From 2b2d400d757225a3bce20cc2e03bf24b4b5e98a2 Mon Sep 17 00:00:00 2001 From: Brendan McDevitt Date: Thu, 8 Aug 2019 01:10:50 -0500 Subject: [PATCH] updates to the kdi importer --- classes/nvd_downloader.rb | 6 +- data/100_assets_kdi.json | 8193 ++++++++++++++++++++++ kenna_kdi_importer/kdi_jsonify.rb | 2 +- kenna_kdi_importer/kenna_kdi_importer.rb | 37 +- kenna_kdi_importer/vuln_generator.rb | 2 +- 5 files changed, 8235 insertions(+), 5 deletions(-) create mode 100644 data/100_assets_kdi.json diff --git a/classes/nvd_downloader.rb b/classes/nvd_downloader.rb index 4b4cf58..65821b8 100644 --- a/classes/nvd_downloader.rb +++ b/classes/nvd_downloader.rb @@ -1,12 +1,14 @@ require 'rest-client' require 'zlib' require 'json' +require 'active_support/all' #require '../modules/nvd_tools' module NvdTools class NvdDownloader attr_accessor :version, :base_url, :base_filename, :years, :filenames_json, :filenames_meta, :client - + + CURRENT_TIME = Time.now MIN_YEAR = '2002' MAX_YEAR = '2019' AVAILABLE_YEARS = (MIN_YEAR..MAX_YEAR).to_a @@ -107,4 +109,4 @@ module NvdTools # if there is a change, return true, if not return false end end -end \ No newline at end of file +end diff --git a/data/100_assets_kdi.json b/data/100_assets_kdi.json new file mode 100644 index 0000000..1643998 --- /dev/null +++ b/data/100_assets_kdi.json @@ -0,0 +1,8193 @@ +{ + "skip_autoclose": true, + "assets": [ + { + "ip_address": "51.253.171.227", + "vulns": [ + { + "scanner_identifier": "S6764207D", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:27:21", + "last_seen_at": "2019-08-07 13:27:21", + "status": "open" + }, + { + "scanner_identifier": "S6439627G", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:27:22", + "last_seen_at": "2019-08-07 13:27:22", + "status": "open" + } + ] + }, + { + "ip_address": "138.135.250.135", + "vulns": [ + { + "scanner_identifier": "S6886430E", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:27:23", + "last_seen_at": "2019-08-07 13:27:23", + "status": "open" + }, + { + "scanner_identifier": "S6670032A", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:27:24", + "last_seen_at": "2019-08-07 13:27:24", + "status": "open" + }, + { + "scanner_identifier": "S7756039D", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:27:25", + "last_seen_at": "2019-08-07 13:27:25", + "status": "open" + }, + { + "scanner_identifier": "S6413346B", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:27:27", + "last_seen_at": "2019-08-07 13:27:27", + "status": "open" + }, + { + "scanner_identifier": "S8311767B", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:27:28", + "last_seen_at": "2019-08-07 13:27:28", + "status": "open" + }, + { + "scanner_identifier": "S7758619I", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:27:29", + "last_seen_at": "2019-08-07 13:27:29", + "status": "open" + }, + { + "scanner_identifier": "S6246942J", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:27:31", + "last_seen_at": "2019-08-07 13:27:31", + "status": "open" + }, + { + "scanner_identifier": "S9559792J", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:27:31", + "last_seen_at": "2019-08-07 13:27:31", + "status": "open" + }, + { + "scanner_identifier": "S8125083I", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:27:32", + "last_seen_at": "2019-08-07 13:27:32", + "status": "open" + } + ] + }, + { + "ip_address": "206.164.19.46", + "vulns": [ + { + "scanner_identifier": "S9654161I", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:27:33", + "last_seen_at": "2019-08-07 13:27:33", + "status": "open" + }, + { + "scanner_identifier": "S7602779Z", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:27:33", + "last_seen_at": "2019-08-07 13:27:33", + "status": "open" + }, + { + "scanner_identifier": "S8275296Z", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:27:36", + "last_seen_at": "2019-08-07 13:27:36", + "status": "open" + }, + { + "scanner_identifier": "S7593016Z", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:27:37", + "last_seen_at": "2019-08-07 13:27:37", + "status": "open" + }, + { + "scanner_identifier": "S6027921G", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:27:40", + "last_seen_at": "2019-08-07 13:27:40", + "status": "open" + }, + { + "scanner_identifier": "S7746143D", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:27:41", + "last_seen_at": "2019-08-07 13:27:41", + "status": "open" + }, + { + "scanner_identifier": "S5558376E", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:27:42", + "last_seen_at": "2019-08-07 13:27:42", + "status": "open" + }, + { + "scanner_identifier": "S9053527G", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:27:43", + "last_seen_at": "2019-08-07 13:27:43", + "status": "open" + }, + { + "scanner_identifier": "S9631663A", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:27:44", + "last_seen_at": "2019-08-07 13:27:44", + "status": "open" + }, + { + "scanner_identifier": "S6134395D", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:27:44", + "last_seen_at": "2019-08-07 13:27:44", + "status": "open" + } + ] + }, + { + "ip_address": "230.131.60.244", + "vulns": [ + { + "scanner_identifier": "S8198324J", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:27:47", + "last_seen_at": "2019-08-07 13:27:47", + "status": "open" + }, + { + "scanner_identifier": "S8108079H", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:27:50", + "last_seen_at": "2019-08-07 13:27:50", + "status": "open" + } + ] + }, + { + "ip_address": "19.26.114.13", + "vulns": [ + { + "scanner_identifier": "S6892163E", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:27:50", + "last_seen_at": "2019-08-07 13:27:50", + "status": "open" + }, + { + "scanner_identifier": "S9122320A", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:27:51", + "last_seen_at": "2019-08-07 13:27:51", + "status": "open" + }, + { + "scanner_identifier": "S5978866C", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:27:52", + "last_seen_at": "2019-08-07 13:27:52", + "status": "open" + } + ] + }, + { + "ip_address": "122.234.66.23", + "vulns": [ + { + "scanner_identifier": "S6983961D", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:27:52", + "last_seen_at": "2019-08-07 13:27:52", + "status": "open" + }, + { + "scanner_identifier": "S8525119H", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:27:53", + "last_seen_at": "2019-08-07 13:27:53", + "status": "open" + }, + { + "scanner_identifier": "S9838186D", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:27:54", + "last_seen_at": "2019-08-07 13:27:54", + "status": "open" + }, + { + "scanner_identifier": "S9303180F", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:27:54", + "last_seen_at": "2019-08-07 13:27:54", + "status": "open" + }, + { + "scanner_identifier": "S7638050C", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:27:56", + "last_seen_at": "2019-08-07 13:27:56", + "status": "open" + }, + { + "scanner_identifier": "S8792151D", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:27:57", + "last_seen_at": "2019-08-07 13:27:57", + "status": "open" + }, + { + "scanner_identifier": "S7189780Z", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:27:57", + "last_seen_at": "2019-08-07 13:27:57", + "status": "open" + } + ] + }, + { + "ip_address": "67.8.198.129", + "vulns": [ + { + "scanner_identifier": "S8943350I", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:27:58", + "last_seen_at": "2019-08-07 13:27:58", + "status": "open" + }, + { + "scanner_identifier": "S9516497H", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:28:01", + "last_seen_at": "2019-08-07 13:28:01", + "status": "open" + }, + { + "scanner_identifier": "S8091097E", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:28:01", + "last_seen_at": "2019-08-07 13:28:01", + "status": "open" + }, + { + "scanner_identifier": "S8872540I", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:28:02", + "last_seen_at": "2019-08-07 13:28:02", + "status": "open" + }, + { + "scanner_identifier": "S8265128D", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:28:03", + "last_seen_at": "2019-08-07 13:28:03", + "status": "open" + }, + { + "scanner_identifier": "S5711232H", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:28:05", + "last_seen_at": "2019-08-07 13:28:05", + "status": "open" + }, + { + "scanner_identifier": "S8744768E", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:28:07", + "last_seen_at": "2019-08-07 13:28:07", + "status": "open" + }, + { + "scanner_identifier": "T0091462I", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:28:08", + "last_seen_at": "2019-08-07 13:28:08", + "status": "open" + }, + { + "scanner_identifier": "S5892453I", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:28:09", + "last_seen_at": "2019-08-07 13:28:09", + "status": "open" + } + ] + }, + { + "ip_address": "80.88.210.231", + "vulns": [ + { + "scanner_identifier": "S9885113E", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:28:09", + "last_seen_at": "2019-08-07 13:28:09", + "status": "open" + }, + { + "scanner_identifier": "S6381041Z", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:28:10", + "last_seen_at": "2019-08-07 13:28:10", + "status": "open" + }, + { + "scanner_identifier": "S7613967I", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:28:11", + "last_seen_at": "2019-08-07 13:28:11", + "status": "open" + }, + { + "scanner_identifier": "S7434123C", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:28:12", + "last_seen_at": "2019-08-07 13:28:12", + "status": "open" + }, + { + "scanner_identifier": "S7187645D", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:28:12", + "last_seen_at": "2019-08-07 13:28:12", + "status": "open" + }, + { + "scanner_identifier": "S6555403H", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:28:13", + "last_seen_at": "2019-08-07 13:28:13", + "status": "open" + }, + { + "scanner_identifier": "S7225815J", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:28:14", + "last_seen_at": "2019-08-07 13:28:14", + "status": "open" + }, + { + "scanner_identifier": "S7075327H", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:28:14", + "last_seen_at": "2019-08-07 13:28:14", + "status": "open" + }, + { + "scanner_identifier": "S6388321B", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:28:15", + "last_seen_at": "2019-08-07 13:28:15", + "status": "open" + } + ] + }, + { + "ip_address": "92.61.94.162", + "vulns": [ + { + "scanner_identifier": "S9790694G", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:28:18", + "last_seen_at": "2019-08-07 13:28:18", + "status": "open" + }, + { + "scanner_identifier": "S6390569J", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:28:19", + "last_seen_at": "2019-08-07 13:28:19", + "status": "open" + }, + { + "scanner_identifier": "S5877018C", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:28:19", + "last_seen_at": "2019-08-07 13:28:19", + "status": "open" + }, + { + "scanner_identifier": "S9897899B", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:28:20", + "last_seen_at": "2019-08-07 13:28:20", + "status": "open" + }, + { + "scanner_identifier": "S7572823I", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:28:21", + "last_seen_at": "2019-08-07 13:28:21", + "status": "open" + }, + { + "scanner_identifier": "S7181853E", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:28:22", + "last_seen_at": "2019-08-07 13:28:22", + "status": "open" + }, + { + "scanner_identifier": "S7804807G", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:28:22", + "last_seen_at": "2019-08-07 13:28:22", + "status": "open" + }, + { + "scanner_identifier": "S5487954G", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:28:26", + "last_seen_at": "2019-08-07 13:28:26", + "status": "open" + }, + { + "scanner_identifier": "S6117637C", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:28:27", + "last_seen_at": "2019-08-07 13:28:27", + "status": "open" + } + ] + }, + { + "ip_address": "26.23.61.90", + "vulns": [ + { + "scanner_identifier": "S8471400C", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:28:30", + "last_seen_at": "2019-08-07 13:28:30", + "status": "open" + }, + { + "scanner_identifier": "S9734139G", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:28:33", + "last_seen_at": "2019-08-07 13:28:33", + "status": "open" + }, + { + "scanner_identifier": "S7412233G", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:28:33", + "last_seen_at": "2019-08-07 13:28:33", + "status": "open" + }, + { + "scanner_identifier": "S9133920Z", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:28:35", + "last_seen_at": "2019-08-07 13:28:35", + "status": "open" + }, + { + "scanner_identifier": "S8330272J", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:28:35", + "last_seen_at": "2019-08-07 13:28:35", + "status": "open" + }, + { + "scanner_identifier": "S7021071A", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:28:36", + "last_seen_at": "2019-08-07 13:28:36", + "status": "open" + } + ] + }, + { + "ip_address": "248.103.74.187", + "vulns": [ + { + "scanner_identifier": "S9858453F", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:28:37", + "last_seen_at": "2019-08-07 13:28:37", + "status": "open" + }, + { + "scanner_identifier": "S8732948H", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:28:38", + "last_seen_at": "2019-08-07 13:28:38", + "status": "open" + }, + { + "scanner_identifier": "S9585197E", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:28:40", + "last_seen_at": "2019-08-07 13:28:40", + "status": "open" + }, + { + "scanner_identifier": "S6108780Z", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:28:40", + "last_seen_at": "2019-08-07 13:28:40", + "status": "open" + }, + { + "scanner_identifier": "S7821306Z", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:28:42", + "last_seen_at": "2019-08-07 13:28:42", + "status": "open" + }, + { + "scanner_identifier": "S5830027F", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:28:43", + "last_seen_at": "2019-08-07 13:28:43", + "status": "open" + }, + { + "scanner_identifier": "S9392221B", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:28:44", + "last_seen_at": "2019-08-07 13:28:44", + "status": "open" + }, + { + "scanner_identifier": "S8536416B", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:28:47", + "last_seen_at": "2019-08-07 13:28:47", + "status": "open" + }, + { + "scanner_identifier": "S5821674G", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:28:48", + "last_seen_at": "2019-08-07 13:28:48", + "status": "open" + } + ] + }, + { + "ip_address": "57.52.249.184", + "vulns": [ + { + "scanner_identifier": "S9907000E", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:28:49", + "last_seen_at": "2019-08-07 13:28:49", + "status": "open" + }, + { + "scanner_identifier": "S8039891C", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:28:50", + "last_seen_at": "2019-08-07 13:28:50", + "status": "open" + } + ] + }, + { + "ip_address": "188.158.131.161", + "vulns": [ + { + "scanner_identifier": "T0112166E", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:28:50", + "last_seen_at": "2019-08-07 13:28:50", + "status": "open" + }, + { + "scanner_identifier": "S7014083G", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:28:50", + "last_seen_at": "2019-08-07 13:28:50", + "status": "open" + }, + { + "scanner_identifier": "S6394005D", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:28:51", + "last_seen_at": "2019-08-07 13:28:51", + "status": "open" + }, + { + "scanner_identifier": "S5757431C", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:28:52", + "last_seen_at": "2019-08-07 13:28:52", + "status": "open" + }, + { + "scanner_identifier": "S6536032B", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:28:53", + "last_seen_at": "2019-08-07 13:28:53", + "status": "open" + }, + { + "scanner_identifier": "S9254441I", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:28:53", + "last_seen_at": "2019-08-07 13:28:53", + "status": "open" + } + ] + }, + { + "ip_address": "75.112.236.105", + "vulns": [ + { + "scanner_identifier": "S9509084B", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:28:54", + "last_seen_at": "2019-08-07 13:28:54", + "status": "open" + }, + { + "scanner_identifier": "S7657429D", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:28:55", + "last_seen_at": "2019-08-07 13:28:55", + "status": "open" + }, + { + "scanner_identifier": "S5626687I", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:28:55", + "last_seen_at": "2019-08-07 13:28:55", + "status": "open" + }, + { + "scanner_identifier": "S7050388C", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:28:56", + "last_seen_at": "2019-08-07 13:28:56", + "status": "open" + }, + { + "scanner_identifier": "S9524403C", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:28:57", + "last_seen_at": "2019-08-07 13:28:57", + "status": "open" + }, + { + "scanner_identifier": "S7110073A", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:28:58", + "last_seen_at": "2019-08-07 13:28:58", + "status": "open" + }, + { + "scanner_identifier": "S8822803J", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:28:58", + "last_seen_at": "2019-08-07 13:28:58", + "status": "open" + }, + { + "scanner_identifier": "S5670871E", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:28:59", + "last_seen_at": "2019-08-07 13:28:59", + "status": "open" + } + ] + }, + { + "ip_address": "253.121.254.44", + "vulns": [ + { + "scanner_identifier": "S6765049B", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:29:00", + "last_seen_at": "2019-08-07 13:29:00", + "status": "open" + }, + { + "scanner_identifier": "S7871609F", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:29:04", + "last_seen_at": "2019-08-07 13:29:04", + "status": "open" + }, + { + "scanner_identifier": "S6307452G", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:29:04", + "last_seen_at": "2019-08-07 13:29:04", + "status": "open" + }, + { + "scanner_identifier": "S6421712G", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:29:05", + "last_seen_at": "2019-08-07 13:29:05", + "status": "open" + }, + { + "scanner_identifier": "S8329082Z", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:29:07", + "last_seen_at": "2019-08-07 13:29:07", + "status": "open" + }, + { + "scanner_identifier": "S8569773J", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:29:08", + "last_seen_at": "2019-08-07 13:29:08", + "status": "open" + }, + { + "scanner_identifier": "S8718653I", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:29:08", + "last_seen_at": "2019-08-07 13:29:08", + "status": "open" + } + ] + }, + { + "ip_address": "79.152.240.226", + "vulns": [ + { + "scanner_identifier": "S9456566I", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:29:09", + "last_seen_at": "2019-08-07 13:29:09", + "status": "open" + }, + { + "scanner_identifier": "S9281363J", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:29:10", + "last_seen_at": "2019-08-07 13:29:10", + "status": "open" + }, + { + "scanner_identifier": "S7303558I", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:29:13", + "last_seen_at": "2019-08-07 13:29:13", + "status": "open" + }, + { + "scanner_identifier": "S7566330G", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:29:14", + "last_seen_at": "2019-08-07 13:29:14", + "status": "open" + }, + { + "scanner_identifier": "S8695059F", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:29:14", + "last_seen_at": "2019-08-07 13:29:14", + "status": "open" + }, + { + "scanner_identifier": "S6511844J", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:29:15", + "last_seen_at": "2019-08-07 13:29:15", + "status": "open" + }, + { + "scanner_identifier": "S8996993Z", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:29:15", + "last_seen_at": "2019-08-07 13:29:15", + "status": "open" + }, + { + "scanner_identifier": "S8322546G", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:29:16", + "last_seen_at": "2019-08-07 13:29:16", + "status": "open" + }, + { + "scanner_identifier": "S7344438A", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:29:17", + "last_seen_at": "2019-08-07 13:29:17", + "status": "open" + }, + { + "scanner_identifier": "S9921262D", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:29:18", + "last_seen_at": "2019-08-07 13:29:18", + "status": "open" + } + ] + }, + { + "ip_address": "61.31.65.125", + "vulns": [ + { + "scanner_identifier": "S6578288Z", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:29:19", + "last_seen_at": "2019-08-07 13:29:19", + "status": "open" + }, + { + "scanner_identifier": "S5470595F", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:29:20", + "last_seen_at": "2019-08-07 13:29:20", + "status": "open" + }, + { + "scanner_identifier": "S6276131H", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:29:20", + "last_seen_at": "2019-08-07 13:29:20", + "status": "open" + }, + { + "scanner_identifier": "S7776792D", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:29:21", + "last_seen_at": "2019-08-07 13:29:21", + "status": "open" + }, + { + "scanner_identifier": "S7000964A", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:29:24", + "last_seen_at": "2019-08-07 13:29:24", + "status": "open" + }, + { + "scanner_identifier": "S8727112I", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:29:27", + "last_seen_at": "2019-08-07 13:29:27", + "status": "open" + } + ] + }, + { + "ip_address": "44.223.9.17", + "vulns": [ + { + "scanner_identifier": "S5539962Z", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:29:27", + "last_seen_at": "2019-08-07 13:29:27", + "status": "open" + }, + { + "scanner_identifier": "S9411999E", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:29:27", + "last_seen_at": "2019-08-07 13:29:27", + "status": "open" + }, + { + "scanner_identifier": "S5503636E", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:29:28", + "last_seen_at": "2019-08-07 13:29:28", + "status": "open" + }, + { + "scanner_identifier": "S9060409J", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:29:29", + "last_seen_at": "2019-08-07 13:29:29", + "status": "open" + }, + { + "scanner_identifier": "S9147641Z", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:29:30", + "last_seen_at": "2019-08-07 13:29:30", + "status": "open" + }, + { + "scanner_identifier": "S9113664C", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:29:31", + "last_seen_at": "2019-08-07 13:29:31", + "status": "open" + } + ] + }, + { + "ip_address": "134.254.168.172", + "vulns": [ + { + "scanner_identifier": "S6952215G", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:29:34", + "last_seen_at": "2019-08-07 13:29:34", + "status": "open" + }, + { + "scanner_identifier": "S6743924D", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:29:35", + "last_seen_at": "2019-08-07 13:29:35", + "status": "open" + }, + { + "scanner_identifier": "S9051040A", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:29:38", + "last_seen_at": "2019-08-07 13:29:38", + "status": "open" + }, + { + "scanner_identifier": "S6963644F", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:29:38", + "last_seen_at": "2019-08-07 13:29:38", + "status": "open" + }, + { + "scanner_identifier": "S7326902D", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:29:41", + "last_seen_at": "2019-08-07 13:29:41", + "status": "open" + }, + { + "scanner_identifier": "S7585372F", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:29:42", + "last_seen_at": "2019-08-07 13:29:42", + "status": "open" + }, + { + "scanner_identifier": "S7363834H", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:29:42", + "last_seen_at": "2019-08-07 13:29:42", + "status": "open" + }, + { + "scanner_identifier": "S7763206I", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:29:43", + "last_seen_at": "2019-08-07 13:29:43", + "status": "open" + }, + { + "scanner_identifier": "S5942976J", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:29:43", + "last_seen_at": "2019-08-07 13:29:43", + "status": "open" + } + ] + }, + { + "ip_address": "26.154.128.11", + "vulns": [ + { + "scanner_identifier": "S7518860I", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:29:43", + "last_seen_at": "2019-08-07 13:29:43", + "status": "open" + }, + { + "scanner_identifier": "S7383075C", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:29:45", + "last_seen_at": "2019-08-07 13:29:45", + "status": "open" + }, + { + "scanner_identifier": "S7819823J", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:29:46", + "last_seen_at": "2019-08-07 13:29:46", + "status": "open" + }, + { + "scanner_identifier": "S6660921I", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:29:46", + "last_seen_at": "2019-08-07 13:29:46", + "status": "open" + } + ] + }, + { + "ip_address": "126.248.54.241", + "vulns": [ + { + "scanner_identifier": "S7125393G", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:29:47", + "last_seen_at": "2019-08-07 13:29:47", + "status": "open" + }, + { + "scanner_identifier": "S9149349G", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:29:48", + "last_seen_at": "2019-08-07 13:29:48", + "status": "open" + }, + { + "scanner_identifier": "S5645204D", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:29:48", + "last_seen_at": "2019-08-07 13:29:48", + "status": "open" + }, + { + "scanner_identifier": "S8083453E", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:29:48", + "last_seen_at": "2019-08-07 13:29:48", + "status": "open" + }, + { + "scanner_identifier": "S5856316A", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:29:49", + "last_seen_at": "2019-08-07 13:29:49", + "status": "open" + }, + { + "scanner_identifier": "S7748960F", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:29:49", + "last_seen_at": "2019-08-07 13:29:49", + "status": "open" + }, + { + "scanner_identifier": "S7064259Z", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:29:50", + "last_seen_at": "2019-08-07 13:29:50", + "status": "open" + }, + { + "scanner_identifier": "S6352723H", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:29:50", + "last_seen_at": "2019-08-07 13:29:50", + "status": "open" + }, + { + "scanner_identifier": "S7516788A", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:29:50", + "last_seen_at": "2019-08-07 13:29:50", + "status": "open" + }, + { + "scanner_identifier": "S9839427C", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:29:51", + "last_seen_at": "2019-08-07 13:29:51", + "status": "open" + } + ] + }, + { + "ip_address": "14.187.193.54", + "vulns": [ + { + "scanner_identifier": "S9498737G", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:29:52", + "last_seen_at": "2019-08-07 13:29:52", + "status": "open" + } + ] + }, + { + "ip_address": "1.204.60.124", + "vulns": [ + { + "scanner_identifier": "S7965647Z", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:29:53", + "last_seen_at": "2019-08-07 13:29:53", + "status": "open" + }, + { + "scanner_identifier": "S8473021A", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:29:54", + "last_seen_at": "2019-08-07 13:29:54", + "status": "open" + }, + { + "scanner_identifier": "S6475979E", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:29:55", + "last_seen_at": "2019-08-07 13:29:55", + "status": "open" + }, + { + "scanner_identifier": "S8975930G", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:29:55", + "last_seen_at": "2019-08-07 13:29:55", + "status": "open" + }, + { + "scanner_identifier": "S8393133G", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:29:56", + "last_seen_at": "2019-08-07 13:29:56", + "status": "open" + }, + { + "scanner_identifier": "S6305801G", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:29:57", + "last_seen_at": "2019-08-07 13:29:57", + "status": "open" + }, + { + "scanner_identifier": "S5834291B", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:29:57", + "last_seen_at": "2019-08-07 13:29:57", + "status": "open" + } + ] + }, + { + "ip_address": "33.161.229.10", + "vulns": [ + { + "scanner_identifier": "S7101228Z", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:29:58", + "last_seen_at": "2019-08-07 13:29:58", + "status": "open" + }, + { + "scanner_identifier": "T0000788E", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:29:58", + "last_seen_at": "2019-08-07 13:29:58", + "status": "open" + }, + { + "scanner_identifier": "S8661187B", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:29:59", + "last_seen_at": "2019-08-07 13:29:59", + "status": "open" + } + ] + }, + { + "ip_address": "66.89.65.195", + "vulns": [ + { + "scanner_identifier": "S5802396E", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:30:00", + "last_seen_at": "2019-08-07 13:30:00", + "status": "open" + }, + { + "scanner_identifier": "S6431406H", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:30:01", + "last_seen_at": "2019-08-07 13:30:01", + "status": "open" + }, + { + "scanner_identifier": "S7281934I", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:30:01", + "last_seen_at": "2019-08-07 13:30:01", + "status": "open" + }, + { + "scanner_identifier": "S6099140E", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:30:02", + "last_seen_at": "2019-08-07 13:30:02", + "status": "open" + }, + { + "scanner_identifier": "S7977063I", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:30:03", + "last_seen_at": "2019-08-07 13:30:03", + "status": "open" + }, + { + "scanner_identifier": "S9877499H", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:30:06", + "last_seen_at": "2019-08-07 13:30:06", + "status": "open" + }, + { + "scanner_identifier": "S8268066G", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:30:10", + "last_seen_at": "2019-08-07 13:30:10", + "status": "open" + }, + { + "scanner_identifier": "S9382931Z", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:30:13", + "last_seen_at": "2019-08-07 13:30:13", + "status": "open" + }, + { + "scanner_identifier": "S5649871J", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:30:14", + "last_seen_at": "2019-08-07 13:30:14", + "status": "open" + } + ] + }, + { + "ip_address": "164.225.63.116", + "vulns": [ + { + "scanner_identifier": "S5655088G", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:30:16", + "last_seen_at": "2019-08-07 13:30:16", + "status": "open" + }, + { + "scanner_identifier": "S7472204J", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:30:18", + "last_seen_at": "2019-08-07 13:30:18", + "status": "open" + } + ] + }, + { + "ip_address": "99.26.87.39", + "vulns": [ + { + "scanner_identifier": "S8850530A", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:30:19", + "last_seen_at": "2019-08-07 13:30:19", + "status": "open" + }, + { + "scanner_identifier": "S7669463Z", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:30:19", + "last_seen_at": "2019-08-07 13:30:19", + "status": "open" + }, + { + "scanner_identifier": "S7476402I", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:30:19", + "last_seen_at": "2019-08-07 13:30:19", + "status": "open" + }, + { + "scanner_identifier": "S6855662G", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:30:20", + "last_seen_at": "2019-08-07 13:30:20", + "status": "open" + }, + { + "scanner_identifier": "S9404140F", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:30:24", + "last_seen_at": "2019-08-07 13:30:24", + "status": "open" + }, + { + "scanner_identifier": "S8862004F", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:30:25", + "last_seen_at": "2019-08-07 13:30:25", + "status": "open" + } + ] + }, + { + "ip_address": "50.140.160.39", + "vulns": [ + { + "scanner_identifier": "S5859750C", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:30:25", + "last_seen_at": "2019-08-07 13:30:25", + "status": "open" + }, + { + "scanner_identifier": "T0000548C", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:30:26", + "last_seen_at": "2019-08-07 13:30:26", + "status": "open" + }, + { + "scanner_identifier": "S6912250G", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:30:27", + "last_seen_at": "2019-08-07 13:30:27", + "status": "open" + }, + { + "scanner_identifier": "S8405693F", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:30:27", + "last_seen_at": "2019-08-07 13:30:27", + "status": "open" + }, + { + "scanner_identifier": "S6907173B", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:30:27", + "last_seen_at": "2019-08-07 13:30:27", + "status": "open" + }, + { + "scanner_identifier": "S8194362A", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:30:29", + "last_seen_at": "2019-08-07 13:30:29", + "status": "open" + }, + { + "scanner_identifier": "S5605104Z", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:30:30", + "last_seen_at": "2019-08-07 13:30:30", + "status": "open" + }, + { + "scanner_identifier": "S9957728B", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:30:30", + "last_seen_at": "2019-08-07 13:30:30", + "status": "open" + } + ] + }, + { + "ip_address": "18.92.6.46", + "vulns": [ + { + "scanner_identifier": "S7446434C", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:30:31", + "last_seen_at": "2019-08-07 13:30:31", + "status": "open" + }, + { + "scanner_identifier": "S9001561C", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:30:31", + "last_seen_at": "2019-08-07 13:30:31", + "status": "open" + }, + { + "scanner_identifier": "T0052225I", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:30:31", + "last_seen_at": "2019-08-07 13:30:31", + "status": "open" + }, + { + "scanner_identifier": "S5579211I", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:30:32", + "last_seen_at": "2019-08-07 13:30:32", + "status": "open" + }, + { + "scanner_identifier": "S6575218B", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:30:32", + "last_seen_at": "2019-08-07 13:30:32", + "status": "open" + }, + { + "scanner_identifier": "S9667139C", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:30:33", + "last_seen_at": "2019-08-07 13:30:33", + "status": "open" + }, + { + "scanner_identifier": "S7771719F", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:30:33", + "last_seen_at": "2019-08-07 13:30:33", + "status": "open" + }, + { + "scanner_identifier": "T0018603H", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:30:34", + "last_seen_at": "2019-08-07 13:30:34", + "status": "open" + }, + { + "scanner_identifier": "S6214658C", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:30:37", + "last_seen_at": "2019-08-07 13:30:37", + "status": "open" + }, + { + "scanner_identifier": "S8603225B", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:30:40", + "last_seen_at": "2019-08-07 13:30:40", + "status": "open" + } + ] + }, + { + "ip_address": "6.192.92.255", + "vulns": [ + { + "scanner_identifier": "S9357860J", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:30:41", + "last_seen_at": "2019-08-07 13:30:41", + "status": "open" + }, + { + "scanner_identifier": "S6607003D", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:30:44", + "last_seen_at": "2019-08-07 13:30:44", + "status": "open" + } + ] + }, + { + "ip_address": "18.23.237.104", + "vulns": [ + { + "scanner_identifier": "S6979247B", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:30:44", + "last_seen_at": "2019-08-07 13:30:44", + "status": "open" + }, + { + "scanner_identifier": "S6822078E", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:30:45", + "last_seen_at": "2019-08-07 13:30:45", + "status": "open" + }, + { + "scanner_identifier": "S7869766J", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:30:45", + "last_seen_at": "2019-08-07 13:30:45", + "status": "open" + }, + { + "scanner_identifier": "S5755816D", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:30:46", + "last_seen_at": "2019-08-07 13:30:46", + "status": "open" + }, + { + "scanner_identifier": "S8506456H", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:30:46", + "last_seen_at": "2019-08-07 13:30:46", + "status": "open" + } + ] + }, + { + "ip_address": "172.168.144.28", + "vulns": [ + { + "scanner_identifier": "S5889794I", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:30:47", + "last_seen_at": "2019-08-07 13:30:47", + "status": "open" + }, + { + "scanner_identifier": "T0197304A", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:30:48", + "last_seen_at": "2019-08-07 13:30:48", + "status": "open" + }, + { + "scanner_identifier": "S6276165B", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:30:51", + "last_seen_at": "2019-08-07 13:30:51", + "status": "open" + }, + { + "scanner_identifier": "S5806757A", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:30:52", + "last_seen_at": "2019-08-07 13:30:52", + "status": "open" + }, + { + "scanner_identifier": "S6292149H", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:30:53", + "last_seen_at": "2019-08-07 13:30:53", + "status": "open" + }, + { + "scanner_identifier": "S5543940J", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:30:54", + "last_seen_at": "2019-08-07 13:30:54", + "status": "open" + }, + { + "scanner_identifier": "S8043240B", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:30:55", + "last_seen_at": "2019-08-07 13:30:55", + "status": "open" + }, + { + "scanner_identifier": "S9472635B", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:30:56", + "last_seen_at": "2019-08-07 13:30:56", + "status": "open" + }, + { + "scanner_identifier": "S6402476J", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:30:56", + "last_seen_at": "2019-08-07 13:30:56", + "status": "open" + }, + { + "scanner_identifier": "S7198279C", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:30:57", + "last_seen_at": "2019-08-07 13:30:57", + "status": "open" + } + ] + }, + { + "ip_address": "139.226.107.74", + "vulns": [ + { + "scanner_identifier": "S6020125J", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:30:57", + "last_seen_at": "2019-08-07 13:30:57", + "status": "open" + }, + { + "scanner_identifier": "S6313335C", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:30:58", + "last_seen_at": "2019-08-07 13:30:58", + "status": "open" + } + ] + }, + { + "ip_address": "223.224.253.53", + "vulns": [ + { + "scanner_identifier": "S8751385H", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:30:59", + "last_seen_at": "2019-08-07 13:30:59", + "status": "open" + }, + { + "scanner_identifier": "S6417363D", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:30:59", + "last_seen_at": "2019-08-07 13:30:59", + "status": "open" + } + ] + }, + { + "ip_address": "60.166.194.120", + "vulns": [ + { + "scanner_identifier": "S7016687I", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:30:59", + "last_seen_at": "2019-08-07 13:30:59", + "status": "open" + } + ] + }, + { + "ip_address": "150.137.193.165", + "vulns": [ + { + "scanner_identifier": "S8871083E", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:31:00", + "last_seen_at": "2019-08-07 13:31:00", + "status": "open" + } + ] + }, + { + "ip_address": "136.204.127.48", + "vulns": [ + { + "scanner_identifier": "S5825461D", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:31:01", + "last_seen_at": "2019-08-07 13:31:01", + "status": "open" + }, + { + "scanner_identifier": "S6353766G", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:31:01", + "last_seen_at": "2019-08-07 13:31:01", + "status": "open" + }, + { + "scanner_identifier": "S6487748H", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:31:02", + "last_seen_at": "2019-08-07 13:31:02", + "status": "open" + }, + { + "scanner_identifier": "S8726121B", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:31:05", + "last_seen_at": "2019-08-07 13:31:05", + "status": "open" + }, + { + "scanner_identifier": "S8414664A", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:31:05", + "last_seen_at": "2019-08-07 13:31:05", + "status": "open" + } + ] + }, + { + "ip_address": "179.79.123.0", + "vulns": [ + { + "scanner_identifier": "S5837053C", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:31:06", + "last_seen_at": "2019-08-07 13:31:06", + "status": "open" + }, + { + "scanner_identifier": "S8501298C", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:31:07", + "last_seen_at": "2019-08-07 13:31:07", + "status": "open" + }, + { + "scanner_identifier": "S8377376F", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:31:11", + "last_seen_at": "2019-08-07 13:31:11", + "status": "open" + }, + { + "scanner_identifier": "S7581697I", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:31:14", + "last_seen_at": "2019-08-07 13:31:14", + "status": "open" + }, + { + "scanner_identifier": "T0126237D", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:31:16", + "last_seen_at": "2019-08-07 13:31:16", + "status": "open" + }, + { + "scanner_identifier": "S7753577B", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:31:17", + "last_seen_at": "2019-08-07 13:31:17", + "status": "open" + }, + { + "scanner_identifier": "S6238466B", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:31:18", + "last_seen_at": "2019-08-07 13:31:18", + "status": "open" + }, + { + "scanner_identifier": "S8319599A", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:31:19", + "last_seen_at": "2019-08-07 13:31:19", + "status": "open" + }, + { + "scanner_identifier": "S9663397A", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:31:19", + "last_seen_at": "2019-08-07 13:31:19", + "status": "open" + }, + { + "scanner_identifier": "S9970364D", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:31:21", + "last_seen_at": "2019-08-07 13:31:21", + "status": "open" + } + ] + }, + { + "ip_address": "168.37.62.23", + "vulns": [ + { + "scanner_identifier": "S7778730E", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:31:22", + "last_seen_at": "2019-08-07 13:31:22", + "status": "open" + } + ] + }, + { + "ip_address": "9.14.145.68", + "vulns": [ + { + "scanner_identifier": "S8544001B", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:31:22", + "last_seen_at": "2019-08-07 13:31:22", + "status": "open" + } + ] + }, + { + "ip_address": "63.158.133.44", + "vulns": [ + { + "scanner_identifier": "S8746351F", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:31:22", + "last_seen_at": "2019-08-07 13:31:22", + "status": "open" + }, + { + "scanner_identifier": "S8229546A", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:31:23", + "last_seen_at": "2019-08-07 13:31:23", + "status": "open" + }, + { + "scanner_identifier": "T0017926J", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:31:24", + "last_seen_at": "2019-08-07 13:31:24", + "status": "open" + }, + { + "scanner_identifier": "S9986449D", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:31:25", + "last_seen_at": "2019-08-07 13:31:25", + "status": "open" + }, + { + "scanner_identifier": "S9420340F", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:31:26", + "last_seen_at": "2019-08-07 13:31:26", + "status": "open" + }, + { + "scanner_identifier": "S6044577Z", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:31:26", + "last_seen_at": "2019-08-07 13:31:26", + "status": "open" + }, + { + "scanner_identifier": "S6557448I", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:31:27", + "last_seen_at": "2019-08-07 13:31:27", + "status": "open" + }, + { + "scanner_identifier": "S9211465A", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:31:30", + "last_seen_at": "2019-08-07 13:31:30", + "status": "open" + } + ] + }, + { + "ip_address": "26.110.182.114", + "vulns": [ + { + "scanner_identifier": "S6306498Z", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:31:30", + "last_seen_at": "2019-08-07 13:31:30", + "status": "open" + }, + { + "scanner_identifier": "S7583371G", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:31:31", + "last_seen_at": "2019-08-07 13:31:31", + "status": "open" + }, + { + "scanner_identifier": "S6594691B", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:31:32", + "last_seen_at": "2019-08-07 13:31:32", + "status": "open" + }, + { + "scanner_identifier": "T0088839C", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:31:32", + "last_seen_at": "2019-08-07 13:31:32", + "status": "open" + }, + { + "scanner_identifier": "S8733994G", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:31:33", + "last_seen_at": "2019-08-07 13:31:33", + "status": "open" + } + ] + }, + { + "ip_address": "211.191.163.248", + "vulns": [ + { + "scanner_identifier": "S9846028D", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:31:33", + "last_seen_at": "2019-08-07 13:31:33", + "status": "open" + }, + { + "scanner_identifier": "S9173641A", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:31:34", + "last_seen_at": "2019-08-07 13:31:34", + "status": "open" + }, + { + "scanner_identifier": "S6190969I", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:31:35", + "last_seen_at": "2019-08-07 13:31:35", + "status": "open" + }, + { + "scanner_identifier": "S6440913A", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:31:35", + "last_seen_at": "2019-08-07 13:31:35", + "status": "open" + } + ] + }, + { + "ip_address": "251.168.206.94", + "vulns": [ + { + "scanner_identifier": "S9308108J", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:31:36", + "last_seen_at": "2019-08-07 13:31:36", + "status": "open" + }, + { + "scanner_identifier": "S5550006A", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:31:36", + "last_seen_at": "2019-08-07 13:31:36", + "status": "open" + }, + { + "scanner_identifier": "S6257846G", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:31:39", + "last_seen_at": "2019-08-07 13:31:39", + "status": "open" + }, + { + "scanner_identifier": "S9989116E", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:31:42", + "last_seen_at": "2019-08-07 13:31:42", + "status": "open" + } + ] + }, + { + "ip_address": "195.182.120.111", + "vulns": [ + { + "scanner_identifier": "S9856077G", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:31:42", + "last_seen_at": "2019-08-07 13:31:42", + "status": "open" + } + ] + }, + { + "ip_address": "76.134.97.52", + "vulns": [ + { + "scanner_identifier": "S6139345E", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:31:43", + "last_seen_at": "2019-08-07 13:31:43", + "status": "open" + }, + { + "scanner_identifier": "S5441654G", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:31:43", + "last_seen_at": "2019-08-07 13:31:43", + "status": "open" + }, + { + "scanner_identifier": "S8255485H", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:31:46", + "last_seen_at": "2019-08-07 13:31:46", + "status": "open" + }, + { + "scanner_identifier": "S9323102C", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:31:47", + "last_seen_at": "2019-08-07 13:31:47", + "status": "open" + }, + { + "scanner_identifier": "S8357950A", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:31:47", + "last_seen_at": "2019-08-07 13:31:47", + "status": "open" + }, + { + "scanner_identifier": "S6027498C", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:31:48", + "last_seen_at": "2019-08-07 13:31:48", + "status": "open" + }, + { + "scanner_identifier": "S6738176I", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:31:48", + "last_seen_at": "2019-08-07 13:31:48", + "status": "open" + }, + { + "scanner_identifier": "S8787877E", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:31:51", + "last_seen_at": "2019-08-07 13:31:51", + "status": "open" + }, + { + "scanner_identifier": "S7498061I", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:31:52", + "last_seen_at": "2019-08-07 13:31:52", + "status": "open" + } + ] + }, + { + "ip_address": "129.22.205.155", + "vulns": [ + { + "scanner_identifier": "S7881308C", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:31:53", + "last_seen_at": "2019-08-07 13:31:53", + "status": "open" + }, + { + "scanner_identifier": "S7197192I", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:31:54", + "last_seen_at": "2019-08-07 13:31:54", + "status": "open" + }, + { + "scanner_identifier": "S5952368F", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:31:54", + "last_seen_at": "2019-08-07 13:31:54", + "status": "open" + }, + { + "scanner_identifier": "S7977953I", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:31:54", + "last_seen_at": "2019-08-07 13:31:54", + "status": "open" + } + ] + }, + { + "ip_address": "228.158.254.238", + "vulns": [ + { + "scanner_identifier": "S8315058J", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:31:55", + "last_seen_at": "2019-08-07 13:31:55", + "status": "open" + }, + { + "scanner_identifier": "S8094649Z", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:31:56", + "last_seen_at": "2019-08-07 13:31:56", + "status": "open" + }, + { + "scanner_identifier": "S8498155I", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:31:57", + "last_seen_at": "2019-08-07 13:31:57", + "status": "open" + }, + { + "scanner_identifier": "S9812464J", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:31:58", + "last_seen_at": "2019-08-07 13:31:58", + "status": "open" + }, + { + "scanner_identifier": "S9951194Z", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:32:00", + "last_seen_at": "2019-08-07 13:32:00", + "status": "open" + }, + { + "scanner_identifier": "S7327955J", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:32:01", + "last_seen_at": "2019-08-07 13:32:01", + "status": "open" + }, + { + "scanner_identifier": "S6716329Z", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:32:02", + "last_seen_at": "2019-08-07 13:32:02", + "status": "open" + }, + { + "scanner_identifier": "S9071703J", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:32:02", + "last_seen_at": "2019-08-07 13:32:02", + "status": "open" + }, + { + "scanner_identifier": "S8469012J", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:32:03", + "last_seen_at": "2019-08-07 13:32:03", + "status": "open" + }, + { + "scanner_identifier": "S7942108A", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:32:04", + "last_seen_at": "2019-08-07 13:32:04", + "status": "open" + } + ] + }, + { + "ip_address": "200.34.196.238", + "vulns": [ + { + "scanner_identifier": "S6498766F", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:32:05", + "last_seen_at": "2019-08-07 13:32:05", + "status": "open" + }, + { + "scanner_identifier": "S9544168H", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:32:05", + "last_seen_at": "2019-08-07 13:32:05", + "status": "open" + }, + { + "scanner_identifier": "S5626109E", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:32:06", + "last_seen_at": "2019-08-07 13:32:06", + "status": "open" + }, + { + "scanner_identifier": "S7278409Z", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:32:09", + "last_seen_at": "2019-08-07 13:32:09", + "status": "open" + }, + { + "scanner_identifier": "S8600745B", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:32:10", + "last_seen_at": "2019-08-07 13:32:10", + "status": "open" + }, + { + "scanner_identifier": "S9409549B", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:32:11", + "last_seen_at": "2019-08-07 13:32:11", + "status": "open" + }, + { + "scanner_identifier": "S9198872J", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:32:12", + "last_seen_at": "2019-08-07 13:32:12", + "status": "open" + }, + { + "scanner_identifier": "S7267570C", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:32:12", + "last_seen_at": "2019-08-07 13:32:12", + "status": "open" + }, + { + "scanner_identifier": "S6751548Z", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:32:16", + "last_seen_at": "2019-08-07 13:32:16", + "status": "open" + } + ] + }, + { + "ip_address": "51.78.151.34", + "vulns": [ + { + "scanner_identifier": "S8266874H", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:32:17", + "last_seen_at": "2019-08-07 13:32:17", + "status": "open" + }, + { + "scanner_identifier": "S8311290E", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:32:18", + "last_seen_at": "2019-08-07 13:32:18", + "status": "open" + }, + { + "scanner_identifier": "S5574162Z", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:32:19", + "last_seen_at": "2019-08-07 13:32:19", + "status": "open" + }, + { + "scanner_identifier": "S8891492I", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:32:22", + "last_seen_at": "2019-08-07 13:32:22", + "status": "open" + } + ] + }, + { + "ip_address": "135.19.223.159", + "vulns": [ + { + "scanner_identifier": "S6327546H", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:32:23", + "last_seen_at": "2019-08-07 13:32:23", + "status": "open" + }, + { + "scanner_identifier": "S7692560G", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:32:23", + "last_seen_at": "2019-08-07 13:32:23", + "status": "open" + }, + { + "scanner_identifier": "S5545829D", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:32:24", + "last_seen_at": "2019-08-07 13:32:24", + "status": "open" + }, + { + "scanner_identifier": "S8971105C", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:32:24", + "last_seen_at": "2019-08-07 13:32:24", + "status": "open" + }, + { + "scanner_identifier": "S8215394B", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:32:25", + "last_seen_at": "2019-08-07 13:32:25", + "status": "open" + } + ] + }, + { + "ip_address": "45.223.243.196", + "vulns": [ + { + "scanner_identifier": "S6256130J", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:32:26", + "last_seen_at": "2019-08-07 13:32:26", + "status": "open" + }, + { + "scanner_identifier": "S5789902F", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:32:27", + "last_seen_at": "2019-08-07 13:32:27", + "status": "open" + }, + { + "scanner_identifier": "S5748122F", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:32:29", + "last_seen_at": "2019-08-07 13:32:29", + "status": "open" + }, + { + "scanner_identifier": "S8762506J", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:32:30", + "last_seen_at": "2019-08-07 13:32:30", + "status": "open" + } + ] + }, + { + "ip_address": "122.253.193.220", + "vulns": [ + { + "scanner_identifier": "S7684520D", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:32:31", + "last_seen_at": "2019-08-07 13:32:31", + "status": "open" + }, + { + "scanner_identifier": "S9785570F", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:32:31", + "last_seen_at": "2019-08-07 13:32:31", + "status": "open" + }, + { + "scanner_identifier": "S8132256B", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:32:32", + "last_seen_at": "2019-08-07 13:32:32", + "status": "open" + }, + { + "scanner_identifier": "S5736568D", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:32:33", + "last_seen_at": "2019-08-07 13:32:33", + "status": "open" + }, + { + "scanner_identifier": "S7260590Z", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:32:33", + "last_seen_at": "2019-08-07 13:32:33", + "status": "open" + }, + { + "scanner_identifier": "S5474180D", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:32:34", + "last_seen_at": "2019-08-07 13:32:34", + "status": "open" + }, + { + "scanner_identifier": "S6101886G", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:32:37", + "last_seen_at": "2019-08-07 13:32:37", + "status": "open" + } + ] + }, + { + "ip_address": "180.147.255.250", + "vulns": [ + { + "scanner_identifier": "S6827256D", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:32:38", + "last_seen_at": "2019-08-07 13:32:38", + "status": "open" + }, + { + "scanner_identifier": "S6327296E", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:32:39", + "last_seen_at": "2019-08-07 13:32:39", + "status": "open" + }, + { + "scanner_identifier": "T0135053B", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:32:39", + "last_seen_at": "2019-08-07 13:32:39", + "status": "open" + }, + { + "scanner_identifier": "S8563133J", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:32:40", + "last_seen_at": "2019-08-07 13:32:40", + "status": "open" + }, + { + "scanner_identifier": "S5894017H", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:32:40", + "last_seen_at": "2019-08-07 13:32:40", + "status": "open" + }, + { + "scanner_identifier": "S7808596G", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:32:41", + "last_seen_at": "2019-08-07 13:32:41", + "status": "open" + }, + { + "scanner_identifier": "S8093765B", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:32:43", + "last_seen_at": "2019-08-07 13:32:43", + "status": "open" + }, + { + "scanner_identifier": "S8728482D", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:32:44", + "last_seen_at": "2019-08-07 13:32:44", + "status": "open" + }, + { + "scanner_identifier": "S6577631F", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:32:44", + "last_seen_at": "2019-08-07 13:32:44", + "status": "open" + }, + { + "scanner_identifier": "T0051288A", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:32:45", + "last_seen_at": "2019-08-07 13:32:45", + "status": "open" + } + ] + }, + { + "ip_address": "111.86.105.186", + "vulns": [ + { + "scanner_identifier": "S6885439C", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:32:46", + "last_seen_at": "2019-08-07 13:32:46", + "status": "open" + } + ] + }, + { + "ip_address": "46.180.12.64", + "vulns": [ + { + "scanner_identifier": "S9071795B", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:32:49", + "last_seen_at": "2019-08-07 13:32:49", + "status": "open" + }, + { + "scanner_identifier": "S7037886H", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:32:52", + "last_seen_at": "2019-08-07 13:32:52", + "status": "open" + }, + { + "scanner_identifier": "S6198543C", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:32:55", + "last_seen_at": "2019-08-07 13:32:55", + "status": "open" + }, + { + "scanner_identifier": "S7239438J", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:32:56", + "last_seen_at": "2019-08-07 13:32:56", + "status": "open" + }, + { + "scanner_identifier": "S8328834E", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:32:57", + "last_seen_at": "2019-08-07 13:32:57", + "status": "open" + } + ] + }, + { + "ip_address": "222.3.135.114", + "vulns": [ + { + "scanner_identifier": "S5767482B", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:32:58", + "last_seen_at": "2019-08-07 13:32:58", + "status": "open" + }, + { + "scanner_identifier": "S8587018A", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:32:58", + "last_seen_at": "2019-08-07 13:32:58", + "status": "open" + }, + { + "scanner_identifier": "S7654112D", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:32:59", + "last_seen_at": "2019-08-07 13:32:59", + "status": "open" + } + ] + }, + { + "ip_address": "99.18.10.96", + "vulns": [ + { + "scanner_identifier": "S7067556J", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:33:00", + "last_seen_at": "2019-08-07 13:33:00", + "status": "open" + }, + { + "scanner_identifier": "S5845701I", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:33:00", + "last_seen_at": "2019-08-07 13:33:00", + "status": "open" + }, + { + "scanner_identifier": "S7595474C", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:33:00", + "last_seen_at": "2019-08-07 13:33:00", + "status": "open" + }, + { + "scanner_identifier": "S5722664A", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:33:00", + "last_seen_at": "2019-08-07 13:33:00", + "status": "open" + }, + { + "scanner_identifier": "S6723929F", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:33:01", + "last_seen_at": "2019-08-07 13:33:01", + "status": "open" + }, + { + "scanner_identifier": "S6555862I", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:33:02", + "last_seen_at": "2019-08-07 13:33:02", + "status": "open" + }, + { + "scanner_identifier": "S5756711B", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:33:04", + "last_seen_at": "2019-08-07 13:33:04", + "status": "open" + }, + { + "scanner_identifier": "S8439682F", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:33:07", + "last_seen_at": "2019-08-07 13:33:07", + "status": "open" + }, + { + "scanner_identifier": "S9360322B", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:33:08", + "last_seen_at": "2019-08-07 13:33:08", + "status": "open" + }, + { + "scanner_identifier": "S7411915H", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:33:09", + "last_seen_at": "2019-08-07 13:33:09", + "status": "open" + } + ] + }, + { + "ip_address": "255.191.50.28", + "vulns": [ + { + "scanner_identifier": "S6797514F", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:33:09", + "last_seen_at": "2019-08-07 13:33:09", + "status": "open" + }, + { + "scanner_identifier": "S5953470Z", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:33:10", + "last_seen_at": "2019-08-07 13:33:10", + "status": "open" + }, + { + "scanner_identifier": "S8333424Z", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:33:11", + "last_seen_at": "2019-08-07 13:33:11", + "status": "open" + }, + { + "scanner_identifier": "S8227000J", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:33:11", + "last_seen_at": "2019-08-07 13:33:11", + "status": "open" + }, + { + "scanner_identifier": "S6216075F", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:33:12", + "last_seen_at": "2019-08-07 13:33:12", + "status": "open" + }, + { + "scanner_identifier": "S9591776C", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:33:12", + "last_seen_at": "2019-08-07 13:33:12", + "status": "open" + }, + { + "scanner_identifier": "S9795682J", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:33:13", + "last_seen_at": "2019-08-07 13:33:13", + "status": "open" + }, + { + "scanner_identifier": "S5556099D", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:33:16", + "last_seen_at": "2019-08-07 13:33:16", + "status": "open" + }, + { + "scanner_identifier": "S6536252Z", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:33:19", + "last_seen_at": "2019-08-07 13:33:19", + "status": "open" + } + ] + }, + { + "ip_address": "67.111.109.127", + "vulns": [ + { + "scanner_identifier": "S8351341A", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:33:23", + "last_seen_at": "2019-08-07 13:33:23", + "status": "open" + }, + { + "scanner_identifier": "T0085496J", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:33:24", + "last_seen_at": "2019-08-07 13:33:24", + "status": "open" + }, + { + "scanner_identifier": "S5997206E", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:33:26", + "last_seen_at": "2019-08-07 13:33:26", + "status": "open" + }, + { + "scanner_identifier": "S9625586A", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:33:26", + "last_seen_at": "2019-08-07 13:33:26", + "status": "open" + }, + { + "scanner_identifier": "S8626414E", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:33:27", + "last_seen_at": "2019-08-07 13:33:27", + "status": "open" + } + ] + }, + { + "ip_address": "149.106.4.248", + "vulns": [ + { + "scanner_identifier": "S6566451H", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:33:27", + "last_seen_at": "2019-08-07 13:33:27", + "status": "open" + }, + { + "scanner_identifier": "S8586637J", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:33:27", + "last_seen_at": "2019-08-07 13:33:27", + "status": "open" + }, + { + "scanner_identifier": "S9496476H", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:33:28", + "last_seen_at": "2019-08-07 13:33:28", + "status": "open" + }, + { + "scanner_identifier": "S9071288H", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:33:29", + "last_seen_at": "2019-08-07 13:33:29", + "status": "open" + }, + { + "scanner_identifier": "S5690917F", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:33:30", + "last_seen_at": "2019-08-07 13:33:30", + "status": "open" + }, + { + "scanner_identifier": "S7410554H", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:33:30", + "last_seen_at": "2019-08-07 13:33:30", + "status": "open" + } + ] + }, + { + "ip_address": "126.169.138.221", + "vulns": [ + { + "scanner_identifier": "S9989762G", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:33:31", + "last_seen_at": "2019-08-07 13:33:31", + "status": "open" + }, + { + "scanner_identifier": "S9642467A", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:33:32", + "last_seen_at": "2019-08-07 13:33:32", + "status": "open" + }, + { + "scanner_identifier": "S9785150F", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:33:32", + "last_seen_at": "2019-08-07 13:33:32", + "status": "open" + }, + { + "scanner_identifier": "S7926973E", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:33:33", + "last_seen_at": "2019-08-07 13:33:33", + "status": "open" + } + ] + }, + { + "ip_address": "29.207.85.197", + "vulns": [ + { + "scanner_identifier": "S9472665D", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:33:33", + "last_seen_at": "2019-08-07 13:33:33", + "status": "open" + }, + { + "scanner_identifier": "T0023652C", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:33:34", + "last_seen_at": "2019-08-07 13:33:34", + "status": "open" + }, + { + "scanner_identifier": "S8213634G", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:33:35", + "last_seen_at": "2019-08-07 13:33:35", + "status": "open" + } + ] + }, + { + "ip_address": "236.87.55.228", + "vulns": [ + { + "scanner_identifier": "S9537377A", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:33:36", + "last_seen_at": "2019-08-07 13:33:36", + "status": "open" + }, + { + "scanner_identifier": "S6278311G", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:33:37", + "last_seen_at": "2019-08-07 13:33:37", + "status": "open" + } + ] + }, + { + "ip_address": "66.45.209.28", + "vulns": [ + { + "scanner_identifier": "S9338937I", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:33:38", + "last_seen_at": "2019-08-07 13:33:38", + "status": "open" + } + ] + }, + { + "ip_address": "249.139.34.132", + "vulns": [ + { + "scanner_identifier": "S9329286C", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:33:38", + "last_seen_at": "2019-08-07 13:33:38", + "status": "open" + }, + { + "scanner_identifier": "S5878060Z", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:33:39", + "last_seen_at": "2019-08-07 13:33:39", + "status": "open" + }, + { + "scanner_identifier": "S8608146F", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:33:39", + "last_seen_at": "2019-08-07 13:33:39", + "status": "open" + }, + { + "scanner_identifier": "S8494895J", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:33:40", + "last_seen_at": "2019-08-07 13:33:40", + "status": "open" + }, + { + "scanner_identifier": "S6135160D", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:33:40", + "last_seen_at": "2019-08-07 13:33:40", + "status": "open" + }, + { + "scanner_identifier": "S7774872E", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:33:40", + "last_seen_at": "2019-08-07 13:33:40", + "status": "open" + }, + { + "scanner_identifier": "S6908487G", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:33:41", + "last_seen_at": "2019-08-07 13:33:41", + "status": "open" + }, + { + "scanner_identifier": "S8769164J", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:33:41", + "last_seen_at": "2019-08-07 13:33:41", + "status": "open" + }, + { + "scanner_identifier": "S8414345F", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:33:42", + "last_seen_at": "2019-08-07 13:33:42", + "status": "open" + }, + { + "scanner_identifier": "T0099475D", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:33:43", + "last_seen_at": "2019-08-07 13:33:43", + "status": "open" + } + ] + }, + { + "ip_address": "252.149.205.212", + "vulns": [ + { + "scanner_identifier": "S8772016J", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:33:43", + "last_seen_at": "2019-08-07 13:33:43", + "status": "open" + }, + { + "scanner_identifier": "S5823181I", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:33:45", + "last_seen_at": "2019-08-07 13:33:45", + "status": "open" + }, + { + "scanner_identifier": "S9405829E", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:33:47", + "last_seen_at": "2019-08-07 13:33:47", + "status": "open" + }, + { + "scanner_identifier": "S7970687F", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:33:48", + "last_seen_at": "2019-08-07 13:33:48", + "status": "open" + }, + { + "scanner_identifier": "S7261430E", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:33:48", + "last_seen_at": "2019-08-07 13:33:48", + "status": "open" + } + ] + }, + { + "ip_address": "138.225.41.6", + "vulns": [ + { + "scanner_identifier": "S9453361I", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:33:49", + "last_seen_at": "2019-08-07 13:33:49", + "status": "open" + } + ] + }, + { + "ip_address": "117.112.241.11", + "vulns": [ + { + "scanner_identifier": "S7740651D", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:33:49", + "last_seen_at": "2019-08-07 13:33:49", + "status": "open" + }, + { + "scanner_identifier": "S9845316D", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:33:50", + "last_seen_at": "2019-08-07 13:33:50", + "status": "open" + }, + { + "scanner_identifier": "S6571800F", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:33:50", + "last_seen_at": "2019-08-07 13:33:50", + "status": "open" + }, + { + "scanner_identifier": "S6055463C", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:33:50", + "last_seen_at": "2019-08-07 13:33:50", + "status": "open" + }, + { + "scanner_identifier": "S5602094B", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:33:50", + "last_seen_at": "2019-08-07 13:33:50", + "status": "open" + }, + { + "scanner_identifier": "S8787811B", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:33:51", + "last_seen_at": "2019-08-07 13:33:51", + "status": "open" + }, + { + "scanner_identifier": "S5551992G", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:33:52", + "last_seen_at": "2019-08-07 13:33:52", + "status": "open" + } + ] + }, + { + "ip_address": "56.57.124.72", + "vulns": [ + { + "scanner_identifier": "S8685428G", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:33:52", + "last_seen_at": "2019-08-07 13:33:52", + "status": "open" + } + ] + }, + { + "ip_address": "0.191.77.32", + "vulns": [ + { + "scanner_identifier": "S6011808F", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:33:52", + "last_seen_at": "2019-08-07 13:33:52", + "status": "open" + }, + { + "scanner_identifier": "S8306769A", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:33:53", + "last_seen_at": "2019-08-07 13:33:53", + "status": "open" + }, + { + "scanner_identifier": "S5734136Z", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:33:53", + "last_seen_at": "2019-08-07 13:33:53", + "status": "open" + }, + { + "scanner_identifier": "S6806780D", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:33:54", + "last_seen_at": "2019-08-07 13:33:54", + "status": "open" + }, + { + "scanner_identifier": "S6365797B", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:33:55", + "last_seen_at": "2019-08-07 13:33:55", + "status": "open" + }, + { + "scanner_identifier": "S8287410J", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:33:55", + "last_seen_at": "2019-08-07 13:33:55", + "status": "open" + } + ] + }, + { + "ip_address": "249.109.227.234", + "vulns": [ + { + "scanner_identifier": "S7204385E", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:33:56", + "last_seen_at": "2019-08-07 13:33:56", + "status": "open" + }, + { + "scanner_identifier": "S9381438Z", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:33:59", + "last_seen_at": "2019-08-07 13:33:59", + "status": "open" + }, + { + "scanner_identifier": "S8300498C", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:34:00", + "last_seen_at": "2019-08-07 13:34:00", + "status": "open" + }, + { + "scanner_identifier": "T0111123F", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:34:03", + "last_seen_at": "2019-08-07 13:34:03", + "status": "open" + }, + { + "scanner_identifier": "S9671592G", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:34:03", + "last_seen_at": "2019-08-07 13:34:03", + "status": "open" + }, + { + "scanner_identifier": "S8236888D", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:34:03", + "last_seen_at": "2019-08-07 13:34:03", + "status": "open" + }, + { + "scanner_identifier": "S9541507E", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:34:05", + "last_seen_at": "2019-08-07 13:34:05", + "status": "open" + } + ] + }, + { + "ip_address": "77.61.24.195", + "vulns": [ + { + "scanner_identifier": "S8058698A", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:34:05", + "last_seen_at": "2019-08-07 13:34:05", + "status": "open" + }, + { + "scanner_identifier": "S9700925B", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:34:08", + "last_seen_at": "2019-08-07 13:34:08", + "status": "open" + }, + { + "scanner_identifier": "S5952967F", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:34:09", + "last_seen_at": "2019-08-07 13:34:09", + "status": "open" + }, + { + "scanner_identifier": "S9825999F", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:34:10", + "last_seen_at": "2019-08-07 13:34:10", + "status": "open" + } + ] + }, + { + "ip_address": "167.29.158.187", + "vulns": [ + { + "scanner_identifier": "S8983709Z", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:34:10", + "last_seen_at": "2019-08-07 13:34:10", + "status": "open" + }, + { + "scanner_identifier": "S6415994A", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:34:11", + "last_seen_at": "2019-08-07 13:34:11", + "status": "open" + }, + { + "scanner_identifier": "S5455765E", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:34:14", + "last_seen_at": "2019-08-07 13:34:14", + "status": "open" + }, + { + "scanner_identifier": "S7875179G", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:34:15", + "last_seen_at": "2019-08-07 13:34:15", + "status": "open" + }, + { + "scanner_identifier": "S5794443I", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:34:16", + "last_seen_at": "2019-08-07 13:34:16", + "status": "open" + }, + { + "scanner_identifier": "S9187053C", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:34:17", + "last_seen_at": "2019-08-07 13:34:17", + "status": "open" + }, + { + "scanner_identifier": "S8536667Z", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:34:18", + "last_seen_at": "2019-08-07 13:34:18", + "status": "open" + }, + { + "scanner_identifier": "S7109593B", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:34:19", + "last_seen_at": "2019-08-07 13:34:19", + "status": "open" + }, + { + "scanner_identifier": "S5930440B", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:34:20", + "last_seen_at": "2019-08-07 13:34:20", + "status": "open" + }, + { + "scanner_identifier": "S8395462J", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:34:21", + "last_seen_at": "2019-08-07 13:34:21", + "status": "open" + } + ] + }, + { + "ip_address": "28.196.232.25", + "vulns": [ + { + "scanner_identifier": "S7764295A", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:34:22", + "last_seen_at": "2019-08-07 13:34:22", + "status": "open" + }, + { + "scanner_identifier": "S8387589E", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:34:22", + "last_seen_at": "2019-08-07 13:34:22", + "status": "open" + } + ] + }, + { + "ip_address": "43.135.119.197", + "vulns": [ + { + "scanner_identifier": "S8693438H", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:34:22", + "last_seen_at": "2019-08-07 13:34:22", + "status": "open" + }, + { + "scanner_identifier": "S9558996J", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:34:23", + "last_seen_at": "2019-08-07 13:34:23", + "status": "open" + } + ] + }, + { + "ip_address": "233.134.179.208", + "vulns": [ + { + "scanner_identifier": "S7482860D", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:34:24", + "last_seen_at": "2019-08-07 13:34:24", + "status": "open" + }, + { + "scanner_identifier": "S8294033B", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:34:24", + "last_seen_at": "2019-08-07 13:34:24", + "status": "open" + }, + { + "scanner_identifier": "S9613688I", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:34:25", + "last_seen_at": "2019-08-07 13:34:25", + "status": "open" + } + ] + }, + { + "ip_address": "130.154.116.204", + "vulns": [ + { + "scanner_identifier": "S9944545I", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:34:26", + "last_seen_at": "2019-08-07 13:34:26", + "status": "open" + }, + { + "scanner_identifier": "S7434335Z", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:34:27", + "last_seen_at": "2019-08-07 13:34:27", + "status": "open" + }, + { + "scanner_identifier": "S7492524C", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:34:30", + "last_seen_at": "2019-08-07 13:34:30", + "status": "open" + }, + { + "scanner_identifier": "S7625122C", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:34:30", + "last_seen_at": "2019-08-07 13:34:30", + "status": "open" + }, + { + "scanner_identifier": "S9719642G", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:34:33", + "last_seen_at": "2019-08-07 13:34:33", + "status": "open" + }, + { + "scanner_identifier": "T0141348H", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:34:34", + "last_seen_at": "2019-08-07 13:34:34", + "status": "open" + } + ] + }, + { + "ip_address": "113.40.32.198", + "vulns": [ + { + "scanner_identifier": "S7734589B", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:34:34", + "last_seen_at": "2019-08-07 13:34:34", + "status": "open" + }, + { + "scanner_identifier": "S6122679F", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:34:37", + "last_seen_at": "2019-08-07 13:34:37", + "status": "open" + } + ] + }, + { + "ip_address": "209.15.105.25", + "vulns": [ + { + "scanner_identifier": "S8522647I", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:34:37", + "last_seen_at": "2019-08-07 13:34:37", + "status": "open" + }, + { + "scanner_identifier": "S8469380D", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:34:40", + "last_seen_at": "2019-08-07 13:34:40", + "status": "open" + } + ] + }, + { + "ip_address": "196.78.118.43", + "vulns": [ + { + "scanner_identifier": "S9592699A", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:34:41", + "last_seen_at": "2019-08-07 13:34:41", + "status": "open" + }, + { + "scanner_identifier": "S6697131G", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:34:42", + "last_seen_at": "2019-08-07 13:34:42", + "status": "open" + }, + { + "scanner_identifier": "S8981357C", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:34:42", + "last_seen_at": "2019-08-07 13:34:42", + "status": "open" + }, + { + "scanner_identifier": "S9830875Z", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:34:43", + "last_seen_at": "2019-08-07 13:34:43", + "status": "open" + } + ] + }, + { + "ip_address": "176.122.169.235", + "vulns": [ + { + "scanner_identifier": "S5781089J", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:34:43", + "last_seen_at": "2019-08-07 13:34:43", + "status": "open" + }, + { + "scanner_identifier": "S8702431H", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:34:43", + "last_seen_at": "2019-08-07 13:34:43", + "status": "open" + }, + { + "scanner_identifier": "S5576998B", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:34:44", + "last_seen_at": "2019-08-07 13:34:44", + "status": "open" + }, + { + "scanner_identifier": "S9849354I", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:34:45", + "last_seen_at": "2019-08-07 13:34:45", + "status": "open" + }, + { + "scanner_identifier": "S8982661F", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:34:46", + "last_seen_at": "2019-08-07 13:34:46", + "status": "open" + }, + { + "scanner_identifier": "S8378534I", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:34:47", + "last_seen_at": "2019-08-07 13:34:47", + "status": "open" + }, + { + "scanner_identifier": "S8922556F", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:34:48", + "last_seen_at": "2019-08-07 13:34:48", + "status": "open" + }, + { + "scanner_identifier": "S7443375H", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:34:49", + "last_seen_at": "2019-08-07 13:34:49", + "status": "open" + } + ] + }, + { + "ip_address": "225.226.162.214", + "vulns": [ + { + "scanner_identifier": "S9995655J", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:34:49", + "last_seen_at": "2019-08-07 13:34:49", + "status": "open" + } + ] + }, + { + "ip_address": "207.139.85.125", + "vulns": [ + { + "scanner_identifier": "S9431899H", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:34:49", + "last_seen_at": "2019-08-07 13:34:49", + "status": "open" + }, + { + "scanner_identifier": "S5969925C", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:34:49", + "last_seen_at": "2019-08-07 13:34:49", + "status": "open" + }, + { + "scanner_identifier": "S7168713I", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:34:50", + "last_seen_at": "2019-08-07 13:34:50", + "status": "open" + }, + { + "scanner_identifier": "S9971021G", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:34:51", + "last_seen_at": "2019-08-07 13:34:51", + "status": "open" + }, + { + "scanner_identifier": "S7475637I", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:34:51", + "last_seen_at": "2019-08-07 13:34:51", + "status": "open" + } + ] + }, + { + "ip_address": "112.46.219.188", + "vulns": [ + { + "scanner_identifier": "T0168756A", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:34:51", + "last_seen_at": "2019-08-07 13:34:51", + "status": "open" + }, + { + "scanner_identifier": "S9964794I", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:34:52", + "last_seen_at": "2019-08-07 13:34:52", + "status": "open" + }, + { + "scanner_identifier": "S9855974D", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:34:53", + "last_seen_at": "2019-08-07 13:34:53", + "status": "open" + }, + { + "scanner_identifier": "S8632616G", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:34:55", + "last_seen_at": "2019-08-07 13:34:55", + "status": "open" + }, + { + "scanner_identifier": "S7781703D", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:34:55", + "last_seen_at": "2019-08-07 13:34:55", + "status": "open" + }, + { + "scanner_identifier": "S8883185C", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:34:56", + "last_seen_at": "2019-08-07 13:34:56", + "status": "open" + }, + { + "scanner_identifier": "T0090281G", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:34:56", + "last_seen_at": "2019-08-07 13:34:56", + "status": "open" + }, + { + "scanner_identifier": "S9403454Z", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:34:57", + "last_seen_at": "2019-08-07 13:34:57", + "status": "open" + }, + { + "scanner_identifier": "S7631562J", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:34:58", + "last_seen_at": "2019-08-07 13:34:58", + "status": "open" + }, + { + "scanner_identifier": "S6300117A", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:34:59", + "last_seen_at": "2019-08-07 13:34:59", + "status": "open" + } + ] + }, + { + "ip_address": "72.212.152.246", + "vulns": [ + { + "scanner_identifier": "S7308273J", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:34:59", + "last_seen_at": "2019-08-07 13:34:59", + "status": "open" + }, + { + "scanner_identifier": "S6647881E", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:35:03", + "last_seen_at": "2019-08-07 13:35:03", + "status": "open" + }, + { + "scanner_identifier": "S6691918H", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:35:03", + "last_seen_at": "2019-08-07 13:35:03", + "status": "open" + }, + { + "scanner_identifier": "S8815156I", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:35:04", + "last_seen_at": "2019-08-07 13:35:04", + "status": "open" + }, + { + "scanner_identifier": "S5942515C", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:35:05", + "last_seen_at": "2019-08-07 13:35:05", + "status": "open" + }, + { + "scanner_identifier": "S8008290H", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:35:06", + "last_seen_at": "2019-08-07 13:35:06", + "status": "open" + }, + { + "scanner_identifier": "S9367197Z", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:35:06", + "last_seen_at": "2019-08-07 13:35:06", + "status": "open" + }, + { + "scanner_identifier": "T0164701B", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:35:07", + "last_seen_at": "2019-08-07 13:35:07", + "status": "open" + }, + { + "scanner_identifier": "S9231018C", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:35:07", + "last_seen_at": "2019-08-07 13:35:07", + "status": "open" + }, + { + "scanner_identifier": "S6234893C", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:35:11", + "last_seen_at": "2019-08-07 13:35:11", + "status": "open" + } + ] + }, + { + "ip_address": "72.13.90.235", + "vulns": [ + { + "scanner_identifier": "S8043402B", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:35:12", + "last_seen_at": "2019-08-07 13:35:12", + "status": "open" + }, + { + "scanner_identifier": "S7972290A", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:35:12", + "last_seen_at": "2019-08-07 13:35:12", + "status": "open" + }, + { + "scanner_identifier": "S8078522D", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:35:13", + "last_seen_at": "2019-08-07 13:35:13", + "status": "open" + }, + { + "scanner_identifier": "S9862200D", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:35:14", + "last_seen_at": "2019-08-07 13:35:14", + "status": "open" + }, + { + "scanner_identifier": "S9496148C", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:35:18", + "last_seen_at": "2019-08-07 13:35:18", + "status": "open" + }, + { + "scanner_identifier": "S7282304D", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:35:19", + "last_seen_at": "2019-08-07 13:35:19", + "status": "open" + }, + { + "scanner_identifier": "S8718649J", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:35:20", + "last_seen_at": "2019-08-07 13:35:20", + "status": "open" + }, + { + "scanner_identifier": "S5589787E", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:35:20", + "last_seen_at": "2019-08-07 13:35:20", + "status": "open" + } + ] + }, + { + "ip_address": "204.196.234.141", + "vulns": [ + { + "scanner_identifier": "S7195463C", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:35:21", + "last_seen_at": "2019-08-07 13:35:21", + "status": "open" + }, + { + "scanner_identifier": "S8425957H", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:35:24", + "last_seen_at": "2019-08-07 13:35:24", + "status": "open" + }, + { + "scanner_identifier": "S6127513D", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:35:25", + "last_seen_at": "2019-08-07 13:35:25", + "status": "open" + }, + { + "scanner_identifier": "T0139942F", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:35:28", + "last_seen_at": "2019-08-07 13:35:28", + "status": "open" + }, + { + "scanner_identifier": "S8031857Z", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:35:29", + "last_seen_at": "2019-08-07 13:35:29", + "status": "open" + }, + { + "scanner_identifier": "S8354545C", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:35:30", + "last_seen_at": "2019-08-07 13:35:30", + "status": "open" + } + ] + }, + { + "ip_address": "85.210.15.216", + "vulns": [ + { + "scanner_identifier": "S5535008F", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:35:33", + "last_seen_at": "2019-08-07 13:35:33", + "status": "open" + }, + { + "scanner_identifier": "S7592753C", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:35:34", + "last_seen_at": "2019-08-07 13:35:34", + "status": "open" + }, + { + "scanner_identifier": "S6527962B", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:35:34", + "last_seen_at": "2019-08-07 13:35:34", + "status": "open" + }, + { + "scanner_identifier": "S8207055I", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:35:35", + "last_seen_at": "2019-08-07 13:35:35", + "status": "open" + }, + { + "scanner_identifier": "S7780065D", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:35:38", + "last_seen_at": "2019-08-07 13:35:38", + "status": "open" + }, + { + "scanner_identifier": "S9198143B", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:35:39", + "last_seen_at": "2019-08-07 13:35:39", + "status": "open" + }, + { + "scanner_identifier": "S7202028F", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:35:40", + "last_seen_at": "2019-08-07 13:35:40", + "status": "open" + }, + { + "scanner_identifier": "S8401808B", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:35:41", + "last_seen_at": "2019-08-07 13:35:41", + "status": "open" + } + ] + }, + { + "ip_address": "58.180.238.180", + "vulns": [ + { + "scanner_identifier": "S5967166I", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:35:42", + "last_seen_at": "2019-08-07 13:35:42", + "status": "open" + }, + { + "scanner_identifier": "S9159965A", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:35:43", + "last_seen_at": "2019-08-07 13:35:43", + "status": "open" + }, + { + "scanner_identifier": "S6840778H", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:35:44", + "last_seen_at": "2019-08-07 13:35:44", + "status": "open" + }, + { + "scanner_identifier": "S8206080D", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:35:44", + "last_seen_at": "2019-08-07 13:35:44", + "status": "open" + } + ] + }, + { + "ip_address": "73.143.65.109", + "vulns": [ + { + "scanner_identifier": "S5486590B", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:35:45", + "last_seen_at": "2019-08-07 13:35:45", + "status": "open" + }, + { + "scanner_identifier": "S5562803C", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:35:45", + "last_seen_at": "2019-08-07 13:35:45", + "status": "open" + }, + { + "scanner_identifier": "S6040045H", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:35:46", + "last_seen_at": "2019-08-07 13:35:46", + "status": "open" + }, + { + "scanner_identifier": "S6156696A", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:35:47", + "last_seen_at": "2019-08-07 13:35:47", + "status": "open" + } + ] + }, + { + "ip_address": "130.64.226.222", + "vulns": [ + { + "scanner_identifier": "S6517473A", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:35:47", + "last_seen_at": "2019-08-07 13:35:47", + "status": "open" + }, + { + "scanner_identifier": "S9519684E", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:35:50", + "last_seen_at": "2019-08-07 13:35:50", + "status": "open" + }, + { + "scanner_identifier": "S6972708E", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:35:50", + "last_seen_at": "2019-08-07 13:35:50", + "status": "open" + }, + { + "scanner_identifier": "T0057455J", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:35:51", + "last_seen_at": "2019-08-07 13:35:51", + "status": "open" + }, + { + "scanner_identifier": "S7792573B", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:35:52", + "last_seen_at": "2019-08-07 13:35:52", + "status": "open" + }, + { + "scanner_identifier": "S7179556Z", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:35:52", + "last_seen_at": "2019-08-07 13:35:52", + "status": "open" + }, + { + "scanner_identifier": "S9380880J", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:35:52", + "last_seen_at": "2019-08-07 13:35:52", + "status": "open" + } + ] + }, + { + "ip_address": "214.97.234.176", + "vulns": [ + { + "scanner_identifier": "T0011681A", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:35:53", + "last_seen_at": "2019-08-07 13:35:53", + "status": "open" + }, + { + "scanner_identifier": "S5844643B", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:35:54", + "last_seen_at": "2019-08-07 13:35:54", + "status": "open" + }, + { + "scanner_identifier": "S9016299C", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:35:57", + "last_seen_at": "2019-08-07 13:35:57", + "status": "open" + }, + { + "scanner_identifier": "S8435770G", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:35:57", + "last_seen_at": "2019-08-07 13:35:57", + "status": "open" + } + ] + }, + { + "ip_address": "90.158.66.161", + "vulns": [ + { + "scanner_identifier": "S8501256H", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:35:58", + "last_seen_at": "2019-08-07 13:35:58", + "status": "open" + }, + { + "scanner_identifier": "S7855954C", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:35:58", + "last_seen_at": "2019-08-07 13:35:58", + "status": "open" + }, + { + "scanner_identifier": "S9835659B", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:36:02", + "last_seen_at": "2019-08-07 13:36:02", + "status": "open" + }, + { + "scanner_identifier": "S8207046Z", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:36:02", + "last_seen_at": "2019-08-07 13:36:02", + "status": "open" + }, + { + "scanner_identifier": "S9234623D", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:36:03", + "last_seen_at": "2019-08-07 13:36:03", + "status": "open" + }, + { + "scanner_identifier": "S9122222A", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:36:05", + "last_seen_at": "2019-08-07 13:36:05", + "status": "open" + }, + { + "scanner_identifier": "S8802051J", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:36:06", + "last_seen_at": "2019-08-07 13:36:06", + "status": "open" + }, + { + "scanner_identifier": "S8847728F", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:36:06", + "last_seen_at": "2019-08-07 13:36:06", + "status": "open" + }, + { + "scanner_identifier": "T0121976B", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:36:07", + "last_seen_at": "2019-08-07 13:36:07", + "status": "open" + }, + { + "scanner_identifier": "S9025626B", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:36:08", + "last_seen_at": "2019-08-07 13:36:08", + "status": "open" + } + ] + }, + { + "ip_address": "94.121.119.11", + "vulns": [ + { + "scanner_identifier": "S9894798A", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:36:09", + "last_seen_at": "2019-08-07 13:36:09", + "status": "open" + } + ] + }, + { + "ip_address": "225.222.7.253", + "vulns": [ + { + "scanner_identifier": "S5749632J", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:36:10", + "last_seen_at": "2019-08-07 13:36:10", + "status": "open" + }, + { + "scanner_identifier": "S8098586Z", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:36:10", + "last_seen_at": "2019-08-07 13:36:10", + "status": "open" + }, + { + "scanner_identifier": "S7807555D", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:36:11", + "last_seen_at": "2019-08-07 13:36:11", + "status": "open" + }, + { + "scanner_identifier": "S7695687A", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:36:15", + "last_seen_at": "2019-08-07 13:36:15", + "status": "open" + } + ] + }, + { + "ip_address": "192.90.127.163", + "vulns": [ + { + "scanner_identifier": "S6293731I", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:36:17", + "last_seen_at": "2019-08-07 13:36:17", + "status": "open" + }, + { + "scanner_identifier": "S9689649B", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:36:18", + "last_seen_at": "2019-08-07 13:36:18", + "status": "open" + }, + { + "scanner_identifier": "S7164300Z", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:36:19", + "last_seen_at": "2019-08-07 13:36:19", + "status": "open" + }, + { + "scanner_identifier": "S6344449I", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:36:20", + "last_seen_at": "2019-08-07 13:36:20", + "status": "open" + }, + { + "scanner_identifier": "S8020644E", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:36:20", + "last_seen_at": "2019-08-07 13:36:20", + "status": "open" + }, + { + "scanner_identifier": "S7751603D", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:36:22", + "last_seen_at": "2019-08-07 13:36:22", + "status": "open" + }, + { + "scanner_identifier": "S6516440Z", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:36:22", + "last_seen_at": "2019-08-07 13:36:22", + "status": "open" + }, + { + "scanner_identifier": "S8779114I", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:36:23", + "last_seen_at": "2019-08-07 13:36:23", + "status": "open" + }, + { + "scanner_identifier": "S6465044J", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:36:25", + "last_seen_at": "2019-08-07 13:36:25", + "status": "open" + } + ] + }, + { + "ip_address": "196.145.197.194", + "vulns": [ + { + "scanner_identifier": "S7923129J", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:36:26", + "last_seen_at": "2019-08-07 13:36:26", + "status": "open" + }, + { + "scanner_identifier": "S9677268H", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:36:26", + "last_seen_at": "2019-08-07 13:36:26", + "status": "open" + } + ] + }, + { + "ip_address": "161.185.56.59", + "vulns": [ + { + "scanner_identifier": "S8925634H", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:36:26", + "last_seen_at": "2019-08-07 13:36:26", + "status": "open" + }, + { + "scanner_identifier": "S9315089I", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:36:27", + "last_seen_at": "2019-08-07 13:36:27", + "status": "open" + }, + { + "scanner_identifier": "S9792326D", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:36:27", + "last_seen_at": "2019-08-07 13:36:27", + "status": "open" + }, + { + "scanner_identifier": "S7892141B", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:36:29", + "last_seen_at": "2019-08-07 13:36:29", + "status": "open" + }, + { + "scanner_identifier": "S8467036G", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:36:30", + "last_seen_at": "2019-08-07 13:36:30", + "status": "open" + }, + { + "scanner_identifier": "S7601590B", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:36:30", + "last_seen_at": "2019-08-07 13:36:30", + "status": "open" + }, + { + "scanner_identifier": "S8767805I", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:36:30", + "last_seen_at": "2019-08-07 13:36:30", + "status": "open" + }, + { + "scanner_identifier": "S9802651G", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:36:31", + "last_seen_at": "2019-08-07 13:36:31", + "status": "open" + } + ] + }, + { + "ip_address": "38.243.126.83", + "vulns": [ + { + "scanner_identifier": "S9259804G", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:36:32", + "last_seen_at": "2019-08-07 13:36:32", + "status": "open" + }, + { + "scanner_identifier": "S8574641C", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:36:32", + "last_seen_at": "2019-08-07 13:36:32", + "status": "open" + }, + { + "scanner_identifier": "S9582817E", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:36:33", + "last_seen_at": "2019-08-07 13:36:33", + "status": "open" + }, + { + "scanner_identifier": "S6368243H", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:36:33", + "last_seen_at": "2019-08-07 13:36:33", + "status": "open" + }, + { + "scanner_identifier": "S5885617G", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:36:34", + "last_seen_at": "2019-08-07 13:36:34", + "status": "open" + }, + { + "scanner_identifier": "S8920931E", + "scanner_type": "KDI Faker Data", + "created_at": "2019-08-07 13:36:35", + "last_seen_at": "2019-08-07 13:36:35", + "status": "open" + } + ] + } + ], + "vuln_defs": [ + { + "scanner_identifier": "S6764207D", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2013-3509", + "name": "S6764207D - CVE-2013-3509", + "description": "html/System-NeDi.php in the NeDi component in GroundWork Monitor Enterprise 6.7.0 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the scan functionality in the System / NeDi menu." + }, + { + "scanner_identifier": "S6439627G", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2005-2507", + "name": "S6439627G - CVE-2005-2507", + "description": "Buffer overflow in Directory Services in Mac OS X 10.3.9 and 10.4.2 allows remote attackers to execute arbitrary code during authentication." + }, + { + "scanner_identifier": "S6886430E", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2004-2324", + "name": "S6886430E - CVE-2004-2324", + "description": "SQL injection vulnerability in DotNetNuke (formerly IBuySpy Workshop) 1.0.6 through 1.0.10d allows remote attackers to modify the backend database via the (1) table and (2) field parameters in LinkClick.aspx." + }, + { + "scanner_identifier": "S6670032A", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2011-2361", + "name": "S6670032A - CVE-2011-2361", + "description": "The Basic Authentication dialog implementation in Google Chrome before 13.0.782.107 does not properly handle strings, which might make it easier for remote attackers to capture credentials via a crafted web site." + }, + { + "scanner_identifier": "S7756039D", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2007-3594", + "name": "S7756039D - CVE-2007-3594", + "description": "Multiple cross-site scripting (XSS) vulnerabilities in AdventNet ManageEngine OpManager 6 and 7 allow remote attackers to inject arbitrary web script or HTML via the (1) name parameter in (a) ping.do and (b) traceRoute.do in map/; the (2) reportName, (3) displayName, and (4) selectedNode parameters to (c) reports/ReportViewAction.do; the (5) operation parameter to (d) admin/ServiceConfiguration.do; and the (6) selectedNode and (7) selectedTab parameters to (e) admin/DeviceAssociation.do. NOTE: the searchTerm parameter in Search.do is already covered by CVE-2006-2343." + }, + { + "scanner_identifier": "S6413346B", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2017-11328", + "name": "S6413346B - CVE-2017-11328", + "description": "Heap buffer overflow in the yr_object_array_set_item() function in object.c in YARA 3.x allows a denial-of-service attack by scanning a crafted .NET file." + }, + { + "scanner_identifier": "S8311767B", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2005-0877", + "name": "S8311767B - CVE-2005-0877", + "description": "Dnsmasq before 2.21 allows remote attackers to poison the DNS cache via answers to queries that were not made by Dnsmasq." + }, + { + "scanner_identifier": "S7758619I", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2001-0448", + "name": "S7758619I - CVE-2001-0448", + "description": "Web configuration server in 602Pro LAN SUITE allows remote attackers to cause a denial of service via an HTTP GET HTTP request to the aux directory, and possibly other directories with legacy DOS device names." + }, + { + "scanner_identifier": "S6246942J", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2002-1239", + "name": "S6246942J - CVE-2002-1239", + "description": "QNX Neutrino RTOS 6.2.0 uses the PATH environment variable to find and execute the cp program while operating at raised privileges, which allows local users to gain privileges by modifying the PATH to point to a malicious cp program." + }, + { + "scanner_identifier": "S9559792J", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2013-6711", + "name": "S9559792J - CVE-2013-6711", + "description": "Cross-site scripting (XSS) vulnerability in the product-creation administrative page in Cisco WebEx Sales Center allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCul25540." + }, + { + "scanner_identifier": "S8125083I", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2008-7164", + "name": "S8125083I - CVE-2008-7164", + "description": "Multiple unspecified vulnerabilities in Shareaza before 2.3.1.0 have unknown impact and attack vectors related to \"very important security fixes,\" possibly involving update notifications and a domain that is no longer controlled by the vendor." + }, + { + "scanner_identifier": "S9654161I", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2007-5619", + "name": "S9654161I - CVE-2007-5619", + "description": "Unspecified vulnerability in VMware Server before 1.0.4 causes user passwords to be recorded in cleartext in server logs, which might allow local users to gain privileges." + }, + { + "scanner_identifier": "S7602779Z", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2008-4862", + "name": "S7602779Z - CVE-2008-4862", + "description": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2008. Notes: none." + }, + { + "scanner_identifier": "S8275296Z", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2014-4250", + "name": "S8275296Z - CVE-2014-4250", + "description": "Unspecified vulnerability in the Siebel Core - Server OM Frwks component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect confidentiality via unknown vectors related to Object Manager." + }, + { + "scanner_identifier": "S7593016Z", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2018-13500", + "name": "S7593016Z - CVE-2018-13500", + "description": "The mintToken function of a smart contract implementation for MSXAdvanced, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." + }, + { + "scanner_identifier": "S6027921G", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2015-7204", + "name": "S6027921G - CVE-2015-7204", + "description": "Mozilla Firefox before 43.0 does not properly store the properties of unboxed objects, which allows remote attackers to execute arbitrary code via crafted JavaScript variable assignments." + }, + { + "scanner_identifier": "S7746143D", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2010-2867", + "name": "S7746143D - CVE-2010-2867", + "description": "DIRAPIX.dll in Adobe Shockwave Player before 11.5.8.612 does not properly handle a certain return value associated with the rcsL chunk in a Director movie, which allows remote attackers to cause a denial of service (heap memory corruption) or execute arbitrary code via a crafted movie, related to a \"pointer offset vulnerability.\"" + }, + { + "scanner_identifier": "S5558376E", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2015-5280", + "name": "S5558376E - CVE-2015-5280", + "description": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none." + }, + { + "scanner_identifier": "S9053527G", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2004-0476", + "name": "S9053527G - CVE-2004-0476", + "description": "Buffer overflow in 3Com OfficeConnect Remote 812 ADSL Router 1.1.9.4 allows remote attackers to cause a denial of service (reboot or packet loss) via a long string containing Telnet escape characters to the Telnet port." + }, + { + "scanner_identifier": "S9631663A", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2009-4205", + "name": "S9631663A - CVE-2009-4205", + "description": "Directory traversal vulnerability in admin.php in Flashlight Free Edition allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the action parameter." + }, + { + "scanner_identifier": "S6134395D", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2014-1692", + "name": "S6134395D - CVE-2014-1692", + "description": "The hash_buffer function in schnorr.c in OpenSSH through 6.4, when Makefile.inc is modified to enable the J-PAKE protocol, does not initialize certain data structures, which might allow remote attackers to cause a denial of service (memory corruption) or have unspecified other impact via vectors that trigger an error condition." + }, + { + "scanner_identifier": "S8198324J", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2004-0648", + "name": "S8198324J - CVE-2004-0648", + "description": "Mozilla (Suite) before 1.7.1, Firefox before 0.9.2, and Thunderbird before 0.7.2 allow remote attackers to launch arbitrary programs via a URI referencing the shell: protocol." + }, + { + "scanner_identifier": "S8108079H", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2008-4093", + "name": "S8108079H - CVE-2008-4093", + "description": "SQL injection vulnerability in memberstats.php in YourOwnBux 3.1 and 3.2 beta, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the user parameter." + }, + { + "scanner_identifier": "S6892163E", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2018-18727", + "name": "S6892163E - CVE-2018-18727", + "description": "An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. There is a buffer overflow vulnerability in the router's web server -- httpd. While processing the 'deviceList' parameter for a post request, the value is directly used in a strcpy to a local variable placed on the stack, which overrides the return address of the function." + }, + { + "scanner_identifier": "S9122320A", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2012-1394", + "name": "S9122320A - CVE-2012-1394", + "description": "Unspecified vulnerability in the GO Email Widget (com.gau.go.launcherex.gowidget.emailwidget) application 1.3.1, 1.8, and 1.81 for Android has unknown impact and attack vectors." + }, + { + "scanner_identifier": "S5978866C", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2019-6772", + "name": "S5978866C - CVE-2019-6772", + "description": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 2019.010.20098. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the removeField method when processing AcroForms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-8231." + }, + { + "scanner_identifier": "S6983961D", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2016-2729", + "name": "S6983961D - CVE-2016-2729", + "description": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + }, + { + "scanner_identifier": "S8525119H", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2016-2611", + "name": "S8525119H - CVE-2016-2611", + "description": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + }, + { + "scanner_identifier": "S9838186D", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2009-0810", + "name": "S9838186D - CVE-2009-0810", + "description": "SQL injection vulnerability in login.php in xGuestbook 2.0 allows remote attackers to execute arbitrary SQL commands via the user parameter." + }, + { + "scanner_identifier": "S9303180F", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2013-2426", + "name": "S9303180F - CVE-2013-2426", + "description": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to incorrect invocation of the defaultReadObject method in the ConcurrentHashMap class, which allows remote attackers to bypass the Java sandbox." + }, + { + "scanner_identifier": "S7638050C", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2003-0097", + "name": "S7638050C - CVE-2003-0097", + "description": "Unknown vulnerability in CGI module for PHP 4.3.0 allows attackers to access arbitrary files as the PHP user, and possibly execute PHP code, by bypassing the CGI force redirect settings (cgi.force_redirect or --enable-force-cgi-redirect)." + }, + { + "scanner_identifier": "S8792151D", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2010-4439", + "name": "S8792151D - CVE-2010-4439", + "description": "Unspecified vulnerability in the PeopleSoft Enterprise HRMS component in Oracle PeopleSoft and JDEdwards Suite 9.0 Bundle #14 and 9.1 Bundle #4 allows remote authenticated users to affect confidentiality via unknown vectors related to eProfile - Manager Desktop." + }, + { + "scanner_identifier": "S7189780Z", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2000-0418", + "name": "S7189780Z - CVE-2000-0418", + "description": "The Cayman 3220-H DSL router allows remote attackers to cause a denial of service via oversized ICMP echo (ping) requests." + }, + { + "scanner_identifier": "S8943350I", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2007-2181", + "name": "S8943350I - CVE-2007-2181", + "description": "PHP remote file inclusion vulnerability in admin/login.php in Webinsta FM Manager 0.1.4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the absolute_path parameter, a different product and vector than CVE-2005-0748." + }, + { + "scanner_identifier": "S9516497H", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2004-0263", + "name": "S9516497H - CVE-2004-0263", + "description": "PHP 4.3.4 and earlier in Apache 1.x and 2.x (mod_php) can leak global variables between virtual hosts that are handled by the same Apache child process but have different settings, which could allow remote attackers to obtain sensitive information." + }, + { + "scanner_identifier": "S8091097E", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2012-1727", + "name": "S8091097E - CVE-2012-1727", + "description": "Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 11.5.10.2, 12.0.4, 12.0.6, 12.1.1, 12.1.2, and 12.1.3 allows remote authenticated users to affect integrity via unknown vectors related to Document Repository." + }, + { + "scanner_identifier": "S8872540I", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2005-4143", + "name": "S8872540I - CVE-2005-4143", + "description": "SQL injection vulnerability in Lyris ListManager 5.0 through 8.9a allows remote attackers to execute arbitrary SQL commands via SQL code after a numeric argument to a /read/attachment URL." + }, + { + "scanner_identifier": "S8265128D", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2001-1009", + "name": "S8265128D - CVE-2001-1009", + "description": "Fetchmail (aka fetchmail-ssl) before 5.8.17 allows a remote malicious (1) IMAP server or (2) POP/POP3 server to overwrite arbitrary memory and possibly gain privileges via a negative index number as part of a response to a LIST request." + }, + { + "scanner_identifier": "S5711232H", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2014-5520", + "name": "S5711232H - CVE-2014-5520", + "description": "SQL injection vulnerability in XRMS CRM, possibly 1.99.2, allows remote attackers to execute arbitrary SQL commands via the user_id parameter to plugins/webform/new-form.php, which is not properly handled by plugins/useradmin/fingeruser.php." + }, + { + "scanner_identifier": "S8744768E", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2016-9450", + "name": "S8744768E - CVE-2016-9450", + "description": "The user password reset form in Drupal 8.x before 8.2.3 allows remote attackers to conduct cache poisoning attacks by leveraging failure to specify a correct cache context." + }, + { + "scanner_identifier": "T0091462I", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2019-9156", + "name": "T0091462I - CVE-2019-9156", + "description": "Gemalto DS3 Authentication Server 2.6.1-SP01 allows OS Command Injection." + }, + { + "scanner_identifier": "S5892453I", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2013-4541", + "name": "S5892453I - CVE-2013-4541", + "description": "The usb_device_post_load function in hw/usb/bus.c in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via a crafted savevm image, related to a negative setup_len or setup_index value." + }, + { + "scanner_identifier": "S9885113E", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2011-2418", + "name": "S9885113E - CVE-2011-2418", + "description": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none." + }, + { + "scanner_identifier": "S6381041Z", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2009-3025", + "name": "S6381041Z - CVE-2009-3025", + "description": "Unspecified vulnerability in Pidgin 2.6.0 allows remote attackers to cause a denial of service (crash) via a link in a Yahoo IM." + }, + { + "scanner_identifier": "S7613967I", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2013-0368", + "name": "S7613967I - CVE-2013-0368", + "description": "Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB." + }, + { + "scanner_identifier": "S7434123C", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2018-0345", + "name": "S7434123C - CVE-2018-0345", + "description": "A vulnerability in the configuration and management database of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to execute arbitrary commands with the privileges of the vmanage user in the configuration management system of the affected software. The vulnerability is due to insufficient validation of command arguments that are passed to the configuration and management database of the affected software. An attacker could exploit this vulnerability by creating custom functions that contain malicious code and are executed as the vmanage user of the configuration management system. A successful exploit could allow the attacker to execute arbitrary commands with the privileges of the vmanage user in the configuration management system of the affected software. This vulnerability affects the following Cisco products if they are running a release of the Cisco SD-WAN Solution prior to Release 18.3.0: vBond Orchestrator Software, vManage Network Management Software, vSmart Controller Software. Cisco Bug IDs: CSCvi69937." + }, + { + "scanner_identifier": "S7187645D", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2016-10421", + "name": "S7187645D - CVE-2016-10421", + "description": "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 835, SD 845, SD 850, and SDX20, key material is not always cleared properly." + }, + { + "scanner_identifier": "S6555403H", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2008-0650", + "name": "S6555403H - CVE-2008-0650", + "description": "SQL injection vulnerability in login.php in Simple OS CMS 0.1c beta allows remote attackers to execute arbitrary SQL commands via the username field. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." + }, + { + "scanner_identifier": "S7225815J", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2006-0503", + "name": "S7225815J - CVE-2006-0503", + "description": "IMAP service in MailEnable Professional Edition before 1.72 allows remote attackers to cause a denial of service (service crash) via unspecified vectors involving the EXAMINE command." + }, + { + "scanner_identifier": "S7075327H", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2006-2709", + "name": "S7075327H - CVE-2006-2709", + "description": "Secure Elements Class 5 AVR (aka C5 EVM) before 2.8.1 do not validate the source address of a message, which allows remote attackers to (1) execute arbitrary code on a client or (2) forge messages to the server." + }, + { + "scanner_identifier": "S6388321B", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2015-3833", + "name": "S6388321B - CVE-2015-3833", + "description": "The getRunningAppProcesses function in services/core/java/com/android/server/am/ActivityManagerService.java in Android before 5.1.1 LMY48I allows attackers to bypass intended getRecentTasks restrictions and discover the name of the foreground application via a crafted application, aka internal bug 20034603." + }, + { + "scanner_identifier": "S9790694G", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2015-5822", + "name": "S9790694G - CVE-2015-5822", + "description": "WebKit, as used in JavaScriptCore in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3." + }, + { + "scanner_identifier": "S6390569J", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2019-6756", + "name": "S6390569J - CVE-2019-6756", + "description": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit PhantomPDF 9.4.0.16811. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of HTML files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-7769." + }, + { + "scanner_identifier": "S5877018C", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2010-4300", + "name": "S5877018C - CVE-2010-4300", + "description": "Heap-based buffer overflow in the dissect_ldss_transfer function (epan/dissectors/packet-ldss.c) in the LDSS dissector in Wireshark 1.2.0 through 1.2.12 and 1.4.0 through 1.4.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an LDSS packet with a long digest line that triggers memory corruption." + }, + { + "scanner_identifier": "S9897899B", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2006-3453", + "name": "S9897899B - CVE-2006-3453", + "description": "Buffer overflow in Adobe Acrobat 6.0 to 6.0.4 allows remote attackers to execute arbitrary code via unknown vectors in a document that triggers the overflow when it is distilled to PDF." + }, + { + "scanner_identifier": "S7572823I", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2011-3705", + "name": "S7572823I - CVE-2011-3705", + "description": "Arctic Fox CMS 0.9.4 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by acp/includes/edit.inc.php and certain other files." + }, + { + "scanner_identifier": "S7181853E", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2015-1137", + "name": "S7181853E - CVE-2015-1137", + "description": "The NVIDIA graphics driver in Apple OS X before 10.10.3 allows local users to gain privileges or cause a denial of service (NULL pointer dereference) via an unspecified IOService userclient type." + }, + { + "scanner_identifier": "S7804807G", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2016-9241", + "name": "S7804807G - CVE-2016-9241", + "description": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + }, + { + "scanner_identifier": "S5487954G", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2008-6992", + "name": "S5487954G - CVE-2008-6992", + "description": "GreenSQL Firewall (greensql-fw), possibly before 0.9.2 or 0.9.4, allows remote attackers to bypass the SQL injection protection mechanism via a WHERE clause containing an expression such as \"x=y=z\", which is successfully parsed by MySQL." + }, + { + "scanner_identifier": "S6117637C", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2007-2893", + "name": "S6117637C - CVE-2007-2893", + "description": "Heap-based buffer overflow in the bx_ne2k_c::rx_frame function in iodev/ne2k.cc in the emulated NE2000 device in Bochs 2.3 allows local users of the guest operating system to write to arbitrary memory locations and gain privileges on the host operating system via vectors that cause TXCNT register values to exceed the device memory size, aka \"RX Frame heap overflow.\"" + }, + { + "scanner_identifier": "S8471400C", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2009-2070", + "name": "S8471400C - CVE-2009-2070", + "description": "Opera displays a cached certificate for a (1) 4xx or (2) 5xx CONNECT response page returned by a proxy server, which allows man-in-the-middle attackers to spoof an arbitrary https site by letting a browser obtain a valid certificate from this site during one request, and then sending the browser a crafted 502 response page upon a subsequent request." + }, + { + "scanner_identifier": "S9734139G", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2005-4530", + "name": "S9734139G - CVE-2005-4530", + "description": "Multiple cross-site scripting (XSS) vulnerabilities in AlstraSoft EPay Enterprise 3.0 (formerly DoPays) allow remote attackers to inject arbitrary web script or HTML via multiple unspecified parameters in (1) profile.htm, (2) card.htm, (3) bank.htm, (4) subscriptions.htm, (5) send.htm, (6) request.htm, (7) forgot.htm, (8) escrow.htm, (9) donations.htm, and (10) products.htm." + }, + { + "scanner_identifier": "S7412233G", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2014-4272", + "name": "S7412233G - CVE-2014-4272", + "description": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." + }, + { + "scanner_identifier": "S9133920Z", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2018-0644", + "name": "S9133920Z - CVE-2018-0644", + "description": "Buffer overflow in Ubuntu14.04 ORCA (Online Receipt Computer Advantage) 4.8.0 (panda-client2) 1:1.4.9+p41-u4jma1 and earlier, Ubuntu14.04 ORCA (Online Receipt Computer Advantage) 5.0.0 (panda-client2) 1:2.0.0+p48-u4jma1 and earlier, and Ubuntu16.04 ORCA (Online Receipt Computer Advantage) 5.0.0 (panda-client2) 1:2.0.0+p48-u5jma1 and earlier allows authenticated attackers to cause denial-of-service (DoS) condition via unspecified vectors." + }, + { + "scanner_identifier": "S8330272J", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2012-3127", + "name": "S8330272J - CVE-2012-3127", + "description": "Unspecified vulnerability in Oracle Sun Solaris 10 allows remote attackers to affect availability, related to SCTP." + }, + { + "scanner_identifier": "S7021071A", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2006-5253", + "name": "S7021071A - CVE-2006-5253", + "description": "PHP remote file inclusion vulnerability in strload.php in Dayana Networks phpOnline (aka PHP-Online) 2.1 allows remote attackers to execute arbitrary PHP code via a URL in the LangFile parameter." + }, + { + "scanner_identifier": "S9858453F", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-1999-0952", + "name": "S9858453F - CVE-1999-0952", + "description": "Buffer overflow in Solaris lpstat via class argument allows local users to gain root access." + }, + { + "scanner_identifier": "S8732948H", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2019-0899", + "name": "S8732948H - CVE-2019-0899", + "description": "A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0889, CVE-2019-0890, CVE-2019-0891, CVE-2019-0893, CVE-2019-0894, CVE-2019-0895, CVE-2019-0896, CVE-2019-0897, CVE-2019-0898, CVE-2019-0900, CVE-2019-0901, CVE-2019-0902." + }, + { + "scanner_identifier": "S9585197E", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2007-3179", + "name": "S9585197E - CVE-2007-3179", + "description": "Multiple SQL injection vulnerabilities in archives.php in Particle Blogger 1.2.1 and earlier allow remote attackers to execute arbitrary SQL commands via the month parameter and other unspecified vectors." + }, + { + "scanner_identifier": "S6108780Z", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2008-1514", + "name": "S6108780Z - CVE-2008-1514", + "description": "arch/s390/kernel/ptrace.c in Linux kernel 2.6.9, and other versions before 2.6.27-rc6, on s390 platforms allows local users to cause a denial of service (kernel panic) via the user-area-padding test from the ptrace testsuite in 31-bit mode, which triggers an invalid dereference." + }, + { + "scanner_identifier": "S7821306Z", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2000-0231", + "name": "S7821306Z - CVE-2000-0231", + "description": "Linux kreatecd trusts a user-supplied path that is used to find the cdrecord program, allowing local users to gain root privileges." + }, + { + "scanner_identifier": "S5830027F", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2010-0500", + "name": "S5830027F - CVE-2010-0500", + "description": "Event Monitor in Apple Mac OS X before 10.6.3 does not properly validate hostnames of SSH clients, which allows remote attackers to cause a denial of service (arbitrary client blacklisting) via a crafted DNS PTR record, related to a \"plist injection issue.\"" + }, + { + "scanner_identifier": "S9392221B", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2007-0935", + "name": "S9392221B - CVE-2007-0935", + "description": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2007. Notes: none." + }, + { + "scanner_identifier": "S8536416B", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2000-0027", + "name": "S8536416B - CVE-2000-0027", + "description": "IBM Network Station Manager NetStation allows local users to gain privileges via a symlink attack." + }, + { + "scanner_identifier": "S5821674G", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2008-5530", + "name": "S5821674G - CVE-2008-5530", + "description": "Ewido Security Suite 4.0, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka \"EXE info\") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit." + }, + { + "scanner_identifier": "S9907000E", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2015-8022", + "name": "S9907000E - CVE-2015-8022", + "description": "The Configuration utility in F5 BIG-IP LTM, Analytics, APM, ASM, GTM, and Link Controller 11.x before 11.2.1 HF16, 11.3.x, 11.4.x before 11.4.1 HF10, 11.5.x before 11.5.4, and 11.6.x before 11.6.1; BIG-IP AAM 11.4.x before 11.4.1 HF10, 11.5.x before 11.5.4, and 11.6.x before 11.6.1; BIG-IP AFM and PEM 11.3.x, 11.4.x before 11.4.1 HF10, 11.5.x before 11.5.4, and 11.6.x before 11.6.1; BIG-IP Edge Gateway, WebAccelerator, and WOM 11.x before 11.2.1 HF16 and 11.3.0; and BIG-IP PSM 11.x before 11.2.1 HF16, 11.3.x, and 11.4.x before 11.4.1 HF10 allows remote authenticated users with certain permissions to gain privileges by leveraging an Access Policy Manager customization configuration section that allows file uploads." + }, + { + "scanner_identifier": "S8039891C", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2013-6525", + "name": "S8039891C - CVE-2013-6525", + "description": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none." + }, + { + "scanner_identifier": "T0112166E", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2014-6002", + "name": "T0112166E - CVE-2014-6002", + "description": "The DTE Energy (aka com.dteenergy.mydte) application 3.0.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + }, + { + "scanner_identifier": "S7014083G", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2019-12795", + "name": "S7014083G - CVE-2019-12795", + "description": "daemon/gvfsdaemon.c in gvfsd from GNOME gvfs before 1.38.3, 1.40.x before 1.40.2, and 1.41.x before 1.41.3 opened a private D-Bus server socket without configuring an authorization rule. A local attacker could connect to this server socket and issue D-Bus method calls. (Note that the server socket only accepts a single connection, so the attacker would have to discover the server and connect to the socket before its owner does.)" + }, + { + "scanner_identifier": "S6394005D", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2005-3769", + "name": "S6394005D - CVE-2005-3769", + "description": "SQL injection vulnerability in files.php in PHP Download Manager 1.1.3 and earlier allows remote attackers to execute arbitrary SQL commands via the cat parameter." + }, + { + "scanner_identifier": "S5757431C", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2017-14397", + "name": "S5757431C - CVE-2017-14397", + "description": "AnyDesk before 3.6.1 on Windows has a DLL injection vulnerability." + }, + { + "scanner_identifier": "S6536032B", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2019-5791", + "name": "S6536032B - CVE-2019-5791", + "description": "Inappropriate optimization in V8 in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page." + }, + { + "scanner_identifier": "S9254441I", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2005-2305", + "name": "S9254441I - CVE-2005-2305", + "description": "DG Remote Control Server 1.6.2 allows remote attackers to cause a denial of service (crash or CPU consumption) and possibly execute arbitrary code via a long message to TCP port 1071 or 1073, possibly due to a buffer overflow." + }, + { + "scanner_identifier": "S9509084B", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2007-3142", + "name": "S9509084B - CVE-2007-3142", + "description": "Visual truncation vulnerability in Opera 9.21 allows remote attackers to spoof the address bar and possibly conduct phishing attacks via a long hostname, which is truncated after 34 characters, as demonstrated by a phishing attack using HTTP Basic Authentication." + }, + { + "scanner_identifier": "S7657429D", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2019-12374", + "name": "S7657429D - CVE-2019-12374", + "description": "A SQL Injection vulnerability exists in Ivanti LANDESK Management Suite (LDMS, aka Endpoint Manager) 10.0.1.168 Service Update 5 due to improper username sanitization in the Basic Authentication implementation in core/provisioning.secure/ProvisioningSecure.asmx in Provisioning.Secure.dll." + }, + { + "scanner_identifier": "S5626687I", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2008-4296", + "name": "S5626687I - CVE-2008-4296", + "description": "The Cisco Linksys WRT350N with firmware 1.0.3.7 has \"admin\" as its default password for the \"admin\" account, which makes it easier for remote attackers to obtain access." + }, + { + "scanner_identifier": "S7050388C", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2006-3132", + "name": "S7050388C - CVE-2006-3132", + "description": "Cross-site scripting (XSS) vulnerability in qtofm.php4 in QTOFileManager 1.0 allows remote attackers to inject arbitrary web script or HTML via the msg parameter, as originally reported for index.php." + }, + { + "scanner_identifier": "S9524403C", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2011-0374", + "name": "S9524403C - CVE-2011-0374", + "description": "The CGI implementation on Cisco TelePresence endpoint devices with software 1.2.x through 1.5.x allows remote authenticated users to execute arbitrary commands via a malformed request, related to \"command injection vulnerabilities,\" aka Bug ID CSCtb31659." + }, + { + "scanner_identifier": "S7110073A", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2014-4065", + "name": "S7110073A - CVE-2014-4065", + "description": "Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2014-2799, CVE-2014-4059, CVE-2014-4079, CVE-2014-4081, CVE-2014-4083, CVE-2014-4085, CVE-2014-4088, CVE-2014-4090, CVE-2014-4094, CVE-2014-4097, CVE-2014-4100, CVE-2014-4103, CVE-2014-4104, CVE-2014-4105, CVE-2014-4106, CVE-2014-4107, CVE-2014-4108, CVE-2014-4109, CVE-2014-4110, and CVE-2014-4111." + }, + { + "scanner_identifier": "S8822803J", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2019-11949", + "name": "S8822803J - CVE-2019-11949", + "description": "A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09." + }, + { + "scanner_identifier": "S5670871E", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2007-0434", + "name": "S5670871E - CVE-2007-0434", + "description": "BEA AquaLogic Enterprise Security 2.0 through 2.0 SP2, 2.1 through 2.1 SP1, and 2.2 does not properly set the severity level of audit events when the system load is high, which might make it easier for attackers to avoid detection." + }, + { + "scanner_identifier": "S6765049B", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2019-5378", + "name": "S6765049B - CVE-2019-5378", + "description": "A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09." + }, + { + "scanner_identifier": "S7871609F", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2002-0730", + "name": "S7871609F - CVE-2002-0730", + "description": "Cross-site scripting vulnerability in guestbook.pl for Philip Chinery's Guestbook 1.1 allows remote attackers to execute Javascript or HTML via fields such as (1) Name, (2) EMail, or (3) Homepage." + }, + { + "scanner_identifier": "S6307452G", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2012-2127", + "name": "S6307452G - CVE-2012-2127", + "description": "fs/proc/root.c in the procfs implementation in the Linux kernel before 3.2 does not properly interact with CLONE_NEWPID clone system calls, which allows remote attackers to cause a denial of service (reference leak and memory consumption) by making many connections to a daemon that uses PID namespaces to isolate clients, as demonstrated by vsftpd." + }, + { + "scanner_identifier": "S6421712G", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2011-2834", + "name": "S6421712G - CVE-2011-2834", + "description": "Double free vulnerability in libxml2, as used in Google Chrome before 14.0.835.163, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to XPath handling." + }, + { + "scanner_identifier": "S8329082Z", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2019-3806", + "name": "S8329082Z - CVE-2019-3806", + "description": "An issue has been found in PowerDNS Recursor versions after 4.1.3 before 4.1.9 where Lua hooks are not properly applied to queries received over TCP in some specific combination of settings, possibly bypassing security policies enforced using Lua." + }, + { + "scanner_identifier": "S8569773J", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2016-4460", + "name": "S8569773J - CVE-2016-4460", + "description": "Apache Pony Mail 0.6c through 0.8b allows remote attackers to bypass authentication." + }, + { + "scanner_identifier": "S8718653I", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2004-0126", + "name": "S8718653I - CVE-2004-0126", + "description": "The jail_attach system call in FreeBSD 5.1 and 5.2 changes the directory of a calling process even if the process doesn't have permission to change directory, which allows local users to gain read/write privileges to files and directories within another jail." + }, + { + "scanner_identifier": "S9456566I", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2018-20135", + "name": "S9456566I - CVE-2018-20135", + "description": "Samsung Galaxy Apps before 4.4.01.7 allows modification of the hostname used for load balancing on installations of applications through a man-in-the-middle attack. An attacker may trick Galaxy Apps into using an arbitrary hostname for which the attacker can provide a valid SSL certificate, and emulate the API of the app store to modify existing apps at installation time. The specific flaw involves an HTTP method to obtain the load-balanced hostname that enforces SSL only after obtaining a hostname from the load balancer, and a missing app signature validation in the application XML. An attacker can exploit this vulnerability to achieve Remote Code Execution on the device. The Samsung ID is SVE-2018-12071." + }, + { + "scanner_identifier": "S9281363J", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2018-1999025", + "name": "S9281363J - CVE-2018-1999025", + "description": "A man in the middle vulnerability exists in Jenkins TraceTronic ECU-TEST Plugin 2.3 and earlier in ATXPublisher.java, ATXValidator.java that allows attackers to impersonate any service that Jenkins connects to." + }, + { + "scanner_identifier": "S7303558I", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2009-3907", + "name": "S7303558I - CVE-2009-3907", + "description": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2009-3607. Reason: This candidate is a duplicate of CVE-2009-3607. A typo caused the wrong ID to be used. Notes: All CVE users should reference CVE-2009-3607 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + }, + { + "scanner_identifier": "S7566330G", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2009-4748", + "name": "S7566330G - CVE-2009-4748", + "description": "SQL injection vulnerability in mycategoryorder.php in the My Category Order plugin 2.8 and earlier for WordPress allows remote attackers to execute arbitrary SQL commands via the parentID parameter in an act_OrderCategories action to wp-admin/post-new.php." + }, + { + "scanner_identifier": "S8695059F", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2010-3839", + "name": "S8695059F - CVE-2010-3839", + "description": "MySQL 5.1 before 5.1.51 and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (infinite loop) via multiple invocations of a (1) prepared statement or (2) stored procedure that creates a query with nested JOIN statements." + }, + { + "scanner_identifier": "S6511844J", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2005-4030", + "name": "S6511844J - CVE-2005-4030", + "description": "SQL injection vulnerability in Quicksilver Forums before 1.5.1 allows remote attackers to execute arbitrary SQL commands via the HTTP_USER_AGENT header." + }, + { + "scanner_identifier": "S8996993Z", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2012-4197", + "name": "S8996993Z - CVE-2012-4197", + "description": "Bugzilla/Attachment.pm in attachment.cgi in Bugzilla 2.x and 3.x before 3.6.12, 3.7.x and 4.0.x before 4.0.9, 4.1.x and 4.2.x before 4.2.4, and 4.3.x and 4.4.x before 4.4rc1 allows remote attackers to read attachment descriptions from private bugs via an obsolete=1 insert action." + }, + { + "scanner_identifier": "S8322546G", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2019-1881", + "name": "S8322546G - CVE-2019-1881", + "description": "A vulnerability in the web-based management interface of Cisco Industrial Network Director (IND) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF protections for the web-based management interface of the affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a malicious link. A successful exploit could allow the attacker to use a web browser and the privileges of the user to perform arbitrary actions on an affected device. For more information about CSRF attacks and potential mitigations, see Understanding Cross-Site Request Forgery Threat Vectors." + }, + { + "scanner_identifier": "S7344438A", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2006-6108", + "name": "S7344438A - CVE-2006-6108", + "description": "Cross-site scripting (XSS) vulnerability in EC-CUBE before 1.0.1a-beta allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors." + }, + { + "scanner_identifier": "S9921262D", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2010-1984", + "name": "S9921262D - CVE-2010-1984", + "description": "Cross-site scripting (XSS) vulnerability in the Taxonomy Breadcrumb module 5.x before 5.x-1.5 and 6.x before 6.x-1.1 for Drupal allows remote authenticated users, with administer taxonomy permissions, to inject arbitrary web script or HTML via the taxonomy term name in a Breadcrumb display." + }, + { + "scanner_identifier": "S6578288Z", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2016-1018", + "name": "S6578288Z - CVE-2016-1018", + "description": "Stack-based buffer overflow in Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows attackers to execute arbitrary code via crafted JPEG-XR data." + }, + { + "scanner_identifier": "S5470595F", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2013-4361", + "name": "S5470595F - CVE-2013-4361", + "description": "The fbld instruction emulation in Xen 3.3.x through 4.3.x does not use the correct variable for the source effective address, which allows local HVM guests to obtain hypervisor stack information by reading the values used by the instruction." + }, + { + "scanner_identifier": "S6276131H", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2003-0691", + "name": "S6276131H - CVE-2003-0691", + "description": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not associated with any specific security issue. Notes: none." + }, + { + "scanner_identifier": "S7776792D", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2006-0234", + "name": "S7776792D - CVE-2006-0234", + "description": "SQL injection vulnerability in index.php in microBlog 2.0 RC-10 allows remote attackers to execute arbitrary SQL commands via the (1) month and (2) year parameters." + }, + { + "scanner_identifier": "S7000964A", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2002-1228", + "name": "S7000964A - CVE-2002-1228", + "description": "Unknown vulnerability in NFS on Solaris 2.5.1 through Solaris 9 allows an NFS client to cause a denial of service by killing the lockd daemon." + }, + { + "scanner_identifier": "S8727112I", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2003-0886", + "name": "S8727112I - CVE-2003-0886", + "description": "Format string vulnerability in hfaxd for Hylafax 4.1.7 and earlier allows remote attackers to execute arbitrary code." + }, + { + "scanner_identifier": "S5539962Z", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2005-0001", + "name": "S5539962Z - CVE-2005-0001", + "description": "Race condition in the page fault handler (fault.c) for Linux kernel 2.2.x to 2.2.7, 2.4 to 2.4.29, and 2.6 to 2.6.10, when running on multiprocessor machines, allows local users to execute arbitrary code via concurrent threads that share the same virtual memory space and simultaneously request stack expansion." + }, + { + "scanner_identifier": "S9411999E", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2010-0988", + "name": "S9411999E - CVE-2010-0988", + "description": "Multiple unspecified vulnerabilities in Pulse CMS before 1.2.3 allow (1) remote attackers to write to arbitrary files and execute arbitrary PHP code via vectors related to improper handling of login failures by includes/login.php; and allow remote authenticated users to write to arbitrary files and execute arbitrary PHP code via vectors involving the (2) filename and (3) block parameters to view.php." + }, + { + "scanner_identifier": "S5503636E", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2008-7030", + "name": "S5503636E - CVE-2008-7030", + "description": "Multiple SQL injection vulnerabilities in Site2Nite Real Estate Web allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password field to an unspecified component, possibly agentlist.asp. NOTE: this issue was disclosed by an unreliable researcher, so it might be incorrect." + }, + { + "scanner_identifier": "S9060409J", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2008-3527", + "name": "S9060409J - CVE-2008-3527", + "description": "arch/i386/kernel/sysenter.c in the Virtual Dynamic Shared Objects (vDSO) implementation in the Linux kernel before 2.6.21 does not properly check boundaries, which allows local users to gain privileges or cause a denial of service via unspecified vectors, related to the install_special_mapping, syscall, and syscall32_nopage functions." + }, + { + "scanner_identifier": "S9147641Z", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2003-1526", + "name": "S9147641Z - CVE-2003-1526", + "description": "PHP-Nuke 7.0 allows remote attackers to obtain the installation path via certain characters such as (1) \", (2) ', or (3) > in the search field, which reveals the path in an error message." + }, + { + "scanner_identifier": "S9113664C", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2019-1779", + "name": "S9113664C - CVE-2019-1779", + "description": "A vulnerability in the CLI of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device with elevated privileges. The vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with elevated privileges. An attacker would need valid device credentials to exploit this vulnerability." + }, + { + "scanner_identifier": "S6952215G", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2013-4825", + "name": "S6952215G - CVE-2013-4825", + "description": "Unspecified vulnerability in HP Intelligent Management Center (iMC) and HP IMC Service Operation Management Software Module allows remote attackers to bypass intended access restrictions via unknown vectors, aka ZDI-CAN-1645." + }, + { + "scanner_identifier": "S6743924D", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-1999-0153", + "name": "S6743924D - CVE-1999-0153", + "description": "Windows 95/NT out of band (OOB) data denial of service through NETBIOS port, aka WinNuke." + }, + { + "scanner_identifier": "S9051040A", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2015-3008", + "name": "S9051040A - CVE-2015-3008", + "description": "Asterisk Open Source 1.8 before 1.8.32.3, 11.x before 11.17.1, 12.x before 12.8.2, and 13.x before 13.3.2 and Certified Asterisk 1.8.28 before 1.8.28-cert5, 11.6 before 11.6-cert11, and 13.1 before 13.1-cert2, when registering a SIP TLS device, does not properly handle a null byte in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority." + }, + { + "scanner_identifier": "S6963644F", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2014-3331", + "name": "S6963644F - CVE-2014-3331", + "description": "The Session Manager component in Packet Data Network Gateway (aka PGW) in Cisco ASR 5000 Series Software 11.0, 12.0, 12.1, 12.2, 14.0, 15.0, 16.x through 16.1.2, and 17.0 allows remote attackers to cause a denial of service (process crash) via a crafted TCP packet, aka Bug ID CSCuo21914." + }, + { + "scanner_identifier": "S7326902D", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2006-0918", + "name": "S7326902D - CVE-2006-0918", + "description": "Buffer overflow in RITLabs The Bat! 3.60.07 allows remote attackers to execute arbitrary code via a long Subject field." + }, + { + "scanner_identifier": "S7585372F", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2015-0769", + "name": "S7585372F - CVE-2015-0769", + "description": "Cisco IOS XR 4.0.1 through 4.2.0 for CRS-3 Carrier Routing System allows remote attackers to cause a denial of service (NPU ASIC scan and line-card reload) via crafted IPv6 extension headers, aka Bug ID CSCtx03546." + }, + { + "scanner_identifier": "S7363834H", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2016-9244", + "name": "S7363834H - CVE-2016-9244", + "description": "A BIG-IP virtual server configured with a Client SSL profile that has the non-default Session Tickets option enabled may leak up to 31 bytes of uninitialized memory. A remote attacker may exploit this vulnerability to obtain Secure Sockets Layer (SSL) session IDs from other sessions. It is possible that other data from uninitialized memory may be returned as well." + }, + { + "scanner_identifier": "S7763206I", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2006-2634", + "name": "S7763206I - CVE-2006-2634", + "description": "Cross-site scripting (XSS) vulnerability in Neocrome Land Down Under (LDU) in Neocrome Seditio 102 allows remote attackers to inject arbitrary web script or HTML via an HTTP Referer field." + }, + { + "scanner_identifier": "S5942976J", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2002-1915", + "name": "S5942976J - CVE-2002-1915", + "description": "tip on multiple BSD-based operating systems allows local users to cause a denial of service (execution prevention) by using flock() to lock the /var/log/acculog file." + }, + { + "scanner_identifier": "S7518860I", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2005-3406", + "name": "S7518860I - CVE-2005-3406", + "description": "Cross-site scripting (XSS) vulnerability in phpESP 1.7.5 and earlier allows remote attackers to inject arbitrary web script or HTML via unknown vectors." + }, + { + "scanner_identifier": "S7383075C", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2019-9670", + "name": "S7383075C - CVE-2019-9670", + "description": "mailboxd component in Synacor Zimbra Collaboration Suite 8.7.x before 8.7.11p10 has an XML External Entity injection (XXE) vulnerability." + }, + { + "scanner_identifier": "S7819823J", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2009-1077", + "name": "S7819823J - CVE-2009-1077", + "description": "The Change My Password implementation in the admin interface in Sun Java System Identity Manager (IdM) 7.0 through 8.0 does not enforce the RequiresChallenge property setting, which allows remote authenticated users to change the passwords of other users, as demonstrated by changing the administrator's password." + }, + { + "scanner_identifier": "S6660921I", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2006-5665", + "name": "S6660921I - CVE-2006-5665", + "description": "PHP remote file inclusion vulnerability in admin/modules_data.php in the phpBB module Spider Friendly 1.3.10 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter." + }, + { + "scanner_identifier": "S7125393G", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2017-0628", + "name": "S7125393G - CVE-2017-0628", + "description": "An information disclosure vulnerability in the Qualcomm camera driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-34230377. References: QC-CR#1086833." + }, + { + "scanner_identifier": "S9149349G", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2016-5315", + "name": "S9149349G - CVE-2016-5315", + "description": "The setByteArray function in tif_dir.c in libtiff 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted tiff image." + }, + { + "scanner_identifier": "S5645204D", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2006-0586", + "name": "S5645204D - CVE-2006-0586", + "description": "Multiple SQL injection vulnerabilities in Oracle 10g Release 1 before CPU Jan 2006 allow remote attackers to execute arbitrary SQL commands via multiple parameters in (1) ATTACH_JOB, (2) HAS_PRIVS, and (3) OPEN_JOB functions in the SYS.KUPV$FT package; and (4) UPDATE_JOB, (5) ACTIVE_JOB, (6) ATTACH_POSSIBLE, (7) ATTACH_TO_JOB, (8) CREATE_NEW_JOB, (9) DELETE_JOB, (10) DELETE_MASTER_TABLE, (11) DETACH_JOB, (12) GET_JOB_INFO, (13) GET_JOB_QUEUES, (14) GET_SOLE_JOBNAME, (15) MASTER_TBL_LOCK, and (16) VALID_HANDLE functions in the SYS.KUPV$FT_INT package. NOTE: due to the lack of relevant details from the Oracle advisory, a separate CVE is being created since it cannot be conclusively proven that these issues has been addressed by Oracle. It is unclear which, if any, Oracle Vuln# identifiers apply to these issues." + }, + { + "scanner_identifier": "S8083453E", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2010-3732", + "name": "S8083453E - CVE-2010-3732", + "description": "The DRDA Services component in IBM DB2 UDB 9.5 before FP6a allows remote authenticated users to cause a denial of service (database server ABEND) by using the client CLI on Linux, UNIX, or Windows for executing a prepared statement with a large number of parameter markers." + }, + { + "scanner_identifier": "S5856316A", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2014-8442", + "name": "S5856316A - CVE-2014-8442", + "description": "Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows and OS X and before 11.2.202.418 on Linux, Adobe AIR before 15.0.0.356, Adobe AIR SDK before 15.0.0.356, and Adobe AIR SDK & Compiler before 15.0.0.356 allow attackers to complete a transition from Low Integrity to Medium Integrity by leveraging incorrect permissions." + }, + { + "scanner_identifier": "S7748960F", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2012-3674", + "name": "S7748960F - CVE-2012-3674", + "description": "WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1." + }, + { + "scanner_identifier": "S7064259Z", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2009-0380", + "name": "S7064259Z - CVE-2009-0380", + "description": "** DISPUTED ** SQL injection vulnerability in the Sigsiu Online Business Index 2 (SOBI2, com_sobi2) RC 2.8.2 component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the bid parameter in a showbiz action to index.php, a different vector than CVE-2008-0607. NOTE: CVE disputes this issue, since neither \"showbiz\" nor \"bid\" appears in the source code for SOBI2." + }, + { + "scanner_identifier": "S6352723H", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2018-5264", + "name": "S6352723H - CVE-2018-5264", + "description": "Ubiquiti UniFi 52 devices, when Hotspot mode is used, allow remote attackers to bypass intended restrictions on \"free time\" Wi-Fi usage by sending a /guest/s/default/ request to obtain a cookie, and then using this cookie in a /guest/s/default/login request with the byfree parameter." + }, + { + "scanner_identifier": "S7516788A", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2019-12377", + "name": "S7516788A - CVE-2019-12377", + "description": "A vulnerable upl/async_upload.asp web API endpoint in Ivanti LANDESK Management Suite (LDMS, aka Endpoint Manager) 10.0.1.168 Service Update 5 allows arbitrary file upload, which may lead to arbitrary remote code execution." + }, + { + "scanner_identifier": "S9839427C", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2006-4789", + "name": "S9839427C - CVE-2006-4789", + "description": "Buffer overflow in Open Movie Editor 0.0.20060901 allows local users to cause a denial of service (system crash) or execute arbitrary code via a long project name in an open_movie_editor_project XML tag." + }, + { + "scanner_identifier": "S9498737G", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2011-3991", + "name": "S9498737G - CVE-2011-3991", + "description": "Untrusted search path vulnerability in FFFTP 1.98a and earlier allows local users to execute arbitrary code via unspecified functions." + }, + { + "scanner_identifier": "S7965647Z", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2017-16102", + "name": "S7965647Z - CVE-2017-16102", + "description": "serverhuwenhui is a simple http server. serverhuwenhui is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing \"../\" in the URL." + }, + { + "scanner_identifier": "S8473021A", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2009-1522", + "name": "S8473021A - CVE-2009-1522", + "description": "The IBM Tivoli Storage Manager (TSM) client 5.5.0.0 through 5.5.1.17 on AIX and Windows, when SSL is used, allows remote attackers to conduct unspecified man-in-the-middle attacks and read arbitrary files via unknown vectors." + }, + { + "scanner_identifier": "S6475979E", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2001-0339", + "name": "S6475979E - CVE-2001-0339", + "description": "Internet Explorer 5.5 and earlier allows remote attackers to display a URL in the address bar that is different than the URL that is actually being displayed, which could be used in web site spoofing attacks, aka the \"Web page spoofing vulnerability.\"" + }, + { + "scanner_identifier": "S8975930G", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2003-1515", + "name": "S8975930G - CVE-2003-1515", + "description": "Origo ASR-8100 ADSL Router 3.21 has an administration service running on port 254 that does not require a password, which allows remote attackers to cause a denial of service by restoring the factory defaults." + }, + { + "scanner_identifier": "S8393133G", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2015-6251", + "name": "S8393133G - CVE-2015-6251", + "description": "Double free vulnerability in GnuTLS before 3.3.17 and 3.4.x before 3.4.4 allows remote attackers to cause a denial of service via a long DistinguishedName (DN) entry in a certificate." + }, + { + "scanner_identifier": "S6305801G", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2013-4608", + "name": "S6305801G - CVE-2013-4608", + "description": "Cross-site scripting (XSS) vulnerability in REDCap before 5.0.6 allows remote attackers to inject arbitrary web script or HTML via vectors involving the Graphical Data View & Descriptive Stats page." + }, + { + "scanner_identifier": "S5834291B", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2015-3814", + "name": "S5834291B - CVE-2015-3814", + "description": "The (1) dissect_tfs_request and (2) dissect_tfs_response functions in epan/dissectors/packet-ieee80211.c in the IEEE 802.11 dissector in Wireshark 1.10.x before 1.10.14 and 1.12.x before 1.12.5 interpret a zero value as a length rather than an error condition, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet." + }, + { + "scanner_identifier": "S7101228Z", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2003-0357", + "name": "S7101228Z - CVE-2003-0357", + "description": "Multiple integer overflow vulnerabilities in Ethereal 0.9.11 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via the (1) Mount and (2) PPP dissectors." + }, + { + "scanner_identifier": "T0000788E", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2009-2633", + "name": "T0000788E - CVE-2009-2633", + "description": "PHP remote file inclusion vulnerability in toolbar_ext.php in the VehicleManager (com_vehiclemanager) component 1.0 Basic for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter." + }, + { + "scanner_identifier": "S8661187B", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2014-4996", + "name": "S8661187B - CVE-2014-4996", + "description": "lib/vlad/dba/mysql.rb in the VladTheEnterprising gem 0.2 for Ruby allows local users to write to arbitrary files via a symlink attack on /tmp/my.cnf.#{target_host}." + }, + { + "scanner_identifier": "S5802396E", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2010-1538", + "name": "S5802396E - CVE-2010-1538", + "description": "SQL injection vulnerability in print_raincheck.php in phpRAINCHECK 1.0.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter." + }, + { + "scanner_identifier": "S6431406H", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2006-1217", + "name": "S6431406H - CVE-2006-1217", + "description": "SQL injection vulnerability in DSPoll 1.1 allows remote attackers to execute arbitrary SQL commands via the pollid parameter to (1) results.php, (2) topolls.php, (3) pollit.php." + }, + { + "scanner_identifier": "S7281934I", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2009-4922", + "name": "S7281934I - CVE-2009-4922", + "description": "Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allows remote authenticated users to cause a denial of service (traceback) by establishing many IPsec L2L tunnels from remote peer IP addresses, aka Bug ID CSCso15583." + }, + { + "scanner_identifier": "S6099140E", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2015-4664", + "name": "S6099140E - CVE-2015-4664", + "description": "An improper input validation vulnerability in CA Privileged Access Manager 2.4.4.4 and earlier allows remote attackers to execute arbitrary commands." + }, + { + "scanner_identifier": "S7977063I", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2019-3578", + "name": "S7977063I - CVE-2019-3578", + "description": "MyBB 1.8.19 has XSS in the resetpassword function." + }, + { + "scanner_identifier": "S9877499H", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2006-0744", + "name": "S9877499H - CVE-2006-0744", + "description": "Linux kernel before 2.6.16.5 does not properly handle uncanonical return addresses on Intel EM64T CPUs, which reports an exception in the SYSRET instead of the next instruction, which causes the kernel exception handler to run on the user stack with the wrong GS." + }, + { + "scanner_identifier": "S8268066G", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2005-4104", + "name": "S8268066G - CVE-2005-4104", + "description": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2005. Notes: none." + }, + { + "scanner_identifier": "S9382931Z", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2006-5637", + "name": "S9382931Z - CVE-2006-5637", + "description": "PHP remote file inclusion vulnerability in faq_reply.php in Faq Administrator 2.1b allows remote attackers to execute arbitrary PHP code via a URL in the email parameter." + }, + { + "scanner_identifier": "S5649871J", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2005-0958", + "name": "S5649871J - CVE-2005-0958", + "description": "Format string vulnerability in the log_do function in log.c for YepYep mtftpd 0.0.3, when the statistics option is enabled, allows remote attackers to execute arbitrary code via the CWD command." + }, + { + "scanner_identifier": "S5655088G", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2019-11877", + "name": "S5655088G - CVE-2019-11877", + "description": "XSS on the PIX-Link Repeater/Router LV-WR09 with firmware v28K.MiniRouter.20180616 allows attackers to steal credentials without being connected to the network. The attack vector is a crafted ESSID." + }, + { + "scanner_identifier": "S7472204J", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2007-4491", + "name": "S7472204J - CVE-2007-4491", + "description": "SQL injection vulnerability in uyeler2.php in Gurur haber 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter." + }, + { + "scanner_identifier": "S8850530A", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2017-9362", + "name": "S8850530A - CVE-2017-9362", + "description": "ManageEngine ServiceDesk Plus before 9312 contains an XML injection at add Configuration items CMDB API." + }, + { + "scanner_identifier": "S7669463Z", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2017-11404", + "name": "S7669463Z - CVE-2017-11404", + "description": "In CMS Made Simple (CMSMS) 2.2.2, remote authenticated administrators can upload a .php file via a FileManager action to admin/moduleinterface.php." + }, + { + "scanner_identifier": "S7476402I", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2010-5232", + "name": "S7476402I - CVE-2010-5232", + "description": "Untrusted search path vulnerability in DivX Plus Player 8.1.0 allows local users to gain privileges via a Trojan horse ssleay32.dll file in a certain directory. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." + }, + { + "scanner_identifier": "S6855662G", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2017-18368", + "name": "S6855662G - CVE-2017-18368", + "description": "The ZyXEL P660HN-T1A v1 TCLinux Fw $7.3.15.0 v001 / 3.40(ULM.0)b31 router distributed by TrueOnline has a command injection vulnerability in the Remote System Log forwarding function, which is accessible by an unauthenticated user. The vulnerability is in the ViewLog.asp page and can be exploited through the remote_host parameter." + }, + { + "scanner_identifier": "S9404140F", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2010-4560", + "name": "S9404140F - CVE-2010-4560", + "description": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2010-4669. Reason: This candidate is a duplicate of CVE-2010-4669. Notes: All CVE users should reference CVE-2010-4669 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + }, + { + "scanner_identifier": "S8862004F", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2012-0581", + "name": "S8862004F - CVE-2012-0581", + "description": "Unspecified vulnerability in the Oracle Agile component in Oracle Supply Chain Products Suite 5.2.2, 6.0.0, and 6.1.1 allows remote attackers to affect integrity, related to SCRM - Company Profiles." + }, + { + "scanner_identifier": "S5859750C", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2006-4116", + "name": "S5859750C - CVE-2006-4116", + "description": "Multiple stack-based buffer overflows in Lhaz before 1.32 allow user-assisted attackers to execute arbitrary code via a long filename in (1) an LHZ archive, when saving the filename during extraction; and (2) an LHZ archive with an invalid CRC checksum, when constructing an error message." + }, + { + "scanner_identifier": "T0000548C", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2009-1769", + "name": "T0000548C - CVE-2009-1769", + "description": "The web interface in Open Computer and Software Inventory Next Generation (OCS Inventory NG) 1.01 generates different error messages depending on whether a username is valid, which allows remote attackers to enumerate valid usernames." + }, + { + "scanner_identifier": "S6912250G", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2004-1294", + "name": "S6912250G - CVE-2004-1294", + "description": "The mget function in cmds.c for tnftp 20030825 allows remote FTP servers to overwrite arbitrary files via FTP responses containing file names with / (slash) characters." + }, + { + "scanner_identifier": "S8405693F", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2012-5261", + "name": "S8405693F - CVE-2012-5261", + "description": "Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x; Adobe AIR before 3.4.0.2710; and Adobe AIR SDK before 3.4.0.2710 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than other Flash Player memory corruption CVEs listed in APSB12-22." + }, + { + "scanner_identifier": "S6907173B", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2004-2174", + "name": "S6907173B - CVE-2004-2174", + "description": "Cross-site scripting (XSS) vulnerability in Custva.asp in EarlyImpact ProductCart allows remote attackers to inject arbitrary Javascript via the redirectUrl parameter." + }, + { + "scanner_identifier": "S8194362A", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2019-1000", + "name": "S8194362A - CVE-2019-1000", + "description": "An elevation of privilege vulnerability exists in Microsoft Azure Active Directory Connect build 1.3.20.0, which allows an attacker to execute two PowerShell cmdlets in context of a privileged account, and perform privileged actions.To exploit this, an attacker would need to authenticate to the AzureÂ? AD Connect server, aka 'Microsoft Azure AD Connect Elevation of Privilege Vulnerability'." + }, + { + "scanner_identifier": "S5605104Z", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2005-0845", + "name": "S5605104Z - CVE-2005-0845", + "description": "Directory traversal vulnerability in the Webmail interface in SurgeMail 2.2g3 allows remote authenticated users to write arbitrary files or directories via a .. (dot dot) in the attach_id parameter." + }, + { + "scanner_identifier": "S9957728B", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2019-3567", + "name": "S9957728B - CVE-2019-3567", + "description": "In some configurations an attacker can inject a new executable path into the extensions.load file for osquery and hard link a parent folder of a malicious binary to a folder with known 'safe' permissions. Under those circumstances osquery will load said malicious executable with SYSTEM permissions. The solution is to migrate installations to the 'Program Files' directory on Windows which restricts unprivileged write access. This issue affects osquery prior to v3.4.0." + }, + { + "scanner_identifier": "S7446434C", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2018-17619", + "name": "S7446434C - CVE-2018-17619", + "description": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Validate events. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6352." + }, + { + "scanner_identifier": "S9001561C", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2009-3793", + "name": "S9001561C - CVE-2009-3793", + "description": "Unspecified vulnerability in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory consumption) or possibly execute arbitrary code via unknown vectors." + }, + { + "scanner_identifier": "T0052225I", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2010-4836", + "name": "T0052225I - CVE-2010-4836", + "description": "Cross-site scripting (XSS) vulnerability in register.html in PHPShop 2.1 EE and earlier allows remote attackers to inject arbitrary web script or HTML via the name_new parameter." + }, + { + "scanner_identifier": "S5579211I", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2003-0761", + "name": "S5579211I - CVE-2003-0761", + "description": "Buffer overflow in the get_msg_text of chan_sip.c in the Session Initiation Protocol (SIP) protocol implementation for Asterisk releases before August 15, 2003, allows remote attackers to execute arbitrary code via certain (1) MESSAGE or (2) INFO requests." + }, + { + "scanner_identifier": "S6575218B", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2003-1170", + "name": "S6575218B - CVE-2003-1170", + "description": "Format string vulnerability in main.cpp in kpopup 0.9.1 and 0.9.5pre2 allows local users to cause a denial of service (segmentation fault) and possibly execute arbitrary code via format string specifiers in command line arguments." + }, + { + "scanner_identifier": "S9667139C", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2005-1342", + "name": "S9667139C - CVE-2005-1342", + "description": "The x-man-page: URI handler for Apple Terminal 1.4.4 in Mac OS X 10.3.9 does not cleanse terminal escape sequences, which allows remote attackers to execute arbitrary commands." + }, + { + "scanner_identifier": "S7771719F", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2016-6408", + "name": "S7771719F - CVE-2016-6408", + "description": "Cisco Prime Home 5.2.0 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka Bug ID CSCvb17814." + }, + { + "scanner_identifier": "T0018603H", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2016-9006", + "name": "T0018603H - CVE-2016-9006", + "description": "IBM UrbanCode Deploy 6.1 and 6.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: C1000264." + }, + { + "scanner_identifier": "S6214658C", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2004-0824", + "name": "S6214658C - CVE-2004-0824", + "description": "PPPDialer for Mac OS X 10.2.8 through 10.3.5 allows local users to overwrite system files via a symlink attack on PPPDialer log files." + }, + { + "scanner_identifier": "S8603225B", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2006-7088", + "name": "S8603225B - CVE-2006-7088", + "description": "Multiple SQL injection vulnerabilities in Simple PHP Forum before 0.4 allow remote attackers to execute arbitrary SQL commands via the username parameter to (1) logon_user.php and (2) update_profile.php." + }, + { + "scanner_identifier": "S9357860J", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2005-1131", + "name": "S9357860J - CVE-2005-1131", + "description": "Unknown vulnerability in Veritas i3 Focalpoint Server 7.1 and earlier has unknown attack vectors and unknown but \"critical\" impact." + }, + { + "scanner_identifier": "S6607003D", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2005-2348", + "name": "S6607003D - CVE-2005-2348", + "description": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2005. Notes: none." + }, + { + "scanner_identifier": "S6979247B", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2004-2280", + "name": "S6979247B - CVE-2004-2280", + "description": "Buffer overflow in IBM Lotus Notes 6.5.x before 6.5.3 and 6.0.x before 6.0.5 allows remote attackers to cause a denial of service (crash) via unknown vectors related to Java applets, as identified by KSPR62F4KN." + }, + { + "scanner_identifier": "S6822078E", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2011-3990", + "name": "S6822078E - CVE-2011-3990", + "description": "Cross-site scripting (XSS) vulnerability in plugin/comment.inc.php in PukiWiki Plus! 1.4.7plus-u2-i18n and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + }, + { + "scanner_identifier": "S7869766J", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2009-3609", + "name": "S7869766J - CVE-2009-3609", + "description": "Integer overflow in the ImageStream::ImageStream function in Stream.cc in Xpdf before 3.02pl4 and Poppler before 0.12.1, as used in GPdf, kdegraphics KPDF, and CUPS pdftops, allows remote attackers to cause a denial of service (application crash) via a crafted PDF document that triggers a NULL pointer dereference or buffer over-read." + }, + { + "scanner_identifier": "S5755816D", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2006-3370", + "name": "S5755816D - CVE-2006-3370", + "description": "Blueboy 1.0.3 stores bb_news_config.inc under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information, including the database configuration." + }, + { + "scanner_identifier": "S8506456H", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2005-3836", + "name": "S8506456H - CVE-2005-3836", + "description": "SQL injection vulnerability in DeskLance 2.3 and earlier allows remote attackers to execute arbitrary SQL commands via the announce parameter." + }, + { + "scanner_identifier": "S5889794I", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2016-6877", + "name": "S5889794I - CVE-2016-6877", + "description": "** DISPUTED ** Citrix XenMobile Server before 10.5.0.24 allows man-in-the-middle attackers to trigger HTTP 302 redirections via vectors involving the HTTP Host header and a cached page. NOTE: the vendor reports \"our internal analysis of this issue concluded that this was not a valid vulnerability\" because an exploitation scenario would involve a man-in-the-middle attack against a TLS session." + }, + { + "scanner_identifier": "T0197304A", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2010-4403", + "name": "T0197304A - CVE-2010-4403", + "description": "The Register Plus plugin 3.5.1 and earlier for WordPress allows remote attackers to obtain sensitive information via a direct request to (1) dash_widget.php and (2) register-plus.php, which reveals the installation path in an error message." + }, + { + "scanner_identifier": "S6276165B", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2019-12764", + "name": "S6276165B - CVE-2019-12764", + "description": "An issue was discovered in Joomla! before 3.9.7. The update server URL of com_joomlaupdate can be manipulated by non Super-Admin users." + }, + { + "scanner_identifier": "S5806757A", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2015-0532", + "name": "S5806757A - CVE-2015-0532", + "description": "EMC RSA Identity Management and Governance (IMG) 6.9 before P04 and 6.9.1 before P01 does not properly restrict password resets, which allows remote attackers to obtain access via crafted use of the reset process for an arbitrary valid account name, as demonstrated by a privileged account." + }, + { + "scanner_identifier": "S6292149H", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2019-5376", + "name": "S6292149H - CVE-2019-5376", + "description": "A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09." + }, + { + "scanner_identifier": "S5543940J", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2018-2659", + "name": "S5543940J - CVE-2018-2659", + "description": "Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracle JD Edwards Products (subcomponent: Web Runtime SEC). The supported version that is affected is 9.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in JD Edwards EnterpriseOne Tools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of JD Edwards EnterpriseOne Tools accessible data as well as unauthorized read access to a subset of JD Edwards EnterpriseOne Tools accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." + }, + { + "scanner_identifier": "S8043240B", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2015-5544", + "name": "S8043240B - CVE-2015-5544", + "description": "Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR SDK & Compiler before 18.0.0.199 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5545, CVE-2015-5546, CVE-2015-5547, CVE-2015-5548, CVE-2015-5549, CVE-2015-5552, and CVE-2015-5553." + }, + { + "scanner_identifier": "S9472635B", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2010-0769", + "name": "S9472635B - CVE-2010-0769", + "description": "IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.41, 6.1 before 6.1.0.31, and 7.0 before 7.0.0.9 does not properly define wsadmin scripting J2CConnectionFactory objects, which allows local users to discover a KeyRingPassword password by reading a cleartext field in the resources.xml file." + }, + { + "scanner_identifier": "S6402476J", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2019-6739", + "name": "S6402476J - CVE-2019-6739", + "description": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Malwarebytes Antimalware 3.6.1.2711. User interaction is required to exploit this vulnerability in that the target must visit a malicious web page. There is an issue with the way the product handles URIs within certain schemes. The product does not warn the user that a dangerous navigation is about to take place. Because special characters in the URI are not sanitized, this could lead to the execution of arbitrary commands. An attacker can leverage this vulnerability to execute code in the context of the current user at medium integrity. Was ZDI-CAN-7162." + }, + { + "scanner_identifier": "S7198279C", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2019-5341", + "name": "S7198279C - CVE-2019-5341", + "description": "A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09." + }, + { + "scanner_identifier": "S6020125J", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2004-2005", + "name": "S6020125J - CVE-2004-2005", + "description": "Buffer overflow in Eudora for Windows 5.2.1, 6.0.3, and 6.1 allows remote attackers to execute arbitrary code via an e-mail with (1) a link to a long URL to the C drive or (2) a long attachment name." + }, + { + "scanner_identifier": "S6313335C", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2002-0959", + "name": "S6313335C - CVE-2002-0959", + "description": "Cross-site scripting vulnerability in Splatt Forum 3.0 allows remote attackers to execute arbitrary script as other users via an [img] tag with a closing quote followed by the script." + }, + { + "scanner_identifier": "S8751385H", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2004-1195", + "name": "S8751385H - CVE-2004-1195", + "description": "Star Wars Battlefront 1.11 and earlier allows remote attackers to cause a denial of service (application crash) via a join request that contains a memory address that causes the server to read arbitrary memory." + }, + { + "scanner_identifier": "S6417363D", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2004-0900", + "name": "S6417363D - CVE-2004-0900", + "description": "The DHCP Server service for Microsoft Windows NT 4.0 Server and Terminal Server Edition does not properly validate the length of certain messages, which allows remote attackers to execute arbitrary code via a malformed DHCP message, aka the \"DHCP Request Vulnerability.\"" + }, + { + "scanner_identifier": "S7016687I", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2011-3531", + "name": "S7016687I - CVE-2011-3531", + "description": "Unspecified vulnerability in the Oracle Web Services Manager component in Oracle Fusion Middleware 11.1.1.3, 11.1.1.4, and 11.1.1.5 allows remote attackers to affect availability via unknown vectors related to Web Services Security." + }, + { + "scanner_identifier": "S8871083E", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2010-3516", + "name": "S8871083E - CVE-2010-3516", + "description": "Unspecified vulnerability in Oracle Solaris 10 and OpenSolaris allows local users to affect availability via unknown vectors related to InfiniBand." + }, + { + "scanner_identifier": "S5825461D", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2017-14853", + "name": "S5825461D - CVE-2017-14853", + "description": "The Orpak SiteOmat OrCU component is vulnerable to code injection, for all versions prior to 2017-09-25, due to a search query that uses a direct shell command. By tampering with the request, an attacker is able to run shell commands and receive valid output from the device." + }, + { + "scanner_identifier": "S6353766G", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2007-1100", + "name": "S6353766G - CVE-2007-1100", + "description": "Directory traversal vulnerability in download.php in Ahmet Sacan Pickle before 20070301 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter." + }, + { + "scanner_identifier": "S6487748H", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2005-4090", + "name": "S6487748H - CVE-2005-4090", + "description": "Unspecified vulnerability in HP-UX B.11.00 to B.11.23, when IPSEC is running, allows remote attackers to have unknown impact." + }, + { + "scanner_identifier": "S8726121B", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2010-1862", + "name": "S8726121B - CVE-2010-1862", + "description": "The chunk_split function in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allows context-dependent attackers to obtain sensitive information (memory contents) by causing a userspace interruption of an internal function, related to the call time pass by reference feature." + }, + { + "scanner_identifier": "S8414664A", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2018-6682", + "name": "S8414664A - CVE-2018-6682", + "description": "Cross Site Scripting Exposure in McAfee True Key (TK) 4.0.0.0 and earlier allows local users to expose confidential data via a crafted web site." + }, + { + "scanner_identifier": "S5837053C", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2013-2734", + "name": "S5837053C - CVE-2013-2734", + "description": "Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2718, CVE-2013-2719, CVE-2013-2720, CVE-2013-2721, CVE-2013-2722, CVE-2013-2723, CVE-2013-2725, CVE-2013-2726, CVE-2013-2731, CVE-2013-2732, CVE-2013-2735, CVE-2013-2736, CVE-2013-3337, CVE-2013-3338, CVE-2013-3339, CVE-2013-3340, and CVE-2013-3341." + }, + { + "scanner_identifier": "S8501298C", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2007-0301", + "name": "S8501298C - CVE-2007-0301", + "description": "PHP remote file inclusion vulnerability in _admin/admin_menu.php in FdWeB Espace Membre 2.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the path parameter." + }, + { + "scanner_identifier": "S8377376F", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2002-0807", + "name": "S8377376F - CVE-2002-0807", + "description": "Cross-site scripting vulnerabilities in Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, could allow remote attackers to execute script as other Bugzilla users via the full name (real name) field, which is not properly quoted by editusers.cgi." + }, + { + "scanner_identifier": "S7581697I", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2008-3562", + "name": "S7581697I - CVE-2008-3562", + "description": "Directory traversal vulnerability in index.php in the Contact module in Chupix CMS 0.1.0, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the mods parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." + }, + { + "scanner_identifier": "T0126237D", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2011-3359", + "name": "T0126237D - CVE-2011-3359", + "description": "The dma_rx function in drivers/net/wireless/b43/dma.c in the Linux kernel before 2.6.39 does not properly allocate receive buffers, which allows remote attackers to cause a denial of service (system crash) via a crafted frame." + }, + { + "scanner_identifier": "S7753577B", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2009-0846", + "name": "S7753577B - CVE-2009-0846", + "description": "The asn1_decode_generaltime function in lib/krb5/asn.1/asn1_decode.c in the ASN.1 GeneralizedTime decoder in MIT Kerberos 5 (aka krb5) before 1.6.4 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via vectors involving an invalid DER encoding that triggers a free of an uninitialized pointer." + }, + { + "scanner_identifier": "S6238466B", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2019-11511", + "name": "S6238466B - CVE-2019-11511", + "description": "Zoho ManageEngine ADSelfService Plus before build 5708 has XSS via the mobile app API." + }, + { + "scanner_identifier": "S8319599A", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2000-0551", + "name": "S8319599A - CVE-2000-0551", + "description": "The file transfer mechanism in Danware NetOp 6.0 does not provide authentication, which allows remote attackers to access and modify arbitrary files." + }, + { + "scanner_identifier": "S9663397A", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2019-12374", + "name": "S9663397A - CVE-2019-12374", + "description": "A SQL Injection vulnerability exists in Ivanti LANDESK Management Suite (LDMS, aka Endpoint Manager) 10.0.1.168 Service Update 5 due to improper username sanitization in the Basic Authentication implementation in core/provisioning.secure/ProvisioningSecure.asmx in Provisioning.Secure.dll." + }, + { + "scanner_identifier": "S9970364D", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2017-6261", + "name": "S9970364D - CVE-2017-6261", + "description": "NVIDIA Vibrante Linux version 1.1, 2.0, and 2.2 contains a vulnerability in the user space driver in which protection mechanisms are insufficient, may lead to denial of service or information disclosure." + }, + { + "scanner_identifier": "S7778730E", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2013-5529", + "name": "S7778730E - CVE-2013-5529", + "description": "The deployment module in the server in Cisco WebEx Meeting Center does not properly validate the passphrase, which allows remote attackers to launch a deployment or cause a denial of service (deployment interruption) via a direct request, aka Bug ID CSCuf52200." + }, + { + "scanner_identifier": "S8544001B", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2012-5969", + "name": "S8544001B - CVE-2012-5969", + "description": "Multiple directory traversal vulnerabilities on the Huawei E585 device allow remote attackers to (1) read arbitrary files via a .. (dot dot) in the PATH_INFO of an sdcard/ request or (2) modify arbitrary files via a .. (dot dot) in the req_page parameter to en/sms.cgi." + }, + { + "scanner_identifier": "S8746351F", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2007-0618", + "name": "S8746351F - CVE-2007-0618", + "description": "Unspecified vulnerability in (1) pop3d, (2) pop3ds, (3) imapd, and (4) imapds in IBM AIX 5.3.0 has unspecified impact and attack vectors, involving an \"authentication vulnerability.\"" + }, + { + "scanner_identifier": "S8229546A", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2019-10160", + "name": "S8229546A - CVE-2019-10160", + "description": "A security regression of CVE-2019-9636 was discovered in python since commit d537ab0ff9767ef024f26246899728f0116b1ec3 affecting versions 2.7, 3.5, 3.6, 3.7 and from v3.8.0a4 through v3.8.0b1, which still allows an attacker to exploit CVE-2019-9636 by abusing the user and password parts of a URL. When an application parses user-supplied URLs to store cookies, authentication credentials, or other kind of information, it is possible for an attacker to provide specially crafted URLs to make the application locate host-related information (e.g. cookies, authentication data) and send them to a different host than where it should, unlike if the URLs had been correctly parsed. The result of an attack may vary based on the application." + }, + { + "scanner_identifier": "T0017926J", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2012-3643", + "name": "T0017926J - CVE-2012-3643", + "description": "WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1." + }, + { + "scanner_identifier": "S9986449D", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2016-5116", + "name": "S9986449D - CVE-2016-5116", + "description": "gd_xbm.c in the GD Graphics Library (aka libgd) before 2.2.0, as used in certain custom PHP 5.5.x configurations, allows context-dependent attackers to obtain sensitive information from process memory or cause a denial of service (stack-based buffer under-read and application crash) via a long name." + }, + { + "scanner_identifier": "S9420340F", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2019-12794", + "name": "S9420340F - CVE-2019-12794", + "description": "An issue was discovered in MISP 2.4.108. Organization admins could reset credentials for site admins (organization admins have the inherent ability to reset passwords for all of their organization's users). This, however, could be abused in a situation where the host organization of an instance creates organization admins. An organization admin could set a password manually for the site admin or simply use the API key of the site admin to impersonate them. The potential for abuse only occurs when the host organization creates lower-privilege organization admins instead of the usual site admins. Also, only organization admins of the same organization as the site admin could abuse this." + }, + { + "scanner_identifier": "S6044577Z", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2012-5837", + "name": "S6044577Z - CVE-2012-5837", + "description": "The Web Developer Toolbar in Mozilla Firefox before 17.0 executes script with chrome privileges, which allows user-assisted remote attackers to conduct cross-site scripting (XSS) attacks via a crafted string." + }, + { + "scanner_identifier": "S6557448I", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2011-2786", + "name": "S6557448I - CVE-2011-2786", + "description": "Google Chrome before 13.0.782.107 does not ensure that the speech-input bubble is shown on the product's screen, which might make it easier for remote attackers to make audio recordings via a crafted web page containing an INPUT element." + }, + { + "scanner_identifier": "S9211465A", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2019-9637", + "name": "S9211465A - CVE-2019-9637", + "description": "An issue was discovered in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. Due to the way rename() across filesystems is implemented, it is possible that file being renamed is briefly available with wrong permissions while the rename is ongoing, thus enabling unauthorized users to access the data." + }, + { + "scanner_identifier": "S6306498Z", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2007-5999", + "name": "S6306498Z - CVE-2007-5999", + "description": "SQL injection vulnerability in product_desc.php in Softbiz Auctions Script allows remote attackers to execute arbitrary SQL commands via the id parameter." + }, + { + "scanner_identifier": "S7583371G", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2013-1320", + "name": "S7583371G - CVE-2013-1320", + "description": "Buffer overflow in Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file, aka \"Publisher Buffer Overflow Vulnerability.\"" + }, + { + "scanner_identifier": "S6594691B", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2012-1655", + "name": "S6594691B - CVE-2012-1655", + "description": "Unspecified vulnerability in the UC PayDutchGroup / WeDeal payment module 6.x-1.0 for Drupal allows remote authenticated users to obtain account credentials via unknown attack vectors." + }, + { + "scanner_identifier": "T0088839C", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2003-1529", + "name": "T0088839C - CVE-2003-1529", + "description": "Directory traversal vulnerability in Seagull Software Systems J Walk application server 3.2C9, and other versions before 3.3c4, allows remote attackers to read arbitrary files via a \".%252e\" (encoded dot dot) in the URL." + }, + { + "scanner_identifier": "S8733994G", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2003-0797", + "name": "S8733994G - CVE-2003-0797", + "description": "Unknown vulnerability in rpc.mountd in SGI IRIX 6.5 through 6.5.22 allows remote attackers to cause a denial of service (process death) via unknown attack vectors." + }, + { + "scanner_identifier": "S9846028D", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2018-13384", + "name": "S9846028D - CVE-2018-13384", + "description": "A Host Header Redirection vulnerability in Fortinet FortiOS all versions below 6.0.5 under SSL VPN web portal allows a remote attacker to potentially poison HTTP cache and subsequently redirect SSL VPN web portal users to arbitrary web domains." + }, + { + "scanner_identifier": "S9173641A", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2009-0551", + "name": "S9173641A - CVE-2009-0551", + "description": "Microsoft Internet Explorer 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and SP2, 7 on Windows Vista Gold and SP1, and 7 on Windows Server 2008 does not properly handle transition errors in a request for one HTTP document followed by a request for a second HTTP document, which allows remote attackers to execute arbitrary code via vectors involving (1) multiple crafted pages on a web site or (2) a web page with crafted inline content such as banner advertisements, aka \"Page Transition Memory Corruption Vulnerability.\"" + }, + { + "scanner_identifier": "S6190969I", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2005-2746", + "name": "S6190969I - CVE-2005-2746", + "description": "Mail.app in Mail for Apple Mac OS X 10.3.9 and 10.4.2 includes message contents when using auto-reply rules, which could cause Mail.app to include decrypted message contents for encrypted messages." + }, + { + "scanner_identifier": "S6440913A", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2004-0051", + "name": "S6440913A - CVE-2004-0051", + "description": "Multiple content security gateway and antivirus products allow remote attackers to bypass content restrictions via MIME messages that use non-standard but frequently supported Content-Transfer-Encoding values such as (1) uuencode, (2) mac-binhex40, and (3) yenc, which may be interpreted differently by mail clients." + }, + { + "scanner_identifier": "S9308108J", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2015-2237", + "name": "S9308108J - CVE-2015-2237", + "description": "Multiple SQL injection vulnerabilities in Betster (aka PHP Betoffice) 1.0.4 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) showprofile.php or (2) categoryedit.php or (3) username parameter in a login to index.php." + }, + { + "scanner_identifier": "S5550006A", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2008-3417", + "name": "S5550006A - CVE-2008-3417", + "description": "SQL injection vulnerability in home/index.asp in fipsCMS light 2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the r parameter, a different vector than CVE-2006-6115 and CVE-2007-2561." + }, + { + "scanner_identifier": "S6257846G", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2012-1639", + "name": "S6257846G - CVE-2012-1639", + "description": "Multiple cross-site scripting (XSS) vulnerabilities in product/commerce_product.module in the Drupal Commerce module for Drupal before 7.x-1.2 allow remote authenticated users to inject arbitrary web script or HTML via the (1) sku or (2) title parameters." + }, + { + "scanner_identifier": "S9989116E", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2018-8276", + "name": "S9989116E - CVE-2018-8276", + "description": "A security feature bypass vulnerability exists in the Microsoft Chakra scripting engine that allows Control Flow Guard (CFG) to be bypassed, aka \"Scripting Engine Security Feature Bypass Vulnerability.\" This affects Microsoft Edge, ChakraCore." + }, + { + "scanner_identifier": "S9856077G", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2012-1712", + "name": "S9856077G - CVE-2012-1712", + "description": "Directory traversal vulnerability in the Liferay component in Oracle Sun GlassFish Web Space Server before 10.0 Update 7 Patch 2 has unknown impact and attack vectors." + }, + { + "scanner_identifier": "S6139345E", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2008-1781", + "name": "S6139345E - CVE-2008-1781", + "description": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its requester. Further investigation showed that it was not a security issue. Notes: none." + }, + { + "scanner_identifier": "S5441654G", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2001-0842", + "name": "S5441654G - CVE-2001-0842", + "description": "Directory traversal vulnerability in Search.cgi in Leoboard LB5000 LB5000II 1029 and earlier allows remote attackers to overwrite files and gain privileges via .. (dot dot) sequences in the amembernamecookie cookie." + }, + { + "scanner_identifier": "S8255485H", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2013-3800", + "name": "S8255485H - CVE-2013-3800", + "description": "Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.51, 8.52, and 8.53 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Business Interlinks." + }, + { + "scanner_identifier": "S9323102C", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2019-9628", + "name": "S9323102C - CVE-2019-9628", + "description": "The XMLTooling library all versions prior to V3.0.4, provided with the OpenSAML and Shibboleth Service Provider software, contains an XML parsing class. Invalid data in the XML declaration causes an exception of a type that was not handled properly in the parser class and propagates an unexpected exception type." + }, + { + "scanner_identifier": "S8357950A", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2010-2175", + "name": "S8357950A - CVE-2010-2175", + "description": "Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2160, CVE-2010-2165, CVE-2010-2166, CVE-2010-2171, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2182, CVE-2010-2184, CVE-2010-2187, and CVE-2010-2188." + }, + { + "scanner_identifier": "S6027498C", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2009-2093", + "name": "S6027498C - CVE-2009-2093", + "description": "SQL injection vulnerability in the console in IBM WebSphere Partner Gateway (WPG) Enterprise 6.0 before FP8, 6.1 before FP3, 6.1.1 before FP2, and 6.2 before FP1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors." + }, + { + "scanner_identifier": "S6738176I", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2009-1318", + "name": "S6738176I - CVE-2009-1318", + "description": "Directory traversal vulnerability in index.php in Jamroom 3.1.2, 3.2.3 through 3.2.6, 4.0.2, and possibly other versions before 3.4.0 allows remote attackers to include arbitrary files via directory traversal sequences in the t parameter." + }, + { + "scanner_identifier": "S8787877E", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2007-1837", + "name": "S8787877E - CVE-2007-1837", + "description": "Multiple PHP remote file inclusion vulnerabilities in MangoBery CMS 0.5.5 allow remote attackers to execute arbitrary PHP code via a URL in the Site_Path parameter to (1) boxes/quotes.php or (2) templates/mangobery/footer.sample.php." + }, + { + "scanner_identifier": "S7498061I", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2014-2345", + "name": "S7498061I - CVE-2014-2345", + "description": "COPA-DATA zenon DNP3 NG driver (DNP3 master) 7.10 and 7.11 through 7.11 SP0 build 10238 and zenon DNP3 Process Gateway (DNP3 outstation) 7.11 SP0 build 10238 and earlier allow remote attackers to cause a denial of service (infinite loop and process crash) by sending a crafted DNP3 packet over TCP." + }, + { + "scanner_identifier": "S7881308C", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2010-3622", + "name": "S7881308C - CVE-2010-3622", + "description": "Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-2890, CVE-2010-3619, CVE-2010-3621, CVE-2010-3628, CVE-2010-3632, and CVE-2010-3658." + }, + { + "scanner_identifier": "S7197192I", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2017-5487", + "name": "S7197192I - CVE-2017-5487", + "description": "wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php in the REST API implementation in WordPress 4.7 before 4.7.1 does not properly restrict listings of post authors, which allows remote attackers to obtain sensitive information via a wp-json/wp/v2/users request." + }, + { + "scanner_identifier": "S5952368F", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2008-6204", + "name": "S5952368F - CVE-2008-6204", + "description": "Multiple SQL injection vulnerabilities in SuperNET Shop 1.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to secure/admin/guncelle.asp, (2) kulad and sifre parameters to secure/admin/giris.asp, and (3) username and password to secure/admin/default.asp." + }, + { + "scanner_identifier": "S7977953I", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2016-2728", + "name": "S7977953I - CVE-2016-2728", + "description": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + }, + { + "scanner_identifier": "S8315058J", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2014-0913", + "name": "S8315058J - CVE-2014-0913", + "description": "Cross-site scripting (XSS) vulnerability in IBM iNotes and Domino 8.5.3 FP6 before IF2 and 9.0.1 before FP1 allows remote attackers to inject arbitrary web script or HTML via an e-mail message, aka SPR BFEY9GXHZE." + }, + { + "scanner_identifier": "S8094649Z", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2004-1663", + "name": "S8094649Z - CVE-2004-1663", + "description": "Engenio/LSI Logic storage controllers, as used in products such as Storagetek D280, and IBM DS4100 (formerly FastT 100) and Brocade SilkWorm Switches, allow remote attackers to cause a denial of service (freeze and possible data corruption) via crafted TCP packets." + }, + { + "scanner_identifier": "S8498155I", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2009-2768", + "name": "S8498155I - CVE-2009-2768", + "description": "The load_flat_shared_library function in fs/binfmt_flat.c in the flat subsystem in the Linux kernel before 2.6.31-rc6 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by executing a shared flat binary, which triggers an access of an \"uninitialized cred pointer.\"" + }, + { + "scanner_identifier": "S9812464J", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2008-2070", + "name": "S9812464J - CVE-2008-2070", + "description": "The WHM interface 11.15.0 for cPanel 11.18 before 11.18.4 and 11.22 before 11.22.3 allows remote attackers to bypass XSS protection and inject arbitrary script or HTML via repeated, improperly-ordered \"<\" and \">\" characters in the (1) issue parameter to scripts2/knowlegebase, (2) user parameter to scripts2/changeip, (3) search parameter to scripts2/listaccts, and other unspecified vectors." + }, + { + "scanner_identifier": "S9951194Z", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2019-9977", + "name": "S9951194Z - CVE-2019-9977", + "description": "The renderer process in the entertainment system on Tesla Model 3 vehicles mishandles JIT compilation, which allows attackers to trigger firmware code execution, and display a crafted message to vehicle occupants." + }, + { + "scanner_identifier": "S7327955J", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2017-9434", + "name": "S7327955J - CVE-2017-9434", + "description": "Crypto++ (aka cryptopp) through 5.6.5 contains an out-of-bounds read vulnerability in zinflate.cpp in the Inflator filter." + }, + { + "scanner_identifier": "S6716329Z", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2007-4457", + "name": "S6716329Z - CVE-2007-4457", + "description": "Directory traversal vulnerability in forumreply.php in Dalai Forum 1.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the chemin parameter." + }, + { + "scanner_identifier": "S9071703J", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2005-2619", + "name": "S9071703J - CVE-2005-2619", + "description": "Directory traversal vulnerability in kvarcve.dll in Autonomy (formerly Verity) KeyView SDK before 9.2.0, as used in Lotus Notes 6.5.4 and 7.0, allows remote attackers to delete arbitrary files via a (1) ZIP, (2) UUE or (3) TAR archive that contains a .. (dot dot) in the filename, which is not properly handled when generating a preview." + }, + { + "scanner_identifier": "S8469012J", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2011-1756", + "name": "S8469012J - CVE-2011-1756", + "description": "modules/xmpp/serv_xmpp.c in Citadel 7.86 and earlier does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564." + }, + { + "scanner_identifier": "S7942108A", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2018-11800", + "name": "S7942108A - CVE-2018-11800", + "description": "SQL injection vulnerability in Apache Fineract before 1.3.0 allows attackers to execute arbitrary SQL commands via a query on the GroupSummaryCounts related table." + }, + { + "scanner_identifier": "S6498766F", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2009-4392", + "name": "S6498766F - CVE-2009-4392", + "description": "SQL injection vulnerability in the XDS Staff List (xds_staff) extension 0.0.3 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors." + }, + { + "scanner_identifier": "S9544168H", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2018-13458", + "name": "S9544168H - CVE-2018-13458", + "description": "qh_core in Nagios Core 4.4.1 and earlier is prone to a NULL pointer dereference vulnerability, which allows attackers to cause a local denial-of-service condition by sending a crafted payload to the listening UNIX socket." + }, + { + "scanner_identifier": "S5626109E", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2007-3009", + "name": "S5626109E - CVE-2007-3009", + "description": "Format string vulnerability in the MprLogToFile::logEvent function in Mbedthis AppWeb 2.0.5-4, when the build supports logging but the configuration disables logging, allows remote attackers to cause a denial of service (daemon crash) via format string specifiers in the HTTP scheme, as demonstrated by a \"GET %n://localhost:80/\" request." + }, + { + "scanner_identifier": "S7278409Z", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2019-8273", + "name": "S7278409Z - CVE-2019-8273", + "description": "UltraVNC revision 1211 has a heap buffer overflow vulnerability in VNC server code inside file transfer request handler, which can potentially result in code execution. This attack appears to be exploitable via network connectivity. This vulnerability has been fixed in revision 1212." + }, + { + "scanner_identifier": "S8600745B", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2004-0314", + "name": "S8600745B - CVE-2004-0314", + "description": "Cross-site scripting (XSS) vulnerability in done.jsp in WebzEdit 1.9 and earlier allows remote attackers to execute arbitrary script as other users via the message parameter." + }, + { + "scanner_identifier": "S9409549B", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2018-12599", + "name": "S9409549B - CVE-2018-12599", + "description": "In ImageMagick 7.0.8-3 Q16, ReadBMPImage and WriteBMPImage in coders/bmp.c allow attackers to cause an out of bounds write via a crafted file." + }, + { + "scanner_identifier": "S9198872J", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2006-4067", + "name": "S9198872J - CVE-2006-4067", + "description": "Cross-site scripting (XSS) vulnerability in cake/libs/error.php in CakePHP before 1.1.7.3363 allows remote attackers to inject arbitrary web script or HTML via the URL, which is reflected back in a 404 (\"Not Found\") error page. NOTE: some of these details are obtained from third party information." + }, + { + "scanner_identifier": "S7267570C", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2019-11517", + "name": "S7267570C - CVE-2019-11517", + "description": "WampServer before 3.1.9 has CSRF in add_vhost.php because the synchronizer pattern implemented as remediation of CVE-2018-8817 was incomplete. An attacker could add/delete any vhosts without the consent of the owner." + }, + { + "scanner_identifier": "S6751548Z", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2019-11190", + "name": "S6751548Z - CVE-2019-11190", + "description": "The Linux kernel before 4.8 allows local users to bypass ASLR on setuid programs (such as /bin/su) because install_exec_creds() is called too late in load_elf_binary() in fs/binfmt_elf.c, and thus the ptrace_may_access() check has a race condition when reading /proc/pid/stat." + }, + { + "scanner_identifier": "S8266874H", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2019-5374", + "name": "S8266874H - CVE-2019-5374", + "description": "A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09." + }, + { + "scanner_identifier": "S8311290E", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2005-0822", + "name": "S8311290E - CVE-2005-0822", + "description": "Citrix Metaframe Password Manager 2.5 and earlier stores a password in cleartext although it is obfuscated when presented to a user, which allows users to view their secondary passwords even if it is not allowed by policy." + }, + { + "scanner_identifier": "S5574162Z", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2008-1058", + "name": "S5574162Z - CVE-2008-1058", + "description": "The tcp_respond function in netinet/tcp_subr.c in OpenBSD 4.1 and 4.2 allows attackers to cause a denial of service (panic) via crafted TCP packets. NOTE: some of these details are obtained from third party information." + }, + { + "scanner_identifier": "S8891492I", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2016-3016", + "name": "S8891492I - CVE-2016-3016", + "description": "IBM Security Access Manager for Web processes patches, image backups and other updates without sufficiently verifying the origin and integrity of the code, which could allow an authenticated attacker to load malicious code." + }, + { + "scanner_identifier": "S6327546H", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2018-15356", + "name": "S6327546H - CVE-2018-15356", + "description": "An authenticated attacker can execute arbitrary code using command ejection in Eltex ESP-200 firmware version 1.2.0." + }, + { + "scanner_identifier": "S7692560G", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2019-5378", + "name": "S7692560G - CVE-2019-5378", + "description": "A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09." + }, + { + "scanner_identifier": "S5545829D", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2010-2814", + "name": "S5545829D - CVE-2010-2814", + "description": "Unspecified vulnerability in the Transport Layer Security (TLS) implementation on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 7.2 before 7.2(5), 8.0 before 8.0(5.15), 8.1 before 8.1(2.44), 8.2 before 8.2(2.17), and 8.3 before 8.3(1.6) and Cisco PIX Security Appliances 500 series devices allows remote attackers to cause a denial of service (device reload) via a sequence of crafted TLS packets, aka Bug ID CSCtf37506." + }, + { + "scanner_identifier": "S8971105C", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2019-3411", + "name": "S8971105C - CVE-2019-3411", + "description": "All versions up to BD_R218V2.4 of ZTE MF920 product are impacted by information leak vulnerability. Due to some interfaces can obtain the WebUI login password without login, an attacker can exploit the vulnerability to obtain sensitive information about the affected components." + }, + { + "scanner_identifier": "S8215394B", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2004-1450", + "name": "S8215394B - CVE-2004-1450", + "description": "Unknown vulnerability in LiveConnect in Mozilla 1.7 beta allows remote attackers to read arbitrary files in known locations." + }, + { + "scanner_identifier": "S6256130J", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2017-2321", + "name": "S6256130J - CVE-2017-2321", + "description": "A vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an unauthenticated, unprivileged, network-based attacker to cause various system services partial to full denials of services, modification of system states and files, and potential disclosure of sensitive information which may assist the attacker in further attacks on the system through the use of multiple attack vectors, including man-in-the-middle attacks, file injections, and malicious execution of commands causing out of bound memory conditions leading to other attacks." + }, + { + "scanner_identifier": "S5789902F", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2015-0130", + "name": "S5789902F - CVE-2015-0130", + "description": "Cross-site scripting (XSS) vulnerability in Jazz Team Server in Jazz Foundation in IBM Rational Collaborative Lifecycle Management (CLM) 4.x before 4.0.7 IF6 and 5.x before 5.0.2 IF5; Rational Quality Manager (RQM) 4.x before 4.0.7 IF6 and 5.x before 5.0.2 IF5; Rational Team Concert (RTC) 4.x before 4.0.7 IF6 and 5.x before 5.0.2 IF5; Rational Requirements Composer (RRC) 4.x through 4.0.7; and Rational DOORS Next Generation (RDNG) 4.x before 4.0.7 IF6 and 5.x before 5.0.2 IF5 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL." + }, + { + "scanner_identifier": "S5748122F", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2010-1131", + "name": "S5748122F - CVE-2010-1131", + "description": "JavaScriptCore.dll, as used in Apple Safari 4.0.5 on Windows XP SP3, allows remote attackers to cause a denial of service (application crash) via an HTML document composed of many successive occurrences of the substring." + }, + { + "scanner_identifier": "S8762506J", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2018-10879", + "name": "S8762506J - CVE-2018-10879", + "description": "A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause a use-after-free in ext4_xattr_set_entry function and a denial of service or unspecified other impact may occur by renaming a file in a crafted ext4 filesystem image." + }, + { + "scanner_identifier": "S7684520D", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2002-0344", + "name": "S7684520D - CVE-2002-0344", + "description": "Symantec LiveUpdate 1.5 and earlier in Norton Antivirus stores usernames and passwords for a local LiveUpdate server in cleartext in the registry, which may allow remote attackers to impersonate the LiveUpdate server." + }, + { + "scanner_identifier": "S9785570F", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2004-1651", + "name": "S9785570F - CVE-2004-1651", + "description": "Multiple cross-site scripting (XSS) vulnerabilities in the registration page in phpScheduleIt 1.0.0 RC1 allow remote attackers to inject arbitrary web script or HTML via the (1) Name or (2) Lastname fields during new user registration, or (3) the Schedule Name field." + }, + { + "scanner_identifier": "S8132256B", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2005-1956", + "name": "S8132256B - CVE-2005-1956", + "description": "File Upload Manager allows remote attackers to upload arbitrary files by modifying the test variable to contain a value of '~~~~~~' (six tildes), which bypasses the file extension checks." + }, + { + "scanner_identifier": "S5736568D", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2006-4567", + "name": "S5736568D - CVE-2006-4567", + "description": "Mozilla Firefox before 1.5.0.7 and Thunderbird before 1.5.0.7 makes it easy for users to accept self-signed certificates for the auto-update mechanism, which might allow remote user-assisted attackers to use DNS spoofing to trick users into visiting a malicious site and accepting a malicious certificate for the Mozilla update site, which can then be used to install arbitrary code on the next update." + }, + { + "scanner_identifier": "S7260590Z", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2006-5661", + "name": "S7260590Z - CVE-2006-5661", + "description": "Cross-site scripting (XSS) vulnerability in nquser.php in VIRtech Netquery allows remote attackers to inject arbitrary web script or HTML via the User-Agent HTTP header." + }, + { + "scanner_identifier": "S5474180D", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2008-6817", + "name": "S5474180D - CVE-2008-6817", + "description": "Mole Group Lastminute Script 4.0 and earlier stores passwords in cleartext, which allows context-dependent attackers to obtain sensitive information. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." + }, + { + "scanner_identifier": "S6101886G", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2019-11511", + "name": "S6101886G - CVE-2019-11511", + "description": "Zoho ManageEngine ADSelfService Plus before build 5708 has XSS via the mobile app API." + }, + { + "scanner_identifier": "S6827256D", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2019-10637", + "name": "S6827256D - CVE-2019-10637", + "description": "Marvell SSD Controller (88SS1074, 88SS1079, 88SS1080, 88SS1093, 88SS1092, 88SS1095, 88SS9174, 88SS9175, 88SS9187, 88SS9188, 88SS9189, 88SS9190, 88SS1085, 88SS1087, 88SS1090, 88SS1100, 88SS1084, 88SS1088, & 88SS1098) devices are vulnerable in manipulating a combination of IO pins to bypass the secure boot protection mechanism." + }, + { + "scanner_identifier": "S6327296E", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2014-9261", + "name": "S6327296E - CVE-2014-9261", + "description": "The sanitize function in Codoforum 2.5.1 does not properly implement filtering for directory traversal sequences, which allows remote attackers to read arbitrary files via a .. (dot dot) in the path parameter to index.php." + }, + { + "scanner_identifier": "T0135053B", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2010-2029", + "name": "T0135053B - CVE-2010-2029", + "description": "Cybozu Office 7 Ktai and Dotsales do not properly restrict access to the login page, which allows remote attackers to bypass authentication and obtain or modify sensitive information by using the unique ID of the user's cell phone." + }, + { + "scanner_identifier": "S8563133J", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2007-6344", + "name": "S8563133J - CVE-2007-6344", + "description": "Directory traversal vulnerability in modules/cms/index.php in Mcms Easy Web Make 1.3, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the template parameter." + }, + { + "scanner_identifier": "S5894017H", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2005-2617", + "name": "S5894017H - CVE-2005-2617", + "description": "The syscall32_setup_pages function in syscall32.c for Linux kernel 2.6.12 and later, on the 64-bit x86 platform, does not check the return value of the insert_vm_struct function, which allows local users to trigger a memory leak via a 32-bit application with crafted ELF headers." + }, + { + "scanner_identifier": "S7808596G", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2019-12728", + "name": "S7808596G - CVE-2019-12728", + "description": "Grails before 3.3.10 used cleartext HTTP to resolve the SDKMan notification service. NOTE: users' apps were not resolving dependencies over cleartext HTTP." + }, + { + "scanner_identifier": "S8093765B", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2002-1519", + "name": "S8093765B - CVE-2002-1519", + "description": "Format string vulnerability in the CLI interface for WatchGuard Firebox Vclass 3.2 and earlier, and RSSA Appliance 3.0.2, allows remote attackers to cause a denial of service and possibly execute arbitrary code via format string specifiers in the password parameter." + }, + { + "scanner_identifier": "S8728482D", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2012-1640", + "name": "S8728482D - CVE-2012-1640", + "description": "Multiple cross-site scripting (XSS) vulnerabilities in the Managesite module 6.x-1.x before 6.1-1.1 for Drupal allow remote authenticated users with \"administer managesite\" permissions to inject arbitrary web script or HTML via the title parameter when (1) adding or (2) updating a category." + }, + { + "scanner_identifier": "S6577631F", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2018-5652", + "name": "S6577631F - CVE-2018-5652", + "description": "An issue was discovered in the dark-mode plugin 1.6 for WordPress. XSS exists via the wp-admin/profile.php dark_mode_end parameter." + }, + { + "scanner_identifier": "T0051288A", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2014-7153", + "name": "T0051288A - CVE-2014-7153", + "description": "SQL injection vulnerability in the editgallery function in admin/gallery_func.php in the Huge-IT Image Gallery plugin 1.0.1 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the removeslide parameter to wp-admin/admin.php." + }, + { + "scanner_identifier": "S6885439C", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2016-5743", + "name": "S6885439C - CVE-2016-5743", + "description": "Siemens SIMATIC WinCC before 7.3 Update 10 and 7.4 before Update 1, SIMATIC BATCH before 8.1 SP1 Update 9 as distributed in SIMATIC PCS 7 through 8.1 SP1, SIMATIC OpenPCS 7 before 8.1 Update 3 as distributed in SIMATIC PCS 7 through 8.1 SP1, SIMATIC OpenPCS 7 before 8.2 Update 1 as distributed in SIMATIC PCS 7 8.2, and SIMATIC WinCC Runtime Professional before 13 SP1 Update 9 allow remote attackers to execute arbitrary code via crafted packets." + }, + { + "scanner_identifier": "S9071795B", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2019-3846", + "name": "S9071795B - CVE-2019-3846", + "description": "A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network." + }, + { + "scanner_identifier": "S7037886H", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2006-3499", + "name": "S7037886H - CVE-2006-3499", + "description": "The dynamic linker (dyld) in Apple Mac OS X 10.3.9 allows local users to obtain sensitive information via unspecified dynamic linker options that affect the use of standard error (stderr) by privileged applications." + }, + { + "scanner_identifier": "S6198543C", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2016-10619", + "name": "S6198543C - CVE-2016-10619", + "description": "pennyworth is a natural language templating engine. pennyworth downloads data resources over HTTP, which leaves it vulnerable to MITM attacks." + }, + { + "scanner_identifier": "S7239438J", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2010-3327", + "name": "S7239438J - CVE-2010-3327", + "description": "The implementation of HTML content creation in Microsoft Internet Explorer 6 through 8 does not remove the Anchor element during pasting and editing, which might allow remote attackers to obtain sensitive deleted information by visiting a web page, aka \"Anchor Element Information Disclosure Vulnerability.\"" + }, + { + "scanner_identifier": "S8328834E", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2015-5192", + "name": "S8328834E - CVE-2015-5192", + "description": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2015-5195. Reason: This candidate is a reservation duplicate of CVE-2015-5195. Notes: All CVE users should reference CVE-2015-5195 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + }, + { + "scanner_identifier": "S5767482B", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2007-2609", + "name": "S5767482B - CVE-2007-2609", + "description": "Multiple PHP remote file inclusion vulnerabilities in gnuedu 1.3b2 allow remote attackers to execute arbitrary PHP code via a URL in the (a) ETCDIR parameter to (1) libs/lom.php; (2) lom_update.php, (3) check-lom.php, and (4) weigh_keywords.php in scripts/; the (b) LIBSDIR parameter to (5) logout.php, (6) help.php, (7) index.php, (8) login.php; and the ETCDIR parameter to (9) web/lom.php." + }, + { + "scanner_identifier": "S8587018A", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2011-1522", + "name": "S8587018A - CVE-2011-1522", + "description": "Multiple SQL injection vulnerabilities in the Doctrine\\DBAL\\Platforms\\AbstractPlatform::modifyLimitQuery function in Doctrine 1.x before 1.2.4 and 2.x before 2.0.3 allow remote attackers to execute arbitrary SQL commands via the (1) limit or (2) offset field." + }, + { + "scanner_identifier": "S7654112D", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2007-2810", + "name": "S7654112D - CVE-2007-2810", + "description": "SQL injection vulnerability in down_indir.asp in Gazi Download Portal allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." + }, + { + "scanner_identifier": "S7067556J", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2011-1887", + "name": "S7067556J - CVE-2011-1887", + "description": "win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other CVEs listed in MS11-054, aka \"Win32k Null Pointer De-reference Vulnerability.\"" + }, + { + "scanner_identifier": "S5845701I", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2019-0616", + "name": "S5845701I - CVE-2019-0616", + "description": "An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0602, CVE-2019-0615, CVE-2019-0619, CVE-2019-0660, CVE-2019-0664." + }, + { + "scanner_identifier": "S7595474C", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2004-0734", + "name": "S7595474C - CVE-2004-0734", + "description": "Web_Store.cgi allows remote attackers to execute arbitrary commands via shell metacharacters in the page parameter." + }, + { + "scanner_identifier": "S5722664A", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2019-2657", + "name": "S5722664A - CVE-2019-2657", + "description": "Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.2.28 and prior to 6.0.6. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)." + }, + { + "scanner_identifier": "S6723929F", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2007-2120", + "name": "S6723929F - CVE-2007-2120", + "description": "The Oracle Discoverer servlet in Oracle Application Server 9.0.4.3, 10.1.2.0.2, and 10.1.2.2.0 allows remote attackers to shut down an Oracle TNS Listener via a TNS STOP command in a request that uses the database/TNS alias, aka AS01." + }, + { + "scanner_identifier": "S6555862I", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2017-0283", + "name": "S6555862I - CVE-2017-0283", + "description": "Uniscribe in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, Windows Server 2016, Microsoft Office 2007 SP3, Microsoft Office 2010 SP2, Microsoft Office Word Viewer, Microsoft Lync 2013 SP1, Skype for Business 2016, Microsoft Silverlight 5 Developer Runtime when installed on Microsoft Windows, and Microsoft Silverlight 5 when installed on Microsoft Windows allows a remote code execution vulnerability due to the way it handles objects in memory, aka \"Windows Uniscribe Remote Code Execution Vulnerability\". This CVE ID is unique from CVE-2017-8528." + }, + { + "scanner_identifier": "S5756711B", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2008-1490", + "name": "S5756711B - CVE-2008-1490", + "description": "Buffer overflow in a certain Aurigma ActiveX control in ImageUploader4.ocx 4.1.36.0, as used with Piczo (aka Pizco) and possibly other online services, allows remote attackers to execute arbitrary code via unspecified vectors, possibly involving a long Action property, a different CLSID than CVE-2008-0659." + }, + { + "scanner_identifier": "S8439682F", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2003-0652", + "name": "S8439682F - CVE-2003-0652", + "description": "Buffer overflow in xtokkaetama allows local users to gain privileges via a long -nickname command line argument, a different vulnerability than CVE-2003-0611." + }, + { + "scanner_identifier": "S9360322B", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2005-1949", + "name": "S9360322B - CVE-2005-1949", + "description": "The eping_validaddr function in functions.php for the ePing plugin for e107 portal allows remote attackers to execute arbitrary commands via shell metacharacters after a valid argument to the eping_host parameter." + }, + { + "scanner_identifier": "S7411915H", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2005-3354", + "name": "S7411915H - CVE-2005-3354", + "description": "Stack-based buffer overflow in the ldif_get_line function in ldif.c of Sylpheed before 2.1.6 allows user-assisted attackers to execute arbitrary code by having local users import LDIF files with long lines." + }, + { + "scanner_identifier": "S6797514F", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2019-7181", + "name": "S6797514F - CVE-2019-7181", + "description": "Buffer Overflow vulnerability in myQNAPcloud Connect 1.3.3.0925 and earlier could allow remote attackers to crash the program." + }, + { + "scanner_identifier": "S5953470Z", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2016-5172", + "name": "S5953470Z - CVE-2016-5172", + "description": "The parser in Google V8, as used in Google Chrome before 53.0.2785.113, mishandles scopes, which allows remote attackers to obtain sensitive information from arbitrary memory locations via crafted JavaScript code." + }, + { + "scanner_identifier": "S8333424Z", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2013-6799", + "name": "S8333424Z - CVE-2013-6799", + "description": "Apple Mac OS X 10.9 allows local users to cause a denial of service (memory corruption or panic) by creating a hard link to a directory. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-0105." + }, + { + "scanner_identifier": "S8227000J", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2010-4527", + "name": "S8227000J - CVE-2010-4527", + "description": "The load_mixer_volumes function in sound/oss/soundcard.c in the OSS sound subsystem in the Linux kernel before 2.6.37 incorrectly expects that a certain name field ends with a '\\0' character, which allows local users to conduct buffer overflow attacks and gain privileges, or possibly obtain sensitive information from kernel memory, via a SOUND_MIXER_SETLEVELS ioctl call." + }, + { + "scanner_identifier": "S6216075F", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2007-0726", + "name": "S6216075F - CVE-2007-0726", + "description": "The SSH key generation process in OpenSSH in Apple Mac OS X 10.3.9 and 10.4 through 10.4.8 allows remote attackers to cause a denial of service by connecting to the server before SSH has finished creating keys, which causes the keys to be regenerated and can break trust relationships that were based on the original keys." + }, + { + "scanner_identifier": "S9591776C", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2015-6211", + "name": "S9591776C - CVE-2015-6211", + "description": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none." + }, + { + "scanner_identifier": "S9795682J", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2019-0585", + "name": "S9795682J - CVE-2019-0585", + "description": "A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka \"Microsoft Word Remote Code Execution Vulnerability.\" This affects Word, Microsoft Office, Microsoft Office Word Viewer, Office 365 ProPlus, Microsoft SharePoint, Microsoft Office Online Server, Microsoft Word, Microsoft SharePoint Server." + }, + { + "scanner_identifier": "S5556099D", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2007-0539", + "name": "S5556099D - CVE-2007-0539", + "description": "The wp_remote_fopen function in WordPress before 2.1 allows remote attackers to cause a denial of service (bandwidth or thread consumption) via pingback service calls with a source URI that corresponds to a large file, which triggers a long download session without a timeout constraint." + }, + { + "scanner_identifier": "S6536252Z", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2013-5120", + "name": "S6536252Z - CVE-2013-5120", + "description": "SQL injection vulnerability in PHPFox before 3.6.0 (build4) allows remote attackers to execute arbitrary SQL commands via the search[gender] parameter to user/browse/view_/." + }, + { + "scanner_identifier": "S8351341A", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2014-2115", + "name": "S8351341A - CVE-2014-2115", + "description": "Multiple cross-site request forgery (CSRF) vulnerabilities in CERUserServlet pages in Cisco Emergency Responder (ER) 8.6 and earlier allow remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCun24250." + }, + { + "scanner_identifier": "T0085496J", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2007-5272", + "name": "T0085496J - CVE-2007-5272", + "description": "SQL injection vulnerability in kategori.asp in Furkan Tastan Blog allows remote attackers to execute arbitrary SQL commands via the id parameter in a goster kat action." + }, + { + "scanner_identifier": "S5997206E", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2018-5406", + "name": "S5997206E - CVE-2018-5406", + "description": "The Quest Kace K1000 Appliance, versions prior to 9.0.270, allows a remote attacker to exploit the misconfigured Cross-Origin Resource Sharing (CORS) mechanism. An unauthenticated, remote attacker could exploit this vulnerability to perform sensitive actions such as adding a new administrator account or changing the appliance?s settings. A malicious internal user could also gain administrator privileges of this appliance and use it to visit a malicious link that exploits this vulnerability. This could cause the application to perform sensitive actions such as adding a new administrator account or changing the appliance?s settings. An unauthenticated, remote attacker could add an administrator-level account or change the appliance's settings." + }, + { + "scanner_identifier": "S9625586A", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2013-3111", + "name": "S9625586A - CVE-2013-3111", + "description": "Microsoft Internet Explorer 8 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2013-3123." + }, + { + "scanner_identifier": "S8626414E", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2014-8158", + "name": "S8626414E - CVE-2014-8158", + "description": "Multiple stack-based buffer overflows in jpc_qmfb.c in JasPer 1.900.1 and earlier allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted JPEG 2000 image." + }, + { + "scanner_identifier": "S6566451H", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2010-3649", + "name": "S6566451H - CVE-2010-3649", + "description": "Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, a different vulnerability than CVE-2010-3640, CVE-2010-3641, CVE-2010-3642, CVE-2010-3643, CVE-2010-3644, CVE-2010-3645, CVE-2010-3646, CVE-2010-3647, CVE-2010-3648, CVE-2010-3650, and CVE-2010-3652." + }, + { + "scanner_identifier": "S8586637J", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2005-0222", + "name": "S8586637J - CVE-2005-0222", + "description": "main.php in Gallery 2.0 Alpha allows remote attackers to gain sensitive information by changing the value of g2_subView parameter, which reveals the path in an error message." + }, + { + "scanner_identifier": "S9496476H", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2018-9313", + "name": "S9496476H - CVE-2018-9313", + "description": "The Head Unit HU_NBT (aka Infotainment) component on BMW i Series, BMW X Series, BMW 3 Series, BMW 5 Series, and BMW 7 Series vehicles produced in 2012 through 2018 allows a remote attack via Bluetooth when in pairing mode, leading to a Head Unit reboot." + }, + { + "scanner_identifier": "S9071288H", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2019-12764", + "name": "S9071288H - CVE-2019-12764", + "description": "An issue was discovered in Joomla! before 3.9.7. The update server URL of com_joomlaupdate can be manipulated by non Super-Admin users." + }, + { + "scanner_identifier": "S5690917F", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2019-3869", + "name": "S5690917F - CVE-2019-3869", + "description": "When running Tower before 3.4.3 on OpenShift or Kubernetes, application credentials are exposed to playbook job runs via environment variables. A malicious user with the ability to write playbooks could use this to gain administrative privileges." + }, + { + "scanner_identifier": "S7410554H", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2015-6529", + "name": "S7410554H - CVE-2015-6529", + "description": "Multiple cross-site scripting (XSS) vulnerabilities in phpipam 1.1.010 allow remote attackers to inject arbitrary web script or HTML via the (1) section parameter to site/error.php or (2) ip parameter to site/tools/searchResults.php." + }, + { + "scanner_identifier": "S9989762G", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2018-4855", + "name": "S9989762G - CVE-2018-4855", + "description": "A vulnerability has been identified in SICLOCK TC100 (All versions) and SICLOCK TC400 (All versions). Unencrypted storage of passwords in the client configuration files and during network transmission could allow an attacker in a privileged position to obtain access passwords." + }, + { + "scanner_identifier": "S9642467A", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2009-1549", + "name": "S9642467A - CVE-2009-1549", + "description": "AGTC MyShop 3.2b allows remote attackers to bypass authentication and obtain administrative access setting the log_accept cookie to \"correcto.\"" + }, + { + "scanner_identifier": "S9785150F", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2006-0980", + "name": "S9785150F - CVE-2006-0980", + "description": "Multiple cross-site scripting (XSS) vulnerabilities in Jay Eckles CGI Calendar 2.7 allow remote attackers to inject arbitrary web script or HTML via the year parameter in (1) index.cgi and (2) viewday.cgi." + }, + { + "scanner_identifier": "S7926973E", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2010-1758", + "name": "S7926973E - CVE-2010-1758", + "description": "Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving DOM Range objects." + }, + { + "scanner_identifier": "S9472665D", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2018-19802", + "name": "S9472665D - CVE-2018-19802", + "description": "aubio v0.4.0 to v0.4.8 has a Buffer Overflow (issue 2 of 3)." + }, + { + "scanner_identifier": "T0023652C", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2016-0185", + "name": "T0023652C - CVE-2016-0185", + "description": "Media Center in Microsoft Windows Vista SP2, Windows 7 SP1, and Windows 8.1 allows remote attackers to execute arbitrary code via a crafted Media Center link (aka .mcl) file, aka \"Windows Media Center Remote Code Execution Vulnerability.\"" + }, + { + "scanner_identifier": "S8213634G", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2011-2472", + "name": "S8213634G - CVE-2011-2472", + "description": "Directory traversal vulnerability in utils/opcontrol in OProfile 0.9.6 and earlier might allow local users to overwrite arbitrary files via a .. (dot dot) in the --save argument, related to the --session-dir argument, a different vulnerability than CVE-2011-1760." + }, + { + "scanner_identifier": "S9537377A", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2019-1999", + "name": "S9537377A - CVE-2019-1999", + "description": "In binder_alloc_free_page of binder_alloc.c, there is a possible double free due to improper locking. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-120025196." + }, + { + "scanner_identifier": "S6278311G", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2005-4130", + "name": "S6278311G - CVE-2005-4130", + "description": "** UNVERIFIABLE, PRERELEASE ** NOTE: this issue describes a problem that can not be independently verified as of 20051208. Unspecified vulnerability in unspecified versions of Real Networks RealPlayer allows remote attackers to execute arbitrary code. NOTE: it is not known whether this issue should be MERGED with CVE-2005-4126. The information regarding this issue is extremely vague and does not provide any verifiable information. It has been posted by a reliable reporter with a prerelease disclosure policy. This item has only been assigned a CVE identifier for tracking purposes, and to serve as a concrete example for discussion of the newly emerging UNVERIFIABLE and PRERELEASE content decisions in CVE, which must be discussed by the Editorial Board. Without additional details or independent verification by reliable sources, it is possible that this item might be RECAST or REJECTED." + }, + { + "scanner_identifier": "S9338937I", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2019-10649", + "name": "S9338937I - CVE-2019-10649", + "description": "In ImageMagick 7.0.8-36 Q16, there is a memory leak in the function SVGKeyValuePairs of coders/svg.c, which allows an attacker to cause a denial of service via a crafted image file." + }, + { + "scanner_identifier": "S9329286C", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2016-1588", + "name": "S9329286C - CVE-2016-1588", + "description": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + }, + { + "scanner_identifier": "S5878060Z", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2018-8990", + "name": "S5878060Z - CVE-2018-8990", + "description": "In Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0xf1002010." + }, + { + "scanner_identifier": "S8608146F", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2003-1166", + "name": "S8608146F - CVE-2003-1166", + "description": "Directory traversal vulnerability in (1) Openfile.aspx and (2) Html.aspx in HTTP Commander 4.0 allows remote attackers to view arbitrary files via a .. (dot dot) in the file parameter." + }, + { + "scanner_identifier": "S8494895J", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2008-5933", + "name": "S8494895J - CVE-2008-5933", + "description": "Multiple cross-site scripting (XSS) vulnerabilities in index.php in CMS ISWEB 3.0 allow remote attackers to inject arbitrary web script or HTML via (1) the strcerca parameter (aka the input field for the cerca action) or (2) the id_oggetto parameter. NOTE: some of these details are obtained from third party information." + }, + { + "scanner_identifier": "S6135160D", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-1999-0583", + "name": "S6135160D - CVE-1999-0583", + "description": "There is a one-way or two-way trust relationship between Windows NT domains." + }, + { + "scanner_identifier": "S7774872E", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2004-0369", + "name": "S7774872E - CVE-2004-0369", + "description": "Buffer overflow in Entrust LibKmp ISAKMP library, as used by Symantec Enterprise Firewall 7.0 through 8.0, Gateway Security 5300 1.0, Gateway Security 5400 2.0, and VelociRaptor 1.5, allows remote attackers to execute arbitrary code via a crafted ISAKMP payload." + }, + { + "scanner_identifier": "S6908487G", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2018-1797", + "name": "S6908487G - CVE-2018-1797", + "description": "IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 using Enterprise bundle Archives (EBA) could allow a local attacker to traverse directories on the system. By persuading a victim to extract a specially-crafted ZIP archive containing \"dot dot slash\" sequences (../), an attacker could exploit this vulnerability to write to arbitrary files on the system. Note: This vulnerability is known as \"Zip-Slip\". IBM X-Force ID: 149427." + }, + { + "scanner_identifier": "S8769164J", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2016-1306", + "name": "S8769164J - CVE-2016-1306", + "description": "Multiple cross-site scripting (XSS) vulnerabilities in Cisco Fog Director 1.0(0) allow remote attackers to inject arbitrary web script or HTML via a crafted parameter, aka Bug ID CSCux80466." + }, + { + "scanner_identifier": "S8414345F", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2007-2209", + "name": "S8414345F - CVE-2007-2209", + "description": "Buffer overflow in igcore15d.dll 15.1.2.0 and 15.2.0.0 for AccuSoft ImageGear, as used in Corel Paint Shop Pro Photo 11.20 and possibly other products, allows user-assisted remote attackers to execute arbitrary code via a crafted .CLP file. NOTE: some details were obtained from third party sources." + }, + { + "scanner_identifier": "T0099475D", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2018-12843", + "name": "T0099475D - CVE-2018-12843", + "description": "Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure." + }, + { + "scanner_identifier": "S8772016J", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2011-0988", + "name": "S8772016J - CVE-2011-0988", + "description": "pure-ftpd 1.0.22, as used in SUSE Linux Enterprise Server 10 SP3 and SP4, and Enterprise Desktop 10 SP3 and SP4, when running OES Netware extensions, creates a world-writeable directory, which allows local users to overwrite arbitrary files and gain privileges via unspecified vectors." + }, + { + "scanner_identifier": "S5823181I", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2017-14801", + "name": "S5823181I - CVE-2017-14801", + "description": "Reflected XSS in the NetIQ Access Manager before 4.3.3 allowed attackers to reflect back xss into the called page using the url parameter." + }, + { + "scanner_identifier": "S9405829E", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2017-15571", + "name": "S9405829E - CVE-2017-15571", + "description": "In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, XSS exists in app/views/issues/_list.html.erb via crafted column data." + }, + { + "scanner_identifier": "S7970687F", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2009-3093", + "name": "S7970687F - CVE-2009-3093", + "description": "Unspecified vulnerability on the ASUS WL-500W wireless router has unknown impact and remote attack vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.11. NOTE: as of 20090903, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes." + }, + { + "scanner_identifier": "S7261430E", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2009-5016", + "name": "S7261430E - CVE-2009-5016", + "description": "Integer overflow in the xml_utf8_decode function in ext/xml/xml.c in PHP before 5.2.11 makes it easier for remote attackers to bypass cross-site scripting (XSS) and SQL injection protection mechanisms via a crafted string that uses overlong UTF-8 encoding, a different vulnerability than CVE-2010-3870." + }, + { + "scanner_identifier": "S9453361I", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2018-18773", + "name": "S9453361I - CVE-2018-18773", + "description": "CentOS-WebPanel.com (aka CWP) CentOS Web Panel through 0.9.8.740 allows CSRF via admin/index.php?module=rootpwd, as demonstrated by changing the root password." + }, + { + "scanner_identifier": "S7740651D", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2007-3417", + "name": "S7740651D - CVE-2007-3417", + "description": "Multiple cross-site scripting (XSS) vulnerabilities in cgi-bin/cgi-lib/search.pl in web-app.org WebAPP before 0.9.9.7 allow remote attackers to inject arbitrary web script or HTML via a search string, which is not sanitized when an HREF attribute is printed by the (1) process_search or (2) show_recent_searches function." + }, + { + "scanner_identifier": "S9845316D", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2007-3341", + "name": "S9845316D - CVE-2007-3341", + "description": "Unspecified vulnerability in the FTP implementation in Microsoft Internet Explorer allows remote attackers to \"see a valid memory address\" via unspecified vectors, a different issue than CVE-2007-0217." + }, + { + "scanner_identifier": "S6571800F", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2007-2212", + "name": "S6571800F - CVE-2007-2212", + "description": "Multiple SQL injection vulnerabilities in calendar.php in MyBB (aka MyBulletinBoard) 1.2.5 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) year or (2) month parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." + }, + { + "scanner_identifier": "S6055463C", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2010-1463", + "name": "S6055463C - CVE-2010-1463", + "description": "Multiple SQL injection vulnerabilities in WebAsyst Shop-Script FREE allow attackers to execute arbitrary SQL commands via the (1) add2cart, (2) c_id, (3) categoryID, (4) list_price, (5) name, (6) new_offer, (7) price, (8) product_code, (9) productID, (10) rating, and (11) save_product parameters." + }, + { + "scanner_identifier": "S5602094B", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2005-0801", + "name": "S5602094B - CVE-2005-0801", + "description": "Directory traversal vulnerability in includer.cgi in The Includer allows remote attackers to read arbitrary files via (1) a .. (dot dot) or (2) a full pathname in the URL." + }, + { + "scanner_identifier": "S8787811B", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2019-10014", + "name": "S8787811B - CVE-2019-10014", + "description": "In DedeCMS 5.7SP2, member/resetpassword.php allows remote authenticated users to reset the passwords of arbitrary users via a modified id parameter, because the key parameter is not properly validated." + }, + { + "scanner_identifier": "S5551992G", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2015-0236", + "name": "S5551992G - CVE-2015-0236", + "description": "libvirt before 1.2.12 allow remote authenticated users to obtain the VNC password by using the VIR_DOMAIN_XML_SECURE flag with a crafted (1) snapshot to the virDomainSnapshotGetXMLDesc interface or (2) image to the virDomainSaveImageGetXMLDesc interface." + }, + { + "scanner_identifier": "S8685428G", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2014-6852", + "name": "S8685428G - CVE-2014-6852", + "description": "The LedLine.gr Official (aka com.automon.ledline.gr) application 1.4.0.9 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + }, + { + "scanner_identifier": "S6011808F", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2012-0897", + "name": "S6011808F - CVE-2012-0897", + "description": "Stack-based buffer overflow in the JPEG2000 plugin in IrfanView PlugIns before 4.33 allows remote attackers to execute arbitrary code via a JPEG2000 (JP2) file with a crafted Quantization Default (QCD) marker segment." + }, + { + "scanner_identifier": "S8306769A", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2015-7430", + "name": "S8306769A - CVE-2015-7430", + "description": "The Hadoop connector 1.1.1, 2.4, 2.5, and 2.7.0-0 before 2.7.0-3 for IBM Spectrum Scale and General Parallel File System (GPFS) allows local users to read or write to arbitrary GPFS data via unspecified vectors." + }, + { + "scanner_identifier": "S5734136Z", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2011-4410", + "name": "S5734136Z - CVE-2011-4410", + "description": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none." + }, + { + "scanner_identifier": "S6806780D", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2011-4314", + "name": "S6806780D - CVE-2011-4314", + "description": "message/ax/AxMessage.java in OpenID4Java before 0.9.6 final, as used in JBoss Enterprise Application Platform 5.1 before 5.1.2, Step2, Kay Framework before 1.0.2, and possibly other products does not verify that Attribute Exchange (AX) information is signed, which allows remote attackers to modify potentially sensitive AX information without detection via a man-in-the-middle (MITM) attack." + }, + { + "scanner_identifier": "S6365797B", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2010-3502", + "name": "S6365797B - CVE-2010-3502", + "description": "Unspecified vulnerability in the Siebel Core component in Oracle Siebel Suite 7.7.2.12, 7.8.2.14, 8.0.0.10, and 8.1.1.3 allows remote authenticated users to affect confidentiality via unknown vectors." + }, + { + "scanner_identifier": "S8287410J", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2014-3668", + "name": "S8287410J - CVE-2014-3668", + "description": "Buffer overflow in the date_from_ISO8601 function in the mkgmtime implementation in libxmlrpc/xmlrpc.c in the XMLRPC extension in PHP before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2 allows remote attackers to cause a denial of service (application crash) via (1) a crafted first argument to the xmlrpc_set_type function or (2) a crafted argument to the xmlrpc_decode function, related to an out-of-bounds read operation." + }, + { + "scanner_identifier": "S7204385E", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2003-0066", + "name": "S7204385E - CVE-2003-0066", + "description": "The rxvt terminal emulator 2.7.8 and earlier allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands." + }, + { + "scanner_identifier": "S9381438Z", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2016-0823", + "name": "S9381438Z - CVE-2016-0823", + "description": "The pagemap_open function in fs/proc/task_mmu.c in the Linux kernel before 3.19.3, as used in Android 6.0.1 before 2016-03-01, allows local users to obtain sensitive physical-address information by reading a pagemap file, aka Android internal bug 25739721." + }, + { + "scanner_identifier": "S8300498C", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2000-0806", + "name": "S8300498C - CVE-2000-0806", + "description": "The inter-module authentication mechanism (fwa1) in Check Point VPN-1/FireWall-1 4.1 and earlier may allow remote attackers to conduct a denial of service, aka \"Inter-module Communications Bypass.\"" + }, + { + "scanner_identifier": "T0111123F", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2016-2471", + "name": "T0111123F - CVE-2016-2471", + "description": "The Qualcomm Wi-Fi driver in Android before 2016-06-01 on Nexus 7 (2013) devices allows attackers to gain privileges via a crafted application, aka internal bug 27773913." + }, + { + "scanner_identifier": "S9671592G", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2018-7427", + "name": "S9671592G - CVE-2018-7427", + "description": "Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk Enterprise 6.0.x before 6.0.14, 6.1.x before 6.1.13, 6.2.x before 6.2.14, 6.3.x before 6.3.10, 6.4.x before 6.4.7, and 6.5.x before 6.5.3; and Splunk Light before 6.6.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + }, + { + "scanner_identifier": "S8236888D", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2018-14592", + "name": "S8236888D - CVE-2018-14592", + "description": "The CWJoomla CW Article Attachments PRO extension before 2.0.7 and CW Article Attachments FREE extension before 1.0.6 for Joomla! allow SQL Injection within download.php." + }, + { + "scanner_identifier": "S9541507E", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2011-2797", + "name": "S9541507E - CVE-2011-2797", + "description": "Use-after-free vulnerability in Google Chrome before 13.0.782.107 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to resource caching." + }, + { + "scanner_identifier": "S8058698A", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2012-6440", + "name": "S8058698A - CVE-2012-6440", + "description": "The web-server password-authentication functionality in Rockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB, 1768-ENBT, and 1768-EWEB communication modules; CompactLogix L32E and L35E controllers; 1788-ENBT FLEXLogix adapter; 1794-AENTR FLEX I/O EtherNet/IP adapter; ControlLogix 18 and earlier; CompactLogix 18 and earlier; GuardLogix 18 and earlier; SoftLogix 18 and earlier; CompactLogix controllers 19 and earlier; SoftLogix controllers 19 and earlier; ControlLogix controllers 20 and earlier; GuardLogix controllers 20 and earlier; and MicroLogix 1100 and 1400 allows man-in-the-middle attackers to conduct replay attacks via HTTP traffic." + }, + { + "scanner_identifier": "S9700925B", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2019-5392", + "name": "S9700925B - CVE-2019-5392", + "description": "A disclosure of information vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09." + }, + { + "scanner_identifier": "S5952967F", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2019-12749", + "name": "S5952967F - CVE-2019-12749", + "description": "dbus before 1.10.28, 1.12.x before 1.12.16, and 1.13.x before 1.13.12, as used in DBusServer in Canonical Upstart in Ubuntu 14.04 (and in some, less common, uses of dbus-daemon), allows cookie spoofing because of symlink mishandling in the reference implementation of DBUS_COOKIE_SHA1 in the libdbus library. (This only affects the DBUS_COOKIE_SHA1 authentication mechanism.) A malicious client with write access to its own home directory could manipulate a ~/.dbus-keyrings symlink to cause a DBusServer with a different uid to read and write in unintended locations. In the worst case, this could result in the DBusServer reusing a cookie that is known to the malicious client, and treating that cookie as evidence that a subsequent client connection came from an attacker-chosen uid, allowing authentication bypass." + }, + { + "scanner_identifier": "S9825999F", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2008-0116", + "name": "S9825999F - CVE-2008-0116", + "description": "Microsoft Excel 2000 SP3 through 2003 SP2, Viewer 2003, Compatibility Pack, and Office 2004 and 2008 for Mac allows user-assisted remote attackers to execute arbitrary code via malformed tags in rich text, aka \"Excel Rich Text Validation Vulnerability.\"" + }, + { + "scanner_identifier": "S8983709Z", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2015-7548", + "name": "S8983709Z - CVE-2015-7548", + "description": "OpenStack Compute (Nova) before 2015.1.3 (kilo) and 12.0.x before 12.0.1 (liberty), when using libvirt to spawn instances and use_cow_images is set to false, allow remote authenticated users to read arbitrary files by overwriting an instance disk with a crafted image and requesting a snapshot." + }, + { + "scanner_identifier": "S6415994A", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2015-9002", + "name": "S6415994A - CVE-2015-9002", + "description": "In TrustZone an out-of-range pointer offset vulnerability can potentially occur in a DRM routine in all Android releases from CAF using the Linux kernel." + }, + { + "scanner_identifier": "S5455765E", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2007-4911", + "name": "S5455765E - CVE-2007-4911", + "description": "JSMP3OGGWt.dll in JetCast Server 2.0.0.4308 allows remote attackers to cause a denial of service (daemon crash) via a long .mp3 URI to TCP port 8000. NOTE: some of these details are obtained from third party information." + }, + { + "scanner_identifier": "S7875179G", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2005-4400", + "name": "S7875179G - CVE-2005-4400", + "description": "Cross-site scripting (XSS) vulnerability in downloads/portal_ent in Liferay Portal Enterprise 3.6.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) _77_struts_action, (2) p_p_mode, and (3) p_p_state parameters." + }, + { + "scanner_identifier": "S5794443I", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2014-0339", + "name": "S5794443I - CVE-2014-0339", + "description": "Cross-site scripting (XSS) vulnerability in view.cgi in Webmin before 1.680 allows remote attackers to inject arbitrary web script or HTML via the search parameter." + }, + { + "scanner_identifier": "S9187053C", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2016-5406", + "name": "S9187053C - CVE-2016-5406", + "description": "The domain controller in Red Hat JBoss Enterprise Application Platform (EAP) 7.x before 7.0.2 allows remote authenticated users to gain privileges by leveraging failure to propagate administrative RBAC configuration to all slaves." + }, + { + "scanner_identifier": "S8536667Z", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2007-3219", + "name": "S8536667Z - CVE-2007-3219", + "description": "Unspecified vulnerability in sources/action_public/xmlout.php in Invision Power Board (IPB or IP.Board) 2.2.0 through 2.2.2 allows remote attackers to modify another user's profile data, such as an AIM screen name or Yahoo! identity." + }, + { + "scanner_identifier": "S7109593B", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2016-4979", + "name": "S7109593B - CVE-2016-4979", + "description": "The Apache HTTP Server 2.4.18 through 2.4.20, when mod_http2 and mod_ssl are enabled, does not properly recognize the \"SSLVerifyClient require\" directive for HTTP/2 request authorization, which allows remote attackers to bypass intended access restrictions by leveraging the ability to send multiple requests over a single connection and aborting a renegotiation." + }, + { + "scanner_identifier": "S5930440B", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2007-2066", + "name": "S5930440B - CVE-2007-2066", + "description": "UseBB before 1.0.6 allows remote attackers to obtain sensitive information via a request with unspecified GET or POST parameters to an unspecified script, which reveals the path in an error message." + }, + { + "scanner_identifier": "S8395462J", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2015-1307", + "name": "S8395462J - CVE-2015-1307", + "description": "plasma-workspace before 5.1.95 allows remote attackers to obtain passwords via a Trojan horse Look and Feel package." + }, + { + "scanner_identifier": "S7764295A", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2016-3825", + "name": "S7764295A - CVE-2016-3825", + "description": "mm-video-v4l2/vidc/venc/src/omx_video_base.cpp in mediaserver in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 allocates an incorrect amount of memory, which allows attackers to gain privileges via a crafted application, aka internal bug 28816964." + }, + { + "scanner_identifier": "S8387589E", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2006-5959", + "name": "S8387589E - CVE-2006-5959", + "description": "SQL injection vulnerability in browse.asp in A+ Store E-Commerce allows remote attackers to execute arbitrary SQL commands via the ParentID parameter." + }, + { + "scanner_identifier": "S8693438H", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2018-1000812", + "name": "S8693438H - CVE-2018-1000812", + "description": "Ártica Soluciones Tecnológicas Integria IMS version 5.0 MR56 Package 58, likely earlier versions contains a CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability in Password recovery process, line 45 of general/password_recovery.php that can result in IntegriaIMS web app user accounts can be taken over. This attack appear to be exploitable via Network access to IntegriaIMS web interface . This vulnerability appears to have been fixed in fixed in versions released after commit f2ff0ba821644acecb893483c86a9c4d3bb75047." + }, + { + "scanner_identifier": "S9558996J", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2004-0797", + "name": "S9558996J - CVE-2004-0797", + "description": "The error handling in the (1) inflate and (2) inflateBack functions in ZLib compression library 1.2.x allows local users to cause a denial of service (application crash)." + }, + { + "scanner_identifier": "S7482860D", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2016-9432", + "name": "S7482860D - CVE-2016-9432", + "description": "An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m allows remote attackers to cause a denial of service (memory corruption, segmentation fault, and crash) via a crafted HTML page." + }, + { + "scanner_identifier": "S8294033B", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2016-1656", + "name": "S8294033B - CVE-2016-1656", + "description": "The download implementation in Google Chrome before 50.0.2661.75 on Android allows remote attackers to bypass intended pathname restrictions via unspecified vectors." + }, + { + "scanner_identifier": "S9613688I", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2011-2720", + "name": "S9613688I - CVE-2011-2720", + "description": "The autocompletion functionality in GLPI before 0.80.2 does not blacklist certain username and password fields, which allows remote attackers to obtain sensitive information via a crafted POST request." + }, + { + "scanner_identifier": "S9944545I", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2016-0641", + "name": "S9944545I - CVE-2016-0641", + "description": "Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect confidentiality and availability via vectors related to MyISAM." + }, + { + "scanner_identifier": "S7434335Z", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2016-2228", + "name": "S7434335Z - CVE-2016-2228", + "description": "Cross-site scripting (XSS) vulnerability in horde/templates/topbar/_menubar.html.php in Horde Groupware before 5.2.12 and Horde Groupware Webmail Edition before 5.2.12 allows remote attackers to inject arbitrary web script or HTML via the searchfield parameter, as demonstrated by a request to xplorer/gollem/manager.php." + }, + { + "scanner_identifier": "S7492524C", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2010-0402", + "name": "S7492524C - CVE-2010-0402", + "description": "OpenTTD before 1.0.1 does not properly validate index values of certain items, which allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted in-game command." + }, + { + "scanner_identifier": "S7625122C", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2016-6765", + "name": "S7625122C - CVE-2016-6765", + "description": "A denial of service vulnerability in libstagefright in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High due to the possibility of remote denial of service. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 7.0. Android ID: A-31449945." + }, + { + "scanner_identifier": "S9719642G", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-1999-1023", + "name": "S9719642G - CVE-1999-1023", + "description": "useradd in Solaris 7.0 does not properly interpret certain date formats as specified in the \"-e\" (expiration date) argument, which could allow users to login after their accounts have expired." + }, + { + "scanner_identifier": "T0141348H", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2018-19758", + "name": "T0141348H - CVE-2018-19758", + "description": "There is a heap-based buffer over-read at wav.c in wav_write_header in libsndfile 1.0.28 that will cause a denial of service." + }, + { + "scanner_identifier": "S7734589B", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2010-2892", + "name": "S7734589B - CVE-2010-2892", + "description": "gsb/drivers.php in LANDesk Management Gateway 4.0 through 4.0-1.48 and 4.2 through 4.2-1.8 allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in the DRIVES parameter, as demonstrated by a cross-site request forgery (CSRF) attack." + }, + { + "scanner_identifier": "S6122679F", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2010-4493", + "name": "S6122679F - CVE-2010-4493", + "description": "Use-after-free vulnerability in Google Chrome before 8.0.552.215 allows remote attackers to cause a denial of service via vectors related to the handling of mouse dragging events." + }, + { + "scanner_identifier": "S8522647I", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2015-3939", + "name": "S8522647I - CVE-2015-3939", + "description": "Directory traversal vulnerability in the NC854 and NC856 modules for IDS RTU 850C devices allows remote authenticated users to read arbitrary files via unspecified vectors involving an internal web server, as demonstrated by reading a TELNET credentials file." + }, + { + "scanner_identifier": "S8469380D", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2014-3322", + "name": "S8469380D - CVE-2014-3322", + "description": "Cisco IOS XR 4.3(.2) and earlier on ASR 9000 devices does not properly perform NetFlow sampling of IP packets, which allows remote attackers to cause a denial of service (chip and card hangs) via malformed (1) IPv4 or (2) IPv6 packets, aka Bug ID CSCuo68417." + }, + { + "scanner_identifier": "S9592699A", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2018-19838", + "name": "S9592699A - CVE-2018-19838", + "description": "In LibSass prior to 3.5.5, functions inside ast.cpp for IMPLEMENT_AST_OPERATORS expansion allow attackers to cause a denial-of-service resulting from stack consumption via a crafted sass file, as demonstrated by recursive calls involving clone(), cloneChildren(), and copy()." + }, + { + "scanner_identifier": "S6697131G", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2008-4551", + "name": "S6697131G - CVE-2008-4551", + "description": "strongSwan 4.2.6 and earlier allows remote attackers to cause a denial of service (daemon crash) via an IKE_SA_INIT message with a large number of NULL values in a Key Exchange payload, which triggers a NULL pointer dereference for the return value of the mpz_export function in the GNU Multiprecision Library (GMP)." + }, + { + "scanner_identifier": "S8981357C", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2003-0658", + "name": "S8981357C - CVE-2003-0658", + "description": "Docview before 1.1-18 in Caldera OpenLinux 3.1.1, SCO Linux 4.0, OpenServer 5.0.7, configures the Apache web server in a way that allows remote attackers to read arbitrary publicly readable files via a certain URL, possibly related to rewrite rules." + }, + { + "scanner_identifier": "S9830875Z", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2001-0968", + "name": "S9830875Z - CVE-2001-0968", + "description": "Knox Arkeia server 4.2, and possibly other versions, installs its root user with a null password by default, which allows local and remote users to gain privileges." + }, + { + "scanner_identifier": "S5781089J", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2019-10636", + "name": "S5781089J - CVE-2019-10636", + "description": "Marvell SSD Controller (88SS1074, 88SS1079, 88SS1080, 88SS1093, 88SS1092, 88SS1095, 88SS9174, 88SS9175, 88SS9187, 88SS9188, 88SS9189, 88SS9190, 88SS1085, 88SS1087, 88SS1090, 88SS1100, 88SS1084, 88SS1088, & 88SS1098) devices allow reprogramming flash memory to bypass the secure boot protection mechanism." + }, + { + "scanner_identifier": "S8702431H", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2003-0582", + "name": "S8702431H - CVE-2003-0582", + "description": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2003-0504. Reason: This candidate is a duplicate of CVE-2003-0504. Notes: All CVE users should reference CVE-2003-0504 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + }, + { + "scanner_identifier": "S5576998B", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2007-2866", + "name": "S5576998B - CVE-2007-2866", + "description": "Multiple SQL injection vulnerabilities in modules/admin/modules/gallery.php in PHPEcho CMS 2.0-rc1 and earlier allow remote attackers to execute arbitrary SQL commands via the id parameter and possibly other parameters. NOTE: some of these details are obtained from third party information." + }, + { + "scanner_identifier": "S9849354I", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2016-6522", + "name": "S9849354I - CVE-2016-6522", + "description": "Integer overflow in the uvm_map_isavail function in uvm/uvm_map.c in OpenBSD 5.9 allows local users to cause a denial of service (kernel panic) via a crafted mmap call, which triggers the new mapping to overlap with an existing mapping." + }, + { + "scanner_identifier": "S8982661F", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2014-8237", + "name": "S8982661F - CVE-2014-8237", + "description": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." + }, + { + "scanner_identifier": "S8378534I", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2016-6539", + "name": "S8378534I - CVE-2016-6539", + "description": "The Trackr device ID is constructed of a manufacturer identifier of four zeroes followed by the BLE MAC address in reverse. The MAC address can be obtained by being in close proximity to the Bluetooth device, effectively exposing the device ID. The ID can be used to track devices. Updated apps, version 5.1.6 for iOS and 2.2.5 for Android, have been released by the vendor to address the vulnerabilities in CVE-2016-6538, CVE-2016-6539, CVE-2016-6540 and CVE-2016-6541." + }, + { + "scanner_identifier": "S8922556F", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2007-0609", + "name": "S8922556F - CVE-2007-0609", + "description": "Directory traversal vulnerability in Advanced Guestbook 2.4.2 allows remote attackers to bypass .htaccess settings, and execute arbitrary PHP local files or read arbitrary local templates, via a .. (dot dot) in a lang cookie, followed by a filename without its .php extension, as demonstrated via a request to index.php." + }, + { + "scanner_identifier": "S7443375H", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2006-2706", + "name": "S7443375H - CVE-2006-2706", + "description": "Secure Elements Class 5 AVR server (aka C5 EVM) before 2.8.1 allows remote attackers to cause a denial of service via forged \"session start\" messages that cause AVR to connect to arbitrary hosts." + }, + { + "scanner_identifier": "S9995655J", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2016-0925", + "name": "S9995655J - CVE-2016-0925", + "description": "Cross-site scripting (XSS) vulnerability in the Case Management application in EMC RSA Adaptive Authentication (On-Premise) before 6.0.2.1.SP3.P4 HF210, 7.0.x and 7.1.x before 7.1.0.0.SP0.P6 HF50, and 7.2.x before 7.2.0.0.SP0.P0 HF20 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors." + }, + { + "scanner_identifier": "S9431899H", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2017-0145", + "name": "S9431899H - CVE-2017-0145", + "description": "The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to execute arbitrary code via crafted packets, aka \"Windows SMB Remote Code Execution Vulnerability.\" This vulnerability is different from those described in CVE-2017-0143, CVE-2017-0144, CVE-2017-0146, and CVE-2017-0148." + }, + { + "scanner_identifier": "S5969925C", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2012-5820", + "name": "S5969925C - CVE-2012-5820", + "description": "The developer-account sample code in Google AdMob does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate." + }, + { + "scanner_identifier": "S7168713I", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2017-12410", + "name": "S7168713I - CVE-2017-12410", + "description": "It is possible to exploit a Time of Check & Time of Use (TOCTOU) vulnerability by winning a race condition when Kaseya Virtual System Administrator agent 9.3.0.11 and earlier tries to execute its binaries from working and/or temporary folders. Successful exploitation results in the execution of arbitrary programs with \"NT AUTHORITY\\SYSTEM\" privileges." + }, + { + "scanner_identifier": "S9971021G", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2007-0377", + "name": "S9971021G - CVE-2007-0377", + "description": "Multiple SQL injection vulnerabilities in Xoops 2.0.16 allow remote attackers to execute arbitrary SQL commands via (1) the id parameter in kernel/group.php in core, (2) the lid parameter in class/table_broken.php in the Weblinks module, and other unspecified vectors." + }, + { + "scanner_identifier": "S7475637I", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2008-3114", + "name": "S7475637I - CVE-2008-3114", + "description": "Unspecified vulnerability in Sun Java Web Start in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allows context-dependent attackers to obtain sensitive information (the cache location) via an untrusted application, aka CR 6704074." + }, + { + "scanner_identifier": "T0168756A", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2013-5613", + "name": "T0168756A - CVE-2013-5613", + "description": "Use-after-free vulnerability in the PresShell::DispatchSynthMouseMove function in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors involving synthetic mouse movement, related to the RestyleManager::GetHoverGeneration function." + }, + { + "scanner_identifier": "S9964794I", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2009-3987", + "name": "S9964794I - CVE-2009-3987", + "description": "The GeckoActiveXObject function in Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, generates different exception messages depending on whether the referenced COM object is listed in the registry, which allows remote attackers to obtain potentially sensitive information about installed software by making multiple calls that specify the ProgID values of different COM objects." + }, + { + "scanner_identifier": "S9855974D", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2007-0949", + "name": "S9855974D - CVE-2007-0949", + "description": "Stack-based buffer overflow in iTinySoft Studio Total Video Player 1.03, and possibly earlier, allows remote attackers to execute arbitrary code via a M3U playlist file that contains a long file name. NOTE: it was later reported that 1.20 and 1.30 are also affected." + }, + { + "scanner_identifier": "S8632616G", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2019-1868", + "name": "S8632616G - CVE-2019-1868", + "description": "A vulnerability in the web-based management interface of Cisco Webex Meetings Server could allow an unauthenticated, remote attacker to access sensitive system information. The vulnerability is due to improper access control to files within the web-based management interface. An attacker could exploit this vulnerability by sending a malicious request to an affected device. A successful exploit could allow the attacker to access sensitive system information." + }, + { + "scanner_identifier": "S7781703D", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2017-17731", + "name": "S7781703D - CVE-2017-17731", + "description": "DedeCMS through 5.7 has SQL Injection via the $_FILES superglobal to plus/recommend.php." + }, + { + "scanner_identifier": "S8883185C", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2016-0049", + "name": "S8883185C - CVE-2016-0049", + "description": "Kerberos in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, and Windows 10 Gold and 1511 does not properly validate password changes, which allows remote attackers to bypass authentication by deploying a crafted Key Distribution Center (KDC) and then performing a sign-in action, aka \"Windows Kerberos Security Feature Bypass.\"" + }, + { + "scanner_identifier": "T0090281G", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2018-16768", + "name": "T0090281G - CVE-2018-16768", + "description": "In WAVM through 2018-07-26, a crafted file sent to the WebAssembly Virtual Machine may cause a denial of service (application crash) or possibly have unspecified other impact because of an unspecified \"heap-buffer-overflow\" condition in IR::FunctionValidationContext::end." + }, + { + "scanner_identifier": "S9403454Z", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2013-1896", + "name": "S9403454Z - CVE-2013-1896", + "description": "mod_dav.c in the Apache HTTP Server before 2.2.25 does not properly determine whether DAV is enabled for a URI, which allows remote attackers to cause a denial of service (segmentation fault) via a MERGE request in which the URI is configured for handling by the mod_dav_svn module, but a certain href attribute in XML data refers to a non-DAV URI." + }, + { + "scanner_identifier": "S7631562J", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2019-12380", + "name": "S7631562J - CVE-2019-12380", + "description": "An issue was discovered in the efi subsystem in the Linux kernel through 5.1.5. phys_efi_set_virtual_address_map in arch/x86/platform/efi/efi.c and efi_call_phys_prolog in arch/x86/platform/efi/efi_64.c mishandle memory allocation failures." + }, + { + "scanner_identifier": "S6300117A", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2010-1502", + "name": "S6300117A - CVE-2010-1502", + "description": "Unspecified vulnerability in Google Chrome before 4.1.249.1059 allows remote attackers to access local files via vectors related to \"developer tools.\"" + }, + { + "scanner_identifier": "S7308273J", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2007-0654", + "name": "S7308273J - CVE-2007-0654", + "description": "Integer underflow in X MultiMedia System (xmms) 1.2.10 allows user-assisted remote attackers to execute arbitrary code via crafted header information in a skin bitmap image, which results in a stack-based buffer overflow." + }, + { + "scanner_identifier": "S6647881E", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2001-0755", + "name": "S6647881E - CVE-2001-0755", + "description": "Buffer overflow in ftp daemon (ftpd) 6.2 in Debian GNU/Linux allows attackers to cause a denial of service and possibly execute arbitrary code via a long SITE command." + }, + { + "scanner_identifier": "S6691918H", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2015-0349", + "name": "S6691918H - CVE-2015-0349", + "description": "Use-after-free vulnerability in Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-0351, CVE-2015-0358, and CVE-2015-3039." + }, + { + "scanner_identifier": "S8815156I", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2004-1664", + "name": "S8815156I - CVE-2004-1664", + "description": "Call of Duty 1.4 and earlier allows remote attackers to cause a denial of service (game end) via a large (1) query or (2) reply packet, which is not properly handled by the buffer overflow protection mechanism. NOTE: this issue might overlap CVE-2005-0430." + }, + { + "scanner_identifier": "S5942515C", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2019-6765", + "name": "S5942515C - CVE-2019-6765", + "description": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit PhantomPDF 9.4.1.16828. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the conversion of HTML files to PDF. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-8170." + }, + { + "scanner_identifier": "S8008290H", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2008-3737", + "name": "S8008290H - CVE-2008-3737", + "description": "Unspecified vulnerability in (1) System Consultants La!Cooda WIZ 1.4.0 and earlier and (2) SpaceTag LacoodaST 2.1.3 and earlier allows remote attackers to execute arbitrary PHP scripts, and delete files, read files, and possibly have unknown other impact." + }, + { + "scanner_identifier": "S9367197Z", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2013-0851", + "name": "S9367197Z - CVE-2013-0851", + "description": "The decode_frame function in libavcodec/eamad.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via crafted Electronic Arts Madcow video data, which triggers an out-of-bounds array access." + }, + { + "scanner_identifier": "T0164701B", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2014-10012", + "name": "T0164701B - CVE-2014-10012", + "description": "Cross-site scripting (XSS) vulnerability in the Another WordPress Classifieds Plugin plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via the query string to the default URI." + }, + { + "scanner_identifier": "S9231018C", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2016-4435", + "name": "S9231018C - CVE-2016-4435", + "description": "An endpoint of the Agent running on the BOSH Director VM with stemcell versions prior to 3232.6 and 3146.13 may allow unauthenticated clients to read or write blobs or cause a denial of service attack on the Director VM. This vulnerability requires that the unauthenticated clients guess or find a URL matching an existing GUID." + }, + { + "scanner_identifier": "S6234893C", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2006-0551", + "name": "S6234893C - CVE-2006-0551", + "description": "SQL injection vulnerability in the Data Pump Metadata API in Oracle Database 10g and possibly earlier might allow remote attackers to execute arbitrary SQL commands via unknown vectors. NOTE: due to the lack of relevant details from the Oracle advisory, a separate CVE is being created since it cannot be conclusively proven that this issue has been addressed by Oracle. It is possible that this is the same issue as Oracle Vuln# DB06 from the January 2006 CPU, in which case this would be subsumed by CVE-2006-0259 or, if it is DB05, subsumed by CVE-2006-0260." + }, + { + "scanner_identifier": "S8043402B", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2007-0790", + "name": "S8043402B - CVE-2007-0790", + "description": "Heap-based buffer overflow in SmartFTP 2.0.1002 allows remote FTP servers to execute arbitrary code via a large banner." + }, + { + "scanner_identifier": "S7972290A", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2014-4288", + "name": "S7972290A - CVE-2014-4288", + "description": "Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-6493, CVE-2014-6503, and CVE-2014-6532." + }, + { + "scanner_identifier": "S8078522D", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2007-5802", + "name": "S8078522D - CVE-2007-5802", + "description": "Directory traversal vulnerability in index.php in Firewolf Technologies Synergiser 1.2 RC1 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter. NOTE: this can be leveraged to obtain the path by including a local PHP script with a duplicate function declaration." + }, + { + "scanner_identifier": "S9862200D", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2016-8676", + "name": "S9862200D - CVE-2016-8676", + "description": "The get_vlc2 function in get_bits.h in Libav 11.9 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted mp3 file. NOTE: this issue exists due to an incomplete fix for CVE-2016-8675." + }, + { + "scanner_identifier": "S9496148C", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2007-6303", + "name": "S9496148C - CVE-2007-6303", + "description": "MySQL 5.0.x before 5.0.51a, 5.1.x before 5.1.23, and 6.0.x before 6.0.4 does not update the DEFINER value of a view when the view is altered, which allows remote authenticated users to gain privileges via a sequence of statements including a CREATE SQL SECURITY DEFINER VIEW statement and an ALTER VIEW statement." + }, + { + "scanner_identifier": "S7282304D", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2009-4930", + "name": "S7282304D - CVE-2009-4930", + "description": "Cross-site scripting (XSS) vulnerability in the twbkwbis.P_SecurityQuestion (aka Change Security Question) page in SunGard Banner Student System 7.4 allows remote attackers to inject arbitrary web script or HTML via the New Question field." + }, + { + "scanner_identifier": "S8718649J", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2002-0504", + "name": "S8718649J - CVE-2002-0504", + "description": "Cross-site scripting vulnerability in Citrix NFuse 1.6 and earlier does not quote results from the getLastError method, which allows remote attackers to execute script in other clients via the NFuse_Application parameter to (1) launch.jsp or (2) launch.asp." + }, + { + "scanner_identifier": "S5589787E", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2012-1393", + "name": "S5589787E - CVE-2012-1393", + "description": "Unspecified vulnerability in the GO SMS Pro (com.jb.gosms) application 3.72, 4.10, and 4.35 for Android has unknown impact and attack vectors." + }, + { + "scanner_identifier": "S7195463C", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2001-1106", + "name": "S7195463C - CVE-2001-1106", + "description": "The default configuration of Sambar Server 5 and earlier uses a symmetric key that is compiled into the binary program for encrypting passwords, which could allow local users to break all user passwords by cracking the key or modifying a copy of the sambar program to call the decryption procedure." + }, + { + "scanner_identifier": "S8425957H", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2003-0578", + "name": "S8425957H - CVE-2003-0578", + "description": "cci_dir in IBM U2 UniVerse 10.0.0.9 and earlier creates hard links and unlinks files as root, which allows local users to gain privileges by deleting and overwriting arbitrary files." + }, + { + "scanner_identifier": "S6127513D", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2016-2680", + "name": "S6127513D - CVE-2016-2680", + "description": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + }, + { + "scanner_identifier": "T0139942F", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2018-16403", + "name": "T0139942F - CVE-2018-16403", + "description": "libdw in elfutils 0.173 checks the end of the attributes list incorrectly in dwarf_getabbrev in dwarf_getabbrev.c and dwarf_hasattr in dwarf_hasattr.c, leading to a heap-based buffer over-read and an application crash." + }, + { + "scanner_identifier": "S8031857Z", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2011-5159", + "name": "S8031857Z - CVE-2011-5159", + "description": "Cross-site scripting (XSS) vulnerability in admin/configuration.php in Geeklog before 1.7.1sr1 allows remote attackers to inject arbitrary web script or HTML via the sub_group parameter, a different vulnerability than CVE-2011-4942." + }, + { + "scanner_identifier": "S8354545C", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2019-10112", + "name": "S8354545C - CVE-2019-10112", + "description": "An issue was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. The construction of the HMAC key was insecurely derived." + }, + { + "scanner_identifier": "S5535008F", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2019-5343", + "name": "S5535008F - CVE-2019-5343", + "description": "A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09." + }, + { + "scanner_identifier": "S7592753C", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2011-5069", + "name": "S7592753C - CVE-2011-5069", + "description": "Unrestricted file upload vulnerability in incident_attachments.php in Support Incident Tracker (aka SiT!) 3.65 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in unspecified directory, a different program than CVE-2011-3833." + }, + { + "scanner_identifier": "S6527962B", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2003-0201", + "name": "S6527962B - CVE-2003-0201", + "description": "Buffer overflow in the call_trans2open function in trans2.c for Samba 2.2.x before 2.2.8a, 2.0.10 and earlier 2.0.x versions, and Samba-TNG before 0.3.2, allows remote attackers to execute arbitrary code." + }, + { + "scanner_identifier": "S8207055I", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2008-5860", + "name": "S8207055I - CVE-2008-5860", + "description": "Directory traversal vulnerability in backend/template.php in Constructr CMS 3.02.5 and earlier, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to create or read arbitrary files via directory traversal sequences in the edit_file parameter." + }, + { + "scanner_identifier": "S7780065D", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2014-8170", + "name": "S7780065D - CVE-2014-8170", + "description": "ovirt_safe_delete_config in ovirtfunctions.py and other unspecified locations in ovirt-node 3.0.0-474-gb852fd7 as packaged in Red Hat Enterprise Virtualization 3 do not properly quote input strings, which allows remote authenticated users and physically proximate attackers to execute arbitrary commands via a ; (semicolon) in an input string." + }, + { + "scanner_identifier": "S9198143B", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2003-1528", + "name": "S9198143B - CVE-2003-1528", + "description": "nsr_shutdown in Fujitsu Siemens NetWorker 6.0 allows local users to overwrite arbitrary files via a symlink attack on the nsrsh[PID] temporary file." + }, + { + "scanner_identifier": "S7202028F", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2005-3347", + "name": "S7202028F - CVE-2005-3347", + "description": "Multiple directory traversal vulnerabilities in index.php in phpSysInfo 2.4 and earlier, as used in phpgroupware 0.9.16 and earlier, and egrouwpware before 1.0.0.009, allow remote attackers to include arbitrary files via .. (dot dot) sequences in the (1) sensor_program parameter or the (2) _SERVER[HTTP_ACCEPT_LANGUAGE] parameter, which overwrites an internal variable, a variant of CVE-2003-0536. NOTE: due to a typo in an advisory, an issue in osh was inadvertently linked to this identifier; the proper identifier for the osh issue is CVE-2005-3346." + }, + { + "scanner_identifier": "S8401808B", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2018-12171", + "name": "S8401808B - CVE-2018-12171", + "description": "Privilege escalation in Intel Baseboard Management Controller (BMC) firmware before version 1.43.91f76955 may allow an unprivileged user to potentially execute arbitrary code or perform denial of service over the network." + }, + { + "scanner_identifier": "S5967166I", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2016-7561", + "name": "S5967166I - CVE-2016-7561", + "description": "Fortinet FortiWLC 6.1-2-29 and earlier, 7.0-9-1, 7.0-10-0, 8.0-5-0, 8.1-2-0, and 8.2-4-0 allow administrators to obtain sensitive user credentials by reading the pam.log file." + }, + { + "scanner_identifier": "S9159965A", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2019-5798", + "name": "S9159965A - CVE-2019-5798", + "description": "Lack of correct bounds checking in Skia in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page." + }, + { + "scanner_identifier": "S6840778H", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2012-2559", + "name": "S6840778H - CVE-2012-2559", + "description": "WellinTech KingHistorian 3.0 allows remote attackers to execute arbitrary code or cause a denial of service (invalid pointer write) via a crafted packet to TCP port 5678." + }, + { + "scanner_identifier": "S8206080D", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2004-1941", + "name": "S8206080D - CVE-2004-1941", + "description": "Fastream NETFile FTP/Web Server 6.5.1.980 allows remote attackers to cause a denial of service via a username that does not exist." + }, + { + "scanner_identifier": "S5486590B", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2013-3004", + "name": "S5486590B - CVE-2013-3004", + "description": "Directory traversal vulnerability in BIRT-Report Viewer in IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.1.x and 7.2.x before 7.2.1.5 allows remote authenticated users to read arbitrary files via unspecified vectors." + }, + { + "scanner_identifier": "S5562803C", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2014-3471", + "name": "S5562803C - CVE-2014-3471", + "description": "Use-after-free vulnerability in hw/pci/pcie.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (QEMU instance crash) via hotplug and hotunplug operations of Virtio block devices." + }, + { + "scanner_identifier": "S6040045H", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2013-4754", + "name": "S6040045H - CVE-2013-4754", + "description": "Multiple cross-site scripting (XSS) vulnerabilities in Owl Intranet Knowledgebase 1.10 allow remote authenticated users to inject arbitrary web script or HTML via (1) the Search field to browse.php or (2) the Title field to prefs.php." + }, + { + "scanner_identifier": "S6156696A", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2019-10332", + "name": "S6156696A - CVE-2019-10332", + "description": "A missing permission check in Jenkins ElectricFlow Plugin 1.1.5 and earlier in Configuration#doTestConnection allowed users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials." + }, + { + "scanner_identifier": "S6517473A", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2016-9969", + "name": "S6517473A - CVE-2016-9969", + "description": "In libwebp 0.5.1, there is a double free bug in libwebpmux." + }, + { + "scanner_identifier": "S9519684E", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2005-1503", + "name": "S9519684E - CVE-2005-1503", + "description": "Multiple SQL injection vulnerabilities in MidiCart PHP Shopping Cart allow remote attackers to execute arbitrary SQL commands via the (1) searchstring parameter to search_list.php, the (2) maingroup or (3) secondgroup parameters to item_list.php, or (4) code_no parameter to item_show.php." + }, + { + "scanner_identifier": "S6972708E", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2014-5282", + "name": "S6972708E - CVE-2014-5282", + "description": "Docker before 1.3 does not properly validate image IDs, which allows remote attackers to redirect to another image through the loading of untrusted images via 'docker load'." + }, + { + "scanner_identifier": "T0057455J", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2003-1275", + "name": "T0057455J - CVE-2003-1275", + "description": "Pocket Internet Explorer (PIE) 3.0 allows remote attackers to cause a denial of service (crash) via a Javascript function that uses the object.innerHTML function to recursively call that function." + }, + { + "scanner_identifier": "S7792573B", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2017-11174", + "name": "S7792573B - CVE-2017-11174", + "description": "In install/page_dbsettings.php in the Core distribution of XOOPS 2.5.8.1, unfiltered data passed to CREATE and ALTER SQL queries caused SQL Injection in the database settings page, related to use of GBK in CHARACTER SET and COLLATE clauses." + }, + { + "scanner_identifier": "S7179556Z", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2014-5300", + "name": "S7179556Z - CVE-2014-5300", + "description": "Adaptive Computing Moab before 7.2.9 and 8 before 8.0.0 allows remote attackers to bypass the signature check, impersonate arbitrary users, and execute commands via a message without a signature." + }, + { + "scanner_identifier": "S9380880J", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2005-4481", + "name": "S9380880J - CVE-2005-4481", + "description": "** DISPUTED ** Cross-site scripting (XSS) vulnerability in Polopoly 9 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters. NOTE: the vendor has disputed this vulnerability, stating that the \"XSS flaw was only part of the custom implementation of the [polopoly] site\". As of 20061003, CVE has no further information on this issue, except that the original researcher has a history of testing live sites and assuming that discoveries indicate vulnerabilities in the associated package." + }, + { + "scanner_identifier": "T0011681A", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2016-2490", + "name": "T0011681A - CVE-2016-2490", + "description": "The NVIDIA camera driver in Android before 2016-06-01 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 27533373." + }, + { + "scanner_identifier": "S5844643B", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2018-0121", + "name": "S5844643B - CVE-2018-0121", + "description": "A vulnerability in the authentication functionality of the web-based service portal of Cisco Elastic Services Controller Software could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrator privileges on an affected system. The vulnerability is due to improper security restrictions that are imposed by the web-based service portal of the affected software. An attacker could exploit this vulnerability by submitting an empty password value to an affected portal when prompted to enter an administrative password for the portal. A successful exploit could allow the attacker to bypass authentication and gain administrator privileges for the web-based service portal of the affected software. This vulnerability affects Cisco Elastic Services Controller Software Release 3.0.0. Cisco Bug IDs: CSCvg29809." + }, + { + "scanner_identifier": "S9016299C", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2017-7552", + "name": "S9016299C - CVE-2017-7552", + "description": "A flaw was discovered in the file editor of millicore, affecting versions before 3.19.0 and 4.x before 4.5.0, which allows files to be executed as well as created. An attacker could use this flaw to compromise other users or teams projects stored in source control management of the RHMAP Core installation." + }, + { + "scanner_identifier": "S8435770G", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2019-8989", + "name": "S8435770G - CVE-2019-8989", + "description": "The application server component of TIBCO Software Inc.'s TIBCO Data Science for AWS, and TIBCO Spotfire Data Science contains a vulnerability that theoretically enables a user to spoof their account to look like a different user in the affected system. Affected releases are TIBCO Software Inc.'s TIBCO Data Science for AWS: versions up to and including 6.4.0, and TIBCO Spotfire Data Science: versions up to and including 6.4.0." + }, + { + "scanner_identifier": "S8501256H", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2011-2633", + "name": "S8501256H - CVE-2011-2633", + "description": "Unspecified vulnerability in Opera before 11.11 allows remote attackers to cause a denial of service (application crash) via vectors involving a Certificate Revocation List (CRL) file, as demonstrated by the multicert-ca-02.crl file." + }, + { + "scanner_identifier": "S7855954C", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2008-2758", + "name": "S7855954C - CVE-2008-2758", + "description": "Multiple cross-site scripting (XSS) vulnerabilities in Xigla Absolute News Manager XE 3.2 allow remote authenticated administrators to inject arbitrary web script or HTML via the (1) pblname and (2) text parameters to (a) admin/search.asp, (3) name parameter to (b) admin/publishers.asp, and other unspecified vectors to (c) anmviewer.asp and (d) editarticleX.asp in admin/. NOTE: some of these details are obtained from third party information." + }, + { + "scanner_identifier": "S9835659B", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2011-4323", + "name": "S9835659B - CVE-2011-4323", + "description": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2011-2726. Reason: This candidate is a duplicate of CVE-2011-2726. Notes: All CVE users should reference CVE-2011-2726 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + }, + { + "scanner_identifier": "S8207046Z", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2006-3119", + "name": "S8207046Z - CVE-2006-3119", + "description": "The fbgs framebuffer Postscript/PDF viewer in fbi before 2.01 has a typo that prevents a filter from working correctly, which allows user-assisted attackers to bypass the filter and execute malicious Postscript commands." + }, + { + "scanner_identifier": "S9234623D", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2004-2109", + "name": "S9234623D - CVE-2004-2109", + "description": "Multiple cross-site scripting (XSS) vulnerabilities in (1) imagezoom.asp or (2) recommend.asp in Q-Shop allow remote attackers to execute arbitrary script and steal the user session ID via Javascript in a URL." + }, + { + "scanner_identifier": "S9122222A", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2018-7490", + "name": "S9122222A - CVE-2018-7490", + "description": "uWSGI before 2.0.17 mishandles a DOCUMENT_ROOT check during use of the --php-docroot option, allowing directory traversal." + }, + { + "scanner_identifier": "S8802051J", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2005-3569", + "name": "S8802051J - CVE-2005-3569", + "description": "INSO service in IBM DB2 Content Manager before 8.2 Fix Pack 10 on AIX allows attackers to cause a denial of service (application crash) via unknown attack vectors involving LZH files." + }, + { + "scanner_identifier": "S8847728F", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2004-2598", + "name": "S8847728F - CVE-2004-2598", + "description": "Quake II server before R1Q2, as used in multiple products, allows remote attackers to corrupt the server's client state data structure by exiting a session without a valid disconnect command, then reconnecting, which prevents a mod from being notified of changes in the client state. NOTE: the impact of this issue will vary depending on which mod is being used." + }, + { + "scanner_identifier": "T0121976B", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2019-5242", + "name": "T0121976B - CVE-2019-5242", + "description": "There is a code execution vulnerability in Huawei PCManager versions earlier than PCManager 9.0.1.50. The attacker can tricking a user to install and run a malicious application to exploit this vulnerability. Successful exploitation may cause the attacker to execute malicious code and read/write memory." + }, + { + "scanner_identifier": "S9025626B", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2006-5979", + "name": "S9025626B - CVE-2006-5979", + "description": "Renasoft NetJetServer 2.5.3.939, and possibly earlier, uses insecure permissions for Global.asa, which allows remote attackers to obtain sensitive information. NOTE: the provenance of this information is unknown; details are obtained from third party sources." + }, + { + "scanner_identifier": "S9894798A", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2018-8929", + "name": "S9894798A - CVE-2018-8929", + "description": "Improper restriction of communication channel to intended endpoints vulnerability in HTTP daemon in Synology SSL VPN Client before 1.2.4-0224 allows remote attackers to conduct man-in-the-middle attacks via a crafted payload." + }, + { + "scanner_identifier": "S5749632J", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2019-9797", + "name": "S5749632J - CVE-2019-9797", + "description": "Cross-origin images can be read in violation of the same-origin policy by exporting an image after using createImageBitmap to read the image and then rendering the resulting bitmap image within a canvas element. This vulnerability affects Firefox < 66." + }, + { + "scanner_identifier": "S8098586Z", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2009-0296", + "name": "S8098586Z - CVE-2009-0296", + "description": "SQL injection vulnerability in shop_display_products.php in Script Toko Online 5.01 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter." + }, + { + "scanner_identifier": "S7807555D", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2012-2083", + "name": "S7807555D - CVE-2012-2083", + "description": "Cross-site scripting (XSS) vulnerability in the fusion_core_preprocess_page function in fusion_core/template.php in the Fusion module before 6.x-1.13 for Drupal allows remote attackers to inject arbitrary web script or HTML via the q parameter." + }, + { + "scanner_identifier": "S7695687A", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2016-4469", + "name": "S7695687A - CVE-2016-4469", + "description": "Multiple cross-site request forgery (CSRF) vulnerabilities in Apache Archiva 1.3.9 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) add new repository proxy connectors via the token parameter to admin/addProxyConnector_commit.action, (2) new repositories via the token parameter to admin/addRepository_commit.action, (3) edit existing repositories via the token parameter to admin/editRepository_commit.action, (4) add legacy artifact paths via the token parameter to admin/addLegacyArtifactPath_commit.action, (5) change the organizational appearance via the token parameter to admin/saveAppearance.action, or (6) upload new artifacts via the token parameter to upload_submit.action." + }, + { + "scanner_identifier": "S6293731I", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2017-11844", + "name": "S6293731I - CVE-2017-11844", + "description": "Microsoft Edge in Microsoft Windows 10 1703, 1709 and Windows Server, version 1709 allows an attacker to obtain information to further compromise the user's system, due to how Microsoft Edge handles objects in memory, aka \"Microsoft Edge Information Disclosure Vulnerability\". This CVE ID is unique from CVE-2017-11803 and CVE-2017-11833." + }, + { + "scanner_identifier": "S9689649B", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2008-6813", + "name": "S9689649B - CVE-2008-6813", + "description": "SQL injection vulnerability in index.php in phpWebNews 0.2 MySQL Edition allows remote attackers to execute arbitrary SQL commands via the id_kat parameter." + }, + { + "scanner_identifier": "S7164300Z", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2014-0804", + "name": "S7164300Z - CVE-2014-0804", + "description": "Directory traversal vulnerability in the CGENE Security File Manager Pro application 1.0.6 and earlier, and Security File Manager Trial application 1.0.6 and earlier, for Android allows attackers to overwrite or create arbitrary files via unspecified vectors." + }, + { + "scanner_identifier": "S6344449I", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-1999-0246", + "name": "S6344449I - CVE-1999-0246", + "description": "HP Remote Watch allows a remote user to gain root access." + }, + { + "scanner_identifier": "S8020644E", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2012-4068", + "name": "S8020644E - CVE-2012-4068", + "description": "Heap-based buffer overflow in the SoapServer service in Citrix Provisioning Services 5.0, 5.1, 5.6, 5.6 SP1, 6.0, and 6.1 allows remote attackers to execute arbitrary code via a crafted string associated with date and time data." + }, + { + "scanner_identifier": "S7751603D", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2019-6588", + "name": "S7751603D - CVE-2019-6588", + "description": "In Liferay Portal before 7.1 CE GA4, an XSS vulnerability exists in the SimpleCaptcha API when custom code passes unsanitized input into the \"url\" parameter of the JSP taglib call \" /> or \" />. Liferay Portal out-of-the-box behavior with no customizations is not vulnerable." + }, + { + "scanner_identifier": "S6516440Z", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2016-5837", + "name": "S6516440Z - CVE-2016-5837", + "description": "WordPress before 4.5.3 allows remote attackers to bypass intended access restrictions and remove a category attribute from a post via unspecified vectors." + }, + { + "scanner_identifier": "S8779114I", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2019-1003042", + "name": "S8779114I - CVE-2019-1003042", + "description": "A cross site scripting vulnerability in Jenkins Lockable Resources Plugin 2.4 and earlier allows attackers able to control resource names to inject arbitrary JavaScript in web pages rendered by the plugin." + }, + { + "scanner_identifier": "S6465044J", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2019-2482", + "name": "S6465044J - CVE-2019-2482", + "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: PS). Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)." + }, + { + "scanner_identifier": "S7923129J", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2015-4166", + "name": "S7923129J - CVE-2015-4166", + "description": "Cloudera Key Trustee Server before 5.4.3 does not store keys synchronously, which might allow attackers to have unspecified impact via vectors related to loss of an encryption key." + }, + { + "scanner_identifier": "S9677268H", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2019-6756", + "name": "S9677268H - CVE-2019-6756", + "description": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit PhantomPDF 9.4.0.16811. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of HTML files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-7769." + }, + { + "scanner_identifier": "S8925634H", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2019-12169", + "name": "S8925634H - CVE-2019-12169", + "description": "ATutor 2.2.4 allows Arbitrary File Upload and Directory Traversal, resulting in remote code execution via a \"..\" pathname in a ZIP archive to the mods/_core/languages/language_import.php (aka Import New Language) or mods/_standard/patcher/index_admin.php (aka Patcher) component." + }, + { + "scanner_identifier": "S9315089I", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2009-4905", + "name": "S9315089I - CVE-2009-4905", + "description": "Multiple cross-site request forgery (CSRF) vulnerabilities in index.php in Acc Statistics 1.1 allow remote attackers to hijack the authentication of administrators for requests that change (1) passwords, (2) usernames, and (3) e-mail addresses." + }, + { + "scanner_identifier": "S9792326D", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2005-1405", + "name": "S9792326D - CVE-2005-1405", + "description": "HTTP response splitting vulnerability in the @SetHTTPHeader function in Lotus Domino 6.5.x before 6.5.4 and 6.0.x before 6.0.5 allows attackers to poison the web cache via malicious applications." + }, + { + "scanner_identifier": "S7892141B", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2019-12360", + "name": "S7892141B - CVE-2019-12360", + "description": "A stack-based buffer over-read exists in FoFiTrueType::dumpString in fofi/FoFiTrueType.cc in Xpdf 4.01.01. It can, for example, be triggered by sending crafted TrueType data in a PDF document to the pdftops tool. It might allow an attacker to cause Denial of Service or leak memory data into dump content." + }, + { + "scanner_identifier": "S8467036G", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2009-0768", + "name": "S8467036G - CVE-2009-0768", + "description": "SQL injection vulnerability in forumhop.php in YapBB 1.2 and earlier allows remote attackers to execute arbitrary SQL commands via the forumID parameter in a next action." + }, + { + "scanner_identifier": "S7601590B", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2019-11080", + "name": "S7601590B - CVE-2019-11080", + "description": "Sitecore Experience Platform (XP) prior to 9.1.1 is vulnerable to remote code execution via deserialization, aka TFS # 293863. An authenticated user with necessary permissions is able to remotely execute OS commands by sending a crafted serialized object." + }, + { + "scanner_identifier": "S8767805I", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2016-5521", + "name": "S8767805I - CVE-2016-5521", + "description": "Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote attackers to affect confidentiality and integrity via unknown vectors, a different vulnerability than CVE-2016-5512." + }, + { + "scanner_identifier": "S9802651G", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2013-1841", + "name": "S9802651G - CVE-2013-1841", + "description": "Net-Server, when the reverse-lookups option is enabled, does not check if the hostname resolves to the source IP address, which might allow remote attackers to bypass ACL restrictions via the hostname parameter." + }, + { + "scanner_identifier": "S9259804G", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2012-5723", + "name": "S9259804G - CVE-2012-5723", + "description": "Cisco ASR 1000 devices with software before 3.8S, when BDI routing is enabled, allow remote attackers to cause a denial of service (device reload) via crafted (1) broadcast or (2) multicast ICMP packets with fragmentation, aka Bug ID CSCub55948." + }, + { + "scanner_identifier": "S8574641C", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2010-3156", + "name": "S8574641C - CVE-2010-3156", + "description": "Untrusted search path vulnerability in K2 K2Editor before 1.5.9 allows local users to gain privileges via a Trojan horse executable file in the current working directory." + }, + { + "scanner_identifier": "S9582817E", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2011-1649", + "name": "S9582817E - CVE-2011-1649", + "description": "The Internet Streamer application in Cisco Content Delivery System (CDS) with software 2.5.7, 2.5.8, and 2.5.9 before build 126 allows remote attackers to cause a denial of service (Web Engine crash) via a crafted URL, aka Bug IDs CSCtg67333 and CSCth25341." + }, + { + "scanner_identifier": "S6368243H", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2005-3101", + "name": "S6368243H - CVE-2005-3101", + "description": "The password reset feature in Movable Type before 3.2 generates different error messages depending on whether a user exists or not, which allows remote attackers to determine valid usernames." + }, + { + "scanner_identifier": "S5885617G", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2006-7070", + "name": "S5885617G - CVE-2006-7070", + "description": "Unrestricted file upload vulnerability in manager/media/ibrowser/scripts/rfiles.php in Etomite CMS 0.6.1 and earlier allows remote attackers to upload and execute arbitrary files via an nfile[] parameter with a filename that contains a .php extension followed by a valid image extension such as .gif or .jpg, then calling the rename function." + }, + { + "scanner_identifier": "S8920931E", + "scanner_type": "KDI Faker Data", + "cve_identifiers": "CVE-2006-4226", + "name": "S8920931E - CVE-2006-4226", + "description": "MySQL before 4.1.21, 5.0 before 5.0.25, and 5.1 before 5.1.12, when run on case-sensitive filesystems, allows remote authenticated users to create or access a database when the database name differs only in case from a database for which they have permissions." + } + ] +} diff --git a/kenna_kdi_importer/kdi_jsonify.rb b/kenna_kdi_importer/kdi_jsonify.rb index f8a9918..b77fab6 100644 --- a/kenna_kdi_importer/kdi_jsonify.rb +++ b/kenna_kdi_importer/kdi_jsonify.rb @@ -126,4 +126,4 @@ module KennaKdi } end end -end \ No newline at end of file +end diff --git a/kenna_kdi_importer/kenna_kdi_importer.rb b/kenna_kdi_importer/kenna_kdi_importer.rb index 238bfb3..b06437e 100755 --- a/kenna_kdi_importer/kenna_kdi_importer.rb +++ b/kenna_kdi_importer/kenna_kdi_importer.rb @@ -1,7 +1,42 @@ +require 'optparse' require './asset_generator' require './cve_info' require './kdi_jsonify' require 'pry' asset_generator = KennaKdi::AssetGenerator.new('./data/cve') -Pry.start + +ARGV << '-h' if ARGV.empty? + +params = {} + +OptionParser.new do |opts| + opts.banner = "Usage: kenna_kdi_importer.rb [OPTIONS]" + + opts.on('-a NUM', '--assets', Integer, "Number of assets to create") { |a| params[:assets] = a } + opts.on('-v NUM', '--max_vulns', Integer, "Max number of vulns that may be created per asset") {|v| params[:max_vulns] = v } + + opts.on_tail("-h", "--help", "Show this message") do + puts opts + exit + end +end.parse!(into: params) + +raise OptionParser::MissingArgument if params[:assets].nil? +raise OptionParser::MissingArgument if params[:max_vulns].nil? + +num_of_assets = params[:assets] +max_vulns = params[:max_vulns] + +puts "Now creating #{num_of_assets} assets. Each asset with a random set of vulnerabilities between 1 and #{max_vulns}" +puts "\n" + +while true do + hash = asset_generator.create_assets(num_of_assets, max_vulns) + if hash + break + end +end + +json = hash.to_json +puts JSON.pretty_generate(JSON.parse(json)) diff --git a/kenna_kdi_importer/vuln_generator.rb b/kenna_kdi_importer/vuln_generator.rb index b39022f..f666a58 100644 --- a/kenna_kdi_importer/vuln_generator.rb +++ b/kenna_kdi_importer/vuln_generator.rb @@ -68,4 +68,4 @@ module KennaKdi } end end -end \ No newline at end of file +end