Lucene search

JpcertCVE-2010-3165

HistoryOct 25, 2010 - 8:01 p.m.

CVE-2010-3165

2010-10-2520:01:03

jpcert

web.nvd.nist.gov

cve-2010-3165

untrusted search path vulnerability

yokka noeditor

ouieditor

uneditor

deuxeditor

sqleditorxp

sqleditorte

sqleditor8

sqleditorclassic

privilege escalation

local users

CVSS2

6.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

AI Score

6.7

Confidence

High

EPSS

Percentile

5.1%

JSON

Untrusted search path vulnerability in Yokka NoEditor 1.33.1.1 and earlier, OuiEditor 1.6.1.1 and earlier, UnEditor 1.10.1.2 and earlier, DeuxEditor 1.7.1.2 and earlier, SQLEditorXP 3.14.1.2 and earlier, SQLEditorTE 1.9.1.3 and earlier, SQLEditor8 3.8.1.2 and earlier, and SQLEditorClassic 1.8.1.3 and earlier allows local users to gain privileges via a Trojan horse executable file in the current working directory.

Affected configurations

Nvd

Node

yokkasoftdeuxeditorRange≤1.7.1.2

yokkasoftnoeditorRange≤1.33.1.1

yokkasoftouieditorRange≤1.6.1.1

yokkasoftsqleditor8Range≤3.8.1.2

yokkasoftsqleditorclassicRange≤1.8.1.3

yokkasoftsqleditorteRange≤1.9.1.3

yokkasoftsqleditorxpRange≤3.14.1.2

yokkasoftuneditorRange≤1.10.1.2

VendorProductVersionCPE
yokkasoftdeuxeditor*cpe:2.3:a:yokkasoft:deuxeditor:*:*:*:*:*:*:*:*
yokkasoftnoeditor*cpe:2.3:a:yokkasoft:noeditor:*:*:*:*:*:*:*:*
yokkasoftouieditor*cpe:2.3:a:yokkasoft:ouieditor:*:*:*:*:*:*:*:*
yokkasoftsqleditor8*cpe:2.3:a:yokkasoft:sqleditor8:*:*:*:*:*:*:*:*
yokkasoftsqleditorclassic*cpe:2.3:a:yokkasoft:sqleditorclassic:*:*:*:*:*:*:*:*
yokkasoftsqleditorte*cpe:2.3:a:yokkasoft:sqleditorte:*:*:*:*:*:*:*:*
yokkasoftsqleditorxp*cpe:2.3:a:yokkasoft:sqleditorxp:*:*:*:*:*:*:*:*
yokkasoftuneditor*cpe:2.3:a:yokkasoft:uneditor:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
yokkasoft	deuxeditor	*	cpe:2.3:a:yokkasoft:deuxeditor::::::::
yokkasoft	noeditor	*	cpe:2.3:a:yokkasoft:noeditor::::::::
yokkasoft	ouieditor	*	cpe:2.3:a:yokkasoft:ouieditor::::::::
yokkasoft	sqleditor8	*	cpe:2.3:a:yokkasoft:sqleditor8::::::::
yokkasoft	sqleditorclassic	*	cpe:2.3:a:yokkasoft:sqleditorclassic::::::::
yokkasoft	sqleditorte	*	cpe:2.3:a:yokkasoft:sqleditorte::::::::
yokkasoft	sqleditorxp	*	cpe:2.3:a:yokkasoft:sqleditorxp::::::::
yokkasoft	uneditor	*	cpe:2.3:a:yokkasoft:uneditor::::::::

References

jvn.jp/en/jp/JVN07497935/index.html

jvndb.jvn.jp/en/contents/2010/JVNDB-2010-000049.html

CVSS2

6.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

AI Score

6.7

Confidence

High

EPSS

Percentile

5.1%

JSON

Related for CVE-2010-3165