Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
4 vulnerabilities by SpiQe Software
CVE-2020-5640 (GCVE-0-2020-5640)
Vulnerability from cvelistv5 – Published: 2020-10-20 07:55 – Updated: 2024-08-04 08:39
VLAI
Summary
Local file inclusion vulnerability in OneThird CMS v1.96c and earlier allows a remote unauthenticated attacker to execute arbitrary code or obtain sensitive information via unspecified vectors.
Severity
No CVSS data available.
CWE
- Local file inclusion vulnerability
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://onethird.net/en/p1340.html | x_refsource_MISC |
| https://jvn.jp/en/vu/JVNVU99467898/index.html | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| SpiQe Software | OneThird CMS |
Affected:
v1.96c and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:39:25.727Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://onethird.net/en/p1340.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU99467898/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "OneThird CMS",
"vendor": "SpiQe Software",
"versions": [
{
"status": "affected",
"version": "v1.96c and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Local file inclusion vulnerability in OneThird CMS v1.96c and earlier allows a remote unauthenticated attacker to execute arbitrary code or obtain sensitive information via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Local file inclusion vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-20T07:55:19.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://onethird.net/en/p1340.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/vu/JVNVU99467898/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2020-5640",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "OneThird CMS",
"version": {
"version_data": [
{
"version_value": "v1.96c and earlier"
}
]
}
}
]
},
"vendor_name": "SpiQe Software"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Local file inclusion vulnerability in OneThird CMS v1.96c and earlier allows a remote unauthenticated attacker to execute arbitrary code or obtain sensitive information via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Local file inclusion vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://onethird.net/en/p1340.html",
"refsource": "MISC",
"url": "https://onethird.net/en/p1340.html"
},
{
"name": "https://jvn.jp/en/vu/JVNVU99467898/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/vu/JVNVU99467898/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2020-5640",
"datePublished": "2020-10-20T07:55:20.000Z",
"dateReserved": "2020-01-06T00:00:00.000Z",
"dateUpdated": "2024-08-04T08:39:25.727Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-10907 (GCVE-0-2017-10907)
Vulnerability from cvelistv5 – Published: 2017-12-22 14:00 – Updated: 2024-08-05 17:50
VLAI
Summary
Directory traversal vulnerability in OneThird CMS Show Off v1.85 and earlier. Show Off v1.85 en and earlier allows an attacker to read arbitrary files via unspecified vectors.
Severity
No CVSS data available.
CWE
- Directory traversal
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://jvn.jp/en/jp/JVN93333702/index.html | third-party-advisoryx_refsource_JVN |
| https://onethird.net/en/p1307.html | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| SpiQe Software | OneThird CMS |
Affected:
Show Off v1.85 and earlier
Affected: Show Off v1.85 en and earlier |
Date Public
2017-11-16 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:50:12.493Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#93333702",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN93333702/index.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://onethird.net/en/p1307.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "OneThird CMS",
"vendor": "SpiQe Software",
"versions": [
{
"status": "affected",
"version": "Show Off v1.85 and earlier"
},
{
"status": "affected",
"version": "Show Off v1.85 en and earlier"
}
]
}
],
"datePublic": "2017-11-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in OneThird CMS Show Off v1.85 and earlier. Show Off v1.85 en and earlier allows an attacker to read arbitrary files via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Directory traversal",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-22T13:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#93333702",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN93333702/index.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://onethird.net/en/p1307.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-10907",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "OneThird CMS",
"version": {
"version_data": [
{
"version_value": "Show Off v1.85 and earlier"
},
{
"version_value": "Show Off v1.85 en and earlier"
}
]
}
}
]
},
"vendor_name": "SpiQe Software"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in OneThird CMS Show Off v1.85 and earlier. Show Off v1.85 en and earlier allows an attacker to read arbitrary files via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Directory traversal"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#93333702",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN93333702/index.html"
},
{
"name": "https://onethird.net/en/p1307.html",
"refsource": "CONFIRM",
"url": "https://onethird.net/en/p1307.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2017-10907",
"datePublished": "2017-12-22T14:00:00.000Z",
"dateReserved": "2017-07-04T00:00:00.000Z",
"dateUpdated": "2024-08-05T17:50:12.493Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-2124 (GCVE-0-2017-2124)
Vulnerability from cvelistv5 – Published: 2017-04-28 16:00 – Updated: 2024-08-05 13:39
VLAI
Summary
Cross-site scripting vulnerability in OneThird CMS v1.73 Heaven's Door and earlier allows remote attackers to inject arbitrary web script or HTML via contact.php.
Severity
No CVSS data available.
CWE
- Cross-site scripting
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://onethird.net/en/p1277.html | x_refsource_MISC |
| http://www.securityfocus.com/bid/98604 | vdb-entryx_refsource_BID |
| http://jvn.jp/en/jp/JVN13003724/index.html | third-party-advisoryx_refsource_JVN |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| SpiQe Software | OneThird CMS |
Affected:
v1.73 Heaven's Door and earlier
|
Date Public
2017-04-28 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:39:32.332Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://onethird.net/en/p1277.html"
},
{
"name": "98604",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/98604"
},
{
"name": "JVN#13003724",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN13003724/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "OneThird CMS",
"vendor": "SpiQe Software",
"versions": [
{
"status": "affected",
"version": "v1.73 Heaven\u0027s Door and earlier"
}
]
}
],
"datePublic": "2017-04-28T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in OneThird CMS v1.73 Heaven\u0027s Door and earlier allows remote attackers to inject arbitrary web script or HTML via contact.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-05-24T09:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://onethird.net/en/p1277.html"
},
{
"name": "98604",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/98604"
},
{
"name": "JVN#13003724",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN13003724/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-2124",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "OneThird CMS",
"version": {
"version_data": [
{
"version_value": "v1.73 Heaven\u0027s Door and earlier"
}
]
}
}
]
},
"vendor_name": "SpiQe Software"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in OneThird CMS v1.73 Heaven\u0027s Door and earlier allows remote attackers to inject arbitrary web script or HTML via contact.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://onethird.net/en/p1277.html",
"refsource": "MISC",
"url": "https://onethird.net/en/p1277.html"
},
{
"name": "98604",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98604"
},
{
"name": "JVN#13003724",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN13003724/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2017-2124",
"datePublished": "2017-04-28T16:00:00.000Z",
"dateReserved": "2016-12-01T00:00:00.000Z",
"dateUpdated": "2024-08-05T13:39:32.332Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-2123 (GCVE-0-2017-2123)
Vulnerability from cvelistv5 – Published: 2017-04-28 16:00 – Updated: 2024-08-05 13:39
VLAI
Summary
Cross-site scripting vulnerability in OneThird CMS v1.73 Heaven's Door and earlier allows remote attackers to inject arbitrary web script or HTML via language.php.
Severity
No CVSS data available.
CWE
- Cross-site scripting
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/96613 | vdb-entryx_refsource_BID |
| https://onethird.net/en/p1277.html | x_refsource_MISC |
| http://jvn.jp/en/jp/JVN49408248/index.html | third-party-advisoryx_refsource_JVN |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| SpiQe Software | OneThird CMS |
Affected:
v1.73 Heaven's Door and earlier
|
Date Public
2017-04-28 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:39:32.381Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "96613",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/96613"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://onethird.net/en/p1277.html"
},
{
"name": "JVN#49408248",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN49408248/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "OneThird CMS",
"vendor": "SpiQe Software",
"versions": [
{
"status": "affected",
"version": "v1.73 Heaven\u0027s Door and earlier"
}
]
}
],
"datePublic": "2017-04-28T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in OneThird CMS v1.73 Heaven\u0027s Door and earlier allows remote attackers to inject arbitrary web script or HTML via language.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-05-01T09:57:02.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "96613",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/96613"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://onethird.net/en/p1277.html"
},
{
"name": "JVN#49408248",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN49408248/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-2123",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "OneThird CMS",
"version": {
"version_data": [
{
"version_value": "v1.73 Heaven\u0027s Door and earlier"
}
]
}
}
]
},
"vendor_name": "SpiQe Software"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in OneThird CMS v1.73 Heaven\u0027s Door and earlier allows remote attackers to inject arbitrary web script or HTML via language.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "96613",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96613"
},
{
"name": "https://onethird.net/en/p1277.html",
"refsource": "MISC",
"url": "https://onethird.net/en/p1277.html"
},
{
"name": "JVN#49408248",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN49408248/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2017-2123",
"datePublished": "2017-04-28T16:00:00.000Z",
"dateReserved": "2016-12-01T00:00:00.000Z",
"dateUpdated": "2024-08-05T13:39:32.381Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}