Vulnerabilites related to SearchBlox - SearchBlox
Vulnerability from fkie_nvd
Published
2015-12-21 11:59
Modified
2024-11-21 02:37
Severity ?
Summary
SearchBlox 8.3 before 8.3.1 allows remote attackers to write to the config file, and consequently cause a denial of service (application crash), via unspecified vectors.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://ics-cert.us-cert.gov/advisories/ICSA-15-337-01 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://ics-cert.us-cert.gov/advisories/ICSA-15-337-01 | Third Party Advisory, US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| searchblox | searchblox | 8.3.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:searchblox:searchblox:8.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6FD1872F-93ED-4702-89C2-970C1C4BE6C2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SearchBlox 8.3 before 8.3.1 allows remote attackers to write to the config file, and consequently cause a denial of service (application crash), via unspecified vectors."
},
{
"lang": "es",
"value": "SearchBlox 8.3 en versiones anteriores a 8.3.1 permite a atacantes remotos escribir al archivo config y consecuentemente provocar una denegaci\u00f3n de servicio (ca\u00edda de la aplicaci\u00f3n) a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2015-7919",
"lastModified": "2024-11-21T02:37:40.180",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.8,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2015-12-21T11:59:11.127",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-337-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-337-01"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-06-01 19:29
Modified
2024-11-21 03:43
Severity ?
Summary
servlet/UserServlet in SearchBlox 8.6.6 has CSRF via the u_name, u_passwd1, u_passwd2, role, and X-XSRF-TOKEN POST parameters because of CSRF Token Bypass.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://packetstormsecurity.com/files/147977/SearchBlox-8.6.6-Cross-Site-Request-Forgery.html | Exploit, Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://gurelahmet.com/cve-2018-11538-csrf-privilege-escalation-creation-of-an-administrator-account-on-searchblox-8-6-6/ | Exploit, Third Party Advisory | |
| cve@mitre.org | https://www.exploit-db.com/exploits/44801/ | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/147977/SearchBlox-8.6.6-Cross-Site-Request-Forgery.html | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://gurelahmet.com/cve-2018-11538-csrf-privilege-escalation-creation-of-an-administrator-account-on-searchblox-8-6-6/ | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.exploit-db.com/exploits/44801/ | Exploit, Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| searchblox | searchblox | 8.6.6 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:searchblox:searchblox:8.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "0653CA1B-EBB0-4285-A1FB-8E1D897DCAA4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "servlet/UserServlet in SearchBlox 8.6.6 has CSRF via the u_name, u_passwd1, u_passwd2, role, and X-XSRF-TOKEN POST parameters because of CSRF Token Bypass."
},
{
"lang": "es",
"value": "servlet/UserServlet en SearchBlox 8.6.6 tiene Cross-Site Request Forgery (CSRF) mediante los par\u00e1metros u_name, u_passwd1, u_passwd2, role y X-XSRF-TOKEN POST debido a la omisi\u00f3n de tokens CSRF."
}
],
"id": "CVE-2018-11538",
"lastModified": "2024-11-21T03:43:34.253",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-06-01T19:29:00.300",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/147977/SearchBlox-8.6.6-Cross-Site-Request-Forgery.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://gurelahmet.com/cve-2018-11538-csrf-privilege-escalation-creation-of-an-administrator-account-on-searchblox-8-6-6/"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/44801/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/147977/SearchBlox-8.6.6-Cross-Site-Request-Forgery.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://gurelahmet.com/cve-2018-11538-csrf-privilege-escalation-creation-of-an-administrator-account-on-searchblox-8-6-6/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/44801/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-04-18 02:00
Modified
2024-11-21 02:24
Severity ?
Summary
Cross-site request forgery (CSRF) vulnerability in SearchBlox before 8.2 allows remote attackers to hijack the authentication of arbitrary users.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cret@cert.org | http://www.kb.cert.org/vuls/id/697316 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.kb.cert.org/vuls/id/697316 | Third Party Advisory, US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| searchblox | searchblox | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:searchblox:searchblox:*:*:*:*:*:*:*:*",
"matchCriteriaId": "56B13318-3C13-414A-AB54-9224F0D0D4D6",
"versionEndIncluding": "8.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in SearchBlox before 8.2 allows remote attackers to hijack the authentication of arbitrary users."
},
{
"lang": "es",
"value": "Vulnerabilidad de CSRF en SearchBlox anterior a 8.2 permite a atacantes remotos secuestrar la autenticaci\u00f3n de usuarios arbitrarios."
}
],
"id": "CVE-2015-0970",
"lastModified": "2024-11-21T02:24:03.367",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2015-04-18T02:00:07.513",
"references": [
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/697316"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/697316"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-04-18 02:00
Modified
2024-11-21 02:24
Severity ?
Summary
SearchBlox before 8.2 allows remote attackers to obtain sensitive information via a pretty=true action to the _cluster/health URI.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cret@cert.org | http://www.kb.cert.org/vuls/id/697316 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.kb.cert.org/vuls/id/697316 | Third Party Advisory, US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| searchblox | searchblox | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:searchblox:searchblox:*:*:*:*:*:*:*:*",
"matchCriteriaId": "56B13318-3C13-414A-AB54-9224F0D0D4D6",
"versionEndIncluding": "8.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SearchBlox before 8.2 allows remote attackers to obtain sensitive information via a pretty=true action to the _cluster/health URI."
},
{
"lang": "es",
"value": "SearchBlox anterior a 8.2 permite a atacantes remotos obtener informaci\u00f3n sensible a trav\u00e9s de una acci\u00f3n pretty=true en la URI _cluster/health."
}
],
"id": "CVE-2015-0969",
"lastModified": "2024-11-21T02:24:03.223",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-04-18T02:00:06.717",
"references": [
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/697316"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/697316"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-09-06 19:15
Modified
2024-11-21 04:54
Severity ?
Summary
SearchBlox before Version 9.1 is vulnerable to business logic bypass where the user is able to create multiple super admin users in the system.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| searchblox | searchblox | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:searchblox:searchblox:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D217B14E-5241-4ECC-BBC9-DE0C1E7845C5",
"versionEndExcluding": "9.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SearchBlox before Version 9.1 is vulnerable to business logic bypass where the user is able to create multiple super admin users in the system."
},
{
"lang": "es",
"value": "SearchBlox antes de la versi\u00f3n 9.1 es vulnerable a la omisi\u00f3n de la l\u00f3gica empresarial donde el usuario puede crear varios usuarios superadministradores en el sistema.\n"
}
],
"id": "CVE-2020-10130",
"lastModified": "2024-11-21T04:54:52.780",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-09-06T19:15:43.847",
"references": [
{
"source": "cret@cert.org",
"tags": [
"Release Notes"
],
"url": "https://developer.searchblox.com/v9.2/changelog/version-91"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://developer.searchblox.com/v9.2/changelog/version-91"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-639"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-09-06 19:15
Modified
2024-11-21 04:54
Severity ?
Summary
SearchBlox before Version 9.1 is vulnerable to cross-origin resource sharing misconfiguration.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| searchblox | searchblox | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:searchblox:searchblox:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D217B14E-5241-4ECC-BBC9-DE0C1E7845C5",
"versionEndExcluding": "9.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SearchBlox before Version 9.1 is vulnerable to cross-origin resource sharing misconfiguration."
},
{
"lang": "es",
"value": "SearchBlox antes de la versi\u00f3n 9.1 es vulnerable a la configuraci\u00f3n incorrecta del uso compartido de recursos entre or\u00edgenes.\n"
}
],
"id": "CVE-2020-10132",
"lastModified": "2024-11-21T04:54:53.010",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-09-06T19:15:43.987",
"references": [
{
"source": "cret@cert.org",
"tags": [
"Release Notes"
],
"url": "https://developer.searchblox.com/v9.2/changelog/version-91"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://developer.searchblox.com/v9.2/changelog/version-91"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-04-18 02:00
Modified
2024-11-21 02:24
Severity ?
Summary
Unrestricted file upload vulnerability in admin/uploadImage.html in SearchBlox before 8.2 allows remote attackers to execute arbitrary code by uploading a file with an executable extension and the image/jpeg content type, a different vulnerability than CVE-2013-3590.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cret@cert.org | http://www.kb.cert.org/vuls/id/697316 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.kb.cert.org/vuls/id/697316 | Third Party Advisory, US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| searchblox | searchblox | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:searchblox:searchblox:*:*:*:*:*:*:*:*",
"matchCriteriaId": "56B13318-3C13-414A-AB54-9224F0D0D4D6",
"versionEndIncluding": "8.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unrestricted file upload vulnerability in admin/uploadImage.html in SearchBlox before 8.2 allows remote attackers to execute arbitrary code by uploading a file with an executable extension and the image/jpeg content type, a different vulnerability than CVE-2013-3590."
},
{
"lang": "es",
"value": "Vulnerabilidad de la subida de ficheros sin restricciones en admin/uploadImage.html en SearchBlox anterior a 8.2 permite a atacantes remotos ejecutar c\u00f3digo arbitrario mediante la subida de un fichero con una extensi\u00f3n ejecutable y el tipo de contenidos image/jpeg, una vulnerabilidad diferente a CVE-2013-3590."
}
],
"evaluatorComment": "\u003ca href=\"http://cwe.mitre.org/data/definitions/434.html\"\u003eCWE-434: Unrestricted Upload of File with Dangerous Type\u003c/a\u003e",
"id": "CVE-2015-0968",
"lastModified": "2024-11-21T02:24:03.107",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-04-18T02:00:05.903",
"references": [
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/697316"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/697316"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-09-06 19:15
Modified
2024-11-21 04:54
Severity ?
Summary
SearchBlox before Version 9.2.1 is vulnerable to CSV macro injection in "Featured Results" parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| searchblox | searchblox | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:searchblox:searchblox:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5D41ADDB-3434-439B-9BE0-A72BE913E22D",
"versionEndExcluding": "9.2.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SearchBlox before Version 9.2.1 is vulnerable to CSV macro injection in \"Featured Results\" parameter."
},
{
"lang": "es",
"value": "SearchBlox antes de la versi\u00f3n 9.2.1 es vulnerable a la inyecci\u00f3n de macros CSV en el par\u00e1metro \"Featured Results\".\n"
}
],
"id": "CVE-2020-10131",
"lastModified": "2024-11-21T04:54:52.903",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-09-06T19:15:43.913",
"references": [
{
"source": "cret@cert.org",
"tags": [
"Release Notes"
],
"url": "https://developer.searchblox.com/v9.2/changelog/version-921"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://developer.searchblox.com/v9.2/changelog/version-921"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-1236"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-08-28 13:09
Modified
2024-11-21 01:53
Severity ?
Summary
Directory traversal vulnerability in servlet/CreateTemplateServlet in SearchBlox before 7.5 build 1 allows remote attackers to overwrite arbitrary files via a .. (dot dot) in the name parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| searchblox | searchblox | * | |
| searchblox | searchblox | 6.2 | |
| searchblox | searchblox | 6.3 | |
| searchblox | searchblox | 6.4 | |
| searchblox | searchblox | 6.4 | |
| searchblox | searchblox | 7.0 | |
| searchblox | searchblox | 7.1 | |
| searchblox | searchblox | 7.2 | |
| searchblox | searchblox | 7.3 | |
| searchblox | searchblox | 7.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:searchblox:searchblox:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9DB33F2D-97DC-49F0-8FDC-CECDDC75D615",
"versionEndIncluding": "7.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:searchblox:searchblox:6.2:build_1:*:*:*:*:*:*",
"matchCriteriaId": "B15DEE8A-A32C-474F-B0D6-5DDFD962419A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:searchblox:searchblox:6.3:build_1:*:*:*:*:*:*",
"matchCriteriaId": "F3E78772-7D6D-4824-BC0F-1B1168781DF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:searchblox:searchblox:6.4:build_1:*:*:*:*:*:*",
"matchCriteriaId": "C79862E7-D02A-4CAE-854C-FA16244111F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:searchblox:searchblox:6.4:build_2:*:*:*:*:*:*",
"matchCriteriaId": "FEC596B5-859F-44DE-8068-C7D8111577C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:searchblox:searchblox:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E7ADDFFC-6373-448A-AC2A-D48821A46C3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:searchblox:searchblox:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9A603908-F326-4F63-8BD6-4D8A140EFC60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:searchblox:searchblox:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E20F4C1A-892B-4B5E-B984-CDE59D025889",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:searchblox:searchblox:7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8DCC2126-6DA4-4838-B049-781215A2EC04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:searchblox:searchblox:7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D6CD5C63-10CA-4A93-8E28-BDAA70C03378",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in servlet/CreateTemplateServlet in SearchBlox before 7.5 build 1 allows remote attackers to overwrite arbitrary files via a .. (dot dot) in the name parameter."
},
{
"lang": "es",
"value": "Directory traversal vulnerability in servlet/CreateTemplateServlet en SearchBlox before 7.5 build 1 permite a atacantes remotos sobreescribir archivos arbitrarios a trav\u00e9s de .. (punto punto) en el par\u00e1metro name."
}
],
"id": "CVE-2013-3598",
"lastModified": "2024-11-21T01:53:57.610",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-08-28T13:09:15.853",
"references": [
{
"source": "cret@cert.org",
"url": "http://buddhalabs.com/Advisories/WebAdvisories.html"
},
{
"source": "cret@cert.org",
"url": "http://osvdb.org/96619"
},
{
"source": "cret@cert.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/592942"
},
{
"source": "cret@cert.org",
"url": "http://www.searchblox.com/developers-2/change-log"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://buddhalabs.com/Advisories/WebAdvisories.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/96619"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/592942"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.searchblox.com/developers-2/change-log"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-06-05 21:29
Modified
2024-11-21 03:43
Severity ?
Summary
XML external entity (XXE) vulnerability in api/rest/status in SearchBlox 8.6.7 allows remote unauthenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://packetstormsecurity.com/files/148032/SearchBlox-8.6.7-XML-External-Entity-Injection.html | Exploit, Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://gurelahmet.com/searchblox-8-6-7-out-of-band-xml-external-entity-oob-xxe-cve-2018-11586/ | Exploit, Third Party Advisory | |
| cve@mitre.org | https://www.exploit-db.com/exploits/44827/ | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/148032/SearchBlox-8.6.7-XML-External-Entity-Injection.html | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://gurelahmet.com/searchblox-8-6-7-out-of-band-xml-external-entity-oob-xxe-cve-2018-11586/ | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.exploit-db.com/exploits/44827/ | Exploit, Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| searchblox | searchblox | 8.6.7 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:searchblox:searchblox:8.6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "C7AD4B7B-8C9F-4070-A391-6FD9D42AF0FC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "XML external entity (XXE) vulnerability in api/rest/status in SearchBlox 8.6.7 allows remote unauthenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request."
},
{
"lang": "es",
"value": "Vulnerabilidad de XEE (XML External Entity) en api/rest/status en SearchBlox 8.6.7 permite que usuarios remotos no autenticados lean archivos arbitrarios o lleven a cabo ataques de SSRF (Server-Side Request Forgery) mediante un DTD manipulado en una petici\u00f3n XML."
}
],
"id": "CVE-2018-11586",
"lastModified": "2024-11-21T03:43:40.030",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-06-05T21:29:00.947",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/148032/SearchBlox-8.6.7-XML-External-Entity-Injection.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://gurelahmet.com/searchblox-8-6-7-out-of-band-xml-external-entity-oob-xxe-cve-2018-11586/"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/44827/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/148032/SearchBlox-8.6.7-XML-External-Entity-Injection.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://gurelahmet.com/searchblox-8-6-7-out-of-band-xml-external-entity-oob-xxe-cve-2018-11586/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/44827/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-611"
},
{
"lang": "en",
"value": "CWE-918"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-04-18 02:00
Modified
2024-11-21 02:24
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in SearchBlox before 8.2 allow remote attackers to inject arbitrary web script or HTML via (1) the search field in plugin/index.html or (2) the title field in the Create Featured Result form in admin/main.jsp.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cret@cert.org | http://www.kb.cert.org/vuls/id/697316 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.kb.cert.org/vuls/id/697316 | Third Party Advisory, US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| searchblox | searchblox | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:searchblox:searchblox:*:*:*:*:*:*:*:*",
"matchCriteriaId": "56B13318-3C13-414A-AB54-9224F0D0D4D6",
"versionEndIncluding": "8.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in SearchBlox before 8.2 allow remote attackers to inject arbitrary web script or HTML via (1) the search field in plugin/index.html or (2) the title field in the Create Featured Result form in admin/main.jsp."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de XSS en SearchBlox anterior a 8.2 permiten a atacantes remotos inyectar secuencias de comandos web arbitrarios o HTML a trav\u00e9s del campo(1) search en plugin/index.html o (2) title en el formulario Create Featured Result en admin/main.jsp."
}
],
"id": "CVE-2015-0967",
"lastModified": "2024-11-21T02:24:02.987",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2015-04-18T02:00:04.687",
"references": [
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/697316"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/697316"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-06-18 18:59
Modified
2024-11-21 02:29
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in SearchBlox before 8.2.1 allows remote attackers to inject arbitrary web script or HTML via the menu2 parameter to admin/main.jsp.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| searchblox | searchblox | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:searchblox:searchblox:*:*:*:*:*:*:*:*",
"matchCriteriaId": "87106C9F-FC68-4A7F-82E6-823C4692F946",
"versionEndIncluding": "8.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in SearchBlox before 8.2.1 allows remote attackers to inject arbitrary web script or HTML via the menu2 parameter to admin/main.jsp."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en SearchBlox anterior a 8.2.1 permite a atacantes remotos inyectar secuencias de comandos web arbitrarios o HTML a trav\u00e9s del par\u00e1metro menu2 en admin/main.jsp."
}
],
"id": "CVE-2015-3422",
"lastModified": "2024-11-21T02:29:24.030",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2015-06-18T18:59:00.100",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.com/files/132341/SearchBlox-8.2-Cross-Site-Scripting.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/535780/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/75263"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "https://www.htbridge.com/advisory/HTB23256"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.com/files/132341/SearchBlox-8.2-Cross-Site-Scripting.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/535780/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/75263"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "https://www.htbridge.com/advisory/HTB23256"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-08-28 13:09
Modified
2024-11-21 01:53
Severity ?
Summary
servlet/CollectionListServlet in SearchBlox before 7.5 build 1 allows remote attackers to read usernames and passwords via a getList action.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| searchblox | searchblox | * | |
| searchblox | searchblox | 6.2 | |
| searchblox | searchblox | 6.3 | |
| searchblox | searchblox | 6.4 | |
| searchblox | searchblox | 6.4 | |
| searchblox | searchblox | 7.0 | |
| searchblox | searchblox | 7.1 | |
| searchblox | searchblox | 7.2 | |
| searchblox | searchblox | 7.3 | |
| searchblox | searchblox | 7.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:searchblox:searchblox:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9DB33F2D-97DC-49F0-8FDC-CECDDC75D615",
"versionEndIncluding": "7.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:searchblox:searchblox:6.2:build_1:*:*:*:*:*:*",
"matchCriteriaId": "B15DEE8A-A32C-474F-B0D6-5DDFD962419A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:searchblox:searchblox:6.3:build_1:*:*:*:*:*:*",
"matchCriteriaId": "F3E78772-7D6D-4824-BC0F-1B1168781DF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:searchblox:searchblox:6.4:build_1:*:*:*:*:*:*",
"matchCriteriaId": "C79862E7-D02A-4CAE-854C-FA16244111F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:searchblox:searchblox:6.4:build_2:*:*:*:*:*:*",
"matchCriteriaId": "FEC596B5-859F-44DE-8068-C7D8111577C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:searchblox:searchblox:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E7ADDFFC-6373-448A-AC2A-D48821A46C3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:searchblox:searchblox:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9A603908-F326-4F63-8BD6-4D8A140EFC60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:searchblox:searchblox:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E20F4C1A-892B-4B5E-B984-CDE59D025889",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:searchblox:searchblox:7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8DCC2126-6DA4-4838-B049-781215A2EC04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:searchblox:searchblox:7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D6CD5C63-10CA-4A93-8E28-BDAA70C03378",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "servlet/CollectionListServlet in SearchBlox before 7.5 build 1 allows remote attackers to read usernames and passwords via a getList action."
},
{
"lang": "es",
"value": "servlet/CollectionListServlet en SearchBlox anterior a v7.5 build 1 permite a atacantes remotos leer los nombres de usuario y contrase\u00f1as a trav\u00e9s de una acci\u00f3n GetList."
}
],
"id": "CVE-2013-3597",
"lastModified": "2024-11-21T01:53:57.470",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-08-28T13:09:15.847",
"references": [
{
"source": "cret@cert.org",
"url": "http://buddhalabs.com/Advisories/WebAdvisories.html"
},
{
"source": "cret@cert.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/592942"
},
{
"source": "cret@cert.org",
"url": "http://www.searchblox.com/developers-2/change-log"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://buddhalabs.com/Advisories/WebAdvisories.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/592942"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.searchblox.com/developers-2/change-log"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-05-20 16:15
Modified
2024-11-21 05:27
Severity ?
Summary
A local file inclusion vulnerability in the FileServlet in all SearchBlox before 9.2.2 allows remote, unauthenticated users to read arbitrary files from the operating system via a /searchblox/servlet/FileServlet?col=url= request. Additionally, this may be used to read the contents of the SearchBlox configuration file (e.g., searchblox/WEB-INF/config.xml), which contains both the Super Admin's API key and the base64 encoded SHA1 password hashes of other SearchBlox users.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://developer.searchblox.com/docs/getting-started-with-searchblox | Vendor Advisory | |
| cve@mitre.org | https://hateshape.github.io/general/2021/05/11/CVE-2020-35580.html | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://developer.searchblox.com/docs/getting-started-with-searchblox | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://hateshape.github.io/general/2021/05/11/CVE-2020-35580.html | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| searchblox | searchblox | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:searchblox:searchblox:*:*:*:*:*:*:*:*",
"matchCriteriaId": "11B98254-024C-47C6-AFC4-6D60EB92EABB",
"versionEndExcluding": "9.2.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A local file inclusion vulnerability in the FileServlet in all SearchBlox before 9.2.2 allows remote, unauthenticated users to read arbitrary files from the operating system via a /searchblox/servlet/FileServlet?col=url= request. Additionally, this may be used to read the contents of the SearchBlox configuration file (e.g., searchblox/WEB-INF/config.xml), which contains both the Super Admin\u0027s API key and the base64 encoded SHA1 password hashes of other SearchBlox users."
},
{
"lang": "es",
"value": "Una vulnerabilidad de inclusi\u00f3n de archivos locales en FileServlet en todos los SearchBlox versiones anteriores a 9.2.2, permite a usuarios remotos no autenticados leer archivos arbitrarios del sistema operativo por medio de una petici\u00f3n en la ruta /searchblox/servlet/FileServlet?col=url= .\u0026#xa0;Adicionalmente, esto puede ser usada para leer el contenido del archivo de configuraci\u00f3n de SearchBlox (por ejemplo, el archivo searchblox/WEB-INF/config.xml), que contiene tanto la clave API del Super Admin como los hashes de contrase\u00f1a SHA1 codificados en base64 de otros usuarios de SearchBlox"
}
],
"id": "CVE-2020-35580",
"lastModified": "2024-11-21T05:27:37.903",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-05-20T16:15:07.893",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://developer.searchblox.com/docs/getting-started-with-searchblox"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://hateshape.github.io/general/2021/05/11/CVE-2020-35580.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://developer.searchblox.com/docs/getting-started-with-searchblox"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://hateshape.github.io/general/2021/05/11/CVE-2020-35580.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-09-05 20:15
Modified
2024-11-21 04:54
Severity ?
Summary
SearchBlox product with version before 9.2.1 is vulnerable to stored cross-site scripting at multiple user input parameters. In SearchBlox products multiple parameters are not sanitized/validate properly which allows an attacker to inject malicious JavaScript.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| searchblox | searchblox | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:searchblox:searchblox:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5D41ADDB-3434-439B-9BE0-A72BE913E22D",
"versionEndExcluding": "9.2.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SearchBlox product with version before 9.2.1 is vulnerable to stored cross-site scripting at multiple user input parameters. In SearchBlox products multiple parameters are not sanitized/validate properly which allows an attacker to inject malicious JavaScript."
},
{
"lang": "es",
"value": "El producto SearchBlox con versi\u00f3n anterior a la 9.2.1 es vulnerable a Cross-Site Scripting almacenado en m\u00faltiples par\u00e1metros de entrada del usuario. En los productos SearchBlox, varios par\u00e1metros no se sanitizan/validan correctamente, lo que permite a un atacante inyectar JavaScript malicioso. "
}
],
"id": "CVE-2020-10128",
"lastModified": "2024-11-21T04:54:52.527",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-09-05T20:15:07.543",
"references": [
{
"source": "cret@cert.org",
"tags": [
"Release Notes"
],
"url": "https://developer.searchblox.com/v9.2/changelog/version-921"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://developer.searchblox.com/v9.2/changelog/version-921"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-09-06 19:15
Modified
2024-11-21 04:54
Severity ?
Summary
SearchBlox before Version 9.2.1 is vulnerable to Privileged Escalation-Lower user is able to access Admin functionality.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| searchblox | searchblox | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:searchblox:searchblox:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5D41ADDB-3434-439B-9BE0-A72BE913E22D",
"versionEndExcluding": "9.2.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SearchBlox before Version 9.2.1 is vulnerable to Privileged Escalation-Lower user is able to access Admin functionality."
},
{
"lang": "es",
"value": "SearchBlox antes de la versi\u00f3n 9.2.1 es vulnerable a la escalada de privilegios: el usuario sin privilegios puede acceder a la funcionalidad de Administraci\u00f3n.\n"
}
],
"id": "CVE-2020-10129",
"lastModified": "2024-11-21T04:54:52.653",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-09-06T19:15:43.727",
"references": [
{
"source": "cret@cert.org",
"tags": [
"Release Notes"
],
"url": "https://developer.searchblox.com/v9.2/changelog/version-91"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://developer.searchblox.com/v9.2/changelog/version-91"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-269"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-08-28 13:09
Modified
2024-11-21 01:53
Severity ?
Summary
Unrestricted file upload vulnerability in admin/uploadImage.html in SearchBlox before 7.5 build 1 allows remote attackers to execute arbitrary code by uploading an executable file with the image/jpeg content type, and then accessing this file via unspecified vectors, as demonstrated by access to a JSP file.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| searchblox | searchblox | * | |
| searchblox | searchblox | 6.2 | |
| searchblox | searchblox | 6.3 | |
| searchblox | searchblox | 6.4 | |
| searchblox | searchblox | 6.4 | |
| searchblox | searchblox | 7.0 | |
| searchblox | searchblox | 7.1 | |
| searchblox | searchblox | 7.2 | |
| searchblox | searchblox | 7.3 | |
| searchblox | searchblox | 7.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:searchblox:searchblox:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9DB33F2D-97DC-49F0-8FDC-CECDDC75D615",
"versionEndIncluding": "7.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:searchblox:searchblox:6.2:build_1:*:*:*:*:*:*",
"matchCriteriaId": "B15DEE8A-A32C-474F-B0D6-5DDFD962419A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:searchblox:searchblox:6.3:build_1:*:*:*:*:*:*",
"matchCriteriaId": "F3E78772-7D6D-4824-BC0F-1B1168781DF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:searchblox:searchblox:6.4:build_1:*:*:*:*:*:*",
"matchCriteriaId": "C79862E7-D02A-4CAE-854C-FA16244111F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:searchblox:searchblox:6.4:build_2:*:*:*:*:*:*",
"matchCriteriaId": "FEC596B5-859F-44DE-8068-C7D8111577C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:searchblox:searchblox:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E7ADDFFC-6373-448A-AC2A-D48821A46C3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:searchblox:searchblox:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9A603908-F326-4F63-8BD6-4D8A140EFC60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:searchblox:searchblox:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E20F4C1A-892B-4B5E-B984-CDE59D025889",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:searchblox:searchblox:7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8DCC2126-6DA4-4838-B049-781215A2EC04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:searchblox:searchblox:7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D6CD5C63-10CA-4A93-8E28-BDAA70C03378",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unrestricted file upload vulnerability in admin/uploadImage.html in SearchBlox before 7.5 build 1 allows remote attackers to execute arbitrary code by uploading an executable file with the image/jpeg content type, and then accessing this file via unspecified vectors, as demonstrated by access to a JSP file."
},
{
"lang": "es",
"value": "Una vulnerabilidad de subida de archivos sin restricciones en admin/uploadImage.html en SearchBlox anterior a v7.5 build 1 permite a atacantes remotos ejecutar c\u00f3digo arbitrario mediante la carga de un archivo ejecutable con el tipo de contenido image/jpeg, y luego tener acceso a este archivo a trav\u00e9s de vectores no especificados, como se demuestra por el acceso a un archivo JSP."
}
],
"evaluatorComment": "Per: http://cwe.mitre.org/data/definitions/434.html\n\n\u0027CWE-434: Unrestricted Upload of File with Dangerous Type\u0027",
"id": "CVE-2013-3590",
"lastModified": "2024-11-21T01:53:56.703",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-08-28T13:09:15.837",
"references": [
{
"source": "cret@cert.org",
"url": "http://buddhalabs.com/Advisories/WebAdvisories.html"
},
{
"source": "cret@cert.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/592942"
},
{
"source": "cret@cert.org",
"url": "http://www.searchblox.com/developers-2/change-log"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://buddhalabs.com/Advisories/WebAdvisories.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/592942"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.searchblox.com/developers-2/change-log"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2015-0968
Vulnerability from cvelistv5
Published
2015-04-18 01:00
Modified
2024-08-06 04:26
Severity ?
EPSS score ?
Summary
Unrestricted file upload vulnerability in admin/uploadImage.html in SearchBlox before 8.2 allows remote attackers to execute arbitrary code by uploading a file with an executable extension and the image/jpeg content type, a different vulnerability than CVE-2013-3590.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.kb.cert.org/vuls/id/697316 | third-party-advisory, x_refsource_CERT-VN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:26:11.448Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#697316",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/697316"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-04-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unrestricted file upload vulnerability in admin/uploadImage.html in SearchBlox before 8.2 allows remote attackers to execute arbitrary code by uploading a file with an executable extension and the image/jpeg content type, a different vulnerability than CVE-2013-3590."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-04-18T01:57:00",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "VU#697316",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/697316"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2015-0968",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unrestricted file upload vulnerability in admin/uploadImage.html in SearchBlox before 8.2 allows remote attackers to execute arbitrary code by uploading a file with an executable extension and the image/jpeg content type, a different vulnerability than CVE-2013-3590."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#697316",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/697316"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2015-0968",
"datePublished": "2015-04-18T01:00:00",
"dateReserved": "2015-01-10T00:00:00",
"dateUpdated": "2024-08-06T04:26:11.448Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-10132
Vulnerability from cvelistv5
Published
2023-09-06 18:47
Modified
2024-09-26 16:05
Severity ?
EPSS score ?
Summary
SearchBlox before Version 9.1 is vulnerable to cross-origin resource sharing misconfiguration.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SearchBlox | SearchBlox |
Version: 9.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:50:57.884Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://developer.searchblox.com/v9.2/changelog/version-91"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-10132",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-26T16:02:55.114633Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-26T16:05:32.240Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "SearchBlox",
"vendor": "SearchBlox",
"versions": [
{
"status": "affected",
"version": "9.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SearchBlox before Version 9.1 is vulnerable to cross-origin resource sharing misconfiguration."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-06T18:47:39.734Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"url": "https://developer.searchblox.com/v9.2/changelog/version-91"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "CVE-2020-10132",
"x_generator": {
"engine": "VINCE 2.1.4",
"env": "prod",
"origin": "https://cveawg.mitre.org/api/cve/CVE-2020-10132"
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2020-10132",
"datePublished": "2023-09-06T18:47:39.734Z",
"dateReserved": "2020-03-05T00:00:00.000Z",
"dateUpdated": "2024-09-26T16:05:32.240Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-3598
Vulnerability from cvelistv5
Published
2013-08-28 01:00
Modified
2024-08-06 16:14
Severity ?
EPSS score ?
Summary
Directory traversal vulnerability in servlet/CreateTemplateServlet in SearchBlox before 7.5 build 1 allows remote attackers to overwrite arbitrary files via a .. (dot dot) in the name parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.kb.cert.org/vuls/id/592942 | third-party-advisory, x_refsource_CERT-VN | |
| http://osvdb.org/96619 | vdb-entry, x_refsource_OSVDB | |
| http://buddhalabs.com/Advisories/WebAdvisories.html | x_refsource_MISC | |
| http://www.searchblox.com/developers-2/change-log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:14:56.558Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#592942",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/592942"
},
{
"name": "96619",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/96619"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://buddhalabs.com/Advisories/WebAdvisories.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.searchblox.com/developers-2/change-log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-08-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in servlet/CreateTemplateServlet in SearchBlox before 7.5 build 1 allows remote attackers to overwrite arbitrary files via a .. (dot dot) in the name parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-09-11T09:00:00",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "VU#592942",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/592942"
},
{
"name": "96619",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/96619"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://buddhalabs.com/Advisories/WebAdvisories.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.searchblox.com/developers-2/change-log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2013-3598",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in servlet/CreateTemplateServlet in SearchBlox before 7.5 build 1 allows remote attackers to overwrite arbitrary files via a .. (dot dot) in the name parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#592942",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/592942"
},
{
"name": "96619",
"refsource": "OSVDB",
"url": "http://osvdb.org/96619"
},
{
"name": "http://buddhalabs.com/Advisories/WebAdvisories.html",
"refsource": "MISC",
"url": "http://buddhalabs.com/Advisories/WebAdvisories.html"
},
{
"name": "http://www.searchblox.com/developers-2/change-log",
"refsource": "CONFIRM",
"url": "http://www.searchblox.com/developers-2/change-log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2013-3598",
"datePublished": "2013-08-28T01:00:00",
"dateReserved": "2013-05-21T00:00:00",
"dateUpdated": "2024-08-06T16:14:56.558Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-10130
Vulnerability from cvelistv5
Published
2023-09-06 18:47
Modified
2024-09-26 17:52
Severity ?
EPSS score ?
Summary
SearchBlox before Version 9.1 is vulnerable to business logic bypass where the user is able to create multiple super admin users in the system.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SearchBlox | SearchBlox |
Version: 9.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:50:57.873Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://developer.searchblox.com/v9.2/changelog/version-91"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-10130",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-26T17:51:24.468881Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-26T17:52:14.536Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "SearchBlox",
"vendor": "SearchBlox",
"versions": [
{
"status": "affected",
"version": "9.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SearchBlox before Version 9.1 is vulnerable to business logic bypass where the user is able to create multiple super admin users in the system."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-639 Authorization Bypass Through User-Controlled Key",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-06T18:47:21.110Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"url": "https://developer.searchblox.com/v9.2/changelog/version-91"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "CVE-2020-10130",
"x_generator": {
"engine": "VINCE 2.1.4",
"env": "prod",
"origin": "https://cveawg.mitre.org/api/cve/CVE-2020-10130"
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2020-10130",
"datePublished": "2023-09-06T18:47:21.110Z",
"dateReserved": "2020-03-05T00:00:00.000Z",
"dateUpdated": "2024-09-26T17:52:14.536Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-7919
Vulnerability from cvelistv5
Published
2015-12-21 11:00
Modified
2024-08-06 08:06
Severity ?
EPSS score ?
Summary
SearchBlox 8.3 before 8.3.1 allows remote attackers to write to the config file, and consequently cause a denial of service (application crash), via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://ics-cert.us-cert.gov/advisories/ICSA-15-337-01 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T08:06:30.894Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-337-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-12-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SearchBlox 8.3 before 8.3.1 allows remote attackers to write to the config file, and consequently cause a denial of service (application crash), via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-12-21T08:57:01",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-337-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2015-7919",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SearchBlox 8.3 before 8.3.1 allows remote attackers to write to the config file, and consequently cause a denial of service (application crash), via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-15-337-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-337-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2015-7919",
"datePublished": "2015-12-21T11:00:00",
"dateReserved": "2015-10-22T00:00:00",
"dateUpdated": "2024-08-06T08:06:30.894Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-3422
Vulnerability from cvelistv5
Published
2015-06-18 18:00
Modified
2024-08-06 05:47
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in SearchBlox before 8.2.1 allows remote attackers to inject arbitrary web script or HTML via the menu2 parameter to admin/main.jsp.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/archive/1/535780/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/75263 | vdb-entry, x_refsource_BID | |
| http://packetstormsecurity.com/files/132341/SearchBlox-8.2-Cross-Site-Scripting.html | x_refsource_MISC | |
| https://www.htbridge.com/advisory/HTB23256 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:47:57.719Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20150617 Reflected Cross-Site Scripting (XSS) in SearchBlox",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/535780/100/0/threaded"
},
{
"name": "75263",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/75263"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/132341/SearchBlox-8.2-Cross-Site-Scripting.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.htbridge.com/advisory/HTB23256"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-06-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in SearchBlox before 8.2.1 allows remote attackers to inject arbitrary web script or HTML via the menu2 parameter to admin/main.jsp."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20150617 Reflected Cross-Site Scripting (XSS) in SearchBlox",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/535780/100/0/threaded"
},
{
"name": "75263",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/75263"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/132341/SearchBlox-8.2-Cross-Site-Scripting.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.htbridge.com/advisory/HTB23256"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-3422",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in SearchBlox before 8.2.1 allows remote attackers to inject arbitrary web script or HTML via the menu2 parameter to admin/main.jsp."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20150617 Reflected Cross-Site Scripting (XSS) in SearchBlox",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/535780/100/0/threaded"
},
{
"name": "75263",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/75263"
},
{
"name": "http://packetstormsecurity.com/files/132341/SearchBlox-8.2-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/132341/SearchBlox-8.2-Cross-Site-Scripting.html"
},
{
"name": "https://www.htbridge.com/advisory/HTB23256",
"refsource": "MISC",
"url": "https://www.htbridge.com/advisory/HTB23256"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-3422",
"datePublished": "2015-06-18T18:00:00",
"dateReserved": "2015-04-27T00:00:00",
"dateUpdated": "2024-08-06T05:47:57.719Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-11538
Vulnerability from cvelistv5
Published
2018-06-01 19:00
Modified
2024-08-05 08:10
Severity ?
EPSS score ?
Summary
servlet/UserServlet in SearchBlox 8.6.6 has CSRF via the u_name, u_passwd1, u_passwd2, role, and X-XSRF-TOKEN POST parameters because of CSRF Token Bypass.
References
| ▼ | URL | Tags |
|---|---|---|
| https://gurelahmet.com/cve-2018-11538-csrf-privilege-escalation-creation-of-an-administrator-account-on-searchblox-8-6-6/ | x_refsource_MISC | |
| https://www.exploit-db.com/exploits/44801/ | exploit, x_refsource_EXPLOIT-DB | |
| http://packetstormsecurity.com/files/147977/SearchBlox-8.6.6-Cross-Site-Request-Forgery.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T08:10:14.887Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gurelahmet.com/cve-2018-11538-csrf-privilege-escalation-creation-of-an-administrator-account-on-searchblox-8-6-6/"
},
{
"name": "44801",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/44801/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/147977/SearchBlox-8.6.6-Cross-Site-Request-Forgery.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-05-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "servlet/UserServlet in SearchBlox 8.6.6 has CSRF via the u_name, u_passwd1, u_passwd2, role, and X-XSRF-TOKEN POST parameters because of CSRF Token Bypass."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-06-01T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gurelahmet.com/cve-2018-11538-csrf-privilege-escalation-creation-of-an-administrator-account-on-searchblox-8-6-6/"
},
{
"name": "44801",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/44801/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/147977/SearchBlox-8.6.6-Cross-Site-Request-Forgery.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-11538",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "servlet/UserServlet in SearchBlox 8.6.6 has CSRF via the u_name, u_passwd1, u_passwd2, role, and X-XSRF-TOKEN POST parameters because of CSRF Token Bypass."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gurelahmet.com/cve-2018-11538-csrf-privilege-escalation-creation-of-an-administrator-account-on-searchblox-8-6-6/",
"refsource": "MISC",
"url": "https://gurelahmet.com/cve-2018-11538-csrf-privilege-escalation-creation-of-an-administrator-account-on-searchblox-8-6-6/"
},
{
"name": "44801",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/44801/"
},
{
"name": "http://packetstormsecurity.com/files/147977/SearchBlox-8.6.6-Cross-Site-Request-Forgery.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/147977/SearchBlox-8.6.6-Cross-Site-Request-Forgery.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-11538",
"datePublished": "2018-06-01T19:00:00",
"dateReserved": "2018-05-29T00:00:00",
"dateUpdated": "2024-08-05T08:10:14.887Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-35580
Vulnerability from cvelistv5
Published
2021-05-20 15:25
Modified
2024-08-04 17:09
Severity ?
EPSS score ?
Summary
A local file inclusion vulnerability in the FileServlet in all SearchBlox before 9.2.2 allows remote, unauthenticated users to read arbitrary files from the operating system via a /searchblox/servlet/FileServlet?col=url= request. Additionally, this may be used to read the contents of the SearchBlox configuration file (e.g., searchblox/WEB-INF/config.xml), which contains both the Super Admin's API key and the base64 encoded SHA1 password hashes of other SearchBlox users.
References
| ▼ | URL | Tags |
|---|---|---|
| https://developer.searchblox.com/docs/getting-started-with-searchblox | x_refsource_MISC | |
| https://hateshape.github.io/general/2021/05/11/CVE-2020-35580.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:09:14.460Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://developer.searchblox.com/docs/getting-started-with-searchblox"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://hateshape.github.io/general/2021/05/11/CVE-2020-35580.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A local file inclusion vulnerability in the FileServlet in all SearchBlox before 9.2.2 allows remote, unauthenticated users to read arbitrary files from the operating system via a /searchblox/servlet/FileServlet?col=url= request. Additionally, this may be used to read the contents of the SearchBlox configuration file (e.g., searchblox/WEB-INF/config.xml), which contains both the Super Admin\u0027s API key and the base64 encoded SHA1 password hashes of other SearchBlox users."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-20T15:25:59",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://developer.searchblox.com/docs/getting-started-with-searchblox"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://hateshape.github.io/general/2021/05/11/CVE-2020-35580.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-35580",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A local file inclusion vulnerability in the FileServlet in all SearchBlox before 9.2.2 allows remote, unauthenticated users to read arbitrary files from the operating system via a /searchblox/servlet/FileServlet?col=url= request. Additionally, this may be used to read the contents of the SearchBlox configuration file (e.g., searchblox/WEB-INF/config.xml), which contains both the Super Admin\u0027s API key and the base64 encoded SHA1 password hashes of other SearchBlox users."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://developer.searchblox.com/docs/getting-started-with-searchblox",
"refsource": "MISC",
"url": "https://developer.searchblox.com/docs/getting-started-with-searchblox"
},
{
"name": "https://hateshape.github.io/general/2021/05/11/CVE-2020-35580.html",
"refsource": "MISC",
"url": "https://hateshape.github.io/general/2021/05/11/CVE-2020-35580.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-35580",
"datePublished": "2021-05-20T15:25:59",
"dateReserved": "2020-12-20T00:00:00",
"dateUpdated": "2024-08-04T17:09:14.460Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-3597
Vulnerability from cvelistv5
Published
2013-08-28 01:00
Modified
2024-09-16 18:14
Severity ?
EPSS score ?
Summary
servlet/CollectionListServlet in SearchBlox before 7.5 build 1 allows remote attackers to read usernames and passwords via a getList action.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.kb.cert.org/vuls/id/592942 | third-party-advisory, x_refsource_CERT-VN | |
| http://buddhalabs.com/Advisories/WebAdvisories.html | x_refsource_MISC | |
| http://www.searchblox.com/developers-2/change-log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:14:56.543Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#592942",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/592942"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://buddhalabs.com/Advisories/WebAdvisories.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.searchblox.com/developers-2/change-log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "servlet/CollectionListServlet in SearchBlox before 7.5 build 1 allows remote attackers to read usernames and passwords via a getList action."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-08-28T01:00:00Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "VU#592942",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/592942"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://buddhalabs.com/Advisories/WebAdvisories.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.searchblox.com/developers-2/change-log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2013-3597",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "servlet/CollectionListServlet in SearchBlox before 7.5 build 1 allows remote attackers to read usernames and passwords via a getList action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#592942",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/592942"
},
{
"name": "http://buddhalabs.com/Advisories/WebAdvisories.html",
"refsource": "MISC",
"url": "http://buddhalabs.com/Advisories/WebAdvisories.html"
},
{
"name": "http://www.searchblox.com/developers-2/change-log",
"refsource": "CONFIRM",
"url": "http://www.searchblox.com/developers-2/change-log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2013-3597",
"datePublished": "2013-08-28T01:00:00Z",
"dateReserved": "2013-05-21T00:00:00Z",
"dateUpdated": "2024-09-16T18:14:16.039Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-10129
Vulnerability from cvelistv5
Published
2023-09-06 18:44
Modified
2024-09-26 17:54
Severity ?
EPSS score ?
Summary
SearchBlox before Version 9.2.1 is vulnerable to Privileged Escalation-Lower user is able to access Admin functionality.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SearchBlox | SearchBlox |
Version: 9.2.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:50:57.840Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://developer.searchblox.com/v9.2/changelog/version-91"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-10129",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-26T17:53:43.483052Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-26T17:54:24.228Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "SearchBlox",
"vendor": "SearchBlox",
"versions": [
{
"status": "affected",
"version": "9.2.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SearchBlox before Version 9.2.1 is vulnerable to Privileged Escalation-Lower user is able to access Admin functionality."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-266 Incorrect Privilege Assignment",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-06T18:44:27.908Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"url": "https://developer.searchblox.com/v9.2/changelog/version-91"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "CVE-2020-10129",
"x_generator": {
"engine": "VINCE 2.1.4",
"env": "prod",
"origin": "https://cveawg.mitre.org/api/cve/CVE-2020-10129"
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2020-10129",
"datePublished": "2023-09-06T18:44:27.908Z",
"dateReserved": "2020-03-05T00:00:00.000Z",
"dateUpdated": "2024-09-26T17:54:24.228Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-3590
Vulnerability from cvelistv5
Published
2013-08-28 01:00
Modified
2024-09-16 22:14
Severity ?
EPSS score ?
Summary
Unrestricted file upload vulnerability in admin/uploadImage.html in SearchBlox before 7.5 build 1 allows remote attackers to execute arbitrary code by uploading an executable file with the image/jpeg content type, and then accessing this file via unspecified vectors, as demonstrated by access to a JSP file.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.kb.cert.org/vuls/id/592942 | third-party-advisory, x_refsource_CERT-VN | |
| http://buddhalabs.com/Advisories/WebAdvisories.html | x_refsource_MISC | |
| http://www.searchblox.com/developers-2/change-log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:14:56.550Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#592942",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/592942"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://buddhalabs.com/Advisories/WebAdvisories.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.searchblox.com/developers-2/change-log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Unrestricted file upload vulnerability in admin/uploadImage.html in SearchBlox before 7.5 build 1 allows remote attackers to execute arbitrary code by uploading an executable file with the image/jpeg content type, and then accessing this file via unspecified vectors, as demonstrated by access to a JSP file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-08-28T01:00:00Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "VU#592942",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/592942"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://buddhalabs.com/Advisories/WebAdvisories.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.searchblox.com/developers-2/change-log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2013-3590",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unrestricted file upload vulnerability in admin/uploadImage.html in SearchBlox before 7.5 build 1 allows remote attackers to execute arbitrary code by uploading an executable file with the image/jpeg content type, and then accessing this file via unspecified vectors, as demonstrated by access to a JSP file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#592942",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/592942"
},
{
"name": "http://buddhalabs.com/Advisories/WebAdvisories.html",
"refsource": "MISC",
"url": "http://buddhalabs.com/Advisories/WebAdvisories.html"
},
{
"name": "http://www.searchblox.com/developers-2/change-log",
"refsource": "CONFIRM",
"url": "http://www.searchblox.com/developers-2/change-log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2013-3590",
"datePublished": "2013-08-28T01:00:00Z",
"dateReserved": "2013-05-21T00:00:00Z",
"dateUpdated": "2024-09-16T22:14:17.436Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-0967
Vulnerability from cvelistv5
Published
2015-04-18 01:00
Modified
2024-08-06 04:26
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in SearchBlox before 8.2 allow remote attackers to inject arbitrary web script or HTML via (1) the search field in plugin/index.html or (2) the title field in the Create Featured Result form in admin/main.jsp.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.kb.cert.org/vuls/id/697316 | third-party-advisory, x_refsource_CERT-VN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:26:11.581Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#697316",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/697316"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-04-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in SearchBlox before 8.2 allow remote attackers to inject arbitrary web script or HTML via (1) the search field in plugin/index.html or (2) the title field in the Create Featured Result form in admin/main.jsp."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-04-18T01:57:00",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "VU#697316",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/697316"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2015-0967",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in SearchBlox before 8.2 allow remote attackers to inject arbitrary web script or HTML via (1) the search field in plugin/index.html or (2) the title field in the Create Featured Result form in admin/main.jsp."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#697316",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/697316"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2015-0967",
"datePublished": "2015-04-18T01:00:00",
"dateReserved": "2015-01-10T00:00:00",
"dateUpdated": "2024-08-06T04:26:11.581Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-10128
Vulnerability from cvelistv5
Published
2023-09-05 19:13
Modified
2024-09-30 16:53
Severity ?
EPSS score ?
Summary
SearchBlox product with version before 9.2.1 is vulnerable to stored cross-site scripting at multiple user input parameters. In SearchBlox products multiple parameters are not sanitized/validate properly which allows an attacker to inject malicious JavaScript.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SearchBlox | SearchBlox |
Version: 0 < 9.2.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:50:57.861Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://developer.searchblox.com/v9.2/changelog/version-921"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-10128",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-30T16:53:05.387353Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-30T16:53:25.905Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "SearchBlox",
"vendor": "SearchBlox",
"versions": [
{
"lessThan": "9.2.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SearchBlox product with version before 9.2.1 is vulnerable to stored cross-site scripting at multiple user input parameters. In SearchBlox products multiple parameters are not sanitized/validate properly which allows an attacker to inject malicious JavaScript."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-05T19:41:36.223Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"url": "https://developer.searchblox.com/v9.2/changelog/version-921"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "SearchBlox product before V-9.2.1 is vulnerable to Stored-Cross Site Scripting",
"x_generator": {
"engine": "VINCE 2.1.4",
"env": "prod",
"origin": "https://cveawg.mitre.org/api/cve/CVE-2020-10128"
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2020-10128",
"datePublished": "2023-09-05T19:13:50.928Z",
"dateReserved": "2020-03-05T00:00:00.000Z",
"dateUpdated": "2024-09-30T16:53:25.905Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-10131
Vulnerability from cvelistv5
Published
2023-09-06 18:47
Modified
2024-09-26 17:49
Severity ?
EPSS score ?
Summary
SearchBlox before Version 9.2.1 is vulnerable to CSV macro injection in "Featured Results" parameter.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SearchBlox | SearchBlox |
Version: 9.2.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:50:57.882Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://developer.searchblox.com/v9.2/changelog/version-921"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-10131",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-26T17:49:12.511581Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-26T17:49:41.323Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "SearchBlox",
"vendor": "SearchBlox",
"versions": [
{
"status": "affected",
"version": "9.2.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SearchBlox before Version 9.2.1 is vulnerable to CSV macro injection in \"Featured Results\" parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-1236 Improper Neutralization of Formula Elements in a CSV File",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-06T18:47:31.776Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"url": "https://developer.searchblox.com/v9.2/changelog/version-921"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "CVE-2020-10131",
"x_generator": {
"engine": "VINCE 2.1.4",
"env": "prod",
"origin": "https://cveawg.mitre.org/api/cve/CVE-2020-10131"
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2020-10131",
"datePublished": "2023-09-06T18:47:31.776Z",
"dateReserved": "2020-03-05T00:00:00.000Z",
"dateUpdated": "2024-09-26T17:49:41.323Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-0970
Vulnerability from cvelistv5
Published
2015-04-18 01:00
Modified
2024-08-06 04:26
Severity ?
EPSS score ?
Summary
Cross-site request forgery (CSRF) vulnerability in SearchBlox before 8.2 allows remote attackers to hijack the authentication of arbitrary users.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.kb.cert.org/vuls/id/697316 | third-party-advisory, x_refsource_CERT-VN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:26:11.569Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#697316",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/697316"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-04-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in SearchBlox before 8.2 allows remote attackers to hijack the authentication of arbitrary users."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-04-18T01:57:00",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "VU#697316",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/697316"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2015-0970",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in SearchBlox before 8.2 allows remote attackers to hijack the authentication of arbitrary users."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#697316",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/697316"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2015-0970",
"datePublished": "2015-04-18T01:00:00",
"dateReserved": "2015-01-10T00:00:00",
"dateUpdated": "2024-08-06T04:26:11.569Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-11586
Vulnerability from cvelistv5
Published
2018-06-05 21:00
Modified
2024-08-05 08:10
Severity ?
EPSS score ?
Summary
XML external entity (XXE) vulnerability in api/rest/status in SearchBlox 8.6.7 allows remote unauthenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request.
References
| ▼ | URL | Tags |
|---|---|---|
| http://packetstormsecurity.com/files/148032/SearchBlox-8.6.7-XML-External-Entity-Injection.html | x_refsource_MISC | |
| https://gurelahmet.com/searchblox-8-6-7-out-of-band-xml-external-entity-oob-xxe-cve-2018-11586/ | x_refsource_MISC | |
| https://www.exploit-db.com/exploits/44827/ | exploit, x_refsource_EXPLOIT-DB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T08:10:14.888Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/148032/SearchBlox-8.6.7-XML-External-Entity-Injection.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gurelahmet.com/searchblox-8-6-7-out-of-band-xml-external-entity-oob-xxe-cve-2018-11586/"
},
{
"name": "44827",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/44827/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-06-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "XML external entity (XXE) vulnerability in api/rest/status in SearchBlox 8.6.7 allows remote unauthenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-06-11T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/148032/SearchBlox-8.6.7-XML-External-Entity-Injection.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gurelahmet.com/searchblox-8-6-7-out-of-band-xml-external-entity-oob-xxe-cve-2018-11586/"
},
{
"name": "44827",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/44827/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-11586",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XML external entity (XXE) vulnerability in api/rest/status in SearchBlox 8.6.7 allows remote unauthenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/148032/SearchBlox-8.6.7-XML-External-Entity-Injection.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/148032/SearchBlox-8.6.7-XML-External-Entity-Injection.html"
},
{
"name": "https://gurelahmet.com/searchblox-8-6-7-out-of-band-xml-external-entity-oob-xxe-cve-2018-11586/",
"refsource": "MISC",
"url": "https://gurelahmet.com/searchblox-8-6-7-out-of-band-xml-external-entity-oob-xxe-cve-2018-11586/"
},
{
"name": "44827",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/44827/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-11586",
"datePublished": "2018-06-05T21:00:00",
"dateReserved": "2018-05-31T00:00:00",
"dateUpdated": "2024-08-05T08:10:14.888Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-0969
Vulnerability from cvelistv5
Published
2015-04-18 01:00
Modified
2024-08-06 04:26
Severity ?
EPSS score ?
Summary
SearchBlox before 8.2 allows remote attackers to obtain sensitive information via a pretty=true action to the _cluster/health URI.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.kb.cert.org/vuls/id/697316 | third-party-advisory, x_refsource_CERT-VN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:26:11.621Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#697316",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/697316"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-04-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SearchBlox before 8.2 allows remote attackers to obtain sensitive information via a pretty=true action to the _cluster/health URI."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-04-18T01:57:00",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "VU#697316",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/697316"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2015-0969",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SearchBlox before 8.2 allows remote attackers to obtain sensitive information via a pretty=true action to the _cluster/health URI."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#697316",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/697316"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2015-0969",
"datePublished": "2015-04-18T01:00:00",
"dateReserved": "2015-01-10T00:00:00",
"dateUpdated": "2024-08-06T04:26:11.621Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}