ID SECURITYVULNS:VULN:8796
Type securityvulns
Reporter BUGTRAQ
Modified 2008-03-18T00:00:00
Description
Some command sequence causes service to crash.
{"id": "SECURITYVULNS:VULN:8796", "bulletinFamily": "software", "title": "Home FTP Server DoS", "description": "Some command sequence causes service to crash.", "published": "2008-03-18T00:00:00", "modified": "2008-03-18T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:8796", "reporter": "BUGTRAQ", "references": ["https://vulners.com/securityvulns/securityvulns:doc:19433"], "cvelist": [], "type": "securityvulns", "lastseen": "2018-08-31T11:09:28", "history": [], "edition": 1, "hashmap": [{"key": "affectedSoftware", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "bulletinFamily", "hash": "f9fa10ba956cacf91d7878861139efb9"}, {"key": "cvelist", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvss", "hash": "8cd4821cb504d25572038ed182587d85"}, {"key": "description", "hash": "d69f1bf9bbe6bada151740f5f00b15f9"}, {"key": "href", "hash": "5630b7e842aa691bbbf45aacdd82287a"}, {"key": "modified", "hash": "f836a7a1c8551e5b1d31b80889372861"}, {"key": "published", "hash": "f836a7a1c8551e5b1d31b80889372861"}, {"key": "references", "hash": "356dc6d5cd03f698f10cb5d5fe13a4a7"}, {"key": "reporter", "hash": "2c5cca82a8670da097919f6160833daf"}, {"key": "title", "hash": "e4200162fb8427e759f3b4fc88f6d640"}, {"key": "type", "hash": "d54751dd75af2ea0147b462b3e001cd0"}], "hash": "6ee3ef4e91d364a3539208412e6240e39abdf9d32f1d8342a3de036d48a1bd46", "viewCount": 0, "enchantments": {"score": {"value": 5.0, "vector": "NONE", "modified": "2018-08-31T11:09:28"}, "vulnersScore": 5.0}, "objectVersion": "1.3", "affectedSoftware": []}
{"cve": [{"lastseen": "2017-05-18T07:51:09", "references": ["https://gist.github.com/anonymous/32e2894fa29176f3f32cb2b2bb7c24cb"], "description": "An issue was discovered on Accellion FTA devices before FTA_9_12_180. Because mysql_real_escape_string is misused, seos/courier/communication_p2p.php allows SQL injection with the app_id parameter.", "edition": 2, "reporter": "NVD", "published": "2017-05-05T14:29:00", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "title": "CVE-2017-8796", "type": "cve", "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2017-8796"], "scanner": [], "cpe": ["cpe:/a:accellion:file_transfer_appliance:9_12_40"], "modified": "2017-05-17T12:52:05", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8796", "id": "CVE-2017-8796", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-18T16:00:47", "references": ["http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161116-01-firewall-en", "http://www.securityfocus.com/bid/94405"], "edition": 1, "description": "Huawei USG9520 V300R001C01, USG9560 V300R001C01, and USG9580 V300R001C01 allow unauthenticated attackers to send abnormal DHCP request packets to the affected products to trigger a DoS condition.", "reporter": "NVD", "published": "2017-04-02T16:59:01", "type": "cve", "title": "CVE-2016-8796", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2016-8796"], "scanner": [], "cpe": ["cpe:/o:huawei:usg9560_firmware:v300r001c01", "cpe:/o:huawei:usg9580_firmware:v300r001c01", "cpe:/o:huawei:usg9520_firmware:v300r001c01"], "modified": "2017-04-05T14:14:45", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-8796", "id": "CVE-2016-8796", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2017-07-28T10:54:10", "references": ["https://issues.apache.org/jira/browse/SOLR-7920", "http://www.securityfocus.com/bid/85205"], "edition": 2, "description": "Cross-site scripting (XSS) vulnerability in webapp/web/js/scripts/schema-browser.js in the Admin UI in Apache Solr before 5.3 allows remote attackers to inject arbitrary web script or HTML via a crafted schema-browse URL.", "reporter": "NVD", "published": "2016-02-14T21:59:16", "enchantments": {"score": {"vector": "NONE", "value": 4.3}}, "type": "cve", "title": "CVE-2015-8796", "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2015-8796"], "scanner": [], "cpe": ["cpe:/a:apache:solr:5.2.1"], "modified": "2017-07-27T21:29:00", "id": "CVE-2015-8796", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8796", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "wpvulndb": [{"lastseen": "2018-09-17T19:24:08", "_object_types": ["robots.models.wpvulndb.WPVulnDBBulletin", "robots.models.base.Bulletin"], "references": ["http://www.defensecode.com/advisories/DC-2017-02-014_50_WordPress_plugins_by_BestWebSoft_Advisory.pdf", "http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/2017-April/010860.html"], "description": "WordPress Vulnerability - Multiple BestWebSoft Plugins - Authenticated Reflected GET Cross-Site Scripting (XSS) http://www.example.com/wp-admin/admin.php?page=bws_panel&category;=%22%3E%3C%2Fscript%3E%3Cscript%3Ealert%2842%29%3C%2Fscript%3E\n", "reporter": "ethicalhack3r", "published": "2017-04-13T00:00:00", "type": "wpvulndb", "title": "Multiple BestWebSoft Plugins - Authenticated Reflected GET Cross-Site Scripting (XSS)", "enchantments": {"score": {"modified": "2018-09-17T19:24:08", "vector": "NONE", "value": 4.3}}, "bulletinFamily": "software", "affectedSoftware": [{"name": "adsense-plugin", "version": "1.44", "operator": "lt"}, {"name": "bws-featured-posts", "version": "1.0.1", "operator": "lt"}, {"name": "bws-google-analytics", "version": "1.7.1", "operator": "lt"}, {"name": "bws-google-maps", "version": "1.3.6", "operator": "lt"}, {"name": "bws-latest-posts", "version": "0.3", "operator": "lt"}, {"name": "bws-linkedin", "version": "1.0.5", "operator": "lt"}, {"name": "bws-pinterest", "version": "1.0.5", "operator": "lt"}, {"name": "bws-popular-posts", "version": "1.0.5", "operator": "lt"}, {"name": "bws-smtp", "version": "1.1.0", "operator": "lt"}, {"name": "bws-testimonials", "version": "0.1.9", "operator": "lt"}, {"name": "captcha", "version": "4.3.0", "operator": "lt"}, {"name": "car-rental", "version": "1.0.5", "operator": "lt"}, {"name": "contact-form-multi", "version": "1.2.1", "operator": "lt"}, {"name": "contact-form-plugin", "version": "4.0.6", "operator": "lt"}, {"name": "contact-form-to-db", "version": "1.5.7", "operator": "lt"}, {"name": "custom-admin-page", "version": "0.1.2", "operator": "lt"}, {"name": "custom-fields-search", "version": "1.3.2", "operator": "lt"}, {"name": "custom-search-plugin", "version": "1.36", "operator": "lt"}, {"name": "donate-button", "version": "2.1.1", "operator": "lt"}, {"name": "email-queue", "version": "1.1.2", "operator": "lt"}, {"name": "error-log-viewer", "version": "1.0.6", "operator": "lt"}, {"name": "facebook-button-plugin", "version": "2.54", "operator": "lt"}, {"name": "gallery-categories", "version": "1.0.9", "operator": "lt"}, {"name": "gallery-plugin", "version": "4.5.0", "operator": "lt"}, {"name": "google-captcha", "version": "1.28", "operator": "lt"}, {"name": "google-one", "version": "1.3.4", "operator": "lt"}, {"name": "google-shortlink", "version": "1.5.3", "operator": "lt"}, {"name": "google-sitemap-plugin", "version": "3.0.8", "operator": "lt"}, {"name": "htaccess", "version": "1.7.6", "operator": "lt"}, {"name": "job-board", "version": "1.1.4", "operator": "lt"}, {"name": "limit-attempts", "version": "1.1.8", "operator": "lt"}, {"name": "multilanguage", "version": "1.2.3", "operator": "lt"}, {"name": "pagination", "version": "1.0.7", "operator": "lt"}, {"name": "pdf-print", "version": "1.9.4", "operator": "lt"}, {"name": "portfolio", "version": "2.40", "operator": "lt"}, {"name": "post-to-csv", "version": "1.3.1", "operator": "lt"}, {"name": "profile-extra-fields", "version": "1.0.7", "operator": "lt"}, {"name": "promobar", "version": "1.1.1", "operator": "lt"}, {"name": "quotes-and-tips", "version": "1.32", "operator": "lt"}, {"name": "rating-bws", "version": "0.2", "operator": "lt"}, {"name": "re-attacher", "version": "1.0.9", "operator": "lt"}, {"name": "realty", "version": "1.1.0", "operator": "lt"}, {"name": "relevant", "version": "1.2.0", "operator": "lt"}, {"name": "sender", "version": "1.2.1", "operator": "lt"}, {"name": "social-buttons-pack", "version": "1.1.1", "operator": "lt"}, {"name": "social-login-bws", "version": "0.2", "operator": "lt"}, {"name": "subscriber", "version": "1.3.5", "operator": "lt"}, {"name": "timesheet", "version": "0.1.5", "operator": "lt"}, {"name": "twitter-plugin", "version": "2.55", "operator": "lt"}, {"name": "updater", "version": "1.35", "operator": "lt"}, {"name": "user-role", "version": "1.5.6", "operator": "lt"}, {"name": "visitors-online", "version": "1.0.0", "operator": "lt"}, {"name": "zendesk-help-center", "version": "1.0.5", "operator": "lt"}], "cvelist": [], "_object_type": "robots.models.wpvulndb.WPVulnDBBulletin", "modified": "2018-08-29T00:00:00", "id": "WPVDB-ID:8796", "href": "https://wpvulndb.com/vulnerabilities/8796", "cvss": {"score": 0.0, "vector": "NONE"}}], "openbugbounty": [{"lastseen": "2017-10-17T02:13:58", "_object_types": ["robots.models.base.Bulletin", "robots.models.openbugbounty.OpenbugbountyBulletin"], "references": [], "enchantments_done": [], "openbugbounty": {"mirror": "", "patchStatus": "unpatched"}, "description": "##### Vulnerable URL:\n \n \n https://www.anthem.com/wps/portal/ahpfooter?label='-alert`OPENBUGBOUNTY`-'\n \n\n##### Details:\n\nDescription| Value \n---|--- \nPatched:| No \nLatest check for patch:| 30.07.2017 \nVulnerability type:| XSS \nVulnerability status:| Publicly disclosed \nAlexa Rank| 8796 \nVIP website status:| Yes \nCheck anthem.com SSL connection:| (Grade: A) \n \n##### Coordinated Disclosure Timeline:\n\nDescription| Value \n---|--- \nVulnerability submitted via Open Bug Bounty| 30 November, 2016 22:51 GMT \nVulnerability existence verified and confirmed| 1 December, 2016 05:42 GMT \nGeneric security notifications sent to website owner| 1 December, 2016 05:42 GMT \nNotification sent to subscribers (without technical details)| 1 December, 2016 06:17 GMT \nVulnerability details disclosed by researcher| 23 February, 2017 06:14 GMT\n", "reporter": "TvM", "published": "2016-11-30T22:51:00", "type": "openbugbounty", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "title": "anthem.com XSS vulnerability ", "bulletinFamily": "bugbounty", "cvelist": [], "_object_type": "robots.models.openbugbounty.OpenbugbountyBulletin", "modified": "2017-02-23T06:14:00", "href": "https://www.openbugbounty.org/reports/195714/", "id": "OBB:195714", "cvss": {"score": 0.0, "vector": "NONE"}}], "huawei": [{"lastseen": "2016-11-16T12:54:39", "references": [], "edition": 1, "description": "Some Huawei firewall products have a denial of service (DoS) vulnerability. Due to improper validation of some specific fields of DHCP message, an unauthenticated attacker may send abnormal DHCP request packets to the affected products. Successful exploit of this vulnerability could lead to a DoS condition. (Vulnerability ID: HWPSIRT-2016-08064) \nThis vulnerability has been assigned Common Vulnerabilities and Exposures (CVE) ID: CVE-2016-8796.\nHuawei has released software updates to fix these vulnerabilities. This advisory is available at the following link: \nhttp://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161116-01-firewall-en", "reporter": "Huawei Technologies", "published": "2016-11-16T00:00:00", "title": "Security Advisory - DoS Vulnerability in Some Huawei Firewall Products", "type": "huawei", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "software", "affectedSoftware": [{"name": "USG9560", "version": "V300R001C01", "operator": "eq"}, {"name": "USG9520", "version": "V300R001C01", "operator": "eq"}, {"name": "USG9580", "version": "V300R001C01", "operator": "eq"}], "cvelist": ["CVE-2016-8796"], "modified": "2016-11-16T00:00:00", "href": "http://www.huawei.com/en/psirt/security-advisories/2016/huawei-sa-20161116-01-firewall-en", "id": "HUAWEI-SA-20161116-01-FIREWALL", "cvss": {"score": 0.0, "vector": "NONE"}}], "openvas": [{"lastseen": "2018-09-26T14:16:48", "references": ["https://issues.apache.org/jira/browse/SOLR-7920", "https://issues.apache.org/jira/browse/SOLR-7949"], "pluginID": "1361412562310806880", "description": "This host is installed with Apache Solr\n and is prone to multiple cross-site scripting vulnerabilities.", "edition": 5, "reporter": "Copyright (C) 2016 Greenbone Networks GmbH", "published": "2016-03-01T00:00:00", "title": "Apache Solr Multiple Cross-Site Scripting Vulnerabilities", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "naslFamily": "Web application abuses", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-8796", "CVE-2015-8797"], "modified": "2018-09-25T00:00:00", "id": "OPENVAS:1361412562310806880", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310806880", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_apache_solr_mult_xss_vuln.nasl 11607 2018-09-25 13:53:15Z asteins $\n#\n# Apache Solr Multiple Cross-Site Scripting Vulnerabilities\n#\n# Authors:\n# Kashinath T <tkashinath@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:apache:solr\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.806880\");\n script_version(\"$Revision: 11607 $\");\n script_cve_id(\"CVE-2015-8797\", \"CVE-2015-8796\");\n script_bugtraq_id(83243);\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-25 15:53:15 +0200 (Tue, 25 Sep 2018) $\");\n script_tag(name:\"creation_date\", value:\"2016-03-01 14:45:34 +0530 (Tue, 01 Mar 2016)\");\n script_tag(name:\"qod_type\", value:\"remote_analysis\");\n script_name(\"Apache Solr Multiple Cross-Site Scripting Vulnerabilities\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Apache Solr\n and is prone to multiple cross-site scripting vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Send a crafted request via HTTP GET and\n check whether it is able to read cookie or not.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws are due to\n\n - An improper sanitization of 'entry' parameter\n in webapp/web/js/scripts/plugins.js in the stats page in the Admin UI.\n\n - An improper sanitization of 'field' parameter\n in webapp/web/js/scripts/schema-browser.js in the schema-browser page in\n the Admin UI.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to execute arbitrary script code in a user's browser session within\n the trust relationship between their browser and the server.\");\n\n script_tag(name:\"affected\", value:\"Apache Solr versions 4.9, 4.10.4, 5.2.1.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Apache Solr version 5.3.1 or later.\n For Updates refer to http://lucene.apache.org/solr/\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"https://issues.apache.org/jira/browse/SOLR-7920\");\n script_xref(name:\"URL\", value:\"https://issues.apache.org/jira/browse/SOLR-7949\");\n\n script_category(ACT_ATTACK);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Web application abuses\");\n script_dependencies(\"secpod_apache_solr_detect.nasl\");\n script_mandatory_keys(\"Apache/Solr/Installed\");\n script_require_ports(\"Services/www\", 8983);\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"http_func.inc\");\ninclude(\"http_keepalive.inc\");\n\nif(!solr_port = get_app_port(cpe:CPE)){\n exit(0);\n}\n\nif(!dir = get_app_location(cpe:CPE, port:solr_port)){\n exit(0);\n}\n\nurl = dir + '/#/collection1/plugins/cache?entry=score=<img src=1 onerror=alert(document.cookie);>';\n\nif(http_vuln_check(port:solr_port, url:url, pattern:\"alert\\(document.cookie\\)\", check_header:TRUE))\n{\n report = report_vuln_url( port:solr_port, url:url );\n security_message(port:solr_port, data:report);\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:02", "references": ["https://vulners.com/securityvulns/securityvulns:doc:32660", "https://vulners.com/securityvulns/securityvulns:doc:32549"], "description": "Symbolic links and hadlinks vulnerability in log files, privilege escalation.", "edition": 1, "reporter": "BUGTRAQ", "published": "2015-11-02T00:00:00", "title": "apport security vulnerabilities", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:10:02", "vector": "NONE", "value": 9.3}}, "bulletinFamily": "software", "affectedSoftware": [{"name": "Apport", "version": "2.18", "operator": "eq"}], "cvelist": ["CVE-2015-1338"], "modified": "2015-11-02T00:00:00", "id": "SECURITYVULNS:VULN:14720", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14720", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:03", "references": ["https://vulners.com/securityvulns/securityvulns:doc:32651"], "description": "PHAR extension DoS.", "edition": 1, "reporter": "BUGTRAQ", "published": "2015-11-02T00:00:00", "title": "PHP security vulnerabilities", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:10:03", "vector": "NONE", "value": 5.0}}, "bulletinFamily": "software", "affectedSoftware": [{"name": "PHP", "version": "5.6", "operator": "eq"}], "cvelist": ["CVE-2015-7803", "CVE-2015-7804"], "modified": "2015-11-02T00:00:00", "id": "SECURITYVULNS:VULN:14753", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14753", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:03", "references": ["https://vulners.com/securityvulns/securityvulns:doc:32652"], "description": "Crash on audiofiles processing.", "edition": 1, "reporter": "BUGTRAQ", "published": "2015-11-02T00:00:00", "title": "audiofile memory corruption", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:10:03", "vector": "NONE", "value": 5.0}}, "bulletinFamily": "software", "affectedSoftware": [{"name": "libaudiofile", "version": "0.3", "operator": "eq"}], "cvelist": ["CVE-2015-7747"], "modified": "2015-11-02T00:00:00", "id": "SECURITYVULNS:VULN:14754", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14754", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2018-08-31T11:10:03", "references": ["https://vulners.com/securityvulns/securityvulns:doc:32657", "https://vulners.com/securityvulns/securityvulns:doc:32654", "https://vulners.com/securityvulns/securityvulns:doc:32655", "https://vulners.com/securityvulns/securityvulns:doc:32656", "https://vulners.com/securityvulns/securityvulns:doc:32658", "https://vulners.com/securityvulns/securityvulns:doc:32659", "https://vulners.com/securityvulns/securityvulns:doc:32653"], "description": "Quarterly update closes 140 vulnerabilities in different applications.", "edition": 1, "reporter": "ORACLE", "published": "2015-11-02T00:00:00", "title": "Oracle / Sun / PeopleSoft / MySQL multiple security vulnerabilities", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:10:03", "vector": "NONE", "value": 5.0}}, "bulletinFamily": "software", "affectedSoftware": [{"name": "PeopleSoft Enterprise HCM Talent Acquistion Managment", "version": "9.2", "operator": "eq"}, {"name": "Endeca Server", "version": "7.6", "operator": "eq"}, {"name": "Oracle Transportation Management", "version": "6.2", "operator": "eq"}, {"name": "Oracle Traffic Director", "version": "11.1", "operator": "eq"}, {"name": "Java SE", "version": "8", "operator": "eq"}, {"name": "Oracle Communications LSMS", "version": "13.1", "operator": "eq"}, {"name": "Oracle Communications Messaging Server", "version": "8.0", "operator": "eq"}, {"name": "Oracle Enterprise Data Quality", "version": "12.1", "operator": "eq"}, {"name": "PeopleSoft Enterprise FSCM", "version": "9.2", "operator": "eq"}, {"name": "Hyperion Installation Technology", "version": "11.1", "operator": "eq"}, {"name": "Oracle", "version": "12.1", "operator": "eq"}, {"name": "Java SE Embedded", "version": "8", "operator": "eq"}, {"name": "Outside In Technology", "version": "8.5", "operator": "eq"}, {"name": "Exalogic Infrastructure", "version": "2.0", "operator": "eq"}, {"name": "Oracle", "version": "11.2", "operator": "eq"}, {"name": "Oracle Retail Returns Management", "version": "14.0", "operator": "eq"}, {"name": "Oracle E-Business Suite", "version": "12.2", "operator": "eq"}, {"name": "Solaris", "version": "11.2", "operator": "eq"}, {"name": "MySQL Enterprise Monitor", "version": "3.0", "operator": "eq"}, {"name": "PeopleSoft Enterprise PeopleTools", "version": "8.54", "operator": "eq"}, {"name": "Oracle Agile PLM", "version": "9.3", "operator": "eq"}, {"name": "PeopleSoft Enterprise HCM", "version": "9.2", "operator": "eq"}, {"name": "Oracle WebCenter Content", "version": "10.1", "operator": "eq"}, {"name": "Oracle Configurator", "version": "12.2", "operator": "eq"}, {"name": "Oracle Communications Performance Intelligence Center Software", "version": "10.1", "operator": "eq"}, {"name": "Oracle Communications Diameter Signaling Router", "version": "7.1", "operator": "eq"}, {"name": "Oracle Identity Manager", "version": "11.1", "operator": "eq"}, {"name": "Enterprise Manager Base Platform", "version": "12.1", "operator": "eq"}, {"name": "FS1-2 Flash Storage System", "version": "6.3", "operator": "eq"}, {"name": "Integrated Lights Out Manager", "version": "3.2", "operator": "eq"}, {"name": "Oracle Business Intelligence Enterprise Edition", "version": "11.1", "operator": "eq"}, {"name": "OSS Support Tools", "version": "8.8", "operator": "eq"}, {"name": "Oracle Retail Back Office", "version": "14.0", "operator": "eq"}, {"name": "Oracle Agile Engineering Data Management", "version": "6.2", "operator": "eq"}, {"name": "Oracle Communications Tekelec HLR Router", "version": "4.0", "operator": "eq"}, {"name": "VirtualBox", "version": "5.0", "operator": "eq"}, {"name": "MySQL Server", "version": "5.6", "operator": "eq"}, {"name": "PeopleSoft Enterprise FIN Expenses", "version": "9.2", "operator": "eq"}, {"name": "GlassFish Server", "version": "3.1", "operator": "eq"}, {"name": "Oracle Mobile Security Suite", "version": "3.0", "operator": "eq"}, {"name": "Oracle Communications User Data Repository", "version": "10.2", "operator": "eq"}, {"name": "Oracle Communications Convergence", "version": "3.0", "operator": "eq"}, {"name": "Oracle Access Manager", "version": "11.1", "operator": "eq"}, {"name": "JDeveloper", "version": "12.1", "operator": "eq"}, {"name": "Oracle Mobile Server", "version": "12.1", "operator": "eq"}, {"name": "Oracle Utilities Work and Asset Management", "version": "1.9", "operator": "eq"}, {"name": "Oracle Communications Policy Management", "version": "12.1", "operator": "eq"}, {"name": "Oracle WebCenter Sites", "version": "11.1", "operator": "eq"}, {"name": "JavaFX", "version": "2.2", "operator": "eq"}, {"name": "Fusion Middleware", "version": "12.1", "operator": "eq"}, {"name": "Siebel Applications", "version": "2015", "operator": "eq"}, {"name": "Oracle HTTP Server", "version": "12.1", "operator": "eq"}, {"name": "Oracle Retail Central Office", "version": "14.0", "operator": "eq"}, {"name": "Enterprise Manager Ops Center", "version": "12.2", "operator": "eq"}, {"name": "JRockit", "version": "28.3", "operator": "eq"}, {"name": "Oracle Fusion Applications", "version": "11.1", "operator": "eq"}, {"name": "Oracle Retail Open Commerce Platform", "version": "3.0", "operator": "eq"}], "cvelist": ["CVE-2015-4894", "CVE-2015-4000", "CVE-2015-4851", "CVE-2015-4895", "CVE-2015-4905", "CVE-2015-4866", "CVE-2015-4832", "CVE-2015-4822", "CVE-2015-4830", "CVE-2015-4804", "CVE-2015-4816", "CVE-2015-0235", "CVE-2015-1793", "CVE-2015-4793", "CVE-2015-4863", "CVE-2015-4913", "CVE-2015-4892", "CVE-2014-0191", "CVE-2015-4796", "CVE-2015-4864", "CVE-2015-4794", "CVE-2015-4887", "CVE-2015-2642", "CVE-2015-4860", "CVE-2015-4868", "CVE-1999-0377", "CVE-2015-4820", "CVE-2015-4903", "CVE-2015-0286", "CVE-2015-4906", "CVE-2015-4843", "CVE-2015-4842", "CVE-2015-4910", "CVE-2015-4872", "CVE-2015-4846", "CVE-2014-3576", "CVE-2015-4876", "CVE-2014-3571", "CVE-2015-4883", "CVE-2014-7940", "CVE-2015-4858", "CVE-2015-4802", "CVE-2015-4882", "CVE-2015-4801", "CVE-2015-4878", "CVE-2015-4799", "CVE-2015-4811", "CVE-2015-4834", "CVE-2015-4762", "CVE-2015-4815", "CVE-2015-4812", "CVE-2015-4839", "CVE-2015-4798", "CVE-2015-4891", "CVE-2015-4734", "CVE-2015-4899", "CVE-2015-4865", "CVE-2015-4915", "CVE-2015-4871", "CVE-2015-4800", "CVE-2015-4869", "CVE-2015-4828", "CVE-2015-4803", "CVE-2015-4875", "CVE-2015-4902", "CVE-2015-4917", "CVE-2015-4909", "CVE-2015-4791", "CVE-2015-4805", "CVE-2015-4849", "CVE-2015-4879", "CVE-2015-4888", "CVE-2015-4838", "CVE-2015-4850", "CVE-2015-4806", "CVE-2015-4825", "CVE-2015-3144", "CVE-2015-4797", "CVE-2015-4792", "CVE-2015-4837", "CVE-2015-4904", "CVE-2015-4810", "CVE-2015-4827", "CVE-2014-0050", "CVE-2015-4817", "CVE-2015-4908", "CVE-2015-4912", "CVE-2015-4833", "CVE-2015-4847", "CVE-2015-4855", "CVE-2015-4848", "CVE-2015-4730", "CVE-2015-4819", "CVE-2015-4896", "CVE-2015-2633", "CVE-2015-4807", "CVE-2015-4901", "CVE-2015-4835", "CVE-2015-4873", "CVE-2015-4766", "CVE-2015-4795", "CVE-2015-4907", "CVE-2015-4859", "CVE-2015-1829", "CVE-2015-4898", "CVE-2015-4874", "CVE-2015-4836", "CVE-2015-4824", "CVE-2015-4900", "CVE-2015-4831", "CVE-2015-4861", "CVE-2015-4911", "CVE-2015-4886", "CVE-2015-2608", "CVE-2015-4809", "CVE-2015-4877", "CVE-2015-4844", "CVE-2015-4870", "CVE-2015-4881", "CVE-2015-4840", "CVE-2015-4856", "CVE-2015-4845", "CVE-2015-4914", "CVE-2015-4893", "CVE-2015-4916", "CVE-2015-4826", "CVE-2014-1569", "CVE-2015-4862", "CVE-2010-1622", "CVE-2015-4857", "CVE-2015-4890", "CVE-2015-4867", "CVE-2015-4884", "CVE-2015-4813", "CVE-2015-4841", "CVE-2015-4818", "CVE-2015-4880", "CVE-2015-1791", "CVE-2015-4823", "CVE-2015-4821"], "modified": "2015-11-02T00:00:00", "id": "SECURITYVULNS:VULN:14755", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14755", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:03", "references": ["https://vulners.com/securityvulns/securityvulns:doc:32650"], "description": "DoS, code execution.", "edition": 1, "reporter": "BUGTRAQ", "published": "2015-11-01T00:00:00", "title": "unzip security vulneravilities", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:10:03", "vector": "NONE", "value": 9.3}}, "bulletinFamily": "software", "affectedSoftware": [{"name": "unzip", "version": "6.0", "operator": "eq"}], "cvelist": ["CVE-2015-7696", "CVE-2015-7697"], "modified": "2015-11-01T00:00:00", "id": "SECURITYVULNS:VULN:14752", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14752", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:03", "references": ["https://vulners.com/securityvulns/securityvulns:doc:32649"], "description": "Multiple memory corruptions.", "edition": 1, "reporter": "UBUNTU", "published": "2015-11-01T00:00:00", "title": "ntp multiple security vulnerabilities", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:10:03", "vector": "NONE", "value": 10.0}}, "bulletinFamily": "software", "affectedSoftware": [{"name": "ntp", "version": "4.2", "operator": "eq"}], "cvelist": ["CVE-2015-7703", "CVE-2015-7855", "CVE-2015-5219", "CVE-2015-7704", "CVE-2015-7701", "CVE-2015-7692", "CVE-2015-7702", "CVE-2015-5194", "CVE-2015-7852", "CVE-2015-7871", "CVE-2015-7691", "CVE-2015-5196", "CVE-2015-7705", "CVE-2015-5300", "CVE-2015-5195", "CVE-2015-7850", "CVE-2015-7853"], "modified": "2015-11-01T00:00:00", "id": "SECURITYVULNS:VULN:14751", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14751", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:09:54", "references": ["https://vulners.com/securityvulns/securityvulns:doc:31964", "https://vulners.com/securityvulns/securityvulns:doc:31976", "https://vulners.com/securityvulns/securityvulns:doc:30267"], "description": "Request may be sent via wrong connection if NTLM authentication is used. Information disclosure, DoS.", "edition": 1, "reporter": "BUGTRAQ", "published": "2015-11-01T00:00:00", "title": "cURL security vulnerabilitiies", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:09:54", "vector": "NONE", "value": 5.0}}, "bulletinFamily": "software", "affectedSoftware": [{"name": "cURL", "version": "7.35", "operator": "eq"}, {"name": "libcurl", "version": "7.41", "operator": "eq"}], "cvelist": ["CVE-2015-3236", "CVE-2015-3153", "CVE-2015-3144", "CVE-2015-3237", "CVE-2014-0015", "CVE-2015-3145", "CVE-2015-3143", "CVE-2015-3148"], "modified": "2015-11-01T00:00:00", "id": "SECURITYVULNS:VULN:13544", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:13544", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:03", "references": ["https://vulners.com/securityvulns/securityvulns:doc:32633", "https://vulners.com/securityvulns/securityvulns:doc:32617", "https://vulners.com/securityvulns/securityvulns:doc:32634", "https://vulners.com/securityvulns/securityvulns:doc:32646", "https://vulners.com/securityvulns/securityvulns:doc:32605", "https://vulners.com/securityvulns/securityvulns:doc:32635", "https://vulners.com/securityvulns/securityvulns:doc:32613", "https://vulners.com/securityvulns/securityvulns:doc:32645", "https://vulners.com/securityvulns/securityvulns:doc:32599", "https://vulners.com/securityvulns/securityvulns:doc:32608", "https://vulners.com/securityvulns/securityvulns:doc:32604", "https://vulners.com/securityvulns/securityvulns:doc:32603", "https://vulners.com/securityvulns/securityvulns:doc:32624", "https://vulners.com/securityvulns/securityvulns:doc:32636", "https://vulners.com/securityvulns/securityvulns:doc:32619", "https://vulners.com/securityvulns/securityvulns:doc:32609", "https://vulners.com/securityvulns/securityvulns:doc:32611", "https://vulners.com/securityvulns/securityvulns:doc:32625", "https://vulners.com/securityvulns/securityvulns:doc:32626", "https://vulners.com/securityvulns/securityvulns:doc:32627", "https://vulners.com/securityvulns/securityvulns:doc:32620", "https://vulners.com/securityvulns/securityvulns:doc:32612", "https://vulners.com/securityvulns/securityvulns:doc:32640", "https://vulners.com/securityvulns/securityvulns:doc:32601", "https://vulners.com/securityvulns/securityvulns:doc:32614", "https://vulners.com/securityvulns/securityvulns:doc:32618", "https://vulners.com/securityvulns/securityvulns:doc:32638", "https://vulners.com/securityvulns/securityvulns:doc:32632", "https://vulners.com/securityvulns/securityvulns:doc:32622", "https://vulners.com/securityvulns/securityvulns:doc:32602", "https://vulners.com/securityvulns/securityvulns:doc:32648", "https://vulners.com/securityvulns/securityvulns:doc:32644", "https://vulners.com/securityvulns/securityvulns:doc:32616", "https://vulners.com/securityvulns/securityvulns:doc:32606", "https://vulners.com/securityvulns/securityvulns:doc:32623", "https://vulners.com/securityvulns/securityvulns:doc:32631", "https://vulners.com/securityvulns/securityvulns:doc:32637", "https://vulners.com/securityvulns/securityvulns:doc:32628", "https://vulners.com/securityvulns/securityvulns:doc:32630", "https://vulners.com/securityvulns/securityvulns:doc:32615", "https://vulners.com/securityvulns/securityvulns:doc:32639", "https://vulners.com/securityvulns/securityvulns:doc:32629", "https://vulners.com/securityvulns/securityvulns:doc:32621", "https://vulners.com/securityvulns/securityvulns:doc:32607", "https://vulners.com/securityvulns/securityvulns:doc:32600", "https://vulners.com/securityvulns/securityvulns:doc:32642", "https://vulners.com/securityvulns/securityvulns:doc:32647", "https://vulners.com/securityvulns/securityvulns:doc:32641", "https://vulners.com/securityvulns/securityvulns:doc:32643", "https://vulners.com/securityvulns/securityvulns:doc:32610"], "description": "PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.", "edition": 1, "reporter": " ", "published": "2015-10-26T00:00:00", "title": "Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:10:03", "vector": "NONE", "value": 4.3}}, "bulletinFamily": "software", "affectedSoftware": [{"name": "Easy2Map", "version": "1.2", "operator": "eq"}, {"name": "SourceBans", "version": "1.4", "operator": "eq"}, {"name": "twig", "version": "1.20", "operator": "eq"}, {"name": "Bugzilla", "version": "5.0", "operator": "eq"}, {"name": "ZendFramework", "version": "1.12", "operator": "eq"}, {"name": "Pie Register", "version": "2.0", "operator": "eq"}, {"name": "Support Ticket System", "version": "1.2", "operator": "eq"}, {"name": "Payment Form for PayPal Pro", "version": "1.0", "operator": "eq"}, {"name": "Magento", "version": "1.9", "operator": "eq"}, {"name": "LinuxOptic CMS", "version": "2009", "operator": "eq"}, {"name": "TestLink", "version": "1.9", "operator": "eq"}, {"name": "drupal", "version": "7.39", "operator": "eq"}, {"name": "YouTube Embed", "version": "3.3", "operator": "eq"}, {"name": "NodeBB", "version": "0.8", "operator": "eq"}, {"name": "K2 Platforms", "version": "4.6", "operator": "eq"}, {"name": "Qlikview", "version": "11.20", "operator": "eq"}, {"name": "Font", "version": "7.5", "operator": "eq"}, {"name": "Lime Survey", "version": "2.06", "operator": "eq"}, {"name": "X2Engine", "version": "4.2", "operator": "eq"}, {"name": "JSPMySQL", "version": "1.0", "operator": "eq"}, {"name": "Cerb", "version": "7.0", "operator": "eq"}, {"name": "James Server", "version": "2.3", "operator": "eq"}, {"name": "ResAds", "version": "1.0", "operator": "eq"}, {"name": "Bamboo", "version": "5.9", "operator": "eq"}, {"name": "BMC Remedy AR", "version": "9.0", "operator": "eq"}, {"name": "iTop", "version": "2.1", "operator": "eq"}, {"name": "Revive Adserver", "version": "3.2", "operator": "eq"}, {"name": "ServiceDesk Plus", "version": "9", "operator": "eq"}, {"name": "DataTables", "version": "1.10", "operator": "eq"}, {"name": "Jenkins", "version": "1.626", "operator": "eq"}, {"name": "JIRA", "version": "6.4", "operator": "eq"}, {"name": "Secure MFT", "version": "2015", "operator": "eq"}, {"name": "Openfire", "version": "3.10", "operator": "eq"}, {"name": "DWBooster Appointment Booking Calendar", "version": "1.1", "operator": "eq"}], "cvelist": ["CVE-2015-7377", "CVE-2015-6000", "CVE-2015-5075", "CVE-2015-7390", "CVE-2015-6544", "CVE-2015-7668", "CVE-2015-5715", "CVE-2015-7373", "CVE-2015-6659", "CVE-2015-5956", "CVE-2015-3623", "CVE-2015-6660", "CVE-2015-7682", "CVE-2015-5723", "CVE-2015-7368", "CVE-2015-7319", "CVE-2015-7299", "CVE-2015-7669", "CVE-2015-5071", "CVE-2015-7371", "CVE-2015-7320", "CVE-2015-6497", "CVE-2015-4499", "CVE-2015-7683", "CVE-2015-7367", "CVE-2014-8778", "CVE-2015-7670", "CVE-2015-7391", "CVE-2015-7372", "CVE-2015-7366", "CVE-2015-7364", "CVE-2015-7667", "CVE-2015-5072", "CVE-2015-6545", "CVE-2015-7370", "CVE-2015-7666", "CVE-2015-6658", "CVE-2015-6576", "CVE-2015-5076", "CVE-2015-6584", "CVE-2015-5074", "CVE-2015-5603", "CVE-2015-7365", "CVE-2015-6661", "CVE-2015-7369", "CVE-2015-5714", "CVE-2015-6665"], "modified": "2015-10-26T00:00:00", "id": "SECURITYVULNS:VULN:14750", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14750", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:02", "references": ["https://vulners.com/securityvulns/securityvulns:doc:32510", "https://vulners.com/securityvulns/securityvulns:doc:32597"], "description": "Authentication bypass, information disclosure.", "edition": 1, "reporter": "BUGTRAQ", "published": "2015-10-26T00:00:00", "title": "HP ArcSight Logger security vulnerabilities", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:10:02", "vector": "NONE", "value": 7.5}}, "bulletinFamily": "software", "affectedSoftware": [{"name": "ArcSight Logger", "version": "6.0", "operator": "eq"}], "cvelist": ["CVE-2015-2136", "CVE-2015-6029"], "modified": "2015-10-26T00:00:00", "id": "SECURITYVULNS:VULN:14693", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14693", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-08-31T11:10:02", "references": ["https://vulners.com/securityvulns/securityvulns:doc:32598"], "description": "No description provided", "edition": 1, "reporter": "BUGTRAQ", "published": "2015-10-26T00:00:00", "title": "HP Asset Manager information disclosure", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:10:02", "vector": "NONE", "value": 5.0}}, "bulletinFamily": "software", "affectedSoftware": [{"name": "Asset Manager", "version": "9.50", "operator": "eq"}], "cvelist": ["CVE-2015-5448"], "modified": "2015-10-26T00:00:00", "id": "SECURITYVULNS:VULN:14749", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14749", "cvss": {"score": 2.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}]}
