Search
Find a vulnerability
Search criteria
6 vulnerabilities by sos
CVE-2014-5392 (GCVE-0-2014-5392)
Vulnerability from nvd – Published: 2014-09-23 15:00 – Updated: 2024-08-06 11:41
VLAI
EPSS
VEX
Summary
XML External Entity (XXE) vulnerability in JobScheduler before 1.6.4246 and 7.x before 1.7.4241 allows remote attackers to cause a denial of service and read arbitrary files or directories via a request containing an XML external entity declaration in conjunction with an entity reference.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://www.sos-berlin.com/modules/news/article.ph… | x_refsource_CONFIRM |
| http://www.christian-schneider.net/advisories/CVE… | x_refsource_MISC |
| https://change.sos-berlin.com/browse/JS-1204 | x_refsource_CONFIRM |
| http://packetstormsecurity.com/files/128181/JobSc… | x_refsource_MISC |
| http://www.securityfocus.com/archive/1/533374/100… | mailing-listx_refsource_BUGTRAQ |
Date Public
2014-09-07 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:41:49.209Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.sos-berlin.com/modules/news/article.php?storyid=73"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.christian-schneider.net/advisories/CVE-2014-5392.txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://change.sos-berlin.com/browse/JS-1204"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/128181/JobScheduler-XML-eXternal-Entity-Injection.html"
},
{
"name": "20140907 CVE-2014-5392 XML eXternal Entity (XXE) in \"JobScheduler\"",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/533374/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-09-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "XML External Entity (XXE) vulnerability in JobScheduler before 1.6.4246 and 7.x before 1.7.4241 allows remote attackers to cause a denial of service and read arbitrary files or directories via a request containing an XML external entity declaration in conjunction with an entity reference."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.sos-berlin.com/modules/news/article.php?storyid=73"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.christian-schneider.net/advisories/CVE-2014-5392.txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://change.sos-berlin.com/browse/JS-1204"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/128181/JobScheduler-XML-eXternal-Entity-Injection.html"
},
{
"name": "20140907 CVE-2014-5392 XML eXternal Entity (XXE) in \"JobScheduler\"",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/533374/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-5392",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XML External Entity (XXE) vulnerability in JobScheduler before 1.6.4246 and 7.x before 1.7.4241 allows remote attackers to cause a denial of service and read arbitrary files or directories via a request containing an XML external entity declaration in conjunction with an entity reference."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.sos-berlin.com/modules/news/article.php?storyid=73",
"refsource": "CONFIRM",
"url": "http://www.sos-berlin.com/modules/news/article.php?storyid=73"
},
{
"name": "http://www.christian-schneider.net/advisories/CVE-2014-5392.txt",
"refsource": "MISC",
"url": "http://www.christian-schneider.net/advisories/CVE-2014-5392.txt"
},
{
"name": "https://change.sos-berlin.com/browse/JS-1204",
"refsource": "CONFIRM",
"url": "https://change.sos-berlin.com/browse/JS-1204"
},
{
"name": "http://packetstormsecurity.com/files/128181/JobScheduler-XML-eXternal-Entity-Injection.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/128181/JobScheduler-XML-eXternal-Entity-Injection.html"
},
{
"name": "20140907 CVE-2014-5392 XML eXternal Entity (XXE) in \"JobScheduler\"",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/533374/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-5392",
"datePublished": "2014-09-23T15:00:00.000Z",
"dateReserved": "2014-08-22T00:00:00.000Z",
"dateUpdated": "2024-08-06T11:41:49.209Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-5393 (GCVE-0-2014-5393)
Vulnerability from nvd – Published: 2014-09-11 15:00 – Updated: 2024-08-06 11:41
VLAI
EPSS
VEX
Summary
Directory traversal vulnerability in the JobScheduler Operations Center (JOC) in SOS JobScheduler before 1.6.4246 and 1.7.x before 1.7.4241 allows remote authenticated users with the info permission to read arbitrary files in the webroot via unspecified vectors.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| http://www.christian-schneider.net/advisories/CVE… | x_refsource_MISC |
| http://www.sos-berlin.com/modules/news/article.ph… | x_refsource_CONFIRM |
| http://www.sos-berlin.com/modules/news/article.ph… | x_refsource_CONFIRM |
| http://packetstormsecurity.com/files/128192/JobSc… | x_refsource_MISC |
| https://change.sos-berlin.com/browse/JS-1205 | x_refsource_CONFIRM |
| http://www.securityfocus.com/archive/1/533373/100… | mailing-listx_refsource_BUGTRAQ |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Date Public
2014-09-01 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:41:49.222Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.christian-schneider.net/advisories/CVE-2014-5393.txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.sos-berlin.com/modules/news/article.php?storyid=73"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.sos-berlin.com/modules/news/article.php?storyid=74"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/128192/JobScheduler-Path-Traversal.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://change.sos-berlin.com/browse/JS-1205"
},
{
"name": "20140907 CVE-2014-5393 Path Traversal to Sensitive Files in Webroot in \"JobScheduler\"",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/533373/100/0/threaded"
},
{
"name": "jobscheduler-cve20145393-dir-traversal(95796)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95796"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-09-01T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in the JobScheduler Operations Center (JOC) in SOS JobScheduler before 1.6.4246 and 1.7.x before 1.7.4241 allows remote authenticated users with the info permission to read arbitrary files in the webroot via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.christian-schneider.net/advisories/CVE-2014-5393.txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.sos-berlin.com/modules/news/article.php?storyid=73"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.sos-berlin.com/modules/news/article.php?storyid=74"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/128192/JobScheduler-Path-Traversal.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://change.sos-berlin.com/browse/JS-1205"
},
{
"name": "20140907 CVE-2014-5393 Path Traversal to Sensitive Files in Webroot in \"JobScheduler\"",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/533373/100/0/threaded"
},
{
"name": "jobscheduler-cve20145393-dir-traversal(95796)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95796"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-5393",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in the JobScheduler Operations Center (JOC) in SOS JobScheduler before 1.6.4246 and 1.7.x before 1.7.4241 allows remote authenticated users with the info permission to read arbitrary files in the webroot via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.christian-schneider.net/advisories/CVE-2014-5393.txt",
"refsource": "MISC",
"url": "http://www.christian-schneider.net/advisories/CVE-2014-5393.txt"
},
{
"name": "http://www.sos-berlin.com/modules/news/article.php?storyid=73",
"refsource": "CONFIRM",
"url": "http://www.sos-berlin.com/modules/news/article.php?storyid=73"
},
{
"name": "http://www.sos-berlin.com/modules/news/article.php?storyid=74",
"refsource": "CONFIRM",
"url": "http://www.sos-berlin.com/modules/news/article.php?storyid=74"
},
{
"name": "http://packetstormsecurity.com/files/128192/JobScheduler-Path-Traversal.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/128192/JobScheduler-Path-Traversal.html"
},
{
"name": "https://change.sos-berlin.com/browse/JS-1205",
"refsource": "CONFIRM",
"url": "https://change.sos-berlin.com/browse/JS-1205"
},
{
"name": "20140907 CVE-2014-5393 Path Traversal to Sensitive Files in Webroot in \"JobScheduler\"",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/533373/100/0/threaded"
},
{
"name": "jobscheduler-cve20145393-dir-traversal(95796)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95796"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-5393",
"datePublished": "2014-09-11T15:00:00.000Z",
"dateReserved": "2014-08-22T00:00:00.000Z",
"dateUpdated": "2024-08-06T11:41:49.222Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-5391 (GCVE-0-2014-5391)
Vulnerability from nvd – Published: 2014-09-11 15:00 – Updated: 2024-08-06 11:41
VLAI
EPSS
VEX
Summary
Cross-site scripting (XSS) vulnerability in the JobScheduler Operations Center (JOC) in SOS JobScheduler before 1.6.4246 and 1.7.x before 1.7.4241 allows remote attackers to inject arbitrary web script or HTML via the hash property (location.hash).
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/69660 | vdb-entryx_refsource_BID |
| http://packetstormsecurity.com/files/128180/JobSc… | x_refsource_MISC |
| http://www.sos-berlin.com/modules/news/article.ph… | x_refsource_CONFIRM |
| http://www.sos-berlin.com/modules/news/article.ph… | x_refsource_CONFIRM |
| http://www.securityfocus.com/archive/1/533372/100… | mailing-listx_refsource_BUGTRAQ |
| https://change.sos-berlin.com/browse/JS-1203 | x_refsource_CONFIRM |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.christian-schneider.net/advisories/CVE… | x_refsource_MISC |
Date Public
2014-09-01 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:41:49.066Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "69660",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/69660"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/128180/JobScheduler-Cross-Site-Scripting.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.sos-berlin.com/modules/news/article.php?storyid=73"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.sos-berlin.com/modules/news/article.php?storyid=74"
},
{
"name": "20140907 CVE-2014-5391 DOM-based Cross-Site Scripting (XSS) in \"JobScheduler\"",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/533372/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://change.sos-berlin.com/browse/JS-1203"
},
{
"name": "jobscheduler-cve20145391-xss(95797)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95797"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.christian-schneider.net/advisories/CVE-2014-5391.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-09-01T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the JobScheduler Operations Center (JOC) in SOS JobScheduler before 1.6.4246 and 1.7.x before 1.7.4241 allows remote attackers to inject arbitrary web script or HTML via the hash property (location.hash)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "69660",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/69660"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/128180/JobScheduler-Cross-Site-Scripting.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.sos-berlin.com/modules/news/article.php?storyid=73"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.sos-berlin.com/modules/news/article.php?storyid=74"
},
{
"name": "20140907 CVE-2014-5391 DOM-based Cross-Site Scripting (XSS) in \"JobScheduler\"",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/533372/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://change.sos-berlin.com/browse/JS-1203"
},
{
"name": "jobscheduler-cve20145391-xss(95797)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95797"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.christian-schneider.net/advisories/CVE-2014-5391.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-5391",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the JobScheduler Operations Center (JOC) in SOS JobScheduler before 1.6.4246 and 1.7.x before 1.7.4241 allows remote attackers to inject arbitrary web script or HTML via the hash property (location.hash)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "69660",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/69660"
},
{
"name": "http://packetstormsecurity.com/files/128180/JobScheduler-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/128180/JobScheduler-Cross-Site-Scripting.html"
},
{
"name": "http://www.sos-berlin.com/modules/news/article.php?storyid=73",
"refsource": "CONFIRM",
"url": "http://www.sos-berlin.com/modules/news/article.php?storyid=73"
},
{
"name": "http://www.sos-berlin.com/modules/news/article.php?storyid=74",
"refsource": "CONFIRM",
"url": "http://www.sos-berlin.com/modules/news/article.php?storyid=74"
},
{
"name": "20140907 CVE-2014-5391 DOM-based Cross-Site Scripting (XSS) in \"JobScheduler\"",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/533372/100/0/threaded"
},
{
"name": "https://change.sos-berlin.com/browse/JS-1203",
"refsource": "CONFIRM",
"url": "https://change.sos-berlin.com/browse/JS-1203"
},
{
"name": "jobscheduler-cve20145391-xss(95797)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95797"
},
{
"name": "http://www.christian-schneider.net/advisories/CVE-2014-5391.txt",
"refsource": "MISC",
"url": "http://www.christian-schneider.net/advisories/CVE-2014-5391.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-5391",
"datePublished": "2014-09-11T15:00:00.000Z",
"dateReserved": "2014-08-22T00:00:00.000Z",
"dateUpdated": "2024-08-06T11:41:49.066Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-5392 (GCVE-0-2014-5392)
Vulnerability from cvelistv5 – Published: 2014-09-23 15:00 – Updated: 2024-08-06 11:41
VLAI
EPSS
VEX
Summary
XML External Entity (XXE) vulnerability in JobScheduler before 1.6.4246 and 7.x before 1.7.4241 allows remote attackers to cause a denial of service and read arbitrary files or directories via a request containing an XML external entity declaration in conjunction with an entity reference.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://www.sos-berlin.com/modules/news/article.ph… | x_refsource_CONFIRM |
| http://www.christian-schneider.net/advisories/CVE… | x_refsource_MISC |
| https://change.sos-berlin.com/browse/JS-1204 | x_refsource_CONFIRM |
| http://packetstormsecurity.com/files/128181/JobSc… | x_refsource_MISC |
| http://www.securityfocus.com/archive/1/533374/100… | mailing-listx_refsource_BUGTRAQ |
Date Public
2014-09-07 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:41:49.209Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.sos-berlin.com/modules/news/article.php?storyid=73"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.christian-schneider.net/advisories/CVE-2014-5392.txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://change.sos-berlin.com/browse/JS-1204"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/128181/JobScheduler-XML-eXternal-Entity-Injection.html"
},
{
"name": "20140907 CVE-2014-5392 XML eXternal Entity (XXE) in \"JobScheduler\"",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/533374/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-09-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "XML External Entity (XXE) vulnerability in JobScheduler before 1.6.4246 and 7.x before 1.7.4241 allows remote attackers to cause a denial of service and read arbitrary files or directories via a request containing an XML external entity declaration in conjunction with an entity reference."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.sos-berlin.com/modules/news/article.php?storyid=73"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.christian-schneider.net/advisories/CVE-2014-5392.txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://change.sos-berlin.com/browse/JS-1204"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/128181/JobScheduler-XML-eXternal-Entity-Injection.html"
},
{
"name": "20140907 CVE-2014-5392 XML eXternal Entity (XXE) in \"JobScheduler\"",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/533374/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-5392",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XML External Entity (XXE) vulnerability in JobScheduler before 1.6.4246 and 7.x before 1.7.4241 allows remote attackers to cause a denial of service and read arbitrary files or directories via a request containing an XML external entity declaration in conjunction with an entity reference."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.sos-berlin.com/modules/news/article.php?storyid=73",
"refsource": "CONFIRM",
"url": "http://www.sos-berlin.com/modules/news/article.php?storyid=73"
},
{
"name": "http://www.christian-schneider.net/advisories/CVE-2014-5392.txt",
"refsource": "MISC",
"url": "http://www.christian-schneider.net/advisories/CVE-2014-5392.txt"
},
{
"name": "https://change.sos-berlin.com/browse/JS-1204",
"refsource": "CONFIRM",
"url": "https://change.sos-berlin.com/browse/JS-1204"
},
{
"name": "http://packetstormsecurity.com/files/128181/JobScheduler-XML-eXternal-Entity-Injection.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/128181/JobScheduler-XML-eXternal-Entity-Injection.html"
},
{
"name": "20140907 CVE-2014-5392 XML eXternal Entity (XXE) in \"JobScheduler\"",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/533374/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-5392",
"datePublished": "2014-09-23T15:00:00.000Z",
"dateReserved": "2014-08-22T00:00:00.000Z",
"dateUpdated": "2024-08-06T11:41:49.209Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-5391 (GCVE-0-2014-5391)
Vulnerability from cvelistv5 – Published: 2014-09-11 15:00 – Updated: 2024-08-06 11:41
VLAI
EPSS
VEX
Summary
Cross-site scripting (XSS) vulnerability in the JobScheduler Operations Center (JOC) in SOS JobScheduler before 1.6.4246 and 1.7.x before 1.7.4241 allows remote attackers to inject arbitrary web script or HTML via the hash property (location.hash).
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/69660 | vdb-entryx_refsource_BID |
| http://packetstormsecurity.com/files/128180/JobSc… | x_refsource_MISC |
| http://www.sos-berlin.com/modules/news/article.ph… | x_refsource_CONFIRM |
| http://www.sos-berlin.com/modules/news/article.ph… | x_refsource_CONFIRM |
| http://www.securityfocus.com/archive/1/533372/100… | mailing-listx_refsource_BUGTRAQ |
| https://change.sos-berlin.com/browse/JS-1203 | x_refsource_CONFIRM |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.christian-schneider.net/advisories/CVE… | x_refsource_MISC |
Date Public
2014-09-01 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:41:49.066Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "69660",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/69660"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/128180/JobScheduler-Cross-Site-Scripting.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.sos-berlin.com/modules/news/article.php?storyid=73"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.sos-berlin.com/modules/news/article.php?storyid=74"
},
{
"name": "20140907 CVE-2014-5391 DOM-based Cross-Site Scripting (XSS) in \"JobScheduler\"",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/533372/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://change.sos-berlin.com/browse/JS-1203"
},
{
"name": "jobscheduler-cve20145391-xss(95797)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95797"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.christian-schneider.net/advisories/CVE-2014-5391.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-09-01T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the JobScheduler Operations Center (JOC) in SOS JobScheduler before 1.6.4246 and 1.7.x before 1.7.4241 allows remote attackers to inject arbitrary web script or HTML via the hash property (location.hash)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "69660",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/69660"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/128180/JobScheduler-Cross-Site-Scripting.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.sos-berlin.com/modules/news/article.php?storyid=73"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.sos-berlin.com/modules/news/article.php?storyid=74"
},
{
"name": "20140907 CVE-2014-5391 DOM-based Cross-Site Scripting (XSS) in \"JobScheduler\"",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/533372/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://change.sos-berlin.com/browse/JS-1203"
},
{
"name": "jobscheduler-cve20145391-xss(95797)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95797"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.christian-schneider.net/advisories/CVE-2014-5391.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-5391",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the JobScheduler Operations Center (JOC) in SOS JobScheduler before 1.6.4246 and 1.7.x before 1.7.4241 allows remote attackers to inject arbitrary web script or HTML via the hash property (location.hash)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "69660",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/69660"
},
{
"name": "http://packetstormsecurity.com/files/128180/JobScheduler-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/128180/JobScheduler-Cross-Site-Scripting.html"
},
{
"name": "http://www.sos-berlin.com/modules/news/article.php?storyid=73",
"refsource": "CONFIRM",
"url": "http://www.sos-berlin.com/modules/news/article.php?storyid=73"
},
{
"name": "http://www.sos-berlin.com/modules/news/article.php?storyid=74",
"refsource": "CONFIRM",
"url": "http://www.sos-berlin.com/modules/news/article.php?storyid=74"
},
{
"name": "20140907 CVE-2014-5391 DOM-based Cross-Site Scripting (XSS) in \"JobScheduler\"",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/533372/100/0/threaded"
},
{
"name": "https://change.sos-berlin.com/browse/JS-1203",
"refsource": "CONFIRM",
"url": "https://change.sos-berlin.com/browse/JS-1203"
},
{
"name": "jobscheduler-cve20145391-xss(95797)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95797"
},
{
"name": "http://www.christian-schneider.net/advisories/CVE-2014-5391.txt",
"refsource": "MISC",
"url": "http://www.christian-schneider.net/advisories/CVE-2014-5391.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-5391",
"datePublished": "2014-09-11T15:00:00.000Z",
"dateReserved": "2014-08-22T00:00:00.000Z",
"dateUpdated": "2024-08-06T11:41:49.066Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-5393 (GCVE-0-2014-5393)
Vulnerability from cvelistv5 – Published: 2014-09-11 15:00 – Updated: 2024-08-06 11:41
VLAI
EPSS
VEX
Summary
Directory traversal vulnerability in the JobScheduler Operations Center (JOC) in SOS JobScheduler before 1.6.4246 and 1.7.x before 1.7.4241 allows remote authenticated users with the info permission to read arbitrary files in the webroot via unspecified vectors.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| http://www.christian-schneider.net/advisories/CVE… | x_refsource_MISC |
| http://www.sos-berlin.com/modules/news/article.ph… | x_refsource_CONFIRM |
| http://www.sos-berlin.com/modules/news/article.ph… | x_refsource_CONFIRM |
| http://packetstormsecurity.com/files/128192/JobSc… | x_refsource_MISC |
| https://change.sos-berlin.com/browse/JS-1205 | x_refsource_CONFIRM |
| http://www.securityfocus.com/archive/1/533373/100… | mailing-listx_refsource_BUGTRAQ |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Date Public
2014-09-01 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:41:49.222Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.christian-schneider.net/advisories/CVE-2014-5393.txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.sos-berlin.com/modules/news/article.php?storyid=73"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.sos-berlin.com/modules/news/article.php?storyid=74"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/128192/JobScheduler-Path-Traversal.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://change.sos-berlin.com/browse/JS-1205"
},
{
"name": "20140907 CVE-2014-5393 Path Traversal to Sensitive Files in Webroot in \"JobScheduler\"",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/533373/100/0/threaded"
},
{
"name": "jobscheduler-cve20145393-dir-traversal(95796)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95796"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-09-01T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in the JobScheduler Operations Center (JOC) in SOS JobScheduler before 1.6.4246 and 1.7.x before 1.7.4241 allows remote authenticated users with the info permission to read arbitrary files in the webroot via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.christian-schneider.net/advisories/CVE-2014-5393.txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.sos-berlin.com/modules/news/article.php?storyid=73"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.sos-berlin.com/modules/news/article.php?storyid=74"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/128192/JobScheduler-Path-Traversal.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://change.sos-berlin.com/browse/JS-1205"
},
{
"name": "20140907 CVE-2014-5393 Path Traversal to Sensitive Files in Webroot in \"JobScheduler\"",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/533373/100/0/threaded"
},
{
"name": "jobscheduler-cve20145393-dir-traversal(95796)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95796"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-5393",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in the JobScheduler Operations Center (JOC) in SOS JobScheduler before 1.6.4246 and 1.7.x before 1.7.4241 allows remote authenticated users with the info permission to read arbitrary files in the webroot via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.christian-schneider.net/advisories/CVE-2014-5393.txt",
"refsource": "MISC",
"url": "http://www.christian-schneider.net/advisories/CVE-2014-5393.txt"
},
{
"name": "http://www.sos-berlin.com/modules/news/article.php?storyid=73",
"refsource": "CONFIRM",
"url": "http://www.sos-berlin.com/modules/news/article.php?storyid=73"
},
{
"name": "http://www.sos-berlin.com/modules/news/article.php?storyid=74",
"refsource": "CONFIRM",
"url": "http://www.sos-berlin.com/modules/news/article.php?storyid=74"
},
{
"name": "http://packetstormsecurity.com/files/128192/JobScheduler-Path-Traversal.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/128192/JobScheduler-Path-Traversal.html"
},
{
"name": "https://change.sos-berlin.com/browse/JS-1205",
"refsource": "CONFIRM",
"url": "https://change.sos-berlin.com/browse/JS-1205"
},
{
"name": "20140907 CVE-2014-5393 Path Traversal to Sensitive Files in Webroot in \"JobScheduler\"",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/533373/100/0/threaded"
},
{
"name": "jobscheduler-cve20145393-dir-traversal(95796)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95796"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-5393",
"datePublished": "2014-09-11T15:00:00.000Z",
"dateReserved": "2014-08-22T00:00:00.000Z",
"dateUpdated": "2024-08-06T11:41:49.222Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}