Search criteria
9 vulnerabilities by lussumo
CVE-2010-1337 (GCVE-0-2010-1337)
Vulnerability from cvelistv5 – Published: 2010-04-09 18:00 – Updated: 2024-08-07 01:21
VLAI?
Summary
Multiple PHP remote file inclusion vulnerabilities in definitions.php in Lussumo Vanilla 1.1.10, and possibly 0.9.2 and other versions, allow remote attackers to execute arbitrary PHP code via a URL in the (1) include and (2) Configuration['LANGUAGE'] parameters.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Date Public ?
2010-03-23 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T01:21:18.567Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "vanilla-definitions-file-include(57147)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/57147"
},
{
"name": "38889",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/38889"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.packetstormsecurity.com/1003-exploits/vanilla-rfi.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-03-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple PHP remote file inclusion vulnerabilities in definitions.php in Lussumo Vanilla 1.1.10, and possibly 0.9.2 and other versions, allow remote attackers to execute arbitrary PHP code via a URL in the (1) include and (2) Configuration[\u0027LANGUAGE\u0027] parameters."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "vanilla-definitions-file-include(57147)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/57147"
},
{
"name": "38889",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/38889"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.packetstormsecurity.com/1003-exploits/vanilla-rfi.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1337",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple PHP remote file inclusion vulnerabilities in definitions.php in Lussumo Vanilla 1.1.10, and possibly 0.9.2 and other versions, allow remote attackers to execute arbitrary PHP code via a URL in the (1) include and (2) Configuration[\u0027LANGUAGE\u0027] parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "vanilla-definitions-file-include(57147)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/57147"
},
{
"name": "38889",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/38889"
},
{
"name": "http://www.packetstormsecurity.com/1003-exploits/vanilla-rfi.txt",
"refsource": "MISC",
"url": "http://www.packetstormsecurity.com/1003-exploits/vanilla-rfi.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-1337",
"datePublished": "2010-04-09T18:00:00.000Z",
"dateReserved": "2010-04-09T00:00:00.000Z",
"dateUpdated": "2024-08-07T01:21:18.567Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-1845 (GCVE-0-2009-1845)
Vulnerability from cvelistv5 – Published: 2009-06-01 19:00 – Updated: 2024-08-07 05:27
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in ajax/updatecheck.php in Lussumo Vanilla 1.1.5 and 1.1.7 allows remote attackers to inject arbitrary web script or HTML via the RequestName parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Date Public ?
2009-05-27 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:27:54.658Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "35234",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35234"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://lussumo.com/community/discussion/9524/vanilla-118-released/#Item_0"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://gsasec.blogspot.com/2009/05/vanilla-v117-cross-site-scripting.html"
},
{
"name": "20090527 Vanilla v.1.1.7 Cross-Site Scripting",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/503847/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-05-27T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in ajax/updatecheck.php in Lussumo Vanilla 1.1.5 and 1.1.7 allows remote attackers to inject arbitrary web script or HTML via the RequestName parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "35234",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35234"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://lussumo.com/community/discussion/9524/vanilla-118-released/#Item_0"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://gsasec.blogspot.com/2009/05/vanilla-v117-cross-site-scripting.html"
},
{
"name": "20090527 Vanilla v.1.1.7 Cross-Site Scripting",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/503847/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1845",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in ajax/updatecheck.php in Lussumo Vanilla 1.1.5 and 1.1.7 allows remote attackers to inject arbitrary web script or HTML via the RequestName parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "35234",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35234"
},
{
"name": "http://lussumo.com/community/discussion/9524/vanilla-118-released/#Item_0",
"refsource": "CONFIRM",
"url": "http://lussumo.com/community/discussion/9524/vanilla-118-released/#Item_0"
},
{
"name": "http://gsasec.blogspot.com/2009/05/vanilla-v117-cross-site-scripting.html",
"refsource": "MISC",
"url": "http://gsasec.blogspot.com/2009/05/vanilla-v117-cross-site-scripting.html"
},
{
"name": "20090527 Vanilla v.1.1.7 Cross-Site Scripting",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/503847/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-1845",
"datePublished": "2009-06-01T19:00:00.000Z",
"dateReserved": "2009-06-01T00:00:00.000Z",
"dateUpdated": "2024-08-07T05:27:54.658Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-3874 (GCVE-0-2008-3874)
Vulnerability from cvelistv5 – Published: 2008-08-29 17:00 – Updated: 2024-08-07 09:53
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in account.php in Lussumo Vanilla 1.1.5-rc1, 1.1.4, and earlier allows remote authenticated users to inject arbitrary web script or HTML via the Value field (aka Label ==> Value pairs). NOTE: some of these details are obtained from third party information.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Date Public ?
2008-08-19 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:53:00.484Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "31527",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31527"
},
{
"name": "20080819 Vanilla \u003c= 1.1.4 Script Injection/ XSS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/495577/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://lussumo.com/community/discussion/8559/vanilla-115-release-candidate-1/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.gulftech.org/?node=research\u0026article_id=00126-08192008"
},
{
"name": "30748",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30748"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://lussumo.com/docs/doku.php?id=vanilla:releasenotes"
},
{
"name": "4176",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/4176"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-08-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in account.php in Lussumo Vanilla 1.1.5-rc1, 1.1.4, and earlier allows remote authenticated users to inject arbitrary web script or HTML via the Value field (aka Label ==\u003e Value pairs). NOTE: some of these details are obtained from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "31527",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31527"
},
{
"name": "20080819 Vanilla \u003c= 1.1.4 Script Injection/ XSS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/495577/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://lussumo.com/community/discussion/8559/vanilla-115-release-candidate-1/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.gulftech.org/?node=research\u0026article_id=00126-08192008"
},
{
"name": "30748",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30748"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://lussumo.com/docs/doku.php?id=vanilla:releasenotes"
},
{
"name": "4176",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/4176"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3874",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in account.php in Lussumo Vanilla 1.1.5-rc1, 1.1.4, and earlier allows remote authenticated users to inject arbitrary web script or HTML via the Value field (aka Label ==\u003e Value pairs). NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "31527",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31527"
},
{
"name": "20080819 Vanilla \u003c= 1.1.4 Script Injection/ XSS",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/495577/100/0/threaded"
},
{
"name": "http://lussumo.com/community/discussion/8559/vanilla-115-release-candidate-1/",
"refsource": "MISC",
"url": "http://lussumo.com/community/discussion/8559/vanilla-115-release-candidate-1/"
},
{
"name": "http://www.gulftech.org/?node=research\u0026article_id=00126-08192008",
"refsource": "MISC",
"url": "http://www.gulftech.org/?node=research\u0026article_id=00126-08192008"
},
{
"name": "30748",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30748"
},
{
"name": "http://lussumo.com/docs/doku.php?id=vanilla:releasenotes",
"refsource": "MISC",
"url": "http://lussumo.com/docs/doku.php?id=vanilla:releasenotes"
},
{
"name": "4176",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4176"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-3874",
"datePublished": "2008-08-29T17:00:00.000Z",
"dateReserved": "2008-08-29T00:00:00.000Z",
"dateUpdated": "2024-08-07T09:53:00.484Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-3759 (GCVE-0-2008-3759)
Vulnerability from cvelistv5 – Published: 2008-08-21 17:00 – Updated: 2024-08-07 09:52
VLAI?
Summary
Cross-site request forgery (CSRF) vulnerability in ajax/UpdateCheck.php in Vanilla 1.1.4 and earlier has unknown impact and remote attack vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Date Public ?
2008-08-19 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:52:59.437Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "31527",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31527"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://lussumo.com/community/discussion/8559/vanilla-115-release-candidate-1/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://lussumo.com/bugs/discussion/91/ajaxupdatecheckphp-csrf-vulnerability/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://lussumo.com/docs/doku.php?id=vanilla:releasenotes"
},
{
"name": "vanilla-updatecheck-people-csrf(44558)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44558"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-08-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in ajax/UpdateCheck.php in Vanilla 1.1.4 and earlier has unknown impact and remote attack vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "31527",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31527"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://lussumo.com/community/discussion/8559/vanilla-115-release-candidate-1/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://lussumo.com/bugs/discussion/91/ajaxupdatecheckphp-csrf-vulnerability/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://lussumo.com/docs/doku.php?id=vanilla:releasenotes"
},
{
"name": "vanilla-updatecheck-people-csrf(44558)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44558"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3759",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in ajax/UpdateCheck.php in Vanilla 1.1.4 and earlier has unknown impact and remote attack vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "31527",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31527"
},
{
"name": "http://lussumo.com/community/discussion/8559/vanilla-115-release-candidate-1/",
"refsource": "CONFIRM",
"url": "http://lussumo.com/community/discussion/8559/vanilla-115-release-candidate-1/"
},
{
"name": "http://lussumo.com/bugs/discussion/91/ajaxupdatecheckphp-csrf-vulnerability/",
"refsource": "CONFIRM",
"url": "http://lussumo.com/bugs/discussion/91/ajaxupdatecheckphp-csrf-vulnerability/"
},
{
"name": "http://lussumo.com/docs/doku.php?id=vanilla:releasenotes",
"refsource": "CONFIRM",
"url": "http://lussumo.com/docs/doku.php?id=vanilla:releasenotes"
},
{
"name": "vanilla-updatecheck-people-csrf(44558)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44558"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-3759",
"datePublished": "2008-08-21T17:00:00.000Z",
"dateReserved": "2008-08-21T00:00:00.000Z",
"dateUpdated": "2024-08-07T09:52:59.437Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-3760 (GCVE-0-2008-3760)
Vulnerability from cvelistv5 – Published: 2008-08-21 17:00 – Updated: 2024-08-07 09:52
VLAI?
Summary
Cross-site request forgery (CSRF) vulnerability in the sign-out page in Vanilla 1.1.4 and earlier allows remote attackers to hijack the authentication of arbitrary users for requests that trigger a logout via a SignOutNow action to people.php.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Date Public ?
2008-08-19 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:52:59.923Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "vanilla-people-csrf(44748)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44748"
},
{
"name": "31527",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31527"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://lussumo.com/community/discussion/8559/vanilla-115-release-candidate-1/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://lussumo.com/community/discussion/8463/possible-security-flaw/#Comment_88511"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://lussumo.com/docs/doku.php?id=vanilla:releasenotes"
},
{
"name": "vanilla-updatecheck-people-csrf(44558)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44558"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://lussumo.com/bugs/discussion/88/csrf-attack-hole/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-08-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in the sign-out page in Vanilla 1.1.4 and earlier allows remote attackers to hijack the authentication of arbitrary users for requests that trigger a logout via a SignOutNow action to people.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "vanilla-people-csrf(44748)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44748"
},
{
"name": "31527",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31527"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://lussumo.com/community/discussion/8559/vanilla-115-release-candidate-1/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://lussumo.com/community/discussion/8463/possible-security-flaw/#Comment_88511"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://lussumo.com/docs/doku.php?id=vanilla:releasenotes"
},
{
"name": "vanilla-updatecheck-people-csrf(44558)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44558"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://lussumo.com/bugs/discussion/88/csrf-attack-hole/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3760",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in the sign-out page in Vanilla 1.1.4 and earlier allows remote attackers to hijack the authentication of arbitrary users for requests that trigger a logout via a SignOutNow action to people.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "vanilla-people-csrf(44748)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44748"
},
{
"name": "31527",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31527"
},
{
"name": "http://lussumo.com/community/discussion/8559/vanilla-115-release-candidate-1/",
"refsource": "CONFIRM",
"url": "http://lussumo.com/community/discussion/8559/vanilla-115-release-candidate-1/"
},
{
"name": "http://lussumo.com/community/discussion/8463/possible-security-flaw/#Comment_88511",
"refsource": "CONFIRM",
"url": "http://lussumo.com/community/discussion/8463/possible-security-flaw/#Comment_88511"
},
{
"name": "http://lussumo.com/docs/doku.php?id=vanilla:releasenotes",
"refsource": "CONFIRM",
"url": "http://lussumo.com/docs/doku.php?id=vanilla:releasenotes"
},
{
"name": "vanilla-updatecheck-people-csrf(44558)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44558"
},
{
"name": "http://lussumo.com/bugs/discussion/88/csrf-attack-hole/",
"refsource": "CONFIRM",
"url": "http://lussumo.com/bugs/discussion/88/csrf-attack-hole/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-3760",
"datePublished": "2008-08-21T17:00:00.000Z",
"dateReserved": "2008-08-21T00:00:00.000Z",
"dateUpdated": "2024-08-07T09:52:59.923Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-3758 (GCVE-0-2008-3758)
Vulnerability from cvelistv5 – Published: 2008-08-21 17:00 – Updated: 2024-08-07 09:52
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Lussumo Vanilla 1.1.4 and earlier (1) allow remote attackers to inject arbitrary web script or HTML via the NewPassword parameter to people.php, and allow remote authenticated users to inject arbitrary web script or HTML via the (2) Account picture and (3) Icon fields in account.php. NOTE: some of these details are obtained from third party information.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Date Public ?
2008-08-19 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:52:59.532Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "31527",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31527"
},
{
"name": "vanilla-people-xss(44554)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44554"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://lussumo.com/community/discussion/8559/vanilla-115-release-candidate-1/"
},
{
"name": "20080819 Vanilla \u003c= 1.1.4 Script Injection/ XSS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/495577/100/0/threaded"
},
{
"name": "vanilla-account-xss(44556)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44556"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.gulftech.org/?node=research\u0026article_id=00126-08192008"
},
{
"name": "30748",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30748"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://lussumo.com/docs/doku.php?id=vanilla:releasenotes"
},
{
"name": "4176",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/4176"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-08-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Lussumo Vanilla 1.1.4 and earlier (1) allow remote attackers to inject arbitrary web script or HTML via the NewPassword parameter to people.php, and allow remote authenticated users to inject arbitrary web script or HTML via the (2) Account picture and (3) Icon fields in account.php. NOTE: some of these details are obtained from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "31527",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31527"
},
{
"name": "vanilla-people-xss(44554)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44554"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://lussumo.com/community/discussion/8559/vanilla-115-release-candidate-1/"
},
{
"name": "20080819 Vanilla \u003c= 1.1.4 Script Injection/ XSS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/495577/100/0/threaded"
},
{
"name": "vanilla-account-xss(44556)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44556"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.gulftech.org/?node=research\u0026article_id=00126-08192008"
},
{
"name": "30748",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30748"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://lussumo.com/docs/doku.php?id=vanilla:releasenotes"
},
{
"name": "4176",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/4176"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3758",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Lussumo Vanilla 1.1.4 and earlier (1) allow remote attackers to inject arbitrary web script or HTML via the NewPassword parameter to people.php, and allow remote authenticated users to inject arbitrary web script or HTML via the (2) Account picture and (3) Icon fields in account.php. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "31527",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31527"
},
{
"name": "vanilla-people-xss(44554)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44554"
},
{
"name": "http://lussumo.com/community/discussion/8559/vanilla-115-release-candidate-1/",
"refsource": "CONFIRM",
"url": "http://lussumo.com/community/discussion/8559/vanilla-115-release-candidate-1/"
},
{
"name": "20080819 Vanilla \u003c= 1.1.4 Script Injection/ XSS",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/495577/100/0/threaded"
},
{
"name": "vanilla-account-xss(44556)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44556"
},
{
"name": "http://www.gulftech.org/?node=research\u0026article_id=00126-08192008",
"refsource": "MISC",
"url": "http://www.gulftech.org/?node=research\u0026article_id=00126-08192008"
},
{
"name": "30748",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30748"
},
{
"name": "http://lussumo.com/docs/doku.php?id=vanilla:releasenotes",
"refsource": "CONFIRM",
"url": "http://lussumo.com/docs/doku.php?id=vanilla:releasenotes"
},
{
"name": "4176",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4176"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-3758",
"datePublished": "2008-08-21T17:00:00.000Z",
"dateReserved": "2008-08-21T00:00:00.000Z",
"dateUpdated": "2024-08-07T09:52:59.532Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-5643 (GCVE-0-2007-5643)
Vulnerability from cvelistv5 – Published: 2007-10-23 21:00 – Updated: 2024-08-07 15:39
VLAI?
Summary
Multiple SQL injection vulnerabilities in Lussumo Vanilla 1.1.3 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the CategoryID parameter to ajax/sortcategories.php or (2) an unspecified vector to ajax/sortroles.php.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Date Public ?
2007-10-20 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:39:13.519Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://lussumo.com/swell/168/Vanilla-114-Released/"
},
{
"name": "26145",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/26145"
},
{
"name": "ADV-2007-3571",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/3571"
},
{
"name": "27348",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27348"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://lussumo.com/community/discussion/7214/vanilla-113-new-remote-blind-sql-injection-exploit-/"
},
{
"name": "vanilla-categoryid-sql-injection(37345)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37345"
},
{
"name": "4548",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/4548"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-10-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in Lussumo Vanilla 1.1.3 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the CategoryID parameter to ajax/sortcategories.php or (2) an unspecified vector to ajax/sortroles.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://lussumo.com/swell/168/Vanilla-114-Released/"
},
{
"name": "26145",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/26145"
},
{
"name": "ADV-2007-3571",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/3571"
},
{
"name": "27348",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27348"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://lussumo.com/community/discussion/7214/vanilla-113-new-remote-blind-sql-injection-exploit-/"
},
{
"name": "vanilla-categoryid-sql-injection(37345)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37345"
},
{
"name": "4548",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/4548"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-5643",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in Lussumo Vanilla 1.1.3 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the CategoryID parameter to ajax/sortcategories.php or (2) an unspecified vector to ajax/sortroles.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://lussumo.com/swell/168/Vanilla-114-Released/",
"refsource": "CONFIRM",
"url": "http://lussumo.com/swell/168/Vanilla-114-Released/"
},
{
"name": "26145",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26145"
},
{
"name": "ADV-2007-3571",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/3571"
},
{
"name": "27348",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27348"
},
{
"name": "http://lussumo.com/community/discussion/7214/vanilla-113-new-remote-blind-sql-injection-exploit-/",
"refsource": "CONFIRM",
"url": "http://lussumo.com/community/discussion/7214/vanilla-113-new-remote-blind-sql-injection-exploit-/"
},
{
"name": "vanilla-categoryid-sql-injection(37345)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37345"
},
{
"name": "4548",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/4548"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-5643",
"datePublished": "2007-10-23T21:00:00.000Z",
"dateReserved": "2007-10-23T00:00:00.000Z",
"dateUpdated": "2024-08-07T15:39:13.519Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-5644 (GCVE-0-2007-5644)
Vulnerability from cvelistv5 – Published: 2007-10-23 21:00 – Updated: 2024-08-07 15:39
VLAI?
Summary
Lussumo Vanilla 1.1.3 and earlier does not require admin privileges for (1) ajax/sortcategories.php and (2) ajax/sortroles.php, which allows remote attackers to conduct unauthorized sort operations and other activities.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Date Public ?
2007-10-20 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:39:13.268Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "4548",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/4548"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-10-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Lussumo Vanilla 1.1.3 and earlier does not require admin privileges for (1) ajax/sortcategories.php and (2) ajax/sortroles.php, which allows remote attackers to conduct unauthorized sort operations and other activities."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "4548",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/4548"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-5644",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Lussumo Vanilla 1.1.3 and earlier does not require admin privileges for (1) ajax/sortcategories.php and (2) ajax/sortroles.php, which allows remote attackers to conduct unauthorized sort operations and other activities."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "4548",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/4548"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-5644",
"datePublished": "2007-10-23T21:00:00.000Z",
"dateReserved": "2007-10-23T00:00:00.000Z",
"dateUpdated": "2024-08-07T15:39:13.268Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-3850 (GCVE-0-2006-3850)
Vulnerability from cvelistv5 – Published: 2006-07-25 23:00 – Updated: 2024-08-07 18:48 Disputed
VLAI?
Summary
PHP remote file inclusion vulnerability in upgrader.php in Vanilla CMS 1.0.1 and earlier, when /conf/old_settings.php exists, allows remote attackers to execute arbitrary PHP code via a URL in the RootDirectory parameter. NOTE: this issue has been disputed by a third party who states that the RootDirectory parameter is initialized before being used, for version 1.0. CVE analysis concurs with the dispute, but it is unclear whether older versions are affected
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Date Public ?
2006-07-23 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:48:39.257Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20060723 Vanilla CMS \u003c= 1.0.1 (RootDirectory) Remote file inclusion Vuln.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/440938/100/0/threaded"
},
{
"name": "20060724 Vanilla CMS",
"tags": [
"mailing-list",
"x_refsource_VIM",
"x_transferred"
],
"url": "http://www.attrition.org/pipermail/vim/2006-July/000937.html"
},
{
"name": "20060725 Vanilla CMS",
"tags": [
"mailing-list",
"x_refsource_VIM",
"x_transferred"
],
"url": "http://www.attrition.org/pipermail/vim/2006-July/000944.html"
},
{
"name": "20060805 Re: Vanilla CMS \u003c= 1.0.1 (RootDirectory) Remote file inclusion Vuln.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/442450/100/0/threaded"
},
{
"name": "1016568",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016568"
},
{
"name": "19127",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/19127"
},
{
"name": "28287",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/28287"
},
{
"name": "1281",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/1281"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-07-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "PHP remote file inclusion vulnerability in upgrader.php in Vanilla CMS 1.0.1 and earlier, when /conf/old_settings.php exists, allows remote attackers to execute arbitrary PHP code via a URL in the RootDirectory parameter. NOTE: this issue has been disputed by a third party who states that the RootDirectory parameter is initialized before being used, for version 1.0. CVE analysis concurs with the dispute, but it is unclear whether older versions are affected"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20060723 Vanilla CMS \u003c= 1.0.1 (RootDirectory) Remote file inclusion Vuln.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/440938/100/0/threaded"
},
{
"name": "20060724 Vanilla CMS",
"tags": [
"mailing-list",
"x_refsource_VIM"
],
"url": "http://www.attrition.org/pipermail/vim/2006-July/000937.html"
},
{
"name": "20060725 Vanilla CMS",
"tags": [
"mailing-list",
"x_refsource_VIM"
],
"url": "http://www.attrition.org/pipermail/vim/2006-July/000944.html"
},
{
"name": "20060805 Re: Vanilla CMS \u003c= 1.0.1 (RootDirectory) Remote file inclusion Vuln.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/442450/100/0/threaded"
},
{
"name": "1016568",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1016568"
},
{
"name": "19127",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/19127"
},
{
"name": "28287",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/28287"
},
{
"name": "1281",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/1281"
}
],
"tags": [
"disputed"
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3850",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** PHP remote file inclusion vulnerability in upgrader.php in Vanilla CMS 1.0.1 and earlier, when /conf/old_settings.php exists, allows remote attackers to execute arbitrary PHP code via a URL in the RootDirectory parameter. NOTE: this issue has been disputed by a third party who states that the RootDirectory parameter is initialized before being used, for version 1.0. CVE analysis concurs with the dispute, but it is unclear whether older versions are affected."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060723 Vanilla CMS \u003c= 1.0.1 (RootDirectory) Remote file inclusion Vuln.",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/440938/100/0/threaded"
},
{
"name": "20060724 Vanilla CMS",
"refsource": "VIM",
"url": "http://www.attrition.org/pipermail/vim/2006-July/000937.html"
},
{
"name": "20060725 Vanilla CMS",
"refsource": "VIM",
"url": "http://www.attrition.org/pipermail/vim/2006-July/000944.html"
},
{
"name": "20060805 Re: Vanilla CMS \u003c= 1.0.1 (RootDirectory) Remote file inclusion Vuln.",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/442450/100/0/threaded"
},
{
"name": "1016568",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016568"
},
{
"name": "19127",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19127"
},
{
"name": "28287",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/28287"
},
{
"name": "1281",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1281"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-3850",
"datePublished": "2006-07-25T23:00:00.000Z",
"dateReserved": "2006-07-25T00:00:00.000Z",
"dateUpdated": "2024-08-07T18:48:39.257Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}