Search...

уязвимости smf 1.1.2

2007-06-15T00:00:00

ID SECURITYVULNS:DOC:17271
Type securityvulns
Reporter Securityvulns
Modified 2007-06-15T00:00:00

Description

Simple Machines Forum 1.1.2 http://www.simplemachines.org/

1) слабая реализация звуковой капчи

в этом движке звуковая капча реализуется посредством посылания браузеру звукового фала в формате WAV, файл создается путем склеивания произвольным образом нескольких файлов с разными звуками, и служит преградой от автоматической регистрации новых пользователей. разработчики включили рандомизацию выходящего WAV файла в скрипте /Sources/Subs-Sound.php но она явно недостаточна, и легко обходится перебором байтов по заданным шаблонам звуков

[blah@localhost smfh]$ ./captcha.pl http://localhost/smf/ nnrbv created in 1.41827201843262 seconds [andrey@localhost smfh]$ ./captcha.pl http://localhost/smf/ vpubu created in 1.49515509605408 seconds [andrey@localhost smfh]$ ./captcha.pl http://localhost/smf/ ntfhh created in 2.31928586959839 seconds [andrey@localhost smfh]$ ./captcha.pl http://localhost/smf/ egudz created in 0.823321104049683 seconds

как видно перебор составляет всего одну - две секунды.

(сам скрипт в аттаче к письму)

2) PHP инъекция

существует возможность выполнения произвольного PHP кода при создании или редактировании сообщения форума. Уязвима только версия 1.1.2 .

зараза если вас не затруднит можете перевести и разослать данное сообщение. спасибо. ==================================================================== forum.antichat.ru

JSON Vulners Source

Initial Source

{"id": "SECURITYVULNS:DOC:17271", "bulletinFamily": "software", "title": "\u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 smf 1.1.2", "description": " Simple Machines Forum 1.1.2 http://www.simplemachines.org/\r\n\r\n1) \u0441\u043b\u0430\u0431\u0430\u044f \u0440\u0435\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u044f \u0437\u0432\u0443\u043a\u043e\u0432\u043e\u0439 \u043a\u0430\u043f\u0447\u0438\r\n\r\n\u0432 \u044d\u0442\u043e\u043c \u0434\u0432\u0438\u0436\u043a\u0435 \u0437\u0432\u0443\u043a\u043e\u0432\u0430\u044f \u043a\u0430\u043f\u0447\u0430 \u0440\u0435\u0430\u043b\u0438\u0437\u0443\u0435\u0442\u0441\u044f \u043f\u043e\u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e\u043c \u043f\u043e\u0441\u044b\u043b\u0430\u043d\u0438\u044f \u0431\u0440\u0430\u0443\u0437\u0435\u0440\u0443 \r\n\u0437\u0432\u0443\u043a\u043e\u0432\u043e\u0433\u043e \u0444\u0430\u043b\u0430 \u0432 \u0444\u043e\u0440\u043c\u0430\u0442\u0435 WAV, \u0444\u0430\u0439\u043b \u0441\u043e\u0437\u0434\u0430\u0435\u0442\u0441\u044f \u043f\u0443\u0442\u0435\u043c \u0441\u043a\u043b\u0435\u0438\u0432\u0430\u043d\u0438\u044f \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u043c \r\n\u043e\u0431\u0440\u0430\u0437\u043e\u043c \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u0438\u0445 \u0444\u0430\u0439\u043b\u043e\u0432 \u0441 \u0440\u0430\u0437\u043d\u044b\u043c\u0438 \u0437\u0432\u0443\u043a\u0430\u043c\u0438, \u0438 \u0441\u043b\u0443\u0436\u0438\u0442 \u043f\u0440\u0435\u0433\u0440\u0430\u0434\u043e\u0439 \u043e\u0442 \r\n\u0430\u0432\u0442\u043e\u043c\u0430\u0442\u0438\u0447\u0435\u0441\u043a\u043e\u0439 \u0440\u0435\u0433\u0438\u0441\u0442\u0440\u0430\u0446\u0438\u0438 \u043d\u043e\u0432\u044b\u0445 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439.\r\n\u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u0438 \u0432\u043a\u043b\u044e\u0447\u0438\u043b\u0438 \u0440\u0430\u043d\u0434\u043e\u043c\u0438\u0437\u0430\u0446\u0438\u044e \u0432\u044b\u0445\u043e\u0434\u044f\u0449\u0435\u0433\u043e WAV \u0444\u0430\u0439\u043b\u0430 \u0432 \r\n\u0441\u043a\u0440\u0438\u043f\u0442\u0435 /Sources/Subs-Sound.php \u043d\u043e \u043e\u043d\u0430 \u044f\u0432\u043d\u043e \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u0430, \u0438 \u043b\u0435\u0433\u043a\u043e \u043e\u0431\u0445\u043e\u0434\u0438\u0442\u0441\u044f \r\n\u043f\u0435\u0440\u0435\u0431\u043e\u0440\u043e\u043c \u0431\u0430\u0439\u0442\u043e\u0432 \u043f\u043e \u0437\u0430\u0434\u0430\u043d\u043d\u044b\u043c \u0448\u0430\u0431\u043b\u043e\u043d\u0430\u043c \u0437\u0432\u0443\u043a\u043e\u0432\r\n\r\n[blah@localhost smfh]$ ./captcha.pl http://localhost/smf/\r\nnnrbv\r\ncreated in 1.41827201843262 seconds\r\n[andrey@localhost smfh]$ ./captcha.pl http://localhost/smf/\r\nvpubu\r\ncreated in 1.49515509605408 seconds\r\n[andrey@localhost smfh]$ ./captcha.pl http://localhost/smf/\r\nntfhh\r\ncreated in 2.31928586959839 seconds\r\n[andrey@localhost smfh]$ ./captcha.pl http://localhost/smf/\r\negudz\r\ncreated in 0.823321104049683 seconds\r\n\r\n\u043a\u0430\u043a \u0432\u0438\u0434\u043d\u043e \u043f\u0435\u0440\u0435\u0431\u043e\u0440 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 \u0432\u0441\u0435\u0433\u043e \u043e\u0434\u043d\u0443 - \u0434\u0432\u0435 \u0441\u0435\u043a\u0443\u043d\u0434\u044b.\r\n\r\n(\u0441\u0430\u043c \u0441\u043a\u0440\u0438\u043f\u0442 \u0432 \u0430\u0442\u0442\u0430\u0447\u0435 \u043a \u043f\u0438\u0441\u044c\u043c\u0443)\r\n\r\n2) PHP \u0438\u043d\u044a\u0435\u043a\u0446\u0438\u044f\r\n\r\n\u0441\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442 \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u044c \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u043e\u0433\u043e PHP \u043a\u043e\u0434\u0430 \u043f\u0440\u0438 \u0441\u043e\u0437\u0434\u0430\u043d\u0438\u0438 \u0438\u043b\u0438 \r\n\u0440\u0435\u0434\u0430\u043a\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0438 \u0441\u043e\u043e\u0431\u0449\u0435\u043d\u0438\u044f \u0444\u043e\u0440\u0443\u043c\u0430. \u0423\u044f\u0437\u0432\u0438\u043c\u0430 \u0442\u043e\u043b\u044c\u043a\u043e \u0432\u0435\u0440\u0441\u0438\u044f 1.1.2 .\r\n\r\n\r\n\u0437\u0430\u0440\u0430\u0437\u0430 \u0435\u0441\u043b\u0438 \u0432\u0430\u0441 \u043d\u0435 \u0437\u0430\u0442\u0440\u0443\u0434\u043d\u0438\u0442 \u043c\u043e\u0436\u0435\u0442\u0435 \u043f\u0435\u0440\u0435\u0432\u0435\u0441\u0442\u0438 \u0438 \u0440\u0430\u0437\u043e\u0441\u043b\u0430\u0442\u044c \u0434\u0430\u043d\u043d\u043e\u0435 \u0441\u043e\u043e\u0431\u0449\u0435\u043d\u0438\u0435. \r\n\u0441\u043f\u0430\u0441\u0438\u0431\u043e. \r\n====================================================================\r\n forum.antichat.ru", "published": "2007-06-15T00:00:00", "modified": "2007-06-15T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:17271", "reporter": "Securityvulns", "references": [], "cvelist": [], "type": "securityvulns", "lastseen": "2018-08-31T11:10:22", "edition": 1, "viewCount": 652, "enchantments": {"score": {"value": 6.0, "vector": "NONE", "modified": "2018-08-31T11:10:22", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2014-2595", "CVE-2018-17271", "CVE-2019-17271", "CVE-2015-9286", "CVE-2008-7273", "CVE-2017-17271", "CVE-2008-7272"]}, {"type": "thn", "idList": ["THN:093159C4FD68C474FAF589D92E25C41A"]}, {"type": "symantec", "idList": ["SMNTC-110593"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:154758"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:32652", "SECURITYVULNS:DOC:32654", "SECURITYVULNS:DOC:32653", "SECURITYVULNS:DOC:32656", "SECURITYVULNS:VULN:14755", "SECURITYVULNS:VULN:14753", "SECURITYVULNS:DOC:32651", "SECURITYVULNS:VULN:14720", "SECURITYVULNS:DOC:32660", "SECURITYVULNS:DOC:32658"]}], "modified": "2018-08-31T11:10:22", "rev": 2}, "vulnersScore": 6.0}, "affectedSoftware": [], "immutableFields": [], "cvss2": {}, "cvss3": {}}

{"rst": [{"id": "RST:07805120-2718-3205-A4CA-D962BD98B372", "bulletinFamily": "ioc", "title": "RST Threat feed. IOC: 185.232.52.164", "description": "Found **185[.]232.52.164** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **44**.\n First seen: 2021-04-29T03:00:00, Last seen: 2021-04-29T03:00:00.\n IOC tags: **generic**.\nASN 200313: (First IP 185.232.52.0, Last IP 185.232.55.255).\nASN Name \"AS200313\" and Organisation \"\".\nASN hosts 17271 domains.\nGEO IP information: City \"\", Country \"Seychelles\".\n[https://rstcloud.net/](https://rstcloud.net/)", "published": "2021-04-30T00:00:00", "modified": "2021-04-29T00:00:00", "cvss": {}, "href": "", "reporter": "RST Threat Feed", "references": [], "cvelist": [], "immutableFields": [], "type": "rst", "lastseen": "2021-04-29T00:00:00", "history": [], "edition": 1, "hashmap": [{"key": "asn", "hash": "0b79bb5354fb4f4a496e0fa7834ae2e9"}, {"key": "bulletinFamily", "hash": "e03daa7651c34372b0bf8c442bb00813"}, {"key": "cvelist", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvss", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "description", "hash": "6343c6540f403a5b6d3e393588f72d19"}, {"key": "domain", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "fp", "hash": "c923ad45656a014eb21907f615f1e97f"}, {"key": "geodata", "hash": "d4f6014b278149af77ef36500f75a7a2"}, {"key": "href", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "immutableFields", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "iocScore", "hash": "13b2c5ca35cfaf8c68576cc589ffd1d5"}, {"key": "iocType", "hash": "957b527bcfbad2e80f58d20683931435"}, {"key": "ip", "hash": "3ab344c47230a04b48aae0a1806cd7e9"}, {"key": "modified", "hash": "c92bd9440f9b4ceb93523440af365b61"}, {"key": "published", "hash": "ede09cd1e392080db6516bf1dc0c3da4"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "ecfdd35b9632d35ab17dbe9c46491f14"}, {"key": "tags", "hash": "db34099e531f5ecc1dd7c5e13c35811a"}, {"key": "threat", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "title", "hash": "f600af3db637430cb4fdc2aa4cb9f409"}, {"key": "type", "hash": "d674dfcd8b4db6762bcb3667316d3bb9"}, {"key": "url", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "whois", "hash": "d41d8cd98f00b204e9800998ecf8427e"}], "hash": "4242ec91cf05ecb5e3fa70454ba29418098b7e85552b365b21061b5df223036c", "viewCount": 0, "enchantments": {}, "objectVersion": "1.5", "iocType": "ip", "ip": ["185.232.52.164"], "domain": [], "url": [], "iocScore": {"ioc_frequency": 1.0, "ioc_src": 55.56, "ioc_tags": 0.8, "ioc_total": 44.0}, "tags": ["generic"], "fp": {"alarm": "false", "descr": ""}, "whois": {}, "geodata": {"city": "", "country": "Seychelles", "region": ""}, "asn": {"cloud": "", "domains": 17271, "firstip": {"netv4": "185.232.52.0", "num": "3119002624"}, "isp": "AS200313", "lastip": {"netv4": "185.232.55.255", "num": "3119003647"}, "num": 200313, "org": ""}, "threat": []}, {"id": "RST:FD7159CD-4B2A-3BF5-B62A-F138EC50F6E0", "bulletinFamily": "ioc", "title": "RST Threat feed. IOC: 185.232.52.143", "description": "Found **185[.]232.52.143** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **10**.\n First seen: 2020-11-13T03:00:00, Last seen: 2021-04-25T03:00:00.\n IOC tags: **malware**.\nWe found that the IOC is used by: **cobalt_strike**.\nASN 200313: (First IP 185.232.52.0, Last IP 185.232.55.255).\nASN Name \"AS200313\" and Organisation \"\".\nASN hosts 17271 domains.\nGEO IP information: City \"\", Country \"Seychelles\".\n[https://rstcloud.net/](https://rstcloud.net/)", "published": "2021-04-27T00:00:00", "modified": "2020-11-13T00:00:00", "cvss": {}, "href": "", "reporter": "RST Threat Feed", "references": [], "cvelist": [], "type": "rst", "lastseen": "2021-04-25T00:00:00", "history": [], "edition": 1, "hashmap": [{"key": "asn", "hash": "0b79bb5354fb4f4a496e0fa7834ae2e9"}, {"key": "bulletinFamily", "hash": "e03daa7651c34372b0bf8c442bb00813"}, {"key": "cvelist", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvss", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "description", "hash": "87b821b22da71634aadb87e754c42e50"}, {"key": "domain", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "fp", "hash": "c923ad45656a014eb21907f615f1e97f"}, {"key": "geodata", "hash": "d4f6014b278149af77ef36500f75a7a2"}, {"key": "href", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "immutableFields", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "iocScore", "hash": "29ccb02bbd35f6e110b376e3e9f3a093"}, {"key": "iocType", "hash": "957b527bcfbad2e80f58d20683931435"}, {"key": "ip", "hash": "05f2eb872fc1dce801ea50d6cd70c24c"}, {"key": "modified", "hash": "18a93d74cc40a88a84f9058f4408d010"}, {"key": "published", "hash": "1c8f2cd39feb63f9493fa1ae5f67c6a6"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "ecfdd35b9632d35ab17dbe9c46491f14"}, {"key": "tags", "hash": "13dea883b752e2629bfcc86e61e3a06c"}, {"key": "threat", "hash": "b0fd79c1c72dc7e63729a01258eaf3cd"}, {"key": "title", "hash": "6e8102fc4d916b0f448e877cc16e8569"}, {"key": "type", "hash": "d674dfcd8b4db6762bcb3667316d3bb9"}, {"key": "url", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "whois", "hash": "d41d8cd98f00b204e9800998ecf8427e"}], "hash": "2088b3a555214a363b2ab907a277ffd928fc5e66eb60819656b3d82035527afe", "viewCount": 0, "enchantments": {}, "objectVersion": "1.5", "iocType": "ip", "ip": ["185.232.52.143"], "domain": [], "url": [], "iocScore": {"ioc_frequency": 0.18, "ioc_src": 67.58, "ioc_tags": 0.89, "ioc_total": 10.0}, "tags": ["malware"], "fp": {"alarm": "false", "descr": ""}, "whois": {}, "geodata": {"city": "", "country": "Seychelles", "region": ""}, "asn": {"cloud": "", "domains": 17271, "firstip": {"netv4": "185.232.52.0", "num": "3119002624"}, "isp": "AS200313", "lastip": {"netv4": "185.232.55.255", "num": "3119003647"}, "num": 200313, "org": ""}, "threat": ["cobalt_strike"], "immutableFields": []}, {"id": "RST:E5363703-D18B-3927-A51F-CFA8EEC3C840", "bulletinFamily": "ioc", "title": "RST Threat feed. IOC: 185.238.0.217", "description": "Found **185[.]238.0.217** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **60**.\n First seen: 2021-04-25T03:00:00, Last seen: 2021-04-25T03:00:00.\n IOC tags: **malware**.\nASN 200313: (First IP 185.238.0.0, Last IP 185.238.3.255).\nASN Name \"AS200313\" and Organisation \"\".\nASN hosts 17271 domains.\nGEO IP information: City \"\", Country \"Seychelles\".\n[https://rstcloud.net/](https://rstcloud.net/)", "published": "2021-04-27T00:00:00", "modified": "2021-04-25T00:00:00", "cvss": {}, "href": "", "reporter": "RST Threat Feed", "references": [], "cvelist": [], "immutableFields": [], "type": "rst", "lastseen": "2021-04-25T00:00:00", "history": [], "edition": 1, "hashmap": [{"key": "asn", "hash": "df4cabb425f4aa4431067494baea8cf0"}, {"key": "bulletinFamily", "hash": "e03daa7651c34372b0bf8c442bb00813"}, {"key": "cvelist", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvss", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "description", "hash": "e99504520ab7c7985004a826532abd23"}, {"key": "domain", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "fp", "hash": "c923ad45656a014eb21907f615f1e97f"}, {"key": "geodata", "hash": "d4f6014b278149af77ef36500f75a7a2"}, {"key": "href", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "immutableFields", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "iocScore", "hash": "ee1fa7f21385c93f8e72550dc50b748d"}, {"key": "iocType", "hash": "957b527bcfbad2e80f58d20683931435"}, {"key": "ip", "hash": "a7cd59bb20c8fe724e0ceb5abb439ea1"}, {"key": "modified", "hash": "343dfd1fd1f3266eb93ba802eb770f1b"}, {"key": "published", "hash": "1c8f2cd39feb63f9493fa1ae5f67c6a6"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "ecfdd35b9632d35ab17dbe9c46491f14"}, {"key": "tags", "hash": "13dea883b752e2629bfcc86e61e3a06c"}, {"key": "threat", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "title", "hash": "d2dfefacaefe16c9a073d89c31aea6d3"}, {"key": "type", "hash": "d674dfcd8b4db6762bcb3667316d3bb9"}, {"key": "url", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "whois", "hash": "d41d8cd98f00b204e9800998ecf8427e"}], "hash": "50ea061e888a61e10a1495a658a40d2bc2dec2b6c49858e4fff9fd17cefb99dd", "viewCount": 0, "enchantments": {}, "objectVersion": "1.5", "iocType": "ip", "ip": ["185.238.0.217"], "domain": [], "url": [], "iocScore": {"ioc_frequency": 1.0, "ioc_src": 67.58, "ioc_tags": 0.89, "ioc_total": 60.0}, "tags": ["malware"], "fp": {"alarm": "false", "descr": ""}, "whois": {}, "geodata": {"city": "", "country": "Seychelles", "region": ""}, "asn": {"cloud": "", "domains": 17271, "firstip": {"netv4": "185.238.0.0", "num": "3119382528"}, "isp": "AS200313", "lastip": {"netv4": "185.238.3.255", "num": "3119383551"}, "num": 200313, "org": ""}, "threat": []}, {"id": "RST:CC556A39-B606-332D-B71E-D29857F0A956", "bulletinFamily": "ioc", "title": "RST Threat feed. IOC: 185.238.0.233", "description": "Found **185[.]238.0.233** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **12**.\n First seen: 2020-11-26T03:00:00, Last seen: 2021-04-25T03:00:00.\n IOC tags: **malware**.\nWe found that the IOC is used by: **egregor,cobalt_strike**.\nASN 200313: (First IP 185.238.0.0, Last IP 185.238.3.255).\nASN Name \"AS200313\" and Organisation \"\".\nASN hosts 17271 domains.\nGEO IP information: City \"\", Country \"Seychelles\".\n[https://rstcloud.net/](https://rstcloud.net/)", "published": "2021-04-27T00:00:00", "modified": "2020-11-26T00:00:00", "cvss": {}, "href": "", "reporter": "RST Threat Feed", "references": [], "cvelist": [], "type": "rst", "lastseen": "2021-04-25T00:00:00", "history": [], "edition": 1, "hashmap": [{"key": "asn", "hash": "df4cabb425f4aa4431067494baea8cf0"}, {"key": "bulletinFamily", "hash": "e03daa7651c34372b0bf8c442bb00813"}, {"key": "cvelist", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvss", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "description", "hash": "aeb82180075e7d0d3d4fe90e15cfa30b"}, {"key": "domain", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "fp", "hash": "c923ad45656a014eb21907f615f1e97f"}, {"key": "geodata", "hash": "d4f6014b278149af77ef36500f75a7a2"}, {"key": "href", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "immutableFields", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "iocScore", "hash": "16ef8e7ae6e6fddb5777466acb8986ae"}, {"key": "iocType", "hash": "957b527bcfbad2e80f58d20683931435"}, {"key": "ip", "hash": "ff73cf510934e3b1013d3381f74d7f36"}, {"key": "modified", "hash": "6c8f830eb72cbe6badfa7e9f0bd6b7d9"}, {"key": "published", "hash": "1c8f2cd39feb63f9493fa1ae5f67c6a6"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "ecfdd35b9632d35ab17dbe9c46491f14"}, {"key": "tags", "hash": "13dea883b752e2629bfcc86e61e3a06c"}, {"key": "threat", "hash": "73c62e2f9356aa91aa06f5a9d48bbe60"}, {"key": "title", "hash": "9dff78ea10a013a94e9686e65ecc23e2"}, {"key": "type", "hash": "d674dfcd8b4db6762bcb3667316d3bb9"}, {"key": "url", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "whois", "hash": "d41d8cd98f00b204e9800998ecf8427e"}], "hash": "ac5171bad45a6c60d516a92df88b8a481be3532461bf3d5591228a9dcdf825a7", "viewCount": 0, "enchantments": {}, "objectVersion": "1.5", "iocType": "ip", "ip": ["185.238.0.233"], "domain": [], "url": [], "iocScore": {"ioc_frequency": 0.2, "ioc_src": 67.58, "ioc_tags": 0.89, "ioc_total": 12.0}, "tags": ["malware"], "fp": {"alarm": "false", "descr": ""}, "whois": {}, "geodata": {"city": "", "country": "Seychelles", "region": ""}, "asn": {"cloud": "", "domains": 17271, "firstip": {"netv4": "185.238.0.0", "num": "3119382528"}, "isp": "AS200313", "lastip": {"netv4": "185.238.3.255", "num": "3119383551"}, "num": 200313, "org": ""}, "threat": ["egregor", "cobalt_strike"], "immutableFields": []}, {"id": "RST:0F363258-4A67-34F8-A06E-991EDC1A74A7", "bulletinFamily": "ioc", "title": "RST Threat feed. IOC: 185.232.52.33", "description": "Found **185[.]232.52.33** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **44**.\n First seen: 2021-04-17T03:00:00, Last seen: 2021-04-17T03:00:00.\n IOC tags: **generic**.\nASN 200313: (First IP 185.232.52.0, Last IP 185.232.55.255).\nASN Name \"AS200313\" and Organisation \"\".\nASN hosts 17271 domains.\nGEO IP information: City \"\", Country \"Seychelles\".\n[https://rstcloud.net/](https://rstcloud.net/)", "published": "2021-04-18T00:00:00", "modified": "2021-04-17T00:00:00", "cvss": {}, "href": "", "reporter": "RST Threat Feed", "references": [], "cvelist": [], "immutableFields": [], "type": "rst", "lastseen": "2021-04-17T00:00:00", "history": [], "edition": 1, "hashmap": [{"key": "asn", "hash": "0b79bb5354fb4f4a496e0fa7834ae2e9"}, {"key": "bulletinFamily", "hash": "e03daa7651c34372b0bf8c442bb00813"}, {"key": "cvelist", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvss", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "description", "hash": "31a460b82d4170ab70190bbb36ae0016"}, {"key": "domain", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "fp", "hash": "c923ad45656a014eb21907f615f1e97f"}, {"key": "geodata", "hash": "d4f6014b278149af77ef36500f75a7a2"}, {"key": "href", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "immutableFields", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "iocScore", "hash": "febab1a7b4eff09bcc383c80b69e1744"}, {"key": "iocType", "hash": "957b527bcfbad2e80f58d20683931435"}, {"key": "ip", "hash": "e1b8913013bca4c87568fbabcb0e4995"}, {"key": "modified", "hash": "8ad2d63ad64c156382086ce840c8dd13"}, {"key": "published", "hash": "4a88fa0399dd4bfe0177cded531d1d73"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "ecfdd35b9632d35ab17dbe9c46491f14"}, {"key": "tags", "hash": "db34099e531f5ecc1dd7c5e13c35811a"}, {"key": "threat", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "title", "hash": "21187a86672167eead2fceb054775b54"}, {"key": "type", "hash": "d674dfcd8b4db6762bcb3667316d3bb9"}, {"key": "url", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "whois", "hash": "d41d8cd98f00b204e9800998ecf8427e"}], "hash": "2ec12e81366ba004fd65a439e4a332045969ca96f215ff2249d38c6376bc45d2", "viewCount": 0, "enchantments": {}, "objectVersion": "1.5", "iocType": "ip", "ip": ["185.232.52.33"], "domain": [], "url": [], "iocScore": {"ioc_frequency": 1.0, "ioc_src": 56.12, "ioc_tags": 0.8, "ioc_total": 44.0}, "tags": ["generic"], "fp": {"alarm": "false", "descr": ""}, "whois": {}, "geodata": {"city": "", "country": "Seychelles", "region": ""}, "asn": {"cloud": "", "domains": 17271, "firstip": {"netv4": "185.232.52.0", "num": "3119002624"}, "isp": "AS200313", "lastip": {"netv4": "185.232.55.255", "num": "3119003647"}, "num": 200313, "org": ""}, "threat": []}, {"id": "RST:B5784B5B-BD51-3A5A-B14D-B4CFF068F513", "bulletinFamily": "ioc", "title": "RST Threat feed. IOC: 195.242.110.126", "description": "Found **195[.]242.110.126** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **11**.\n First seen: 2021-03-23T03:00:00, Last seen: 2021-04-04T03:00:00.\n IOC tags: **generic**.\nASN 200313: (First IP 195.242.110.0, Last IP 195.242.111.255).\nASN Name \"AS200313\" and Organisation \"\".\nASN hosts 17271 domains.\nGEO IP information: City \"\", Country \"Belize\".\n[https://rstcloud.net/](https://rstcloud.net/)", "published": "2021-04-12T00:00:00", "modified": "2021-03-23T00:00:00", "cvss": {}, "href": "", "reporter": "RST Threat Feed", "references": [], "cvelist": [], "type": "rst", "lastseen": "2021-04-04T00:00:00", "history": [], "edition": 1, "hashmap": [{"key": "asn", "hash": "ba0c63effcae775c27bbab2459af56ae"}, {"key": "bulletinFamily", "hash": "e03daa7651c34372b0bf8c442bb00813"}, {"key": "cvelist", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvss", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "description", "hash": "a31a37a60f7f8629cb4f2e7c47ba82eb"}, {"key": "domain", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "fp", "hash": "c923ad45656a014eb21907f615f1e97f"}, {"key": "geodata", "hash": "8260b015d86602a818c7ebc8bfa06d76"}, {"key": "href", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "immutableFields", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "iocScore", "hash": "333841cd0f85454708334b3b9efc383d"}, {"key": "iocType", "hash": "957b527bcfbad2e80f58d20683931435"}, {"key": "ip", "hash": "2c69eef59637616c9f74fba2260130f0"}, {"key": "modified", "hash": "0d682af5d826f1d3f727c8c08148286f"}, {"key": "published", "hash": "da6316e081531c0a3042dada32c43dd3"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "ecfdd35b9632d35ab17dbe9c46491f14"}, {"key": "tags", "hash": "db34099e531f5ecc1dd7c5e13c35811a"}, {"key": "threat", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "title", "hash": "65dd5329b51065c20ed91cd2f2a499ee"}, {"key": "type", "hash": "d674dfcd8b4db6762bcb3667316d3bb9"}, {"key": "url", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "whois", "hash": "d41d8cd98f00b204e9800998ecf8427e"}], "hash": "982d8a402ccf66cc4c335d750e96fed77d6fc722d89f2269ddbcedd7cfca85af", "viewCount": 0, "enchantments": {}, "objectVersion": "1.5", "iocType": "ip", "ip": ["195.242.110.126"], "domain": [], "url": [], "iocScore": {"ioc_frequency": 0.81, "ioc_src": 17.68, "ioc_tags": 0.8, "ioc_total": 11.0}, "tags": ["generic"], "fp": {"alarm": "false", "descr": ""}, "whois": {}, "geodata": {"city": "", "country": "Belize", "region": ""}, "asn": {"cloud": "", "domains": 17271, "firstip": {"netv4": "195.242.110.0", "num": "3287444992"}, "isp": "AS200313", "lastip": {"netv4": "195.242.111.255", "num": "3287445503"}, "num": 200313, "org": ""}, "threat": [], "immutableFields": []}, {"id": "RST:7374AF9B-5505-3655-AEFB-435AF6F56904", "bulletinFamily": "ioc", "title": "RST Threat feed. IOC: 185.212.130.11", "description": "Found **185[.]212.130.11** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **2**.\n First seen: 2020-01-02T03:00:00, Last seen: 2021-03-11T03:00:00.\n IOC tags: **generic**.\nASN 200313: (First IP 185.212.128.0, Last IP 185.212.131.255).\nASN Name \"AS200313\" and Organisation \"\".\nASN hosts 17271 domains.\nGEO IP information: City \"\", Country \"Seychelles\".\nIn according to RST Threat Feed the IP is related to **1www-netflix-com-es-login.prohoster.biz** malicious domains.\n[https://rstcloud.net/](https://rstcloud.net/)", "published": "2021-04-08T00:00:00", "modified": "2020-01-02T00:00:00", "cvss": {}, "href": "", "reporter": "RST Threat Feed", "references": [], "cvelist": [], "type": "rst", "lastseen": "2021-03-11T00:00:00", "history": [], "edition": 1, "hashmap": [{"key": "asn", "hash": "a51b0390f8d98a0b1ee4966287333d30"}, {"key": "bulletinFamily", "hash": "e03daa7651c34372b0bf8c442bb00813"}, {"key": "cvelist", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvss", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "description", "hash": "c2625eeefa13005518b80b0223de06fb"}, {"key": "domain", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "fp", "hash": "c923ad45656a014eb21907f615f1e97f"}, {"key": "geodata", "hash": "d4f6014b278149af77ef36500f75a7a2"}, {"key": "href", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "immutableFields", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "iocScore", "hash": "a1a6ddac40dbe7c1ffccb159fa584aef"}, {"key": "iocType", "hash": "957b527bcfbad2e80f58d20683931435"}, {"key": "ip", "hash": "14b4b61c0243d0687b276c9aaf7dd023"}, {"key": "modified", "hash": "2249940a684898a70237266de5d6dd6c"}, {"key": "published", "hash": "8ca91680a4055a2cdc5d15162b89b3e7"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "ecfdd35b9632d35ab17dbe9c46491f14"}, {"key": "tags", "hash": "db34099e531f5ecc1dd7c5e13c35811a"}, {"key": "threat", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "title", "hash": "92fc500522e0524081e36dbe5f1e11ed"}, {"key": "type", "hash": "d674dfcd8b4db6762bcb3667316d3bb9"}, {"key": "url", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "whois", "hash": "d41d8cd98f00b204e9800998ecf8427e"}], "hash": "28341c75f5369df951f6a26ae1c39ca69d96e0dbc54524c4934ac0d2164e85fd", "viewCount": 0, "enchantments": {}, "objectVersion": "1.5", "iocType": "ip", "ip": ["185.212.130.11"], "domain": [], "url": [], "iocScore": {"ioc_frequency": 0.05, "ioc_src": 56.12, "ioc_tags": 0.8, "ioc_total": 2.0}, "tags": ["generic"], "fp": {"alarm": "false", "descr": ""}, "whois": {}, "geodata": {"city": "", "country": "Seychelles", "region": ""}, "asn": {"cloud": "", "domains": 17271, "firstip": {"netv4": "185.212.128.0", "num": "3117711360"}, "isp": "AS200313", "lastip": {"netv4": "185.212.131.255", "num": "3117712383"}, "num": 200313, "org": ""}, "threat": [], "immutableFields": []}, {"id": "RST:B7F86EB8-3830-307D-ADDB-CE5268257B6C", "bulletinFamily": "ioc", "title": "RST Threat feed. IOC: sf-2007.official-org.com/c/p/tc/17271/dc036f22-3791-486c-8e53-7e5995f61d3b-5e7c1676-bc58-44bb-924f-13ad838669e5", "description": "Found **sf-2007[.]official-org.com/c/p/tc/17271/dc036f22-3791-486c-8e53-7e5995f61d3b-5e7c1676-bc58-44bb-924f-13ad838669e5** in [RST Threat Feed](https://rstcloud.net/profeed) with score **18**.\n First seen: 2020-11-03T03:00:00, Last seen: 2020-11-04T03:00:00.\n IOC tags: **phishing**.\nIOC could be a **False Positive** (Resource unavailable).\n[https://rstcloud.net/](https://rstcloud.net/)", "published": "2020-11-05T00:00:00", "modified": "2020-11-03T00:00:00", "cvss": {}, "href": "", "reporter": "RST Threat Feed", "references": [], "cvelist": [], "type": "rst", "lastseen": "2020-11-04T00:00:00", "history": [], "edition": 1, "hashmap": [{"key": "asn", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "bulletinFamily", "hash": "e03daa7651c34372b0bf8c442bb00813"}, {"key": "cvelist", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvss", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "description", "hash": "dc79f6b6577bd48a459d46b067d66d79"}, {"key": "domain", "hash": "b4e2551c30c8729dac6fe5f9dac4acce"}, {"key": "fp", "hash": "fa606d49ea7798d3fe8c2c48edbac9a5"}, {"key": "geodata", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "href", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "iocScore", "hash": "cc3596fedbcee8adbe1a340edfb519a9"}, {"key": "iocType", "hash": "572d4e421e5e6b9bc11d815e8a027112"}, {"key": "ip", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "modified", "hash": "bf7b190bd0628075759cca9329c8edc7"}, {"key": "published", "hash": "cf085eb93705dcfb13757e16624f1560"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "ecfdd35b9632d35ab17dbe9c46491f14"}, {"key": "tags", "hash": "1ce4383d8816542878fa583f9d13e8a4"}, {"key": "threat", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "title", "hash": "d829b6a9d89daeee32870c0a2ed3a008"}, {"key": "type", "hash": "d674dfcd8b4db6762bcb3667316d3bb9"}, {"key": "url", "hash": "31342319f66ade44e0171da700df6c4e"}, {"key": "whois", "hash": "d41d8cd98f00b204e9800998ecf8427e"}], "hash": "03b2a6595c31a11b7e327c68f9b2b579ca6a1035be9409777f70971d20b21b13", "viewCount": 0, "enchantments": {}, "objectVersion": "1.3", "iocType": "url", "ip": [], "domain": ["sf-2007.official-org.com"], "url": ["sf-2007.official-org.com/c/p/tc/17271/dc036f22-3791-486c-8e53-7e5995f61d3b-5e7c1676-bc58-44bb-924f-13ad838669e5"], "iocScore": {"ioc_frequency": 0.98, "ioc_src": 74.99, "ioc_tags": 0.83, "ioc_total": 18.0}, "tags": ["phishing"], "fp": {"alarm": "true", "descr": "Resource unavailable"}, "whois": {}, "geodata": {}, "asn": {}, "threat": []}], "cve": [{"bulletinFamily": "NVD", "hash": "6a0ace8cdb63863b470e6561269f441d83851201520bc6a55e7930a925c15e3a", "id": "CVE-2014-2595", "lastseen": "2021-04-22T23:44:08", "description": "Barracuda Web Application Firewall (WAF) 7.8.1.013 allows remote attackers to bypass authentication by leveraging a permanent authentication token obtained from a query string.", "objectVersion": "1.5", "published": "2020-02-12T01:15:00", "cvelist": ["CVE-2014-2595"], "viewCount": 73, "modified": "2020-02-20T15:55:00", "references": ["https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2595/", "http://www.osvdb.org/109782", "https://www.securityfocus.com/bid/69028", "https://www.exploit-db.com/exploits/39278", "http://packetstormsecurity.com/files/127740/Barracuda-WAF-Authentication-Bypass.html", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31004", "http://seclists.org/fulldisclosure/2014/Aug/5"], "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "edition": 8, "reporter": "cve@mitre.org", "title": "CVE-2014-2595", "history": [{"bulletin": {"affectedSoftware": [], "bulletinFamily": "NVD", "cpe": [], "cpe23": [], "cvelist": ["CVE-2014-2595"], "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "cwe": [], "description": "Barracuda Web Application Firewall (WAF) 7.8.1.013 allows remote attackers to bypass authentication by leveraging a permanent authentication token obtained from a query string.", "edition": 3, "enchantments": {"dependencies": {"modified": "2020-02-13T14:29:47", "references": [{"idList": ["PACKETSTORM:127740"], "type": "packetstorm"}, {"idList": ["SECURITYVULNS:DOC:31004", "SECURITYVULNS:VULN:13887"], "type": "securityvulns"}, {"idList": ["EDB-ID:39278"], "type": "exploitdb"}]}, "score": {"modified": "2020-02-13T14:29:47", "value": 6.9, "vector": "NONE"}}, "hash": "0d148bb322c927927cf5c8adaba4daf0d811bf2bee4917f93ca62ca2f942333e", "hashmap": [{"hash": "584cd9e6927eaaa814c6545414f09911", "key": "description"}, {"hash": "cf46dbeffc0c7dc51130bcd388b4459a", "key": "references"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cwe"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedSoftware"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss3"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss2"}, {"hash": "afd8c4a8002c25596504fc1efc107886", "key": "cvelist"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "23075837e6c728c8f0077b2ae5d5ee7f", "key": "modified"}, {"hash": "6c607768196e3786ab17cb3a6e516cad", "key": "published"}, {"hash": "756bd44ad36e62b951b7a08611cbd3f5", "key": "href"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}, {"hash": "bc7f8fc71017e1124d57947313af5643", "key": "title"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2595", "id": "CVE-2014-2595", "lastseen": "2020-02-13T14:29:47", "modified": "2020-02-12T13:07:00", "objectVersion": "1.3", "published": "2020-02-12T01:15:00", "references": ["https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2595/", "http://www.osvdb.org/109782", "https://www.securityfocus.com/bid/69028", "https://www.exploit-db.com/exploits/39278", "http://packetstormsecurity.com/files/127740/Barracuda-WAF-Authentication-Bypass.html", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31004", "http://seclists.org/fulldisclosure/2014/Aug/5"], "reporter": "cve@mitre.org", "title": "CVE-2014-2595", "type": "cve", "viewCount": 28}, "differentElements": ["cpe23", "cvss", "cvss2", "modified", "cpe", "cwe", "affectedSoftware"], "edition": 3, "lastseen": "2020-02-13T14:29:47"}, {"bulletin": {"affectedSoftware": [], "bulletinFamily": "NVD", "cpe": [], "cpe23": [], "cvelist": ["CVE-2014-2595"], "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "cwe": [], "description": "Barracuda Web Application Firewall (WAF) 7.8.1.013 allows remote attackers to bypass authentication by leveraging a permanent authentication token obtained from a query string.", "edition": 2, "enchantments": {"dependencies": {"modified": "2020-02-12T14:27:29", "references": [{"idList": ["PACKETSTORM:127740"], "type": "packetstorm"}, {"idList": ["SECURITYVULNS:DOC:31004", "SECURITYVULNS:VULN:13887"], "type": "securityvulns"}, {"idList": ["EDB-ID:39278"], "type": "exploitdb"}]}, "score": {"modified": "2020-02-12T14:27:29", "value": 6.9, "vector": "NONE"}}, "hash": "6ccf8f84237981876cda9914b348e4e11c8972875cdf630f59422732f1ea69ba", "hashmap": [{"hash": "584cd9e6927eaaa814c6545414f09911", "key": "description"}, {"hash": "cf46dbeffc0c7dc51130bcd388b4459a", "key": "references"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cwe"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedSoftware"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss3"}, {"hash": "6c607768196e3786ab17cb3a6e516cad", "key": "modified"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss2"}, {"hash": "afd8c4a8002c25596504fc1efc107886", "key": "cvelist"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "6c607768196e3786ab17cb3a6e516cad", "key": "published"}, {"hash": "756bd44ad36e62b951b7a08611cbd3f5", "key": "href"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}, {"hash": "bc7f8fc71017e1124d57947313af5643", "key": "title"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2595", "id": "CVE-2014-2595", "lastseen": "2020-02-12T14:27:29", "modified": "2020-02-12T01:15:00", "objectVersion": "1.3", "published": "2020-02-12T01:15:00", "references": ["https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2595/", "http://www.osvdb.org/109782", "https://www.securityfocus.com/bid/69028", "https://www.exploit-db.com/exploits/39278", "http://packetstormsecurity.com/files/127740/Barracuda-WAF-Authentication-Bypass.html", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31004", "http://seclists.org/fulldisclosure/2014/Aug/5"], "reporter": "cve@mitre.org", "title": "CVE-2014-2595", "type": "cve", "viewCount": 28}, "differentElements": ["modified"], "edition": 2, "lastseen": "2020-02-12T14:27:29"}, {"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "barracuda:web_application_firewall", "name": "barracuda web application firewall", "operator": "eq", "version": "7.8.1.013"}], "bulletinFamily": "NVD", "cpe": ["cpe:/a:barracuda:web_application_firewall:7.8.1.013"], "cpe23": ["cpe:2.3:a:barracuda:web_application_firewall:7.8.1.013:*:*:*:*:*:*:*"], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:barracuda:web_application_firewall:7.8.1.013:*:*:*:*:*:*:*", "vulnerable": true}], "operator": "OR"}]}, "cvelist": ["CVE-2014-2595"], "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9}, "cwe": ["CWE-613"], "description": "Barracuda Web Application Firewall (WAF) 7.8.1.013 allows remote attackers to bypass authentication by leveraging a permanent authentication token obtained from a query string.", "edition": 6, "enchantments": {"dependencies": {"modified": "2020-10-03T12:01:15", "references": [{"idList": ["PACKETSTORM:127740"], "type": "packetstorm"}, {"idList": ["SECURITYVULNS:DOC:31004", "SECURITYVULNS:VULN:13887"], "type": "securityvulns"}, {"idList": ["EDB-ID:39278"], "type": "exploitdb"}], "rev": 2}, "score": {"modified": "2020-10-03T12:01:15", "rev": 2, "value": 6.9, "vector": "NONE"}}, "extraReferences": [], "hash": "65fabd8c3b92ccbba797b3dfba517234b9e0e8bc2464531f2cd64047dd457870", "hashmap": [{"hash": "584cd9e6927eaaa814c6545414f09911", "key": "description"}, {"hash": "cf46dbeffc0c7dc51130bcd388b4459a", "key": "references"}, {"hash": "92ee34fefd5301ff6ccb77b813c8d4f8", "key": "modified"}, {"hash": "86870277fcb3e3e121fe9e4f1f7c2b51", "key": "cwe"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "405ecfc0fb244283a2773863614145bf", "key": "cpe23"}, {"hash": "e63509ce8b627fb239a5a63969122026", "key": "cvss2"}, {"hash": "832b9c21b4589969549f63eb0724398c", "key": "cpe"}, {"hash": "0e66a595df2112e69adac8e55cbdb92d", "key": "cpeConfiguration"}, {"hash": "a97b191a26cb922c0b82d26c5f04f4db", "key": "affectedSoftware"}, {"hash": "ad35358d166de03a84a3a9280d95337a", "key": "cvss3"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "afd8c4a8002c25596504fc1efc107886", "key": "cvelist"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "extraReferences"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "6c607768196e3786ab17cb3a6e516cad", "key": "published"}, {"hash": "0b053db5674b87efff89989a8a720df3", "key": "cvss"}, {"hash": "756bd44ad36e62b951b7a08611cbd3f5", "key": "href"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "bc7f8fc71017e1124d57947313af5643", "key": "title"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2595", "id": "CVE-2014-2595", "lastseen": "2020-10-03T12:01:15", "modified": "2020-02-20T15:55:00", "objectVersion": "1.3", "published": "2020-02-12T01:15:00", "references": ["https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2595/", "http://www.osvdb.org/109782", "https://www.securityfocus.com/bid/69028", "https://www.exploit-db.com/exploits/39278", "http://packetstormsecurity.com/files/127740/Barracuda-WAF-Authentication-Bypass.html", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31004", "http://seclists.org/fulldisclosure/2014/Aug/5"], "reporter": "cve@mitre.org", "title": "CVE-2014-2595", "type": "cve", "viewCount": 56}, "differentElements": ["extraReferences"], "edition": 6, "lastseen": "2020-10-03T12:01:15"}, {"bulletin": {"affectedSoftware": [{"name": "barracuda web_application_firewall", "operator": "eq", "version": "7.8.1.013"}], "bulletinFamily": "NVD", "cpe": ["cpe:/a:barracuda:web_application_firewall:7.8.1.013"], "cpe23": ["cpe:2.3:a:barracuda:web_application_firewall:7.8.1.013:*:*:*:*:*:*:*"], "cvelist": ["CVE-2014-2595"], "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {}, "cwe": ["CWE-613"], "description": "Barracuda Web Application Firewall (WAF) 7.8.1.013 allows remote attackers to bypass authentication by leveraging a permanent authentication token obtained from a query string.", "edition": 4, "enchantments": {"dependencies": {"modified": "2020-02-21T13:06:26", "references": [{"idList": ["PACKETSTORM:127740"], "type": "packetstorm"}, {"idList": ["SECURITYVULNS:DOC:31004", "SECURITYVULNS:VULN:13887"], "type": "securityvulns"}, {"idList": ["EDB-ID:39278"], "type": "exploitdb"}], "rev": 2}, "score": {"modified": "2020-02-21T13:06:26", "rev": 2, "value": 6.9, "vector": "NONE"}}, "hash": "4423bdd8d6936961112ee89e752cf7c866f443470052f4a4ac3529b4be6ae18f", "hashmap": [{"hash": "584cd9e6927eaaa814c6545414f09911", "key": "description"}, {"hash": "cf46dbeffc0c7dc51130bcd388b4459a", "key": "references"}, {"hash": "92ee34fefd5301ff6ccb77b813c8d4f8", "key": "modified"}, {"hash": "86870277fcb3e3e121fe9e4f1f7c2b51", "key": "cwe"}, {"hash": "405ecfc0fb244283a2773863614145bf", "key": "cpe23"}, {"hash": "e63509ce8b627fb239a5a63969122026", "key": "cvss2"}, {"hash": "832b9c21b4589969549f63eb0724398c", "key": "cpe"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss3"}, {"hash": "afd8c4a8002c25596504fc1efc107886", "key": "cvelist"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "6c607768196e3786ab17cb3a6e516cad", "key": "published"}, {"hash": "0b053db5674b87efff89989a8a720df3", "key": "cvss"}, {"hash": "756bd44ad36e62b951b7a08611cbd3f5", "key": "href"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "bc7f8fc71017e1124d57947313af5643", "key": "title"}, {"hash": "ee2d931efb4c4fa7a1a321df76c0b838", "key": "affectedSoftware"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2595", "id": "CVE-2014-2595", "lastseen": "2020-02-21T13:06:26", "modified": "2020-02-20T15:55:00", "objectVersion": "1.3", "published": "2020-02-12T01:15:00", "references": ["https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2595/", "http://www.osvdb.org/109782", "https://www.securityfocus.com/bid/69028", "https://www.exploit-db.com/exploits/39278", "http://packetstormsecurity.com/files/127740/Barracuda-WAF-Authentication-Bypass.html", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31004", "http://seclists.org/fulldisclosure/2014/Aug/5"], "reporter": "cve@mitre.org", "title": "CVE-2014-2595", "type": "cve", "viewCount": 47}, "differentElements": ["cvss3", "affectedSoftware"], "edition": 4, "lastseen": "2020-02-21T13:06:26"}, {"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "barracuda:web_application_firewall", "name": "barracuda web application firewall", "operator": "eq", "version": "7.8.1.013"}], "bulletinFamily": "NVD", "cpe": ["cpe:/a:barracuda:web_application_firewall:7.8.1.013"], "cpe23": ["cpe:2.3:a:barracuda:web_application_firewall:7.8.1.013:*:*:*:*:*:*:*"], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:barracuda:web_application_firewall:7.8.1.013:*:*:*:*:*:*:*", "vulnerable": true}], "operator": "OR"}]}, "cvelist": ["CVE-2014-2595"], "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9}, "cwe": ["CWE-613"], "description": "Barracuda Web Application Firewall (WAF) 7.8.1.013 allows remote attackers to bypass authentication by leveraging a permanent authentication token obtained from a query string.", "edition": 7, "enchantments": {"dependencies": {"modified": "2021-02-02T06:14:28", "references": [{"idList": ["PACKETSTORM:127740"], "type": "packetstorm"}, {"idList": ["SECURITYVULNS:DOC:31004", "SECURITYVULNS:VULN:13887"], "type": "securityvulns"}, {"idList": ["EDB-ID:39278"], "type": "exploitdb"}], "rev": 2}, "score": {"modified": "2021-02-02T06:14:28", "rev": 2, "value": 6.9, "vector": "NONE"}}, "extraReferences": [{"name": "http://packetstormsecurity.com/files/127740/Barracuda-WAF-Authentication-Bypass.html", "refsource": "MISC", "tags": ["Third Party Advisory", "Exploit", "VDB Entry"], "url": "http://packetstormsecurity.com/files/127740/Barracuda-WAF-Authentication-Bypass.html"}, {"name": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31004", "refsource": "MISC", "tags": ["Third Party Advisory", "Exploit"], "url": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31004"}, {"name": "http://www.osvdb.org/109782", "refsource": "MISC", "tags": ["Broken Link"], "url": "http://www.osvdb.org/109782"}, {"name": "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2595/", "refsource": "MISC", "tags": ["Broken Link"], "url": "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2595/"}, {"name": "https://www.exploit-db.com/exploits/39278", "refsource": "MISC", "tags": ["Third Party Advisory", "Exploit", "VDB Entry"], "url": "https://www.exploit-db.com/exploits/39278"}, {"name": "https://www.securityfocus.com/bid/69028", "refsource": "MISC", "tags": ["Third Party Advisory", "Exploit", "VDB Entry"], "url": "https://www.securityfocus.com/bid/69028"}, {"name": "http://seclists.org/fulldisclosure/2014/Aug/5", "refsource": "MISC", "tags": ["Third Party Advisory", "Mailing List", "Exploit"], "url": "http://seclists.org/fulldisclosure/2014/Aug/5"}], "hash": "d6e72c33ebf3accfe25046812d0b1e7698f2d37c9159defa7c7bda26e2ab359b", "hashmap": [{"hash": "584cd9e6927eaaa814c6545414f09911", "key": "description"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "immutableFields"}, {"hash": "cf46dbeffc0c7dc51130bcd388b4459a", "key": "references"}, {"hash": "92ee34fefd5301ff6ccb77b813c8d4f8", "key": "modified"}, {"hash": "86870277fcb3e3e121fe9e4f1f7c2b51", "key": "cwe"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "405ecfc0fb244283a2773863614145bf", "key": "cpe23"}, {"hash": "e63509ce8b627fb239a5a63969122026", "key": "cvss2"}, {"hash": "832b9c21b4589969549f63eb0724398c", "key": "cpe"}, {"hash": "0e66a595df2112e69adac8e55cbdb92d", "key": "cpeConfiguration"}, {"hash": "a97b191a26cb922c0b82d26c5f04f4db", "key": "affectedSoftware"}, {"hash": "ad35358d166de03a84a3a9280d95337a", "key": "cvss3"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "073d5951cb97bd54baf9ef00e5950ef4", "key": "extraReferences"}, {"hash": "afd8c4a8002c25596504fc1efc107886", "key": "cvelist"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "6c607768196e3786ab17cb3a6e516cad", "key": "published"}, {"hash": "0b053db5674b87efff89989a8a720df3", "key": "cvss"}, {"hash": "756bd44ad36e62b951b7a08611cbd3f5", "key": "href"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "bc7f8fc71017e1124d57947313af5643", "key": "title"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2595", "id": "CVE-2014-2595", "immutableFields": [], "lastseen": "2021-02-02T06:14:28", "modified": "2020-02-20T15:55:00", "objectVersion": "1.5", "published": "2020-02-12T01:15:00", "references": ["https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2595/", "http://www.osvdb.org/109782", "https://www.securityfocus.com/bid/69028", "https://www.exploit-db.com/exploits/39278", "http://packetstormsecurity.com/files/127740/Barracuda-WAF-Authentication-Bypass.html", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31004", "http://seclists.org/fulldisclosure/2014/Aug/5"], "reporter": "cve@mitre.org", "title": "CVE-2014-2595", "type": "cve", "viewCount": 60}, "different_elements": ["cpeConfiguration"], "edition": 7, "lastseen": "2021-02-02T06:14:28"}], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2595", "enchantments": {"dependencies": {"references": [{"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:13887", "SECURITYVULNS:DOC:31004"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:127740"]}, {"type": "exploitdb", "idList": ["EDB-ID:39278"]}], "modified": "2021-04-22T23:44:08", "rev": 2}, "score": {"value": 6.9, "vector": "NONE", "modified": "2021-04-22T23:44:08", "rev": 2}}, "type": "cve", "hashmap": [{"key": "affectedConfiguration", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "affectedSoftware", "hash": "a97b191a26cb922c0b82d26c5f04f4db"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "832b9c21b4589969549f63eb0724398c"}, {"key": "cpe23", "hash": "405ecfc0fb244283a2773863614145bf"}, {"key": "cpeConfiguration", "hash": "238f536d7ccbcb60d24ab76ed2548b8b"}, {"key": "cvelist", "hash": "afd8c4a8002c25596504fc1efc107886"}, {"key": "cvss", "hash": "0b053db5674b87efff89989a8a720df3"}, {"key": "cvss2", "hash": "e63509ce8b627fb239a5a63969122026"}, {"key": "cvss3", "hash": "ad35358d166de03a84a3a9280d95337a"}, {"key": "cwe", "hash": "86870277fcb3e3e121fe9e4f1f7c2b51"}, {"key": "description", "hash": "584cd9e6927eaaa814c6545414f09911"}, {"key": "extraReferences", "hash": "073d5951cb97bd54baf9ef00e5950ef4"}, {"key": "href", "hash": "756bd44ad36e62b951b7a08611cbd3f5"}, {"key": "immutableFields", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "modified", "hash": "92ee34fefd5301ff6ccb77b813c8d4f8"}, {"key": "published", "hash": "6c607768196e3786ab17cb3a6e516cad"}, {"key": "references", "hash": "cf46dbeffc0c7dc51130bcd388b4459a"}, {"key": "reporter", "hash": "444c2b4dda4a55437faa8bef1a141e84"}, {"key": "title", "hash": "bc7f8fc71017e1124d57947313af5643"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "scheme": null, "affectedSoftware": [{"cpeName": "barracuda:web_application_firewall", "name": "barracuda web application firewall", "operator": "eq", "version": "7.8.1.013"}], "cpe": ["cpe:/a:barracuda:web_application_firewall:7.8.1.013"], "cpe23": ["cpe:2.3:a:barracuda:web_application_firewall:7.8.1.013:*:*:*:*:*:*:*"], "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cwe": ["CWE-613"], "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9}, "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:a:barracuda:web_application_firewall:7.8.1.013:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}], "operator": "OR"}]}, "extraReferences": [{"name": "http://packetstormsecurity.com/files/127740/Barracuda-WAF-Authentication-Bypass.html", "refsource": "MISC", "tags": ["Third Party Advisory", "Exploit", "VDB Entry"], "url": "http://packetstormsecurity.com/files/127740/Barracuda-WAF-Authentication-Bypass.html"}, {"name": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31004", "refsource": "MISC", "tags": ["Third Party Advisory", "Exploit"], "url": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31004"}, {"name": "http://www.osvdb.org/109782", "refsource": "MISC", "tags": ["Broken Link"], "url": "http://www.osvdb.org/109782"}, {"name": "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2595/", "refsource": "MISC", "tags": ["Broken Link"], "url": "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2595/"}, {"name": "https://www.exploit-db.com/exploits/39278", "refsource": "MISC", "tags": ["Third Party Advisory", "Exploit", "VDB Entry"], "url": "https://www.exploit-db.com/exploits/39278"}, {"name": "https://www.securityfocus.com/bid/69028", "refsource": "MISC", "tags": ["Third Party Advisory", "Exploit", "VDB Entry"], "url": "https://www.securityfocus.com/bid/69028"}, {"name": "http://seclists.org/fulldisclosure/2014/Aug/5", "refsource": "MISC", "tags": ["Third Party Advisory", "Mailing List", "Exploit"], "url": "http://seclists.org/fulldisclosure/2014/Aug/5"}], "immutableFields": []}, {"id": "CVE-2008-7273", "bulletinFamily": "NVD", "title": "CVE-2008-7273", "description": "A symlink issue exists in Iceweasel-firegpg before 0.6 due to insecure tempfile handling.", "published": "2019-11-18T22:15:00", "modified": "2019-11-20T15:56:00", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7273", "reporter": "cve@mitre.org", "references": ["https://security-tracker.debian.org/tracker/CVE-2008-7273", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20757?utm_source=securityvulns&utm_medium=redirect", "https://www.openwall.com/lists/oss-security/2011/01/14/2"], "cvelist": ["CVE-2008-7273"], "type": "cve", "lastseen": "2021-04-21T20:41:43", "history": [{"bulletin": {"affectedSoftware": [{"name": "getfiregpg iceweasel-firegpg", "operator": "eq", "version": "-"}], "bulletinFamily": "NVD", "cpe": ["cpe:/a:getfiregpg:iceweasel-firegpg:-"], "cpe23": [], "cvelist": ["CVE-2008-7273"], "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {}, "cwe": ["CWE-59"], "description": "A symlink issue exists in Iceweasel-firegpg before 0.6 due to insecure tempfile handling.", "edition": 3, "enchantments": {"dependencies": {"modified": "2019-12-18T13:57:06", "references": [], "rev": 2}, "score": {"modified": "2019-12-18T13:57:06", "rev": 2, "value": 1.2, "vector": "NONE"}}, "hash": "d61e8c253c1f5d35ed5977532afcfe58d323a03057be4323e8c19bd7bed39d26", "hashmap": [{"hash": "368a4092894f1320c5eb8d6f1746c872", "key": "modified"}, {"hash": "d613e2c86955266b0d3e0b9be74eae16", "key": "references"}, {"hash": "b066b40875680d07f9f9912048360029", "key": "href"}, {"hash": "5a3d95049ed4485340188fd46566963d", "key": "title"}, {"hash": "9c6958cd5dd022a438c0a93346bb7717", "key": "cvelist"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss3"}, {"hash": "3e1e24cf5fed13b85f5534cb239a1044", "key": "cpe"}, {"hash": "6f6410364e4cee78bd47ed1fc3d8dd5b", "key": "cvss"}, {"hash": "c92f044c94e4360fec268c45081f3bc6", "key": "cwe"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "4464888dd8ea79b7344278e86594f061", "key": "affectedSoftware"}, {"hash": "f427291f843f1948956af8f0777cb86f", "key": "description"}, {"hash": "d1c394bb6e6939e65900ac8652bcb35f", "key": "published"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "a6adb76bd2d2e833d4aee455da4b36c3", "key": "cvss2"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7273", "id": "CVE-2008-7273", "lastseen": "2019-12-18T13:57:06", "modified": "2019-11-20T15:56:00", "objectVersion": "1.3", "published": "2019-11-18T22:15:00", "references": ["https://security-tracker.debian.org/tracker/CVE-2008-7273", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20757?utm_source=securityvulns&utm_medium=redirect", "https://www.openwall.com/lists/oss-security/2011/01/14/2"], "reporter": "cve@mitre.org", "title": "CVE-2008-7273", "type": "cve", "viewCount": 62}, "differentElements": ["cvss3", "cpe", "affectedSoftware"], "edition": 3, "lastseen": "2019-12-18T13:57:06"}, {"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "getfiregpg:iceweasel-firegpg", "name": "getfiregpg iceweasel-firegpg", "operator": "lt", "version": "0.6"}], "bulletinFamily": "NVD", "cpe": [], "cpe23": [], "cpeConfiguration": {}, "cvelist": ["CVE-2008-7273"], "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "cwe": ["CWE-59"], "description": "A symlink issue exists in Iceweasel-firegpg before 0.6 due to insecure tempfile handling.", "edition": 4, "enchantments": {"dependencies": {"modified": "2020-09-21T13:59:22", "references": [], "rev": 2}, "score": {"modified": "2020-09-21T13:59:22", "rev": 2, "value": 1.2, "vector": "NONE"}}, "hash": "557fd4cb813bf4897b5fdca93f953d2fe22dd9fed46f9a924ed2d03719983a4f", "hashmap": [{"hash": "beb519effad5780952ea4ce1697a49ad", "key": "cvss3"}, {"hash": "368a4092894f1320c5eb8d6f1746c872", "key": "modified"}, {"hash": "d613e2c86955266b0d3e0b9be74eae16", "key": "references"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "b066b40875680d07f9f9912048360029", "key": "href"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpeConfiguration"}, {"hash": "5a3d95049ed4485340188fd46566963d", "key": "title"}, {"hash": "9c6958cd5dd022a438c0a93346bb7717", "key": "cvelist"}, {"hash": "2323c5f10ea99bff6a3fd88adbf7723c", "key": "affectedSoftware"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "6f6410364e4cee78bd47ed1fc3d8dd5b", "key": "cvss"}, {"hash": "c92f044c94e4360fec268c45081f3bc6", "key": "cwe"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "f427291f843f1948956af8f0777cb86f", "key": "description"}, {"hash": "d1c394bb6e6939e65900ac8652bcb35f", "key": "published"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}, {"hash": "a6adb76bd2d2e833d4aee455da4b36c3", "key": "cvss2"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7273", "id": "CVE-2008-7273", "lastseen": "2020-09-21T13:59:22", "modified": "2019-11-20T15:56:00", "objectVersion": "1.3", "published": "2019-11-18T22:15:00", "references": ["https://security-tracker.debian.org/tracker/CVE-2008-7273", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20757?utm_source=securityvulns&utm_medium=redirect", "https://www.openwall.com/lists/oss-security/2011/01/14/2"], "reporter": "cve@mitre.org", "title": "CVE-2008-7273", "type": "cve", "viewCount": 62}, "differentElements": ["cpeConfiguration"], "edition": 4, "lastseen": "2020-09-21T13:59:22"}, {"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "getfiregpg:iceweasel-firegpg", "name": "getfiregpg iceweasel-firegpg", "operator": "lt", "version": "0.6"}], "bulletinFamily": "NVD", "cpe": [], "cpe23": [], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:getfiregpg:iceweasel-firegpg:0.6:*:*:*:*:*:*:*", "versionEndExcluding": "0.6", "vulnerable": true}], "operator": "OR"}]}, "cvelist": ["CVE-2008-7273"], "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "cwe": ["CWE-59"], "description": "A symlink issue exists in Iceweasel-firegpg before 0.6 due to insecure tempfile handling.", "edition": 7, "enchantments": {"dependencies": {"modified": "2020-12-09T19:28:28", "references": [], "rev": 2}, "score": {"modified": "2020-12-09T19:28:28", "rev": 2, "value": 1.2, "vector": "NONE"}}, "extraReferences": [], "hash": "3f2537e658f4240fe6f7df8e451ce685d2ca8ba79fbda529c1842e690c507e37", "hashmap": [{"hash": "beb519effad5780952ea4ce1697a49ad", "key": "cvss3"}, {"hash": "368a4092894f1320c5eb8d6f1746c872", "key": "modified"}, {"hash": "d613e2c86955266b0d3e0b9be74eae16", "key": "references"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "b066b40875680d07f9f9912048360029", "key": "href"}, {"hash": "5a3d95049ed4485340188fd46566963d", "key": "title"}, {"hash": "9c6958cd5dd022a438c0a93346bb7717", "key": "cvelist"}, {"hash": "2323c5f10ea99bff6a3fd88adbf7723c", "key": "affectedSoftware"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "6f6410364e4cee78bd47ed1fc3d8dd5b", "key": "cvss"}, {"hash": "c92f044c94e4360fec268c45081f3bc6", "key": "cwe"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "extraReferences"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "f427291f843f1948956af8f0777cb86f", "key": "description"}, {"hash": "d1c394bb6e6939e65900ac8652bcb35f", "key": "published"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}, {"hash": "a6adb76bd2d2e833d4aee455da4b36c3", "key": "cvss2"}, {"hash": "451ac74d9ed8923574ac49d27fa22411", "key": "cpeConfiguration"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7273", "id": "CVE-2008-7273", "lastseen": "2020-12-09T19:28:28", "modified": "2019-11-20T15:56:00", "objectVersion": "1.3", "published": "2019-11-18T22:15:00", "references": ["https://security-tracker.debian.org/tracker/CVE-2008-7273", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20757?utm_source=securityvulns&utm_medium=redirect", "https://www.openwall.com/lists/oss-security/2011/01/14/2"], "reporter": "cve@mitre.org", "title": "CVE-2008-7273", "type": "cve", "viewCount": 76}, "differentElements": ["extraReferences"], "edition": 7, "lastseen": "2020-12-09T19:28:28"}, {"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "getfiregpg:iceweasel-firegpg", "name": "getfiregpg iceweasel-firegpg", "operator": "lt", "version": "0.6"}], "bulletinFamily": "NVD", "cpe": [], "cpe23": [], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:getfiregpg:iceweasel-firegpg:0.6:*:*:*:*:*:*:*", "versionEndExcluding": "0.6", "vulnerable": true}], "operator": "OR"}]}, "cvelist": ["CVE-2008-7273"], "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "cwe": ["CWE-59"], "description": "A symlink issue exists in Iceweasel-firegpg before 0.6 due to insecure tempfile handling.", "edition": 5, "enchantments": {"dependencies": {"modified": "2020-10-03T11:51:06", "references": [], "rev": 2}, "score": {"modified": "2020-10-03T11:51:06", "rev": 2, "value": 1.2, "vector": "NONE"}}, "hash": "3f49259ae0555553bcbf3433a53f5984d6de287f6d865e78b449bda3b88b8ea7", "hashmap": [{"hash": "beb519effad5780952ea4ce1697a49ad", "key": "cvss3"}, {"hash": "368a4092894f1320c5eb8d6f1746c872", "key": "modified"}, {"hash": "d613e2c86955266b0d3e0b9be74eae16", "key": "references"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "b066b40875680d07f9f9912048360029", "key": "href"}, {"hash": "5a3d95049ed4485340188fd46566963d", "key": "title"}, {"hash": "9c6958cd5dd022a438c0a93346bb7717", "key": "cvelist"}, {"hash": "2323c5f10ea99bff6a3fd88adbf7723c", "key": "affectedSoftware"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "6f6410364e4cee78bd47ed1fc3d8dd5b", "key": "cvss"}, {"hash": "c92f044c94e4360fec268c45081f3bc6", "key": "cwe"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "f427291f843f1948956af8f0777cb86f", "key": "description"}, {"hash": "d1c394bb6e6939e65900ac8652bcb35f", "key": "published"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}, {"hash": "a6adb76bd2d2e833d4aee455da4b36c3", "key": "cvss2"}, {"hash": "451ac74d9ed8923574ac49d27fa22411", "key": "cpeConfiguration"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7273", "id": "CVE-2008-7273", "lastseen": "2020-10-03T11:51:06", "modified": "2019-11-20T15:56:00", "objectVersion": "1.3", "published": "2019-11-18T22:15:00", "references": ["https://security-tracker.debian.org/tracker/CVE-2008-7273", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20757?utm_source=securityvulns&utm_medium=redirect", "https://www.openwall.com/lists/oss-security/2011/01/14/2"], "reporter": "cve@mitre.org", "title": "CVE-2008-7273", "type": "cve", "viewCount": 72}, "differentElements": ["affectedSoftware"], "edition": 5, "lastseen": "2020-10-03T11:51:06"}, {"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "getfiregpg:iceweasel-firegpg", "name": "getfiregpg iceweasel-firegpg", "operator": "lt", "version": "0.6"}], "bulletinFamily": "NVD", "cpe": [], "cpe23": [], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:getfiregpg:iceweasel-firegpg:0.6:*:*:*:*:*:*:*", "versionEndExcluding": "0.6", "vulnerable": true}], "operator": "OR"}]}, "cvelist": ["CVE-2008-7273"], "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "cwe": ["CWE-59"], "description": "A symlink issue exists in Iceweasel-firegpg before 0.6 due to insecure tempfile handling.", "edition": 8, "enchantments": {"dependencies": {"modified": "2021-02-02T05:35:21", "references": [], "rev": 2}, "score": {"modified": "2021-02-02T05:35:21", "rev": 2, "value": 1.2, "vector": "NONE"}}, "extraReferences": [{"name": "https://www.openwall.com/lists/oss-security/2011/01/14/2", "refsource": "MISC", "tags": ["Third Party Advisory", "Mailing List"], "url": "https://www.openwall.com/lists/oss-security/2011/01/14/2"}, {"name": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20757?utm_source=securityvulns&utm_medium=redirect", "refsource": "MISC", "tags": ["Third Party Advisory"], "url": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20757?utm_source=securityvulns&utm_medium=redirect"}, {"name": "https://security-tracker.debian.org/tracker/CVE-2008-7273", "refsource": "MISC", "tags": ["Third Party Advisory"], "url": "https://security-tracker.debian.org/tracker/CVE-2008-7273"}], "hash": "5b731cb69531a1a4f440c98e6086aef32b59d25a21b3e795f6d21cdd0acb5966", "hashmap": [{"hash": "beb519effad5780952ea4ce1697a49ad", "key": "cvss3"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "immutableFields"}, {"hash": "368a4092894f1320c5eb8d6f1746c872", "key": "modified"}, {"hash": "d613e2c86955266b0d3e0b9be74eae16", "key": "references"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "b066b40875680d07f9f9912048360029", "key": "href"}, {"hash": "85fdbb6779c8f53457b03e4617cac1fd", "key": "extraReferences"}, {"hash": "5a3d95049ed4485340188fd46566963d", "key": "title"}, {"hash": "9c6958cd5dd022a438c0a93346bb7717", "key": "cvelist"}, {"hash": "2323c5f10ea99bff6a3fd88adbf7723c", "key": "affectedSoftware"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "6f6410364e4cee78bd47ed1fc3d8dd5b", "key": "cvss"}, {"hash": "c92f044c94e4360fec268c45081f3bc6", "key": "cwe"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "f427291f843f1948956af8f0777cb86f", "key": "description"}, {"hash": "d1c394bb6e6939e65900ac8652bcb35f", "key": "published"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}, {"hash": "a6adb76bd2d2e833d4aee455da4b36c3", "key": "cvss2"}, {"hash": "451ac74d9ed8923574ac49d27fa22411", "key": "cpeConfiguration"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7273", "id": "CVE-2008-7273", "immutableFields": [], "lastseen": "2021-02-02T05:35:21", "modified": "2019-11-20T15:56:00", "objectVersion": "1.5", "published": "2019-11-18T22:15:00", "references": ["https://security-tracker.debian.org/tracker/CVE-2008-7273", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20757?utm_source=securityvulns&utm_medium=redirect", "https://www.openwall.com/lists/oss-security/2011/01/14/2"], "reporter": "cve@mitre.org", "title": "CVE-2008-7273", "type": "cve", "viewCount": 78}, "different_elements": ["cpeConfiguration"], "edition": 8, "lastseen": "2021-02-02T05:35:21"}], "edition": 9, "hashmap": [{"key": "affectedConfiguration", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "affectedSoftware", "hash": "2323c5f10ea99bff6a3fd88adbf7723c"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cpe23", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cpeConfiguration", "hash": "b37293c28011cded7e6cea212cc908fa"}, {"key": "cvelist", "hash": "9c6958cd5dd022a438c0a93346bb7717"}, {"key": "cvss", "hash": "6f6410364e4cee78bd47ed1fc3d8dd5b"}, {"key": "cvss2", "hash": "a6adb76bd2d2e833d4aee455da4b36c3"}, {"key": "cvss3", "hash": "beb519effad5780952ea4ce1697a49ad"}, {"key": "cwe", "hash": "c92f044c94e4360fec268c45081f3bc6"}, {"key": "description", "hash": "f427291f843f1948956af8f0777cb86f"}, {"key": "extraReferences", "hash": "85fdbb6779c8f53457b03e4617cac1fd"}, {"key": "href", "hash": "b066b40875680d07f9f9912048360029"}, {"key": "immutableFields", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "modified", "hash": "368a4092894f1320c5eb8d6f1746c872"}, {"key": "published", "hash": "d1c394bb6e6939e65900ac8652bcb35f"}, {"key": "references", "hash": "d613e2c86955266b0d3e0b9be74eae16"}, {"key": "reporter", "hash": "444c2b4dda4a55437faa8bef1a141e84"}, {"key": "title", "hash": "5a3d95049ed4485340188fd46566963d"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "d695debc34a1657f10acd9dd2989cff4ec01e7bd03c81d546ca7db279f9ade48", "viewCount": 85, "enchantments": {"dependencies": {"references": [], "modified": "2021-04-21T20:41:43", "rev": 2}, "score": {"value": 1.2, "vector": "NONE", "modified": "2021-04-21T20:41:43", "rev": 2}}, "objectVersion": "1.5", "cpe": [], "affectedSoftware": [{"cpeName": "getfiregpg:iceweasel-firegpg", "name": "getfiregpg iceweasel-firegpg", "operator": "lt", "version": "0.6"}], "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "cpe23": [], "cwe": ["CWE-59"], "scheme": null, "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:a:getfiregpg:iceweasel-firegpg:0.6:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "0.6", "vulnerable": true}], "operator": "OR"}]}, "extraReferences": [{"name": "https://www.openwall.com/lists/oss-security/2011/01/14/2", "refsource": "MISC", "tags": ["Third Party Advisory", "Mailing List"], "url": "https://www.openwall.com/lists/oss-security/2011/01/14/2"}, {"name": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20757?utm_source=securityvulns&utm_medium=redirect", "refsource": "MISC", "tags": ["Third Party Advisory"], "url": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20757?utm_source=securityvulns&utm_medium=redirect"}, {"name": "https://security-tracker.debian.org/tracker/CVE-2008-7273", "refsource": "MISC", "tags": ["Third Party Advisory"], "url": "https://security-tracker.debian.org/tracker/CVE-2008-7273"}], "immutableFields": []}, {"id": "CVE-2008-7272", "bulletinFamily": "NVD", "title": "CVE-2008-7272", "description": "FireGPG before 0.6 handle user\u2019s passphrase and decrypted cleartext insecurely by writing pre-encrypted cleartext and the user's passphrase to disk which may result in the compromise of secure communication or a users\u2019s private key.", "published": "2019-11-08T00:15:00", "modified": "2020-02-10T21:16:00", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7272", "reporter": "cve@mitre.org", "references": ["https://security-tracker.debian.org/tracker/CVE-2008-7272", "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=514386", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20757?utm_source=securityvulns&utm_medium=redirect"], "cvelist": ["CVE-2008-7272"], "type": "cve", "lastseen": "2021-04-21T20:41:43", "history": [{"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "getfiregpg:firegpg", "name": "getfiregpg firegpg", "operator": "lt", "version": "0.6"}], "bulletinFamily": "NVD", "cpe": [], "cpe23": [], "cpeConfiguration": {}, "cvelist": ["CVE-2008-7272"], "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6}, "cwe": ["CWE-312"], "description": "FireGPG before 0.6 handle user\u2019s passphrase and decrypted cleartext insecurely by writing pre-encrypted cleartext and the user's passphrase to disk which may result in the compromise of secure communication or a users\u2019s private key.", "edition": 4, "enchantments": {"dependencies": {"modified": "2020-09-21T13:59:22", "references": [], "rev": 2}, "score": {"modified": "2020-09-21T13:59:22", "rev": 2, "value": 2.4, "vector": "NONE"}}, "hash": "f6701a04d3477e440e72324b648d7646a2f9466e07e83e341707bb314aec84a0", "hashmap": [{"hash": "54b0c94164bf625d039c58f14cd4c116", "key": "references"}, {"hash": "92c16862fafe4d9eb26185434339836e", "key": "cwe"}, {"hash": "5db042f8057f3f288fe9cd4213121eb2", "key": "title"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "767e67f900c3effb5b550959d21fb12e", "key": "cvelist"}, {"hash": "3c75b36a7f1966a251dbe6148b866f97", "key": "modified"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpeConfiguration"}, {"hash": "9bc143c7676b7e5a3fd9537d7507310b", "key": "cvss2"}, {"hash": "a89198c45ce87f7ec9735a085150b708", "key": "cvss"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "1162e82aa1c980ee7ebee4af4c99369c", "key": "published"}, {"hash": "cd391b15e7a01ae2bbfcca256d89bfb8", "key": "cvss3"}, {"hash": "95669953499c0eb40b242611dfbe75d4", "key": "description"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "9258b012e591cc93a7c6b0cd1b5c6b05", "key": "href"}, {"hash": "a0acab3127efc281e78e28b6a414532c", "key": "affectedSoftware"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7272", "id": "CVE-2008-7272", "lastseen": "2020-09-21T13:59:22", "modified": "2020-02-10T21:16:00", "objectVersion": "1.3", "published": "2019-11-08T00:15:00", "references": ["https://security-tracker.debian.org/tracker/CVE-2008-7272", "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=514386", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20757?utm_source=securityvulns&utm_medium=redirect"], "reporter": "cve@mitre.org", "title": "CVE-2008-7272", "type": "cve", "viewCount": 10}, "differentElements": ["cpeConfiguration"], "edition": 4, "lastseen": "2020-09-21T13:59:22"}, {"bulletin": {"affectedSoftware": [{"name": "getfiregpg firegpg", "operator": "eq", "version": "-"}], "bulletinFamily": "NVD", "cpe": ["cpe:/a:getfiregpg:firegpg:-"], "cpe23": [], "cvelist": ["CVE-2008-7272"], "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {}, "cwe": ["CWE-312"], "description": "FireGPG before 0.6 handle user\u2019s passphrase and decrypted cleartext insecurely by writing pre-encrypted cleartext and the user's passphrase to disk which may result in the compromise of secure communication or a users\u2019s private key.", "edition": 3, "enchantments": {"dependencies": {"modified": "2020-02-11T14:25:16", "references": [], "rev": 2}, "score": {"modified": "2020-02-11T14:25:16", "rev": 2, "value": 2.4, "vector": "NONE"}}, "hash": "a5439a88032d0d96d6b3b175c5bb2652a08a5ac9dd8565abd675e989e312c52e", "hashmap": [{"hash": "54b0c94164bf625d039c58f14cd4c116", "key": "references"}, {"hash": "92c16862fafe4d9eb26185434339836e", "key": "cwe"}, {"hash": "5db042f8057f3f288fe9cd4213121eb2", "key": "title"}, {"hash": "767e67f900c3effb5b550959d21fb12e", "key": "cvelist"}, {"hash": "3c75b36a7f1966a251dbe6148b866f97", "key": "modified"}, {"hash": "9bc143c7676b7e5a3fd9537d7507310b", "key": "cvss2"}, {"hash": "a89198c45ce87f7ec9735a085150b708", "key": "cvss"}, {"hash": "c78a0c9b48c95bd2d49fb402de9ce674", "key": "cpe"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss3"}, {"hash": "1162e82aa1c980ee7ebee4af4c99369c", "key": "published"}, {"hash": "d2db9f7acf8121ca4d72b70e2934db08", "key": "affectedSoftware"}, {"hash": "95669953499c0eb40b242611dfbe75d4", "key": "description"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "9258b012e591cc93a7c6b0cd1b5c6b05", "key": "href"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7272", "id": "CVE-2008-7272", "lastseen": "2020-02-11T14:25:16", "modified": "2020-02-10T21:16:00", "objectVersion": "1.3", "published": "2019-11-08T00:15:00", "references": ["https://security-tracker.debian.org/tracker/CVE-2008-7272", "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=514386", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20757?utm_source=securityvulns&utm_medium=redirect"], "reporter": "cve@mitre.org", "title": "CVE-2008-7272", "type": "cve", "viewCount": 10}, "differentElements": ["cvss3", "cpe", "affectedSoftware"], "edition": 3, "lastseen": "2020-02-11T14:25:16"}, {"bulletin": {"affectedSoftware": [{"name": "getfiregpg firegpg", "operator": "eq", "version": "-"}], "bulletinFamily": "NVD", "cpe": ["cpe:/a:getfiregpg:firegpg:-"], "cpe23": [], "cvelist": ["CVE-2008-7272"], "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {}, "cwe": ["CWE-312"], "description": "FireGPG before 0.6 handle user?s passphrase and decrypted cleartext insecurely by writing pre-encrypted cleartext and the user's passphrase to disk which may result in the compromise of secure communication or a users?s private key.", "edition": 2, "enchantments": {"dependencies": {"modified": "2019-11-15T19:55:37", "references": []}, "score": {"modified": "2019-11-15T19:55:37", "value": 2.4, "vector": "NONE"}}, "hash": "05a389bab8cb239109f07a53e4f0a9c76cc24d31548b23dfad15c1385b48f5a5", "hashmap": [{"hash": "54b0c94164bf625d039c58f14cd4c116", "key": "references"}, {"hash": "92c16862fafe4d9eb26185434339836e", "key": "cwe"}, {"hash": "5db042f8057f3f288fe9cd4213121eb2", "key": "title"}, {"hash": "b0552313c96be75e9ec1c10adb56b096", "key": "modified"}, {"hash": "767e67f900c3effb5b550959d21fb12e", "key": "cvelist"}, {"hash": "9bc143c7676b7e5a3fd9537d7507310b", "key": "cvss2"}, {"hash": "240c2c1dd6f5cc5cbeb07774547c6c2b", "key": "description"}, {"hash": "a89198c45ce87f7ec9735a085150b708", "key": "cvss"}, {"hash": "c78a0c9b48c95bd2d49fb402de9ce674", "key": "cpe"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss3"}, {"hash": "1162e82aa1c980ee7ebee4af4c99369c", "key": "published"}, {"hash": "d2db9f7acf8121ca4d72b70e2934db08", "key": "affectedSoftware"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "9258b012e591cc93a7c6b0cd1b5c6b05", "key": "href"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7272", "id": "CVE-2008-7272", "lastseen": "2019-11-15T19:55:37", "modified": "2019-11-14T14:28:00", "objectVersion": "1.3", "published": "2019-11-08T00:15:00", "references": ["https://security-tracker.debian.org/tracker/CVE-2008-7272", "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=514386", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20757?utm_source=securityvulns&utm_medium=redirect"], "reporter": "cve@mitre.org", "title": "CVE-2008-7272", "type": "cve", "viewCount": 2}, "differentElements": ["description", "modified"], "edition": 2, "lastseen": "2019-11-15T19:55:37"}, {"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "getfiregpg:firegpg", "name": "getfiregpg firegpg", "operator": "lt", "version": "0.6"}], "bulletinFamily": "NVD", "cpe": [], "cpe23": [], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:getfiregpg:firegpg:0.6:*:*:*:*:firefox:*:*", "versionEndExcluding": "0.6", "vulnerable": true}], "operator": "OR"}]}, "cvelist": ["CVE-2008-7272"], "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6}, "cwe": ["CWE-312"], "description": "FireGPG before 0.6 handle user\u2019s passphrase and decrypted cleartext insecurely by writing pre-encrypted cleartext and the user's passphrase to disk which may result in the compromise of secure communication or a users\u2019s private key.", "edition": 8, "enchantments": {"dependencies": {"modified": "2021-02-02T05:35:21", "references": [], "rev": 2}, "score": {"modified": "2021-02-02T05:35:21", "rev": 2, "value": 2.4, "vector": "NONE"}}, "extraReferences": [{"name": "https://security-tracker.debian.org/tracker/CVE-2008-7272", "refsource": "MISC", "tags": ["Third Party Advisory"], "url": "https://security-tracker.debian.org/tracker/CVE-2008-7272"}, {"name": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20757?utm_source=securityvulns&utm_medium=redirect", "refsource": "MISC", "tags": ["Third Party Advisory"], "url": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20757?utm_source=securityvulns&utm_medium=redirect"}, {"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=514386", "refsource": "MISC", "tags": ["Third Party Advisory", "Issue Tracking"], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=514386"}], "hash": "feff88852d5f44ef4f736cb629de97022a0e3f23b99e0deec3d9ee5daaa7d8df", "hashmap": [{"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "immutableFields"}, {"hash": "54b0c94164bf625d039c58f14cd4c116", "key": "references"}, {"hash": "4847e3110691b6a6a4c7664c0f127f70", "key": "extraReferences"}, {"hash": "92c16862fafe4d9eb26185434339836e", "key": "cwe"}, {"hash": "5db042f8057f3f288fe9cd4213121eb2", "key": "title"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "767e67f900c3effb5b550959d21fb12e", "key": "cvelist"}, {"hash": "3c75b36a7f1966a251dbe6148b866f97", "key": "modified"}, {"hash": "9bc143c7676b7e5a3fd9537d7507310b", "key": "cvss2"}, {"hash": "675695b80d1f3d2196a77047e1ceba64", "key": "cpeConfiguration"}, {"hash": "a89198c45ce87f7ec9735a085150b708", "key": "cvss"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "1162e82aa1c980ee7ebee4af4c99369c", "key": "published"}, {"hash": "cd391b15e7a01ae2bbfcca256d89bfb8", "key": "cvss3"}, {"hash": "95669953499c0eb40b242611dfbe75d4", "key": "description"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "9258b012e591cc93a7c6b0cd1b5c6b05", "key": "href"}, {"hash": "a0acab3127efc281e78e28b6a414532c", "key": "affectedSoftware"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7272", "id": "CVE-2008-7272", "immutableFields": [], "lastseen": "2021-02-02T05:35:21", "modified": "2020-02-10T21:16:00", "objectVersion": "1.5", "published": "2019-11-08T00:15:00", "references": ["https://security-tracker.debian.org/tracker/CVE-2008-7272", "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=514386", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20757?utm_source=securityvulns&utm_medium=redirect"], "reporter": "cve@mitre.org", "title": "CVE-2008-7272", "type": "cve", "viewCount": 19}, "different_elements": ["cpeConfiguration"], "edition": 8, "lastseen": "2021-02-02T05:35:21"}, {"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "getfiregpg:firegpg", "name": "getfiregpg firegpg", "operator": "lt", "version": "*"}], "bulletinFamily": "NVD", "cpe": [], "cpe23": [], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:getfiregpg:firegpg:0.6:*:*:*:*:firefox:*:*", "versionEndExcluding": "0.6", "vulnerable": true}], "operator": "OR"}]}, "cvelist": ["CVE-2008-7272"], "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6}, "cwe": ["CWE-312"], "description": "FireGPG before 0.6 handle user\u2019s passphrase and decrypted cleartext insecurely by writing pre-encrypted cleartext and the user's passphrase to disk which may result in the compromise of secure communication or a users\u2019s private key.", "edition": 6, "enchantments": {"dependencies": {"modified": "2020-11-29T22:56:16", "references": [], "rev": 2}, "score": {"modified": "2020-11-29T22:56:16", "rev": 2, "value": 2.4, "vector": "NONE"}}, "hash": "20ae55db346f6babbeac989b07a5b26e855e45e42cfda6773d64bbcb84e4ef79", "hashmap": [{"hash": "d647e62c83e294ffd6f56a7c761beece", "key": "affectedSoftware"}, {"hash": "54b0c94164bf625d039c58f14cd4c116", "key": "references"}, {"hash": "92c16862fafe4d9eb26185434339836e", "key": "cwe"}, {"hash": "5db042f8057f3f288fe9cd4213121eb2", "key": "title"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "767e67f900c3effb5b550959d21fb12e", "key": "cvelist"}, {"hash": "3c75b36a7f1966a251dbe6148b866f97", "key": "modified"}, {"hash": "9bc143c7676b7e5a3fd9537d7507310b", "key": "cvss2"}, {"hash": "675695b80d1f3d2196a77047e1ceba64", "key": "cpeConfiguration"}, {"hash": "a89198c45ce87f7ec9735a085150b708", "key": "cvss"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "1162e82aa1c980ee7ebee4af4c99369c", "key": "published"}, {"hash": "cd391b15e7a01ae2bbfcca256d89bfb8", "key": "cvss3"}, {"hash": "95669953499c0eb40b242611dfbe75d4", "key": "description"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "9258b012e591cc93a7c6b0cd1b5c6b05", "key": "href"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7272", "id": "CVE-2008-7272", "lastseen": "2020-11-29T22:56:16", "modified": "2020-02-10T21:16:00", "objectVersion": "1.3", "published": "2019-11-08T00:15:00", "references": ["https://security-tracker.debian.org/tracker/CVE-2008-7272", "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=514386", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20757?utm_source=securityvulns&utm_medium=redirect"], "reporter": "cve@mitre.org", "title": "CVE-2008-7272", "type": "cve", "viewCount": 15}, "differentElements": ["affectedSoftware"], "edition": 6, "lastseen": "2020-11-29T22:56:16"}], "edition": 9, "hashmap": [{"key": "affectedConfiguration", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "affectedSoftware", "hash": "a0acab3127efc281e78e28b6a414532c"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cpe23", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cpeConfiguration", "hash": "77e03828e2d6f83f8fa932acfe8daff3"}, {"key": "cvelist", "hash": "767e67f900c3effb5b550959d21fb12e"}, {"key": "cvss", "hash": "a89198c45ce87f7ec9735a085150b708"}, {"key": "cvss2", "hash": "9bc143c7676b7e5a3fd9537d7507310b"}, {"key": "cvss3", "hash": "cd391b15e7a01ae2bbfcca256d89bfb8"}, {"key": "cwe", "hash": "92c16862fafe4d9eb26185434339836e"}, {"key": "description", "hash": "95669953499c0eb40b242611dfbe75d4"}, {"key": "extraReferences", "hash": "4847e3110691b6a6a4c7664c0f127f70"}, {"key": "href", "hash": "9258b012e591cc93a7c6b0cd1b5c6b05"}, {"key": "immutableFields", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "modified", "hash": "3c75b36a7f1966a251dbe6148b866f97"}, {"key": "published", "hash": "1162e82aa1c980ee7ebee4af4c99369c"}, {"key": "references", "hash": "54b0c94164bf625d039c58f14cd4c116"}, {"key": "reporter", "hash": "444c2b4dda4a55437faa8bef1a141e84"}, {"key": "title", "hash": "5db042f8057f3f288fe9cd4213121eb2"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "f34f5d089606f7d870ccc28642bf61f774619d905673726848fc15f3a6590575", "viewCount": 25, "enchantments": {"dependencies": {"references": [], "modified": "2021-04-21T20:41:43", "rev": 2}, "score": {"value": 2.4, "vector": "NONE", "modified": "2021-04-21T20:41:43", "rev": 2}}, "objectVersion": "1.5", "cpe": [], "affectedSoftware": [{"cpeName": "getfiregpg:firegpg", "name": "getfiregpg firegpg", "operator": "lt", "version": "0.6"}], "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6}, "cpe23": [], "cwe": ["CWE-312"], "scheme": null, "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:a:getfiregpg:firegpg:0.6:*:*:*:*:firefox:*:*", "cpe_name": [], "versionEndExcluding": "0.6", "vulnerable": true}], "operator": "OR"}]}, "extraReferences": [{"name": "https://security-tracker.debian.org/tracker/CVE-2008-7272", "refsource": "MISC", "tags": ["Third Party Advisory"], "url": "https://security-tracker.debian.org/tracker/CVE-2008-7272"}, {"name": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20757?utm_source=securityvulns&utm_medium=redirect", "refsource": "MISC", "tags": ["Third Party Advisory"], "url": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20757?utm_source=securityvulns&utm_medium=redirect"}, {"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=514386", "refsource": "MISC", "tags": ["Third Party Advisory", "Issue Tracking"], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=514386"}], "immutableFields": []}, {"id": "CVE-2019-17271", "bulletinFamily": "NVD", "title": "CVE-2019-17271", "description": "vBulletin 5.5.4 allows SQL Injection via the ajax/api/hook/getHookList or ajax/api/widget/getWidgetList where parameter.", "published": "2019-10-08T13:15:00", "modified": "2019-10-09T20:48:00", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-17271", "reporter": "cve@mitre.org", "references": ["http://packetstormsecurity.com/files/154758/vBulletin-5.5.4-SQL-Injection.html", "https://forum.vbulletin.com/forum/vbulletin-announcements/vbulletin-announcements_aa"], "cvelist": ["CVE-2019-17271"], "type": "cve", "lastseen": "2021-04-23T00:45:14", "history": [{"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "vbulletin:vbulletin", "name": "vbulletin", "operator": "le", "version": "5.5.4"}], "bulletinFamily": "NVD", "cpe": ["cpe:/a:vbulletin:vbulletin:5.5.4"], "cpe23": ["cpe:2.3:a:vbulletin:vbulletin:5.5.4:*:*:*:*:*:*:*"], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:vbulletin:vbulletin:5.5.4:*:*:*:*:*:*:*", "versionEndIncluding": "5.5.4", "vulnerable": true}], "operator": "OR"}]}, "cvelist": ["CVE-2019-17271"], "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 3.6}, "cwe": ["CWE-89"], "description": "vBulletin 5.5.4 allows SQL Injection via the ajax/api/hook/getHookList or ajax/api/widget/getWidgetList where parameter.", "edition": 6, "enchantments": {"dependencies": {"modified": "2021-02-02T07:12:55", "references": [{"idList": ["SMNTC-110593"], "type": "symantec"}, {"idList": ["THN:093159C4FD68C474FAF589D92E25C41A"], "type": "thn"}, {"idList": ["PACKETSTORM:154758"], "type": "packetstorm"}], "rev": 2}, "score": {"modified": "2021-02-02T07:12:55", "rev": 2, "value": 6.3, "vector": "NONE"}}, "extraReferences": [{"name": "https://forum.vbulletin.com/forum/vbulletin-announcements/vbulletin-announcements_aa", "refsource": "MISC", "tags": ["Patch", "Vendor Advisory"], "url": "https://forum.vbulletin.com/forum/vbulletin-announcements/vbulletin-announcements_aa"}, {"name": "http://packetstormsecurity.com/files/154758/vBulletin-5.5.4-SQL-Injection.html", "refsource": "MISC", "tags": ["Third Party Advisory", "Exploit", "VDB Entry"], "url": "http://packetstormsecurity.com/files/154758/vBulletin-5.5.4-SQL-Injection.html"}], "hash": "c0c7adf3bc4d8bfcc8c505f3e75c308c1ef135fcdd574892f96d2f11b8627c62", "hashmap": [{"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "immutableFields"}, {"hash": "3bb7c5d734bb047ed452994b820ca294", "key": "cvelist"}, {"hash": "c7106ce2fde59c0465a1be2701fff0f9", "key": "affectedSoftware"}, {"hash": "a6afe0e66b5268660ef539375aa994eb", "key": "title"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "2660d31fd7ab922ceb00fddf6f525614", "key": "description"}, {"hash": "07a69fb94693e6a2da876529ddd1e0ec", "key": "cvss2"}, {"hash": "9a62ed6ed6ad93ad4640690bc72af00f", "key": "href"}, {"hash": "a4492b7522c9f344936f673cff27f335", "key": "modified"}, {"hash": "6e114f1a5a04f768cf044d1cd608723f", "key": "extraReferences"}, {"hash": "e42a8eecc35d2243fa347cd4789923ae", "key": "published"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "79f8e5f1f2efbd3d52e7cd8f87d0d85b", "key": "references"}, {"hash": "f53287160ebb9b426b3d34c9d436e5c1", "key": "cvss3"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "2fcc72e8da562779345058532b8567ff", "key": "cpe23"}, {"hash": "01f6a0931eedcc38a95c704c72494a12", "key": "cpe"}, {"hash": "e258b79b31d39a327c9dafeb61b7a729", "key": "cvss"}, {"hash": "4994f73f97fee1825d38aac7bee9aefe", "key": "cwe"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "7c369511d78464f2ecd95444ca9e6ac1", "key": "cpeConfiguration"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-17271", "id": "CVE-2019-17271", "immutableFields": [], "lastseen": "2021-02-02T07:12:55", "modified": "2019-10-09T20:48:00", "objectVersion": "1.5", "published": "2019-10-08T13:15:00", "references": ["http://packetstormsecurity.com/files/154758/vBulletin-5.5.4-SQL-Injection.html", "https://forum.vbulletin.com/forum/vbulletin-announcements/vbulletin-announcements_aa"], "reporter": "cve@mitre.org", "title": "CVE-2019-17271", "type": "cve", "viewCount": 14}, "different_elements": ["cpeConfiguration"], "edition": 6, "lastseen": "2021-02-02T07:12:55"}, {"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "vbulletin:vbulletin", "name": "vbulletin", "operator": "le", "version": "5.5.4"}], "bulletinFamily": "NVD", "cpe": ["cpe:/a:vbulletin:vbulletin:5.5.4"], "cpe23": ["cpe:2.3:a:vbulletin:vbulletin:5.5.4:*:*:*:*:*:*:*"], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:vbulletin:vbulletin:5.5.4:*:*:*:*:*:*:*", "versionEndIncluding": "5.5.4", "vulnerable": true}], "operator": "OR"}]}, "cvelist": ["CVE-2019-17271"], "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 3.6}, "cwe": ["CWE-89"], "description": "vBulletin 5.5.4 allows SQL Injection via the ajax/api/hook/getHookList or ajax/api/widget/getWidgetList where parameter.", "edition": 5, "enchantments": {"dependencies": {"modified": "2020-12-09T21:41:47", "references": [{"idList": ["SMNTC-110593"], "type": "symantec"}, {"idList": ["THN:093159C4FD68C474FAF589D92E25C41A"], "type": "thn"}, {"idList": ["PACKETSTORM:154758"], "type": "packetstorm"}], "rev": 2}, "score": {"modified": "2020-12-09T21:41:47", "rev": 2, "value": 6.3, "vector": "NONE"}}, "extraReferences": [], "hash": "b5223cbc2a148aa624a6df819a822b1c3b55eb860c95efd8ed341bc928b5cae8", "hashmap": [{"hash": "3bb7c5d734bb047ed452994b820ca294", "key": "cvelist"}, {"hash": "c7106ce2fde59c0465a1be2701fff0f9", "key": "affectedSoftware"}, {"hash": "a6afe0e66b5268660ef539375aa994eb", "key": "title"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "2660d31fd7ab922ceb00fddf6f525614", "key": "description"}, {"hash": "07a69fb94693e6a2da876529ddd1e0ec", "key": "cvss2"}, {"hash": "9a62ed6ed6ad93ad4640690bc72af00f", "key": "href"}, {"hash": "a4492b7522c9f344936f673cff27f335", "key": "modified"}, {"hash": "e42a8eecc35d2243fa347cd4789923ae", "key": "published"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "79f8e5f1f2efbd3d52e7cd8f87d0d85b", "key": "references"}, {"hash": "f53287160ebb9b426b3d34c9d436e5c1", "key": "cvss3"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "extraReferences"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "2fcc72e8da562779345058532b8567ff", "key": "cpe23"}, {"hash": "01f6a0931eedcc38a95c704c72494a12", "key": "cpe"}, {"hash": "e258b79b31d39a327c9dafeb61b7a729", "key": "cvss"}, {"hash": "4994f73f97fee1825d38aac7bee9aefe", "key": "cwe"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "7c369511d78464f2ecd95444ca9e6ac1", "key": "cpeConfiguration"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-17271", "id": "CVE-2019-17271", "lastseen": "2020-12-09T21:41:47", "modified": "2019-10-09T20:48:00", "objectVersion": "1.3", "published": "2019-10-08T13:15:00", "references": ["http://packetstormsecurity.com/files/154758/vBulletin-5.5.4-SQL-Injection.html", "https://forum.vbulletin.com/forum/vbulletin-announcements/vbulletin-announcements_aa"], "reporter": "cve@mitre.org", "title": "CVE-2019-17271", "type": "cve", "viewCount": 13}, "differentElements": ["extraReferences"], "edition": 5, "lastseen": "2020-12-09T21:41:47"}, {"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "vbulletin:vbulletin", "name": "vbulletin", "operator": "le", "version": "5.5.4"}], "bulletinFamily": "NVD", "cpe": ["cpe:/a:vbulletin:vbulletin:5.5.4"], "cpe23": ["cpe:2.3:a:vbulletin:vbulletin:5.5.4:*:*:*:*:*:*:*"], "cpeConfiguration": {}, "cvelist": ["CVE-2019-17271"], "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 3.6}, "cwe": ["CWE-89"], "description": "vBulletin 5.5.4 allows SQL Injection via the ajax/api/hook/getHookList or ajax/api/widget/getWidgetList where parameter.", "edition": 2, "enchantments": {"dependencies": {"modified": "2020-09-21T14:54:32", "references": [{"idList": ["SMNTC-110593"], "type": "symantec"}, {"idList": ["THN:093159C4FD68C474FAF589D92E25C41A"], "type": "thn"}, {"idList": ["PACKETSTORM:154758"], "type": "packetstorm"}], "rev": 2}, "score": {"modified": "2020-09-21T14:54:32", "rev": 2, "value": 6.3, "vector": "NONE"}}, "hash": "e2ac62e23aa93f8043a62e8e6bc869af41df899b360437b069ec16a505f3aa54", "hashmap": [{"hash": "3bb7c5d734bb047ed452994b820ca294", "key": "cvelist"}, {"hash": "c7106ce2fde59c0465a1be2701fff0f9", "key": "affectedSoftware"}, {"hash": "a6afe0e66b5268660ef539375aa994eb", "key": "title"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "2660d31fd7ab922ceb00fddf6f525614", "key": "description"}, {"hash": "07a69fb94693e6a2da876529ddd1e0ec", "key": "cvss2"}, {"hash": "9a62ed6ed6ad93ad4640690bc72af00f", "key": "href"}, {"hash": "a4492b7522c9f344936f673cff27f335", "key": "modified"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpeConfiguration"}, {"hash": "e42a8eecc35d2243fa347cd4789923ae", "key": "published"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "79f8e5f1f2efbd3d52e7cd8f87d0d85b", "key": "references"}, {"hash": "f53287160ebb9b426b3d34c9d436e5c1", "key": "cvss3"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "2fcc72e8da562779345058532b8567ff", "key": "cpe23"}, {"hash": "01f6a0931eedcc38a95c704c72494a12", "key": "cpe"}, {"hash": "e258b79b31d39a327c9dafeb61b7a729", "key": "cvss"}, {"hash": "4994f73f97fee1825d38aac7bee9aefe", "key": "cwe"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-17271", "id": "CVE-2019-17271", "lastseen": "2020-09-21T14:54:32", "modified": "2019-10-09T20:48:00", "objectVersion": "1.3", "published": "2019-10-08T13:15:00", "references": ["http://packetstormsecurity.com/files/154758/vBulletin-5.5.4-SQL-Injection.html", "https://forum.vbulletin.com/forum/vbulletin-announcements/vbulletin-announcements_aa"], "reporter": "cve@mitre.org", "title": "CVE-2019-17271", "type": "cve", "viewCount": 10}, "differentElements": ["cpeConfiguration"], "edition": 2, "lastseen": "2020-09-21T14:54:32"}, {"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "vbulletin:vbulletin", "name": "vbulletin", "operator": "le", "version": "*"}], "bulletinFamily": "NVD", "cpe": ["cpe:/a:vbulletin:vbulletin:5.5.4"], "cpe23": ["cpe:2.3:a:vbulletin:vbulletin:5.5.4:*:*:*:*:*:*:*"], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:vbulletin:vbulletin:5.5.4:*:*:*:*:*:*:*", "versionEndIncluding": "5.5.4", "vulnerable": true}], "operator": "OR"}]}, "cvelist": ["CVE-2019-17271"], "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 3.6}, "cwe": ["CWE-89"], "description": "vBulletin 5.5.4 allows SQL Injection via the ajax/api/hook/getHookList or ajax/api/widget/getWidgetList where parameter.", "edition": 4, "enchantments": {"dependencies": {"modified": "2020-11-30T02:08:02", "references": [{"idList": ["SMNTC-110593"], "type": "symantec"}, {"idList": ["THN:093159C4FD68C474FAF589D92E25C41A"], "type": "thn"}, {"idList": ["PACKETSTORM:154758"], "type": "packetstorm"}], "rev": 2}, "score": {"modified": "2020-11-30T02:08:02", "rev": 2, "value": 6.3, "vector": "NONE"}}, "hash": "63ad94d77eb1a7dc853bb90b710958eb7a6a3549622f5a70780d78056e0fc343", "hashmap": [{"hash": "3bb7c5d734bb047ed452994b820ca294", "key": "cvelist"}, {"hash": "a6afe0e66b5268660ef539375aa994eb", "key": "title"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "2660d31fd7ab922ceb00fddf6f525614", "key": "description"}, {"hash": "07a69fb94693e6a2da876529ddd1e0ec", "key": "cvss2"}, {"hash": "9a62ed6ed6ad93ad4640690bc72af00f", "key": "href"}, {"hash": "a4492b7522c9f344936f673cff27f335", "key": "modified"}, {"hash": "e42a8eecc35d2243fa347cd4789923ae", "key": "published"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "79f8e5f1f2efbd3d52e7cd8f87d0d85b", "key": "references"}, {"hash": "f53287160ebb9b426b3d34c9d436e5c1", "key": "cvss3"}, {"hash": "c3c5532253dfee822b6d80166d274f1b", "key": "affectedSoftware"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "2fcc72e8da562779345058532b8567ff", "key": "cpe23"}, {"hash": "01f6a0931eedcc38a95c704c72494a12", "key": "cpe"}, {"hash": "e258b79b31d39a327c9dafeb61b7a729", "key": "cvss"}, {"hash": "4994f73f97fee1825d38aac7bee9aefe", "key": "cwe"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "7c369511d78464f2ecd95444ca9e6ac1", "key": "cpeConfiguration"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-17271", "id": "CVE-2019-17271", "lastseen": "2020-11-30T02:08:02", "modified": "2019-10-09T20:48:00", "objectVersion": "1.3", "published": "2019-10-08T13:15:00", "references": ["http://packetstormsecurity.com/files/154758/vBulletin-5.5.4-SQL-Injection.html", "https://forum.vbulletin.com/forum/vbulletin-announcements/vbulletin-announcements_aa"], "reporter": "cve@mitre.org", "title": "CVE-2019-17271", "type": "cve", "viewCount": 12}, "differentElements": ["affectedSoftware"], "edition": 4, "lastseen": "2020-11-30T02:08:02"}, {"bulletin": {"affectedSoftware": [{"name": "vbulletin vbulletin", "operator": "le", "version": "5.5.4"}], "bulletinFamily": "NVD", "cpe": [], "cpe23": [], "cvelist": ["CVE-2019-17271"], "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {}, "cwe": ["CWE-89"], "description": "vBulletin 5.5.4 allows SQL Injection via the ajax/api/hook/getHookList or ajax/api/widget/getWidgetList where parameter.", "edition": 1, "enchantments": {"dependencies": {"modified": "2019-10-10T12:16:21", "references": [{"idList": ["SMNTC-110593"], "type": "symantec"}, {"idList": ["THN:093159C4FD68C474FAF589D92E25C41A"], "type": "thn"}, {"idList": ["PACKETSTORM:154758"], "type": "packetstorm"}], "rev": 2}, "score": {"modified": "2019-10-10T12:16:21", "rev": 2, "value": 6.3, "vector": "NONE"}}, "hash": "2806db5a6df191e4ae8241e09db505e5360a1cdd2ec8a7abf481a5cbdac75442", "hashmap": [{"hash": "3bb7c5d734bb047ed452994b820ca294", "key": "cvelist"}, {"hash": "a6afe0e66b5268660ef539375aa994eb", "key": "title"}, {"hash": "2660d31fd7ab922ceb00fddf6f525614", "key": "description"}, {"hash": "07a69fb94693e6a2da876529ddd1e0ec", "key": "cvss2"}, {"hash": "9a62ed6ed6ad93ad4640690bc72af00f", "key": "href"}, {"hash": "a4492b7522c9f344936f673cff27f335", "key": "modified"}, {"hash": "e42a8eecc35d2243fa347cd4789923ae", "key": "published"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss3"}, {"hash": "79f8e5f1f2efbd3d52e7cd8f87d0d85b", "key": "references"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "e258b79b31d39a327c9dafeb61b7a729", "key": "cvss"}, {"hash": "4994f73f97fee1825d38aac7bee9aefe", "key": "cwe"}, {"hash": "08ec694e8175550420f8e4df4b8d90c0", "key": "affectedSoftware"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-17271", "id": "CVE-2019-17271", "lastseen": "2019-10-10T12:16:21", "modified": "2019-10-09T20:48:00", "objectVersion": "1.3", "published": "2019-10-08T13:15:00", "references": ["http://packetstormsecurity.com/files/154758/vBulletin-5.5.4-SQL-Injection.html", "https://forum.vbulletin.com/forum/vbulletin-announcements/vbulletin-announcements_aa"], "reporter": "cve@mitre.org", "title": "CVE-2019-17271", "type": "cve", "viewCount": 10}, "differentElements": ["cpe23", "cvss3", "cpe", "affectedSoftware"], "edition": 1, "lastseen": "2019-10-10T12:16:21"}], "edition": 7, "hashmap": [{"key": "affectedConfiguration", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "affectedSoftware", "hash": "c7106ce2fde59c0465a1be2701fff0f9"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "01f6a0931eedcc38a95c704c72494a12"}, {"key": "cpe23", "hash": "2fcc72e8da562779345058532b8567ff"}, {"key": "cpeConfiguration", "hash": "4abb3eeb78c77eed8e0ddeea4a347a51"}, {"key": "cvelist", "hash": "3bb7c5d734bb047ed452994b820ca294"}, {"key": "cvss", "hash": "e258b79b31d39a327c9dafeb61b7a729"}, {"key": "cvss2", "hash": "07a69fb94693e6a2da876529ddd1e0ec"}, {"key": "cvss3", "hash": "f53287160ebb9b426b3d34c9d436e5c1"}, {"key": "cwe", "hash": "4994f73f97fee1825d38aac7bee9aefe"}, {"key": "description", "hash": "2660d31fd7ab922ceb00fddf6f525614"}, {"key": "extraReferences", "hash": "6e114f1a5a04f768cf044d1cd608723f"}, {"key": "href", "hash": "9a62ed6ed6ad93ad4640690bc72af00f"}, {"key": "immutableFields", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "modified", "hash": "a4492b7522c9f344936f673cff27f335"}, {"key": "published", "hash": "e42a8eecc35d2243fa347cd4789923ae"}, {"key": "references", "hash": "79f8e5f1f2efbd3d52e7cd8f87d0d85b"}, {"key": "reporter", "hash": "444c2b4dda4a55437faa8bef1a141e84"}, {"key": "title", "hash": "a6afe0e66b5268660ef539375aa994eb"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "f39b8445f02386fe1090633ded5923821d8114dc155415d7d98f23796ce7cd92", "viewCount": 21, "enchantments": {"dependencies": {"references": [{"type": "symantec", "idList": ["SMNTC-110593"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:154758"]}, {"type": "thn", "idList": ["THN:093159C4FD68C474FAF589D92E25C41A"]}, {"type": "nessus", "idList": ["WEB_APPLICATION_SCANNING_98775", "WEB_APPLICATION_SCANNING_98776", "WEB_APPLICATION_SCANNING_98774"]}], "modified": "2021-04-23T00:45:14", "rev": 2}, "score": {"value": 6.3, "vector": "NONE", "modified": "2021-04-23T00:45:14", "rev": 2}}, "objectVersion": "1.5", "cpe": ["cpe:/a:vbulletin:vbulletin:5.5.4"], "affectedSoftware": [{"cpeName": "vbulletin:vbulletin", "name": "vbulletin", "operator": "le", "version": "5.5.4"}], "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 3.6}, "cpe23": ["cpe:2.3:a:vbulletin:vbulletin:5.5.4:*:*:*:*:*:*:*"], "cwe": ["CWE-89"], "scheme": null, "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:a:vbulletin:vbulletin:5.5.4:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "5.5.4", "vulnerable": true}], "operator": "OR"}]}, "extraReferences": [{"name": "https://forum.vbulletin.com/forum/vbulletin-announcements/vbulletin-announcements_aa", "refsource": "MISC", "tags": ["Patch", "Vendor Advisory"], "url": "https://forum.vbulletin.com/forum/vbulletin-announcements/vbulletin-announcements_aa"}, {"name": "http://packetstormsecurity.com/files/154758/vBulletin-5.5.4-SQL-Injection.html", "refsource": "MISC", "tags": ["Third Party Advisory", "Exploit", "VDB Entry"], "url": "http://packetstormsecurity.com/files/154758/vBulletin-5.5.4-SQL-Injection.html"}], "immutableFields": []}, {"id": "CVE-2015-9286", "bulletinFamily": "NVD", "title": "CVE-2015-9286", "description": "Controllers.outgoing in controllers/index.js in NodeBB before 0.7.3 has outgoing XSS.", "published": "2019-04-30T14:29:00", "modified": "2019-05-01T14:22:00", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-9286", "reporter": "cve@mitre.org", "references": ["https://github.com/NodeBB/NodeBB/pull/3371", "https://github.com/NodeBB/NodeBB/compare/56b79a9...4de7529", "https://www.vulnerability-lab.com/get_content.php?id=1608", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32625"], "cvelist": ["CVE-2015-9286"], "type": "cve", "lastseen": "2021-04-22T23:51:50", "history": [{"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "nodebb:nodebb", "name": "nodebb", "operator": "lt", "version": "0.7.3"}], "bulletinFamily": "NVD", "cpe": [], "cpe23": [], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:nodebb:nodebb:0.7.3:*:*:*:*:*:*:*", "versionEndExcluding": "0.7.3", "vulnerable": true}], "operator": "OR"}]}, "cvelist": ["CVE-2015-9286"], "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 2.7}, "cwe": ["CWE-79"], "description": "Controllers.outgoing in controllers/index.js in NodeBB before 0.7.3 has outgoing XSS.", "edition": 6, "enchantments": {"dependencies": {"modified": "2021-02-02T06:21:32", "references": [{"idList": ["SECURITYVULNS:DOC:32625"], "type": "securityvulns"}, {"idList": ["GHSA-72FV-QGJ6-2W2P"], "type": "github"}], "rev": 2}, "score": {"modified": "2021-02-02T06:21:32", "rev": 2, "value": 1.4, "vector": "NONE"}}, "extraReferences": [{"name": "https://github.com/NodeBB/NodeBB/pull/3371", "refsource": "MISC", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/NodeBB/NodeBB/pull/3371"}, {"name": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32625", "refsource": "MISC", "tags": ["Third Party Advisory", "Exploit"], "url": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32625"}, {"name": "https://github.com/NodeBB/NodeBB/compare/56b79a9...4de7529", "refsource": "MISC", "tags": ["Third Party Advisory", "Release Notes"], "url": "https://github.com/NodeBB/NodeBB/compare/56b79a9...4de7529"}, {"name": "https://www.vulnerability-lab.com/get_content.php?id=1608", "refsource": "MISC", "tags": ["Third Party Advisory", "Exploit"], "url": "https://www.vulnerability-lab.com/get_content.php?id=1608"}], "hash": "e0413d958386f6534538918bca2249dcc4f383174e07b3bfd828fd87bab2fae7", "hashmap": [{"hash": "cabb6b89504f33d4cae5fb66665d6372", "key": "affectedSoftware"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "immutableFields"}, {"hash": "f9048d548aea2a33f8c8fe44e8c9817c", "key": "cvss3"}, {"hash": "4d53af7f522025f16113d72d1dd86a79", "key": "published"}, {"hash": "0ac6deaa5a07331e3db4762cb458fde6", "key": "href"}, {"hash": "db8254901fea804d4d910fc508c1be32", "key": "extraReferences"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "7bcda725e0fe4634bd741d18870efc86", "key": "description"}, {"hash": "4419eb17de947d4d6b67ac07ed8d9064", "key": "cvss2"}, {"hash": "8e5a048329755897094215f117301c63", "key": "modified"}, {"hash": "f964d0f7ddcfa3fb2eb8853d2a1e7295", "key": "cvelist"}, {"hash": "dac3bc07a427ceea0c7680630fcafbdf", "key": "references"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "34e69e045b64924bccf865d56b6918a2", "key": "cwe"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "6e87bbaab34c901324df8e163b451120", "key": "title"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "f74a1c24e49a5ecb0eefb5e51d4caa14", "key": "cvss"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}, {"hash": "587727297bf29a06aaafbf1f31d41b9a", "key": "cpeConfiguration"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-9286", "id": "CVE-2015-9286", "immutableFields": [], "lastseen": "2021-02-02T06:21:32", "modified": "2019-05-01T14:22:00", "objectVersion": "1.5", "published": "2019-04-30T14:29:00", "references": ["https://github.com/NodeBB/NodeBB/pull/3371", "https://github.com/NodeBB/NodeBB/compare/56b79a9...4de7529", "https://www.vulnerability-lab.com/get_content.php?id=1608", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32625"], "reporter": "cve@mitre.org", "title": "CVE-2015-9286", "type": "cve", "viewCount": 10}, "different_elements": ["cpeConfiguration"], "edition": 6, "lastseen": "2021-02-02T06:21:32"}, {"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "nodebb:nodebb", "name": "nodebb", "operator": "lt", "version": "0.7.3"}], "bulletinFamily": "NVD", "cpe": [], "cpe23": [], "cpeConfiguration": {}, "cvelist": ["CVE-2015-9286"], "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 2.7}, "cwe": ["CWE-79"], "description": "Controllers.outgoing in controllers/index.js in NodeBB before 0.7.3 has outgoing XSS.", "edition": 2, "enchantments": {"dependencies": {"modified": "2020-09-21T14:09:33", "references": [{"idList": ["SECURITYVULNS:DOC:32625"], "type": "securityvulns"}, {"idList": ["GHSA-72FV-QGJ6-2W2P"], "type": "github"}], "rev": 2}, "score": {"modified": "2020-09-21T14:09:33", "rev": 2, "value": 1.4, "vector": "NONE"}}, "hash": "e856f7b9491cefcc50723678fc0433f12f7c6ae1abe16d206957fd00f74aa6e1", "hashmap": [{"hash": "cabb6b89504f33d4cae5fb66665d6372", "key": "affectedSoftware"}, {"hash": "f9048d548aea2a33f8c8fe44e8c9817c", "key": "cvss3"}, {"hash": "4d53af7f522025f16113d72d1dd86a79", "key": "published"}, {"hash": "0ac6deaa5a07331e3db4762cb458fde6", "key": "href"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "7bcda725e0fe4634bd741d18870efc86", "key": "description"}, {"hash": "4419eb17de947d4d6b67ac07ed8d9064", "key": "cvss2"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpeConfiguration"}, {"hash": "8e5a048329755897094215f117301c63", "key": "modified"}, {"hash": "f964d0f7ddcfa3fb2eb8853d2a1e7295", "key": "cvelist"}, {"hash": "dac3bc07a427ceea0c7680630fcafbdf", "key": "references"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "34e69e045b64924bccf865d56b6918a2", "key": "cwe"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "6e87bbaab34c901324df8e163b451120", "key": "title"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "f74a1c24e49a5ecb0eefb5e51d4caa14", "key": "cvss"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-9286", "id": "CVE-2015-9286", "lastseen": "2020-09-21T14:09:33", "modified": "2019-05-01T14:22:00", "objectVersion": "1.3", "published": "2019-04-30T14:29:00", "references": ["https://github.com/NodeBB/NodeBB/pull/3371", "https://github.com/NodeBB/NodeBB/compare/56b79a9...4de7529", "https://www.vulnerability-lab.com/get_content.php?id=1608", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32625"], "reporter": "cve@mitre.org", "title": "CVE-2015-9286", "type": "cve", "viewCount": 4}, "differentElements": ["cpeConfiguration"], "edition": 2, "lastseen": "2020-09-21T14:09:33"}, {"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "nodebb:nodebb", "name": "nodebb", "operator": "lt", "version": "0.7.3"}], "bulletinFamily": "NVD", "cpe": [], "cpe23": [], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:nodebb:nodebb:0.7.3:*:*:*:*:*:*:*", "versionEndExcluding": "0.7.3", "vulnerable": true}], "operator": "OR"}]}, "cvelist": ["CVE-2015-9286"], "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 2.7}, "cwe": ["CWE-79"], "description": "Controllers.outgoing in controllers/index.js in NodeBB before 0.7.3 has outgoing XSS.", "edition": 5, "enchantments": {"dependencies": {"modified": "2020-12-09T20:03:10", "references": [{"idList": ["SECURITYVULNS:DOC:32625"], "type": "securityvulns"}, {"idList": ["GHSA-72FV-QGJ6-2W2P"], "type": "github"}], "rev": 2}, "score": {"modified": "2020-12-09T20:03:10", "rev": 2, "value": 1.4, "vector": "NONE"}}, "extraReferences": [], "hash": "48b94d9acf0e692c61f3d939f819f0ddba91180b8a5c7286e7edbacc4207d0ed", "hashmap": [{"hash": "cabb6b89504f33d4cae5fb66665d6372", "key": "affectedSoftware"}, {"hash": "f9048d548aea2a33f8c8fe44e8c9817c", "key": "cvss3"}, {"hash": "4d53af7f522025f16113d72d1dd86a79", "key": "published"}, {"hash": "0ac6deaa5a07331e3db4762cb458fde6", "key": "href"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "7bcda725e0fe4634bd741d18870efc86", "key": "description"}, {"hash": "4419eb17de947d4d6b67ac07ed8d9064", "key": "cvss2"}, {"hash": "8e5a048329755897094215f117301c63", "key": "modified"}, {"hash": "f964d0f7ddcfa3fb2eb8853d2a1e7295", "key": "cvelist"}, {"hash": "dac3bc07a427ceea0c7680630fcafbdf", "key": "references"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "extraReferences"}, {"hash": "34e69e045b64924bccf865d56b6918a2", "key": "cwe"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "6e87bbaab34c901324df8e163b451120", "key": "title"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "f74a1c24e49a5ecb0eefb5e51d4caa14", "key": "cvss"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}, {"hash": "587727297bf29a06aaafbf1f31d41b9a", "key": "cpeConfiguration"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-9286", "id": "CVE-2015-9286", "lastseen": "2020-12-09T20:03:10", "modified": "2019-05-01T14:22:00", "objectVersion": "1.3", "published": "2019-04-30T14:29:00", "references": ["https://github.com/NodeBB/NodeBB/pull/3371", "https://github.com/NodeBB/NodeBB/compare/56b79a9...4de7529", "https://www.vulnerability-lab.com/get_content.php?id=1608", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32625"], "reporter": "cve@mitre.org", "title": "CVE-2015-9286", "type": "cve", "viewCount": 6}, "differentElements": ["extraReferences"], "edition": 5, "lastseen": "2020-12-09T20:03:10"}, {"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "nodebb:nodebb", "name": "nodebb", "operator": "lt", "version": "*"}], "bulletinFamily": "NVD", "cpe": [], "cpe23": [], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:nodebb:nodebb:0.7.3:*:*:*:*:*:*:*", "versionEndExcluding": "0.7.3", "vulnerable": true}], "operator": "OR"}]}, "cvelist": ["CVE-2015-9286"], "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 2.7}, "cwe": ["CWE-79"], "description": "Controllers.outgoing in controllers/index.js in NodeBB before 0.7.3 has outgoing XSS.", "edition": 4, "enchantments": {"dependencies": {"modified": "2020-11-30T00:13:43", "references": [{"idList": ["SECURITYVULNS:DOC:32625"], "type": "securityvulns"}, {"idList": ["GHSA-72FV-QGJ6-2W2P"], "type": "github"}], "rev": 2}, "score": {"modified": "2020-11-30T00:13:43", "rev": 2, "value": 1.4, "vector": "NONE"}}, "hash": "6fe52c24d63e23f00822e673ee4063d867fb4719b46c47ea85a6bfe1400fe129", "hashmap": [{"hash": "f9048d548aea2a33f8c8fe44e8c9817c", "key": "cvss3"}, {"hash": "4d53af7f522025f16113d72d1dd86a79", "key": "published"}, {"hash": "0ac6deaa5a07331e3db4762cb458fde6", "key": "href"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "7bcda725e0fe4634bd741d18870efc86", "key": "description"}, {"hash": "4419eb17de947d4d6b67ac07ed8d9064", "key": "cvss2"}, {"hash": "8e5a048329755897094215f117301c63", "key": "modified"}, {"hash": "f964d0f7ddcfa3fb2eb8853d2a1e7295", "key": "cvelist"}, {"hash": "dac3bc07a427ceea0c7680630fcafbdf", "key": "references"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "34e69e045b64924bccf865d56b6918a2", "key": "cwe"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "71d5df73a226d76c990527e0ca95c8d8", "key": "affectedSoftware"}, {"hash": "6e87bbaab34c901324df8e163b451120", "key": "title"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "f74a1c24e49a5ecb0eefb5e51d4caa14", "key": "cvss"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}, {"hash": "587727297bf29a06aaafbf1f31d41b9a", "key": "cpeConfiguration"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-9286", "id": "CVE-2015-9286", "lastseen": "2020-11-30T00:13:43", "modified": "2019-05-01T14:22:00", "objectVersion": "1.3", "published": "2019-04-30T14:29:00", "references": ["https://github.com/NodeBB/NodeBB/pull/3371", "https://github.com/NodeBB/NodeBB/compare/56b79a9...4de7529", "https://www.vulnerability-lab.com/get_content.php?id=1608", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32625"], "reporter": "cve@mitre.org", "title": "CVE-2015-9286", "type": "cve", "viewCount": 5}, "differentElements": ["affectedSoftware"], "edition": 4, "lastseen": "2020-11-30T00:13:43"}, {"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "nodebb:nodebb", "name": "nodebb", "operator": "lt", "version": "0.7.3"}], "bulletinFamily": "NVD", "cpe": [], "cpe23": [], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:nodebb:nodebb:0.7.3:*:*:*:*:*:*:*", "versionEndExcluding": "0.7.3", "vulnerable": true}], "operator": "OR"}]}, "cvelist": ["CVE-2015-9286"], "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 2.7}, "cwe": ["CWE-79"], "description": "Controllers.outgoing in controllers/index.js in NodeBB before 0.7.3 has outgoing XSS.", "edition": 3, "enchantments": {"dependencies": {"modified": "2020-10-03T12:49:59", "references": [{"idList": ["SECURITYVULNS:DOC:32625"], "type": "securityvulns"}, {"idList": ["GHSA-72FV-QGJ6-2W2P"], "type": "github"}], "rev": 2}, "score": {"modified": "2020-10-03T12:49:59", "rev": 2, "value": 1.4, "vector": "NONE"}}, "hash": "a933ff7201764471adcb8ac53cabee44c82a081f537a97f7fcd01cbed62795ec", "hashmap": [{"hash": "cabb6b89504f33d4cae5fb66665d6372", "key": "affectedSoftware"}, {"hash": "f9048d548aea2a33f8c8fe44e8c9817c", "key": "cvss3"}, {"hash": "4d53af7f522025f16113d72d1dd86a79", "key": "published"}, {"hash": "0ac6deaa5a07331e3db4762cb458fde6", "key": "href"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "7bcda725e0fe4634bd741d18870efc86", "key": "description"}, {"hash": "4419eb17de947d4d6b67ac07ed8d9064", "key": "cvss2"}, {"hash": "8e5a048329755897094215f117301c63", "key": "modified"}, {"hash": "f964d0f7ddcfa3fb2eb8853d2a1e7295", "key": "cvelist"}, {"hash": "dac3bc07a427ceea0c7680630fcafbdf", "key": "references"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "34e69e045b64924bccf865d56b6918a2", "key": "cwe"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "6e87bbaab34c901324df8e163b451120", "key": "title"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "f74a1c24e49a5ecb0eefb5e51d4caa14", "key": "cvss"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}, {"hash": "587727297bf29a06aaafbf1f31d41b9a", "key": "cpeConfiguration"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-9286", "id": "CVE-2015-9286", "lastseen": "2020-10-03T12:49:59", "modified": "2019-05-01T14:22:00", "objectVersion": "1.3", "published": "2019-04-30T14:29:00", "references": ["https://github.com/NodeBB/NodeBB/pull/3371", "https://github.com/NodeBB/NodeBB/compare/56b79a9...4de7529", "https://www.vulnerability-lab.com/get_content.php?id=1608", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32625"], "reporter": "cve@mitre.org", "title": "CVE-2015-9286", "type": "cve", "viewCount": 5}, "differentElements": ["affectedSoftware"], "edition": 3, "lastseen": "2020-10-03T12:49:59"}], "edition": 7, "hashmap": [{"key": "affectedConfiguration", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "affectedSoftware", "hash": "cabb6b89504f33d4cae5fb66665d6372"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cpe23", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cpeConfiguration", "hash": "f9e1afb4d3a36011638be68c9582e6b5"}, {"key": "cvelist", "hash": "f964d0f7ddcfa3fb2eb8853d2a1e7295"}, {"key": "cvss", "hash": "f74a1c24e49a5ecb0eefb5e51d4caa14"}, {"key": "cvss2", "hash": "4419eb17de947d4d6b67ac07ed8d9064"}, {"key": "cvss3", "hash": "f9048d548aea2a33f8c8fe44e8c9817c"}, {"key": "cwe", "hash": "34e69e045b64924bccf865d56b6918a2"}, {"key": "description", "hash": "7bcda725e0fe4634bd741d18870efc86"}, {"key": "extraReferences", "hash": "db8254901fea804d4d910fc508c1be32"}, {"key": "href", "hash": "0ac6deaa5a07331e3db4762cb458fde6"}, {"key": "immutableFields", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "modified", "hash": "8e5a048329755897094215f117301c63"}, {"key": "published", "hash": "4d53af7f522025f16113d72d1dd86a79"}, {"key": "references", "hash": "dac3bc07a427ceea0c7680630fcafbdf"}, {"key": "reporter", "hash": "444c2b4dda4a55437faa8bef1a141e84"}, {"key": "title", "hash": "6e87bbaab34c901324df8e163b451120"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "6e9080b6a871ad58f0d05298373de4fe9c9158a2d86ff7f1a34e720d353d3e7b", "viewCount": 14, "enchantments": {"dependencies": {"references": [{"type": "github", "idList": ["GHSA-72FV-QGJ6-2W2P"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:32625"]}], "modified": "2021-04-22T23:51:50", "rev": 2}, "score": {"value": 1.4, "vector": "NONE", "modified": "2021-04-22T23:51:50", "rev": 2}}, "objectVersion": "1.5", "cpe": [], "affectedSoftware": [{"cpeName": "nodebb:nodebb", "name": "nodebb", "operator": "lt", "version": "0.7.3"}], "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 2.7}, "cpe23": [], "cwe": ["CWE-79"], "scheme": null, "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:a:nodebb:nodebb:0.7.3:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "0.7.3", "vulnerable": true}], "operator": "OR"}]}, "extraReferences": [{"name": "https://github.com/NodeBB/NodeBB/pull/3371", "refsource": "MISC", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/NodeBB/NodeBB/pull/3371"}, {"name": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32625", "refsource": "MISC", "tags": ["Third Party Advisory", "Exploit"], "url": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32625"}, {"name": "https://github.com/NodeBB/NodeBB/compare/56b79a9...4de7529", "refsource": "MISC", "tags": ["Third Party Advisory", "Release Notes"], "url": "https://github.com/NodeBB/NodeBB/compare/56b79a9...4de7529"}, {"name": "https://www.vulnerability-lab.com/get_content.php?id=1608", "refsource": "MISC", "tags": ["Third Party Advisory", "Exploit"], "url": "https://www.vulnerability-lab.com/get_content.php?id=1608"}], "immutableFields": []}, {"id": "CVE-2017-17271", "bulletinFamily": "NVD", "title": "CVE-2017-17271", "description": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none.", "published": "2019-03-05T20:15:00", "modified": "2019-03-05T20:15:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-17271", "reporter": "cve@mitre.org", "references": [], "cvelist": ["CVE-2017-17271"], "type": "cve", "lastseen": "2020-10-03T13:07:39", "history": [{"bulletin": {"affectedConfiguration": [], "affectedSoftware": [], "bulletinFamily": "NVD", "cpe": [], "cpe23": [], "cpeConfiguration": {}, "cvelist": ["CVE-2017-17271"], "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "cwe": [], "description": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none.", "edition": 1, "enchantments": {"dependencies": {"modified": "2019-06-19T22:28:58", "references": [], "rev": 2}, "score": {"modified": "2019-06-19T22:28:58", "rev": 2, "value": -0.0, "vector": "NONE"}}, "hash": "c1acea3b191b47460bee6a8f17dce62fcd04a1a7e5a3f1380086b2cb683e6a20", "hashmap": [{"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "08d1845be3c2715996268e1999cf7fa3", "key": "description"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpeConfiguration"}, {"hash": "5dbece2d49c3d45ff029fe953d90e653", "key": "title"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cwe"}, {"hash": "d8c939113efa0c02bea35889378c350d", "key": "cvelist"}, {"hash": "21fdf8c05e15df0bb446c19dbf19585c", "key": "href"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedSoftware"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss3"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss2"}, {"hash": "d67904853b5d3021fd5ddb496945d96c", "key": "modified"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "d67904853b5d3021fd5ddb496945d96c", "key": "published"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-17271", "id": "CVE-2017-17271", "lastseen": "2019-06-19T22:28:58", "modified": "2019-03-05T20:15:00", "objectVersion": "1.3", "published": "2019-03-05T20:15:00", "references": [], "reporter": "cve@mitre.org", "title": "CVE-2017-17271", "type": "cve", "viewCount": 0}, "differentElements": ["cpeConfiguration"], "edition": 1, "lastseen": "2019-06-19T22:28:58"}], "edition": 2, "hashmap": [{"key": "affectedConfiguration", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "affectedSoftware", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cpe23", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cpeConfiguration", "hash": "81342635da437da3b0897e10f103e0d6"}, {"key": "cvelist", "hash": "d8c939113efa0c02bea35889378c350d"}, {"key": "cvss", "hash": "8cd4821cb504d25572038ed182587d85"}, {"key": "cvss2", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvss3", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cwe", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "description", "hash": "08d1845be3c2715996268e1999cf7fa3"}, {"key": "href", "hash": "21fdf8c05e15df0bb446c19dbf19585c"}, {"key": "modified", "hash": "d67904853b5d3021fd5ddb496945d96c"}, {"key": "published", "hash": "d67904853b5d3021fd5ddb496945d96c"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "444c2b4dda4a55437faa8bef1a141e84"}, {"key": "title", "hash": "5dbece2d49c3d45ff029fe953d90e653"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "649abd344fc19f93af319fe94e1eea864230b1b697f838efa1460aaa2e11ce5f", "viewCount": 4, "enchantments": {"dependencies": {"references": [], "modified": "2020-10-03T13:07:39", "rev": 2}, "score": {"value": -0.0, "vector": "NONE", "modified": "2020-10-03T13:07:39", "rev": 2}}, "objectVersion": "1.3", "cpe": [], "affectedSoftware": [], "cvss2": {}, "cvss3": {}, "cpe23": [], "cwe": [], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": []}, "scheme": null}], "nessus": [{"id": "WEB_APPLICATION_SCANNING_98775", "hash": "60a593c5178a75ce8a6339b5674c568c", "type": "nessus", "bulletinFamily": "scanner", "title": "vBulletin 5.5.3 < 5.5.3 Patch Level 2 Multiple Vulnerabilities", "description": "According to the self-reported version in its response header, the version of vBulletin hosted on the remote web server is 5.5.x < 5.5.2 Patch Level 2, 5.5.3 < 5.5.3 Patch Level 2 or 5.5.4 < 5.5.4 Patch Level 2. It is, therefore, affected by multiples vulnerabilities :\n\n - A SQL injection vulnerability via the ajax/api/hook/getHookList or ajax/api/widget/getWidgetList where parameter\n\n - A remote code execution vulnerability via data[extension] and data[filedata] parameters within ajax/api/user/updateAvatar endpoint\n\nNote that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number.", "published": "2019-12-12T00:00:00", "modified": "2021-09-07T00:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "href": "https://www.tenable.com/plugins/was/98775", "reporter": "This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17132", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17271", "https://packetstormsecurity.com/files/154759/vBulletin-5.5.4-Remote-Code-Execution.html", "https://packetstormsecurity.com/files/154758/vBulletin-5.5.4-SQL-Injection.html", "https://forum.vbulletin.com/forum/vbulletin-announcements/vbulletin-announcements_aa/4423646-vbulletin-5-5-x-5-5-2-5-5-3-and-5-5-4-security-patch-level-2"], "cvelist": ["CVE-2019-17271", "CVE-2019-17132"], "immutableFields": [], "lastseen": "2021-10-09T00:11:24", "history": [{"bulletin": {"id": "WEB_APPLICATION_SCANNING_98775", "hash": "7c4997dc8d398c183c0e983b1528320c", "type": "nessus", "bulletinFamily": "scanner", "title": "vBulletin 5.5.3 < 5.5.3 Patch Level 2 Multiple Vulnerabilities", "description": "According to the self-reported version in its response header, the version of vBulletin hosted on the remote web server is 5.5.x < 5.5.2 Patch Level 2, 5.5.3 < 5.5.3 Patch Level 2 or 5.5.4 < 5.5.4 Patch Level 2. It is, therefore, affected by multiples vulnerabilities :\n\n - A SQL injection vulnerability via the ajax/api/hook/getHookList or ajax/api/widget/getWidgetList where parameter\n\n - A remote code execution vulnerability via data[extension] and data[filedata] parameters within ajax/api/user/updateAvatar endpoint\n\nNote that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number.", "published": "2019-12-12T00:00:00", "modified": "2021-07-07T00:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "href": "https://www.tenable.com/plugins/was/98775", "reporter": "This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://packetstormsecurity.com/files/154759/vBulletin-5.5.4-Remote-Code-Execution.html", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17271", "https://forum.vbulletin.com/forum/vbulletin-announcements/vbulletin-announcements_aa/4423646-vbulletin-5-5-x-5-5-2-5-5-3-and-5-5-4-security-patch-level-2", "https://packetstormsecurity.com/files/154758/vBulletin-5.5.4-SQL-Injection.html", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17132"], "cvelist": ["CVE-2019-17271", "CVE-2019-17132"], "immutableFields": [], "lastseen": "2021-08-05T13:10:32", "history": [], "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2019-17271", "CVE-2019-17132"]}, {"type": "symantec", "idList": ["SMNTC-110586", "SMNTC-110593"]}, {"type": "thn", "idList": ["THN:093159C4FD68C474FAF589D92E25C41A"]}, {"type": "nessus", "idList": ["WEB_APPLICATION_SCANNING_98776", "WEB_APPLICATION_SCANNING_98774"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:154759", "PACKETSTORM:154758"]}, {"type": "zdt", "idList": ["1337DAY-ID-33345"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310143057"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:CDCEBFD7A5CA54B2EB9DC3E9D4BA725E"]}, {"type": "exploitdb", "idList": ["EDB-ID:47475"]}], "modified": "2021-08-05T13:10:32", "rev": 2}, "score": {"value": 6.5, "vector": "NONE", "modified": "2021-08-05T13:10:32", "rev": 2}}, "objectVersion": "1.6", "pluginID": "98775", "sourceData": "Binary data WEB_APPLICATION_SCANNING_98775", "naslFamily": "Component Vulnerability", "cpe": [], "solution": "Upgrade to vBulletin version 5.5.3 Patch Level 2 or later.", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": "2019-10-08T00:00:00", "vulnerabilityPublicationDate": "2019-10-08T00:00:00", "exploitableWith": []}, "lastseen": "2021-08-05T13:10:32", "differentElements": ["cpe", "sourceData"], "edition": 1}, {"bulletin": {"id": "WEB_APPLICATION_SCANNING_98775", "hash": "3b121af0cd0002e55bf688b05d9313bc", "type": "nessus", "bulletinFamily": "scanner", "title": "vBulletin 5.5.3 < 5.5.3 Patch Level 2 Multiple Vulnerabilities", "description": "According to the self-reported version in its response header, the version of vBulletin hosted on the remote web server is 5.5.x < 5.5.2 Patch Level 2, 5.5.3 < 5.5.3 Patch Level 2 or 5.5.4 < 5.5.4 Patch Level 2. It is, therefore, affected by multiples vulnerabilities :\n\n - A SQL injection vulnerability via the ajax/api/hook/getHookList or ajax/api/widget/getWidgetList where parameter\n\n - A remote code execution vulnerability via data[extension] and data[filedata] parameters within ajax/api/user/updateAvatar endpoint\n\nNote that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number.", "published": "2019-12-12T00:00:00", "modified": "2021-07-07T00:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "href": "https://www.tenable.com/plugins/was/98775", "reporter": "This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://packetstormsecurity.com/files/154759/vBulletin-5.5.4-Remote-Code-Execution.html", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17132", "https://packetstormsecurity.com/files/154758/vBulletin-5.5.4-SQL-Injection.html", "https://forum.vbulletin.com/forum/vbulletin-announcements/vbulletin-announcements_aa/4423646-vbulletin-5-5-x-5-5-2-5-5-3-and-5-5-4-security-patch-level-2", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17271"], "cvelist": ["CVE-2019-17271", "CVE-2019-17132"], "immutableFields": [], "lastseen": "2021-08-07T16:06:58", "history": [], "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2019-17271", "CVE-2019-17132"]}, {"type": "symantec", "idList": ["SMNTC-110586", "SMNTC-110593"]}, {"type": "thn", "idList": ["THN:093159C4FD68C474FAF589D92E25C41A"]}, {"type": "nessus", "idList": ["WEB_APPLICATION_SCANNING_98776", "WEB_APPLICATION_SCANNING_98774"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:154758", "PACKETSTORM:154759"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310143057"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:CDCEBFD7A5CA54B2EB9DC3E9D4BA725E"]}, {"type": "zdt", "idList": ["1337DAY-ID-33345"]}, {"type": "exploitdb", "idList": ["EDB-ID:47475"]}], "modified": "2021-08-07T16:06:58", "rev": 2}, "score": {"value": 6.7, "vector": "NONE", "modified": "2021-08-07T16:06:58", "rev": 2}}, "objectVersion": "1.6", "pluginID": "98775", "sourceData": "No source data", "naslFamily": "Component Vulnerability", "cpe": ["cpe:2.3:a:vbulletin:vbulletin:*:*:*:*:*:*:*:*"], "solution": "Upgrade to vBulletin version 5.5.3 Patch Level 2 or later.", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": "2019-10-08T00:00:00", "vulnerabilityPublicationDate": "2019-10-08T00:00:00", "exploitableWith": []}, "lastseen": "2021-08-07T16:06:58", "differentElements": ["nessusSeverity"], "edition": 2}, {"bulletin": {"id": "WEB_APPLICATION_SCANNING_98775", "hash": "334857c1d7fbcbb5dfae24d5f88c1042", "type": "nessus", "bulletinFamily": "scanner", "title": "vBulletin 5.5.3 < 5.5.3 Patch Level 2 Multiple Vulnerabilities", "description": "According to the self-reported version in its response header, the version of vBulletin hosted on the remote web server is 5.5.x < 5.5.2 Patch Level 2, 5.5.3 < 5.5.3 Patch Level 2 or 5.5.4 < 5.5.4 Patch Level 2. It is, therefore, affected by multiples vulnerabilities :\n\n - A SQL injection vulnerability via the ajax/api/hook/getHookList or ajax/api/widget/getWidgetList where parameter\n\n - A remote code execution vulnerability via data[extension] and data[filedata] parameters within ajax/api/user/updateAvatar endpoint\n\nNote that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number.", "published": "2019-12-12T00:00:00", "modified": "2021-07-07T00:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "href": "https://www.tenable.com/plugins/was/98775", "reporter": "This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://forum.vbulletin.com/forum/vbulletin-announcements/vbulletin-announcements_aa/4423646-vbulletin-5-5-x-5-5-2-5-5-3-and-5-5-4-security-patch-level-2", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17271", "https://packetstormsecurity.com/files/154758/vBulletin-5.5.4-SQL-Injection.html", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17132", "https://packetstormsecurity.com/files/154759/vBulletin-5.5.4-Remote-Code-Execution.html"], "cvelist": ["CVE-2019-17271", "CVE-2019-17132"], "immutableFields": [], "lastseen": "2021-08-19T12:17:22", "history": [], "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2019-17271", "CVE-2019-17132"]}, {"type": "symantec", "idList": ["SMNTC-110586", "SMNTC-110593"]}, {"type": "thn", "idList": ["THN:093159C4FD68C474FAF589D92E25C41A"]}, {"type": "nessus", "idList": ["WEB_APPLICATION_SCANNING_98774", "WEB_APPLICATION_SCANNING_98776"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:154758", "PACKETSTORM:154759"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310143057"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:CDCEBFD7A5CA54B2EB9DC3E9D4BA725E"]}, {"type": "zdt", "idList": ["1337DAY-ID-33345"]}, {"type": "exploitdb", "idList": ["EDB-ID:47475"]}], "modified": "2021-08-19T12:17:22", "rev": 2}, "score": {"value": 6.7, "vector": "NONE", "modified": "2021-08-19T12:17:22", "rev": 2}}, "objectVersion": "1.6", "pluginID": "98775", "sourceData": "No source data", "naslFamily": "Component Vulnerability", "cpe": ["cpe:2.3:a:vbulletin:vbulletin:*:*:*:*:*:*:*:*"], "solution": "Upgrade to vBulletin version 5.5.3 Patch Level 2 or later.", "nessusSeverity": "Medium", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": "2019-10-08T00:00:00", "vulnerabilityPublicationDate": "2019-10-08T00:00:00", "exploitableWith": []}, "lastseen": "2021-08-19T12:17:22", "differentElements": ["modified"], "edition": 3}, {"bulletin": {"id": "WEB_APPLICATION_SCANNING_98775", "hash": "e0639adb70ab401af13fa5dd3116b1fe", "type": "nessus", "bulletinFamily": "scanner", "title": "vBulletin 5.5.3 < 5.5.3 Patch Level 2 Multiple Vulnerabilities", "description": "According to the self-reported version in its response header, the version of vBulletin hosted on the remote web server is 5.5.x < 5.5.2 Patch Level 2, 5.5.3 < 5.5.3 Patch Level 2 or 5.5.4 < 5.5.4 Patch Level 2. It is, therefore, affected by multiples vulnerabilities :\n\n - A SQL injection vulnerability via the ajax/api/hook/getHookList or ajax/api/widget/getWidgetList where parameter\n\n - A remote code execution vulnerability via data[extension] and data[filedata] parameters within ajax/api/user/updateAvatar endpoint\n\nNote that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number.", "published": "2019-12-12T00:00:00", "modified": "2021-09-07T00:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "href": "https://www.tenable.com/plugins/was/98775", "reporter": "This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://forum.vbulletin.com/forum/vbulletin-announcements/vbulletin-announcements_aa/4423646-vbulletin-5-5-x-5-5-2-5-5-3-and-5-5-4-security-patch-level-2", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17271", "https://packetstormsecurity.com/files/154759/vBulletin-5.5.4-Remote-Code-Execution.html", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17132", "https://packetstormsecurity.com/files/154758/vBulletin-5.5.4-SQL-Injection.html"], "cvelist": ["CVE-2019-17271", "CVE-2019-17132"], "immutableFields": [], "lastseen": "2021-09-17T00:29:55", "history": [], "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2019-17271", "CVE-2019-17132"]}, {"type": "symantec", "idList": ["SMNTC-110586", "SMNTC-110593"]}, {"type": "thn", "idList": ["THN:093159C4FD68C474FAF589D92E25C41A"]}, {"type": "nessus", "idList": ["WEB_APPLICATION_SCANNING_98774", "WEB_APPLICATION_SCANNING_98776"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:154759", "PACKETSTORM:154758"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310143057"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:CDCEBFD7A5CA54B2EB9DC3E9D4BA725E"]}, {"type": "zdt", "idList": ["1337DAY-ID-33345"]}, {"type": "exploitdb", "idList": ["EDB-ID:47475"]}], "modified": "2021-09-17T00:29:55", "rev": 2}, "score": {"value": 6.7, "vector": "NONE", "modified": "2021-09-17T00:29:55", "rev": 2}}, "objectVersion": "1.6", "pluginID": "98775", "sourceData": "No source data", "naslFamily": "Component Vulnerability", "cpe": ["cpe:2.3:a:vbulletin:vbulletin:*:*:*:*:*:*:*:*"], "solution": "Upgrade to vBulletin version 5.5.3 Patch Level 2 or later.", "nessusSeverity": "Medium", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": "2019-10-08T00:00:00", "vulnerabilityPublicationDate": "2019-10-08T00:00:00", "exploitableWith": []}, "lastseen": "2021-09-17T00:29:55", "differentElements": ["exploitEase"], "edition": 4}, {"bulletin": {"id": "WEB_APPLICATION_SCANNING_98775", "hash": "fa3c0a6c651b0cc145544863a85a919e", "type": "nessus", "bulletinFamily": "scanner", "title": "vBulletin 5.5.3 < 5.5.3 Patch Level 2 Multiple Vulnerabilities", "description": "According to the self-reported version in its response header, the version of vBulletin hosted on the remote web server is 5.5.x < 5.5.2 Patch Level 2, 5.5.3 < 5.5.3 Patch Level 2 or 5.5.4 < 5.5.4 Patch Level 2. It is, therefore, affected by multiples vulnerabilities :\n\n - A SQL injection vulnerability via the ajax/api/hook/getHookList or ajax/api/widget/getWidgetList where parameter\n\n - A remote code execution vulnerability via data[extension] and data[filedata] parameters within ajax/api/user/updateAvatar endpoint\n\nNote that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number.", "published": "2019-12-12T00:00:00", "modified": "2021-09-07T00:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "href": "https://www.tenable.com/plugins/was/98775", "reporter": "This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17271", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17132", "https://packetstormsecurity.com/files/154759/vBulletin-5.5.4-Remote-Code-Execution.html", "https://packetstormsecurity.com/files/154758/vBulletin-5.5.4-SQL-Injection.html", "https://forum.vbulletin.com/forum/vbulletin-announcements/vbulletin-announcements_aa/4423646-vbulletin-5-5-x-5-5-2-5-5-3-and-5-5-4-security-patch-level-2"], "cvelist": ["CVE-2019-17271", "CVE-2019-17132"], "immutableFields": [], "lastseen": "2021-09-23T00:32:05", "history": [], "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2019-17132", "CVE-2019-17271"]}, {"type": "symantec", "idList": ["SMNTC-110586", "SMNTC-110593"]}, {"type": "thn", "idList": ["THN:093159C4FD68C474FAF589D92E25C41A"]}, {"type": "nessus", "idList": ["WEB_APPLICATION_SCANNING_98776", "WEB_APPLICATION_SCANNING_98774"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:154758", "PACKETSTORM:154759"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310143057"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:CDCEBFD7A5CA54B2EB9DC3E9D4BA725E"]}, {"type": "zdt", "idList": ["1337DAY-ID-33345"]}, {"type": "exploitdb", "idList": ["EDB-ID:47475"]}], "modified": "2021-09-23T00:32:05", "rev": 2}, "score": {"value": 6.7, "vector": "NONE", "modified": "2021-09-23T00:32:05", "rev": 2}}, "objectVersion": "1.6", "pluginID": "98775", "sourceData": "No source data", "naslFamily": "Component Vulnerability", "cpe": ["cpe:2.3:a:vbulletin:vbulletin:*:*:*:*:*:*:*:*"], "solution": "Upgrade to vBulletin version 5.5.3 Patch Level 2 or later.", "nessusSeverity": "Medium", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "No known exploits are available", "patchPublicationDate": "2019-10-08T00:00:00", "vulnerabilityPublicationDate": "2019-10-08T00:00:00", "exploitableWith": []}, "lastseen": "2021-09-23T00:32:05", "differentElements": ["cvssScoreSource"], "edition": 5}], "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2019-17271", "CVE-2019-17132"]}, {"type": "symantec", "idList": ["SMNTC-110593", "SMNTC-110586"]}, {"type": "thn", "idList": ["THN:093159C4FD68C474FAF589D92E25C41A"]}, {"type": "nessus", "idList": ["WEB_APPLICATION_SCANNING_98774", "WEB_APPLICATION_SCANNING_98776"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:154759", "PACKETSTORM:154758"]}, {"type": "exploitdb", "idList": ["EDB-ID:47475"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310143057"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:CDCEBFD7A5CA54B2EB9DC3E9D4BA725E"]}, {"type": "zdt", "idList": ["1337DAY-ID-33345"]}], "modified": "2021-10-09T00:11:24", "rev": 2}, "score": {"value": 6.7, "vector": "NONE", "modified": "2021-10-09T00:11:24", "rev": 2}}, "objectVersion": "1.6", "pluginID": "98775", "sourceData": "No source data", "naslFamily": "Component Vulnerability", "cpe": ["cpe:2.3:a:vbulletin:vbulletin:*:*:*:*:*:*:*:*"], "solution": "Upgrade to vBulletin version 5.5.3 Patch Level 2 or later.", "nessusSeverity": "Medium", "cvssScoreSource": "CVE-2019-17132", "vpr": {}, "exploitAvailable": false, "exploitEase": "No known exploits are available", "patchPublicationDate": "2019-10-08T00:00:00", "vulnerabilityPublicationDate": "2019-10-08T00:00:00", "exploitableWith": [], "_object_type": "robots.models.nessus.NessusBulletin", "_object_types": ["robots.models.nessus.NessusBulletin", "robots.models.base.Bulletin"]}, {"id": "WEB_APPLICATION_SCANNING_98774", "hash": "6fcd0c2d52ce272b24ee85db48688d31", "type": "nessus", "bulletinFamily": "scanner", "title": "vBulletin 5.5.4 < 5.5.4 Patch Level 2 Multiple Vulnerabilities", "description": "According to the self-reported version in its response header, the version of vBulletin hosted on the remote web server is 5.5.x < 5.5.2 Patch Level 2, 5.5.3 < 5.5.3 Patch Level 2 or 5.5.4 < 5.5.4 Patch Level 2. It is, therefore, affected by multiples vulnerabilities :\n\n - A SQL injection vulnerability via the ajax/api/hook/getHookList or ajax/api/widget/getWidgetList where parameter\n\n - A remote code execution vulnerability via data[extension] and data[filedata] parameters within ajax/api/user/updateAvatar endpoint\n\nNote that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number.", "published": "2019-12-12T00:00:00", "modified": "2021-09-07T00:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "href": "https://www.tenable.com/plugins/was/98774", "reporter": "This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17132", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17271", "https://packetstormsecurity.com/files/154759/vBulletin-5.5.4-Remote-Code-Execution.html", "https://packetstormsecurity.com/files/154758/vBulletin-5.5.4-SQL-Injection.html", "https://forum.vbulletin.com/forum/vbulletin-announcements/vbulletin-announcements_aa/4423646-vbulletin-5-5-x-5-5-2-5-5-3-and-5-5-4-security-patch-level-2"], "cvelist": ["CVE-2019-17271", "CVE-2019-17132"], "immutableFields": [], "lastseen": "2021-10-09T00:11:23", "history": [{"bulletin": {"id": "WEB_APPLICATION_SCANNING_98774", "hash": "60969e643241c74ef7e71eba105c16dc", "type": "nessus", "bulletinFamily": "scanner", "title": "vBulletin 5.5.4 < 5.5.4 Patch Level 2 Multiple Vulnerabilities", "description": "According to the self-reported version in its response header, the version of vBulletin hosted on the remote web server is 5.5.x < 5.5.2 Patch Level 2, 5.5.3 < 5.5.3 Patch Level 2 or 5.5.4 < 5.5.4 Patch Level 2. It is, therefore, affected by multiples vulnerabilities :\n\n - A SQL injection vulnerability via the ajax/api/hook/getHookList or ajax/api/widget/getWidgetList where parameter\n\n - A remote code execution vulnerability via data[extension] and data[filedata] parameters within ajax/api/user/updateAvatar endpoint\n\nNote that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number.", "published": "2019-12-12T00:00:00", "modified": "2021-07-07T00:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "href": "https://www.tenable.com/plugins/was/98774", "reporter": "This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://packetstormsecurity.com/files/154759/vBulletin-5.5.4-Remote-Code-Execution.html", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17271", "https://forum.vbulletin.com/forum/vbulletin-announcements/vbulletin-announcements_aa/4423646-vbulletin-5-5-x-5-5-2-5-5-3-and-5-5-4-security-patch-level-2", "https://packetstormsecurity.com/files/154758/vBulletin-5.5.4-SQL-Injection.html", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17132"], "cvelist": ["CVE-2019-17271", "CVE-2019-17132"], "immutableFields": [], "lastseen": "2021-08-05T13:10:32", "history": [], "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2019-17271", "CVE-2019-17132"]}, {"type": "symantec", "idList": ["SMNTC-110586", "SMNTC-110593"]}, {"type": "thn", "idList": ["THN:093159C4FD68C474FAF589D92E25C41A"]}, {"type": "nessus", "idList": ["WEB_APPLICATION_SCANNING_98775", "WEB_APPLICATION_SCANNING_98776"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:154759", "PACKETSTORM:154758"]}, {"type": "zdt", "idList": ["1337DAY-ID-33345"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310143057"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:CDCEBFD7A5CA54B2EB9DC3E9D4BA725E"]}, {"type": "exploitdb", "idList": ["EDB-ID:47475"]}], "modified": "2021-08-05T13:10:32", "rev": 2}, "score": {"value": 6.5, "vector": "NONE", "modified": "2021-08-05T13:10:32", "rev": 2}}, "objectVersion": "1.6", "pluginID": "98774", "sourceData": "Binary data WEB_APPLICATION_SCANNING_98774", "naslFamily": "Component Vulnerability", "cpe": [], "solution": "Upgrade to vBulletin version 5.5.4 Patch Level 2 or later.", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": "2019-10-08T00:00:00", "vulnerabilityPublicationDate": "2019-10-08T00:00:00", "exploitableWith": []}, "lastseen": "2021-08-05T13:10:32", "differentElements": ["cpe", "sourceData"], "edition": 1}, {"bulletin": {"id": "WEB_APPLICATION_SCANNING_98774", "hash": "d3a4c1cf5baa1ff68f2f34f984168118", "type": "nessus", "bulletinFamily": "scanner", "title": "vBulletin 5.5.4 < 5.5.4 Patch Level 2 Multiple Vulnerabilities", "description": "According to the self-reported version in its response header, the version of vBulletin hosted on the remote web server is 5.5.x < 5.5.2 Patch Level 2, 5.5.3 < 5.5.3 Patch Level 2 or 5.5.4 < 5.5.4 Patch Level 2. It is, therefore, affected by multiples vulnerabilities :\n\n - A SQL injection vulnerability via the ajax/api/hook/getHookList or ajax/api/widget/getWidgetList where parameter\n\n - A remote code execution vulnerability via data[extension] and data[filedata] parameters within ajax/api/user/updateAvatar endpoint\n\nNote that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number.", "published": "2019-12-12T00:00:00", "modified": "2021-07-07T00:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "href": "https://www.tenable.com/plugins/was/98774", "reporter": "This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://packetstormsecurity.com/files/154759/vBulletin-5.5.4-Remote-Code-Execution.html", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17132", "https://packetstormsecurity.com/files/154758/vBulletin-5.5.4-SQL-Injection.html", "https://forum.vbulletin.com/forum/vbulletin-announcements/vbulletin-announcements_aa/4423646-vbulletin-5-5-x-5-5-2-5-5-3-and-5-5-4-security-patch-level-2", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17271"], "cvelist": ["CVE-2019-17271", "CVE-2019-17132"], "immutableFields": [], "lastseen": "2021-08-07T16:06:58", "history": [], "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2019-17271", "CVE-2019-17132"]}, {"type": "symantec", "idList": ["SMNTC-110586", "SMNTC-110593"]}, {"type": "thn", "idList": ["THN:093159C4FD68C474FAF589D92E25C41A"]}, {"type": "nessus", "idList": ["WEB_APPLICATION_SCANNING_98775", "WEB_APPLICATION_SCANNING_98776"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:154758", "PACKETSTORM:154759"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310143057"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:CDCEBFD7A5CA54B2EB9DC3E9D4BA725E"]}, {"type": "zdt", "idList": ["1337DAY-ID-33345"]}, {"type": "exploitdb", "idList": ["EDB-ID:47475"]}], "modified": "2021-08-07T16:06:58", "rev": 2}, "score": {"value": 6.7, "vector": "NONE", "modified": "2021-08-07T16:06:58", "rev": 2}}, "objectVersion": "1.6", "pluginID": "98774", "sourceData": "No source data", "naslFamily": "Component Vulnerability", "cpe": ["cpe:2.3:a:vbulletin:vbulletin:*:*:*:*:*:*:*:*"], "solution": "Upgrade to vBulletin version 5.5.4 Patch Level 2 or later.", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": "2019-10-08T00:00:00", "vulnerabilityPublicationDate": "2019-10-08T00:00:00", "exploitableWith": []}, "lastseen": "2021-08-07T16:06:58", "differentElements": ["nessusSeverity"], "edition": 2}, {"bulletin": {"id": "WEB_APPLICATION_SCANNING_98774", "hash": "6671fa8605ea44bc7cb3f327af8c6adb", "type": "nessus", "bulletinFamily": "scanner", "title": "vBulletin 5.5.4 < 5.5.4 Patch Level 2 Multiple Vulnerabilities", "description": "According to the self-reported version in its response header, the version of vBulletin hosted on the remote web server is 5.5.x < 5.5.2 Patch Level 2, 5.5.3 < 5.5.3 Patch Level 2 or 5.5.4 < 5.5.4 Patch Level 2. It is, therefore, affected by multiples vulnerabilities :\n\n - A SQL injection vulnerability via the ajax/api/hook/getHookList or ajax/api/widget/getWidgetList where parameter\n\n - A remote code execution vulnerability via data[extension] and data[filedata] parameters within ajax/api/user/updateAvatar endpoint\n\nNote that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number.", "published": "2019-12-12T00:00:00", "modified": "2021-07-07T00:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "href": "https://www.tenable.com/plugins/was/98774", "reporter": "This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://forum.vbulletin.com/forum/vbulletin-announcements/vbulletin-announcements_aa/4423646-vbulletin-5-5-x-5-5-2-5-5-3-and-5-5-4-security-patch-level-2", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17271", "https://packetstormsecurity.com/files/154758/vBulletin-5.5.4-SQL-Injection.html", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17132", "https://packetstormsecurity.com/files/154759/vBulletin-5.5.4-Remote-Code-Execution.html"], "cvelist": ["CVE-2019-17271", "CVE-2019-17132"], "immutableFields": [], "lastseen": "2021-08-19T12:17:22", "history": [], "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2019-17271", "CVE-2019-17132"]}, {"type": "symantec", "idList": ["SMNTC-110586", "SMNTC-110593"]}, {"type": "thn", "idList": ["THN:093159C4FD68C474FAF589D92E25C41A"]}, {"type": "nessus", "idList": ["WEB_APPLICATION_SCANNING_98775", "WEB_APPLICATION_SCANNING_98776"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:154758", "PACKETSTORM:154759"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310143057"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:CDCEBFD7A5CA54B2EB9DC3E9D4BA725E"]}, {"type": "zdt", "idList": ["1337DAY-ID-33345"]}, {"type": "exploitdb", "idList": ["EDB-ID:47475"]}], "modified": "2021-08-19T12:17:22", "rev": 2}, "score": {"value": 6.7, "vector": "NONE", "modified": "2021-08-19T12:17:22", "rev": 2}}, "objectVersion": "1.6", "pluginID": "98774", "sourceData": "No source data", "naslFamily": "Component Vulnerability", "cpe": ["cpe:2.3:a:vbulletin:vbulletin:*:*:*:*:*:*:*:*"], "solution": "Upgrade to vBulletin version 5.5.4 Patch Level 2 or later.", "nessusSeverity": "Medium", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": "2019-10-08T00:00:00", "vulnerabilityPublicationDate": "2019-10-08T00:00:00", "exploitableWith": []}, "lastseen": "2021-08-19T12:17:22", "differentElements": ["modified"], "edition": 3}, {"bulletin": {"id": "WEB_APPLICATION_SCANNING_98774", "hash": "121f535405719a8636956a14eb18e1fb", "type": "nessus", "bulletinFamily": "scanner", "title": "vBulletin 5.5.4 < 5.5.4 Patch Level 2 Multiple Vulnerabilities", "description": "According to the self-reported version in its response header, the version of vBulletin hosted on the remote web server is 5.5.x < 5.5.2 Patch Level 2, 5.5.3 < 5.5.3 Patch Level 2 or 5.5.4 < 5.5.4 Patch Level 2. It is, therefore, affected by multiples vulnerabilities :\n\n - A SQL injection vulnerability via the ajax/api/hook/getHookList or ajax/api/widget/getWidgetList where parameter\n\n - A remote code execution vulnerability via data[extension] and data[filedata] parameters within ajax/api/user/updateAvatar endpoint\n\nNote that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number.", "published": "2019-12-12T00:00:00", "modified": "2021-09-07T00:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "href": "https://www.tenable.com/plugins/was/98774", "reporter": "This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://forum.vbulletin.com/forum/vbulletin-announcements/vbulletin-announcements_aa/4423646-vbulletin-5-5-x-5-5-2-5-5-3-and-5-5-4-security-patch-level-2", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17271", "https://packetstormsecurity.com/files/154759/vBulletin-5.5.4-Remote-Code-Execution.html", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17132", "https://packetstormsecurity.com/files/154758/vBulletin-5.5.4-SQL-Injection.html"], "cvelist": ["CVE-2019-17271", "CVE-2019-17132"], "immutableFields": [], "lastseen": "2021-09-17T00:29:55", "history": [], "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2019-17271", "CVE-2019-17132"]}, {"type": "symantec", "idList": ["SMNTC-110586", "SMNTC-110593"]}, {"type": "thn", "idList": ["THN:093159C4FD68C474FAF589D92E25C41A"]}, {"type": "nessus", "idList": ["WEB_APPLICATION_SCANNING_98775", "WEB_APPLICATION_SCANNING_98776"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:154759", "PACKETSTORM:154758"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310143057"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:CDCEBFD7A5CA54B2EB9DC3E9D4BA725E"]}, {"type": "zdt", "idList": ["1337DAY-ID-33345"]}, {"type": "exploitdb", "idList": ["EDB-ID:47475"]}], "modified": "2021-09-17T00:29:55", "rev": 2}, "score": {"value": 6.7, "vector": "NONE", "modified": "2021-09-17T00:29:55", "rev": 2}}, "objectVersion": "1.6", "pluginID": "98774", "sourceData": "No source data", "naslFamily": "Component Vulnerability", "cpe": ["cpe:2.3:a:vbulletin:vbulletin:*:*:*:*:*:*:*:*"], "solution": "Upgrade to vBulletin version 5.5.4 Patch Level 2 or later.", "nessusSeverity": "Medium", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": "2019-10-08T00:00:00", "vulnerabilityPublicationDate": "2019-10-08T00:00:00", "exploitableWith": []}, "lastseen": "2021-09-17T00:29:55", "differentElements": ["exploitEase"], "edition": 4}, {"bulletin": {"id": "WEB_APPLICATION_SCANNING_98774", "hash": "0f85e0bbb9d48ad3d789f8d6bf658527", "type": "nessus", "bulletinFamily": "scanner", "title": "vBulletin 5.5.4 < 5.5.4 Patch Level 2 Multiple Vulnerabilities", "description": "According to the self-reported version in its response header, the version of vBulletin hosted on the remote web server is 5.5.x < 5.5.2 Patch Level 2, 5.5.3 < 5.5.3 Patch Level 2 or 5.5.4 < 5.5.4 Patch Level 2. It is, therefore, affected by multiples vulnerabilities :\n\n - A SQL injection vulnerability via the ajax/api/hook/getHookList or ajax/api/widget/getWidgetList where parameter\n\n - A remote code execution vulnerability via data[extension] and data[filedata] parameters within ajax/api/user/updateAvatar endpoint\n\nNote that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number.", "published": "2019-12-12T00:00:00", "modified": "2021-09-07T00:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "href": "https://www.tenable.com/plugins/was/98774", "reporter": "This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17271", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17132", "https://packetstormsecurity.com/files/154759/vBulletin-5.5.4-Remote-Code-Execution.html", "https://packetstormsecurity.com/files/154758/vBulletin-5.5.4-SQL-Injection.html", "https://forum.vbulletin.com/forum/vbulletin-announcements/vbulletin-announcements_aa/4423646-vbulletin-5-5-x-5-5-2-5-5-3-and-5-5-4-security-patch-level-2"], "cvelist": ["CVE-2019-17271", "CVE-2019-17132"], "immutableFields": [], "lastseen": "2021-09-23T00:32:08", "history": [], "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2019-17132", "CVE-2019-17271"]}, {"type": "symantec", "idList": ["SMNTC-110586", "SMNTC-110593"]}, {"type": "thn", "idList": ["THN:093159C4FD68C474FAF589D92E25C41A"]}, {"type": "nessus", "idList": ["WEB_APPLICATION_SCANNING_98776", "WEB_APPLICATION_SCANNING_98775"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:154758", "PACKETSTORM:154759"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310143057"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:CDCEBFD7A5CA54B2EB9DC3E9D4BA725E"]}, {"type": "zdt", "idList": ["1337DAY-ID-33345"]}, {"type": "exploitdb", "idList": ["EDB-ID:47475"]}], "modified": "2021-09-23T00:32:08", "rev": 2}, "score": {"value": 6.7, "vector": "NONE", "modified": "2021-09-23T00:32:08", "rev": 2}}, "objectVersion": "1.6", "pluginID": "98774", "sourceData": "No source data", "naslFamily": "Component Vulnerability", "cpe": ["cpe:2.3:a:vbulletin:vbulletin:*:*:*:*:*:*:*:*"], "solution": "Upgrade to vBulletin version 5.5.4 Patch Level 2 or later.", "nessusSeverity": "Medium", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "No known exploits are available", "patchPublicationDate": "2019-10-08T00:00:00", "vulnerabilityPublicationDate": "2019-10-08T00:00:00", "exploitableWith": []}, "lastseen": "2021-09-23T00:32:08", "differentElements": ["cvssScoreSource"], "edition": 5}], "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2019-17271", "CVE-2019-17132"]}, {"type": "symantec", "idList": ["SMNTC-110593", "SMNTC-110586"]}, {"type": "thn", "idList": ["THN:093159C4FD68C474FAF589D92E25C41A"]}, {"type": "nessus", "idList": ["WEB_APPLICATION_SCANNING_98775", "WEB_APPLICATION_SCANNING_98776"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:154759", "PACKETSTORM:154758"]}, {"type": "exploitdb", "idList": ["EDB-ID:47475"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310143057"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:CDCEBFD7A5CA54B2EB9DC3E9D4BA725E"]}, {"type": "zdt", "idList": ["1337DAY-ID-33345"]}], "modified": "2021-10-09T00:11:23", "rev": 2}, "score": {"value": 6.7, "vector": "NONE", "modified": "2021-10-09T00:11:23", "rev": 2}}, "objectVersion": "1.6", "pluginID": "98774", "sourceData": "No source data", "naslFamily": "Component Vulnerability", "cpe": ["cpe:2.3:a:vbulletin:vbulletin:*:*:*:*:*:*:*:*"], "solution": "Upgrade to vBulletin version 5.5.4 Patch Level 2 or later.", "nessusSeverity": "Medium", "cvssScoreSource": "CVE-2019-17132", "vpr": {}, "exploitAvailable": false, "exploitEase": "No known exploits are available", "patchPublicationDate": "2019-10-08T00:00:00", "vulnerabilityPublicationDate": "2019-10-08T00:00:00", "exploitableWith": [], "_object_type": "robots.models.nessus.NessusBulletin", "_object_types": ["robots.models.nessus.NessusBulletin", "robots.models.base.Bulletin"]}, {"id": "WEB_APPLICATION_SCANNING_98776", "hash": "73215ac599b425a1b1bc6e32e5b4ab2a", "type": "nessus", "bulletinFamily": "scanner", "title": "vBulletin 5.5.x < 5.5.2 Patch Level 2 Multiple Vulnerabilities", "description": "According to the self-reported version in its response header, the version of vBulletin hosted on the remote web server is 5.5.x < 5.5.2 Patch Level 2, 5.5.3 < 5.5.3 Patch Level 2 or 5.5.4 < 5.5.4 Patch Level 2. It is, therefore, affected by multiples vulnerabilities :\n\n - A SQL injection vulnerability via the ajax/api/hook/getHookList or ajax/api/widget/getWidgetList where parameter\n\n - A remote code execution vulnerability via data[extension] and data[filedata] parameters within ajax/api/user/updateAvatar endpoint\n\nNote that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number.", "published": "2019-12-12T00:00:00", "modified": "2021-09-07T00:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "href": "https://www.tenable.com/plugins/was/98776", "reporter": "This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17132", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17271", "https://packetstormsecurity.com/files/154759/vBulletin-5.5.4-Remote-Code-Execution.html", "https://packetstormsecurity.com/files/154758/vBulletin-5.5.4-SQL-Injection.html", "https://forum.vbulletin.com/forum/vbulletin-announcements/vbulletin-announcements_aa/4423646-vbulletin-5-5-x-5-5-2-5-5-3-and-5-5-4-security-patch-level-2"], "cvelist": ["CVE-2019-17271", "CVE-2019-17132"], "immutableFields": [], "lastseen": "2021-10-09T00:11:23", "history": [{"bulletin": {"id": "WEB_APPLICATION_SCANNING_98776", "hash": "c08d2342f59fa3b09c0cb2c9b056b199", "type": "nessus", "bulletinFamily": "scanner", "title": "vBulletin 5.5.x < 5.5.2 Patch Level 2 Multiple Vulnerabilities", "description": "According to the self-reported version in its response header, the version of vBulletin hosted on the remote web server is 5.5.x < 5.5.2 Patch Level 2, 5.5.3 < 5.5.3 Patch Level 2 or 5.5.4 < 5.5.4 Patch Level 2. It is, therefore, affected by multiples vulnerabilities :\n\n - A SQL injection vulnerability via the ajax/api/hook/getHookList or ajax/api/widget/getWidgetList where parameter\n\n - A remote code execution vulnerability via data[extension] and data[filedata] parameters within ajax/api/user/updateAvatar endpoint\n\nNote that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number.", "published": "2019-12-12T00:00:00", "modified": "2021-07-07T00:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "href": "https://www.tenable.com/plugins/was/98776", "reporter": "This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://packetstormsecurity.com/files/154759/vBulletin-5.5.4-Remote-Code-Execution.html", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17271", "https://forum.vbulletin.com/forum/vbulletin-announcements/vbulletin-announcements_aa/4423646-vbulletin-5-5-x-5-5-2-5-5-3-and-5-5-4-security-patch-level-2", "https://packetstormsecurity.com/files/154758/vBulletin-5.5.4-SQL-Injection.html", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17132"], "cvelist": ["CVE-2019-17271", "CVE-2019-17132"], "immutableFields": [], "lastseen": "2021-08-05T13:10:32", "history": [], "viewCount": 1, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2019-17271", "CVE-2019-17132"]}, {"type": "symantec", "idList": ["SMNTC-110586", "SMNTC-110593"]}, {"type": "thn", "idList": ["THN:093159C4FD68C474FAF589D92E25C41A"]}, {"type": "nessus", "idList": ["WEB_APPLICATION_SCANNING_98775", "WEB_APPLICATION_SCANNING_98774"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:154759", "PACKETSTORM:154758"]}, {"type": "zdt", "idList": ["1337DAY-ID-33345"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310143057"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:CDCEBFD7A5CA54B2EB9DC3E9D4BA725E"]}, {"type": "exploitdb", "idList": ["EDB-ID:47475"]}], "modified": "2021-08-05T13:10:32", "rev": 2}, "score": {"value": 6.5, "vector": "NONE", "modified": "2021-08-05T13:10:32", "rev": 2}}, "objectVersion": "1.6", "pluginID": "98776", "sourceData": "Binary data WEB_APPLICATION_SCANNING_98776", "naslFamily": "Component Vulnerability", "cpe": [], "solution": "Upgrade to vBulletin version 5.5.2 Patch Level 2 or later.", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": "2019-10-08T00:00:00", "vulnerabilityPublicationDate": "2019-10-08T00:00:00", "exploitableWith": []}, "lastseen": "2021-08-05T13:10:32", "differentElements": ["cpe", "sourceData"], "edition": 1}, {"bulletin": {"id": "WEB_APPLICATION_SCANNING_98776", "hash": "bbc46996885f481916c152288cc28324", "type": "nessus", "bulletinFamily": "scanner", "title": "vBulletin 5.5.x < 5.5.2 Patch Level 2 Multiple Vulnerabilities", "description": "According to the self-reported version in its response header, the version of vBulletin hosted on the remote web server is 5.5.x < 5.5.2 Patch Level 2, 5.5.3 < 5.5.3 Patch Level 2 or 5.5.4 < 5.5.4 Patch Level 2. It is, therefore, affected by multiples vulnerabilities :\n\n - A SQL injection vulnerability via the ajax/api/hook/getHookList or ajax/api/widget/getWidgetList where parameter\n\n - A remote code execution vulnerability via data[extension] and data[filedata] parameters within ajax/api/user/updateAvatar endpoint\n\nNote that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number.", "published": "2019-12-12T00:00:00", "modified": "2021-07-07T00:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "href": "https://www.tenable.com/plugins/was/98776", "reporter": "This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://packetstormsecurity.com/files/154759/vBulletin-5.5.4-Remote-Code-Execution.html", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17132", "https://packetstormsecurity.com/files/154758/vBulletin-5.5.4-SQL-Injection.html", "https://forum.vbulletin.com/forum/vbulletin-announcements/vbulletin-announcements_aa/4423646-vbulletin-5-5-x-5-5-2-5-5-3-and-5-5-4-security-patch-level-2", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17271"], "cvelist": ["CVE-2019-17271", "CVE-2019-17132"], "immutableFields": [], "lastseen": "2021-08-07T16:06:58", "history": [], "viewCount": 1, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2019-17271", "CVE-2019-17132"]}, {"type": "symantec", "idList": ["SMNTC-110586", "SMNTC-110593"]}, {"type": "thn", "idList": ["THN:093159C4FD68C474FAF589D92E25C41A"]}, {"type": "nessus", "idList": ["WEB_APPLICATION_SCANNING_98775", "WEB_APPLICATION_SCANNING_98774"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:154758", "PACKETSTORM:154759"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310143057"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:CDCEBFD7A5CA54B2EB9DC3E9D4BA725E"]}, {"type": "zdt", "idList": ["1337DAY-ID-33345"]}, {"type": "exploitdb", "idList": ["EDB-ID:47475"]}], "modified": "2021-08-07T16:06:58", "rev": 2}, "score": {"value": 6.7, "vector": "NONE", "modified": "2021-08-07T16:06:58", "rev": 2}}, "objectVersion": "1.6", "pluginID": "98776", "sourceData": "No source data", "naslFamily": "Component Vulnerability", "cpe": ["cpe:2.3:a:vbulletin:vbulletin:*:*:*:*:*:*:*:*"], "solution": "Upgrade to vBulletin version 5.5.2 Patch Level 2 or later.", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": "2019-10-08T00:00:00", "vulnerabilityPublicationDate": "2019-10-08T00:00:00", "exploitableWith": []}, "lastseen": "2021-08-07T16:06:58", "differentElements": ["nessusSeverity"], "edition": 2}, {"bulletin": {"id": "WEB_APPLICATION_SCANNING_98776", "hash": "3526f6a23f12976095f4136c82e453d2", "type": "nessus", "bulletinFamily": "scanner", "title": "vBulletin 5.5.x < 5.5.2 Patch Level 2 Multiple Vulnerabilities", "description": "According to the self-reported version in its response header, the version of vBulletin hosted on the remote web server is 5.5.x < 5.5.2 Patch Level 2, 5.5.3 < 5.5.3 Patch Level 2 or 5.5.4 < 5.5.4 Patch Level 2. It is, therefore, affected by multiples vulnerabilities :\n\n - A SQL injection vulnerability via the ajax/api/hook/getHookList or ajax/api/widget/getWidgetList where parameter\n\n - A remote code execution vulnerability via data[extension] and data[filedata] parameters within ajax/api/user/updateAvatar endpoint\n\nNote that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number.", "published": "2019-12-12T00:00:00", "modified": "2021-07-07T00:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "href": "https://www.tenable.com/plugins/was/98776", "reporter": "This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://forum.vbulletin.com/forum/vbulletin-announcements/vbulletin-announcements_aa/4423646-vbulletin-5-5-x-5-5-2-5-5-3-and-5-5-4-security-patch-level-2", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17271", "https://packetstormsecurity.com/files/154758/vBulletin-5.5.4-SQL-Injection.html", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17132", "https://packetstormsecurity.com/files/154759/vBulletin-5.5.4-Remote-Code-Execution.html"], "cvelist": ["CVE-2019-17271", "CVE-2019-17132"], "immutableFields": [], "lastseen": "2021-08-19T12:17:23", "history": [], "viewCount": 1, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2019-17271", "CVE-2019-17132"]}, {"type": "symantec", "idList": ["SMNTC-110586", "SMNTC-110593"]}, {"type": "thn", "idList": ["THN:093159C4FD68C474FAF589D92E25C41A"]}, {"type": "nessus", "idList": ["WEB_APPLICATION_SCANNING_98775", "WEB_APPLICATION_SCANNING_98774"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:154758", "PACKETSTORM:154759"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310143057"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:CDCEBFD7A5CA54B2EB9DC3E9D4BA725E"]}, {"type": "zdt", "idList": ["1337DAY-ID-33345"]}, {"type": "exploitdb", "idList": ["EDB-ID:47475"]}], "modified": "2021-08-19T12:17:23", "rev": 2}, "score": {"value": 6.7, "vector": "NONE", "modified": "2021-08-19T12:17:23", "rev": 2}}, "objectVersion": "1.6", "pluginID": "98776", "sourceData": "No source data", "naslFamily": "Component Vulnerability", "cpe": ["cpe:2.3:a:vbulletin:vbulletin:*:*:*:*:*:*:*:*"], "solution": "Upgrade to vBulletin version 5.5.2 Patch Level 2 or later.", "nessusSeverity": "Medium", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": "2019-10-08T00:00:00", "vulnerabilityPublicationDate": "2019-10-08T00:00:00", "exploitableWith": []}, "lastseen": "2021-08-19T12:17:23", "differentElements": ["modified"], "edition": 3}, {"bulletin": {"id": "WEB_APPLICATION_SCANNING_98776", "hash": "d3e6e4b27bbc8361268abfb411529a32", "type": "nessus", "bulletinFamily": "scanner", "title": "vBulletin 5.5.x < 5.5.2 Patch Level 2 Multiple Vulnerabilities", "description": "According to the self-reported version in its response header, the version of vBulletin hosted on the remote web server is 5.5.x < 5.5.2 Patch Level 2, 5.5.3 < 5.5.3 Patch Level 2 or 5.5.4 < 5.5.4 Patch Level 2. It is, therefore, affected by multiples vulnerabilities :\n\n - A SQL injection vulnerability via the ajax/api/hook/getHookList or ajax/api/widget/getWidgetList where parameter\n\n - A remote code execution vulnerability via data[extension] and data[filedata] parameters within ajax/api/user/updateAvatar endpoint\n\nNote that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number.", "published": "2019-12-12T00:00:00", "modified": "2021-09-07T00:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "href": "https://www.tenable.com/plugins/was/98776", "reporter": "This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://forum.vbulletin.com/forum/vbulletin-announcements/vbulletin-announcements_aa/4423646-vbulletin-5-5-x-5-5-2-5-5-3-and-5-5-4-security-patch-level-2", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17271", "https://packetstormsecurity.com/files/154759/vBulletin-5.5.4-Remote-Code-Execution.html", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17132", "https://packetstormsecurity.com/files/154758/vBulletin-5.5.4-SQL-Injection.html"], "cvelist": ["CVE-2019-17271", "CVE-2019-17132"], "immutableFields": [], "lastseen": "2021-09-17T00:29:56", "history": [], "viewCount": 1, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2019-17271", "CVE-2019-17132"]}, {"type": "symantec", "idList": ["SMNTC-110586", "SMNTC-110593"]}, {"type": "thn", "idList": ["THN:093159C4FD68C474FAF589D92E25C41A"]}, {"type": "nessus", "idList": ["WEB_APPLICATION_SCANNING_98774", "WEB_APPLICATION_SCANNING_98775"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:154759", "PACKETSTORM:154758"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310143057"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:CDCEBFD7A5CA54B2EB9DC3E9D4BA725E"]}, {"type": "zdt", "idList": ["1337DAY-ID-33345"]}, {"type": "exploitdb", "idList": ["EDB-ID:47475"]}], "modified": "2021-09-17T00:29:56", "rev": 2}, "score": {"value": 6.7, "vector": "NONE", "modified": "2021-09-17T00:29:56", "rev": 2}}, "objectVersion": "1.6", "pluginID": "98776", "sourceData": "No source data", "naslFamily": "Component Vulnerability", "cpe": ["cpe:2.3:a:vbulletin:vbulletin:*:*:*:*:*:*:*:*"], "solution": "Upgrade to vBulletin version 5.5.2 Patch Level 2 or later.", "nessusSeverity": "Medium", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": "2019-10-08T00:00:00", "vulnerabilityPublicationDate": "2019-10-08T00:00:00", "exploitableWith": []}, "lastseen": "2021-09-17T00:29:56", "differentElements": ["exploitEase"], "edition": 4}, {"bulletin": {"id": "WEB_APPLICATION_SCANNING_98776", "hash": "3249de79eb704e8592eeb634ca6d28d0", "type": "nessus", "bulletinFamily": "scanner", "title": "vBulletin 5.5.x < 5.5.2 Patch Level 2 Multiple Vulnerabilities", "description": "According to the self-reported version in its response header, the version of vBulletin hosted on the remote web server is 5.5.x < 5.5.2 Patch Level 2, 5.5.3 < 5.5.3 Patch Level 2 or 5.5.4 < 5.5.4 Patch Level 2. It is, therefore, affected by multiples vulnerabilities :\n\n - A SQL injection vulnerability via the ajax/api/hook/getHookList or ajax/api/widget/getWidgetList where parameter\n\n - A remote code execution vulnerability via data[extension] and data[filedata] parameters within ajax/api/user/updateAvatar endpoint\n\nNote that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number.", "published": "2019-12-12T00:00:00", "modified": "2021-09-07T00:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "href": "https://www.tenable.com/plugins/was/98776", "reporter": "This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17271", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17132", "https://packetstormsecurity.com/files/154759/vBulletin-5.5.4-Remote-Code-Execution.html", "https://packetstormsecurity.com/files/154758/vBulletin-5.5.4-SQL-Injection.html", "https://forum.vbulletin.com/forum/vbulletin-announcements/vbulletin-announcements_aa/4423646-vbulletin-5-5-x-5-5-2-5-5-3-and-5-5-4-security-patch-level-2"], "cvelist": ["CVE-2019-17271", "CVE-2019-17132"], "immutableFields": [], "lastseen": "2021-09-23T00:32:06", "history": [], "viewCount": 1, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2019-17132", "CVE-2019-17271"]}, {"type": "symantec", "idList": ["SMNTC-110586", "SMNTC-110593"]}, {"type": "thn", "idList": ["THN:093159C4FD68C474FAF589D92E25C41A"]}, {"type": "nessus", "idList": ["WEB_APPLICATION_SCANNING_98774", "WEB_APPLICATION_SCANNING_98775"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:154758", "PACKETSTORM:154759"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310143057"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:CDCEBFD7A5CA54B2EB9DC3E9D4BA725E"]}, {"type": "zdt", "idList": ["1337DAY-ID-33345"]}, {"type": "exploitdb", "idList": ["EDB-ID:47475"]}], "modified": "2021-09-23T00:32:06", "rev": 2}, "score": {"value": 6.7, "vector": "NONE", "modified": "2021-09-23T00:32:06", "rev": 2}}, "objectVersion": "1.6", "pluginID": "98776", "sourceData": "No source data", "naslFamily": "Component Vulnerability", "cpe": ["cpe:2.3:a:vbulletin:vbulletin:*:*:*:*:*:*:*:*"], "solution": "Upgrade to vBulletin version 5.5.2 Patch Level 2 or later.", "nessusSeverity": "Medium", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "No known exploits are available", "patchPublicationDate": "2019-10-08T00:00:00", "vulnerabilityPublicationDate": "2019-10-08T00:00:00", "exploitableWith": []}, "lastseen": "2021-09-23T00:32:06", "differentElements": ["cvssScoreSource"], "edition": 5}], "viewCount": 1, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2019-17271", "CVE-2019-17132"]}, {"type": "symantec", "idList": ["SMNTC-110593", "SMNTC-110586"]}, {"type": "thn", "idList": ["THN:093159C4FD68C474FAF589D92E25C41A"]}, {"type": "nessus", "idList": ["WEB_APPLICATION_SCANNING_98774", "WEB_APPLICATION_SCANNING_98775"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:154759", "PACKETSTORM:154758"]}, {"type": "exploitdb", "idList": ["EDB-ID:47475"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310143057"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:CDCEBFD7A5CA54B2EB9DC3E9D4BA725E"]}, {"type": "zdt", "idList": ["1337DAY-ID-33345"]}], "modified": "2021-10-09T00:11:23", "rev": 2}, "score": {"value": 6.7, "vector": "NONE", "modified": "2021-10-09T00:11:23", "rev": 2}}, "objectVersion": "1.6", "pluginID": "98776", "sourceData": "No source data", "naslFamily": "Component Vulnerability", "cpe": ["cpe:2.3:a:vbulletin:vbulletin:*:*:*:*:*:*:*:*"], "solution": "Upgrade to vBulletin version 5.5.2 Patch Level 2 or later.", "nessusSeverity": "Medium", "cvssScoreSource": "CVE-2019-17132", "vpr": {}, "exploitAvailable": false, "exploitEase": "No known exploits are available", "patchPublicationDate": "2019-10-08T00:00:00", "vulnerabilityPublicationDate": "2019-10-08T00:00:00", "exploitableWith": [], "_object_type": "robots.models.nessus.NessusBulletin", "_object_types": ["robots.models.nessus.NessusBulletin", "robots.models.base.Bulletin"]}], "thn": [{"id": "THN:093159C4FD68C474FAF589D92E25C41A", "hash": "08d0374505416341329595bbf4d873a0", "type": "thn", "bulletinFamily": "info", "title": "vBulletin Releases Patch Update for New RCE and SQLi Vulnerabilities", "description": "[![vBulletin hacking exploit](https://1.bp.blogspot.com/-B7zZKXBFimI/XZx3YZK7kOI/AAAAAAAA1Wc/f8Y8sS1RXCs3eI_ob-oKfwokEQQdNguZwCLcBGAsYHQ/s728-e100/vBulletin-hacking-exploit.png)](<https://1.bp.blogspot.com/-B7zZKXBFimI/XZx3YZK7kOI/AAAAAAAA1Wc/f8Y8sS1RXCs3eI_ob-oKfwokEQQdNguZwCLcBGAsYHQ/s728-e100/vBulletin-hacking-exploit.png>)\n\nAfter releasing a patch for a critical [zero-day remote code execution vulnerability](<https://thehackernews.com/2019/09/vbulletin-zero-day-exploit.html>) late last month, vBulletin has recently published a new security patch update that addresses 3 more high-severity vulnerabilities in its forum software. \n \nIf left unpatched, the reported security vulnerabilities, which affect vBulletin 5.5.4 and prior versions, could eventually allow remote attackers to take complete control over targeted web servers and steal sensitive user information. \n \nWritten in PHP, vBulletin is a widely used proprietary Internet forum software package that powers over 100,000 websites on the Internet, including Fortune 500 and Alexa Top 1 million companies websites and forums. \n\n\n \nDiscovered by application security researcher Egidio Romano, the first vulnerability, tracked as [CVE-2019-17132](<http://karmainsecurity.com/KIS-2019-02>), is a remote code execution flaw, while the other two are SQL injection issues, both assigned a single ID as [CVE-2019-17271](<http://karmainsecurity.com/KIS-2019-01>). \n \n\n\n## vBulletin RCE and SQLi Flaws\n\n \nThe RCE flaw resides in the way vBulletin forum handles user requests to update avatars for their profiles, an icon or graphical representation of the user, allowing a remote attacker to inject and execute arbitrary PHP code on the target server through unsanitized parameters. \n \nHowever, it should be noted that this vulnerability is not exploitable in the default installation of the vBulletin forum, rather exploitation is possible when \"Save Avatars as Files\" option is enabled by the website administrator. \n \nRomano has also released a public [proof-of-concept exploit](<http://karmainsecurity.com/pocs/CVE-2019-17132>) for this RCE vulnerability. \n \nThe other two vulnerabilities are read in-band and time-based SQL injection issues that reside in two separate endpoints and could allow administrators with restricted privileges to read sensitive data from the database, which they otherwise may not be allowed to access. \n \n\n\n[![vbulletin security vulnerabilities](https://1.bp.blogspot.com/-EuWNJPddyz0/XZx2i8q6uNI/AAAAAAAA1WU/V3iwy5XdZRciPIql45QxbYr9Gdglo2DCwCLcBGAsYHQ/s728-e100/vBulletin-vulnerabilities.png)](<https://1.bp.blogspot.com/-EuWNJPddyz0/XZx2i8q6uNI/AAAAAAAA1WU/V3iwy5XdZRciPIql45QxbYr9Gdglo2DCwCLcBGAsYHQ/s728-e100/vBulletin-vulnerabilities.png>)\n\n \nSince these two SQL injection flaws can not be exploited by any registered user and require special permissions, vBulletin forum administrators and users need not to panic. \n\n\n[![Web Application Firewall](data:image/gif;base64,R0lGODlhAgABAIAAAO/v7wAAACH5BAAAAAAALAAAAAACAAEAAAICBAoAOw==)](<https://bit.ly/2nAQ7y5> \"Web Application Firewall\" )\n\n \n\n\n## Security Patches Released\n\n \nRomano responsibly reported all the vulnerabilities to the vBulletin project maintainers just last week on September 30, and the team acknowledged his findings and released the following [security patch updates](<https://forum.vbulletin.com/forum/vbulletin-announcements/vbulletin-announcements_aa/4423646-vbulletin-5-5-x-5-5-2-5-5-3-and-5-5-4-security-patch-level-2>) that address the reported flaws. \n \n \n\n\n * vBulletin 5.5.4 Patch Level 2\n * vBulletin 5.5.3 Patch Level 2\n * vBulletin 5.5.2 Patch Level 2\n \n \nAdministrators are highly recommended to apply the security patch before hackers started exploiting the vulnerabilities to target their forum users\u2014just like someone did last week to steal login information of [nearly 245,000 Comodo Forums](<https://thehackernews.com/2019/10/Comodo-vbulletin-hacked.html>) users after the company failed to apply available patches on time.\n", "published": "2019-10-08T11:54:00", "modified": "2019-10-08T11:54:33", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://thehackernews.com/2019/10/vBulletin-hacking-exploit.html", "reporter": "The Hacker News", "references": [], "cvelist": ["CVE-2019-17132", "CVE-2019-17271"], "lastseen": "2019-10-08T13:29:32", "history": [], "viewCount": 78, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2019-17271", "CVE-2019-17132"]}, {"type": "symantec", "idList": ["SMNTC-110586", "SMNTC-110593"]}, {"type": "nessus", "idList": ["WEB_APPLICATION_SCANNING_98775", "WEB_APPLICATION_SCANNING_98776", "WEB_APPLICATION_SCANNING_98774"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:154759", "PACKETSTORM:154758"]}, {"type": "zdt", "idList": ["1337DAY-ID-33345"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310143057"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:CDCEBFD7A5CA54B2EB9DC3E9D4BA725E"]}, {"type": "exploitdb", "idList": ["EDB-ID:47475"]}], "modified": "2019-10-08T13:29:32", "rev": 2}, "score": {"value": 6.3, "vector": "NONE", "modified": "2019-10-08T13:29:32", "rev": 2}}, "objectVersion": "1.5", "_object_type": "robots.models.thn.ThnBulletin", "_object_types": ["robots.models.base.Bulletin", "robots.models.thn.ThnBulletin"], "immutableFields": [], "cvss2": {}, "cvss3": {}}], "symantec": [{"id": "SMNTC-110593", "hash": "f07b37b761534b8881f82977b97923930fa377816ece3a43862d395730f18220", "type": "symantec", "bulletinFamily": "software", "title": "vBulletin CVE-2019-17271 Multiple SQL Injection Vulnerabilities", "description": "### Description\n\nvbulletin is prone to multiple SQL-injection vulnerabilities because it fails to properly sanitize user-supplied input before using it in an SQL query. An attacker can leverage these issues to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. vBulletin 5.5.4 and prior versions are vulnerable.\n\n### Technologies Affected\n\n * VBulletin VBulletin 5.0.1 \n * VBulletin VBulletin 5.0.2 \n * VBulletin VBulletin 5.0.4 \n * VBulletin VBulletin 5.0.5 \n * VBulletin VBulletin 5.1.0 \n * VBulletin VBulletin 5.1.1 \n * VBulletin VBulletin 5.1.4 \n * VBulletin VBulletin 5.1.5 \n * VBulletin VBulletin 5.1.6 \n * VBulletin VBulletin 5.1.7 \n * VBulletin VBulletin 5.1.8 \n * VBulletin VBulletin 5.1.9 \n * VBulletin VBulletin 5.2.2 \n * VBulletin VBulletin 5.3.0 \n * VBulletin VBulletin 5.4.0 \n * VBulletin VBulletin 5.5.0 \n * VBulletin VBulletin 5.5.2 \n * VBulletin VBulletin 5.5.3 \n * VBulletin VBulletin 5.5.4 \n\n### Recommendations\n\n**Block external access at the network boundary, unless external parties require service.** \nFilter access to the affected computer at the network boundary if global access isn't needed. Restricting access to only trusted computers and networks might greatly reduce the likelihood of a successful exploit. \n\n**Run all software as a nonprivileged user with minimal access rights.** \nTo reduce the impact of latent vulnerabilities, always run nonadministrative software as an unprivileged user with minimal access rights.\n\n**Deploy network intrusion detection systems to monitor network traffic for malicious activity.** \nDeploy NIDS to detect and block attacks and anomalous activity such as requests containing suspicious URI sequences. Since the webserver may log such requests, review logs regularly.\n\n**Modify default ACL settings.** \nImplement database access control to limit the immediate impact of such vulnerabilities on the data within the database and possibly the database itself. Ensure that applications are isolated from one another and from sensitive data in the database through separate user accounts and restrictive ACL configurations.\n\nUpdates are available. Please see the references or vendor advisory for more information.\n", "published": "2019-10-07T00:00:00", "modified": "2019-10-07T00:00:00", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}, "href": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/110593", "reporter": "Symantec Security Response", "references": ["https://forum.vbulletin.com/forum/vbulletin-announcements/vbulletin-announcements_aa", "http://www.vbulletin.org/forum/portal.php"], "cvelist": ["CVE-2019-17271"], "lastseen": "2021-06-08T19:15:22", "history": [{"bulletin": {"_object_type": "robots.models.symantec.SymantecBulletin", "_object_types": ["robots.models.base.Bulletin", "robots.models.symantec.SymantecBulletin"], "affectedSoftware": [{"name": "VBulletin VBulletin", "operator": "eq", "version": "5.1.9"}, {"name": "VBulletin VBulletin", "operator": "eq", "version": "5.5.4"}, {"name": "VBulletin VBulletin", "operator": "eq", "version": "5.5.2"}, {"name": "VBulletin VBulletin", "operator": "eq", "version": "5.1.1"}, {"name": "VBulletin VBulletin", "operator": "eq", "version": "5.5.3"}, {"name": "VBulletin VBulletin", "operator": "eq", "version": "5.1.8"}, {"name": "VBulletin VBulletin", "operator": "eq", "version": "5.0.2"}, {"name": "VBulletin VBulletin", "operator": "eq", "version": "5.1.4"}, {"name": "VBulletin VBulletin", "operator": "eq", "version": "5.1.5"}, {"name": "VBulletin VBulletin", "operator": "eq", "version": "5.0.1"}, {"name": "VBulletin VBulletin", "operator": "eq", "version": "5.1.7"}, {"name": "VBulletin VBulletin", "operator": "eq", "version": "5.2.2"}, {"name": "VBulletin VBulletin", "operator": "eq", "version": "5.1.0"}, {"name": "VBulletin VBulletin", "operator": "eq", "version": "5.0.5"}, {"name": "VBulletin VBulletin", "operator": "eq", "version": "5.0.4"}, {"name": "VBulletin VBulletin", "operator": "eq", "version": "5.3.0"}, {"name": "VBulletin VBulletin", "operator": "eq", "version": "5.4.0"}, {"name": "VBulletin VBulletin", "operator": "eq", "version": "5.5.0"}, {"name": "VBulletin VBulletin", "operator": "eq", "version": "5.1.6"}], "bulletinFamily": "software", "cvelist": ["CVE-2019-17271"], "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}, "description": "### Description\n\nvbulletin is prone to multiple SQL-injection vulnerabilities because it fails to properly sanitize user-supplied input before using it in an SQL query. An attacker can leverage these issues to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. vBulletin 5.5.4 and prior versions are vulnerable.\n\n### Technologies Affected\n\n * VBulletin VBulletin 5.0.1 \n * VBulletin VBulletin 5.0.2 \n * VBulletin VBulletin 5.0.4 \n * VBulletin VBulletin 5.0.5 \n * VBulletin VBulletin 5.1.0 \n * VBulletin VBulletin 5.1.1 \n * VBulletin VBulletin 5.1.4 \n * VBulletin VBulletin 5.1.5 \n * VBulletin VBulletin 5.1.6 \n * VBulletin VBulletin 5.1.7 \n * VBulletin VBulletin 5.1.8 \n * VBulletin VBulletin 5.1.9 \n * VBulletin VBulletin 5.2.2 \n * VBulletin VBulletin 5.3.0 \n * VBulletin VBulletin 5.4.0 \n * VBulletin VBulletin 5.5.0 \n * VBulletin VBulletin 5.5.2 \n * VBulletin VBulletin 5.5.3 \n * VBulletin VBulletin 5.5.4 \n\n### Recommendations\n\n**Block external access at the network boundary, unless external parties require service.** \nFilter access to the affected computer at the network boundary if global access isn't needed. Restricting access to only trusted computers and networks might greatly reduce the likelihood of a successful exploit. \n\n**Run all software as a nonprivileged user with minimal access rights.** \nTo reduce the impact of latent vulnerabilities, always run nonadministrative software as an unprivileged user with minimal access rights.\n\n**Deploy network intrusion detection systems to monitor network traffic for malicious activity.** \nDeploy NIDS to detect and block attacks and anomalous activity such as requests containing suspicious URI sequences. Since the webserver may log such requests, review logs regularly.\n\n**Modify default ACL settings.** \nImplement database access control to limit the immediate impact of such vulnerabilities on the data within the database and possibly the database itself. Ensure that applications are isolated from one another and from sensitive data in the database through separate user accounts and restrictive ACL configurations.\n\nUpdates are available. Please see the references or vendor advisory for more information.\n", "edition": 1, "enchantments": {"dependencies": {"modified": "2019-10-25T10:33:43", "references": [{"idList": ["CVE-2019-17271"], "type": "cve"}, {"idList": ["THN:093159C4FD68C474FAF589D92E25C41A"], "type": "thn"}, {"idList": ["PACKETSTORM:154758"], "type": "packetstorm"}], "rev": 2}, "score": {"modified": "2019-10-25T10:33:43", "rev": 2, "value": 5.6, "vector": "NONE"}}, "hash": "f4bd1b8d0f7af0f419123227d1b78c7b2ca3b38c44f2ff768c52b59b90741503", "hashmap": [{"hash": "579db64b0c979288a9b0700195f1b92f", "key": "description"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "immutableFields"}, {"hash": "3bb7c5d734bb047ed452994b820ca294", "key": "cvelist"}, {"hash": "dee2d346525c42556b1833b21cb142d8", "key": "_object_types"}, {"hash": "fb1d54cd1d644fb2f98a83c3ac7da019", "key": "affectedSoftware"}, {"hash": "52e3bbafc627009ac13caff1200a0dbf", "key": "type"}, {"hash": "0b120cc6ea7d09fbb0964c72c2a91a5b", "key": "published"}, {"hash": "a0834506539ae8f277680e278baa2e56", "key": "href"}, {"hash": "f9fa10ba956cacf91d7878861139efb9", "key": "bulletinFamily"}, {"hash": "521ea9fab095f761a60b573b52efa285", "key": "references"}, {"hash": "38af5596de2fce76e4eb62aa066bbcdb", "key": "_object_type"}, {"hash": "e258b79b31d39a327c9dafeb61b7a729", "key": "cvss"}, {"hash": "d6218597dc7a1b025a781373296b2b63", "key": "reporter"}, {"hash": "26db7cb04dd881834a988401c582291c", "key": "title"}, {"hash": "0b120cc6ea7d09fbb0964c72c2a91a5b", "key": "modified"}], "history": [], "href": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/110593", "id": "SMNTC-110593", "immutableFields": [], "lastseen": "2019-10-25T10:33:43", "modified": "2019-10-07T00:00:00", "objectVersion": "1.5", "published": "2019-10-07T00:00:00", "references": ["https://forum.vbulletin.com/forum/vbulletin-announcements/vbulletin-announcements_aa", "http://www.vbulletin.org/forum/portal.php"], "reporter": "Symantec Security Response", "title": "vBulletin CVE-2019-17271 Multiple SQL Injection Vulnerabilities", "type": "symantec", "viewCount": 4}, "different_elements": ["affectedSoftware"], "edition": 1, "lastseen": "2019-10-25T10:33:43"}], "viewCount": 4, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2019-17271"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:154758"]}, {"type": "thn", "idList": ["THN:093159C4FD68C474FAF589D92E25C41A"]}, {"type": "nessus", "idList": ["WEB_APPLICATION_SCANNING_98775", "WEB_APPLICATION_SCANNING_98776", "WEB_APPLICATION_SCANNING_98774"]}], "modified": "2021-06-08T19:15:22", "rev": 2}, "score": {"value": 5.6, "vector": "NONE", "modified": "2021-06-08T19:15:22", "rev": 2}}, "objectVersion": "1.5", "affectedSoftware": [{"name": "vbulletin vbulletin", "operator": "eq", "version": "5.1.7"}, {"name": "vbulletin vbulletin", "operator": "eq", "version": "5.1.8"}, {"name": "vbulletin vbulletin", "operator": "eq", "version": "5.1.6"}, {"name": "vbulletin vbulletin", "operator": "eq", "version": "5.3.0"}, {"name": "vbulletin vbulletin", "operator": "eq", "version": "5.0.5"}, {"name": "vbulletin vbulletin", "operator": "eq", "version": "5.5.3"}, {"name": "vbulletin vbulletin", "operator": "eq", "version": "5.1.4"}, {"name": "vbulletin vbulletin", "operator": "eq", "version": "5.5.0"}, {"name": "vbulletin vbulletin", "operator": "eq", "version": "5.4.0"}, {"name": "vbulletin vbulletin", "operator": "eq", "version": "5.0.2"}, {"name": "vbulletin vbulletin", "operator": "eq", "version": "5.5.2"}, {"name": "vbulletin vbulletin", "operator": "eq", "version": "5.2.2"}, {"name": "vbulletin vbulletin", "operator": "eq", "version": "5.0.1"}, {"name": "vbulletin vbulletin", "operator": "eq", "version": "5.0.4"}, {"name": "vbulletin vbulletin", "operator": "eq", "version": "5.1.5"}, {"name": "vbulletin vbulletin", "operator": "eq", "version": "5.1.1"}, {"name": "vbulletin vbulletin", "operator": "eq", "version": "5.1.0"}, {"name": "vbulletin vbulletin", "operator": "eq", "version": "5.5.4"}, {"name": "vbulletin vbulletin", "operator": "eq", "version": "5.1.9"}], "_object_type": "robots.models.symantec.SymantecBulletin", "_object_types": ["robots.models.base.Bulletin", "robots.models.symantec.SymantecBulletin"], "immutableFields": [], "edition": 2, "hashmap": [{"key": "_object_type", "hash": "38af5596de2fce76e4eb62aa066bbcdb"}, {"key": "_object_types", "hash": "dee2d346525c42556b1833b21cb142d8"}, {"key": "affectedSoftware", "hash": "58990bd6dfcaa6e66dd1b56c79de8c20"}, {"key": "bulletinFamily", "hash": "f9fa10ba956cacf91d7878861139efb9"}, {"key": "cvelist", "hash": "3bb7c5d734bb047ed452994b820ca294"}, {"key": "cvss", "hash": "e258b79b31d39a327c9dafeb61b7a729"}, {"key": "description", "hash": "579db64b0c979288a9b0700195f1b92f"}, {"key": "href", "hash": "a0834506539ae8f277680e278baa2e56"}, {"key": "immutableFields", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "modified", "hash": "0b120cc6ea7d09fbb0964c72c2a91a5b"}, {"key": "published", "hash": "0b120cc6ea7d09fbb0964c72c2a91a5b"}, {"key": "references", "hash": "521ea9fab095f761a60b573b52efa285"}, {"key": "reporter", "hash": "d6218597dc7a1b025a781373296b2b63"}, {"key": "title", "hash": "26db7cb04dd881834a988401c582291c"}, {"key": "type", "hash": "52e3bbafc627009ac13caff1200a0dbf"}], "scheme": null, "cvss2": {}, "cvss3": {}}], "packetstorm": [{"id": "PACKETSTORM:154758", "hash": "adae843eb5df968fe881ad1883fb0163", "type": "packetstorm", "bulletinFamily": "exploit", "title": "vBulletin 5.5.4 SQL Injection", "description": "", "published": "2019-10-07T00:00:00", "modified": "2019-10-07T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://packetstormsecurity.com/files/154758/vBulletin-5.5.4-SQL-Injection.html", "reporter": "EgiX", "references": [], "cvelist": ["CVE-2019-17271"], "lastseen": "2019-10-08T14:51:01", "history": [], "viewCount": 191, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2019-17271"]}, {"type": "symantec", "idList": ["SMNTC-110593"]}, {"type": "thn", "idList": ["THN:093159C4FD68C474FAF589D92E25C41A"]}, {"type": "nessus", "idList": ["WEB_APPLICATION_SCANNING_98775", "WEB_APPLICATION_SCANNING_98776", "WEB_APPLICATION_SCANNING_98774"]}], "modified": "2019-10-08T14:51:01", "rev": 2}, "score": {"value": 5.9, "vector": "NONE", "modified": "2019-10-08T14:51:01", "rev": 2}}, "objectVersion": "1.5", "sourceHref": "https://packetstormsecurity.com/files/download/154758/KIS-2019-01.txt", "sourceData": "`---------------------------------------------------- \nvBulletin <= 5.5.4 Two SQL Injection Vulnerabilities \n---------------------------------------------------- \n \n \n[-] Software Link: \n \nhttps://www.vbulletin.com/ \n \n \n[-] Affected Versions: \n \nVersion 5.5.4 and prior versions. \n \n \n[-] Vulnerabilities Description: \n \n1) User input passed through keys of the \"where\" parameter to \nthe \"ajax/api/hook/getHookList\" endpoint is not properly validated \nbefore being used in an SQL query. This can be exploited to e.g. \nread sensitive data from the database through in-band SQL injection \nattacks. Successful exploitation of this vulnerability requires an \nuser account with the \"canadminproducts\" or \"canadminstyles\" permission. \n \n2) User input passed through keys of the \"where\" parameter to \nthe \"ajax/api/widget/getWidgetList\" endpoint is not properly validated \nbefore being used in an SQL query. This can be exploited to e.g. \nread sensitive data from the database through time-based SQL injection \nattacks. Successful exploitation of this vulnerability requires an \nuser account with the \"canusesitebuilder\" permission. \n \n \n[-] Solution: \n \nApply the vendor Security Patch Level 2 or upgrade to version 5.5.5 or \nlater. \n \n \n[-] Disclosure Timeline: \n \n[30/09/2019] - Vendor notified \n[03/10/2019] - Patch released: https://bit.ly/2OptAzI \n[07/10/2019] - CVE number assigned \n[07/10/2019] - Public disclosure \n \n \n[-] CVE Reference: \n \nThe Common Vulnerabilities and Exposures project (cve.mitre.org) \nhas assigned the name CVE-2019-17271 to these vulnerabilities. \n \n \n[-] Credits: \n \nVulnerability discovered by Egidio Romano. \n \n \n[-] Original Advisory: \n \nhttp://karmainsecurity.com/KIS-2019-01 \n \n \n \n`\n", "_object_type": "robots.models.packetstorm.PacketstormBulletin", "_object_types": ["robots.models.packetstorm.PacketstormBulletin", "robots.models.base.Bulletin"], "immutableFields": [], "cvss2": {}, "cvss3": {}}]}