",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22694"
},
{
"name": "ADV-2006-0285",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0285"
},
{
"name": "16335",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16335"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-0344",
"datePublished": "2006-01-21T00:00:00.000Z",
"dateReserved": "2006-01-20T00:00:00.000Z",
"dateUpdated": "2024-08-07T16:34:13.986Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-2112 (GCVE-0-2010-2112)
Vulnerability from cvelistv5 – Published: 2010-05-28 20:00 – Updated: 2024-09-17 04:20
VLAI
Summary
Directory traversal vulnerability in the FTP service in FileCOPA before 5.03 allows remote attackers to read or overwrite arbitrary files via unknown vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://osvdb.org/64823 | vdb-entryx_refsource_OSVDB |
| http://secunia.com/advisories/39843 | third-party-advisoryx_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T02:25:06.290Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "64823",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/64823"
},
{
"name": "39843",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/39843"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in the FTP service in FileCOPA before 5.03 allows remote attackers to read or overwrite arbitrary files via unknown vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-05-28T20:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "64823",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/64823"
},
{
"name": "39843",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/39843"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2112",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in the FTP service in FileCOPA before 5.03 allows remote attackers to read or overwrite arbitrary files via unknown vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "64823",
"refsource": "OSVDB",
"url": "http://osvdb.org/64823"
},
{
"name": "39843",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39843"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-2112",
"datePublished": "2010-05-28T20:00:00.000Z",
"dateReserved": "2010-05-28T00:00:00.000Z",
"dateUpdated": "2024-09-17T04:20:32.338Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-4529 (GCVE-0-2009-4529)
Vulnerability from cvelistv5 – Published: 2009-12-31 19:00 – Updated: 2024-08-07 07:08
VLAI
Summary
InterVations NaviCOPA Web Server 3.0.1.2 and earlier allows remote attackers to obtain the source code for a web page via a trailing encoded space character in a URI, as demonstrated by /index.html%20 and /index.php%20 URIs.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| http://secunia.com/advisories/37014 | third-party-advisoryx_refsource_SECUNIA |
| http://www.vupen.com/english/advisories/2009/2927 | vdb-entryx_refsource_VUPEN |
| http://pocoftheday.blogspot.com/2009/10/navicopa-… | x_refsource_MISC |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.packetstormsecurity.org/0910-exploits/… | x_refsource_MISC |
| http://freetexthost.com/n5l0h34pxc | x_refsource_MISC |
| http://www.securityfocus.com/bid/36705 | vdb-entryx_refsource_BID |
| http://osvdb.org/58949 | vdb-entryx_refsource_OSVDB |
Date Public
2009-10-14 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:08:37.936Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "37014",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37014"
},
{
"name": "ADV-2009-2927",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/2927"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://pocoftheday.blogspot.com/2009/10/navicopa-web-server-3012-remote-source.html"
},
{
"name": "navicopa-source-information-disclosure(53799)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53799"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.packetstormsecurity.org/0910-exploits/navicopa-disclose.txt"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://freetexthost.com/n5l0h34pxc"
},
{
"name": "36705",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/36705"
},
{
"name": "58949",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/58949"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-10-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "InterVations NaviCOPA Web Server 3.0.1.2 and earlier allows remote attackers to obtain the source code for a web page via a trailing encoded space character in a URI, as demonstrated by /index.html%20 and /index.php%20 URIs."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "37014",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37014"
},
{
"name": "ADV-2009-2927",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/2927"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://pocoftheday.blogspot.com/2009/10/navicopa-web-server-3012-remote-source.html"
},
{
"name": "navicopa-source-information-disclosure(53799)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53799"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.packetstormsecurity.org/0910-exploits/navicopa-disclose.txt"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://freetexthost.com/n5l0h34pxc"
},
{
"name": "36705",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/36705"
},
{
"name": "58949",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/58949"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4529",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "InterVations NaviCOPA Web Server 3.0.1.2 and earlier allows remote attackers to obtain the source code for a web page via a trailing encoded space character in a URI, as demonstrated by /index.html%20 and /index.php%20 URIs."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "37014",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37014"
},
{
"name": "ADV-2009-2927",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/2927"
},
{
"name": "http://pocoftheday.blogspot.com/2009/10/navicopa-web-server-3012-remote-source.html",
"refsource": "MISC",
"url": "http://pocoftheday.blogspot.com/2009/10/navicopa-web-server-3012-remote-source.html"
},
{
"name": "navicopa-source-information-disclosure(53799)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53799"
},
{
"name": "http://www.packetstormsecurity.org/0910-exploits/navicopa-disclose.txt",
"refsource": "MISC",
"url": "http://www.packetstormsecurity.org/0910-exploits/navicopa-disclose.txt"
},
{
"name": "http://freetexthost.com/n5l0h34pxc",
"refsource": "MISC",
"url": "http://freetexthost.com/n5l0h34pxc"
},
{
"name": "36705",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/36705"
},
{
"name": "58949",
"refsource": "OSVDB",
"url": "http://osvdb.org/58949"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4529",
"datePublished": "2009-12-31T19:00:00.000Z",
"dateReserved": "2009-12-31T00:00:00.000Z",
"dateUpdated": "2024-08-07T07:08:37.936Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-3646 (GCVE-0-2009-3646)
Vulnerability from cvelistv5 – Published: 2009-10-09 14:18 – Updated: 2024-08-07 06:38
VLAI
Summary
InterVations NaviCOPA Web Server 3.01 allows remote attackers to obtain the source code for a web page via an HTTP request with the addition of ::$DATA after the HTML file name.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.exploit-db.com/exploits/9694 | exploitx_refsource_EXPLOIT-DB |
| http://secunia.com/advisories/33766 | third-party-advisoryx_refsource_SECUNIA |
| http://www.osvdb.org/58386 | vdb-entryx_refsource_OSVDB |
Date Public
2009-09-16 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:38:30.239Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "navicopa-source-info-disclosure(53278)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53278"
},
{
"name": "9694",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/9694"
},
{
"name": "33766",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33766"
},
{
"name": "58386",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/58386"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-09-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "InterVations NaviCOPA Web Server 3.01 allows remote attackers to obtain the source code for a web page via an HTTP request with the addition of ::$DATA after the HTML file name."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-18T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "navicopa-source-info-disclosure(53278)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53278"
},
{
"name": "9694",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/9694"
},
{
"name": "33766",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33766"
},
{
"name": "58386",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/58386"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-3646",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "InterVations NaviCOPA Web Server 3.01 allows remote attackers to obtain the source code for a web page via an HTTP request with the addition of ::$DATA after the HTML file name."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "navicopa-source-info-disclosure(53278)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53278"
},
{
"name": "9694",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/9694"
},
{
"name": "33766",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33766"
},
{
"name": "58386",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/58386"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-3646",
"datePublished": "2009-10-09T14:18:00.000Z",
"dateReserved": "2009-10-09T00:00:00.000Z",
"dateUpdated": "2024-08-07T06:38:30.239Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-2505 (GCVE-0-2007-2505)
Vulnerability from cvelistv5 – Published: 2007-05-04 01:00 – Updated: 2024-08-07 13:42
VLAI
Summary
Stack-based buffer overflow in InterVations MailCOPA 8.01 20070323 allows user-assisted remote attackers to execute arbitrary code via a long command line argument, as demonstrated by a long string in the subject field in a mailto URI. NOTE: some of these details are obtained from third party information.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/23767 | vdb-entryx_refsource_BID |
| http://www.skilltube.com/index.php?option=com_con… | x_refsource_MISC |
| http://www.vupen.com/english/advisories/2007/1652 | vdb-entryx_refsource_VUPEN |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://secunia.com/advisories/25125 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/archive/1/467372/100… | mailing-listx_refsource_BUGTRAQ |
| http://osvdb.org/35546 | vdb-entryx_refsource_OSVDB |
Date Public
2007-05-02 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T13:42:33.385Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "23767",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/23767"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.skilltube.com/index.php?option=com_content\u0026task=view\u0026id=24\u0026Itemid=37"
},
{
"name": "ADV-2007-1652",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/1652"
},
{
"name": "mailcopa-commandline-bo(34052)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34052"
},
{
"name": "25125",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25125"
},
{
"name": "20070502 Vulnerability in InterVations\u0027 MailCopa",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/467372/100/0/threaded"
},
{
"name": "35546",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/35546"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-05-02T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in InterVations MailCOPA 8.01 20070323 allows user-assisted remote attackers to execute arbitrary code via a long command line argument, as demonstrated by a long string in the subject field in a mailto URI. NOTE: some of these details are obtained from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "23767",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/23767"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.skilltube.com/index.php?option=com_content\u0026task=view\u0026id=24\u0026Itemid=37"
},
{
"name": "ADV-2007-1652",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/1652"
},
{
"name": "mailcopa-commandline-bo(34052)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34052"
},
{
"name": "25125",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25125"
},
{
"name": "20070502 Vulnerability in InterVations\u0027 MailCopa",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/467372/100/0/threaded"
},
{
"name": "35546",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/35546"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2505",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in InterVations MailCOPA 8.01 20070323 allows user-assisted remote attackers to execute arbitrary code via a long command line argument, as demonstrated by a long string in the subject field in a mailto URI. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "23767",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23767"
},
{
"name": "http://www.skilltube.com/index.php?option=com_content\u0026task=view\u0026id=24\u0026Itemid=37",
"refsource": "MISC",
"url": "http://www.skilltube.com/index.php?option=com_content\u0026task=view\u0026id=24\u0026Itemid=37"
},
{
"name": "ADV-2007-1652",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1652"
},
{
"name": "mailcopa-commandline-bo(34052)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34052"
},
{
"name": "25125",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25125"
},
{
"name": "20070502 Vulnerability in InterVations\u0027 MailCopa",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/467372/100/0/threaded"
},
{
"name": "35546",
"refsource": "OSVDB",
"url": "http://osvdb.org/35546"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-2505",
"datePublished": "2007-05-04T01:00:00.000Z",
"dateReserved": "2007-05-03T00:00:00.000Z",
"dateUpdated": "2024-08-07T13:42:33.385Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-2336 (GCVE-0-2007-2336)
Vulnerability from cvelistv5 – Published: 2007-04-27 16:00 – Updated: 2024-08-07 13:33
VLAI
Summary
Unspecified vulnerability in InterVations NaviCOPA Web Server 2.01 20070323 allows remote attackers to cause a denial of service (daemon crash) via crafted HTTP requests, as demonstrated by long requests containing '\A' characters, probably a different issue than CVE-2006-5112 and CVE-2007-1733. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://osvdb.org/34504 | vdb-entryx_refsource_OSVDB |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://secunia.com/advisories/25049 | third-party-advisoryx_refsource_SECUNIA |
Date Public
2007-04-26 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T13:33:28.571Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "34504",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/34504"
},
{
"name": "navicopa-httpget-dos(33903)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33903"
},
{
"name": "25049",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25049"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-04-26T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in InterVations NaviCOPA Web Server 2.01 20070323 allows remote attackers to cause a denial of service (daemon crash) via crafted HTTP requests, as demonstrated by long requests containing \u0027\\A\u0027 characters, probably a different issue than CVE-2006-5112 and CVE-2007-1733. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "34504",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/34504"
},
{
"name": "navicopa-httpget-dos(33903)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33903"
},
{
"name": "25049",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25049"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2336",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in InterVations NaviCOPA Web Server 2.01 20070323 allows remote attackers to cause a denial of service (daemon crash) via crafted HTTP requests, as demonstrated by long requests containing \u0027\\A\u0027 characters, probably a different issue than CVE-2006-5112 and CVE-2007-1733. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "34504",
"refsource": "OSVDB",
"url": "http://osvdb.org/34504"
},
{
"name": "navicopa-httpget-dos(33903)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33903"
},
{
"name": "25049",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25049"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-2336",
"datePublished": "2007-04-27T16:00:00.000Z",
"dateReserved": "2007-04-27T00:00:00.000Z",
"dateUpdated": "2024-08-07T13:33:28.571Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-1733 (GCVE-0-2007-1733)
Vulnerability from cvelistv5 – Published: 2007-03-28 22:00 – Updated: 2024-08-07 13:06
VLAI
Summary
Buffer overflow in InterVations NaviCOPA HTTP Server 2.01 allows remote attackers to execute arbitrary code via a long (1) /cgi-bin/ or (2) /cgi/ pathname in an HTTP GET request, probably a different issue than CVE-2006-5112.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
9 references
| URL | Tags |
|---|---|
| http://securityreason.com/securityalert/2483 | third-party-advisoryx_refsource_SREASON |
| https://www.exploit-db.com/exploits/3589 | exploitx_refsource_EXPLOIT-DB |
| http://www.skilltube.com/index.php?option=com_con… | x_refsource_MISC |
| http://osvdb.org/34503 | vdb-entryx_refsource_OSVDB |
| http://www.securityfocus.com/bid/23179 | vdb-entryx_refsource_BID |
| http://www.securityfocus.com/archive/1/463931/100… | mailing-listx_refsource_BUGTRAQ |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://secunia.com/advisories/24673 | third-party-advisoryx_refsource_SECUNIA |
| http://www.vupen.com/english/advisories/2007/1137 | vdb-entryx_refsource_VUPEN |
Date Public
2007-03-27 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T13:06:26.218Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "2483",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/2483"
},
{
"name": "3589",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/3589"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.skilltube.com/index.php?option=com_content\u0026task=view\u0026id=13\u0026Itemid=37"
},
{
"name": "34503",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/34503"
},
{
"name": "23179",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/23179"
},
{
"name": "20070327 Buffer Overflow in InterVetions\u0027 NaviCopa HTTP server 2.01",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/463931/100/0/threaded"
},
{
"name": "navicopa-cgi-bo(33296)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33296"
},
{
"name": "24673",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24673"
},
{
"name": "ADV-2007-1137",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/1137"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-03-27T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in InterVations NaviCOPA HTTP Server 2.01 allows remote attackers to execute arbitrary code via a long (1) /cgi-bin/ or (2) /cgi/ pathname in an HTTP GET request, probably a different issue than CVE-2006-5112."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "2483",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/2483"
},
{
"name": "3589",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/3589"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.skilltube.com/index.php?option=com_content\u0026task=view\u0026id=13\u0026Itemid=37"
},
{
"name": "34503",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/34503"
},
{
"name": "23179",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/23179"
},
{
"name": "20070327 Buffer Overflow in InterVetions\u0027 NaviCopa HTTP server 2.01",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/463931/100/0/threaded"
},
{
"name": "navicopa-cgi-bo(33296)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33296"
},
{
"name": "24673",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24673"
},
{
"name": "ADV-2007-1137",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/1137"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-1733",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in InterVations NaviCOPA HTTP Server 2.01 allows remote attackers to execute arbitrary code via a long (1) /cgi-bin/ or (2) /cgi/ pathname in an HTTP GET request, probably a different issue than CVE-2006-5112."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "2483",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2483"
},
{
"name": "3589",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/3589"
},
{
"name": "http://www.skilltube.com/index.php?option=com_content\u0026task=view\u0026id=13\u0026Itemid=37",
"refsource": "MISC",
"url": "http://www.skilltube.com/index.php?option=com_content\u0026task=view\u0026id=13\u0026Itemid=37"
},
{
"name": "34503",
"refsource": "OSVDB",
"url": "http://osvdb.org/34503"
},
{
"name": "23179",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23179"
},
{
"name": "20070327 Buffer Overflow in InterVetions\u0027 NaviCopa HTTP server 2.01",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/463931/100/0/threaded"
},
{
"name": "navicopa-cgi-bo(33296)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33296"
},
{
"name": "24673",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24673"
},
{
"name": "ADV-2007-1137",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1137"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-1733",
"datePublished": "2007-03-28T22:00:00.000Z",
"dateReserved": "2007-03-28T00:00:00.000Z",
"dateUpdated": "2024-08-07T13:06:26.218Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-1598 (GCVE-0-2007-1598)
Vulnerability from cvelistv5 – Published: 2007-03-22 23:00 – Updated: 2024-08-07 12:59
VLAI
Summary
Stack-based buffer overflow in InterVations FileCOPA FTP Server 1.01 allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by filecopa.tar by Immunity. NOTE: some of these details are obtained from third party information. NOTE: As of 20070322, this disclosure has no actionable information. However, since it is from a reliable researcher, it is being assigned a CVE identifier for tracking purposes.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/23056 | vdb-entryx_refsource_BID |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://osvdb.org/43559 | vdb-entryx_refsource_OSVDB |
| http://www.immunitysec.com/partners-index.shtml | x_refsource_MISC |
| https://www.immunityinc.com/downloads/immpartners… | x_refsource_MISC |
Date Public
2007-03-20 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:59:08.983Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "23056",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/23056"
},
{
"name": "filecopa-unspecified-bo(33462)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33462"
},
{
"name": "43559",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/43559"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.immunitysec.com/partners-index.shtml"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.immunityinc.com/downloads/immpartners/filecopa.tar"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-03-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in InterVations FileCOPA FTP Server 1.01 allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by filecopa.tar by Immunity. NOTE: some of these details are obtained from third party information. NOTE: As of 20070322, this disclosure has no actionable information. However, since it is from a reliable researcher, it is being assigned a CVE identifier for tracking purposes."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "23056",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/23056"
},
{
"name": "filecopa-unspecified-bo(33462)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33462"
},
{
"name": "43559",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/43559"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.immunitysec.com/partners-index.shtml"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.immunityinc.com/downloads/immpartners/filecopa.tar"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-1598",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in InterVations FileCOPA FTP Server 1.01 allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by filecopa.tar by Immunity. NOTE: some of these details are obtained from third party information. NOTE: As of 20070322, this disclosure has no actionable information. However, since it is from a reliable researcher, it is being assigned a CVE identifier for tracking purposes."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "23056",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23056"
},
{
"name": "filecopa-unspecified-bo(33462)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33462"
},
{
"name": "43559",
"refsource": "OSVDB",
"url": "http://osvdb.org/43559"
},
{
"name": "http://www.immunitysec.com/partners-index.shtml",
"refsource": "MISC",
"url": "http://www.immunitysec.com/partners-index.shtml"
},
{
"name": "https://www.immunityinc.com/downloads/immpartners/filecopa.tar",
"refsource": "MISC",
"url": "https://www.immunityinc.com/downloads/immpartners/filecopa.tar"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-1598",
"datePublished": "2007-03-22T23:00:00.000Z",
"dateReserved": "2007-03-22T00:00:00.000Z",
"dateUpdated": "2024-08-07T12:59:08.983Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-5112 (GCVE-0-2006-5112)
Vulnerability from cvelistv5 – Published: 2006-10-02 20:00 – Updated: 2024-08-07 19:41
VLAI
Summary
Buffer overflow in InterVations NaviCOPA Web Server 2.01 allows remote attackers to execute arbitrary code via a long HTTP GET request.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://secunia.com/advisories/22124 | third-party-advisoryx_refsource_SECUNIA |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.securityfocus.com/bid/20250 | vdb-entryx_refsource_BID |
| http://www.vupen.com/english/advisories/2006/3819 | vdb-entryx_refsource_VUPEN |
| https://www.exploit-db.com/exploits/2445 | exploitx_refsource_EXPLOIT-DB |
| http://www.kb.cert.org/vuls/id/693992 | third-party-advisoryx_refsource_CERT-VN |
Date Public
2006-09-27 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:41:05.190Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "22124",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22124"
},
{
"name": "navicopa-http-get-bo(29221)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29221"
},
{
"name": "20250",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/20250"
},
{
"name": "ADV-2006-3819",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/3819"
},
{
"name": "2445",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/2445"
},
{
"name": "VU#693992",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/693992"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-09-27T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in InterVations NaviCOPA Web Server 2.01 allows remote attackers to execute arbitrary code via a long HTTP GET request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-18T16:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "22124",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22124"
},
{
"name": "navicopa-http-get-bo(29221)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29221"
},
{
"name": "20250",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/20250"
},
{
"name": "ADV-2006-3819",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/3819"
},
{
"name": "2445",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/2445"
},
{
"name": "VU#693992",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/693992"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5112",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in InterVations NaviCOPA Web Server 2.01 allows remote attackers to execute arbitrary code via a long HTTP GET request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "22124",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22124"
},
{
"name": "navicopa-http-get-bo(29221)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29221"
},
{
"name": "20250",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20250"
},
{
"name": "ADV-2006-3819",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3819"
},
{
"name": "2445",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/2445"
},
{
"name": "VU#693992",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/693992"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-5112",
"datePublished": "2006-10-02T20:00:00.000Z",
"dateReserved": "2006-10-02T00:00:00.000Z",
"dateUpdated": "2024-08-07T19:41:05.190Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-3768 (GCVE-0-2006-3768)
Vulnerability from cvelistv5 – Published: 2006-07-28 23:00 – Updated: 2024-08-07 18:39
VLAI
Summary
Integer underflow in filecpnt.exe in FileCOPA FTP Server 1.01 before 2006-07-21 allow remote authenticated users to execute arbitrary code via a long argument to the (1) CWD, (2) DELE, (3) MDTM, and (4) MKD commands, which triggers a stack-based buffer overflow.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
10 references
| URL | Tags |
|---|---|
| http://securityreason.com/securityalert/1300 | third-party-advisoryx_refsource_SREASON |
| http://secunia.com/secunia_research/2006-55/advisory/ | x_refsource_MISC |
| http://www.kb.cert.org/vuls/id/RGII-6TYN6M | x_refsource_CONFIRM |
| http://www.securityfocus.com/archive/1/441207/100… | mailing-listx_refsource_BUGTRAQ |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.kb.cert.org/vuls/id/713092 | third-party-advisoryx_refsource_CERT-VN |
| http://www.vupen.com/english/advisories/2006/2960 | vdb-entryx_refsource_VUPEN |
| http://www.osvdb.org/27486 | vdb-entryx_refsource_OSVDB |
| http://secunia.com/advisories/21097 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/bid/19153 | vdb-entryx_refsource_BID |
Date Public
2006-07-25 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:39:54.084Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1300",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/1300"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://secunia.com/secunia_research/2006-55/advisory/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/RGII-6TYN6M"
},
{
"name": "20060725 Secunia Research: FileCOPA Directory Argument Handling BufferOverflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/441207/100/0/threaded"
},
{
"name": "filecopa-ftp-dir-bo(27941)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27941"
},
{
"name": "VU#713092",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/713092"
},
{
"name": "ADV-2006-2960",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/2960"
},
{
"name": "27486",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/27486"
},
{
"name": "21097",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21097"
},
{
"name": "19153",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/19153"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-07-25T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Integer underflow in filecpnt.exe in FileCOPA FTP Server 1.01 before 2006-07-21 allow remote authenticated users to execute arbitrary code via a long argument to the (1) CWD, (2) DELE, (3) MDTM, and (4) MKD commands, which triggers a stack-based buffer overflow."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01.000Z",
"orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"shortName": "flexera"
},
"references": [
{
"name": "1300",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/1300"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://secunia.com/secunia_research/2006-55/advisory/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.kb.cert.org/vuls/id/RGII-6TYN6M"
},
{
"name": "20060725 Secunia Research: FileCOPA Directory Argument Handling BufferOverflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/441207/100/0/threaded"
},
{
"name": "filecopa-ftp-dir-bo(27941)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27941"
},
{
"name": "VU#713092",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/713092"
},
{
"name": "ADV-2006-2960",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/2960"
},
{
"name": "27486",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/27486"
},
{
"name": "21097",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21097"
},
{
"name": "19153",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/19153"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID": "CVE-2006-3768",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer underflow in filecpnt.exe in FileCOPA FTP Server 1.01 before 2006-07-21 allow remote authenticated users to execute arbitrary code via a long argument to the (1) CWD, (2) DELE, (3) MDTM, and (4) MKD commands, which triggers a stack-based buffer overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1300",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1300"
},
{
"name": "http://secunia.com/secunia_research/2006-55/advisory/",
"refsource": "MISC",
"url": "http://secunia.com/secunia_research/2006-55/advisory/"
},
{
"name": "http://www.kb.cert.org/vuls/id/RGII-6TYN6M",
"refsource": "CONFIRM",
"url": "http://www.kb.cert.org/vuls/id/RGII-6TYN6M"
},
{
"name": "20060725 Secunia Research: FileCOPA Directory Argument Handling BufferOverflow",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/441207/100/0/threaded"
},
{
"name": "filecopa-ftp-dir-bo(27941)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27941"
},
{
"name": "VU#713092",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/713092"
},
{
"name": "ADV-2006-2960",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2960"
},
{
"name": "27486",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/27486"
},
{
"name": "21097",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21097"
},
{
"name": "19153",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19153"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"assignerShortName": "flexera",
"cveId": "CVE-2006-3768",
"datePublished": "2006-07-28T23:00:00.000Z",
"dateReserved": "2006-07-21T00:00:00.000Z",
"dateUpdated": "2024-08-07T18:39:54.084Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-3726 (GCVE-0-2006-3726)
Vulnerability from cvelistv5 – Published: 2006-07-19 21:00 – Updated: 2024-08-07 18:39
VLAI
Summary
Buffer overflow in FileCOPA FTP Server before 1.01 released on 18th July 2006, allows remote authenticated attackers to execute arbitrary code via a long argument to the LIST command.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://secunia.com/advisories/21108 | third-party-advisoryx_refsource_SECUNIA |
| http://www.osvdb.org/27389 | vdb-entryx_refsource_OSVDB |
| http://www.appsec.ch/docs/2006-07-19-fileCopa.txt | x_refsource_MISC |
| http://www.vupen.com/english/advisories/2006/2870 | vdb-entryx_refsource_VUPEN |
| http://www.securityfocus.com/bid/19065 | vdb-entryx_refsource_BID |
Date Public
2006-07-19 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:39:53.916Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "filecopa-list-bo(27817)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27817"
},
{
"name": "21108",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21108"
},
{
"name": "27389",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/27389"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.appsec.ch/docs/2006-07-19-fileCopa.txt"
},
{
"name": "ADV-2006-2870",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/2870"
},
{
"name": "19065",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/19065"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-07-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in FileCOPA FTP Server before 1.01 released on 18th July 2006, allows remote authenticated attackers to execute arbitrary code via a long argument to the LIST command."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "filecopa-list-bo(27817)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27817"
},
{
"name": "21108",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21108"
},
{
"name": "27389",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/27389"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.appsec.ch/docs/2006-07-19-fileCopa.txt"
},
{
"name": "ADV-2006-2870",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/2870"
},
{
"name": "19065",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/19065"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3726",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in FileCOPA FTP Server before 1.01 released on 18th July 2006, allows remote authenticated attackers to execute arbitrary code via a long argument to the LIST command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "filecopa-list-bo(27817)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27817"
},
{
"name": "21108",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21108"
},
{
"name": "27389",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/27389"
},
{
"name": "http://www.appsec.ch/docs/2006-07-19-fileCopa.txt",
"refsource": "MISC",
"url": "http://www.appsec.ch/docs/2006-07-19-fileCopa.txt"
},
{
"name": "ADV-2006-2870",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2870"
},
{
"name": "19065",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19065"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-3726",
"datePublished": "2006-07-19T21:00:00.000Z",
"dateReserved": "2006-07-19T00:00:00.000Z",
"dateUpdated": "2024-08-07T18:39:53.916Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-2254 (GCVE-0-2006-2254)
Vulnerability from cvelistv5 – Published: 2006-05-09 10:00 – Updated: 2024-08-07 17:43
VLAI
Summary
Buffer overflow in filecpnt.exe in FileCOPA 1.01 allows remote attackers to cause a denial of service (application crash) via a username with a large number of newline characters.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://www.osvdb.org/25436 | vdb-entryx_refsource_OSVDB |
| http://blacksecurity.org/exploits/38/FILECOPA_V1.… | x_refsource_MISC |
| http://www.vupen.com/english/advisories/2006/1679 | vdb-entryx_refsource_VUPEN |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.securityfocus.com/bid/17881 | vdb-entryx_refsource_BID |
| http://secunia.com/advisories/20033 | third-party-advisoryx_refsource_SECUNIA |
Date Public
2006-05-08 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:43:28.580Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "25436",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/25436"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://blacksecurity.org/exploits/38/FILECOPA_V1.01_and_Below_Pre_Authentication_Remote_Overflow/111.html"
},
{
"name": "ADV-2006-1679",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/1679"
},
{
"name": "filecopa-user-dos(26300)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26300"
},
{
"name": "17881",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/17881"
},
{
"name": "20033",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20033"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-05-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in filecpnt.exe in FileCOPA 1.01 allows remote attackers to cause a denial of service (application crash) via a username with a large number of newline characters."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "25436",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/25436"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://blacksecurity.org/exploits/38/FILECOPA_V1.01_and_Below_Pre_Authentication_Remote_Overflow/111.html"
},
{
"name": "ADV-2006-1679",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/1679"
},
{
"name": "filecopa-user-dos(26300)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26300"
},
{
"name": "17881",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/17881"
},
{
"name": "20033",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20033"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-2254",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in filecpnt.exe in FileCOPA 1.01 allows remote attackers to cause a denial of service (application crash) via a username with a large number of newline characters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "25436",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/25436"
},
{
"name": "http://blacksecurity.org/exploits/38/FILECOPA_V1.01_and_Below_Pre_Authentication_Remote_Overflow/111.html",
"refsource": "MISC",
"url": "http://blacksecurity.org/exploits/38/FILECOPA_V1.01_and_Below_Pre_Authentication_Remote_Overflow/111.html"
},
{
"name": "ADV-2006-1679",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1679"
},
{
"name": "filecopa-user-dos(26300)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26300"
},
{
"name": "17881",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17881"
},
{
"name": "20033",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20033"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-2254",
"datePublished": "2006-05-09T10:00:00.000Z",
"dateReserved": "2006-05-08T00:00:00.000Z",
"dateUpdated": "2024-08-07T17:43:28.580Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-0344 (GCVE-0-2006-0344)
Vulnerability from cvelistv5 – Published: 2006-01-21 00:00 – Updated: 2024-08-07 16:34
VLAI
Summary
Directory traversal vulnerability in Intervations FileCOPA FTP Server 1.01 allows remote attackers to read and write arbitrary files via a .. (dot dot) in the (1) STOR and (2) RETR commands.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://secunia.com/advisories/18550 | third-party-advisoryx_refsource_SECUNIA |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.nii.co.in/vuln/filecopa.html | x_refsource_MISC |
| http://www.osvdb.org/22694 | vdb-entryx_refsource_OSVDB |
| http://www.vupen.com/english/advisories/2006/0285 | vdb-entryx_refsource_VUPEN |
| http://www.securityfocus.com/bid/16335 | vdb-entryx_refsource_BID |
Date Public
2006-01-19 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:34:13.986Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "18550",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18550"
},
{
"name": "filecopa-ftp-directory-traversal(24257)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24257"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.nii.co.in/vuln/filecopa.html"
},
{
"name": "22694",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/22694"
},
{
"name": "ADV-2006-0285",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0285"
},
{
"name": "16335",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/16335"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-01-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in Intervations FileCOPA FTP Server 1.01 allows remote attackers to read and write arbitrary files via a .. (dot dot) in the (1) STOR and (2) RETR commands."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "18550",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18550"
},
{
"name": "filecopa-ftp-directory-traversal(24257)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24257"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.nii.co.in/vuln/filecopa.html"
},
{
"name": "22694",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/22694"
},
{
"name": "ADV-2006-0285",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0285"
},
{
"name": "16335",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/16335"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0344",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in Intervations FileCOPA FTP Server 1.01 allows remote attackers to read and write arbitrary files via a .. (dot dot) in the (1) STOR and (2) RETR commands."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "18550",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18550"
},
{
"name": "filecopa-ftp-directory-traversal(24257)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24257"
},
{
"name": "http://www.nii.co.in/vuln/filecopa.html",
"refsource": "MISC",
"url": "http://www.nii.co.in/vuln/filecopa.html"
},
{
"name": "22694",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22694"
},
{
"name": "ADV-2006-0285",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0285"
},
{
"name": "16335",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16335"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-0344",
"datePublished": "2006-01-21T00:00:00.000Z",
"dateReserved": "2006-01-20T00:00:00.000Z",
"dateUpdated": "2024-08-07T16:34:13.986Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}