Vulnerabilites related to op5 - system-portal
cve-2012-0261
Vulnerability from cvelistv5
Published
2013-12-31 20:00
Modified
2024-08-06 18:16
Severity ?
EPSS score ?
Summary
license.php in system-portal before 1.6.2 in op5 Monitor and op5 Appliance before 5.5.3 allows remote attackers to execute arbitrary commands via shell metacharacters in the timestamp parameter for an install action.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugs.op5.com/view.php?id=5094 | x_refsource_CONFIRM | |
| http://www.osvdb.org/78064 | vdb-entry, x_refsource_OSVDB | |
| http://secunia.com/advisories/47417 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.op5.com/news/support-news/fixed-vulnerabilities-op5-monitor-op5-appliance/ | x_refsource_CONFIRM | |
| http://seclists.org/fulldisclosure/2012/Jan/62 | mailing-list, x_refsource_FULLDISC | |
| http://www.ekelow.se/file_uploads/Advisories/ekelow-aid-2012-01.pdf | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:16:19.729Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.op5.com/view.php?id=5094"
},
{
"name": "78064",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/78064"
},
{
"name": "47417",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/47417"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.op5.com/news/support-news/fixed-vulnerabilities-op5-monitor-op5-appliance/"
},
{
"name": "20120107 OP5 Monitor - Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2012/Jan/62"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ekelow.se/file_uploads/Advisories/ekelow-aid-2012-01.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-01-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "license.php in system-portal before 1.6.2 in op5 Monitor and op5 Appliance before 5.5.3 allows remote attackers to execute arbitrary commands via shell metacharacters in the timestamp parameter for an install action."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-01-29T17:57:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.op5.com/view.php?id=5094"
},
{
"name": "78064",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/78064"
},
{
"name": "47417",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/47417"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.op5.com/news/support-news/fixed-vulnerabilities-op5-monitor-op5-appliance/"
},
{
"name": "20120107 OP5 Monitor - Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2012/Jan/62"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ekelow.se/file_uploads/Advisories/ekelow-aid-2012-01.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-0261",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "license.php in system-portal before 1.6.2 in op5 Monitor and op5 Appliance before 5.5.3 allows remote attackers to execute arbitrary commands via shell metacharacters in the timestamp parameter for an install action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.op5.com/view.php?id=5094",
"refsource": "CONFIRM",
"url": "https://bugs.op5.com/view.php?id=5094"
},
{
"name": "78064",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/78064"
},
{
"name": "47417",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/47417"
},
{
"name": "http://www.op5.com/news/support-news/fixed-vulnerabilities-op5-monitor-op5-appliance/",
"refsource": "CONFIRM",
"url": "http://www.op5.com/news/support-news/fixed-vulnerabilities-op5-monitor-op5-appliance/"
},
{
"name": "20120107 OP5 Monitor - Multiple Vulnerabilities",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2012/Jan/62"
},
{
"name": "http://www.ekelow.se/file_uploads/Advisories/ekelow-aid-2012-01.pdf",
"refsource": "MISC",
"url": "http://www.ekelow.se/file_uploads/Advisories/ekelow-aid-2012-01.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-0261",
"datePublished": "2013-12-31T20:00:00",
"dateReserved": "2011-12-21T00:00:00",
"dateUpdated": "2024-08-06T18:16:19.729Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2013-12-31 20:55
Modified
2024-11-21 01:34
Severity ?
Summary
license.php in system-portal before 1.6.2 in op5 Monitor and op5 Appliance before 5.5.3 allows remote attackers to execute arbitrary commands via shell metacharacters in the timestamp parameter for an install action.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:op5:monitor:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4739B1AD-4ED5-4D34-882E-AA39DA3F3921",
"versionEndIncluding": "5.5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:op5:monitor:5.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5249E2B6-4B2B-4A4D-9C39-8362B422B0E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:op5:monitor:5.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "108F8953-B90D-4341-8AD5-39E94F7F320B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:op5:monitor:5.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "14C73510-4999-4C96-9705-59274F97BA77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:op5:monitor:5.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "349F04CB-1BF5-4160-8FC6-72AAB95F3892",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:op5:system-portal:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7716E337-783B-4168-9F8B-B38276928818",
"versionEndIncluding": "1.6.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "license.php in system-portal before 1.6.2 in op5 Monitor and op5 Appliance before 5.5.3 allows remote attackers to execute arbitrary commands via shell metacharacters in the timestamp parameter for an install action."
},
{
"lang": "es",
"value": "El codigo license.php en system-portal anterior a 1.6.2 del Monitor y Appliance op5 anterior a 5.5.3 permite a atacantes remotos ejecutar comandos arbitrarios mediante metacaracteres de shell en el par\u00e1metro de marca de tiempo para una acci\u00f3n de instalaci\u00f3n."
}
],
"id": "CVE-2012-0261",
"lastModified": "2024-11-21T01:34:40.933",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-12-31T20:55:04.133",
"references": [
{
"source": "cve@mitre.org",
"url": "http://seclists.org/fulldisclosure/2012/Jan/62"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/47417"
},
{
"source": "cve@mitre.org",
"url": "http://www.ekelow.se/file_uploads/Advisories/ekelow-aid-2012-01.pdf"
},
{
"source": "cve@mitre.org",
"url": "http://www.op5.com/news/support-news/fixed-vulnerabilities-op5-monitor-op5-appliance/"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/78064"
},
{
"source": "cve@mitre.org",
"url": "https://bugs.op5.com/view.php?id=5094"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/fulldisclosure/2012/Jan/62"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/47417"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ekelow.se/file_uploads/Advisories/ekelow-aid-2012-01.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.op5.com/news/support-news/fixed-vulnerabilities-op5-monitor-op5-appliance/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/78064"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugs.op5.com/view.php?id=5094"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}