Skip to content
This repository was archived by the owner on Jun 10, 2025. It is now read-only.

Commit 9cb6aa1

Browse files
cve-teamcve-team
committed
"-Synchronized-Data."
1 parent a2a1dc5 commit 9cb6aa1

15 files changed

+786
-71
lines changed

2017/16xxx/CVE-2017-16629.json

Lines changed: 51 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -2,7 +2,30 @@
22
"CVE_data_meta": {
33
"ASSIGNER": "[email protected]",
44
"ID": "CVE-2017-16629",
5-
"STATE": "RESERVED"
5+
"STATE": "PUBLIC"
6+
},
7+
"affects": {
8+
"vendor": {
9+
"vendor_data": [
10+
{
11+
"product": {
12+
"product_data": [
13+
{
14+
"product_name": "n/a",
15+
"version": {
16+
"version_data": [
17+
{
18+
"version_value": "n/a"
19+
}
20+
]
21+
}
22+
}
23+
]
24+
},
25+
"vendor_name": "n/a"
26+
}
27+
]
28+
}
629
},
730
"data_format": "MITRE",
831
"data_type": "CVE",
@@ -11,7 +34,33 @@
1134
"description_data": [
1235
{
1336
"lang": "eng",
14-
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
37+
"value": "In SapphireIMS 4097_1, it is possible to guess the registered/active usernames of the software from the errors it gives out for each type of user on the Login form. For \"Incorrect User\" - it gives an error \"The application failed to identify the user. Please contact administrator for help.\" For \"Correct User and Incorrect Password\" - it gives an error \"Authentication failed. Please login again.\""
38+
}
39+
]
40+
},
41+
"problemtype": {
42+
"problemtype_data": [
43+
{
44+
"description": [
45+
{
46+
"lang": "eng",
47+
"value": "n/a"
48+
}
49+
]
50+
}
51+
]
52+
},
53+
"references": {
54+
"reference_data": [
55+
{
56+
"refsource": "MISC",
57+
"name": "https://vuln.shellcoder.party/2020/07/18/cve-2017-16629-sapphireims-login-page-information-disclosure/",
58+
"url": "https://vuln.shellcoder.party/2020/07/18/cve-2017-16629-sapphireims-login-page-information-disclosure/"
59+
},
60+
{
61+
"refsource": "MISC",
62+
"name": "https://vuln.shellcoder.party/tags/sapphireims/",
63+
"url": "https://vuln.shellcoder.party/tags/sapphireims/"
1564
}
1665
]
1766
}

2017/16xxx/CVE-2017-16630.json

Lines changed: 51 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -2,7 +2,30 @@
22
"CVE_data_meta": {
33
"ASSIGNER": "[email protected]",
44
"ID": "CVE-2017-16630",
5-
"STATE": "RESERVED"
5+
"STATE": "PUBLIC"
6+
},
7+
"affects": {
8+
"vendor": {
9+
"vendor_data": [
10+
{
11+
"product": {
12+
"product_data": [
13+
{
14+
"product_name": "n/a",
15+
"version": {
16+
"version_data": [
17+
{
18+
"version_value": "n/a"
19+
}
20+
]
21+
}
22+
}
23+
]
24+
},
25+
"vendor_name": "n/a"
26+
}
27+
]
28+
}
629
},
730
"data_format": "MITRE",
831
"data_type": "CVE",
@@ -11,7 +34,33 @@
1134
"description_data": [
1235
{
1336
"lang": "eng",
14-
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
37+
"value": "In SapphireIMS 4097_1, a guest user can create a local administrator account on any system that has SapphireIMS installed, because of an Insecure Direct Object Reference (IDOR) in the local user creation function."
38+
}
39+
]
40+
},
41+
"problemtype": {
42+
"problemtype_data": [
43+
{
44+
"description": [
45+
{
46+
"lang": "eng",
47+
"value": "n/a"
48+
}
49+
]
50+
}
51+
]
52+
},
53+
"references": {
54+
"reference_data": [
55+
{
56+
"refsource": "MISC",
57+
"name": "https://vuln.shellcoder.party/tags/sapphireims/",
58+
"url": "https://vuln.shellcoder.party/tags/sapphireims/"
59+
},
60+
{
61+
"refsource": "MISC",
62+
"name": "https://vuln.shellcoder.party/2020/07/18/cve-2017-16630-sapphireims-idor-based-privilege-elevation/",
63+
"url": "https://vuln.shellcoder.party/2020/07/18/cve-2017-16630-sapphireims-idor-based-privilege-elevation/"
1564
}
1665
]
1766
}

2017/16xxx/CVE-2017-16631.json

Lines changed: 51 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -2,7 +2,30 @@
22
"CVE_data_meta": {
33
"ASSIGNER": "[email protected]",
44
"ID": "CVE-2017-16631",
5-
"STATE": "RESERVED"
5+
"STATE": "PUBLIC"
6+
},
7+
"affects": {
8+
"vendor": {
9+
"vendor_data": [
10+
{
11+
"product": {
12+
"product_data": [
13+
{
14+
"product_name": "n/a",
15+
"version": {
16+
"version_data": [
17+
{
18+
"version_value": "n/a"
19+
}
20+
]
21+
}
22+
}
23+
]
24+
},
25+
"vendor_name": "n/a"
26+
}
27+
]
28+
}
629
},
730
"data_format": "MITRE",
831
"data_type": "CVE",
@@ -11,7 +34,33 @@
1134
"description_data": [
1235
{
1336
"lang": "eng",
14-
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
37+
"value": "In SapphireIMS 4097_1, a guest user is able to change the password of an administrative user by utilizing an Insecure Direct Object Reference (IDOR) in the \"Account Password Reset\" functionality."
38+
}
39+
]
40+
},
41+
"problemtype": {
42+
"problemtype_data": [
43+
{
44+
"description": [
45+
{
46+
"lang": "eng",
47+
"value": "n/a"
48+
}
49+
]
50+
}
51+
]
52+
},
53+
"references": {
54+
"reference_data": [
55+
{
56+
"refsource": "MISC",
57+
"name": "https://vuln.shellcoder.party/tags/sapphireims/",
58+
"url": "https://vuln.shellcoder.party/tags/sapphireims/"
59+
},
60+
{
61+
"refsource": "MISC",
62+
"name": "https://vuln.shellcoder.party/2020/07/18/cve-2017-16631-sapphireims-idor-on-password-reset/",
63+
"url": "https://vuln.shellcoder.party/2020/07/18/cve-2017-16631-sapphireims-idor-on-password-reset/"
1564
}
1665
]
1766
}

2017/16xxx/CVE-2017-16632.json

Lines changed: 51 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -2,7 +2,30 @@
22
"CVE_data_meta": {
33
"ASSIGNER": "[email protected]",
44
"ID": "CVE-2017-16632",
5-
"STATE": "RESERVED"
5+
"STATE": "PUBLIC"
6+
},
7+
"affects": {
8+
"vendor": {
9+
"vendor_data": [
10+
{
11+
"product": {
12+
"product_data": [
13+
{
14+
"product_name": "n/a",
15+
"version": {
16+
"version_data": [
17+
{
18+
"version_value": "n/a"
19+
}
20+
]
21+
}
22+
}
23+
]
24+
},
25+
"vendor_name": "n/a"
26+
}
27+
]
28+
}
629
},
730
"data_format": "MITRE",
831
"data_type": "CVE",
@@ -11,7 +34,33 @@
1134
"description_data": [
1235
{
1336
"lang": "eng",
14-
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
37+
"value": "In SapphireIMS 4097_1, the password in the database is stored in Base64 format."
38+
}
39+
]
40+
},
41+
"problemtype": {
42+
"problemtype_data": [
43+
{
44+
"description": [
45+
{
46+
"lang": "eng",
47+
"value": "n/a"
48+
}
49+
]
50+
}
51+
]
52+
},
53+
"references": {
54+
"reference_data": [
55+
{
56+
"refsource": "MISC",
57+
"name": "https://vuln.shellcoder.party/tags/sapphireims/",
58+
"url": "https://vuln.shellcoder.party/tags/sapphireims/"
59+
},
60+
{
61+
"refsource": "MISC",
62+
"name": "https://vuln.shellcoder.party/2020/07/18/cve-2017-16632-sapphireims-insecure-storage-of-password/",
63+
"url": "https://vuln.shellcoder.party/2020/07/18/cve-2017-16632-sapphireims-insecure-storage-of-password/"
1564
}
1665
]
1766
}

2020/21xxx/CVE-2020-21359.json

Lines changed: 50 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -1,17 +1,61 @@
11
{
2-
"data_type": "CVE",
3-
"data_format": "MITRE",
4-
"data_version": "4.0",
52
"CVE_data_meta": {
6-
"ID": "CVE-2020-21359",
73
"ASSIGNER": "[email protected]",
8-
"STATE": "RESERVED"
4+
"ID": "CVE-2020-21359",
5+
"STATE": "PUBLIC"
96
},
7+
"affects": {
8+
"vendor": {
9+
"vendor_data": [
10+
{
11+
"product": {
12+
"product_data": [
13+
{
14+
"product_name": "n/a",
15+
"version": {
16+
"version_data": [
17+
{
18+
"version_value": "n/a"
19+
}
20+
]
21+
}
22+
}
23+
]
24+
},
25+
"vendor_name": "n/a"
26+
}
27+
]
28+
}
29+
},
30+
"data_format": "MITRE",
31+
"data_type": "CVE",
32+
"data_version": "4.0",
1033
"description": {
1134
"description_data": [
1235
{
1336
"lang": "eng",
14-
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
37+
"value": "An arbitrary file upload vulnerability in the Template Upload function of Maccms10 allows attackers bypass the suffix whitelist verification to execute arbitrary code via adding a character to the end of the uploaded file's name."
38+
}
39+
]
40+
},
41+
"problemtype": {
42+
"problemtype_data": [
43+
{
44+
"description": [
45+
{
46+
"lang": "eng",
47+
"value": "n/a"
48+
}
49+
]
50+
}
51+
]
52+
},
53+
"references": {
54+
"reference_data": [
55+
{
56+
"url": "https://github.com/magicblack/maccms10/issues/80",
57+
"refsource": "MISC",
58+
"name": "https://github.com/magicblack/maccms10/issues/80"
1559
}
1660
]
1761
}

0 commit comments

Comments
 (0)