Vulnerabilites related to cogentdatahub - cogent_datahub
Vulnerability from fkie_nvd
Published
2013-04-05 21:55
Modified
2024-11-21 01:48
Severity ?
Summary
Cogent Real-Time Systems Cogent DataHub before 7.3.0, OPC DataHub before 6.4.22, Cascade DataHub before 6.4.22 on Windows, and DataHub QuickTrend before 7.3.0 allow remote attackers to cause a denial of service (NULL pointer dereference and application crash) via malformed data in a formatted text command.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | http://ics-cert.us-cert.gov/pdf/ICSA-13-095-01.pdf | US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://ics-cert.us-cert.gov/pdf/ICSA-13-095-01.pdf | US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cogentdatahub | cogent_datahub | * | |
| cogentdatahub | cogent_datahub | 7.0 | |
| cogentdatahub | cogent_datahub | 7.0.2 | |
| cogentdatahub | cogent_datahub | 7.1.0 | |
| cogentdatahub | cogent_datahub | 7.1.1 | |
| cogentdatahub | cogent_datahub | 7.1.1.63 | |
| cogentdatahub | cogent_datahub | 7.1.2 | |
| cogentdatahub | opc_datahub | * | |
| cogentdatahub | opc_datahub | 6.4.20 | |
| cogentdatahub | cascade_datahub | * | |
| cogentdatahub | cascade_datahub | 6.4.20 | |
| microsoft | windows | * | |
| cogentdatahub | datahub_quicktrend | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cogentdatahub:cogent_datahub:*:*:*:*:*:*:*:*",
"matchCriteriaId": "295B2419-6CBA-4815-B0E8-51D5F5BCCB80",
"versionEndIncluding": "7.2.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D2DE7A08-D283-4EB3-BAAE-0BA4A8C2E088",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "66059E64-6EB2-4F9D-BCB3-099A01C9E72A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F05AAB16-437D-4A4E-892B-9B83E47FEC24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "65D16B36-567F-499D-AC7B-D2CC85AD9327",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.1.1.63:*:*:*:*:*:*:*",
"matchCriteriaId": "D8EC08FD-5473-4DB6-9828-8D007FE1E5FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F2724B2F-49B9-4423-A8D5-95B1E81DDEF9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cogentdatahub:opc_datahub:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5AF17ED5-1959-48BD-8166-730151AE4DE7",
"versionEndIncluding": "6.4.21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cogentdatahub:opc_datahub:6.4.20:*:*:*:*:*:*:*",
"matchCriteriaId": "49266854-6F6B-43F1-8A2F-DE12CAC65F99",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cogentdatahub:cascade_datahub:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2B53B6E6-3FA4-461E-9CCB-1797D513F84F",
"versionEndIncluding": "6.4.21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cogentdatahub:cascade_datahub:6.4.20:*:*:*:*:*:*:*",
"matchCriteriaId": "A4E8524E-2F62-4B01-83E7-686525DB00D2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cogentdatahub:datahub_quicktrend:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4472B878-C776-45F2-93EF-F4C423F2AB61",
"versionEndIncluding": "7.2.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cogent Real-Time Systems Cogent DataHub before 7.3.0, OPC DataHub before 6.4.22, Cascade DataHub before 6.4.22 on Windows, and DataHub QuickTrend before 7.3.0 allow remote attackers to cause a denial of service (NULL pointer dereference and application crash) via malformed data in a formatted text command."
},
{
"lang": "es",
"value": "Cogent Real-Time Systems Cogent DataHub anteriores a v7.3.0, OPC DataHub anteriores a v6.4.22, Cascade DataHub anteriores a v6.4.22 en Windows, y DataHub QuickTrend anteriores a v7.3.0 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (des-referencia a puntero nulo y ca\u00edda de aplicaci\u00f3n) a trav\u00e9s de datos mal formados en un comando de texto formateado."
}
],
"id": "CVE-2013-0681",
"lastModified": "2024-11-21T01:48:00.017",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-04-05T21:55:00.847",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"US Government Resource"
],
"url": "http://ics-cert.us-cert.gov/pdf/ICSA-13-095-01.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://ics-cert.us-cert.gov/pdf/ICSA-13-095-01.pdf"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-09-16 17:26
Modified
2024-11-21 01:30
Severity ?
Summary
Integer overflow in Cogent DataHub 7.1.1.63 and earlier allows remote attackers to cause a denial of service (crash) via a negative or large Content-Length value.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cogentdatahub | cogent_datahub | 7.0 | |
| cogentdatahub | cogent_datahub | 7.0.2 | |
| cogentdatahub | cogent_datahub | 7.1.0 | |
| cogentdatahub | cogent_datahub | 7.1.1 | |
| cogentdatahub | cogent_datahub | 7.1.1.63 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D2DE7A08-D283-4EB3-BAAE-0BA4A8C2E088",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "66059E64-6EB2-4F9D-BCB3-099A01C9E72A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F05AAB16-437D-4A4E-892B-9B83E47FEC24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "65D16B36-567F-499D-AC7B-D2CC85AD9327",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.1.1.63:*:*:*:*:*:*:*",
"matchCriteriaId": "D8EC08FD-5473-4DB6-9828-8D007FE1E5FC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in Cogent DataHub 7.1.1.63 and earlier allows remote attackers to cause a denial of service (crash) via a negative or large Content-Length value."
},
{
"lang": "es",
"value": "Un desbordamiento de enteros en Cogent DataHub versi\u00f3n 7.1.1.63 y anteriores, permite a los atacantes remotos causar una denegaci\u00f3n de servicio (bloqueo) por medio de un valor negativo o grande de longitud de contenido."
}
],
"id": "CVE-2011-3501",
"lastModified": "2024-11-21T01:30:36.737",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-09-16T17:26:14.903",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://aluigi.altervista.org/adv/cogent_3-adv.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-03.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://aluigi.altervista.org/adv/cogent_3-adv.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-03.pdf"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-189"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-05-30 23:55
Modified
2024-11-21 02:06
Severity ?
Summary
Directory traversal vulnerability in Cogent DataHub before 7.3.5 allows remote attackers to read arbitrary files of unspecified types, or cause a web-server denial of service, via a crafted pathname.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | http://ics-cert.us-cert.gov/advisories/ICSA-14-149-02 | US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://ics-cert.us-cert.gov/advisories/ICSA-14-149-02 | US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cogentdatahub | cogent_datahub | * | |
| cogentdatahub | cogent_datahub | 7.0 | |
| cogentdatahub | cogent_datahub | 7.0.2 | |
| cogentdatahub | cogent_datahub | 7.1.0 | |
| cogentdatahub | cogent_datahub | 7.1.1 | |
| cogentdatahub | cogent_datahub | 7.1.1.63 | |
| cogentdatahub | cogent_datahub | 7.1.2 | |
| cogentdatahub | cogent_datahub | 7.2.2 | |
| cogentdatahub | cogent_datahub | 7.3.0 | |
| cogentdatahub | cogent_datahub | 7.3.1 | |
| cogentdatahub | cogent_datahub | 7.3.2 | |
| cogentdatahub | cogent_datahub | 7.3.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cogentdatahub:cogent_datahub:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3A416FED-E221-48CE-8AFB-D822C6C8E4FF",
"versionEndIncluding": "7.3.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D2DE7A08-D283-4EB3-BAAE-0BA4A8C2E088",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "66059E64-6EB2-4F9D-BCB3-099A01C9E72A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F05AAB16-437D-4A4E-892B-9B83E47FEC24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "65D16B36-567F-499D-AC7B-D2CC85AD9327",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.1.1.63:*:*:*:*:*:*:*",
"matchCriteriaId": "D8EC08FD-5473-4DB6-9828-8D007FE1E5FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F2724B2F-49B9-4423-A8D5-95B1E81DDEF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C414FB06-9100-4BB9-9F5C-A31946C11E84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D881278E-D6B8-4147-91BA-4EBE049B0C70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3142AD5D-E5E1-447B-8FCD-444A31D62437",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "321C4D3C-67FF-4284-A569-8359B58FC2FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0B5C1FCA-D64E-4C12-B3A4-4200F95C6315",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in Cogent DataHub before 7.3.5 allows remote attackers to read arbitrary files of unspecified types, or cause a web-server denial of service, via a crafted pathname."
},
{
"lang": "es",
"value": "Vulnerabilidad de salto de directorio en Cogent DataHub anterior a 7.3.5 permite a atacantes remotos leer archivos arbitrarios de tipos no especificados, o causar una denegaci\u00f3n de servicio de servidor web, a trav\u00e9s de un nombre de ruta manipulado."
}
],
"id": "CVE-2014-2352",
"lastModified": "2024-11-21T02:06:08.057",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-05-30T23:55:02.847",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"US Government Resource"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-149-02"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-149-02"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-01-13 04:14
Modified
2024-11-21 01:34
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Cogent DataHub 7.1.2 and earlier, Cascade DataHub 6.4.20 and earlier, and OPC DataHub 6.4.20 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cogentdatahub | cascade_datahub | * | |
| cogentdatahub | cogent_datahub | * | |
| cogentdatahub | cogent_datahub | 7.0 | |
| cogentdatahub | cogent_datahub | 7.0.2 | |
| cogentdatahub | cogent_datahub | 7.1.0 | |
| cogentdatahub | cogent_datahub | 7.1.1 | |
| cogentdatahub | cogent_datahub | 7.1.1.63 | |
| cogentdatahub | opc_datahub | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cogentdatahub:cascade_datahub:*:*:*:*:*:*:*:*",
"matchCriteriaId": "24329477-5153-4C83-A1D2-36DCB2D89285",
"versionEndIncluding": "6.4.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cogentdatahub:cogent_datahub:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AD844135-43CF-45C0-A483-A3F807F4B5A2",
"versionEndIncluding": "7.1.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D2DE7A08-D283-4EB3-BAAE-0BA4A8C2E088",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "66059E64-6EB2-4F9D-BCB3-099A01C9E72A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F05AAB16-437D-4A4E-892B-9B83E47FEC24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "65D16B36-567F-499D-AC7B-D2CC85AD9327",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.1.1.63:*:*:*:*:*:*:*",
"matchCriteriaId": "D8EC08FD-5473-4DB6-9828-8D007FE1E5FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cogentdatahub:opc_datahub:*:*:*:*:*:*:*:*",
"matchCriteriaId": "51115EB4-98E2-45A2-80AB-8168292F9879",
"versionEndIncluding": "6.4.20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Cogent DataHub 7.1.2 and earlier, Cascade DataHub 6.4.20 and earlier, and OPC DataHub 6.4.20 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en DataHub v7.1.2 y anteriores, Cascade DataHub v6.4.20 y anteriores, y OPC DataHub v6.4.20 y anteriores que permite a atacantes remotos inyectar c\u00f3digo Web o HTML de su elecci\u00f3n a trav\u00e9s de vectores de ataque no especificados."
}
],
"id": "CVE-2012-0309",
"lastModified": "2024-11-21T01:34:46.393",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-01-13T04:14:38.987",
"references": [
{
"source": "vultures@jpcert.or.jp",
"url": "http://jvn.jp/en/jp/JVN12983784/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000001"
},
{
"source": "vultures@jpcert.or.jp",
"url": "http://secunia.com/advisories/47496"
},
{
"source": "vultures@jpcert.or.jp",
"url": "http://secunia.com/advisories/47525"
},
{
"source": "vultures@jpcert.or.jp",
"url": "http://www.cogentdatahub.com/ReleaseNotes.html"
},
{
"source": "vultures@jpcert.or.jp",
"url": "http://www.securityfocus.com/bid/51375"
},
{
"source": "vultures@jpcert.or.jp",
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-016-01.pdf"
},
{
"source": "vultures@jpcert.or.jp",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72305"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvn.jp/en/jp/JVN12983784/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000001"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/47496"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/47525"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.cogentdatahub.com/ReleaseNotes.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/51375"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-016-01.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72305"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-09-16 17:26
Modified
2024-11-21 01:30
Severity ?
Summary
The web server in Cogent DataHub 7.1.1.63 and earlier allows remote attackers to obtain the source code of executable files via a request with a trailing (1) space or (2) %2e (encoded dot).
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cogentdatahub | cogent_datahub | 7.0 | |
| cogentdatahub | cogent_datahub | 7.0.2 | |
| cogentdatahub | cogent_datahub | 7.1.0 | |
| cogentdatahub | cogent_datahub | 7.1.1 | |
| cogentdatahub | cogent_datahub | 7.1.1.63 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D2DE7A08-D283-4EB3-BAAE-0BA4A8C2E088",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "66059E64-6EB2-4F9D-BCB3-099A01C9E72A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F05AAB16-437D-4A4E-892B-9B83E47FEC24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "65D16B36-567F-499D-AC7B-D2CC85AD9327",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.1.1.63:*:*:*:*:*:*:*",
"matchCriteriaId": "D8EC08FD-5473-4DB6-9828-8D007FE1E5FC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The web server in Cogent DataHub 7.1.1.63 and earlier allows remote attackers to obtain the source code of executable files via a request with a trailing (1) space or (2) %2e (encoded dot)."
},
{
"lang": "es",
"value": "El servidor web Cogent DataHub 7.1.1.63 y versiones anteriores permite a atacantes remotos obtener el c\u00f3digo fuente de archivos ejecutables a trav\u00e9s de una petici\u00f3n con un (1) espacio o (2) %2e (punto codificado) al final."
}
],
"id": "CVE-2011-3502",
"lastModified": "2024-11-21T01:30:36.870",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-09-16T17:26:14.933",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://aluigi.altervista.org/adv/cogent_4-adv.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-03.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://aluigi.altervista.org/adv/cogent_4-adv.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-03.pdf"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-04-05 21:55
Modified
2024-11-21 01:48
Severity ?
Summary
Cogent Real-Time Systems Cogent DataHub before 7.3.0, OPC DataHub before 6.4.22, Cascade DataHub before 6.4.22 on Windows, and DataHub QuickTrend before 7.3.0 do not properly handle exceptions, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via malformed data in a formatted text command, leading to out-of-bounds access to (1) heap or (2) stack memory.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | http://ics-cert.us-cert.gov/pdf/ICSA-13-095-01.pdf | US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://ics-cert.us-cert.gov/pdf/ICSA-13-095-01.pdf | US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cogentdatahub | cogent_datahub | * | |
| cogentdatahub | cogent_datahub | 7.0 | |
| cogentdatahub | cogent_datahub | 7.0.2 | |
| cogentdatahub | cogent_datahub | 7.1.0 | |
| cogentdatahub | cogent_datahub | 7.1.1 | |
| cogentdatahub | cogent_datahub | 7.1.1.63 | |
| cogentdatahub | cogent_datahub | 7.1.2 | |
| cogentdatahub | opc_datahub | * | |
| cogentdatahub | opc_datahub | 6.4.20 | |
| cogentdatahub | cascade_datahub | * | |
| cogentdatahub | cascade_datahub | 6.4.20 | |
| microsoft | windows | * | |
| cogentdatahub | datahub_quicktrend | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cogentdatahub:cogent_datahub:*:*:*:*:*:*:*:*",
"matchCriteriaId": "295B2419-6CBA-4815-B0E8-51D5F5BCCB80",
"versionEndIncluding": "7.2.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D2DE7A08-D283-4EB3-BAAE-0BA4A8C2E088",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "66059E64-6EB2-4F9D-BCB3-099A01C9E72A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F05AAB16-437D-4A4E-892B-9B83E47FEC24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "65D16B36-567F-499D-AC7B-D2CC85AD9327",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.1.1.63:*:*:*:*:*:*:*",
"matchCriteriaId": "D8EC08FD-5473-4DB6-9828-8D007FE1E5FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F2724B2F-49B9-4423-A8D5-95B1E81DDEF9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cogentdatahub:opc_datahub:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5AF17ED5-1959-48BD-8166-730151AE4DE7",
"versionEndIncluding": "6.4.21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cogentdatahub:opc_datahub:6.4.20:*:*:*:*:*:*:*",
"matchCriteriaId": "49266854-6F6B-43F1-8A2F-DE12CAC65F99",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cogentdatahub:cascade_datahub:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2B53B6E6-3FA4-461E-9CCB-1797D513F84F",
"versionEndIncluding": "6.4.21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cogentdatahub:cascade_datahub:6.4.20:*:*:*:*:*:*:*",
"matchCriteriaId": "A4E8524E-2F62-4B01-83E7-686525DB00D2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cogentdatahub:datahub_quicktrend:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4472B878-C776-45F2-93EF-F4C423F2AB61",
"versionEndIncluding": "7.2.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cogent Real-Time Systems Cogent DataHub before 7.3.0, OPC DataHub before 6.4.22, Cascade DataHub before 6.4.22 on Windows, and DataHub QuickTrend before 7.3.0 do not properly handle exceptions, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via malformed data in a formatted text command, leading to out-of-bounds access to (1) heap or (2) stack memory."
},
{
"lang": "es",
"value": "Cogent Real-Time Systems Cogent DataHub anteriores a v7.3.0, OPC DataHub asnteriores a v6.4.22, Cascade DataHub anteriores a v6.4.22 en Windows, y DataHub QuickTrend anteriores a v7.3.0 no manejan las excepciones de forma adecuada, lo que permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda de la aplicaci\u00f3n) o posiblemente ejecutar c\u00f3digo a trav\u00e9s de datos mal generados en un comando de texto formateado, conduciendo un acceso fuera del l\u00edmite a (1) memoria din\u00e1mica o (2) pila de memoria."
}
],
"id": "CVE-2013-0682",
"lastModified": "2024-11-21T01:48:00.127",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-04-05T21:55:00.863",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"US Government Resource"
],
"url": "http://ics-cert.us-cert.gov/pdf/ICSA-13-095-01.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://ics-cert.us-cert.gov/pdf/ICSA-13-095-01.pdf"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-05-22 23:55
Modified
2024-11-21 02:08
Severity ?
Summary
Heap-based buffer overflow in the Web Server in Cogent Real-Time Systems Cogent DataHub before 7.3.5 allows remote attackers to execute arbitrary code via a negative value in the Content-Length field in a request.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cogentdatahub | cogent_datahub | * | |
| cogentdatahub | cogent_datahub | 7.0 | |
| cogentdatahub | cogent_datahub | 7.0.2 | |
| cogentdatahub | cogent_datahub | 7.1.0 | |
| cogentdatahub | cogent_datahub | 7.1.1 | |
| cogentdatahub | cogent_datahub | 7.1.1.63 | |
| cogentdatahub | cogent_datahub | 7.1.2 | |
| cogentdatahub | cogent_datahub | 7.2.2 | |
| cogentdatahub | cogent_datahub | 7.3.0 | |
| cogentdatahub | cogent_datahub | 7.3.1 | |
| cogentdatahub | cogent_datahub | 7.3.2 | |
| cogentdatahub | cogent_datahub | 7.3.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cogentdatahub:cogent_datahub:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3A416FED-E221-48CE-8AFB-D822C6C8E4FF",
"versionEndIncluding": "7.3.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D2DE7A08-D283-4EB3-BAAE-0BA4A8C2E088",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "66059E64-6EB2-4F9D-BCB3-099A01C9E72A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F05AAB16-437D-4A4E-892B-9B83E47FEC24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "65D16B36-567F-499D-AC7B-D2CC85AD9327",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.1.1.63:*:*:*:*:*:*:*",
"matchCriteriaId": "D8EC08FD-5473-4DB6-9828-8D007FE1E5FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F2724B2F-49B9-4423-A8D5-95B1E81DDEF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C414FB06-9100-4BB9-9F5C-A31946C11E84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D881278E-D6B8-4147-91BA-4EBE049B0C70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3142AD5D-E5E1-447B-8FCD-444A31D62437",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "321C4D3C-67FF-4284-A569-8359B58FC2FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0B5C1FCA-D64E-4C12-B3A4-4200F95C6315",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the Web Server in Cogent Real-Time Systems Cogent DataHub before 7.3.5 allows remote attackers to execute arbitrary code via a negative value in the Content-Length field in a request."
},
{
"lang": "es",
"value": "Desbordamiento de buffer basado en memoria din\u00e1mica en el servidor web en Cogent Real-Time Systems Cogent DataHub anterior a 7.3.5 permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de un valor negativo en el campo Content-Length en una solicitud."
}
],
"id": "CVE-2014-3788",
"lastModified": "2024-11-21T02:08:50.097",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-05-22T23:55:03.410",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://cogentdatahub.com/ReleaseNotes.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-14-135/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://cogentdatahub.com/ReleaseNotes.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-14-135/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-04-05 21:55
Modified
2024-11-21 01:48
Severity ?
Summary
The DataSim and DataPid demonstration clients in Cogent Real-Time Systems Cogent DataHub before 7.3.0, OPC DataHub before 6.4.22, Cascade DataHub before 6.4.22 on Windows, and DataHub QuickTrend before 7.3.0 allow remote servers to cause a denial of service (incorrect pointer access and client crash) via malformed data in a formatted text command.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | http://ics-cert.us-cert.gov/pdf/ICSA-13-095-01.pdf | US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://ics-cert.us-cert.gov/pdf/ICSA-13-095-01.pdf | US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cogentdatahub | cogent_datahub | * | |
| cogentdatahub | cogent_datahub | 7.0 | |
| cogentdatahub | cogent_datahub | 7.0.2 | |
| cogentdatahub | cogent_datahub | 7.1.0 | |
| cogentdatahub | cogent_datahub | 7.1.1 | |
| cogentdatahub | cogent_datahub | 7.1.1.63 | |
| cogentdatahub | cogent_datahub | 7.1.2 | |
| cogentdatahub | opc_datahub | * | |
| cogentdatahub | opc_datahub | 6.4.20 | |
| cogentdatahub | cascade_datahub | * | |
| cogentdatahub | cascade_datahub | 6.4.20 | |
| microsoft | windows | * | |
| cogentdatahub | datahub_quicktrend | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cogentdatahub:cogent_datahub:*:*:*:*:*:*:*:*",
"matchCriteriaId": "295B2419-6CBA-4815-B0E8-51D5F5BCCB80",
"versionEndIncluding": "7.2.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D2DE7A08-D283-4EB3-BAAE-0BA4A8C2E088",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "66059E64-6EB2-4F9D-BCB3-099A01C9E72A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F05AAB16-437D-4A4E-892B-9B83E47FEC24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "65D16B36-567F-499D-AC7B-D2CC85AD9327",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.1.1.63:*:*:*:*:*:*:*",
"matchCriteriaId": "D8EC08FD-5473-4DB6-9828-8D007FE1E5FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F2724B2F-49B9-4423-A8D5-95B1E81DDEF9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cogentdatahub:opc_datahub:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5AF17ED5-1959-48BD-8166-730151AE4DE7",
"versionEndIncluding": "6.4.21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cogentdatahub:opc_datahub:6.4.20:*:*:*:*:*:*:*",
"matchCriteriaId": "49266854-6F6B-43F1-8A2F-DE12CAC65F99",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cogentdatahub:cascade_datahub:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2B53B6E6-3FA4-461E-9CCB-1797D513F84F",
"versionEndIncluding": "6.4.21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cogentdatahub:cascade_datahub:6.4.20:*:*:*:*:*:*:*",
"matchCriteriaId": "A4E8524E-2F62-4B01-83E7-686525DB00D2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cogentdatahub:datahub_quicktrend:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4472B878-C776-45F2-93EF-F4C423F2AB61",
"versionEndIncluding": "7.2.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The DataSim and DataPid demonstration clients in Cogent Real-Time Systems Cogent DataHub before 7.3.0, OPC DataHub before 6.4.22, Cascade DataHub before 6.4.22 on Windows, and DataHub QuickTrend before 7.3.0 allow remote servers to cause a denial of service (incorrect pointer access and client crash) via malformed data in a formatted text command."
},
{
"lang": "es",
"value": "El cliente demo de DataSim and DataPid en Cogent Real-Time Systems Cogent DataHub anteriores a v7.3.0, OPC DataHub anteriores a v6.4.22, Cascade DataHub anteriores a v6.4.22 en Windows, y DataHub QuickTrend anteriores a v7.3.0 permite a servidores remotos provocar una denegaci\u00f3n de servicio (acceso a puntero incorrecto y ca\u00edda del cliente)a trav\u00e9s de datos mal formados en comanto de texto formateado."
}
],
"id": "CVE-2013-0683",
"lastModified": "2024-11-21T01:48:00.233",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.1,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2013-04-05T21:55:00.880",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"US Government Resource"
],
"url": "http://ics-cert.us-cert.gov/pdf/ICSA-13-095-01.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://ics-cert.us-cert.gov/pdf/ICSA-13-095-01.pdf"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-16"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-09-16 17:26
Modified
2024-11-21 01:30
Severity ?
Summary
Directory traversal vulnerability in the web server in Cogent DataHub 7.1.1.63 and earlier allows remote attackers to read arbitrary files via a ..\ (dot dot backslash) in an HTTP request.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cogentdatahub | cogent_datahub | 7.0 | |
| cogentdatahub | cogent_datahub | 7.0.2 | |
| cogentdatahub | cogent_datahub | 7.1.0 | |
| cogentdatahub | cogent_datahub | 7.1.1 | |
| cogentdatahub | cogent_datahub | 7.1.1.63 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D2DE7A08-D283-4EB3-BAAE-0BA4A8C2E088",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "66059E64-6EB2-4F9D-BCB3-099A01C9E72A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F05AAB16-437D-4A4E-892B-9B83E47FEC24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "65D16B36-567F-499D-AC7B-D2CC85AD9327",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.1.1.63:*:*:*:*:*:*:*",
"matchCriteriaId": "D8EC08FD-5473-4DB6-9828-8D007FE1E5FC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in the web server in Cogent DataHub 7.1.1.63 and earlier allows remote attackers to read arbitrary files via a ..\\ (dot dot backslash) in an HTTP request."
},
{
"lang": "es",
"value": "Vulnerabilidad de salto de directorio en el servidor web Cogent DataHub 7.1.1.63 y versiones anteriores permite a atacantes remotos leer archivos arbitrarios a trav\u00e9s de ..\\ (punto punto barra) en una petici\u00f3n HTTP."
}
],
"id": "CVE-2011-3500",
"lastModified": "2024-11-21T01:30:36.593",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-09-16T17:26:14.870",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://aluigi.altervista.org/adv/cogent_2-adv.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-03.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://aluigi.altervista.org/adv/cogent_2-adv.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-03.pdf"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-01-13 04:14
Modified
2024-11-21 01:34
Severity ?
Summary
CRLF injection vulnerability in Cogent DataHub 7.1.2 and earlier, Cascade DataHub 6.4.20 and earlier, and OPC DataHub 6.4.20 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cogentdatahub | cascade_datahub | * | |
| cogentdatahub | cogent_datahub | * | |
| cogentdatahub | cogent_datahub | 7.0 | |
| cogentdatahub | cogent_datahub | 7.0.2 | |
| cogentdatahub | cogent_datahub | 7.1.0 | |
| cogentdatahub | cogent_datahub | 7.1.1 | |
| cogentdatahub | cogent_datahub | 7.1.1.63 | |
| cogentdatahub | opc_datahub | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cogentdatahub:cascade_datahub:*:*:*:*:*:*:*:*",
"matchCriteriaId": "24329477-5153-4C83-A1D2-36DCB2D89285",
"versionEndIncluding": "6.4.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cogentdatahub:cogent_datahub:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AD844135-43CF-45C0-A483-A3F807F4B5A2",
"versionEndIncluding": "7.1.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D2DE7A08-D283-4EB3-BAAE-0BA4A8C2E088",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "66059E64-6EB2-4F9D-BCB3-099A01C9E72A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F05AAB16-437D-4A4E-892B-9B83E47FEC24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "65D16B36-567F-499D-AC7B-D2CC85AD9327",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.1.1.63:*:*:*:*:*:*:*",
"matchCriteriaId": "D8EC08FD-5473-4DB6-9828-8D007FE1E5FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cogentdatahub:opc_datahub:*:*:*:*:*:*:*:*",
"matchCriteriaId": "51115EB4-98E2-45A2-80AB-8168292F9879",
"versionEndIncluding": "6.4.20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "CRLF injection vulnerability in Cogent DataHub 7.1.2 and earlier, Cascade DataHub 6.4.20 and earlier, and OPC DataHub 6.4.20 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors."
},
{
"lang": "es",
"value": "Una vulnerabilidad de inyecci\u00f3n de CRLF en Cogent DataHub v7.1.2 y anteriores, Cascade DataHub v6.4.20 y anteriores, y OPC DataHub v6.4.20 y anteriores permite a atacantes remotos inyectar cabeceras HTTP de su elecci\u00f3n y llevar a cabo ataques de divisi\u00f3n de respuesta HTTP a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2012-0310",
"lastModified": "2024-11-21T01:34:46.497",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-01-13T04:14:39.037",
"references": [
{
"source": "vultures@jpcert.or.jp",
"url": "http://jvn.jp/en/jp/JVN63249231/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000002"
},
{
"source": "vultures@jpcert.or.jp",
"url": "http://secunia.com/advisories/47496"
},
{
"source": "vultures@jpcert.or.jp",
"url": "http://secunia.com/advisories/47525"
},
{
"source": "vultures@jpcert.or.jp",
"url": "http://www.cogentdatahub.com/ReleaseNotes.html"
},
{
"source": "vultures@jpcert.or.jp",
"url": "http://www.securityfocus.com/bid/51375"
},
{
"source": "vultures@jpcert.or.jp",
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-016-01.pdf"
},
{
"source": "vultures@jpcert.or.jp",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72306"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvn.jp/en/jp/JVN63249231/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000002"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/47496"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/47525"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.cogentdatahub.com/ReleaseNotes.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/51375"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-016-01.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72306"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-05-30 23:55
Modified
2024-11-21 02:06
Severity ?
Summary
Cogent DataHub before 7.3.5 does not use a salt during password hashing, which makes it easier for context-dependent attackers to obtain cleartext passwords via a brute-force attack.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | http://ics-cert.us-cert.gov/advisories/ICSA-14-149-02 | US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://ics-cert.us-cert.gov/advisories/ICSA-14-149-02 | US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cogentdatahub | cogent_datahub | * | |
| cogentdatahub | cogent_datahub | 7.0 | |
| cogentdatahub | cogent_datahub | 7.0.2 | |
| cogentdatahub | cogent_datahub | 7.1.0 | |
| cogentdatahub | cogent_datahub | 7.1.1 | |
| cogentdatahub | cogent_datahub | 7.1.1.63 | |
| cogentdatahub | cogent_datahub | 7.1.2 | |
| cogentdatahub | cogent_datahub | 7.2.2 | |
| cogentdatahub | cogent_datahub | 7.3.0 | |
| cogentdatahub | cogent_datahub | 7.3.1 | |
| cogentdatahub | cogent_datahub | 7.3.2 | |
| cogentdatahub | cogent_datahub | 7.3.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cogentdatahub:cogent_datahub:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3A416FED-E221-48CE-8AFB-D822C6C8E4FF",
"versionEndIncluding": "7.3.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D2DE7A08-D283-4EB3-BAAE-0BA4A8C2E088",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "66059E64-6EB2-4F9D-BCB3-099A01C9E72A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F05AAB16-437D-4A4E-892B-9B83E47FEC24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "65D16B36-567F-499D-AC7B-D2CC85AD9327",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.1.1.63:*:*:*:*:*:*:*",
"matchCriteriaId": "D8EC08FD-5473-4DB6-9828-8D007FE1E5FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F2724B2F-49B9-4423-A8D5-95B1E81DDEF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C414FB06-9100-4BB9-9F5C-A31946C11E84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D881278E-D6B8-4147-91BA-4EBE049B0C70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3142AD5D-E5E1-447B-8FCD-444A31D62437",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "321C4D3C-67FF-4284-A569-8359B58FC2FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0B5C1FCA-D64E-4C12-B3A4-4200F95C6315",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cogent DataHub before 7.3.5 does not use a salt during password hashing, which makes it easier for context-dependent attackers to obtain cleartext passwords via a brute-force attack."
},
{
"lang": "es",
"value": "Cogent DataHub anterior a 7.3.5 no utiliza un salt durante la creaci\u00f3n de hash de contrase\u00f1as, lo que facilita a atacantes dependientes de contexto obtener contrase\u00f1as de texto claro a trav\u00e9s de un ataque de fuerza bruta."
}
],
"id": "CVE-2014-2354",
"lastModified": "2024-11-21T02:06:08.263",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-05-30T23:55:02.987",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"US Government Resource"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-149-02"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-149-02"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-255"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-09-16 14:28
Modified
2024-11-21 01:30
Severity ?
Summary
Multiple stack-based buffer overflows in the DH_OneSecondTick function in Cogent DataHub 7.1.1.63 and earlier allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long (1) domain, (2) report_domain, (3) register_datahub, or (4) slave commands.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cogentdatahub | cogent_datahub | * | |
| cogentdatahub | cogent_datahub | 7.0 | |
| cogentdatahub | cogent_datahub | 7.0.2 | |
| cogentdatahub | cogent_datahub | 7.1.0 | |
| cogentdatahub | cogent_datahub | 7.1.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cogentdatahub:cogent_datahub:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C250C211-A312-4DEC-BC0E-B16FE8EAFAA8",
"versionEndIncluding": "7.1.1.63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D2DE7A08-D283-4EB3-BAAE-0BA4A8C2E088",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "66059E64-6EB2-4F9D-BCB3-099A01C9E72A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F05AAB16-437D-4A4E-892B-9B83E47FEC24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "65D16B36-567F-499D-AC7B-D2CC85AD9327",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple stack-based buffer overflows in the DH_OneSecondTick function in Cogent DataHub 7.1.1.63 and earlier allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long (1) domain, (2) report_domain, (3) register_datahub, or (4) slave commands."
},
{
"lang": "es",
"value": "M\u00faltiples desbordamiento de buffer de pila en la funci\u00f3n DH_OneSecondTick de Cogent DataHub 7.1.1.63 y versiones anteriores permite a atacantes remotos provoar una denegaci\u00f3n de servicio (ca\u00edda) y posiblemente ejecutar c\u00f3digo arbitrario a trav\u00e9s de un comando extenso (1) domain, (2) report_domain, (3) register_datahub, o (4) slave."
}
],
"id": "CVE-2011-3493",
"lastModified": "2024-11-21T01:30:35.533",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-09-16T14:28:13.107",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://aluigi.altervista.org/adv/cogent_1-adv.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-03.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://aluigi.altervista.org/adv/cogent_1-adv.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-03.pdf"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-04-05 21:55
Modified
2024-11-21 01:47
Severity ?
Summary
Stack-based buffer overflow in the web server in Cogent Real-Time Systems Cogent DataHub before 7.3.0, OPC DataHub before 6.4.22, Cascade DataHub before 6.4.22 on Windows, and DataHub QuickTrend before 7.3.0 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a long HTTP header.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | http://ics-cert.us-cert.gov/pdf/ICSA-13-095-01.pdf | US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://ics-cert.us-cert.gov/pdf/ICSA-13-095-01.pdf | US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cogentdatahub | cogent_datahub | * | |
| cogentdatahub | cogent_datahub | 7.0 | |
| cogentdatahub | cogent_datahub | 7.0.2 | |
| cogentdatahub | cogent_datahub | 7.1.0 | |
| cogentdatahub | cogent_datahub | 7.1.1 | |
| cogentdatahub | cogent_datahub | 7.1.1.63 | |
| cogentdatahub | cogent_datahub | 7.1.2 | |
| cogentdatahub | opc_datahub | * | |
| cogentdatahub | opc_datahub | 6.4.20 | |
| cogentdatahub | cascade_datahub | * | |
| cogentdatahub | cascade_datahub | 6.4.20 | |
| microsoft | windows | * | |
| cogentdatahub | datahub_quicktrend | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cogentdatahub:cogent_datahub:*:*:*:*:*:*:*:*",
"matchCriteriaId": "295B2419-6CBA-4815-B0E8-51D5F5BCCB80",
"versionEndIncluding": "7.2.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D2DE7A08-D283-4EB3-BAAE-0BA4A8C2E088",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "66059E64-6EB2-4F9D-BCB3-099A01C9E72A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F05AAB16-437D-4A4E-892B-9B83E47FEC24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "65D16B36-567F-499D-AC7B-D2CC85AD9327",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.1.1.63:*:*:*:*:*:*:*",
"matchCriteriaId": "D8EC08FD-5473-4DB6-9828-8D007FE1E5FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F2724B2F-49B9-4423-A8D5-95B1E81DDEF9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cogentdatahub:opc_datahub:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5AF17ED5-1959-48BD-8166-730151AE4DE7",
"versionEndIncluding": "6.4.21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cogentdatahub:opc_datahub:6.4.20:*:*:*:*:*:*:*",
"matchCriteriaId": "49266854-6F6B-43F1-8A2F-DE12CAC65F99",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cogentdatahub:cascade_datahub:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2B53B6E6-3FA4-461E-9CCB-1797D513F84F",
"versionEndIncluding": "6.4.21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cogentdatahub:cascade_datahub:6.4.20:*:*:*:*:*:*:*",
"matchCriteriaId": "A4E8524E-2F62-4B01-83E7-686525DB00D2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cogentdatahub:datahub_quicktrend:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4472B878-C776-45F2-93EF-F4C423F2AB61",
"versionEndIncluding": "7.2.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the web server in Cogent Real-Time Systems Cogent DataHub before 7.3.0, OPC DataHub before 6.4.22, Cascade DataHub before 6.4.22 on Windows, and DataHub QuickTrend before 7.3.0 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a long HTTP header."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer basado en pila en el servidor Web de vpnconf.exe en Cogent Real-Time Systems Cogent DataHub anteriores a v7.3.0, OPC DataHub anteriores a v6.4.22, Cascade DataHub anteriores a v6.4.22 en Windows, y DataHub QuickTrend anteriores a v7.3.0, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda del demonia) o posiblemente ejecutar c\u00f3digo a trav\u00e9s de una cabecera HTTP larga."
}
],
"id": "CVE-2013-0680",
"lastModified": "2024-11-21T01:47:59.903",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-04-05T21:55:00.827",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"US Government Resource"
],
"url": "http://ics-cert.us-cert.gov/pdf/ICSA-13-095-01.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://ics-cert.us-cert.gov/pdf/ICSA-13-095-01.pdf"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-05-22 23:55
Modified
2024-11-21 02:08
Severity ?
Summary
GetPermissions.asp in Cogent Real-Time Systems Cogent DataHub before 7.3.5 allows remote attackers to execute arbitrary commands via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cogentdatahub | cogent_datahub | * | |
| cogentdatahub | cogent_datahub | 7.0 | |
| cogentdatahub | cogent_datahub | 7.0.2 | |
| cogentdatahub | cogent_datahub | 7.1.0 | |
| cogentdatahub | cogent_datahub | 7.1.1 | |
| cogentdatahub | cogent_datahub | 7.1.1.63 | |
| cogentdatahub | cogent_datahub | 7.1.2 | |
| cogentdatahub | cogent_datahub | 7.2.2 | |
| cogentdatahub | cogent_datahub | 7.3.0 | |
| cogentdatahub | cogent_datahub | 7.3.1 | |
| cogentdatahub | cogent_datahub | 7.3.2 | |
| cogentdatahub | cogent_datahub | 7.3.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cogentdatahub:cogent_datahub:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3A416FED-E221-48CE-8AFB-D822C6C8E4FF",
"versionEndIncluding": "7.3.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D2DE7A08-D283-4EB3-BAAE-0BA4A8C2E088",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "66059E64-6EB2-4F9D-BCB3-099A01C9E72A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F05AAB16-437D-4A4E-892B-9B83E47FEC24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "65D16B36-567F-499D-AC7B-D2CC85AD9327",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.1.1.63:*:*:*:*:*:*:*",
"matchCriteriaId": "D8EC08FD-5473-4DB6-9828-8D007FE1E5FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F2724B2F-49B9-4423-A8D5-95B1E81DDEF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C414FB06-9100-4BB9-9F5C-A31946C11E84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D881278E-D6B8-4147-91BA-4EBE049B0C70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3142AD5D-E5E1-447B-8FCD-444A31D62437",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "321C4D3C-67FF-4284-A569-8359B58FC2FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0B5C1FCA-D64E-4C12-B3A4-4200F95C6315",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "GetPermissions.asp in Cogent Real-Time Systems Cogent DataHub before 7.3.5 allows remote attackers to execute arbitrary commands via unspecified vectors."
},
{
"lang": "es",
"value": "GetPermissions.asp en Cogent Real-Time Systems Cogent DataHub anterior a 7.3.5 permite a atacantes remotos ejecutar comandos arbitrarios a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2014-3789",
"lastModified": "2024-11-21T02:08:50.237",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-05-22T23:55:03.767",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://cogentdatahub.com/ReleaseNotes.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/67486"
},
{
"source": "cve@mitre.org",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-14-136/"
},
{
"source": "cve@mitre.org",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-246-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://cogentdatahub.com/ReleaseNotes.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/67486"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-14-136/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-246-01"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-03-29 15:59
Modified
2024-11-21 02:48
Severity ?
Summary
Cogent DataHub before 7.3.10 allows local users to gain privileges by leveraging the user or guest role to modify a file.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://ics-cert.us-cert.gov/advisories/ICSA-16-084-01 | Third Party Advisory, US Government Resource | |
| ics-cert@hq.dhs.gov | https://www.exploit-db.com/exploits/39630/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://ics-cert.us-cert.gov/advisories/ICSA-16-084-01 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.exploit-db.com/exploits/39630/ |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cogentdatahub | cogent_datahub | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cogentdatahub:cogent_datahub:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A4F53DAF-DCB9-4687-8ADA-2025E60425B7",
"versionEndIncluding": "7.3.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cogent DataHub before 7.3.10 allows local users to gain privileges by leveraging the user or guest role to modify a file."
},
{
"lang": "es",
"value": "Cogent DataHub en versiones anteriores a 7.3.10 permite a usuarios locales obtener privilegios aprovechando el rol de usuario o invitado para modificar un archivo."
}
],
"id": "CVE-2016-2288",
"lastModified": "2024-11-21T02:48:08.823",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-03-29T15:59:01.167",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-084-01"
},
{
"source": "ics-cert@hq.dhs.gov",
"url": "https://www.exploit-db.com/exploits/39630/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-084-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/39630/"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-05-30 23:55
Modified
2024-11-21 02:06
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Cogent DataHub before 7.3.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | http://ics-cert.us-cert.gov/advisories/ICSA-14-149-02 | US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://ics-cert.us-cert.gov/advisories/ICSA-14-149-02 | US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cogentdatahub | cogent_datahub | * | |
| cogentdatahub | cogent_datahub | 7.0 | |
| cogentdatahub | cogent_datahub | 7.0.2 | |
| cogentdatahub | cogent_datahub | 7.1.0 | |
| cogentdatahub | cogent_datahub | 7.1.1 | |
| cogentdatahub | cogent_datahub | 7.1.1.63 | |
| cogentdatahub | cogent_datahub | 7.1.2 | |
| cogentdatahub | cogent_datahub | 7.2.2 | |
| cogentdatahub | cogent_datahub | 7.3.0 | |
| cogentdatahub | cogent_datahub | 7.3.1 | |
| cogentdatahub | cogent_datahub | 7.3.2 | |
| cogentdatahub | cogent_datahub | 7.3.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cogentdatahub:cogent_datahub:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3A416FED-E221-48CE-8AFB-D822C6C8E4FF",
"versionEndIncluding": "7.3.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D2DE7A08-D283-4EB3-BAAE-0BA4A8C2E088",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "66059E64-6EB2-4F9D-BCB3-099A01C9E72A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F05AAB16-437D-4A4E-892B-9B83E47FEC24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "65D16B36-567F-499D-AC7B-D2CC85AD9327",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.1.1.63:*:*:*:*:*:*:*",
"matchCriteriaId": "D8EC08FD-5473-4DB6-9828-8D007FE1E5FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F2724B2F-49B9-4423-A8D5-95B1E81DDEF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C414FB06-9100-4BB9-9F5C-A31946C11E84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D881278E-D6B8-4147-91BA-4EBE049B0C70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3142AD5D-E5E1-447B-8FCD-444A31D62437",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "321C4D3C-67FF-4284-A569-8359B58FC2FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0B5C1FCA-D64E-4C12-B3A4-4200F95C6315",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Cogent DataHub before 7.3.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en Cogent DataHub anterior a 7.3.5 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2014-2353",
"lastModified": "2024-11-21T02:06:08.160",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-05-30T23:55:02.910",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"US Government Resource"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-149-02"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-149-02"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2013-0680
Vulnerability from cvelistv5
Published
2013-04-05 21:00
Modified
2024-09-16 21:58
Severity ?
EPSS score ?
Summary
Stack-based buffer overflow in the web server in Cogent Real-Time Systems Cogent DataHub before 7.3.0, OPC DataHub before 6.4.22, Cascade DataHub before 6.4.22 on Windows, and DataHub QuickTrend before 7.3.0 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a long HTTP header.
References
| ▼ | URL | Tags |
|---|---|---|
| http://ics-cert.us-cert.gov/pdf/ICSA-13-095-01.pdf | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T14:33:05.543Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://ics-cert.us-cert.gov/pdf/ICSA-13-095-01.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the web server in Cogent Real-Time Systems Cogent DataHub before 7.3.0, OPC DataHub before 6.4.22, Cascade DataHub before 6.4.22 on Windows, and DataHub QuickTrend before 7.3.0 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a long HTTP header."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-04-05T21:00:00Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://ics-cert.us-cert.gov/pdf/ICSA-13-095-01.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2013-0680",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the web server in Cogent Real-Time Systems Cogent DataHub before 7.3.0, OPC DataHub before 6.4.22, Cascade DataHub before 6.4.22 on Windows, and DataHub QuickTrend before 7.3.0 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a long HTTP header."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://ics-cert.us-cert.gov/pdf/ICSA-13-095-01.pdf",
"refsource": "MISC",
"url": "http://ics-cert.us-cert.gov/pdf/ICSA-13-095-01.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2013-0680",
"datePublished": "2013-04-05T21:00:00Z",
"dateReserved": "2012-12-19T00:00:00Z",
"dateUpdated": "2024-09-16T21:58:02.359Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-3789
Vulnerability from cvelistv5
Published
2014-05-22 23:00
Modified
2024-08-06 10:57
Severity ?
EPSS score ?
Summary
GetPermissions.asp in Cogent Real-Time Systems Cogent DataHub before 7.3.5 allows remote attackers to execute arbitrary commands via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://ics-cert.us-cert.gov/advisories/ICSA-15-246-01 | x_refsource_MISC | |
| http://cogentdatahub.com/ReleaseNotes.html | x_refsource_CONFIRM | |
| http://www.zerodayinitiative.com/advisories/ZDI-14-136/ | x_refsource_MISC | |
| http://www.securityfocus.com/bid/67486 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:57:17.742Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-246-01"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://cogentdatahub.com/ReleaseNotes.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-14-136/"
},
{
"name": "67486",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/67486"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-05-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "GetPermissions.asp in Cogent Real-Time Systems Cogent DataHub before 7.3.5 allows remote attackers to execute arbitrary commands via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-06T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-246-01"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://cogentdatahub.com/ReleaseNotes.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-14-136/"
},
{
"name": "67486",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/67486"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-3789",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GetPermissions.asp in Cogent Real-Time Systems Cogent DataHub before 7.3.5 allows remote attackers to execute arbitrary commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-15-246-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-246-01"
},
{
"name": "http://cogentdatahub.com/ReleaseNotes.html",
"refsource": "CONFIRM",
"url": "http://cogentdatahub.com/ReleaseNotes.html"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-14-136/",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-14-136/"
},
{
"name": "67486",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/67486"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-3789",
"datePublished": "2014-05-22T23:00:00",
"dateReserved": "2014-05-19T00:00:00",
"dateUpdated": "2024-08-06T10:57:17.742Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-0681
Vulnerability from cvelistv5
Published
2013-04-05 21:00
Modified
2024-09-16 23:45
Severity ?
EPSS score ?
Summary
Cogent Real-Time Systems Cogent DataHub before 7.3.0, OPC DataHub before 6.4.22, Cascade DataHub before 6.4.22 on Windows, and DataHub QuickTrend before 7.3.0 allow remote attackers to cause a denial of service (NULL pointer dereference and application crash) via malformed data in a formatted text command.
References
| ▼ | URL | Tags |
|---|---|---|
| http://ics-cert.us-cert.gov/pdf/ICSA-13-095-01.pdf | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T14:33:05.610Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://ics-cert.us-cert.gov/pdf/ICSA-13-095-01.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cogent Real-Time Systems Cogent DataHub before 7.3.0, OPC DataHub before 6.4.22, Cascade DataHub before 6.4.22 on Windows, and DataHub QuickTrend before 7.3.0 allow remote attackers to cause a denial of service (NULL pointer dereference and application crash) via malformed data in a formatted text command."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-04-05T21:00:00Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://ics-cert.us-cert.gov/pdf/ICSA-13-095-01.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2013-0681",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cogent Real-Time Systems Cogent DataHub before 7.3.0, OPC DataHub before 6.4.22, Cascade DataHub before 6.4.22 on Windows, and DataHub QuickTrend before 7.3.0 allow remote attackers to cause a denial of service (NULL pointer dereference and application crash) via malformed data in a formatted text command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://ics-cert.us-cert.gov/pdf/ICSA-13-095-01.pdf",
"refsource": "MISC",
"url": "http://ics-cert.us-cert.gov/pdf/ICSA-13-095-01.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2013-0681",
"datePublished": "2013-04-05T21:00:00Z",
"dateReserved": "2012-12-19T00:00:00Z",
"dateUpdated": "2024-09-16T23:45:32.564Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-3788
Vulnerability from cvelistv5
Published
2014-05-22 23:00
Modified
2024-08-06 10:57
Severity ?
EPSS score ?
Summary
Heap-based buffer overflow in the Web Server in Cogent Real-Time Systems Cogent DataHub before 7.3.5 allows remote attackers to execute arbitrary code via a negative value in the Content-Length field in a request.
References
| ▼ | URL | Tags |
|---|---|---|
| http://cogentdatahub.com/ReleaseNotes.html | x_refsource_CONFIRM | |
| http://www.zerodayinitiative.com/advisories/ZDI-14-135/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:57:17.419Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://cogentdatahub.com/ReleaseNotes.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-14-135/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-04-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the Web Server in Cogent Real-Time Systems Cogent DataHub before 7.3.5 allows remote attackers to execute arbitrary code via a negative value in the Content-Length field in a request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-05-22T22:57:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://cogentdatahub.com/ReleaseNotes.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-14-135/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-3788",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in the Web Server in Cogent Real-Time Systems Cogent DataHub before 7.3.5 allows remote attackers to execute arbitrary code via a negative value in the Content-Length field in a request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://cogentdatahub.com/ReleaseNotes.html",
"refsource": "CONFIRM",
"url": "http://cogentdatahub.com/ReleaseNotes.html"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-14-135/",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-14-135/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-3788",
"datePublished": "2014-05-22T23:00:00",
"dateReserved": "2014-05-19T00:00:00",
"dateUpdated": "2024-08-06T10:57:17.419Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-2352
Vulnerability from cvelistv5
Published
2014-05-30 23:00
Modified
2024-08-06 10:14
Severity ?
EPSS score ?
Summary
Directory traversal vulnerability in Cogent DataHub before 7.3.5 allows remote attackers to read arbitrary files of unspecified types, or cause a web-server denial of service, via a crafted pathname.
References
| ▼ | URL | Tags |
|---|---|---|
| http://ics-cert.us-cert.gov/advisories/ICSA-14-149-02 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:14:25.305Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-149-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-05-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in Cogent DataHub before 7.3.5 allows remote attackers to read arbitrary files of unspecified types, or cause a web-server denial of service, via a crafted pathname."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-05-30T23:57:00",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-149-02"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2014-2352",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in Cogent DataHub before 7.3.5 allows remote attackers to read arbitrary files of unspecified types, or cause a web-server denial of service, via a crafted pathname."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://ics-cert.us-cert.gov/advisories/ICSA-14-149-02",
"refsource": "MISC",
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-149-02"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2014-2352",
"datePublished": "2014-05-30T23:00:00",
"dateReserved": "2014-03-13T00:00:00",
"dateUpdated": "2024-08-06T10:14:25.305Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-2354
Vulnerability from cvelistv5
Published
2014-05-30 23:00
Modified
2024-08-06 10:14
Severity ?
EPSS score ?
Summary
Cogent DataHub before 7.3.5 does not use a salt during password hashing, which makes it easier for context-dependent attackers to obtain cleartext passwords via a brute-force attack.
References
| ▼ | URL | Tags |
|---|---|---|
| http://ics-cert.us-cert.gov/advisories/ICSA-14-149-02 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:14:25.313Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-149-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-05-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cogent DataHub before 7.3.5 does not use a salt during password hashing, which makes it easier for context-dependent attackers to obtain cleartext passwords via a brute-force attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-05-30T23:57:00",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-149-02"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2014-2354",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cogent DataHub before 7.3.5 does not use a salt during password hashing, which makes it easier for context-dependent attackers to obtain cleartext passwords via a brute-force attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://ics-cert.us-cert.gov/advisories/ICSA-14-149-02",
"refsource": "MISC",
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-149-02"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2014-2354",
"datePublished": "2014-05-30T23:00:00",
"dateReserved": "2014-03-13T00:00:00",
"dateUpdated": "2024-08-06T10:14:25.313Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-0309
Vulnerability from cvelistv5
Published
2012-01-13 02:00
Modified
2024-08-06 18:23
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in Cogent DataHub 7.1.2 and earlier, Cascade DataHub 6.4.20 and earlier, and OPC DataHub 6.4.20 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://jvndb.jvn.jp/jvndb/JVNDB-2012-000001 | third-party-advisory, x_refsource_JVNDB | |
| http://www.securityfocus.com/bid/51375 | vdb-entry, x_refsource_BID | |
| http://www.cogentdatahub.com/ReleaseNotes.html | x_refsource_CONFIRM | |
| http://www.us-cert.gov/control_systems/pdf/ICSA-12-016-01.pdf | x_refsource_MISC | |
| http://secunia.com/advisories/47525 | third-party-advisory, x_refsource_SECUNIA | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/72305 | vdb-entry, x_refsource_XF | |
| http://jvn.jp/en/jp/JVN12983784/index.html | third-party-advisory, x_refsource_JVN | |
| http://secunia.com/advisories/47496 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:23:30.635Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVNDB-2012-000001",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000001"
},
{
"name": "51375",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/51375"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.cogentdatahub.com/ReleaseNotes.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-016-01.pdf"
},
{
"name": "47525",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/47525"
},
{
"name": "cogentdatahub-unspecified-xss(72305)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72305"
},
{
"name": "JVN#12983784",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN12983784/index.html"
},
{
"name": "47496",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/47496"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-01-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Cogent DataHub 7.1.2 and earlier, Cascade DataHub 6.4.20 and earlier, and OPC DataHub 6.4.20 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVNDB-2012-000001",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000001"
},
{
"name": "51375",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/51375"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.cogentdatahub.com/ReleaseNotes.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-016-01.pdf"
},
{
"name": "47525",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/47525"
},
{
"name": "cogentdatahub-unspecified-xss(72305)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72305"
},
{
"name": "JVN#12983784",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN12983784/index.html"
},
{
"name": "47496",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/47496"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2012-0309",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Cogent DataHub 7.1.2 and earlier, Cascade DataHub 6.4.20 and earlier, and OPC DataHub 6.4.20 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVNDB-2012-000001",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000001"
},
{
"name": "51375",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/51375"
},
{
"name": "http://www.cogentdatahub.com/ReleaseNotes.html",
"refsource": "CONFIRM",
"url": "http://www.cogentdatahub.com/ReleaseNotes.html"
},
{
"name": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-016-01.pdf",
"refsource": "MISC",
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-016-01.pdf"
},
{
"name": "47525",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/47525"
},
{
"name": "cogentdatahub-unspecified-xss(72305)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72305"
},
{
"name": "JVN#12983784",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN12983784/index.html"
},
{
"name": "47496",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/47496"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2012-0309",
"datePublished": "2012-01-13T02:00:00",
"dateReserved": "2012-01-04T00:00:00",
"dateUpdated": "2024-08-06T18:23:30.635Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-0683
Vulnerability from cvelistv5
Published
2013-04-05 21:00
Modified
2024-09-16 23:36
Severity ?
EPSS score ?
Summary
The DataSim and DataPid demonstration clients in Cogent Real-Time Systems Cogent DataHub before 7.3.0, OPC DataHub before 6.4.22, Cascade DataHub before 6.4.22 on Windows, and DataHub QuickTrend before 7.3.0 allow remote servers to cause a denial of service (incorrect pointer access and client crash) via malformed data in a formatted text command.
References
| ▼ | URL | Tags |
|---|---|---|
| http://ics-cert.us-cert.gov/pdf/ICSA-13-095-01.pdf | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T14:33:05.595Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://ics-cert.us-cert.gov/pdf/ICSA-13-095-01.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The DataSim and DataPid demonstration clients in Cogent Real-Time Systems Cogent DataHub before 7.3.0, OPC DataHub before 6.4.22, Cascade DataHub before 6.4.22 on Windows, and DataHub QuickTrend before 7.3.0 allow remote servers to cause a denial of service (incorrect pointer access and client crash) via malformed data in a formatted text command."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-04-05T21:00:00Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://ics-cert.us-cert.gov/pdf/ICSA-13-095-01.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2013-0683",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The DataSim and DataPid demonstration clients in Cogent Real-Time Systems Cogent DataHub before 7.3.0, OPC DataHub before 6.4.22, Cascade DataHub before 6.4.22 on Windows, and DataHub QuickTrend before 7.3.0 allow remote servers to cause a denial of service (incorrect pointer access and client crash) via malformed data in a formatted text command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://ics-cert.us-cert.gov/pdf/ICSA-13-095-01.pdf",
"refsource": "MISC",
"url": "http://ics-cert.us-cert.gov/pdf/ICSA-13-095-01.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2013-0683",
"datePublished": "2013-04-05T21:00:00Z",
"dateReserved": "2012-12-19T00:00:00Z",
"dateUpdated": "2024-09-16T23:36:56.403Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-3493
Vulnerability from cvelistv5
Published
2011-09-16 14:00
Modified
2024-09-16 20:46
Severity ?
EPSS score ?
Summary
Multiple stack-based buffer overflows in the DH_OneSecondTick function in Cogent DataHub 7.1.1.63 and earlier allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long (1) domain, (2) report_domain, (3) register_datahub, or (4) slave commands.
References
| ▼ | URL | Tags |
|---|---|---|
| http://aluigi.altervista.org/adv/cogent_1-adv.txt | x_refsource_MISC | |
| http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-03.pdf | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:37:47.876Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://aluigi.altervista.org/adv/cogent_1-adv.txt"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-03.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple stack-based buffer overflows in the DH_OneSecondTick function in Cogent DataHub 7.1.1.63 and earlier allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long (1) domain, (2) report_domain, (3) register_datahub, or (4) slave commands."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-09-16T14:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://aluigi.altervista.org/adv/cogent_1-adv.txt"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-03.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-3493",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple stack-based buffer overflows in the DH_OneSecondTick function in Cogent DataHub 7.1.1.63 and earlier allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long (1) domain, (2) report_domain, (3) register_datahub, or (4) slave commands."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://aluigi.altervista.org/adv/cogent_1-adv.txt",
"refsource": "MISC",
"url": "http://aluigi.altervista.org/adv/cogent_1-adv.txt"
},
{
"name": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-03.pdf",
"refsource": "MISC",
"url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-03.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-3493",
"datePublished": "2011-09-16T14:00:00Z",
"dateReserved": "2011-09-16T00:00:00Z",
"dateUpdated": "2024-09-16T20:46:36.314Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-2353
Vulnerability from cvelistv5
Published
2014-05-30 23:00
Modified
2024-08-06 10:14
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in Cogent DataHub before 7.3.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://ics-cert.us-cert.gov/advisories/ICSA-14-149-02 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:14:25.214Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-149-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-05-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Cogent DataHub before 7.3.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-05-30T23:57:00",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-149-02"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2014-2353",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Cogent DataHub before 7.3.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://ics-cert.us-cert.gov/advisories/ICSA-14-149-02",
"refsource": "MISC",
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-149-02"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2014-2353",
"datePublished": "2014-05-30T23:00:00",
"dateReserved": "2014-03-13T00:00:00",
"dateUpdated": "2024-08-06T10:14:25.214Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-3501
Vulnerability from cvelistv5
Published
2011-09-16 17:00
Modified
2024-09-16 19:36
Severity ?
EPSS score ?
Summary
Integer overflow in Cogent DataHub 7.1.1.63 and earlier allows remote attackers to cause a denial of service (crash) via a negative or large Content-Length value.
References
| ▼ | URL | Tags |
|---|---|---|
| http://aluigi.altervista.org/adv/cogent_3-adv.txt | x_refsource_MISC | |
| http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-03.pdf | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:37:47.763Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://aluigi.altervista.org/adv/cogent_3-adv.txt"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-03.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in Cogent DataHub 7.1.1.63 and earlier allows remote attackers to cause a denial of service (crash) via a negative or large Content-Length value."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-09-16T17:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://aluigi.altervista.org/adv/cogent_3-adv.txt"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-03.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-3501",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in Cogent DataHub 7.1.1.63 and earlier allows remote attackers to cause a denial of service (crash) via a negative or large Content-Length value."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://aluigi.altervista.org/adv/cogent_3-adv.txt",
"refsource": "MISC",
"url": "http://aluigi.altervista.org/adv/cogent_3-adv.txt"
},
{
"name": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-03.pdf",
"refsource": "MISC",
"url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-03.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-3501",
"datePublished": "2011-09-16T17:00:00Z",
"dateReserved": "2011-09-16T00:00:00Z",
"dateUpdated": "2024-09-16T19:36:44.578Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-3500
Vulnerability from cvelistv5
Published
2011-09-16 17:00
Modified
2024-09-17 04:04
Severity ?
EPSS score ?
Summary
Directory traversal vulnerability in the web server in Cogent DataHub 7.1.1.63 and earlier allows remote attackers to read arbitrary files via a ..\ (dot dot backslash) in an HTTP request.
References
| ▼ | URL | Tags |
|---|---|---|
| http://aluigi.altervista.org/adv/cogent_2-adv.txt | x_refsource_MISC | |
| http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-03.pdf | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:37:47.560Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://aluigi.altervista.org/adv/cogent_2-adv.txt"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-03.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in the web server in Cogent DataHub 7.1.1.63 and earlier allows remote attackers to read arbitrary files via a ..\\ (dot dot backslash) in an HTTP request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-09-16T17:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://aluigi.altervista.org/adv/cogent_2-adv.txt"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-03.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-3500",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in the web server in Cogent DataHub 7.1.1.63 and earlier allows remote attackers to read arbitrary files via a ..\\ (dot dot backslash) in an HTTP request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://aluigi.altervista.org/adv/cogent_2-adv.txt",
"refsource": "MISC",
"url": "http://aluigi.altervista.org/adv/cogent_2-adv.txt"
},
{
"name": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-03.pdf",
"refsource": "MISC",
"url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-03.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-3500",
"datePublished": "2011-09-16T17:00:00Z",
"dateReserved": "2011-09-16T00:00:00Z",
"dateUpdated": "2024-09-17T04:04:55.984Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-0682
Vulnerability from cvelistv5
Published
2013-04-05 21:00
Modified
2024-09-16 23:42
Severity ?
EPSS score ?
Summary
Cogent Real-Time Systems Cogent DataHub before 7.3.0, OPC DataHub before 6.4.22, Cascade DataHub before 6.4.22 on Windows, and DataHub QuickTrend before 7.3.0 do not properly handle exceptions, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via malformed data in a formatted text command, leading to out-of-bounds access to (1) heap or (2) stack memory.
References
| ▼ | URL | Tags |
|---|---|---|
| http://ics-cert.us-cert.gov/pdf/ICSA-13-095-01.pdf | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T14:33:05.495Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://ics-cert.us-cert.gov/pdf/ICSA-13-095-01.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cogent Real-Time Systems Cogent DataHub before 7.3.0, OPC DataHub before 6.4.22, Cascade DataHub before 6.4.22 on Windows, and DataHub QuickTrend before 7.3.0 do not properly handle exceptions, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via malformed data in a formatted text command, leading to out-of-bounds access to (1) heap or (2) stack memory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-04-05T21:00:00Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://ics-cert.us-cert.gov/pdf/ICSA-13-095-01.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2013-0682",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cogent Real-Time Systems Cogent DataHub before 7.3.0, OPC DataHub before 6.4.22, Cascade DataHub before 6.4.22 on Windows, and DataHub QuickTrend before 7.3.0 do not properly handle exceptions, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via malformed data in a formatted text command, leading to out-of-bounds access to (1) heap or (2) stack memory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://ics-cert.us-cert.gov/pdf/ICSA-13-095-01.pdf",
"refsource": "MISC",
"url": "http://ics-cert.us-cert.gov/pdf/ICSA-13-095-01.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2013-0682",
"datePublished": "2013-04-05T21:00:00Z",
"dateReserved": "2012-12-19T00:00:00Z",
"dateUpdated": "2024-09-16T23:42:06.462Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-2288
Vulnerability from cvelistv5
Published
2016-03-29 15:00
Modified
2024-08-05 23:24
Severity ?
EPSS score ?
Summary
Cogent DataHub before 7.3.10 allows local users to gain privileges by leveraging the user or guest role to modify a file.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.exploit-db.com/exploits/39630/ | exploit, x_refsource_EXPLOIT-DB | |
| https://ics-cert.us-cert.gov/advisories/ICSA-16-084-01 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:24:48.913Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "39630",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/39630/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-084-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-03-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cogent DataHub before 7.3.10 allows local users to gain privileges by leveraging the user or guest role to modify a file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-07T09:57:01",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"name": "39630",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/39630/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-084-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2016-2288",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cogent DataHub before 7.3.10 allows local users to gain privileges by leveraging the user or guest role to modify a file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "39630",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/39630/"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-16-084-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-084-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2016-2288",
"datePublished": "2016-03-29T15:00:00",
"dateReserved": "2016-02-09T00:00:00",
"dateUpdated": "2024-08-05T23:24:48.913Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-0310
Vulnerability from cvelistv5
Published
2012-01-13 02:00
Modified
2024-08-06 18:23
Severity ?
EPSS score ?
Summary
CRLF injection vulnerability in Cogent DataHub 7.1.2 and earlier, Cascade DataHub 6.4.20 and earlier, and OPC DataHub 6.4.20 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/51375 | vdb-entry, x_refsource_BID | |
| http://www.cogentdatahub.com/ReleaseNotes.html | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/72306 | vdb-entry, x_refsource_XF | |
| http://www.us-cert.gov/control_systems/pdf/ICSA-12-016-01.pdf | x_refsource_MISC | |
| http://secunia.com/advisories/47525 | third-party-advisory, x_refsource_SECUNIA | |
| http://jvn.jp/en/jp/JVN63249231/index.html | third-party-advisory, x_refsource_JVN | |
| http://jvndb.jvn.jp/jvndb/JVNDB-2012-000002 | third-party-advisory, x_refsource_JVNDB | |
| http://secunia.com/advisories/47496 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:23:29.864Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "51375",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/51375"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.cogentdatahub.com/ReleaseNotes.html"
},
{
"name": "cogentdatahub-unspecified-header-injection(72306)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72306"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-016-01.pdf"
},
{
"name": "47525",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/47525"
},
{
"name": "JVN#63249231",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN63249231/index.html"
},
{
"name": "JVNDB-2012-000002",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000002"
},
{
"name": "47496",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/47496"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-01-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "CRLF injection vulnerability in Cogent DataHub 7.1.2 and earlier, Cascade DataHub 6.4.20 and earlier, and OPC DataHub 6.4.20 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "51375",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/51375"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.cogentdatahub.com/ReleaseNotes.html"
},
{
"name": "cogentdatahub-unspecified-header-injection(72306)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72306"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-016-01.pdf"
},
{
"name": "47525",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/47525"
},
{
"name": "JVN#63249231",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN63249231/index.html"
},
{
"name": "JVNDB-2012-000002",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000002"
},
{
"name": "47496",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/47496"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2012-0310",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CRLF injection vulnerability in Cogent DataHub 7.1.2 and earlier, Cascade DataHub 6.4.20 and earlier, and OPC DataHub 6.4.20 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "51375",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/51375"
},
{
"name": "http://www.cogentdatahub.com/ReleaseNotes.html",
"refsource": "CONFIRM",
"url": "http://www.cogentdatahub.com/ReleaseNotes.html"
},
{
"name": "cogentdatahub-unspecified-header-injection(72306)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72306"
},
{
"name": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-016-01.pdf",
"refsource": "MISC",
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-016-01.pdf"
},
{
"name": "47525",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/47525"
},
{
"name": "JVN#63249231",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN63249231/index.html"
},
{
"name": "JVNDB-2012-000002",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000002"
},
{
"name": "47496",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/47496"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2012-0310",
"datePublished": "2012-01-13T02:00:00",
"dateReserved": "2012-01-04T00:00:00",
"dateUpdated": "2024-08-06T18:23:29.864Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-3502
Vulnerability from cvelistv5
Published
2011-09-16 17:00
Modified
2024-09-16 20:03
Severity ?
EPSS score ?
Summary
The web server in Cogent DataHub 7.1.1.63 and earlier allows remote attackers to obtain the source code of executable files via a request with a trailing (1) space or (2) %2e (encoded dot).
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-03.pdf | x_refsource_MISC | |
| http://aluigi.altervista.org/adv/cogent_4-adv.txt | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:37:47.743Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-03.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://aluigi.altervista.org/adv/cogent_4-adv.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The web server in Cogent DataHub 7.1.1.63 and earlier allows remote attackers to obtain the source code of executable files via a request with a trailing (1) space or (2) %2e (encoded dot)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-09-16T17:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-03.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://aluigi.altervista.org/adv/cogent_4-adv.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-3502",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The web server in Cogent DataHub 7.1.1.63 and earlier allows remote attackers to obtain the source code of executable files via a request with a trailing (1) space or (2) %2e (encoded dot)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-03.pdf",
"refsource": "MISC",
"url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-03.pdf"
},
{
"name": "http://aluigi.altervista.org/adv/cogent_4-adv.txt",
"refsource": "MISC",
"url": "http://aluigi.altervista.org/adv/cogent_4-adv.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-3502",
"datePublished": "2011-09-16T17:00:00Z",
"dateReserved": "2011-09-16T00:00:00Z",
"dateUpdated": "2024-09-16T20:03:44.420Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}