{"id": "SECURITYVULNS:VULN:10580", "bulletinFamily": "software", "title": "Corel Paint Shop Pro buffer overflow", "description": "Heap buffer overflow on FPX format parsing.", "published": "2010-02-04T00:00:00", "modified": "2010-02-04T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:10580", "reporter": "BUGTRAQ", "references": ["https://vulners.com/securityvulns/securityvulns:doc:23154"], "cvelist": [], "type": "securityvulns", "lastseen": "2018-08-31T11:09:35", "edition": 1, "viewCount": 2, "enchantments": {"score": {"value": 6.8, "vector": "NONE", "modified": "2018-08-31T11:09:35", "rev": 2}, "dependencies": {"references": [{"type": "github", "idList": ["GHSA-GC6C-5V9W-XMHW"]}, {"type": "cve", "idList": ["CVE-2016-10580", "CVE-2018-10580"]}, {"type": "exploitdb", "idList": ["EDB-ID:44608", "EDB-ID:43164"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:147575"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:ED2D882D60DA5162FC33EB05022D6D43", "EXPLOITPACK:4FE563D978B6E00DD63CCC273AE4DFAC"]}, {"type": "zdt", "idList": ["1337DAY-ID-29032", "1337DAY-ID-30327"]}, {"type": "openbugbounty", "idList": ["OBB:241037", "OBB:243914"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:23154", "SECURITYVULNS:VULN:14752", "SECURITYVULNS:VULN:14755", "SECURITYVULNS:VULN:14749", "SECURITYVULNS:VULN:13544", "SECURITYVULNS:VULN:14753", "SECURITYVULNS:VULN:14720", "SECURITYVULNS:VULN:14751", "SECURITYVULNS:VULN:14754"]}], "modified": "2018-08-31T11:09:35", "rev": 2}, "vulnersScore": 6.8}, "affectedSoftware": []}

{"cve": [{"lastseen": "2021-02-02T07:12:46", "description": "When kernel thread unregistered listener, Use after free issue happened as the listener client`s private data has been already freed in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9607, MSM8909W, Nicobar, QCM2150, QCS405, QCS605, Saipan, SC8180X, SDM429W, SDX55, SM8150, SM8250, SXR2130", "edition": 5, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-07-30T12:15:00", "title": "CVE-2019-10580", "type": "cve", "cwe": ["CWE-416"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-10580"], "modified": "2020-07-31T13:55:00", "cpe": ["cpe:/o:qualcomm:qcs605_firmware:-", "cpe:/o:qualcomm:msm8909w_firmware:-", "cpe:/o:qualcomm:sc8180x_firmware:-", "cpe:/o:qualcomm:sdx55_firmware:-", "cpe:/o:qualcomm:qcm2150_firmware:-", "cpe:/o:qualcomm:saipan_firmware:-", "cpe:/o:qualcomm:sdm429w_firmware:-", "cpe:/o:qualcomm:nicobar_firmware:-", "cpe:/o:qualcomm:sxr2130_firmware:-", "cpe:/o:qualcomm:qcs405_firmware:-", "cpe:/o:qualcomm:mdm9607_firmware:-", "cpe:/o:qualcomm:sm8150_firmware:-", "cpe:/o:qualcomm:sm8250_firmware:-"], "id": "CVE-2019-10580", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-10580", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:qualcomm:sc8180x_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sdm429w_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:nicobar_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qcs405_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sm8250_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qcm2150_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:msm8909w_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sm8150_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sdx55_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:mdm9607_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qcs605_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sxr2130_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:saipan_firmware:-:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:28:02", "description": "nodewebkit is an installer for node-webkit. nodewebkit downloads zipped resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested zip file with an attacker controlled zip file if the attacker is on the network or positioned in between the user and the remote server.", "edition": 7, "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.1, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-06-01T18:29:00", "title": "CVE-2016-10580", "type": "cve", "cwe": ["CWE-310"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-10580"], "modified": "2019-10-09T23:16:00", "cpe": ["cpe:/a:nodewebkit_project:nodewebkit:0.11.2-1"], "id": "CVE-2016-10580", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-10580", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:nodewebkit_project:nodewebkit:0.11.2-1:*:*:*:*:node.js:*:*"]}, {"lastseen": "2021-02-02T06:52:23", "description": "The \"Latest Posts on Profile\" plugin 1.1 for MyBB has XSS because there is an added section in a user profile that displays that user's most recent posts without sanitizing the tsubject (aka thread subject) field.", "edition": 4, "cvss3": {"exploitabilityScore": 2.3, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "baseScore": 5.4, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 2.7}, "published": "2018-05-11T14:29:00", "title": "CVE-2018-10580", "type": "cve", "cwe": ["CWE-79"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 3.5, "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-10580"], "modified": "2018-06-14T13:06:00", "cpe": ["cpe:/a:latest_posts_on_profile_project:latest_posts_on_profile:1.1"], "id": "CVE-2018-10580", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-10580", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:latest_posts_on_profile_project:latest_posts_on_profile:1.1:*:*:*:*:mybb:*:*"]}], "github": [{"lastseen": "2021-01-08T22:27:05", "bulletinFamily": "software", "cvelist": ["CVE-2016-10580"], "description": "Affected versions of `nodewebkit` insecurely download an executable over an unencrypted HTTP connection. \n\nIn scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on the system running `nodewebkit`.\n\n\n## Recommendation\n\nNo patch is currently available, and the package author has deprecated this package. \n\nThe best path forward in mitigating this vulnerability is to use the [official installer](https://www.npmjs.com/nw) instead of this package, as per the package author's instructions.", "edition": 4, "modified": "2021-01-08T18:48:14", "published": "2019-02-18T23:51:27", "id": "GHSA-GC6C-5V9W-XMHW", "href": "https://github.com/advisories/GHSA-gc6c-5v9w-xmhw", "title": "Downloads Resources over HTTP in nodewebkit", "type": "github", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "packetstorm": [{"lastseen": "2018-05-10T17:25:50", "description": "", "published": "2018-05-10T00:00:00", "type": "packetstorm", "title": "MyBB Latest Posts On Profile 1.1 Cross Site Scripting", "bulletinFamily": "exploit", "cvelist": ["CVE-2018-10580"], "modified": "2018-05-10T00:00:00", "id": "PACKETSTORM:147575", "href": "https://packetstormsecurity.com/files/147575/MyBB-Latest-Posts-On-Profile-1.1-Cross-Site-Scripting.html", "sourceData": "`# Exploit Title: MyBB Latest Posts on Profile Plugin v1.1 - Cross-Site Scripting \n# Date: 4/20/2018 \n# Author: 0xB9 \n# Contact: luxorforums.com/User-0xB9 or 0xB9[at]pm.me \n# Software Link: https://community.mybb.com/mods.php?action=view&pid=914 \n# Version: 1.1 \n# Tested on: Ubuntu 17.10 \n# CVE: CVE-2018-10580 \n \n \n1. Description: \nAdds a new section to user profiles that will display their last posts. \n \n \n2. Proof of Concept: \n \nPersistent XSS \n- Create a thread with the following subject <script>alert('XSS')</script> \n- Now visit your profile to see the alert. \n \n \n3. Solution: \nI reported the plugin twice over the past 3 weeks and recieved no response. \n \n \nThe following should be added in line 236 to properly sanitize thread subjects. \n \n$d['tsubject'] = htmlspecialchars_uni($d['tsubject']); \n \n \n`\n", "cvss": {"score": 0.0, "vector": "NONE"}, "sourceHref": "https://packetstormsecurity.com/files/download/147575/mybblatestpostsprofile11-xss.txt"}], "zdt": [{"lastseen": "2018-05-10T16:26:38", "description": "Exploit for php platform in category web applications", "edition": 1, "published": "2018-05-10T00:00:00", "title": "MyBB Latest Posts on Profile Plugin 1.1 - Cross-Site Scripting Vulnerability", "type": "zdt", "bulletinFamily": "exploit", "cvelist": ["CVE-2018-10580"], "modified": "2018-05-10T00:00:00", "id": "1337DAY-ID-30327", "href": "https://0day.today/exploit/description/30327", "sourceData": "# Exploit Title: MyBB Latest Posts on Profile Plugin v1.1 - Cross-Site Scripting\r\n# Author: 0xB9\r\n# Contact: luxorforums.com/User-0xB9 or 0xB9[at]pm.me\r\n# Software Link: https://community.mybb.com/mods.php?action=view&pid=914\r\n# Version: 1.1\r\n# Tested on: Ubuntu 17.10\r\n# CVE: CVE-2018-10580\r\n \r\n \r\n1. Description:\r\nAdds a new section to user profiles that will display their last posts.\r\n \r\n \r\n2. Proof of Concept:\r\n \r\nPersistent XSS\r\n- Create a thread with the following subject <script>alert('XSS')</script>\r\n- Now visit your profile to see the alert.\r\n \r\n \r\n3. Solution:\r\nI reported the plugin twice over the past 3 weeks and recieved no response.\r\n \r\n \r\nThe following should be added in line 236 to properly sanitize thread subjects.\r\n \r\n$d['tsubject'] = htmlspecialchars_uni($d['tsubject']);\n\n# 0day.today [2018-05-10] #", "cvss": {"score": 0.0, "vector": "NONE"}, "sourceHref": "https://0day.today/exploit/30327"}, {"lastseen": "2018-02-09T05:19:46", "description": "Exploit for hardware platform in category dos / poc", "edition": 1, "published": "2017-11-22T00:00:00", "title": "Vonage VDV-23 - Denial of Service Exploit", "type": "zdt", "bulletinFamily": "exploit", "cvelist": ["CVE-2017-16902"], "modified": "2017-11-22T00:00:00", "href": "https://0day.today/exploit/description/29032", "id": "1337DAY-ID-29032", "sourceData": "Overview\r\nDuring an evaluation of the Vonage home phone router, it was identified that the loginUsername and loginPassword parameters were vulnerable to a buffer overflow. This overflow caused the router to crash and reboot. Further analysis will be performed to find out if the the crash is controllable and allow for full remote code execution.\r\n \r\nDevice Description:\r\n1 port residential gateway\r\n \r\nHardware Version:\r\nVDV-23: 115\r\n \r\nOriginal Software Version:\r\n3.2.11-0.9.40\r\n \r\nExploitation Writeup\r\nThis exploit was a simple buffer overflow. The use of spike fuzzer took place to identify the crash condition. When the application crashes, the router reboots causing a denial of service condition. The script below was further weaponized to sleep for a 60 second period while the device rebooted then continue one execution after another.\r\n \r\nProof of concept code:\r\nThe code below was used to exploit the application. This testing was only performed against denial of service conditions. The crash that was experienced potentially holds the ability to allow remote code execution. Further research will be performed against the device.\r\n \r\nDOSTest.py\r\n \r\nimport requests\u2028\r\npassw = 'A' * 10580\u2028post_data = {'loginUsername':'router', 'loginPassword':passw, 'x':'0', 'y':'0'}\u2028\r\npost_response = requests.post(url='http://192.168.15.1/goform/login', data=post_data)\n\n# 0day.today [2018-02-09] #", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "sourceHref": "https://0day.today/exploit/29032"}], "exploitdb": [{"lastseen": "2018-05-24T14:20:47", "description": "MyBB Latest Posts on Profile Plugin 1.1 - Cross-Site Scripting. CVE-2018-10580. Webapps exploit for PHP platform", "published": "2018-05-10T00:00:00", "type": "exploitdb", "title": "MyBB Latest Posts on Profile Plugin 1.1 - Cross-Site Scripting", "bulletinFamily": "exploit", "cvelist": ["CVE-2018-10580"], "modified": "2018-05-10T00:00:00", "id": "EDB-ID:44608", "href": "https://www.exploit-db.com/exploits/44608/", "sourceData": "# Exploit Title: MyBB Latest Posts on Profile Plugin v1.1 - Cross-Site Scripting\r\n# Date: 4/20/2018\r\n# Author: 0xB9\r\n# Contact: luxorforums.com/User-0xB9 or 0xB9[at]pm.me\r\n# Software Link: https://community.mybb.com/mods.php?action=view&pid=914\r\n# Version: 1.1\r\n# Tested on: Ubuntu 17.10\r\n# CVE: CVE-2018-10580\r\n\r\n\r\n1. Description:\r\nAdds a new section to user profiles that will display their last posts.\r\n \r\n\r\n2. Proof of Concept:\r\n\r\nPersistent XSS\r\n- Create a thread with the following subject <script>alert('XSS')</script>\r\n- Now visit your profile to see the alert.\r\n\r\n\r\n3. Solution:\r\nI reported the plugin twice over the past 3 weeks and recieved no response.\r\n\r\n\r\nThe following should be added in line 236 to properly sanitize thread subjects.\r\n\r\n$d['tsubject'] = htmlspecialchars_uni($d['tsubject']);", "cvss": {"score": 0.0, "vector": "NONE"}, "sourceHref": "https://www.exploit-db.com/download/44608/"}, {"lastseen": "2017-11-22T11:00:37", "description": "Vonage VDV-23 - Denial of Service. CVE-2017-16902. Dos exploit for Hardware platform", "published": "2017-11-21T00:00:00", "type": "exploitdb", "title": "Vonage VDV-23 - Denial of Service", "bulletinFamily": "exploit", "cvelist": ["CVE-2017-16902"], "modified": "2017-11-21T00:00:00", "id": "EDB-ID:43164", "href": "https://www.exploit-db.com/exploits/43164/", "sourceData": "Overview\r\nDuring an evaluation of the Vonage home phone router, it was identified that the loginUsername and loginPassword parameters were vulnerable to a buffer overflow. This overflow caused the router to crash and reboot. Further analysis will be performed to find out if the the crash is controllable and allow for full remote code execution.\r\n\r\nDevice Description:\r\n1 port residential gateway\r\n\r\nHardware Version:\r\nVDV-23: 115\r\n\r\nOriginal Software Version:\r\n3.2.11-0.9.40\r\n\r\nExploitation Writeup\r\nThis exploit was a simple buffer overflow. The use of spike fuzzer took place to identify the crash condition. When the application crashes, the router reboots causing a denial of service condition. The script below was further weaponized to sleep for a 60 second period while the device rebooted then continue one execution after another.\r\n\r\nProof of concept code:\r\nThe code below was used to exploit the application. This testing was only performed against denial of service conditions. The crash that was experienced potentially holds the ability to allow remote code execution. Further research will be performed against the device.\r\n\r\nDOSTest.py\r\n\r\nimport requests\u2028\r\npassw = 'A' * 10580\u2028post_data = {'loginUsername':'router', 'loginPassword':passw, 'x':'0', 'y':'0'}\u2028\r\npost_response = requests.post(url='http://192.168.15.1/goform/login', data=post_data)", "cvss": {"score": 0.0, "vector": "NONE"}, "sourceHref": "https://www.exploit-db.com/download/43164/"}], "exploitpack": [{"lastseen": "2020-04-01T19:04:36", "description": "\nMyBB Latest Posts on Profile Plugin 1.1 - Cross-Site Scripting", "edition": 1, "published": "2018-05-10T00:00:00", "title": "MyBB Latest Posts on Profile Plugin 1.1 - Cross-Site Scripting", "type": "exploitpack", "bulletinFamily": "exploit", "cvelist": ["CVE-2018-10580"], "modified": "2018-05-10T00:00:00", "id": "EXPLOITPACK:ED2D882D60DA5162FC33EB05022D6D43", "href": "", "sourceData": "# Exploit Title: MyBB Latest Posts on Profile Plugin v1.1 - Cross-Site Scripting\n# Date: 4/20/2018\n# Author: 0xB9\n# Contact: luxorforums.com/User-0xB9 or 0xB9[at]pm.me\n# Software Link: https://community.mybb.com/mods.php?action=view&pid=914\n# Version: 1.1\n# Tested on: Ubuntu 17.10\n# CVE: CVE-2018-10580\n\n\n1. Description:\nAdds a new section to user profiles that will display their last posts.\n \n\n2. Proof of Concept:\n\nPersistent XSS\n- Create a thread with the following subject <script>alert('XSS')</script>\n- Now visit your profile to see the alert.\n\n\n3. Solution:\nI reported the plugin twice over the past 3 weeks and recieved no response.\n\n\nThe following should be added in line 236 to properly sanitize thread subjects.\n\n$d['tsubject'] = htmlspecialchars_uni($d['tsubject']);", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:N/I:P/A:N"}}, {"lastseen": "2020-04-01T19:04:54", "description": "\nVonage VDV-23 - Denial of Service", "edition": 1, "published": "2017-11-21T00:00:00", "title": "Vonage VDV-23 - Denial of Service", "type": "exploitpack", "bulletinFamily": "exploit", "cvelist": [], "modified": "2017-11-21T00:00:00", "id": "EXPLOITPACK:4FE563D978B6E00DD63CCC273AE4DFAC", "href": "", "sourceData": "Overview\nDuring an evaluation of the Vonage home phone router, it was identified that the loginUsername and loginPassword parameters were vulnerable to a buffer overflow. This overflow caused the router to crash and reboot. Further analysis will be performed to find out if the the crash is controllable and allow for full remote code execution.\n\nDevice Description:\n1 port residential gateway\n\nHardware Version:\nVDV-23: 115\n\nOriginal Software Version:\n3.2.11-0.9.40\n\nExploitation Writeup\nThis exploit was a simple buffer overflow. The use of spike fuzzer took place to identify the crash condition. When the application crashes, the router reboots causing a denial of service condition. The script below was further weaponized to sleep for a 60 second period while the device rebooted then continue one execution after another.\n\nProof of concept code:\nThe code below was used to exploit the application. This testing was only performed against denial of service conditions. The crash that was experienced potentially holds the ability to allow remote code execution. Further research will be performed against the device.\n\nDOSTest.py\n\nimport requests\u2028\npassw = 'A' * 10580\u2028post_data = {'loginUsername':'router', 'loginPassword':passw, 'x':'0', 'y':'0'}\u2028\npost_response = requests.post(url='http://192.168.15.1/goform/login', data=post_data)", "cvss": {"score": 0.0, "vector": "NONE"}}], "openbugbounty": [{"lastseen": "2017-10-16T23:20:13", "bulletinFamily": "bugbounty", "cvelist": [], "description": "##### Vulnerable URL:\n \n \n https://www.seis.org/error.aspx?aspxerrorpath=/\n \n\n##### Details:\n\nDescription| Value \n---|--- \nPatched:| No \nLatest check for patch:| 25.08.2017 \nVulnerability type:| XSS \nVulnerability status:| Publicly disclosed \nAlexa Rank| 10580 \nVIP website status:| Yes \nCheck seis.org SSL connection:| (Grade: A) \n \n##### Coordinated Disclosure Timeline:\n\nDescription| Value \n---|--- \nVulnerability submitted via Open Bug Bounty| 1 June, 2017 23:25 GMT \nGeneric security notifications sent to website owner| 1 June, 2017 23:27 GMT \nNotification sent to subscribers (without technical details)| 2 June, 2017 02:17 GMT \nVulnerability details disclosed by researcher| 25 August, 2017 00:17 GMT\n", "modified": "2017-08-25T00:17:00", "published": "2017-06-01T23:25:00", "href": "https://www.openbugbounty.org/reports/243914/", "id": "OBB:243914", "type": "openbugbounty", "title": "seis.org XSS vulnerability ", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2017-10-16T23:25:23", "bulletinFamily": "bugbounty", "cvelist": [], "description": "##### Vulnerable URL:\n \n \n https://www.o2.co.uk/shop/tariff\"-confirm(`OPENBUGBOUNTY`)-\"/apple/ipad-pro-9.7-inch//\n \n\n##### Details:\n\nDescription| Value \n---|--- \nPatched:| Yes, at 18.09.2017 \nLatest check for patch:| 18.09.2017 09:48 GMT \nVulnerability type:| XSS \nVulnerability status:| Publicly disclosed \nAlexa Rank| 10580 \nVIP website status:| Yes \nCheck o2.co.uk SSL connection:| (Grade: A) \n \n##### Coordinated Disclosure Timeline:\n\nDescription| Value \n---|--- \nVulnerability submitted via Open Bug Bounty| 25 May, 2017 07:56 GMT \nVulnerability existence verified and confirmed| 25 May, 2017 17:39 GMT \nGeneric security notifications sent to website owner| 27 May, 2017 04:32 GMT \nVulnerability details disclosed by researcher| 6 July, 2017 18:15 GMT \nVulnerability patched by the website owner| 18 September, 2017 09:48 GMT\n", "modified": "2017-09-18T09:48:00", "published": "2017-05-25T07:56:00", "href": "https://www.openbugbounty.org/reports/241037/", "id": "OBB:241037", "type": "openbugbounty", "title": "o2.co.uk XSS vulnerability ", "cvss": {"score": 0.0, "vector": "NONE"}}], "nodejs": [{"lastseen": "2020-09-29T11:10:49", "bulletinFamily": "software", "cvelist": ["CVE-2016-10580"], "description": "## Overview\n\nAffected versions of `nodewebkit` insecurely download an executable over an unencrypted HTTP connection. \r\n\r\nIn scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on the system running `nodewebkit`.\n\n## Recommendation\n\nNo patch is currently available, and the package author has deprecated this package. \n\nThe best path forward in mitigating this vulnerability is to use the [official installer](https://www.npmjs.com/nw) instead of this package, as per the package author's instructions.", "modified": "2019-06-24T21:14:11", "published": "2016-11-30T22:00:19", "id": "NODEJS:173", "href": "https://www.npmjs.com/advisories/173", "type": "nodejs", "title": "Downloads Resources over HTTP", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:03", "bulletinFamily": "software", "cvelist": ["CVE-2015-4894", "CVE-2015-4000", "CVE-2015-4851", "CVE-2015-4895", "CVE-2015-4905", "CVE-2015-4866", "CVE-2015-4832", "CVE-2015-4822", "CVE-2015-4830", "CVE-2015-4804", "CVE-2015-4816", "CVE-2015-0235", "CVE-2015-1793", "CVE-2015-4793", "CVE-2015-4863", "CVE-2015-4913", "CVE-2015-4892", "CVE-2014-0191", "CVE-2015-4796", "CVE-2015-4864", "CVE-2015-4794", "CVE-2015-4887", "CVE-2015-2642", "CVE-2015-4860", "CVE-2015-4868", "CVE-1999-0377", "CVE-2015-4820", "CVE-2015-4903", "CVE-2015-0286", "CVE-2015-4906", "CVE-2015-4843", "CVE-2015-4842", "CVE-2015-4910", "CVE-2015-4872", "CVE-2015-4846", "CVE-2014-3576", "CVE-2015-4876", "CVE-2014-3571", "CVE-2015-4883", "CVE-2014-7940", "CVE-2015-4858", "CVE-2015-4802", "CVE-2015-4882", "CVE-2015-4801", "CVE-2015-4878", "CVE-2015-4799", "CVE-2015-4811", "CVE-2015-4834", "CVE-2015-4762", "CVE-2015-4815", "CVE-2015-4812", "CVE-2015-4839", "CVE-2015-4798", "CVE-2015-4891", "CVE-2015-4734", "CVE-2015-4899", "CVE-2015-4865", "CVE-2015-4915", "CVE-2015-4871", "CVE-2015-4800", "CVE-2015-4869", "CVE-2015-4828", "CVE-2015-4803", "CVE-2015-4875", "CVE-2015-4902", "CVE-2015-4917", "CVE-2015-4909", "CVE-2015-4791", "CVE-2015-4805", "CVE-2015-4849", "CVE-2015-4879", "CVE-2015-4888", "CVE-2015-4838", "CVE-2015-4850", "CVE-2015-4806", "CVE-2015-4825", "CVE-2015-3144", "CVE-2015-4797", "CVE-2015-4792", "CVE-2015-4837", "CVE-2015-4904", "CVE-2015-4810", "CVE-2015-4827", "CVE-2014-0050", "CVE-2015-4817", "CVE-2015-4908", "CVE-2015-4912", "CVE-2015-4833", "CVE-2015-4847", "CVE-2015-4855", "CVE-2015-4848", "CVE-2015-4730", "CVE-2015-4819", "CVE-2015-4896", "CVE-2015-2633", "CVE-2015-4807", "CVE-2015-4901", "CVE-2015-4835", "CVE-2015-4873", "CVE-2015-4766", "CVE-2015-4795", "CVE-2015-4907", "CVE-2015-4859", "CVE-2015-1829", "CVE-2015-4898", "CVE-2015-4874", "CVE-2015-4836", "CVE-2015-4824", "CVE-2015-4900", "CVE-2015-4831", "CVE-2015-4861", "CVE-2015-4911", "CVE-2015-4886", "CVE-2015-2608", "CVE-2015-4809", "CVE-2015-4877", "CVE-2015-4844", "CVE-2015-4870", "CVE-2015-4881", "CVE-2015-4840", "CVE-2015-4856", "CVE-2015-4845", "CVE-2015-4914", "CVE-2015-4893", "CVE-2015-4916", "CVE-2015-4826", "CVE-2014-1569", "CVE-2015-4862", "CVE-2010-1622", "CVE-2015-4857", "CVE-2015-4890", "CVE-2015-4867", "CVE-2015-4884", "CVE-2015-4813", "CVE-2015-4841", "CVE-2015-4818", "CVE-2015-4880", "CVE-2015-1791", "CVE-2015-4823", "CVE-2015-4821"], "description": "Quarterly update closes 140 vulnerabilities in different applications.", "edition": 1, "modified": "2015-11-02T00:00:00", "published": "2015-11-02T00:00:00", "id": "SECURITYVULNS:VULN:14755", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14755", "title": "Oracle / Sun / PeopleSoft / MySQL multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:02", "bulletinFamily": "software", "cvelist": ["CVE-2015-1338"], "description": "Symbolic links and hadlinks vulnerability in log files, privilege escalation.", "edition": 1, "modified": "2015-11-02T00:00:00", "published": "2015-11-02T00:00:00", "id": "SECURITYVULNS:VULN:14720", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14720", "title": "apport security vulnerabilities", "type": "securityvulns", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:03", "bulletinFamily": "software", "cvelist": ["CVE-2015-7747"], "description": "Crash on audiofiles processing.", "edition": 1, "modified": "2015-11-02T00:00:00", "published": "2015-11-02T00:00:00", "id": "SECURITYVULNS:VULN:14754", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14754", "title": "audiofile memory corruption", "type": "securityvulns", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2018-08-31T11:10:03", "bulletinFamily": "software", "cvelist": ["CVE-2015-7803", "CVE-2015-7804"], "description": "PHAR extension DoS.", "edition": 1, "modified": "2015-11-02T00:00:00", "published": "2015-11-02T00:00:00", "id": "SECURITYVULNS:VULN:14753", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14753", "title": "PHP security vulnerabilities", "type": "securityvulns", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:09:54", "bulletinFamily": "software", "cvelist": ["CVE-2015-3236", "CVE-2015-3153", "CVE-2015-3144", "CVE-2015-3237", "CVE-2014-0015", "CVE-2015-3145", "CVE-2015-3143", "CVE-2015-3148"], "description": "Request may be sent via wrong connection if NTLM authentication is used. Information disclosure, DoS.", "edition": 1, "modified": "2015-11-01T00:00:00", "published": "2015-11-01T00:00:00", "id": "SECURITYVULNS:VULN:13544", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:13544", "title": "cURL security vulnerabilitiies", "type": "securityvulns", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:03", "bulletinFamily": "software", "cvelist": ["CVE-2015-7696", "CVE-2015-7697"], "description": "DoS, code execution.", "edition": 1, "modified": "2015-11-01T00:00:00", "published": "2015-11-01T00:00:00", "id": "SECURITYVULNS:VULN:14752", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14752", "title": "unzip security vulneravilities", "type": "securityvulns", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}