ID SECURITYVULNS:VULN:14009
Type securityvulns
Reporter BUGTRAQ
Modified 2014-10-14T00:00:00
Description
Default account, unauthorized access, directory traversal.
{"id": "SECURITYVULNS:VULN:14009", "bulletinFamily": "software", "title": "Draytek Vigor ACS-SI multiple security vulnerabilities", "description": "Default account, unauthorized access, directory traversal.", "published": "2014-10-14T00:00:00", "modified": "2014-10-14T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14009", "reporter": "BUGTRAQ", "references": ["https://vulners.com/securityvulns/securityvulns:doc:31177", "https://vulners.com/securityvulns/securityvulns:doc:31175"], "cvelist": [], "type": "securityvulns", "lastseen": "2018-08-31T11:09:57", "history": [], "edition": 1, "hashmap": [{"key": "affectedSoftware", "hash": "80ae82b6f841d1d7f6506be6f2547c3b"}, {"key": "bulletinFamily", "hash": "f9fa10ba956cacf91d7878861139efb9"}, {"key": "cvelist", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvss", "hash": "8cd4821cb504d25572038ed182587d85"}, {"key": "description", "hash": "31b9d8098b471a0bba3ea58f5fab9226"}, {"key": "href", "hash": "3a47a05f7b7be70cd317f922f9da82b5"}, {"key": "modified", "hash": "c3560fb562d22673fe089f080adde204"}, {"key": "published", "hash": "c3560fb562d22673fe089f080adde204"}, {"key": "references", "hash": "f0277e274509a45a4b5ae2a002c68070"}, {"key": "reporter", "hash": "2c5cca82a8670da097919f6160833daf"}, {"key": "title", "hash": "0dffbce92d871655c86c13db604da9e3"}, {"key": "type", "hash": "d54751dd75af2ea0147b462b3e001cd0"}], "hash": "b5e95d38933b8b21d2ee9d29d996ff65144bae60b3d716d9929140e6961471c0", "viewCount": 0, "enchantments": {"score": {"value": 7.5, "vector": "NONE", "modified": "2018-08-31T11:09:57"}, "vulnersScore": 7.5}, "objectVersion": "1.3", "affectedSoftware": [{"name": "Vigor", "operator": "eq", "version": "2130"}, {"name": "VigorACS SI", "operator": "eq", "version": "1.3"}]}
{"cve": [{"lastseen": "2018-09-07T11:00:34", "references": ["https://github.com/Codiad/Codiad/issues/1078", "https://github.com/WangYihang/Codiad-Remote-Code-Execute-Exploit"], "description": "Codiad through 2.8.4 allows Remote Code Execution, a different vulnerability than CVE-2017-11366 and CVE-2017-15689.", "edition": 2, "reporter": "NVD", "published": "2018-07-12T12:29:06", "title": "CVE-2018-14009", "type": "cve", "enchantments": {"score": {"modified": "2018-09-07T11:00:34", "vector": "NONE", "value": 9.3}}, "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2018-14009"], "scanner": [], "modified": "2018-09-06T14:48:41", "cpe": ["cpe:/a:codiad:codiad:2.8.4"], "id": "CVE-2018-14009", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-14009", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-11-09T11:54:25", "references": ["http://www.securityfocus.com/bid/101259", "https://ics-cert.us-cert.gov/advisories/ICSA-17-285-01"], "description": "An Information Exposure issue was discovered in ProMinent MultiFLEX M10a Controller web interface. When an authenticated user uses the Change Password feature on the application, the current password for the user is specified in plaintext. This may allow an attacker who has been authenticated to gain access to the password.", "edition": 3, "reporter": "NVD", "published": "2017-10-17T18:29:00", "title": "CVE-2017-14009", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "type": "cve", "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2017-14009"], "scanner": [], "cpe": ["cpe:/o:prominent:multiflex_m10a_controller_firmware"], "modified": "2017-11-08T12:49:36", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-14009", "id": "CVE-2017-14009", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:NONE/A:NONE/"}}], "openbugbounty": [{"lastseen": "2018-08-15T20:14:36", "_object_types": ["robots.models.base.Bulletin", "robots.models.openbugbounty.OpenbugbountyBulletin"], "references": [], "openbugbounty": {"mirror": "http://341101.openbounty.org/mirror/", "patchStatus": "patched"}, "description": "##### Open Bug Bounty ID: OBB-341101\n\nDescription| Value \n---|--- \nAffected Website:| iso.org \nOpen Bug Bounty Program:| Create your bounty program now. It's open and free. \nVulnerable Application:| Custom Code \nVulnerability Type:| XSS (Cross Site Scripting) / CWE-79 \nCVSSv3 Score:| 6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N] \nRemediation Guide:| OWASP XSS Prevention Cheat Sheet \n \n##### Vulnerable URL:\n \n \n https://www.iso.org/ru/member/2215.html?t=OP&view;=x%22%3E%3CsvG%20onLoad=prompt(9)%3E\n \n\n##### Coordinated Disclosure Timeline\n\nDescription| Value \n---|--- \nVulnerability Reported:| 17 October, 2017 17:47 GMT \nVulnerability Verified:| 17 October, 2017 17:49 GMT \nWebsite Operator Notified:| 17 October, 2017 17:49 GMT \nPublic Report Published[without any technical details]:| 17 October, 2017 17:49 GMT \nVulnerability Fixed:| 8 August, 2018 09:51 GMT \nPublic Disclosure: A security researcher can delete the report before public disclosure, afterwards the report cannot be deleted or modified anymore. The researcher can also postpone public disclosure date as long as reasonably required to remediate the vulnerability.| 16 November, 2017 17:47 GMT\n", "reporter": "ELProfesor", "published": "2017-10-17T17:47:00", "type": "openbugbounty", "title": "iso.org XSS vulnerability ", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "bugbounty", "cvelist": [], "_object_type": "robots.models.openbugbounty.OpenbugbountyBulletin", "modified": "2017-11-16T17:47:00", "id": "OBB:341101", "href": "https://www.openbugbounty.org/reports/341101/", "cvss": {"score": 0.0, "vector": "NONE"}}], "ics": [{"lastseen": "2018-08-31T01:37:22", "references": ["https://cwe.mitre.org/data/definitions/613.html", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-14005", "http://www.us-cert.gov/pdf/", "http://www.us-cert.gov/accessibility/", "https://ics-cert.us-cert.gov/Report-Incident?", "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-14009", "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "http://www.us-cert.gov/tlp/", "http://www.us-cert.gov/tlp/", "http://ics-cert.us-cert.gov", "http://ics-cert.us-cert.gov", "https://www.us-cert.gov/forms/feedback?helpful=somewhat&document=ICSA-17-285-01 ProMinent MultiFLEX M10a Controller&trackingNumber=&url=https://ics-cert.us-cert.gov/advisories/ICSA-17-285-01&site_name=ICS-CERT", "https://www.us-cert.gov/forms/feedback?helpful=no&document=ICSA-17-285-01 ProMinent MultiFLEX M10a Controller&trackingNumber=&url=https://ics-cert.us-cert.gov/advisories/ICSA-17-285-01&site_name=ICS-CERT", "http://www.addthis.com/bookmark.php?url=https%3A%2F%2Fics-cert.us-cert.gov%2Fadvisories%2FICSA-17-285-01", "https://ics-cert.us-cert.gov/tips/ICS-TIP-12-146-01B", "http://twitter.com/icscert", "http://twitter.com/icscert", "https://ics-cert.us-cert.gov/", "https://cwe.mitre.org/data/definitions/352.html", "https://ics-cert.us-cert.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf", "https://cwe.mitre.org/data/definitions/602.html", "https://twitter.com/share?url=https%3A%2F%2Fics-cert.us-cert.gov%2Fadvisories%2FICSA-17-285-01", "https://www.facebook.com/sharer.php?u=https%3A%2F%2Fics-cert.us-cert.gov%2Fadvisories%2FICSA-17-285-01", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-14007", "https://cwe.mitre.org/data/definitions/200.html", "http://www.us-cert.gov/privacy/", "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-14011", "https://ics-cert.us-cert.gov/content/recommended-practices", "http://www.dhs.gov", "http://www.dhs.gov/report-cyber-risks", "https://cwe.mitre.org/data/definitions/620.html", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-14013", "https://www.us-cert.gov/forms/feedback?helpful=yes&document=ICSA-17-285-01 ProMinent MultiFLEX M10a Controller&trackingNumber=&url=https://ics-cert.us-cert.gov/advisories/ICSA-17-285-01&site_name=ICS-CERT"], "description": "### **CVSS v3 8.8**\n\n**ATTENTION: **Remotely exploitable/low skill level to exploit.\n\n**Vendor:** ProMinent\n\n**Equipment:** MultiFLEX M10a Controller\n\n**Vulnerabilities:** Client-Side Enforcement of Server-Side Security, Insufficient Session Expiration, Cross-Site Request Forgery, Information Exposure, and Unverified Password Change\n\n## AFFECTED PRODUCTS\n\nThe following versions of MultiFLEX Controller, a water treatment controller, are affected:\n\n * All versions of MultiFLEX M10a Controller web interface.\n\n## IMPACT\n\nSuccessful exploitation of these vulnerabilities could allow an attacker to bypass protection mechanisms, assume the identity of authenticated users, and change the device configuration.\n\n## MITIGATION\n\nProMinent has not provided mitigations for these vulnerabilities.\n\nNCCIC/ICS-CERT recommends that users take defensive measures to minimize the risk of exploitation of these vulnerabilities. Specifically, users should:\n\n * Minimize network exposure for all control system devices and/or systems, and ensure that they are not accessible from the Internet.\n * Locate control system networks and remote devices behind firewalls, and isolate them from the business network.\n * When remote access is required, use secure methods, such as Virtual Private Networks (VPNs), recognizing that VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize that a VPN is only as secure as the connected devices.\n\nICS-CERT reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.\n\nICS-CERT also provides a section for [control systems security recommended practices](<https://ics-cert.us-cert.gov/content/recommended-practices>) on the ICS-CERT web page. Several recommended practices are available for reading and download, including [Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.](<https://ics-cert.us-cert.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf>)\n\nAdditional mitigation guidance and recommended practices are publicly available in the ICS\u2011CERT Technical Information Paper, [ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies](<https://ics-cert.us-cert.gov/tips/ICS-TIP-12-146-01B>), that is available for download from the [ICS-CERT web site](<https://ics-cert.us-cert.gov/>).\n\nOrganizations observing any suspected malicious activity should follow their established internal procedures and report their findings to ICS-CERT for tracking and correlation against other incidents.\n\nNo known public exploits specifically target these vulnerabilities.\n\n## VULNERABILITY OVERVIEW\n\n## [CLIENT-SIDE ENFORCEMENT OF SERVER-SIDE SECURITY CWE-602](<https://cwe.mitre.org/data/definitions/602.html>)\n\nThe log out function in the application removes the user\u2019s session only on the client side. This may allow an attacker to bypass protection mechanisms, gain privileges, or assume the identity of an authenticated user.\n\n[CVE-2017-14013](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-14013>) has been assigned to this vulnerability. A CVSS v3 base score of 5.6 has been assigned; the CVSS vector string is ([AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L>)).\n\n## [INSUFFICIENT SESSION EXPIRATION CWE-613](<https://cwe.mitre.org/data/definitions/613.html>)\n\nThe user\u2019s session is available for an extended period beyond the last activity, allowing an attacker to reuse an old session for authorization.\n\n[CVE-2017-14007](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-14007>) has been assigned to this vulnerability. A CVSS v3 base score of 5.6 has been assigned; the CVSS vector string is ([AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L>)).\n\n## [CROSS-SITE REQUEST FORGERY (CSRF) CWE-352](<https://cwe.mitre.org/data/definitions/352.html>)\n\nThe application does not sufficiently verify requests, making it susceptible to cross-site request forgery. This may allow an attacker to execute unauthorized code, resulting in changes to the configuration of the device.\n\n[CVE-2017-14011](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-14011>) has been assigned to this vulnerability. A CVSS v3 base score of 8.8 has been assigned; the CVSS vector string is ([AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H>)).\n\n## [INFORMATION EXPOSURE CWE-200](<https://cwe.mitre.org/data/definitions/200.html>)\n\nWhen an authenticated user uses the \u201cChange Password\u201d feature on the application, the current password for the user is specified in plaintext. This may allow an attacker who has been authenticated to gain access to the password.\n\n[CVE-2017-14009](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-14009>) has been assigned to this vulnerability. A CVSS v3 base score of 6.5 has been assigned; the CVSS vector string is ([AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N>)).\n\n## [UNVERIFIED PASSWORD CHANGE CWE-620](<https://cwe.mitre.org/data/definitions/620.html>)\n\nWhen setting a new password for a user, the application does not require the user to know the original password. An attacker who is authenticated could change a user\u2019s password, enabling future access and possible configuration changes.\n\n[CVE-2017-14005](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-14005>) has been assigned to this vulnerability. A CVSS v3 base score of 8.8 has been assigned; the CVSS vector string is ([AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H>)).\n\n## RESEARCHER\n\nMaxim Rupp disclosed this vulnerability to ICS-CERT.\n\n## BACKGROUND\n\n**Critical Infrastructure Sector:** Water and Wastewater Systems\n\n**Countries/Areas Deployed:** Worldwide\n\n**Company Headquarters Location:** Ontario, California\n", "edition": 5, "reporter": "Industrial Control Systems Cyber Emergency Response Team", "published": "2017-10-12T00:00:00", "title": "ProMinent MultiFLEX M10a Controller", "type": "ics", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "info", "cvelist": ["CVE-2017-14011", "CVE-2017-14009", "CVE-2017-14013", "CVE-2017-14007", "CVE-2017-14005"], "modified": "2017-10-12T00:00:00", "id": "ICSA-17-285-01", "href": "https://ics-cert.us-cert.gov//advisories/ICSA-17-285-01", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:02", "references": ["https://vulners.com/securityvulns/securityvulns:doc:32660", "https://vulners.com/securityvulns/securityvulns:doc:32549"], "description": "Symbolic links and hadlinks vulnerability in log files, privilege escalation.", "edition": 1, "reporter": "BUGTRAQ", "published": "2015-11-02T00:00:00", "title": "apport security vulnerabilities", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:10:02", "vector": "NONE", "value": 9.3}}, "bulletinFamily": "software", "affectedSoftware": [{"name": "Apport", "version": "2.18", "operator": "eq"}], "cvelist": ["CVE-2015-1338"], "modified": "2015-11-02T00:00:00", "id": "SECURITYVULNS:VULN:14720", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14720", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:03", "references": ["https://vulners.com/securityvulns/securityvulns:doc:32651"], "description": "PHAR extension DoS.", "edition": 1, "reporter": "BUGTRAQ", "published": "2015-11-02T00:00:00", "title": "PHP security vulnerabilities", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:10:03", "vector": "NONE", "value": 5.0}}, "bulletinFamily": "software", "affectedSoftware": [{"name": "PHP", "version": "5.6", "operator": "eq"}], "cvelist": ["CVE-2015-7803", "CVE-2015-7804"], "modified": "2015-11-02T00:00:00", "id": "SECURITYVULNS:VULN:14753", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14753", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:03", "references": ["https://vulners.com/securityvulns/securityvulns:doc:32652"], "description": "Crash on audiofiles processing.", "edition": 1, "reporter": "BUGTRAQ", "published": "2015-11-02T00:00:00", "title": "audiofile memory corruption", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:10:03", "vector": "NONE", "value": 5.0}}, "bulletinFamily": "software", "affectedSoftware": [{"name": "libaudiofile", "version": "0.3", "operator": "eq"}], "cvelist": ["CVE-2015-7747"], "modified": "2015-11-02T00:00:00", "id": "SECURITYVULNS:VULN:14754", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14754", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2018-08-31T11:10:03", "references": ["https://vulners.com/securityvulns/securityvulns:doc:32657", "https://vulners.com/securityvulns/securityvulns:doc:32654", "https://vulners.com/securityvulns/securityvulns:doc:32655", "https://vulners.com/securityvulns/securityvulns:doc:32656", "https://vulners.com/securityvulns/securityvulns:doc:32658", "https://vulners.com/securityvulns/securityvulns:doc:32659", "https://vulners.com/securityvulns/securityvulns:doc:32653"], "description": "Quarterly update closes 140 vulnerabilities in different applications.", "edition": 1, "reporter": "ORACLE", "published": "2015-11-02T00:00:00", "title": "Oracle / Sun / PeopleSoft / MySQL multiple security vulnerabilities", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:10:03", "vector": "NONE", "value": 5.0}}, "bulletinFamily": "software", "affectedSoftware": [{"name": "PeopleSoft Enterprise HCM Talent Acquistion Managment", "version": "9.2", "operator": "eq"}, {"name": "Endeca Server", "version": "7.6", "operator": "eq"}, {"name": "Oracle Transportation Management", "version": "6.2", "operator": "eq"}, {"name": "Oracle Traffic Director", "version": "11.1", "operator": "eq"}, {"name": "Java SE", "version": "8", "operator": "eq"}, {"name": "Oracle Communications LSMS", "version": "13.1", "operator": "eq"}, {"name": "Oracle Communications Messaging Server", "version": "8.0", "operator": "eq"}, {"name": "Oracle Enterprise Data Quality", "version": "12.1", "operator": "eq"}, {"name": "PeopleSoft Enterprise FSCM", "version": "9.2", "operator": "eq"}, {"name": "Hyperion Installation Technology", "version": "11.1", "operator": "eq"}, {"name": "Oracle", "version": "12.1", "operator": "eq"}, {"name": "Java SE Embedded", "version": "8", "operator": "eq"}, {"name": "Outside In Technology", "version": "8.5", "operator": "eq"}, {"name": "Exalogic Infrastructure", "version": "2.0", "operator": "eq"}, {"name": "Oracle", "version": "11.2", "operator": "eq"}, {"name": "Oracle Retail Returns Management", "version": "14.0", "operator": "eq"}, {"name": "Oracle E-Business Suite", "version": "12.2", "operator": "eq"}, {"name": "Solaris", "version": "11.2", "operator": "eq"}, {"name": "MySQL Enterprise Monitor", "version": "3.0", "operator": "eq"}, {"name": "PeopleSoft Enterprise PeopleTools", "version": "8.54", "operator": "eq"}, {"name": "Oracle Agile PLM", "version": "9.3", "operator": "eq"}, {"name": "PeopleSoft Enterprise HCM", "version": "9.2", "operator": "eq"}, {"name": "Oracle WebCenter Content", "version": "10.1", "operator": "eq"}, {"name": "Oracle Configurator", "version": "12.2", "operator": "eq"}, {"name": "Oracle Communications Performance Intelligence Center Software", "version": "10.1", "operator": "eq"}, {"name": "Oracle Communications Diameter Signaling Router", "version": "7.1", "operator": "eq"}, {"name": "Oracle Identity Manager", "version": "11.1", "operator": "eq"}, {"name": "Enterprise Manager Base Platform", "version": "12.1", "operator": "eq"}, {"name": "FS1-2 Flash Storage System", "version": "6.3", "operator": "eq"}, {"name": "Integrated Lights Out Manager", "version": "3.2", "operator": "eq"}, {"name": "Oracle Business Intelligence Enterprise Edition", "version": "11.1", "operator": "eq"}, {"name": "OSS Support Tools", "version": "8.8", "operator": "eq"}, {"name": "Oracle Retail Back Office", "version": "14.0", "operator": "eq"}, {"name": "Oracle Agile Engineering Data Management", "version": "6.2", "operator": "eq"}, {"name": "Oracle Communications Tekelec HLR Router", "version": "4.0", "operator": "eq"}, {"name": "VirtualBox", "version": "5.0", "operator": "eq"}, {"name": "MySQL Server", "version": "5.6", "operator": "eq"}, {"name": "PeopleSoft Enterprise FIN Expenses", "version": "9.2", "operator": "eq"}, {"name": "GlassFish Server", "version": "3.1", "operator": "eq"}, {"name": "Oracle Mobile Security Suite", "version": "3.0", "operator": "eq"}, {"name": "Oracle Communications User Data Repository", "version": "10.2", "operator": "eq"}, {"name": "Oracle Communications Convergence", "version": "3.0", "operator": "eq"}, {"name": "Oracle Access Manager", "version": "11.1", "operator": "eq"}, {"name": "JDeveloper", "version": "12.1", "operator": "eq"}, {"name": "Oracle Mobile Server", "version": "12.1", "operator": "eq"}, {"name": "Oracle Utilities Work and Asset Management", "version": "1.9", "operator": "eq"}, {"name": "Oracle Communications Policy Management", "version": "12.1", "operator": "eq"}, {"name": "Oracle WebCenter Sites", "version": "11.1", "operator": "eq"}, {"name": "JavaFX", "version": "2.2", "operator": "eq"}, {"name": "Fusion Middleware", "version": "12.1", "operator": "eq"}, {"name": "Siebel Applications", "version": "2015", "operator": "eq"}, {"name": "Oracle HTTP Server", "version": "12.1", "operator": "eq"}, {"name": "Oracle Retail Central Office", "version": "14.0", "operator": "eq"}, {"name": "Enterprise Manager Ops Center", "version": "12.2", "operator": "eq"}, {"name": "JRockit", "version": "28.3", "operator": "eq"}, {"name": "Oracle Fusion Applications", "version": "11.1", "operator": "eq"}, {"name": "Oracle Retail Open Commerce Platform", "version": "3.0", "operator": "eq"}], "cvelist": ["CVE-2015-4894", "CVE-2015-4000", "CVE-2015-4851", "CVE-2015-4895", "CVE-2015-4905", "CVE-2015-4866", "CVE-2015-4832", "CVE-2015-4822", "CVE-2015-4830", "CVE-2015-4804", "CVE-2015-4816", "CVE-2015-0235", "CVE-2015-1793", "CVE-2015-4793", "CVE-2015-4863", "CVE-2015-4913", "CVE-2015-4892", "CVE-2014-0191", "CVE-2015-4796", "CVE-2015-4864", "CVE-2015-4794", "CVE-2015-4887", "CVE-2015-2642", "CVE-2015-4860", "CVE-2015-4868", "CVE-1999-0377", "CVE-2015-4820", "CVE-2015-4903", "CVE-2015-0286", "CVE-2015-4906", "CVE-2015-4843", "CVE-2015-4842", "CVE-2015-4910", "CVE-2015-4872", "CVE-2015-4846", "CVE-2014-3576", "CVE-2015-4876", "CVE-2014-3571", "CVE-2015-4883", "CVE-2014-7940", "CVE-2015-4858", "CVE-2015-4802", "CVE-2015-4882", "CVE-2015-4801", "CVE-2015-4878", "CVE-2015-4799", "CVE-2015-4811", "CVE-2015-4834", "CVE-2015-4762", "CVE-2015-4815", "CVE-2015-4812", "CVE-2015-4839", "CVE-2015-4798", "CVE-2015-4891", "CVE-2015-4734", "CVE-2015-4899", "CVE-2015-4865", "CVE-2015-4915", "CVE-2015-4871", "CVE-2015-4800", "CVE-2015-4869", "CVE-2015-4828", "CVE-2015-4803", "CVE-2015-4875", "CVE-2015-4902", "CVE-2015-4917", "CVE-2015-4909", "CVE-2015-4791", "CVE-2015-4805", "CVE-2015-4849", "CVE-2015-4879", "CVE-2015-4888", "CVE-2015-4838", "CVE-2015-4850", "CVE-2015-4806", "CVE-2015-4825", "CVE-2015-3144", "CVE-2015-4797", "CVE-2015-4792", "CVE-2015-4837", "CVE-2015-4904", "CVE-2015-4810", "CVE-2015-4827", "CVE-2014-0050", "CVE-2015-4817", "CVE-2015-4908", "CVE-2015-4912", "CVE-2015-4833", "CVE-2015-4847", "CVE-2015-4855", "CVE-2015-4848", "CVE-2015-4730", "CVE-2015-4819", "CVE-2015-4896", "CVE-2015-2633", "CVE-2015-4807", "CVE-2015-4901", "CVE-2015-4835", "CVE-2015-4873", "CVE-2015-4766", "CVE-2015-4795", "CVE-2015-4907", "CVE-2015-4859", "CVE-2015-1829", "CVE-2015-4898", "CVE-2015-4874", "CVE-2015-4836", "CVE-2015-4824", "CVE-2015-4900", "CVE-2015-4831", "CVE-2015-4861", "CVE-2015-4911", "CVE-2015-4886", "CVE-2015-2608", "CVE-2015-4809", "CVE-2015-4877", "CVE-2015-4844", "CVE-2015-4870", "CVE-2015-4881", "CVE-2015-4840", "CVE-2015-4856", "CVE-2015-4845", "CVE-2015-4914", "CVE-2015-4893", "CVE-2015-4916", "CVE-2015-4826", "CVE-2014-1569", "CVE-2015-4862", "CVE-2010-1622", "CVE-2015-4857", "CVE-2015-4890", "CVE-2015-4867", "CVE-2015-4884", "CVE-2015-4813", "CVE-2015-4841", "CVE-2015-4818", "CVE-2015-4880", "CVE-2015-1791", "CVE-2015-4823", "CVE-2015-4821"], "modified": "2015-11-02T00:00:00", "id": "SECURITYVULNS:VULN:14755", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14755", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:03", "references": ["https://vulners.com/securityvulns/securityvulns:doc:32650"], "description": "DoS, code execution.", "edition": 1, "reporter": "BUGTRAQ", "published": "2015-11-01T00:00:00", "title": "unzip security vulneravilities", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:10:03", "vector": "NONE", "value": 9.3}}, "bulletinFamily": "software", "affectedSoftware": [{"name": "unzip", "version": "6.0", "operator": "eq"}], "cvelist": ["CVE-2015-7696", "CVE-2015-7697"], "modified": "2015-11-01T00:00:00", "id": "SECURITYVULNS:VULN:14752", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14752", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:03", "references": ["https://vulners.com/securityvulns/securityvulns:doc:32649"], "description": "Multiple memory corruptions.", "edition": 1, "reporter": "UBUNTU", "published": "2015-11-01T00:00:00", "title": "ntp multiple security vulnerabilities", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:10:03", "vector": "NONE", "value": 10.0}}, "bulletinFamily": "software", "affectedSoftware": [{"name": "ntp", "version": "4.2", "operator": "eq"}], "cvelist": ["CVE-2015-7703", "CVE-2015-7855", "CVE-2015-5219", "CVE-2015-7704", "CVE-2015-7701", "CVE-2015-7692", "CVE-2015-7702", "CVE-2015-5194", "CVE-2015-7852", "CVE-2015-7871", "CVE-2015-7691", "CVE-2015-5196", "CVE-2015-7705", "CVE-2015-5300", "CVE-2015-5195", "CVE-2015-7850", "CVE-2015-7853"], "modified": "2015-11-01T00:00:00", "id": "SECURITYVULNS:VULN:14751", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14751", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:09:54", "references": ["https://vulners.com/securityvulns/securityvulns:doc:31964", "https://vulners.com/securityvulns/securityvulns:doc:31976", "https://vulners.com/securityvulns/securityvulns:doc:30267"], "description": "Request may be sent via wrong connection if NTLM authentication is used. Information disclosure, DoS.", "edition": 1, "reporter": "BUGTRAQ", "published": "2015-11-01T00:00:00", "title": "cURL security vulnerabilitiies", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:09:54", "vector": "NONE", "value": 5.0}}, "bulletinFamily": "software", "affectedSoftware": [{"name": "cURL", "version": "7.35", "operator": "eq"}, {"name": "libcurl", "version": "7.41", "operator": "eq"}], "cvelist": ["CVE-2015-3236", "CVE-2015-3153", "CVE-2015-3144", "CVE-2015-3237", "CVE-2014-0015", "CVE-2015-3145", "CVE-2015-3143", "CVE-2015-3148"], "modified": "2015-11-01T00:00:00", "id": "SECURITYVULNS:VULN:13544", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:13544", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:03", "references": ["https://vulners.com/securityvulns/securityvulns:doc:32633", "https://vulners.com/securityvulns/securityvulns:doc:32617", "https://vulners.com/securityvulns/securityvulns:doc:32634", "https://vulners.com/securityvulns/securityvulns:doc:32646", "https://vulners.com/securityvulns/securityvulns:doc:32605", "https://vulners.com/securityvulns/securityvulns:doc:32635", "https://vulners.com/securityvulns/securityvulns:doc:32613", "https://vulners.com/securityvulns/securityvulns:doc:32645", "https://vulners.com/securityvulns/securityvulns:doc:32599", "https://vulners.com/securityvulns/securityvulns:doc:32608", "https://vulners.com/securityvulns/securityvulns:doc:32604", "https://vulners.com/securityvulns/securityvulns:doc:32603", "https://vulners.com/securityvulns/securityvulns:doc:32624", "https://vulners.com/securityvulns/securityvulns:doc:32636", "https://vulners.com/securityvulns/securityvulns:doc:32619", "https://vulners.com/securityvulns/securityvulns:doc:32609", "https://vulners.com/securityvulns/securityvulns:doc:32611", "https://vulners.com/securityvulns/securityvulns:doc:32625", "https://vulners.com/securityvulns/securityvulns:doc:32626", "https://vulners.com/securityvulns/securityvulns:doc:32627", "https://vulners.com/securityvulns/securityvulns:doc:32620", "https://vulners.com/securityvulns/securityvulns:doc:32612", "https://vulners.com/securityvulns/securityvulns:doc:32640", "https://vulners.com/securityvulns/securityvulns:doc:32601", "https://vulners.com/securityvulns/securityvulns:doc:32614", "https://vulners.com/securityvulns/securityvulns:doc:32618", "https://vulners.com/securityvulns/securityvulns:doc:32638", "https://vulners.com/securityvulns/securityvulns:doc:32632", "https://vulners.com/securityvulns/securityvulns:doc:32622", "https://vulners.com/securityvulns/securityvulns:doc:32602", "https://vulners.com/securityvulns/securityvulns:doc:32648", "https://vulners.com/securityvulns/securityvulns:doc:32644", "https://vulners.com/securityvulns/securityvulns:doc:32616", "https://vulners.com/securityvulns/securityvulns:doc:32606", "https://vulners.com/securityvulns/securityvulns:doc:32623", "https://vulners.com/securityvulns/securityvulns:doc:32631", "https://vulners.com/securityvulns/securityvulns:doc:32637", "https://vulners.com/securityvulns/securityvulns:doc:32628", "https://vulners.com/securityvulns/securityvulns:doc:32630", "https://vulners.com/securityvulns/securityvulns:doc:32615", "https://vulners.com/securityvulns/securityvulns:doc:32639", "https://vulners.com/securityvulns/securityvulns:doc:32629", "https://vulners.com/securityvulns/securityvulns:doc:32621", "https://vulners.com/securityvulns/securityvulns:doc:32607", "https://vulners.com/securityvulns/securityvulns:doc:32600", "https://vulners.com/securityvulns/securityvulns:doc:32642", "https://vulners.com/securityvulns/securityvulns:doc:32647", "https://vulners.com/securityvulns/securityvulns:doc:32641", "https://vulners.com/securityvulns/securityvulns:doc:32643", "https://vulners.com/securityvulns/securityvulns:doc:32610"], "description": "PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.", "edition": 1, "reporter": " ", "published": "2015-10-26T00:00:00", "title": "Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:10:03", "vector": "NONE", "value": 4.3}}, "bulletinFamily": "software", "affectedSoftware": [{"name": "Easy2Map", "version": "1.2", "operator": "eq"}, {"name": "SourceBans", "version": "1.4", "operator": "eq"}, {"name": "twig", "version": "1.20", "operator": "eq"}, {"name": "Bugzilla", "version": "5.0", "operator": "eq"}, {"name": "ZendFramework", "version": "1.12", "operator": "eq"}, {"name": "Pie Register", "version": "2.0", "operator": "eq"}, {"name": "Support Ticket System", "version": "1.2", "operator": "eq"}, {"name": "Payment Form for PayPal Pro", "version": "1.0", "operator": "eq"}, {"name": "Magento", "version": "1.9", "operator": "eq"}, {"name": "LinuxOptic CMS", "version": "2009", "operator": "eq"}, {"name": "TestLink", "version": "1.9", "operator": "eq"}, {"name": "drupal", "version": "7.39", "operator": "eq"}, {"name": "YouTube Embed", "version": "3.3", "operator": "eq"}, {"name": "NodeBB", "version": "0.8", "operator": "eq"}, {"name": "K2 Platforms", "version": "4.6", "operator": "eq"}, {"name": "Qlikview", "version": "11.20", "operator": "eq"}, {"name": "Font", "version": "7.5", "operator": "eq"}, {"name": "Lime Survey", "version": "2.06", "operator": "eq"}, {"name": "X2Engine", "version": "4.2", "operator": "eq"}, {"name": "JSPMySQL", "version": "1.0", "operator": "eq"}, {"name": "Cerb", "version": "7.0", "operator": "eq"}, {"name": "James Server", "version": "2.3", "operator": "eq"}, {"name": "ResAds", "version": "1.0", "operator": "eq"}, {"name": "Bamboo", "version": "5.9", "operator": "eq"}, {"name": "BMC Remedy AR", "version": "9.0", "operator": "eq"}, {"name": "iTop", "version": "2.1", "operator": "eq"}, {"name": "Revive Adserver", "version": "3.2", "operator": "eq"}, {"name": "ServiceDesk Plus", "version": "9", "operator": "eq"}, {"name": "DataTables", "version": "1.10", "operator": "eq"}, {"name": "Jenkins", "version": "1.626", "operator": "eq"}, {"name": "JIRA", "version": "6.4", "operator": "eq"}, {"name": "Secure MFT", "version": "2015", "operator": "eq"}, {"name": "Openfire", "version": "3.10", "operator": "eq"}, {"name": "DWBooster Appointment Booking Calendar", "version": "1.1", "operator": "eq"}], "cvelist": ["CVE-2015-7377", "CVE-2015-6000", "CVE-2015-5075", "CVE-2015-7390", "CVE-2015-6544", "CVE-2015-7668", "CVE-2015-5715", "CVE-2015-7373", "CVE-2015-6659", "CVE-2015-5956", "CVE-2015-3623", "CVE-2015-6660", "CVE-2015-7682", "CVE-2015-5723", "CVE-2015-7368", "CVE-2015-7319", "CVE-2015-7299", "CVE-2015-7669", "CVE-2015-5071", "CVE-2015-7371", "CVE-2015-7320", "CVE-2015-6497", "CVE-2015-4499", "CVE-2015-7683", "CVE-2015-7367", "CVE-2014-8778", "CVE-2015-7670", "CVE-2015-7391", "CVE-2015-7372", "CVE-2015-7366", "CVE-2015-7364", "CVE-2015-7667", "CVE-2015-5072", "CVE-2015-6545", "CVE-2015-7370", "CVE-2015-7666", "CVE-2015-6658", "CVE-2015-6576", "CVE-2015-5076", "CVE-2015-6584", "CVE-2015-5074", "CVE-2015-5603", "CVE-2015-7365", "CVE-2015-6661", "CVE-2015-7369", "CVE-2015-5714", "CVE-2015-6665"], "modified": "2015-10-26T00:00:00", "id": "SECURITYVULNS:VULN:14750", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14750", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:02", "references": ["https://vulners.com/securityvulns/securityvulns:doc:32510", "https://vulners.com/securityvulns/securityvulns:doc:32597"], "description": "Authentication bypass, information disclosure.", "edition": 1, "reporter": "BUGTRAQ", "published": "2015-10-26T00:00:00", "title": "HP ArcSight Logger security vulnerabilities", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:10:02", "vector": "NONE", "value": 7.5}}, "bulletinFamily": "software", "affectedSoftware": [{"name": "ArcSight Logger", "version": "6.0", "operator": "eq"}], "cvelist": ["CVE-2015-2136", "CVE-2015-6029"], "modified": "2015-10-26T00:00:00", "id": "SECURITYVULNS:VULN:14693", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14693", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-08-31T11:10:02", "references": ["https://vulners.com/securityvulns/securityvulns:doc:32598"], "description": "No description provided", "edition": 1, "reporter": "BUGTRAQ", "published": "2015-10-26T00:00:00", "title": "HP Asset Manager information disclosure", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:10:02", "vector": "NONE", "value": 5.0}}, "bulletinFamily": "software", "affectedSoftware": [{"name": "Asset Manager", "version": "9.50", "operator": "eq"}], "cvelist": ["CVE-2015-5448"], "modified": "2015-10-26T00:00:00", "id": "SECURITYVULNS:VULN:14749", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14749", "cvss": {"score": 2.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}]}
