Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
9 vulnerabilities by vice
CVE-2024-11021 (GCVE-0-2024-11021)
Vulnerability from cvelistv5 – Published: 2024-11-11 07:24 – Updated: 2024-11-11 11:54
VLAI
Title
Grand Vice info Webopac - Stored XSS
Summary
Webopac from Grand Vice info has Stored Cross-site Scripting vulnerability. Remote attackers with regular privileges can inject arbitrary JavaScript code into the server. When users visit the compromised page, the code is automatically executed in their browser.
Severity
5.4 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.twcert.org.tw/tw/cp-132-8219-f12d0-1.html | third-party-advisory |
| https://www.twcert.org.tw/en/cp-139-8220-e75c2-2.html | third-party-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Grand Vice info | Webopac |
Affected:
6 , < 6.5.3
(custom)
Affected: 7 , < 7.2.1 (custom) |
Date Public
2024-11-11 07:17
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-11021",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-11T11:54:02.775307Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-11T11:54:20.356Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Webopac",
"vendor": "Grand Vice info",
"versions": [
{
"lessThan": "6.5.3",
"status": "affected",
"version": "6",
"versionType": "custom"
},
{
"lessThan": "7.2.1",
"status": "affected",
"version": "7",
"versionType": "custom"
}
]
}
],
"datePublic": "2024-11-11T07:17:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eWebopac from Grand Vice info has Stored Cross-site Scripting vulnerability. Remote attackers with regular privileges can inject arbitrary JavaScript code into the server. When users visit the compromised page, the code is automatically executed in their browser.\u003c/span\u003e"
}
],
"value": "Webopac from Grand Vice info has Stored Cross-site Scripting vulnerability. Remote attackers with regular privileges can inject arbitrary JavaScript code into the server. When users visit the compromised page, the code is automatically executed in their browser."
}
],
"impacts": [
{
"capecId": "CAPEC-592",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-592 Stored XSS"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-11T07:24:09.725Z",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://www.twcert.org.tw/tw/cp-132-8219-f12d0-1.html"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.twcert.org.tw/en/cp-139-8220-e75c2-2.html"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eUpdate Webopac 6 to version 6.5.1 or later\u003c/span\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eUpdate Webopac 7 to version 7.2.3 or later.\u003c/span\u003e\n\n\u003cbr\u003e"
}
],
"value": "Update Webopac 6 to version 6.5.1 or later\nUpdate Webopac 7 to version 7.2.3 or later."
}
],
"source": {
"advisory": "TVN-202411006",
"discovery": "EXTERNAL"
},
"title": "Grand Vice info Webopac - Stored XSS",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2024-11021",
"datePublished": "2024-11-11T07:24:09.725Z",
"dateReserved": "2024-11-08T05:54:46.083Z",
"dateUpdated": "2024-11-11T11:54:20.356Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-11020 (GCVE-0-2024-11020)
Vulnerability from cvelistv5 – Published: 2024-11-11 07:16 – Updated: 2024-11-11 16:03
VLAI
Title
Grand Vice info Webopac7 - SQL Injection
Summary
Webopac from Grand Vice info has a SQL Injection vulnerability, allowing unauthenticated remote attacks to inject arbitrary SQL commands to read, modify, and delete database contents.
Severity
9.8 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.twcert.org.tw/tw/cp-132-8217-05b42-1.html | third-party-advisory |
| https://www.twcert.org.tw/en/cp-139-8218-e238b-2.html | third-party-advisory |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Grand Vice info | Webopac7 |
Affected:
6 , < 6.5.1
(custom)
Affected: 7 , < 7.2.3 (custom) |
|
| vice | webopac |
Affected:
6.0 , < 6.5.1
(custom)
Affected: 7.0 , < 7.2.3 (custom) cpe:2.3:a:vice:webopac:*:*:*:*:*:*:*:* |
Date Public
2024-11-11 07:11
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:vice:webopac:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "webopac",
"vendor": "vice",
"versions": [
{
"lessThan": "6.5.1",
"status": "affected",
"version": "6.0",
"versionType": "custom"
},
{
"lessThan": "7.2.3",
"status": "affected",
"version": "7.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-11020",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-11T16:03:07.019437Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-11T16:03:11.895Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Webopac7",
"vendor": "Grand Vice info",
"versions": [
{
"lessThan": "6.5.1",
"status": "affected",
"version": "6",
"versionType": "custom"
},
{
"lessThan": "7.2.3",
"status": "affected",
"version": "7",
"versionType": "custom"
}
]
}
],
"datePublic": "2024-11-11T07:11:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Webopac from Grand Vice info has a SQL Injection vulnerability, allowing unauthenticated remote attacks to inject arbitrary SQL commands to read, modify, and delete database contents."
}
],
"value": "Webopac from Grand Vice info has a SQL Injection vulnerability, allowing unauthenticated remote attacks to inject arbitrary SQL commands to read, modify, and delete database contents."
}
],
"impacts": [
{
"capecId": "CAPEC-66",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-66 SQL Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-11T07:16:24.533Z",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://www.twcert.org.tw/tw/cp-132-8217-05b42-1.html"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.twcert.org.tw/en/cp-139-8218-e238b-2.html"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eUpdate Webopac 6 to version 6.5.1 or later.\u003c/span\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eUpdate Webopac 7 to version 7.2.3 or later.\u003c/span\u003e\n\n\u003cbr\u003e"
}
],
"value": "Update Webopac 6 to version 6.5.1 or later.\nUpdate Webopac 7 to version 7.2.3 or later."
}
],
"source": {
"advisory": "TVN-202411005",
"discovery": "EXTERNAL"
},
"title": "Grand Vice info Webopac7 - SQL Injection",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2024-11020",
"datePublished": "2024-11-11T07:16:24.533Z",
"dateReserved": "2024-11-08T05:54:44.679Z",
"dateUpdated": "2024-11-11T16:03:11.895Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-11019 (GCVE-0-2024-11019)
Vulnerability from cvelistv5 – Published: 2024-11-11 07:06 – Updated: 2024-11-11 11:54
VLAI
Title
Grand Vice info Webopac7 - Reflected XSS
Summary
Webopac from Grand Vice info has a Reflected Cross-site Scripting vulnerability, allowing unauthenticated remote attackers to execute arbitrary JavaScript code in the user's browser through phishing techniques.
Severity
6.1 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.twcert.org.tw/tw/cp-132-8215-98582-1.html | third-party-advisory |
| https://www.twcert.org.tw/en/cp-139-8216-f7dbf-2.html | third-party-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Grand Vice info | Webopac7 |
Affected:
6 , < 6.5.1
(custom)
Affected: 7 , < 7.2.3 (custom) |
Date Public
2024-11-11 07:03
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-11019",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-11T11:54:21.831927Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-11T11:54:39.790Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Webopac7",
"vendor": "Grand Vice info",
"versions": [
{
"lessThan": "6.5.1",
"status": "affected",
"version": "6",
"versionType": "custom"
},
{
"lessThan": "7.2.3",
"status": "affected",
"version": "7",
"versionType": "custom"
}
]
}
],
"datePublic": "2024-11-11T07:03:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u0026nbsp; Webopac from Grand Vice info has a Reflected Cross-site Scripting vulnerability, allowing unauthenticated remote attackers to execute arbitrary JavaScript code in the user\u0027s browser through phishing techniques."
}
],
"value": "Webopac from Grand Vice info has a Reflected Cross-site Scripting vulnerability, allowing unauthenticated remote attackers to execute arbitrary JavaScript code in the user\u0027s browser through phishing techniques."
}
],
"impacts": [
{
"capecId": "CAPEC-591",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-591 Reflected XSS"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-11T07:06:57.452Z",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://www.twcert.org.tw/tw/cp-132-8215-98582-1.html"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.twcert.org.tw/en/cp-139-8216-f7dbf-2.html"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eUpdate Webopac 6 to version 6.5.1 or later.\u003c/span\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eUpdate Webopac 7 to version 7.2.3 or later.\u003c/span\u003e\n\n\u003cbr\u003e"
}
],
"value": "Update Webopac 6 to version 6.5.1 or later.\nUpdate Webopac 7 to version 7.2.3 or later."
}
],
"source": {
"advisory": "TVN-202411004",
"discovery": "EXTERNAL"
},
"title": "Grand Vice info Webopac7 - Reflected XSS",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2024-11019",
"datePublished": "2024-11-11T07:06:57.452Z",
"dateReserved": "2024-11-08T05:54:43.466Z",
"dateUpdated": "2024-11-11T11:54:39.790Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-11018 (GCVE-0-2024-11018)
Vulnerability from cvelistv5 – Published: 2024-11-11 07:02 – Updated: 2024-11-11 16:02
VLAI
Title
Grand Vice info Webopac - Arbitrary File Upload
Summary
Webopac from Grand Vice info does not properly validate uploaded file types, allowing unauthenticated remote attackers to upload and execute webshells, which could lead to arbitrary code execution on the server.
Severity
9.8 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-434 - Unrestricted Upload of File with Dangerous Type
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.twcert.org.tw/tw/cp-132-8213-3413b-1.html | vendor-advisory |
| https://www.twcert.org.tw/en/cp-139-8214-64fa2-2.html | vendor-advisory |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Grand Vice info | Webopac |
Affected:
6 , < 6.5.1
(custom)
Affected: 7 , < 7.2.3 (custom) |
|
| vice | webopac |
Affected:
6.0 , < 6.5.1
(custom)
Affected: 7.0 , < 7.2.3 (custom) cpe:2.3:a:vice:webopac:*:*:*:*:*:*:*:* |
Date Public
2024-11-11 06:55
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:vice:webopac:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "webopac",
"vendor": "vice",
"versions": [
{
"lessThan": "6.5.1",
"status": "affected",
"version": "6.0",
"versionType": "custom"
},
{
"lessThan": "7.2.3",
"status": "affected",
"version": "7.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-11018",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-11T16:02:41.917551Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-11T16:02:46.183Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Webopac",
"vendor": "Grand Vice info",
"versions": [
{
"lessThan": "6.5.1",
"status": "affected",
"version": "6",
"versionType": "custom"
},
{
"lessThan": "7.2.3",
"status": "affected",
"version": "7",
"versionType": "custom"
}
]
}
],
"datePublic": "2024-11-11T06:55:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Webopac from Grand Vice info does not properly validate uploaded file types, allowing unauthenticated remote attackers to upload and execute webshells, which could lead to arbitrary code execution on the server."
}
],
"value": "Webopac from Grand Vice info does not properly validate uploaded file types, allowing unauthenticated remote attackers to upload and execute webshells, which could lead to arbitrary code execution on the server."
}
],
"impacts": [
{
"capecId": "CAPEC-650",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-650 Upload a Web Shell to a Web Server"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-11T07:10:24.847Z",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.twcert.org.tw/tw/cp-132-8213-3413b-1.html"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.twcert.org.tw/en/cp-139-8214-64fa2-2.html"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eUpdate Webopac 6 to version 6.5.1 or later\u003c/span\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eUpdate Webopac 7 to version 7.2.3 or later.\u003c/span\u003e\n\n\u003cbr\u003e"
}
],
"value": "Update Webopac 6 to version 6.5.1 or later\nUpdate Webopac 7 to version 7.2.3 or later."
}
],
"source": {
"advisory": "TVN-202411003",
"discovery": "EXTERNAL"
},
"title": "Grand Vice info Webopac - Arbitrary File Upload",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2024-11018",
"datePublished": "2024-11-11T07:02:59.316Z",
"dateReserved": "2024-11-08T05:54:42.229Z",
"dateUpdated": "2024-11-11T16:02:46.183Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-11017 (GCVE-0-2024-11017)
Vulnerability from cvelistv5 – Published: 2024-11-11 06:54 – Updated: 2024-11-11 16:02
VLAI
Title
Grand Vice info Webopac - Arbitrary File Upload
Summary
Webopac from Grand Vice info does not properly validate uploaded file types, allowing remote attackers with regular privileges to upload and execute webshells, which could lead to arbitrary code execution on the server.
Severity
8.8 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-434 - Unrestricted Upload of File with Dangerous Type
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.twcert.org.tw/tw/cp-132-8211-a2da2-1.html | third-party-advisory |
| https://www.twcert.org.tw/en/cp-139-8212-a7d3a-2.html | third-party-advisory |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Grand Vice info | Webopac |
Affected:
6 , < 6.5.1
(custom)
Affected: 7 , < 7.2.3 (custom) |
|
| vice | webopac |
Affected:
6.0 , < 6.5.1
(custom)
Affected: 7.0 , < 7.2.3 (custom) cpe:2.3:a:vice:webopac:*:*:*:*:*:*:*:* |
Date Public
2024-11-11 06:52
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:vice:webopac:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "webopac",
"vendor": "vice",
"versions": [
{
"lessThan": "6.5.1",
"status": "affected",
"version": "6.0",
"versionType": "custom"
},
{
"lessThan": "7.2.3",
"status": "affected",
"version": "7.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-11017",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-11T16:01:59.821602Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-11T16:02:12.805Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Webopac",
"vendor": "Grand Vice info",
"versions": [
{
"lessThan": "6.5.1",
"status": "affected",
"version": "6",
"versionType": "custom"
},
{
"lessThan": "7.2.3",
"status": "affected",
"version": "7",
"versionType": "custom"
}
]
}
],
"datePublic": "2024-11-11T06:52:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eWebopac from Grand Vice info does not properly validate uploaded file types, allowing remote attackers with regular privileges to upload and execute webshells, which could lead to arbitrary code execution on the server.\u003c/span\u003e"
}
],
"value": "Webopac from Grand Vice info does not properly validate uploaded file types, allowing remote attackers with regular privileges to upload and execute webshells, which could lead to arbitrary code execution on the server."
}
],
"impacts": [
{
"capecId": "CAPEC-650",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-650 Upload a Web Shell to a Web Server"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-11T07:10:05.973Z",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://www.twcert.org.tw/tw/cp-132-8211-a2da2-1.html"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.twcert.org.tw/en/cp-139-8212-a7d3a-2.html"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update Webopac 6 to version 6.5.1 or later\u003cbr\u003eUpdate Webopac 7 to version 7.2.3 or later."
}
],
"value": "Update Webopac 6 to version 6.5.1 or later\nUpdate Webopac 7 to version 7.2.3 or later."
}
],
"source": {
"advisory": "TVN-202411002",
"discovery": "EXTERNAL"
},
"title": "Grand Vice info Webopac - Arbitrary File Upload",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2024-11017",
"datePublished": "2024-11-11T06:54:52.479Z",
"dateReserved": "2024-11-08T05:54:41.127Z",
"dateUpdated": "2024-11-11T16:02:12.805Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-11016 (GCVE-0-2024-11016)
Vulnerability from cvelistv5 – Published: 2024-11-11 06:51 – Updated: 2024-11-11 16:01
VLAI
Title
Grand Vice info Webopac - SQL Injection
Summary
Webopac from Grand Vice info has a SQL Injection vulnerability, allowing unauthenticated remote attacks to inject arbitrary SQL commands to read, modify, and delete database contents.
Severity
9.8 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.twcert.org.tw/tw/cp-132-8209-bf75d-1.html | third-party-advisory |
| https://www.twcert.org.tw/en/cp-139-8210-46322-2.html | third-party-advisory |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Grand Vice info | Webopac |
Affected:
6 , < 6.5.1
(custom)
Affected: 7 , < 7.2.3 (custom) |
|
| vice | webopac |
Affected:
6.0 , < 6.5.1
(custom)
Affected: 7.0 , < 7.2.3 (custom) cpe:2.3:a:vice:webopac:*:*:*:*:*:*:*:* |
Date Public
2024-11-11 06:51
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:vice:webopac:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "webopac",
"vendor": "vice",
"versions": [
{
"lessThan": "6.5.1",
"status": "affected",
"version": "6.0",
"versionType": "custom"
},
{
"lessThan": "7.2.3",
"status": "affected",
"version": "7.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-11016",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-11T16:01:13.536674Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-11T16:01:37.603Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Webopac",
"vendor": "Grand Vice info",
"versions": [
{
"lessThan": "6.5.1",
"status": "affected",
"version": "6",
"versionType": "custom"
},
{
"lessThan": "7.2.3",
"status": "affected",
"version": "7",
"versionType": "custom"
}
]
}
],
"datePublic": "2024-11-11T06:51:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eWebopac from Grand Vice info has a SQL Injection vulnerability, allowing unauthenticated remote attacks to inject arbitrary SQL commands to read, modify, and delete database contents.\u003c/span\u003e"
}
],
"value": "Webopac from Grand Vice info has a SQL Injection vulnerability, allowing unauthenticated remote attacks to inject arbitrary SQL commands to read, modify, and delete database contents."
}
],
"impacts": [
{
"capecId": "CAPEC-66",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-66 SQL Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-11T07:07:13.425Z",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://www.twcert.org.tw/tw/cp-132-8209-bf75d-1.html"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.twcert.org.tw/en/cp-139-8210-46322-2.html"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eUpdate Webopac 6 to version 6.5.1 or later\u003c/span\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eUpdate Webopac 7 to version 7.2.3 or later.\u003c/span\u003e\n\n\u003cbr\u003e"
}
],
"value": "Update Webopac 6 to version 6.5.1 or later\nUpdate Webopac 7 to version 7.2.3 or later."
}
],
"source": {
"advisory": "TVN-202411001",
"discovery": "EXTERNAL"
},
"title": "Grand Vice info Webopac - SQL Injection",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2024-11016",
"datePublished": "2024-11-11T06:51:41.630Z",
"dateReserved": "2024-11-08T05:54:39.965Z",
"dateUpdated": "2024-11-11T16:01:37.603Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-42839 (GCVE-0-2021-42839)
Vulnerability from cvelistv5 – Published: 2021-11-15 09:30 – Updated: 2024-09-17 04:09
VLAI
Title
Grand Vice info Co. webopac7 - Arbitrary File Upload
Summary
Grand Vice info Co. webopac7 file upload function fails to filter special characters. While logging in with general user’s permission, remote attackers can upload malicious script and execute arbitrary code to control the system or interrupt services.
Severity
8.8 (High)
CWE
- CWE-434 - Unrestricted Upload of File with Dangerous Type
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.twcert.org.tw/tw/cp-132-5288-9d546-1.html | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Grand Vice info Co. | webopac7 |
Affected:
7.1.20160701
Affected: 1.8.20160701 |
Date Public
2021-11-15 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:38:50.073Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.twcert.org.tw/tw/cp-132-5288-9d546-1.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "webopac7",
"vendor": "Grand Vice info Co.",
"versions": [
{
"status": "affected",
"version": "7.1.20160701"
},
{
"status": "affected",
"version": "1.8.20160701"
}
]
}
],
"datePublic": "2021-11-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Grand Vice info Co. webopac7 file upload function fails to filter special characters. While logging in with general user\u2019s permission, remote attackers can upload malicious script and execute arbitrary code to control the system or interrupt services."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-15T09:30:20.000Z",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.twcert.org.tw/tw/cp-132-5288-9d546-1.html"
}
],
"solutions": [
{
"lang": "en",
"value": "Contact tech support from Grand Vice info Co."
}
],
"source": {
"advisory": "TVN-202111004",
"discovery": "EXTERNAL"
},
"title": "Grand Vice info Co. webopac7 - Arbitrary File Upload",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "TWCERT/CC",
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2021-11-15T09:18:00.000Z",
"ID": "CVE-2021-42839",
"STATE": "PUBLIC",
"TITLE": "Grand Vice info Co. webopac7 - Arbitrary File Upload"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "webopac7",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "7.1.20160701"
},
{
"version_affected": "=",
"version_value": "1.8.20160701"
}
]
}
}
]
},
"vendor_name": "Grand Vice info Co."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Grand Vice info Co. webopac7 file upload function fails to filter special characters. While logging in with general user\u2019s permission, remote attackers can upload malicious script and execute arbitrary code to control the system or interrupt services."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-434 Unrestricted Upload of File with Dangerous Type"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.twcert.org.tw/tw/cp-132-5288-9d546-1.html",
"refsource": "MISC",
"url": "https://www.twcert.org.tw/tw/cp-132-5288-9d546-1.html"
}
]
},
"solution": [
{
"lang": "en",
"value": "Contact tech support from Grand Vice info Co."
}
],
"source": {
"advisory": "TVN-202111004",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2021-42839",
"datePublished": "2021-11-15T09:30:20.399Z",
"dateReserved": "2021-10-22T00:00:00.000Z",
"dateUpdated": "2024-09-17T04:09:15.578Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-42838 (GCVE-0-2021-42838)
Vulnerability from cvelistv5 – Published: 2021-11-15 09:30 – Updated: 2024-09-17 03:33
VLAI
Title
Grand Vice info Co. webopac7 - Reflected XSS
Summary
Grand Vice info Co. webopac7 book search field parameter does not properly restrict the input of special characters, thus unauthenticated attackers can inject JavaScript syntax remotely, and further perform reflective XSS attacks.
Severity
6.1 (Medium)
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.twcert.org.tw/tw/cp-132-5286-b92c8-1.html | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Grand Vice info Co. | webopac7 |
Affected:
7.1.20160701
Affected: 1.8.20160701 |
Date Public
2021-11-15 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:38:50.273Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.twcert.org.tw/tw/cp-132-5286-b92c8-1.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "webopac7",
"vendor": "Grand Vice info Co.",
"versions": [
{
"status": "affected",
"version": "7.1.20160701"
},
{
"status": "affected",
"version": "1.8.20160701"
}
]
}
],
"datePublic": "2021-11-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Grand Vice info Co. webopac7 book search field parameter does not properly restrict the input of special characters, thus unauthenticated attackers can inject JavaScript syntax remotely, and further perform reflective XSS attacks."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-15T09:30:18.000Z",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.twcert.org.tw/tw/cp-132-5286-b92c8-1.html"
}
],
"solutions": [
{
"lang": "en",
"value": "Contact tech support from Grand Vice info Co."
}
],
"source": {
"advisory": "TVN-202111003",
"discovery": "EXTERNAL"
},
"title": "Grand Vice info Co. webopac7 - Reflected XSS",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "TWCERT/CC",
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2021-11-15T09:18:00.000Z",
"ID": "CVE-2021-42838",
"STATE": "PUBLIC",
"TITLE": "Grand Vice info Co. webopac7 - Reflected XSS"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "webopac7",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "7.1.20160701"
},
{
"version_affected": "=",
"version_value": "1.8.20160701"
}
]
}
}
]
},
"vendor_name": "Grand Vice info Co."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Grand Vice info Co. webopac7 book search field parameter does not properly restrict the input of special characters, thus unauthenticated attackers can inject JavaScript syntax remotely, and further perform reflective XSS attacks."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.twcert.org.tw/tw/cp-132-5286-b92c8-1.html",
"refsource": "MISC",
"url": "https://www.twcert.org.tw/tw/cp-132-5286-b92c8-1.html"
}
]
},
"solution": [
{
"lang": "en",
"value": "Contact tech support from Grand Vice info Co."
}
],
"source": {
"advisory": "TVN-202111003",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2021-42838",
"datePublished": "2021-11-15T09:30:18.944Z",
"dateReserved": "2021-10-22T00:00:00.000Z",
"dateUpdated": "2024-09-17T03:33:13.463Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-0453 (GCVE-0-2004-0453)
Vulnerability from cvelistv5 – Published: 2004-06-24 04:00 – Updated: 2024-08-08 00:17
VLAI
Summary
Format string vulnerability in the monitor "memory dump" command in VICE 1.6 to 1.14 allows local users to cause a denial of service (emulator crash) and possibly execute arbitrary code via format string specifiers in an output string.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://marc.info/?l=bugtraq&m=108723630730487&w=2 | mailing-listx_refsource_BUGTRAQ |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.securityfocus.com/bid/10543 | vdb-entryx_refsource_BID |
Date Public
2004-06-14 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:17:14.961Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20040614 VICE emulator format string vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108723630730487\u0026w=2"
},
{
"name": "vice-memory-dump-format-string(16404)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16404"
},
{
"name": "10543",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/10543"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-06-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Format string vulnerability in the monitor \"memory dump\" command in VICE 1.6 to 1.14 allows local users to cause a denial of service (emulator crash) and possibly execute arbitrary code via format string specifiers in an output string."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20040614 VICE emulator format string vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108723630730487\u0026w=2"
},
{
"name": "vice-memory-dump-format-string(16404)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16404"
},
{
"name": "10543",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/10543"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0453",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Format string vulnerability in the monitor \"memory dump\" command in VICE 1.6 to 1.14 allows local users to cause a denial of service (emulator crash) and possibly execute arbitrary code via format string specifiers in an output string."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20040614 VICE emulator format string vulnerability",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=108723630730487\u0026w=2"
},
{
"name": "vice-memory-dump-format-string(16404)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16404"
},
{
"name": "10543",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10543"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-0453",
"datePublished": "2004-06-24T04:00:00.000Z",
"dateReserved": "2004-05-06T00:00:00.000Z",
"dateUpdated": "2024-08-08T00:17:14.961Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}