VAR-200902-0210
Vulnerability from variot - Updated: 2025-04-10 23:00Cross-site scripting (XSS) vulnerability in apply.cgi on the Linksys WRT160N allows remote attackers to inject arbitrary web script or HTML via the action parameter in a DHCP_Static operation. GE Fanuc Proficy Information Portal allows authenticated users to upload arbitrary files. An attacker could upload an executable server-side script (e.g., an .asp shell on a Microsoft Internet Information Server platform) and execute arbitrary commands with the privileges of the web server. Linksys WRT160N is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. Attackers may exploit this issue by enticing victims into opening a malicious URI. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected device. This may help the attacker steal cookie-based authentication credentials, cause denial-of-service conditions, and launch other attacks. WRT160N is the latest 802.11n wireless router launched by Linksy.
Input passed to the "action" parameter in apply.cgi is not properly sanitised before being returned to the administrator.
SOLUTION: Filter malicious characters and character sequences using a proxy. Do not browse untrusted websites.
A new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI has been released. The new version includes many new and advanced features, which makes it even easier to stay patched.
Download and test it today: https://psi.secunia.com/
Read more about this new version: https://psi.secunia.com/?page=changelog
TITLE: Proficy Real-Time Information Portal "Add WebSource" File Upload Vulnerability
SECUNIA ADVISORY ID: SA28678
VERIFY ADVISORY: http://secunia.com/advisories/28678/
CRITICAL: Less critical
IMPACT: System access
WHERE:
From local network
SOFTWARE: Proficy Real-Time Information Portal 2.x http://secunia.com/product/17343/
DESCRIPTION: Eyal Udassin has reported a vulnerability in Proficy Real-Time Information Portal, which can be exploited by malicious users to compromise a vulnerable system.
The vulnerability is caused due to an error in the "Add WebSource" feature when handling file uploads. This can be exploited to e.g.
The vulnerability is reported in version 2.6. Other versions may also be affected.
SOLUTION: The vendor will reportedly release a SIM (Software Improvement Module) by February 15, 2008.
PROVIDED AND/OR DISCOVERED BY: Eyal Udassin, C4 Security
ORIGINAL ADVISORY: GE Fanuc (KB12460): http://support.gefanuc.com/support/index?page=kbchannel&id=KB12460
C4 Security (via BugTraq): http://archives.neohapsis.com/archives/bugtraq/2008-01/0373.html
OTHER REFERENCES: US-CERT VU#339345: http://www.kb.cert.org/vuls/id/339345
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200902-0210",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wrt160n",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "ge fanuc",
"version": null
},
{
"model": "linksys wrt160n",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "wrt160n",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "0"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#339345"
},
{
"db": "BID",
"id": "32496"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001376"
},
{
"db": "CNNVD",
"id": "CNNVD-200902-573"
},
{
"db": "NVD",
"id": "CVE-2008-6280"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:cisco:wrt160n",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001376"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "David Gil\u203b dagil@infosec.com.mx",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200902-573"
}
],
"trust": 0.6
},
"cve": "CVE-2008-6280",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2008-6280",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-36405",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2008-6280",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#339345",
"trust": 0.8,
"value": "0.84"
},
{
"author": "NVD",
"id": "CVE-2008-6280",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-200902-573",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-36405",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#339345"
},
{
"db": "VULHUB",
"id": "VHN-36405"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001376"
},
{
"db": "CNNVD",
"id": "CNNVD-200902-573"
},
{
"db": "NVD",
"id": "CVE-2008-6280"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cross-site scripting (XSS) vulnerability in apply.cgi on the Linksys WRT160N allows remote attackers to inject arbitrary web script or HTML via the action parameter in a DHCP_Static operation. GE Fanuc Proficy Information Portal allows authenticated users to upload arbitrary files. An attacker could upload an executable server-side script (e.g., an .asp shell on a Microsoft Internet Information Server platform) and execute arbitrary commands with the privileges of the web server. Linksys WRT160N is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. \nAttackers may exploit this issue by enticing victims into opening a malicious URI. \nAn attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected device. This may help the attacker steal cookie-based authentication credentials, cause denial-of-service conditions, and launch other attacks. WRT160N is the latest 802.11n wireless router launched by Linksy. \n\nInput passed to the \"action\" parameter in apply.cgi is not properly\nsanitised before being returned to the administrator. \n\nSOLUTION:\nFilter malicious characters and character sequences using a proxy. Do\nnot browse untrusted websites. \n\n----------------------------------------------------------------------\n\nA new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI\nhas been released. The new version includes many new and advanced\nfeatures, which makes it even easier to stay patched. \n\nDownload and test it today:\nhttps://psi.secunia.com/\n\nRead more about this new version:\nhttps://psi.secunia.com/?page=changelog\n\n----------------------------------------------------------------------\n\nTITLE:\nProficy Real-Time Information Portal \"Add WebSource\" File Upload\nVulnerability\n\nSECUNIA ADVISORY ID:\nSA28678\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/28678/\n\nCRITICAL:\nLess critical\n\nIMPACT:\nSystem access\n\nWHERE:\n\u003eFrom local network\n\nSOFTWARE:\nProficy Real-Time Information Portal 2.x\nhttp://secunia.com/product/17343/\n\nDESCRIPTION:\nEyal Udassin has reported a vulnerability in Proficy Real-Time\nInformation Portal, which can be exploited by malicious users to\ncompromise a vulnerable system. \n\nThe vulnerability is caused due to an error in the \"Add WebSource\"\nfeature when handling file uploads. This can be exploited to e.g. \n\nThe vulnerability is reported in version 2.6. Other versions may also\nbe affected. \n\nSOLUTION:\nThe vendor will reportedly release a SIM (Software Improvement\nModule) by February 15, 2008. \n\nPROVIDED AND/OR DISCOVERED BY:\nEyal Udassin, C4 Security\n\nORIGINAL ADVISORY:\nGE Fanuc (KB12460):\nhttp://support.gefanuc.com/support/index?page=kbchannel\u0026id=KB12460\n\nC4 Security (via BugTraq):\nhttp://archives.neohapsis.com/archives/bugtraq/2008-01/0373.html\n\nOTHER REFERENCES:\nUS-CERT VU#339345:\nhttp://www.kb.cert.org/vuls/id/339345\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2008-6280"
},
{
"db": "CERT/CC",
"id": "VU#339345"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001376"
},
{
"db": "BID",
"id": "32496"
},
{
"db": "VULHUB",
"id": "VHN-36405"
},
{
"db": "PACKETSTORM",
"id": "72522"
},
{
"db": "PACKETSTORM",
"id": "63060"
}
],
"trust": 2.88
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-36405",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-36405"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2008-6280",
"trust": 2.8
},
{
"db": "BID",
"id": "32496",
"trust": 2.0
},
{
"db": "SECUNIA",
"id": "32877",
"trust": 1.8
},
{
"db": "CERT/CC",
"id": "VU#339345",
"trust": 0.9
},
{
"db": "PACKETSTORM",
"id": "0811",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001376",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200902-573",
"trust": 0.7
},
{
"db": "XF",
"id": "46980",
"trust": 0.6
},
{
"db": "XF",
"id": "160",
"trust": 0.6
},
{
"db": "SECUNIA",
"id": "28678",
"trust": 0.2
},
{
"db": "EXPLOIT-DB",
"id": "32599",
"trust": 0.1
},
{
"db": "SEEBUG",
"id": "SSVID-85879",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-36405",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "72522",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "63060",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#339345"
},
{
"db": "VULHUB",
"id": "VHN-36405"
},
{
"db": "BID",
"id": "32496"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001376"
},
{
"db": "PACKETSTORM",
"id": "72522"
},
{
"db": "PACKETSTORM",
"id": "63060"
},
{
"db": "CNNVD",
"id": "CNNVD-200902-573"
},
{
"db": "NVD",
"id": "CVE-2008-6280"
}
]
},
"id": "VAR-200902-0210",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-36405"
}
],
"trust": 0.9333333
},
"last_update_date": "2025-04-10T23:00:36.795000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.cisco.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001376"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-36405"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001376"
},
{
"db": "NVD",
"id": "CVE-2008-6280"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "http://packetstormsecurity.org/0811-exploits/linksys-xss.txt"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/32496"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/32877"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46980"
},
{
"trust": 0.9,
"url": "http://support.gefanuc.com/support/index?page=kbchannel\u0026id=kb12460"
},
{
"trust": 0.8,
"url": "http://www.securityfocus.com/archive/1/487079/30/0/threaded"
},
{
"trust": 0.8,
"url": "http://packetstormsecurity.org/0811-exploits/hooked_on_fanucs.rb.txt"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-6280"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2008-6280"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/46980"
},
{
"trust": 0.3,
"url": "http://www.linksys.com"
},
{
"trust": 0.2,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/32877/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/business_solutions/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/product/20650/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/17343/"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "https://psi.secunia.com/?page=changelog"
},
{
"trust": 0.1,
"url": "https://psi.secunia.com/"
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls/id/339345"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/28678/"
},
{
"trust": 0.1,
"url": "http://archives.neohapsis.com/archives/bugtraq/2008-01/0373.html"
},
{
"trust": 0.1,
"url": "http://secunia.com/about_secunia_advisories/"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#339345"
},
{
"db": "VULHUB",
"id": "VHN-36405"
},
{
"db": "BID",
"id": "32496"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001376"
},
{
"db": "PACKETSTORM",
"id": "72522"
},
{
"db": "PACKETSTORM",
"id": "63060"
},
{
"db": "CNNVD",
"id": "CNNVD-200902-573"
},
{
"db": "NVD",
"id": "CVE-2008-6280"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#339345"
},
{
"db": "VULHUB",
"id": "VHN-36405"
},
{
"db": "BID",
"id": "32496"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001376"
},
{
"db": "PACKETSTORM",
"id": "72522"
},
{
"db": "PACKETSTORM",
"id": "63060"
},
{
"db": "CNNVD",
"id": "CNNVD-200902-573"
},
{
"db": "NVD",
"id": "CVE-2008-6280"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2008-01-25T00:00:00",
"db": "CERT/CC",
"id": "VU#339345"
},
{
"date": "2009-02-25T00:00:00",
"db": "VULHUB",
"id": "VHN-36405"
},
{
"date": "2008-11-27T00:00:00",
"db": "BID",
"id": "32496"
},
{
"date": "2009-06-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-001376"
},
{
"date": "2008-12-02T11:35:11",
"db": "PACKETSTORM",
"id": "72522"
},
{
"date": "2008-01-29T00:00:58",
"db": "PACKETSTORM",
"id": "63060"
},
{
"date": "2008-11-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200902-573"
},
{
"date": "2009-02-25T23:30:00.733000",
"db": "NVD",
"id": "CVE-2008-6280"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2008-12-18T00:00:00",
"db": "CERT/CC",
"id": "VU#339345"
},
{
"date": "2017-08-17T00:00:00",
"db": "VULHUB",
"id": "VHN-36405"
},
{
"date": "2015-04-16T17:51:00",
"db": "BID",
"id": "32496"
},
{
"date": "2009-06-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-001376"
},
{
"date": "2009-02-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200902-573"
},
{
"date": "2025-04-09T00:30:58.490000",
"db": "NVD",
"id": "CVE-2008-6280"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200902-573"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "GE Fanuc Proficy Information Portal allows arbitrary file upload and execution",
"sources": [
{
"db": "CERT/CC",
"id": "VU#339345"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "xss",
"sources": [
{
"db": "PACKETSTORM",
"id": "72522"
},
{
"db": "CNNVD",
"id": "CNNVD-200902-573"
}
],
"trust": 0.7
}
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…