Search
Find a vulnerability
Search criteria
6 vulnerabilities by webgui
CVE-2008-4798 (GCVE-0-2008-4798)
Vulnerability from nvd – Published: 2008-10-30 20:49 – Updated: 2024-08-07 10:31
VLAI
EPSS
VEX
Summary
The loadModule function in lib/WebGUI/Asset.pm in WebGUI before 7.5.30 (stable) allows remote attackers to execute arbitrary code by uploading a Perl module and accessing it via a crafted URL.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| http://www.webgui.org/bugs/tracker/8980 | x_refsource_CONFIRM |
| http://www.webgui.org/uploads/70/o2/70o29CTLCGWjn… | x_refsource_MISC |
| http://www.webgui.org/getwebgui/advisories/webgui… | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/31947 | vdb-entryx_refsource_BID |
| http://secunia.com/advisories/32438 | third-party-advisoryx_refsource_SECUNIA |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.vupen.com/english/advisories/2008/2944 | vdb-entryx_refsource_VUPEN |
Date Public
2008-10-27 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:31:27.772Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.webgui.org/bugs/tracker/8980"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.webgui.org/uploads/70/o2/70o29CTLCGWjntJrLYdmJA/asset-security-7.4.diff"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.webgui.org/getwebgui/advisories/webgui-7.5.30-stable-released"
},
{
"name": "31947",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/31947"
},
{
"name": "32438",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32438"
},
{
"name": "webgui-loadmodule-code-execution(46137)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46137"
},
{
"name": "ADV-2008-2944",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2944"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-10-27T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The loadModule function in lib/WebGUI/Asset.pm in WebGUI before 7.5.30 (stable) allows remote attackers to execute arbitrary code by uploading a Perl module and accessing it via a crafted URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.webgui.org/bugs/tracker/8980"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.webgui.org/uploads/70/o2/70o29CTLCGWjntJrLYdmJA/asset-security-7.4.diff"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.webgui.org/getwebgui/advisories/webgui-7.5.30-stable-released"
},
{
"name": "31947",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/31947"
},
{
"name": "32438",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32438"
},
{
"name": "webgui-loadmodule-code-execution(46137)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46137"
},
{
"name": "ADV-2008-2944",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2944"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-4798",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The loadModule function in lib/WebGUI/Asset.pm in WebGUI before 7.5.30 (stable) allows remote attackers to execute arbitrary code by uploading a Perl module and accessing it via a crafted URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.webgui.org/bugs/tracker/8980",
"refsource": "CONFIRM",
"url": "http://www.webgui.org/bugs/tracker/8980"
},
{
"name": "http://www.webgui.org/uploads/70/o2/70o29CTLCGWjntJrLYdmJA/asset-security-7.4.diff",
"refsource": "MISC",
"url": "http://www.webgui.org/uploads/70/o2/70o29CTLCGWjntJrLYdmJA/asset-security-7.4.diff"
},
{
"name": "http://www.webgui.org/getwebgui/advisories/webgui-7.5.30-stable-released",
"refsource": "CONFIRM",
"url": "http://www.webgui.org/getwebgui/advisories/webgui-7.5.30-stable-released"
},
{
"name": "31947",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31947"
},
{
"name": "32438",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32438"
},
{
"name": "webgui-loadmodule-code-execution(46137)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46137"
},
{
"name": "ADV-2008-2944",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2944"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-4798",
"datePublished": "2008-10-30T20:49:00.000Z",
"dateReserved": "2008-10-30T00:00:00.000Z",
"dateUpdated": "2024-08-07T10:31:27.772Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-3503 (GCVE-0-2008-3503)
Vulnerability from nvd – Published: 2008-08-06 18:00 – Updated: 2024-08-07 09:45
VLAI
EPSS
VEX
Summary
RSSFromParent in Plain Black WebGUI before 7.5.13 does not restrict view access to Collaboration System (CS) RSS feeds, which allows remote attackers to obtain sensitive information (CS data).
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.webgui.org/bugs/tracker/security-issue… | x_refsource_MISC |
| http://www.webgui.org/getwebgui/advisories/webgui… | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/29927 | vdb-entryx_refsource_BID |
| http://secunia.com/advisories/30782 | third-party-advisoryx_refsource_SECUNIA |
| http://www.vupen.com/english/advisories/2008/1932… | vdb-entryx_refsource_VUPEN |
Date Public
2008-06-20 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:45:17.866Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "webgui-collaboration-info-disclosure(43344)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43344"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.webgui.org/bugs/tracker/security-issue---collaboration-rss/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.webgui.org/getwebgui/advisories/webgui-7_5_13-beta-released"
},
{
"name": "29927",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/29927"
},
{
"name": "30782",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30782"
},
{
"name": "ADV-2008-1932",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1932/references"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-06-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "RSSFromParent in Plain Black WebGUI before 7.5.13 does not restrict view access to Collaboration System (CS) RSS feeds, which allows remote attackers to obtain sensitive information (CS data)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "webgui-collaboration-info-disclosure(43344)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43344"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.webgui.org/bugs/tracker/security-issue---collaboration-rss/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.webgui.org/getwebgui/advisories/webgui-7_5_13-beta-released"
},
{
"name": "29927",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/29927"
},
{
"name": "30782",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30782"
},
{
"name": "ADV-2008-1932",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1932/references"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3503",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "RSSFromParent in Plain Black WebGUI before 7.5.13 does not restrict view access to Collaboration System (CS) RSS feeds, which allows remote attackers to obtain sensitive information (CS data)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "webgui-collaboration-info-disclosure(43344)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43344"
},
{
"name": "http://www.webgui.org/bugs/tracker/security-issue---collaboration-rss/",
"refsource": "MISC",
"url": "http://www.webgui.org/bugs/tracker/security-issue---collaboration-rss/"
},
{
"name": "http://www.webgui.org/getwebgui/advisories/webgui-7_5_13-beta-released",
"refsource": "CONFIRM",
"url": "http://www.webgui.org/getwebgui/advisories/webgui-7_5_13-beta-released"
},
{
"name": "29927",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29927"
},
{
"name": "30782",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30782"
},
{
"name": "ADV-2008-1932",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1932/references"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-3503",
"datePublished": "2008-08-06T18:00:00.000Z",
"dateReserved": "2008-08-06T00:00:00.000Z",
"dateUpdated": "2024-08-07T09:45:17.866Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-0940 (GCVE-0-2008-0940)
Vulnerability from nvd – Published: 2008-02-25 20:00 – Updated: 2024-09-16 22:14
VLAI
EPSS
VEX
Summary
Cross-site scripting (XSS) vulnerability in Plain Black WebGUI before 7.4.24 allows remote attackers to inject arbitrary web script or HTML when creating a username, a different vulnerability than CVE-2007-0407.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://secunia.com/advisories/28967 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/bid/27869 | vdb-entryx_refsource_BID |
| http://www.plainblack.com/getwebgui/advisories/we… | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:01:40.094Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "28967",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28967"
},
{
"name": "27869",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/27869"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.plainblack.com/getwebgui/advisories/webgui-7_4_24-stable-released"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Plain Black WebGUI before 7.4.24 allows remote attackers to inject arbitrary web script or HTML when creating a username, a different vulnerability than CVE-2007-0407."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2008-02-25T20:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "28967",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28967"
},
{
"name": "27869",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/27869"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.plainblack.com/getwebgui/advisories/webgui-7_4_24-stable-released"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0940",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Plain Black WebGUI before 7.4.24 allows remote attackers to inject arbitrary web script or HTML when creating a username, a different vulnerability than CVE-2007-0407."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "28967",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28967"
},
{
"name": "27869",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27869"
},
{
"name": "http://www.plainblack.com/getwebgui/advisories/webgui-7_4_24-stable-released",
"refsource": "CONFIRM",
"url": "http://www.plainblack.com/getwebgui/advisories/webgui-7_4_24-stable-released"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-0940",
"datePublished": "2008-02-25T20:00:00.000Z",
"dateReserved": "2008-02-25T00:00:00.000Z",
"dateUpdated": "2024-09-16T22:14:36.185Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-4798 (GCVE-0-2008-4798)
Vulnerability from cvelistv5 – Published: 2008-10-30 20:49 – Updated: 2024-08-07 10:31
VLAI
EPSS
VEX
Summary
The loadModule function in lib/WebGUI/Asset.pm in WebGUI before 7.5.30 (stable) allows remote attackers to execute arbitrary code by uploading a Perl module and accessing it via a crafted URL.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| http://www.webgui.org/bugs/tracker/8980 | x_refsource_CONFIRM |
| http://www.webgui.org/uploads/70/o2/70o29CTLCGWjn… | x_refsource_MISC |
| http://www.webgui.org/getwebgui/advisories/webgui… | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/31947 | vdb-entryx_refsource_BID |
| http://secunia.com/advisories/32438 | third-party-advisoryx_refsource_SECUNIA |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.vupen.com/english/advisories/2008/2944 | vdb-entryx_refsource_VUPEN |
Date Public
2008-10-27 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:31:27.772Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.webgui.org/bugs/tracker/8980"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.webgui.org/uploads/70/o2/70o29CTLCGWjntJrLYdmJA/asset-security-7.4.diff"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.webgui.org/getwebgui/advisories/webgui-7.5.30-stable-released"
},
{
"name": "31947",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/31947"
},
{
"name": "32438",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32438"
},
{
"name": "webgui-loadmodule-code-execution(46137)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46137"
},
{
"name": "ADV-2008-2944",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2944"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-10-27T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The loadModule function in lib/WebGUI/Asset.pm in WebGUI before 7.5.30 (stable) allows remote attackers to execute arbitrary code by uploading a Perl module and accessing it via a crafted URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.webgui.org/bugs/tracker/8980"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.webgui.org/uploads/70/o2/70o29CTLCGWjntJrLYdmJA/asset-security-7.4.diff"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.webgui.org/getwebgui/advisories/webgui-7.5.30-stable-released"
},
{
"name": "31947",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/31947"
},
{
"name": "32438",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32438"
},
{
"name": "webgui-loadmodule-code-execution(46137)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46137"
},
{
"name": "ADV-2008-2944",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2944"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-4798",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The loadModule function in lib/WebGUI/Asset.pm in WebGUI before 7.5.30 (stable) allows remote attackers to execute arbitrary code by uploading a Perl module and accessing it via a crafted URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.webgui.org/bugs/tracker/8980",
"refsource": "CONFIRM",
"url": "http://www.webgui.org/bugs/tracker/8980"
},
{
"name": "http://www.webgui.org/uploads/70/o2/70o29CTLCGWjntJrLYdmJA/asset-security-7.4.diff",
"refsource": "MISC",
"url": "http://www.webgui.org/uploads/70/o2/70o29CTLCGWjntJrLYdmJA/asset-security-7.4.diff"
},
{
"name": "http://www.webgui.org/getwebgui/advisories/webgui-7.5.30-stable-released",
"refsource": "CONFIRM",
"url": "http://www.webgui.org/getwebgui/advisories/webgui-7.5.30-stable-released"
},
{
"name": "31947",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31947"
},
{
"name": "32438",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32438"
},
{
"name": "webgui-loadmodule-code-execution(46137)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46137"
},
{
"name": "ADV-2008-2944",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2944"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-4798",
"datePublished": "2008-10-30T20:49:00.000Z",
"dateReserved": "2008-10-30T00:00:00.000Z",
"dateUpdated": "2024-08-07T10:31:27.772Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-3503 (GCVE-0-2008-3503)
Vulnerability from cvelistv5 – Published: 2008-08-06 18:00 – Updated: 2024-08-07 09:45
VLAI
EPSS
VEX
Summary
RSSFromParent in Plain Black WebGUI before 7.5.13 does not restrict view access to Collaboration System (CS) RSS feeds, which allows remote attackers to obtain sensitive information (CS data).
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.webgui.org/bugs/tracker/security-issue… | x_refsource_MISC |
| http://www.webgui.org/getwebgui/advisories/webgui… | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/29927 | vdb-entryx_refsource_BID |
| http://secunia.com/advisories/30782 | third-party-advisoryx_refsource_SECUNIA |
| http://www.vupen.com/english/advisories/2008/1932… | vdb-entryx_refsource_VUPEN |
Date Public
2008-06-20 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:45:17.866Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "webgui-collaboration-info-disclosure(43344)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43344"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.webgui.org/bugs/tracker/security-issue---collaboration-rss/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.webgui.org/getwebgui/advisories/webgui-7_5_13-beta-released"
},
{
"name": "29927",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/29927"
},
{
"name": "30782",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30782"
},
{
"name": "ADV-2008-1932",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1932/references"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-06-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "RSSFromParent in Plain Black WebGUI before 7.5.13 does not restrict view access to Collaboration System (CS) RSS feeds, which allows remote attackers to obtain sensitive information (CS data)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "webgui-collaboration-info-disclosure(43344)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43344"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.webgui.org/bugs/tracker/security-issue---collaboration-rss/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.webgui.org/getwebgui/advisories/webgui-7_5_13-beta-released"
},
{
"name": "29927",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/29927"
},
{
"name": "30782",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30782"
},
{
"name": "ADV-2008-1932",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1932/references"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3503",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "RSSFromParent in Plain Black WebGUI before 7.5.13 does not restrict view access to Collaboration System (CS) RSS feeds, which allows remote attackers to obtain sensitive information (CS data)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "webgui-collaboration-info-disclosure(43344)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43344"
},
{
"name": "http://www.webgui.org/bugs/tracker/security-issue---collaboration-rss/",
"refsource": "MISC",
"url": "http://www.webgui.org/bugs/tracker/security-issue---collaboration-rss/"
},
{
"name": "http://www.webgui.org/getwebgui/advisories/webgui-7_5_13-beta-released",
"refsource": "CONFIRM",
"url": "http://www.webgui.org/getwebgui/advisories/webgui-7_5_13-beta-released"
},
{
"name": "29927",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29927"
},
{
"name": "30782",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30782"
},
{
"name": "ADV-2008-1932",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1932/references"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-3503",
"datePublished": "2008-08-06T18:00:00.000Z",
"dateReserved": "2008-08-06T00:00:00.000Z",
"dateUpdated": "2024-08-07T09:45:17.866Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-0940 (GCVE-0-2008-0940)
Vulnerability from cvelistv5 – Published: 2008-02-25 20:00 – Updated: 2024-09-16 22:14
VLAI
EPSS
VEX
Summary
Cross-site scripting (XSS) vulnerability in Plain Black WebGUI before 7.4.24 allows remote attackers to inject arbitrary web script or HTML when creating a username, a different vulnerability than CVE-2007-0407.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://secunia.com/advisories/28967 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/bid/27869 | vdb-entryx_refsource_BID |
| http://www.plainblack.com/getwebgui/advisories/we… | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:01:40.094Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "28967",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28967"
},
{
"name": "27869",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/27869"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.plainblack.com/getwebgui/advisories/webgui-7_4_24-stable-released"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Plain Black WebGUI before 7.4.24 allows remote attackers to inject arbitrary web script or HTML when creating a username, a different vulnerability than CVE-2007-0407."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2008-02-25T20:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "28967",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28967"
},
{
"name": "27869",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/27869"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.plainblack.com/getwebgui/advisories/webgui-7_4_24-stable-released"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0940",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Plain Black WebGUI before 7.4.24 allows remote attackers to inject arbitrary web script or HTML when creating a username, a different vulnerability than CVE-2007-0407."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "28967",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28967"
},
{
"name": "27869",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27869"
},
{
"name": "http://www.plainblack.com/getwebgui/advisories/webgui-7_4_24-stable-released",
"refsource": "CONFIRM",
"url": "http://www.plainblack.com/getwebgui/advisories/webgui-7_4_24-stable-released"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-0940",
"datePublished": "2008-02-25T20:00:00.000Z",
"dateReserved": "2008-02-25T00:00:00.000Z",
"dateUpdated": "2024-09-16T22:14:36.185Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}