Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
12 vulnerabilities by dflabs
CVE-2012-1415 (GCVE-0-2012-1415)
Vulnerability from nvd – Published: 2014-12-28 02:00 – Updated: 2024-08-06 18:53
VLAI
Summary
Cross-site request forgery (CSRF) vulnerability in lib/logout.php in DFLabs PTK 1.0.5 and earlier allows remote attackers to hijack the authentication of administrators or investigators for requests that trigger a logout.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| http://www.exploit-db.com/exploits/18513/ | exploitx_refsource_EXPLOIT-DB |
Date Public
2012-02-22 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:53:37.295Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "18513",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/18513/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-02-22T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in lib/logout.php in DFLabs PTK 1.0.5 and earlier allows remote attackers to hijack the authentication of administrators or investigators for requests that trigger a logout."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-12-28T02:57:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "18513",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/18513/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-1415",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in lib/logout.php in DFLabs PTK 1.0.5 and earlier allows remote attackers to hijack the authentication of administrators or investigators for requests that trigger a logout."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "18513",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/18513/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-1415",
"datePublished": "2014-12-28T02:00:00.000Z",
"dateReserved": "2012-02-28T00:00:00.000Z",
"dateUpdated": "2024-08-06T18:53:37.295Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-5902 (GCVE-0-2012-5902)
Vulnerability from nvd – Published: 2012-11-17 21:00 – Updated: 2024-08-06 21:21
VLAI
Summary
Cross-site scripting (XSS) vulnerability in ptk/lib/modal_bookmark.php in DFLabs PTK 1.0.5 allows remote attackers to inject arbitrary web script or HTML via the arg4 parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://packetstormsecurity.org/files/111360/PTK-1… | x_refsource_MISC |
| http://www.securityfocus.com/bid/52817 | vdb-entryx_refsource_BID |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://osvdb.org/80774 | vdb-entryx_refsource_OSVDB |
Date Public
2012-03-30 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:21:27.938Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.org/files/111360/PTK-1.0.5-Cross-Site-Scripting-Unrestricted-Access.html"
},
{
"name": "52817",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/52817"
},
{
"name": "ptk-modalbookmark-xss(74492)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74492"
},
{
"name": "80774",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/80774"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-03-30T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in ptk/lib/modal_bookmark.php in DFLabs PTK 1.0.5 allows remote attackers to inject arbitrary web script or HTML via the arg4 parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.org/files/111360/PTK-1.0.5-Cross-Site-Scripting-Unrestricted-Access.html"
},
{
"name": "52817",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/52817"
},
{
"name": "ptk-modalbookmark-xss(74492)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74492"
},
{
"name": "80774",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/80774"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-5902",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in ptk/lib/modal_bookmark.php in DFLabs PTK 1.0.5 allows remote attackers to inject arbitrary web script or HTML via the arg4 parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.org/files/111360/PTK-1.0.5-Cross-Site-Scripting-Unrestricted-Access.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/files/111360/PTK-1.0.5-Cross-Site-Scripting-Unrestricted-Access.html"
},
{
"name": "52817",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/52817"
},
{
"name": "ptk-modalbookmark-xss(74492)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74492"
},
{
"name": "80774",
"refsource": "OSVDB",
"url": "http://osvdb.org/80774"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-5902",
"datePublished": "2012-11-17T21:00:00.000Z",
"dateReserved": "2012-11-17T00:00:00.000Z",
"dateUpdated": "2024-08-06T21:21:27.938Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-5901 (GCVE-0-2012-5901)
Vulnerability from nvd – Published: 2012-11-17 21:00 – Updated: 2024-08-06 21:21
VLAI
Summary
DFLabs PTK 1.0.5 stores data files with predictable names under the web document root with insufficient access control, which allows remote attackers to read logs, images, or reports via a direct request to the file in the (1) log, (2) images, or (3) report directory.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://packetstormsecurity.org/files/111360/PTK-1… | x_refsource_MISC |
| http://www.securityfocus.com/bid/52817 | vdb-entryx_refsource_BID |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://secunia.com/advisories/48585 | third-party-advisoryx_refsource_SECUNIA |
| http://osvdb.org/80773 | vdb-entryx_refsource_OSVDB |
Date Public
2012-03-30 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:21:27.740Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.org/files/111360/PTK-1.0.5-Cross-Site-Scripting-Unrestricted-Access.html"
},
{
"name": "52817",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/52817"
},
{
"name": "ptk-info-disclosure(74491)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74491"
},
{
"name": "48585",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48585"
},
{
"name": "80773",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/80773"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-03-30T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "DFLabs PTK 1.0.5 stores data files with predictable names under the web document root with insufficient access control, which allows remote attackers to read logs, images, or reports via a direct request to the file in the (1) log, (2) images, or (3) report directory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.org/files/111360/PTK-1.0.5-Cross-Site-Scripting-Unrestricted-Access.html"
},
{
"name": "52817",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/52817"
},
{
"name": "ptk-info-disclosure(74491)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74491"
},
{
"name": "48585",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48585"
},
{
"name": "80773",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/80773"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-5901",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "DFLabs PTK 1.0.5 stores data files with predictable names under the web document root with insufficient access control, which allows remote attackers to read logs, images, or reports via a direct request to the file in the (1) log, (2) images, or (3) report directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.org/files/111360/PTK-1.0.5-Cross-Site-Scripting-Unrestricted-Access.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/files/111360/PTK-1.0.5-Cross-Site-Scripting-Unrestricted-Access.html"
},
{
"name": "52817",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/52817"
},
{
"name": "ptk-info-disclosure(74491)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74491"
},
{
"name": "48585",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48585"
},
{
"name": "80773",
"refsource": "OSVDB",
"url": "http://osvdb.org/80773"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-5901",
"datePublished": "2012-11-17T21:00:00.000Z",
"dateReserved": "2012-11-17T00:00:00.000Z",
"dateUpdated": "2024-08-06T21:21:27.740Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-6793 (GCVE-0-2008-6793)
Vulnerability from nvd – Published: 2009-05-07 17:00 – Updated: 2024-08-07 11:42
VLAI
Summary
The get_file_type function in lib/file_content.php in DFLabs PTK 0.1, 0.2, and 1.0 allows remote attackers to execute arbitrary commands via shell metacharacters after an arg1= sequence in a filename within a forensic image.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| http://www.ikkisoft.com/stuff/LC-2008-07.txt | x_refsource_MISC |
| http://www.vupen.com/english/advisories/2008/3020 | vdb-entryx_refsource_VUPEN |
| http://osvdb.org/49574 | vdb-entryx_refsource_OSVDB |
| http://www.securityfocus.com/archive/1/498081/100… | mailing-listx_refsource_BUGTRAQ |
| http://secunia.com/advisories/32553 | third-party-advisoryx_refsource_SECUNIA |
| https://www.exploit-db.com/exploits/7001 | exploitx_refsource_EXPLOIT-DB |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.securityfocus.com/bid/32128 | vdb-entryx_refsource_BID |
Date Public
2008-11-05 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:42:00.751Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ikkisoft.com/stuff/LC-2008-07.txt"
},
{
"name": "ADV-2008-3020",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/3020"
},
{
"name": "49574",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/49574"
},
{
"name": "20081105 DFLabs PTK Forensic Local Command Execution Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/498081/100/0/threaded"
},
{
"name": "32553",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32553"
},
{
"name": "7001",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/7001"
},
{
"name": "ptk-getfiletype-command-execution(46380)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46380"
},
{
"name": "32128",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/32128"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-11-05T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The get_file_type function in lib/file_content.php in DFLabs PTK 0.1, 0.2, and 1.0 allows remote attackers to execute arbitrary commands via shell metacharacters after an arg1= sequence in a filename within a forensic image."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ikkisoft.com/stuff/LC-2008-07.txt"
},
{
"name": "ADV-2008-3020",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/3020"
},
{
"name": "49574",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/49574"
},
{
"name": "20081105 DFLabs PTK Forensic Local Command Execution Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/498081/100/0/threaded"
},
{
"name": "32553",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32553"
},
{
"name": "7001",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/7001"
},
{
"name": "ptk-getfiletype-command-execution(46380)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46380"
},
{
"name": "32128",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/32128"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6793",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The get_file_type function in lib/file_content.php in DFLabs PTK 0.1, 0.2, and 1.0 allows remote attackers to execute arbitrary commands via shell metacharacters after an arg1= sequence in a filename within a forensic image."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ikkisoft.com/stuff/LC-2008-07.txt",
"refsource": "MISC",
"url": "http://www.ikkisoft.com/stuff/LC-2008-07.txt"
},
{
"name": "ADV-2008-3020",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/3020"
},
{
"name": "49574",
"refsource": "OSVDB",
"url": "http://osvdb.org/49574"
},
{
"name": "20081105 DFLabs PTK Forensic Local Command Execution Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/498081/100/0/threaded"
},
{
"name": "32553",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32553"
},
{
"name": "7001",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/7001"
},
{
"name": "ptk-getfiletype-command-execution(46380)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46380"
},
{
"name": "32128",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32128"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-6793",
"datePublished": "2009-05-07T17:00:00.000Z",
"dateReserved": "2009-05-07T00:00:00.000Z",
"dateUpdated": "2024-08-07T11:42:00.751Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-0918 (GCVE-0-2009-0918)
Vulnerability from nvd – Published: 2009-03-16 19:00 – Updated: 2024-08-07 04:57
VLAI
Summary
Multiple unspecified vulnerabilities in DFLabs PTK 1.0.0 through 1.0.4 allow remote attackers to execute arbitrary commands in processes launched by PTK's Apache HTTP Server via (1) "external tools" or (2) a crafted forensic image.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://www.kb.cert.org/vuls/id/RGII-7Q4GBJ | x_refsource_CONFIRM |
| http://ptk.dflabs.com/faq.html | x_refsource_CONFIRM |
| http://www.kb.cert.org/vuls/id/845747 | third-party-advisoryx_refsource_CERT-VN |
| http://www.securityfocus.com/bid/34111 | vdb-entryx_refsource_BID |
| http://ptk.dflabs.com/security.html | x_refsource_CONFIRM |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Date Public
2009-03-13 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:57:16.412Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/RGII-7Q4GBJ"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://ptk.dflabs.com/faq.html"
},
{
"name": "VU#845747",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/845747"
},
{
"name": "34111",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/34111"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://ptk.dflabs.com/security.html"
},
{
"name": "ptk-unspecified-command-execution(49235)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49235"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-03-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple unspecified vulnerabilities in DFLabs PTK 1.0.0 through 1.0.4 allow remote attackers to execute arbitrary commands in processes launched by PTK\u0027s Apache HTTP Server via (1) \"external tools\" or (2) a crafted forensic image."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.kb.cert.org/vuls/id/RGII-7Q4GBJ"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://ptk.dflabs.com/faq.html"
},
{
"name": "VU#845747",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/845747"
},
{
"name": "34111",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/34111"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://ptk.dflabs.com/security.html"
},
{
"name": "ptk-unspecified-command-execution(49235)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49235"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0918",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple unspecified vulnerabilities in DFLabs PTK 1.0.0 through 1.0.4 allow remote attackers to execute arbitrary commands in processes launched by PTK\u0027s Apache HTTP Server via (1) \"external tools\" or (2) a crafted forensic image."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.kb.cert.org/vuls/id/RGII-7Q4GBJ",
"refsource": "CONFIRM",
"url": "http://www.kb.cert.org/vuls/id/RGII-7Q4GBJ"
},
{
"name": "http://ptk.dflabs.com/faq.html",
"refsource": "CONFIRM",
"url": "http://ptk.dflabs.com/faq.html"
},
{
"name": "VU#845747",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/845747"
},
{
"name": "34111",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34111"
},
{
"name": "http://ptk.dflabs.com/security.html",
"refsource": "CONFIRM",
"url": "http://ptk.dflabs.com/security.html"
},
{
"name": "ptk-unspecified-command-execution(49235)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49235"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-0918",
"datePublished": "2009-03-16T19:00:00.000Z",
"dateReserved": "2009-03-16T00:00:00.000Z",
"dateUpdated": "2024-08-07T04:57:16.412Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-0917 (GCVE-0-2009-0917)
Vulnerability from nvd – Published: 2009-03-16 19:00 – Updated: 2024-08-07 04:57
VLAI
Summary
Cross-site scripting (XSS) vulnerability in DFLabs PTK 1.0.0 through 1.0.4 allows remote attackers to inject arbitrary web script or HTML by providing a forensic image containing HTML documents, which are rendered in web browsers during inspection by PTK. NOTE: the vendor states that the product is intended for use in a laboratory with "no contact from / to internet."
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| http://ptk.dflabs.com/security.html | x_refsource_MISC |
| http://secunia.com/advisories/34257 | third-party-advisoryx_refsource_SECUNIA |
| http://www.kb.cert.org/vuls/id/845747 | third-party-advisoryx_refsource_CERT-VN |
| http://www.securityfocus.com/bid/34111 | vdb-entryx_refsource_BID |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://ptk.dflabs.com/faq.html | x_refsource_MISC |
| http://www.kb.cert.org/vuls/id/RGII-7Q4GBJ | x_refsource_MISC |
Date Public
2009-03-13 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:57:16.413Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://ptk.dflabs.com/security.html"
},
{
"name": "34257",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34257"
},
{
"name": "VU#845747",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/845747"
},
{
"name": "34111",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/34111"
},
{
"name": "ptk-unspecified-xss(49236)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49236"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://ptk.dflabs.com/faq.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/RGII-7Q4GBJ"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-03-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in DFLabs PTK 1.0.0 through 1.0.4 allows remote attackers to inject arbitrary web script or HTML by providing a forensic image containing HTML documents, which are rendered in web browsers during inspection by PTK. NOTE: the vendor states that the product is intended for use in a laboratory with \"no contact from / to internet.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://ptk.dflabs.com/security.html"
},
{
"name": "34257",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34257"
},
{
"name": "VU#845747",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/845747"
},
{
"name": "34111",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/34111"
},
{
"name": "ptk-unspecified-xss(49236)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49236"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://ptk.dflabs.com/faq.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.kb.cert.org/vuls/id/RGII-7Q4GBJ"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0917",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in DFLabs PTK 1.0.0 through 1.0.4 allows remote attackers to inject arbitrary web script or HTML by providing a forensic image containing HTML documents, which are rendered in web browsers during inspection by PTK. NOTE: the vendor states that the product is intended for use in a laboratory with \"no contact from / to internet.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://ptk.dflabs.com/security.html",
"refsource": "MISC",
"url": "http://ptk.dflabs.com/security.html"
},
{
"name": "34257",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34257"
},
{
"name": "VU#845747",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/845747"
},
{
"name": "34111",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34111"
},
{
"name": "ptk-unspecified-xss(49236)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49236"
},
{
"name": "http://ptk.dflabs.com/faq.html",
"refsource": "MISC",
"url": "http://ptk.dflabs.com/faq.html"
},
{
"name": "http://www.kb.cert.org/vuls/id/RGII-7Q4GBJ",
"refsource": "MISC",
"url": "http://www.kb.cert.org/vuls/id/RGII-7Q4GBJ"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-0917",
"datePublished": "2009-03-16T19:00:00.000Z",
"dateReserved": "2009-03-16T00:00:00.000Z",
"dateUpdated": "2024-08-07T04:57:16.413Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-1415 (GCVE-0-2012-1415)
Vulnerability from cvelistv5 – Published: 2014-12-28 02:00 – Updated: 2024-08-06 18:53
VLAI
Summary
Cross-site request forgery (CSRF) vulnerability in lib/logout.php in DFLabs PTK 1.0.5 and earlier allows remote attackers to hijack the authentication of administrators or investigators for requests that trigger a logout.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| http://www.exploit-db.com/exploits/18513/ | exploitx_refsource_EXPLOIT-DB |
Date Public
2012-02-22 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:53:37.295Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "18513",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/18513/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-02-22T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in lib/logout.php in DFLabs PTK 1.0.5 and earlier allows remote attackers to hijack the authentication of administrators or investigators for requests that trigger a logout."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-12-28T02:57:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "18513",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/18513/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-1415",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in lib/logout.php in DFLabs PTK 1.0.5 and earlier allows remote attackers to hijack the authentication of administrators or investigators for requests that trigger a logout."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "18513",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/18513/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-1415",
"datePublished": "2014-12-28T02:00:00.000Z",
"dateReserved": "2012-02-28T00:00:00.000Z",
"dateUpdated": "2024-08-06T18:53:37.295Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-5902 (GCVE-0-2012-5902)
Vulnerability from cvelistv5 – Published: 2012-11-17 21:00 – Updated: 2024-08-06 21:21
VLAI
Summary
Cross-site scripting (XSS) vulnerability in ptk/lib/modal_bookmark.php in DFLabs PTK 1.0.5 allows remote attackers to inject arbitrary web script or HTML via the arg4 parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://packetstormsecurity.org/files/111360/PTK-1… | x_refsource_MISC |
| http://www.securityfocus.com/bid/52817 | vdb-entryx_refsource_BID |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://osvdb.org/80774 | vdb-entryx_refsource_OSVDB |
Date Public
2012-03-30 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:21:27.938Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.org/files/111360/PTK-1.0.5-Cross-Site-Scripting-Unrestricted-Access.html"
},
{
"name": "52817",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/52817"
},
{
"name": "ptk-modalbookmark-xss(74492)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74492"
},
{
"name": "80774",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/80774"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-03-30T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in ptk/lib/modal_bookmark.php in DFLabs PTK 1.0.5 allows remote attackers to inject arbitrary web script or HTML via the arg4 parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.org/files/111360/PTK-1.0.5-Cross-Site-Scripting-Unrestricted-Access.html"
},
{
"name": "52817",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/52817"
},
{
"name": "ptk-modalbookmark-xss(74492)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74492"
},
{
"name": "80774",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/80774"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-5902",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in ptk/lib/modal_bookmark.php in DFLabs PTK 1.0.5 allows remote attackers to inject arbitrary web script or HTML via the arg4 parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.org/files/111360/PTK-1.0.5-Cross-Site-Scripting-Unrestricted-Access.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/files/111360/PTK-1.0.5-Cross-Site-Scripting-Unrestricted-Access.html"
},
{
"name": "52817",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/52817"
},
{
"name": "ptk-modalbookmark-xss(74492)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74492"
},
{
"name": "80774",
"refsource": "OSVDB",
"url": "http://osvdb.org/80774"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-5902",
"datePublished": "2012-11-17T21:00:00.000Z",
"dateReserved": "2012-11-17T00:00:00.000Z",
"dateUpdated": "2024-08-06T21:21:27.938Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-5901 (GCVE-0-2012-5901)
Vulnerability from cvelistv5 – Published: 2012-11-17 21:00 – Updated: 2024-08-06 21:21
VLAI
Summary
DFLabs PTK 1.0.5 stores data files with predictable names under the web document root with insufficient access control, which allows remote attackers to read logs, images, or reports via a direct request to the file in the (1) log, (2) images, or (3) report directory.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://packetstormsecurity.org/files/111360/PTK-1… | x_refsource_MISC |
| http://www.securityfocus.com/bid/52817 | vdb-entryx_refsource_BID |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://secunia.com/advisories/48585 | third-party-advisoryx_refsource_SECUNIA |
| http://osvdb.org/80773 | vdb-entryx_refsource_OSVDB |
Date Public
2012-03-30 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:21:27.740Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.org/files/111360/PTK-1.0.5-Cross-Site-Scripting-Unrestricted-Access.html"
},
{
"name": "52817",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/52817"
},
{
"name": "ptk-info-disclosure(74491)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74491"
},
{
"name": "48585",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48585"
},
{
"name": "80773",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/80773"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-03-30T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "DFLabs PTK 1.0.5 stores data files with predictable names under the web document root with insufficient access control, which allows remote attackers to read logs, images, or reports via a direct request to the file in the (1) log, (2) images, or (3) report directory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.org/files/111360/PTK-1.0.5-Cross-Site-Scripting-Unrestricted-Access.html"
},
{
"name": "52817",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/52817"
},
{
"name": "ptk-info-disclosure(74491)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74491"
},
{
"name": "48585",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48585"
},
{
"name": "80773",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/80773"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-5901",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "DFLabs PTK 1.0.5 stores data files with predictable names under the web document root with insufficient access control, which allows remote attackers to read logs, images, or reports via a direct request to the file in the (1) log, (2) images, or (3) report directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.org/files/111360/PTK-1.0.5-Cross-Site-Scripting-Unrestricted-Access.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/files/111360/PTK-1.0.5-Cross-Site-Scripting-Unrestricted-Access.html"
},
{
"name": "52817",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/52817"
},
{
"name": "ptk-info-disclosure(74491)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74491"
},
{
"name": "48585",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48585"
},
{
"name": "80773",
"refsource": "OSVDB",
"url": "http://osvdb.org/80773"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-5901",
"datePublished": "2012-11-17T21:00:00.000Z",
"dateReserved": "2012-11-17T00:00:00.000Z",
"dateUpdated": "2024-08-06T21:21:27.740Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-6793 (GCVE-0-2008-6793)
Vulnerability from cvelistv5 – Published: 2009-05-07 17:00 – Updated: 2024-08-07 11:42
VLAI
Summary
The get_file_type function in lib/file_content.php in DFLabs PTK 0.1, 0.2, and 1.0 allows remote attackers to execute arbitrary commands via shell metacharacters after an arg1= sequence in a filename within a forensic image.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| http://www.ikkisoft.com/stuff/LC-2008-07.txt | x_refsource_MISC |
| http://www.vupen.com/english/advisories/2008/3020 | vdb-entryx_refsource_VUPEN |
| http://osvdb.org/49574 | vdb-entryx_refsource_OSVDB |
| http://www.securityfocus.com/archive/1/498081/100… | mailing-listx_refsource_BUGTRAQ |
| http://secunia.com/advisories/32553 | third-party-advisoryx_refsource_SECUNIA |
| https://www.exploit-db.com/exploits/7001 | exploitx_refsource_EXPLOIT-DB |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.securityfocus.com/bid/32128 | vdb-entryx_refsource_BID |
Date Public
2008-11-05 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:42:00.751Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ikkisoft.com/stuff/LC-2008-07.txt"
},
{
"name": "ADV-2008-3020",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/3020"
},
{
"name": "49574",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/49574"
},
{
"name": "20081105 DFLabs PTK Forensic Local Command Execution Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/498081/100/0/threaded"
},
{
"name": "32553",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32553"
},
{
"name": "7001",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/7001"
},
{
"name": "ptk-getfiletype-command-execution(46380)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46380"
},
{
"name": "32128",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/32128"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-11-05T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The get_file_type function in lib/file_content.php in DFLabs PTK 0.1, 0.2, and 1.0 allows remote attackers to execute arbitrary commands via shell metacharacters after an arg1= sequence in a filename within a forensic image."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ikkisoft.com/stuff/LC-2008-07.txt"
},
{
"name": "ADV-2008-3020",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/3020"
},
{
"name": "49574",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/49574"
},
{
"name": "20081105 DFLabs PTK Forensic Local Command Execution Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/498081/100/0/threaded"
},
{
"name": "32553",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32553"
},
{
"name": "7001",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/7001"
},
{
"name": "ptk-getfiletype-command-execution(46380)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46380"
},
{
"name": "32128",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/32128"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6793",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The get_file_type function in lib/file_content.php in DFLabs PTK 0.1, 0.2, and 1.0 allows remote attackers to execute arbitrary commands via shell metacharacters after an arg1= sequence in a filename within a forensic image."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ikkisoft.com/stuff/LC-2008-07.txt",
"refsource": "MISC",
"url": "http://www.ikkisoft.com/stuff/LC-2008-07.txt"
},
{
"name": "ADV-2008-3020",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/3020"
},
{
"name": "49574",
"refsource": "OSVDB",
"url": "http://osvdb.org/49574"
},
{
"name": "20081105 DFLabs PTK Forensic Local Command Execution Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/498081/100/0/threaded"
},
{
"name": "32553",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32553"
},
{
"name": "7001",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/7001"
},
{
"name": "ptk-getfiletype-command-execution(46380)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46380"
},
{
"name": "32128",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32128"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-6793",
"datePublished": "2009-05-07T17:00:00.000Z",
"dateReserved": "2009-05-07T00:00:00.000Z",
"dateUpdated": "2024-08-07T11:42:00.751Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-0918 (GCVE-0-2009-0918)
Vulnerability from cvelistv5 – Published: 2009-03-16 19:00 – Updated: 2024-08-07 04:57
VLAI
Summary
Multiple unspecified vulnerabilities in DFLabs PTK 1.0.0 through 1.0.4 allow remote attackers to execute arbitrary commands in processes launched by PTK's Apache HTTP Server via (1) "external tools" or (2) a crafted forensic image.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://www.kb.cert.org/vuls/id/RGII-7Q4GBJ | x_refsource_CONFIRM |
| http://ptk.dflabs.com/faq.html | x_refsource_CONFIRM |
| http://www.kb.cert.org/vuls/id/845747 | third-party-advisoryx_refsource_CERT-VN |
| http://www.securityfocus.com/bid/34111 | vdb-entryx_refsource_BID |
| http://ptk.dflabs.com/security.html | x_refsource_CONFIRM |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Date Public
2009-03-13 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:57:16.412Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/RGII-7Q4GBJ"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://ptk.dflabs.com/faq.html"
},
{
"name": "VU#845747",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/845747"
},
{
"name": "34111",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/34111"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://ptk.dflabs.com/security.html"
},
{
"name": "ptk-unspecified-command-execution(49235)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49235"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-03-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple unspecified vulnerabilities in DFLabs PTK 1.0.0 through 1.0.4 allow remote attackers to execute arbitrary commands in processes launched by PTK\u0027s Apache HTTP Server via (1) \"external tools\" or (2) a crafted forensic image."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.kb.cert.org/vuls/id/RGII-7Q4GBJ"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://ptk.dflabs.com/faq.html"
},
{
"name": "VU#845747",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/845747"
},
{
"name": "34111",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/34111"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://ptk.dflabs.com/security.html"
},
{
"name": "ptk-unspecified-command-execution(49235)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49235"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0918",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple unspecified vulnerabilities in DFLabs PTK 1.0.0 through 1.0.4 allow remote attackers to execute arbitrary commands in processes launched by PTK\u0027s Apache HTTP Server via (1) \"external tools\" or (2) a crafted forensic image."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.kb.cert.org/vuls/id/RGII-7Q4GBJ",
"refsource": "CONFIRM",
"url": "http://www.kb.cert.org/vuls/id/RGII-7Q4GBJ"
},
{
"name": "http://ptk.dflabs.com/faq.html",
"refsource": "CONFIRM",
"url": "http://ptk.dflabs.com/faq.html"
},
{
"name": "VU#845747",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/845747"
},
{
"name": "34111",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34111"
},
{
"name": "http://ptk.dflabs.com/security.html",
"refsource": "CONFIRM",
"url": "http://ptk.dflabs.com/security.html"
},
{
"name": "ptk-unspecified-command-execution(49235)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49235"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-0918",
"datePublished": "2009-03-16T19:00:00.000Z",
"dateReserved": "2009-03-16T00:00:00.000Z",
"dateUpdated": "2024-08-07T04:57:16.412Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-0917 (GCVE-0-2009-0917)
Vulnerability from cvelistv5 – Published: 2009-03-16 19:00 – Updated: 2024-08-07 04:57
VLAI
Summary
Cross-site scripting (XSS) vulnerability in DFLabs PTK 1.0.0 through 1.0.4 allows remote attackers to inject arbitrary web script or HTML by providing a forensic image containing HTML documents, which are rendered in web browsers during inspection by PTK. NOTE: the vendor states that the product is intended for use in a laboratory with "no contact from / to internet."
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| http://ptk.dflabs.com/security.html | x_refsource_MISC |
| http://secunia.com/advisories/34257 | third-party-advisoryx_refsource_SECUNIA |
| http://www.kb.cert.org/vuls/id/845747 | third-party-advisoryx_refsource_CERT-VN |
| http://www.securityfocus.com/bid/34111 | vdb-entryx_refsource_BID |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://ptk.dflabs.com/faq.html | x_refsource_MISC |
| http://www.kb.cert.org/vuls/id/RGII-7Q4GBJ | x_refsource_MISC |
Date Public
2009-03-13 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:57:16.413Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://ptk.dflabs.com/security.html"
},
{
"name": "34257",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34257"
},
{
"name": "VU#845747",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/845747"
},
{
"name": "34111",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/34111"
},
{
"name": "ptk-unspecified-xss(49236)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49236"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://ptk.dflabs.com/faq.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/RGII-7Q4GBJ"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-03-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in DFLabs PTK 1.0.0 through 1.0.4 allows remote attackers to inject arbitrary web script or HTML by providing a forensic image containing HTML documents, which are rendered in web browsers during inspection by PTK. NOTE: the vendor states that the product is intended for use in a laboratory with \"no contact from / to internet.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://ptk.dflabs.com/security.html"
},
{
"name": "34257",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34257"
},
{
"name": "VU#845747",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/845747"
},
{
"name": "34111",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/34111"
},
{
"name": "ptk-unspecified-xss(49236)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49236"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://ptk.dflabs.com/faq.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.kb.cert.org/vuls/id/RGII-7Q4GBJ"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0917",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in DFLabs PTK 1.0.0 through 1.0.4 allows remote attackers to inject arbitrary web script or HTML by providing a forensic image containing HTML documents, which are rendered in web browsers during inspection by PTK. NOTE: the vendor states that the product is intended for use in a laboratory with \"no contact from / to internet.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://ptk.dflabs.com/security.html",
"refsource": "MISC",
"url": "http://ptk.dflabs.com/security.html"
},
{
"name": "34257",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34257"
},
{
"name": "VU#845747",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/845747"
},
{
"name": "34111",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34111"
},
{
"name": "ptk-unspecified-xss(49236)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49236"
},
{
"name": "http://ptk.dflabs.com/faq.html",
"refsource": "MISC",
"url": "http://ptk.dflabs.com/faq.html"
},
{
"name": "http://www.kb.cert.org/vuls/id/RGII-7Q4GBJ",
"refsource": "MISC",
"url": "http://www.kb.cert.org/vuls/id/RGII-7Q4GBJ"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-0917",
"datePublished": "2009-03-16T19:00:00.000Z",
"dateReserved": "2009-03-16T00:00:00.000Z",
"dateUpdated": "2024-08-07T04:57:16.413Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}