Search criteria
10 vulnerabilities by jamroom
CVE-2012-6705 (GCVE-0-2012-6705)
Vulnerability from cvelistv5 – Published: 2017-06-03 22:00 – Updated: 2024-09-16 23:51
VLAI
Summary
Cross Site Scripting (XSS) exists in Jamroom before 4.2.7 via the Status Update field.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/52073 | vdb-entryx_refsource_BID |
| http://st2tea.blogspot.com/2012/02/jamroom-cross-… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:36:02.223Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "52073",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/52073"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://st2tea.blogspot.com/2012/02/jamroom-cross-site-scripting.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross Site Scripting (XSS) exists in Jamroom before 4.2.7 via the Status Update field."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-03T22:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "52073",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/52073"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://st2tea.blogspot.com/2012/02/jamroom-cross-site-scripting.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-6705",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross Site Scripting (XSS) exists in Jamroom before 4.2.7 via the Status Update field."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "52073",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/52073"
},
{
"name": "http://st2tea.blogspot.com/2012/02/jamroom-cross-site-scripting.html",
"refsource": "MISC",
"url": "http://st2tea.blogspot.com/2012/02/jamroom-cross-site-scripting.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-6705",
"datePublished": "2017-06-03T22:00:00.000Z",
"dateReserved": "2017-06-03T00:00:00.000Z",
"dateUpdated": "2024-09-16T23:51:29.795Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-5098 (GCVE-0-2014-5098)
Vulnerability from cvelistv5 – Published: 2014-10-20 15:00 – Updated: 2024-08-06 11:34
VLAI
Summary
Cross-site scripting (XSS) vulnerability in the Search module before 1.2.2 in Jamroom allows remote attackers to inject arbitrary web script or HTML via the query string to search/results/.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://packetstormsecurity.com/files/127854/Jamro… | x_refsource_MISC |
| https://www.htbridge.com/advisory/HTB23224 | x_refsource_MISC |
| http://www.securityfocus.com/archive/1/533120/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.securityfocus.com/bid/69219 | vdb-entryx_refsource_BID |
| https://www.jamroom.net/the-jamroom-network/netwo… | x_refsource_CONFIRM |
Date Public
2014-08-13 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:34:37.409Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/127854/Jamroom-5.2.6-Cross-Site-Scripting.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.htbridge.com/advisory/HTB23224"
},
{
"name": "20140813 Reflected Cross-Site Scripting (XSS) in Jamroom",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/533120/100/0/threaded"
},
{
"name": "69219",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/69219"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.jamroom.net/the-jamroom-network/networkmarket/43/search?expanded_changelog=1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-08-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Search module before 1.2.2 in Jamroom allows remote attackers to inject arbitrary web script or HTML via the query string to search/results/."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/127854/Jamroom-5.2.6-Cross-Site-Scripting.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.htbridge.com/advisory/HTB23224"
},
{
"name": "20140813 Reflected Cross-Site Scripting (XSS) in Jamroom",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/533120/100/0/threaded"
},
{
"name": "69219",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/69219"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.jamroom.net/the-jamroom-network/networkmarket/43/search?expanded_changelog=1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-5098",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Search module before 1.2.2 in Jamroom allows remote attackers to inject arbitrary web script or HTML via the query string to search/results/."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/127854/Jamroom-5.2.6-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/127854/Jamroom-5.2.6-Cross-Site-Scripting.html"
},
{
"name": "https://www.htbridge.com/advisory/HTB23224",
"refsource": "MISC",
"url": "https://www.htbridge.com/advisory/HTB23224"
},
{
"name": "20140813 Reflected Cross-Site Scripting (XSS) in Jamroom",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/533120/100/0/threaded"
},
{
"name": "69219",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/69219"
},
{
"name": "https://www.jamroom.net/the-jamroom-network/networkmarket/43/search?expanded_changelog=1",
"refsource": "CONFIRM",
"url": "https://www.jamroom.net/the-jamroom-network/networkmarket/43/search?expanded_changelog=1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-5098",
"datePublished": "2014-10-20T15:00:00.000Z",
"dateReserved": "2014-07-24T00:00:00.000Z",
"dateUpdated": "2024-08-06T11:34:37.409Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-6804 (GCVE-0-2013-6804)
Vulnerability from cvelistv5 – Published: 2013-12-05 18:00 – Updated: 2024-08-06 17:46
VLAI
Summary
Cross-site scripting (XSS) vulnerability in the Search module before 1.1.1 for Jamroom allows remote attackers to inject arbitrary web script or HTML via the search_string parameter to search/results/all/1/4.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://www.jamroom.net/the-jamroom-network/netwo… | x_refsource_CONFIRM |
| https://www.htbridge.com/advisory/HTB23184 | x_refsource_MISC |
| http://secunia.com/advisories/55886 | third-party-advisoryx_refsource_SECUNIA |
| https://www.jamroom.net/the-jamroom-network/track… | x_refsource_CONFIRM |
Date Public
2013-12-04 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:46:23.708Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.jamroom.net/the-jamroom-network/networkmarket/43/search/expanded_changelog=1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.htbridge.com/advisory/HTB23184"
},
{
"name": "55886",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/55886"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.jamroom.net/the-jamroom-network/tracker/128/xss-vulnerability-in-search-module"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-12-04T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Search module before 1.1.1 for Jamroom allows remote attackers to inject arbitrary web script or HTML via the search_string parameter to search/results/all/1/4."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-12-05T17:57:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.jamroom.net/the-jamroom-network/networkmarket/43/search/expanded_changelog=1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.htbridge.com/advisory/HTB23184"
},
{
"name": "55886",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/55886"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.jamroom.net/the-jamroom-network/tracker/128/xss-vulnerability-in-search-module"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-6804",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Search module before 1.1.1 for Jamroom allows remote attackers to inject arbitrary web script or HTML via the search_string parameter to search/results/all/1/4."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.jamroom.net/the-jamroom-network/networkmarket/43/search/expanded_changelog=1",
"refsource": "CONFIRM",
"url": "https://www.jamroom.net/the-jamroom-network/networkmarket/43/search/expanded_changelog=1"
},
{
"name": "https://www.htbridge.com/advisory/HTB23184",
"refsource": "MISC",
"url": "https://www.htbridge.com/advisory/HTB23184"
},
{
"name": "55886",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/55886"
},
{
"name": "https://www.jamroom.net/the-jamroom-network/tracker/128/xss-vulnerability-in-search-module",
"refsource": "CONFIRM",
"url": "https://www.jamroom.net/the-jamroom-network/tracker/128/xss-vulnerability-in-search-module"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-6804",
"datePublished": "2013-12-05T18:00:00.000Z",
"dateReserved": "2013-11-17T00:00:00.000Z",
"dateUpdated": "2024-08-06T17:46:23.708Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-2463 (GCVE-0-2010-2463)
Vulnerability from cvelistv5 – Published: 2010-06-25 21:00 – Updated: 2024-09-16 19:10
VLAI
Summary
Cross-site scripting (XSS) vulnerability in forum.php in Jamroom before 4.1.9 allows remote attackers to inject arbitrary web script or HTML via the post_id parameter in a modify action.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://www.jamroom.net/index.php?m=td_tracker&o=v… | x_refsource_CONFIRM |
| http://www.htbridge.ch/advisory/xss_vulnerability… | x_refsource_MISC |
| http://secunia.com/advisories/40259 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/bid/41071 | vdb-entryx_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T02:32:16.771Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.jamroom.net/index.php?m=td_tracker\u0026o=view\u0026id=1756"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.htbridge.ch/advisory/xss_vulnerability_in_jamroom.html"
},
{
"name": "40259",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/40259"
},
{
"name": "41071",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/41071"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in forum.php in Jamroom before 4.1.9 allows remote attackers to inject arbitrary web script or HTML via the post_id parameter in a modify action."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-06-25T21:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.jamroom.net/index.php?m=td_tracker\u0026o=view\u0026id=1756"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.htbridge.ch/advisory/xss_vulnerability_in_jamroom.html"
},
{
"name": "40259",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/40259"
},
{
"name": "41071",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/41071"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2463",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in forum.php in Jamroom before 4.1.9 allows remote attackers to inject arbitrary web script or HTML via the post_id parameter in a modify action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.jamroom.net/index.php?m=td_tracker\u0026o=view\u0026id=1756",
"refsource": "CONFIRM",
"url": "http://www.jamroom.net/index.php?m=td_tracker\u0026o=view\u0026id=1756"
},
{
"name": "http://www.htbridge.ch/advisory/xss_vulnerability_in_jamroom.html",
"refsource": "MISC",
"url": "http://www.htbridge.ch/advisory/xss_vulnerability_in_jamroom.html"
},
{
"name": "40259",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40259"
},
{
"name": "41071",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/41071"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-2463",
"datePublished": "2010-06-25T21:00:00.000Z",
"dateReserved": "2010-06-25T00:00:00.000Z",
"dateUpdated": "2024-09-16T19:10:34.395Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-1318 (GCVE-0-2009-1318)
Vulnerability from cvelistv5 – Published: 2009-04-17 10:00 – Updated: 2024-08-07 05:04
VLAI
Summary
Directory traversal vulnerability in index.php in Jamroom 3.1.2, 3.2.3 through 3.2.6, 4.0.2, and possibly other versions before 3.4.0 allows remote attackers to include arbitrary files via directory traversal sequences in the t parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/8423 | exploitx_refsource_EXPLOIT-DB |
| http://www.jamroom.net/index.php?m=td_tracker&o=v… | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/34511 | vdb-entryx_refsource_BID |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Date Public
2009-04-14 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:04:49.542Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "8423",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/8423"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.jamroom.net/index.php?m=td_tracker\u0026o=view\u0026id=1470"
},
{
"name": "34511",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/34511"
},
{
"name": "jamroom-index-file-include(49869)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49869"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-04-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in index.php in Jamroom 3.1.2, 3.2.3 through 3.2.6, 4.0.2, and possibly other versions before 3.4.0 allows remote attackers to include arbitrary files via directory traversal sequences in the t parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "8423",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/8423"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.jamroom.net/index.php?m=td_tracker\u0026o=view\u0026id=1470"
},
{
"name": "34511",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/34511"
},
{
"name": "jamroom-index-file-include(49869)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49869"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1318",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in index.php in Jamroom 3.1.2, 3.2.3 through 3.2.6, 4.0.2, and possibly other versions before 3.4.0 allows remote attackers to include arbitrary files via directory traversal sequences in the t parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "8423",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/8423"
},
{
"name": "http://www.jamroom.net/index.php?m=td_tracker\u0026o=view\u0026id=1470",
"refsource": "CONFIRM",
"url": "http://www.jamroom.net/index.php?m=td_tracker\u0026o=view\u0026id=1470"
},
{
"name": "34511",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34511"
},
{
"name": "jamroom-index-file-include(49869)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49869"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-1318",
"datePublished": "2009-04-17T10:00:00.000Z",
"dateReserved": "2009-04-16T00:00:00.000Z",
"dateUpdated": "2024-08-07T05:04:49.542Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-3375 (GCVE-0-2008-3375)
Vulnerability from cvelistv5 – Published: 2008-07-30 17:00 – Updated: 2024-08-07 09:37
VLAI
Summary
The jrCookie function in includes/jamroom-misc.inc.php in JamRoom before 3.4.0 allows remote attackers to bypass authentication and gain administrative access via a boolean value within serialized data in a JMU_Cookie cookie.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| http://secunia.com/advisories/31249 | third-party-advisoryx_refsource_SECUNIA |
| http://www.gulftech.org/?node=research&article_id… | x_refsource_MISC |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.jamroom.net/phpBB2/viewtopic.php?t=24454 | x_refsource_CONFIRM |
| http://www.securityfocus.com/archive/1/494820/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.jamroom.net/index.php?m=td_tracker&o=v… | x_refsource_CONFIRM |
| http://securityreason.com/securityalert/4069 | third-party-advisoryx_refsource_SREASON |
| http://www.securityfocus.com/bid/30406 | vdb-entryx_refsource_BID |
Date Public
2008-07-28 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:37:26.729Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "31249",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31249"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.gulftech.org/?node=research\u0026article_id=00117-07282008"
},
{
"name": "jamroom-jamroommiscinc-auth-bypass(44048)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44048"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.jamroom.net/phpBB2/viewtopic.php?t=24454"
},
{
"name": "20080728 JamRoom \u003c= 3.3.8 Authentication Bypass",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/494820/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.jamroom.net/index.php?m=td_tracker\u0026o=view\u0026id=1178"
},
{
"name": "4069",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/4069"
},
{
"name": "30406",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30406"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-07-28T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The jrCookie function in includes/jamroom-misc.inc.php in JamRoom before 3.4.0 allows remote attackers to bypass authentication and gain administrative access via a boolean value within serialized data in a JMU_Cookie cookie."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "31249",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31249"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.gulftech.org/?node=research\u0026article_id=00117-07282008"
},
{
"name": "jamroom-jamroommiscinc-auth-bypass(44048)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44048"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.jamroom.net/phpBB2/viewtopic.php?t=24454"
},
{
"name": "20080728 JamRoom \u003c= 3.3.8 Authentication Bypass",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/494820/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.jamroom.net/index.php?m=td_tracker\u0026o=view\u0026id=1178"
},
{
"name": "4069",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/4069"
},
{
"name": "30406",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30406"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3375",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The jrCookie function in includes/jamroom-misc.inc.php in JamRoom before 3.4.0 allows remote attackers to bypass authentication and gain administrative access via a boolean value within serialized data in a JMU_Cookie cookie."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "31249",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31249"
},
{
"name": "http://www.gulftech.org/?node=research\u0026article_id=00117-07282008",
"refsource": "MISC",
"url": "http://www.gulftech.org/?node=research\u0026article_id=00117-07282008"
},
{
"name": "jamroom-jamroommiscinc-auth-bypass(44048)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44048"
},
{
"name": "http://www.jamroom.net/phpBB2/viewtopic.php?t=24454",
"refsource": "CONFIRM",
"url": "http://www.jamroom.net/phpBB2/viewtopic.php?t=24454"
},
{
"name": "20080728 JamRoom \u003c= 3.3.8 Authentication Bypass",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/494820/100/0/threaded"
},
{
"name": "http://www.jamroom.net/index.php?m=td_tracker\u0026o=view\u0026id=1178",
"refsource": "CONFIRM",
"url": "http://www.jamroom.net/index.php?m=td_tracker\u0026o=view\u0026id=1178"
},
{
"name": "4069",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4069"
},
{
"name": "30406",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30406"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-3375",
"datePublished": "2008-07-30T17:00:00.000Z",
"dateReserved": "2008-07-30T00:00:00.000Z",
"dateUpdated": "2024-08-07T09:37:26.729Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-3376 (GCVE-0-2008-3376)
Vulnerability from cvelistv5 – Published: 2008-07-30 17:00 – Updated: 2024-09-17 03:54
VLAI
Summary
Multiple unspecified vulnerabilities in JamRoom before 3.4.0 have unknown impact and attack vectors.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://secunia.com/advisories/31249 | third-party-advisoryx_refsource_SECUNIA |
| http://www.jamroom.net/phpBB2/viewtopic.php?t=24454 | x_refsource_CONFIRM |
| http://www.jamroom.net/index.php?m=td_tracker&o=v… | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/30406 | vdb-entryx_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:37:27.028Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "31249",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31249"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.jamroom.net/phpBB2/viewtopic.php?t=24454"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.jamroom.net/index.php?m=td_tracker\u0026o=view\u0026id=1177"
},
{
"name": "30406",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30406"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple unspecified vulnerabilities in JamRoom before 3.4.0 have unknown impact and attack vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2008-07-30T17:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "31249",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31249"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.jamroom.net/phpBB2/viewtopic.php?t=24454"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.jamroom.net/index.php?m=td_tracker\u0026o=view\u0026id=1177"
},
{
"name": "30406",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30406"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3376",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple unspecified vulnerabilities in JamRoom before 3.4.0 have unknown impact and attack vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "31249",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31249"
},
{
"name": "http://www.jamroom.net/phpBB2/viewtopic.php?t=24454",
"refsource": "CONFIRM",
"url": "http://www.jamroom.net/phpBB2/viewtopic.php?t=24454"
},
{
"name": "http://www.jamroom.net/index.php?m=td_tracker\u0026o=view\u0026id=1177",
"refsource": "CONFIRM",
"url": "http://www.jamroom.net/index.php?m=td_tracker\u0026o=view\u0026id=1177"
},
{
"name": "30406",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30406"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-3376",
"datePublished": "2008-07-30T17:00:00.000Z",
"dateReserved": "2008-07-30T00:00:00.000Z",
"dateUpdated": "2024-09-17T03:54:24.027Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-2886 (GCVE-0-2008-2886)
Vulnerability from cvelistv5 – Published: 2008-06-27 18:00 – Updated: 2024-08-07 09:21
VLAI
Summary
PHP remote file inclusion vulnerability in include/plugins/jrBrowser/purchase.php in Jamroom 3.3.0 through 3.3.5, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the jamroom[jm_dir] parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/29854 | vdb-entryx_refsource_BID |
| http://securityreason.com/securityalert/3961 | third-party-advisoryx_refsource_SREASON |
| http://www.jamroom.net/index.php?m=td_tracker&o=v… | x_refsource_CONFIRM |
| http://secunia.com/advisories/30806 | third-party-advisoryx_refsource_SECUNIA |
| https://www.exploit-db.com/exploits/5876 | exploitx_refsource_EXPLOIT-DB |
| http://www.jamroom.net/ | x_refsource_CONFIRM |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Date Public
2008-06-20 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:21:33.353Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "29854",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/29854"
},
{
"name": "3961",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3961"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.jamroom.net/index.php?m=td_tracker\u0026o=view\u0026id=1130"
},
{
"name": "30806",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30806"
},
{
"name": "5876",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/5876"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.jamroom.net/"
},
{
"name": "jamroom-purchase-file-include(43299)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43299"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-06-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "PHP remote file inclusion vulnerability in include/plugins/jrBrowser/purchase.php in Jamroom 3.3.0 through 3.3.5, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the jamroom[jm_dir] parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "29854",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/29854"
},
{
"name": "3961",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3961"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.jamroom.net/index.php?m=td_tracker\u0026o=view\u0026id=1130"
},
{
"name": "30806",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30806"
},
{
"name": "5876",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/5876"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.jamroom.net/"
},
{
"name": "jamroom-purchase-file-include(43299)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43299"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-2886",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in include/plugins/jrBrowser/purchase.php in Jamroom 3.3.0 through 3.3.5, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the jamroom[jm_dir] parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "29854",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29854"
},
{
"name": "3961",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3961"
},
{
"name": "http://www.jamroom.net/index.php?m=td_tracker\u0026o=view\u0026id=1130",
"refsource": "CONFIRM",
"url": "http://www.jamroom.net/index.php?m=td_tracker\u0026o=view\u0026id=1130"
},
{
"name": "30806",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30806"
},
{
"name": "5876",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5876"
},
{
"name": "http://www.jamroom.net/",
"refsource": "CONFIRM",
"url": "http://www.jamroom.net/"
},
{
"name": "jamroom-purchase-file-include(43299)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43299"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-2886",
"datePublished": "2008-06-27T18:00:00.000Z",
"dateReserved": "2008-06-27T00:00:00.000Z",
"dateUpdated": "2024-08-07T09:21:33.353Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-2883 (GCVE-0-2008-2883)
Vulnerability from cvelistv5 – Published: 2008-06-26 17:00 – Updated: 2024-08-07 09:21
VLAI
Summary
PHP remote file inclusion vulnerability in include/plugins/jrBrowser/payment.php in Jamroom 3.3.0 through 3.3.5 allows remote attackers to execute arbitrary PHP code via a URL in the jamroom[jm_dir] parameter. NOTE: some of these details are obtained from third party information.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://www.jamroom.net/index.php?m=td_tracker&o=v… | x_refsource_CONFIRM |
| http://secunia.com/advisories/30806 | third-party-advisoryx_refsource_SECUNIA |
| https://www.exploit-db.com/exploits/5876 | exploitx_refsource_EXPLOIT-DB |
| http://www.jamroom.net/ | x_refsource_CONFIRM |
Date Public
2008-06-21 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:21:33.342Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.jamroom.net/index.php?m=td_tracker\u0026o=view\u0026id=1130"
},
{
"name": "30806",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30806"
},
{
"name": "5876",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/5876"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.jamroom.net/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-06-21T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "PHP remote file inclusion vulnerability in include/plugins/jrBrowser/payment.php in Jamroom 3.3.0 through 3.3.5 allows remote attackers to execute arbitrary PHP code via a URL in the jamroom[jm_dir] parameter. NOTE: some of these details are obtained from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.jamroom.net/index.php?m=td_tracker\u0026o=view\u0026id=1130"
},
{
"name": "30806",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30806"
},
{
"name": "5876",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/5876"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.jamroom.net/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-2883",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in include/plugins/jrBrowser/payment.php in Jamroom 3.3.0 through 3.3.5 allows remote attackers to execute arbitrary PHP code via a URL in the jamroom[jm_dir] parameter. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.jamroom.net/index.php?m=td_tracker\u0026o=view\u0026id=1130",
"refsource": "CONFIRM",
"url": "http://www.jamroom.net/index.php?m=td_tracker\u0026o=view\u0026id=1130"
},
{
"name": "30806",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30806"
},
{
"name": "5876",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5876"
},
{
"name": "http://www.jamroom.net/",
"refsource": "CONFIRM",
"url": "http://www.jamroom.net/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-2883",
"datePublished": "2008-06-26T17:00:00.000Z",
"dateReserved": "2008-06-26T00:00:00.000Z",
"dateUpdated": "2024-08-07T09:21:33.342Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-5060 (GCVE-0-2006-5060)
Vulnerability from cvelistv5 – Published: 2006-09-28 00:00 – Updated: 2024-08-07 19:32
VLAI
Summary
Cross-site scripting (XSS) vulnerability in login.php in Jamroom 3.0.16 and possibly earlier allows remote attackers to inject arbitrary web script or HTML via the forgot parameter in the forgot mode.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://securityreason.com/securityalert/1649 | third-party-advisoryx_refsource_SREASON |
| http://secunia.com/advisories/22077 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/archive/1/446879/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.securityfocus.com/bid/20162 | vdb-entryx_refsource_BID |
| http://www.vupen.com/english/advisories/2006/3766 | vdb-entryx_refsource_VUPEN |
Date Public
2006-09-23 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:32:23.264Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "jamroommediacms-login-xss(29131)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29131"
},
{
"name": "1649",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/1649"
},
{
"name": "22077",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22077"
},
{
"name": "20060923 Jamroom Media Content Management System Login.php Xss Vuln.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/446879/100/0/threaded"
},
{
"name": "20162",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/20162"
},
{
"name": "ADV-2006-3766",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/3766"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-09-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in login.php in Jamroom 3.0.16 and possibly earlier allows remote attackers to inject arbitrary web script or HTML via the forgot parameter in the forgot mode."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "jamroommediacms-login-xss(29131)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29131"
},
{
"name": "1649",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/1649"
},
{
"name": "22077",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22077"
},
{
"name": "20060923 Jamroom Media Content Management System Login.php Xss Vuln.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/446879/100/0/threaded"
},
{
"name": "20162",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/20162"
},
{
"name": "ADV-2006-3766",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/3766"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5060",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in login.php in Jamroom 3.0.16 and possibly earlier allows remote attackers to inject arbitrary web script or HTML via the forgot parameter in the forgot mode."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "jamroommediacms-login-xss(29131)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29131"
},
{
"name": "1649",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1649"
},
{
"name": "22077",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22077"
},
{
"name": "20060923 Jamroom Media Content Management System Login.php Xss Vuln.",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/446879/100/0/threaded"
},
{
"name": "20162",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20162"
},
{
"name": "ADV-2006-3766",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3766"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-5060",
"datePublished": "2006-09-28T00:00:00.000Z",
"dateReserved": "2006-09-27T00:00:00.000Z",
"dateUpdated": "2024-08-07T19:32:23.264Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}