{"id":41,"date":"2025-02-09T10:01:18","date_gmt":"2025-02-09T10:01:18","guid":{"rendered":"http:\/\/13.215.97.94\/?page_id=41"},"modified":"2025-02-13T07:00:24","modified_gmt":"2025-02-13T07:00:24","slug":"cve","status":"publish","type":"page","link":"https:\/\/jasveermaan.com\/index.php\/cve\/","title":{"rendered":"CVE"},"content":{"rendered":"\n<p>The author has identified several CVEs and has collaborated with friends and colleagues within the organization to identify some of them. Below is a list of the identified CVEs:<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li><strong>ClipBucket<\/strong>\n<ul class=\"wp-block-list\">\n<li>CVE: CVE-2018-7664, CVE- 2018-7665 and CVE-2018-7666<\/li>\n\n\n\n<li>Vulnerabilities: OS Command Injection, Arbitrary File Upload and SQL Injection<\/li>\n\n\n\n<li>Reference:\u00a0<a href=\"https:\/\/sec-consult.com\/vulnerability-lab\/advisory\/os-command-injection-arbitrary-file-upload-sql-injection-in-clipbucket\" target=\"_blank\" rel=\"noreferrer noopener\">https:\/\/sec-consult.com\/vulnerability-lab\/advisory\/os-command-injection-arbitrary-file-upload-sql-injection-in-clipbucket<\/a><\/li>\n\n\n\n<li>Reference:\u00a0<a href=\"https:\/\/portswigger.net\/daily-swig\/sec-consult-broadcasts-raft-of-clipbucket-vulnerabilities\" target=\"_blank\" rel=\"noreferrer noopener\">https:\/\/portswigger.net\/daily-swig\/sec-consult-broadcasts-raft-of-clipbucket-vulnerabilities<\/a><\/li>\n<\/ul>\n<\/li>\n\n\n\n<li><strong>I, Librarian PDF Manager<\/strong>\n<ul class=\"wp-block-list\">\n<li>CVE: CVE-2017-1000234, CVE-2017-1000235, CVE-2017-1000236 and CVE-2017-1000237<\/li>\n\n\n\n<li>Vulnerabilities: OS Command Injection, SSRF, Directory Enumeration and Reflected XSS<\/li>\n\n\n\n<li>Reference:\u00a0<a href=\"https:\/\/sec-consult.com\/vulnerability-lab\/advisory\/multiple-vulnerabilities-19\/\" target=\"_blank\" rel=\"noreferrer noopener\">https:\/\/sec-consult.com\/vulnerability-lab\/advisory\/multiple-vulnerabilities-19\/<\/a><\/li>\n\n\n\n<li>Reference: https:\/\/i-librarian.net\/article.php?id=9<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li><strong>InvoicePlane<\/strong>\n<ul class=\"wp-block-list\">\n<li>CVE: CVE- 2017-1000238 and CVE- 2017-1000239<\/li>\n\n\n\n<li>Vulnerabilities: Arbitrary File Upload and Stored XSS<\/li>\n\n\n\n<li>Reference:\u00a0<a href=\"https:\/\/sec-consult.com\/vulnerability-lab\/advisory\/arbitrary-file-upload-stored-xss\/\" target=\"_blank\" rel=\"noreferrer noopener\">https:\/\/sec-consult.com\/vulnerability-lab\/advisory\/arbitrary-file-upload-stored-xss\/<\/a><\/li>\n<\/ul>\n<\/li>\n\n\n\n<li><strong>MyBB Forum<\/strong>\n<ul class=\"wp-block-list\">\n<li>CVE: CVE-2017-7566<\/li>\n\n\n\n<li>Vulnerability: Server Side Request Forgery (SSRF)<\/li>\n\n\n\n<li>Reference:\u00a0<a href=\"https:\/\/sec-consult.com\/vulnerability-lab\/advisory\/server-side-request-forgery-ssrf-vulnerability\/\" target=\"_blank\" rel=\"noreferrer noopener\">https:\/\/sec-consult.com\/vulnerability-lab\/advisory\/server-side-request-forgery-ssrf-vulnerability\/<\/a><\/li>\n\n\n\n<li>Reference:\u00a0<a href=\"https:\/\/blog.mybb.com\/2017\/04\/04\/mybb-1-8-11-merge-system-1-8-11-release\/\" target=\"_blank\" rel=\"noreferrer noopener\">https:\/\/blog.mybb.com\/2017\/04\/04\/mybb-1-8-11-merge-system-1-8-11-release\/<\/a><\/li>\n<\/ul>\n<\/li>\n\n\n\n<li><strong>MyBiz MyProcureNet<\/strong>\n<ul class=\"wp-block-list\">\n<li>CVE: VE-2018- 11090 and CVE-2018-11091<\/li>\n\n\n\n<li>Vulnerabilities: Arbitrary File Upload and Refelected Cross-site Scripting<\/li>\n\n\n\n<li>Reference:\u00a0<a href=\"https:\/\/sec-consult.com\/vulnerability-lab\/advisory\/arbitrary-file-upload-cross-site-scripting-in-mybiz-myprocurenet\/\" target=\"_blank\" rel=\"noreferrer noopener\">https:\/\/sec-consult.com\/vulnerability-lab\/advisory\/arbitrary-file-upload-cross-site-scripting-in-mybiz-myprocurenet\/<\/a><\/li>\n\n\n\n<li>Reference:\u00a0<a href=\"https:\/\/portswigger.net\/daily-swig\/critical-flaw-found-in-mybiz-procurement-software\" target=\"_blank\" rel=\"noreferrer noopener\">https:\/\/portswigger.net\/daily-swig\/critical-flaw-found-in-mybiz-procurement-software<\/a><\/li>\n<\/ul>\n<\/li>\n\n\n\n<li><strong>OpenEMR<\/strong>\n<ul class=\"wp-block-list\">\n<li>CVE: CVE-2018-1000019 and CVE-2018-1000020<\/li>\n\n\n\n<li>Vulnerabilities: OS Command Injection and Reflected Cross Site Scripting<\/li>\n\n\n\n<li>Reference:\u00a0<a href=\"https:\/\/sec-consult.com\/vulnerability-lab\/advisory\/os-command-injection-reflected-cross-site-scripting-in-openemr\/\" target=\"_blank\" rel=\"noreferrer noopener\">https:\/\/sec-consult.com\/vulnerability-lab\/advisory\/os-command-injection-reflected-cross-site-scripting-in-openemr\/<\/a><\/li>\n<\/ul>\n<\/li>\n\n\n\n<li><strong>phpBB<\/strong>\n<ul class=\"wp-block-list\">\n<li>CVE: CVE-2 017-1000419<\/li>\n\n\n\n<li>Vulnerability: Server Side Request Forgery (SSRF)<\/li>\n\n\n\n<li>Reference:\u00a0<a href=\"https:\/\/sec-consult.com\/vulnerability-lab\/advisory\/phpbb-server-side-request-forgery-vulnerability\/\" target=\"_blank\" rel=\"noreferrer noopener\">https:\/\/sec-consult.com\/vulnerability-lab\/advisory\/phpbb-server-side-request-forgery-vulnerability\/<\/a><\/li>\n\n\n\n<li>Reference:\u00a0<a href=\"https:\/\/www.phpbb.com\/community\/viewtopic.php?f=14&amp;p=14782136\" target=\"_blank\" rel=\"noreferrer noopener\">https:\/\/www.phpbb.com\/community\/viewtopic.php?f=14&amp;p=14782136<\/a><\/li>\n<\/ul>\n<\/li>\n<\/ol>\n","protected":false},"excerpt":{"rendered":"<p>The author has identified several CVEs and has collaborated with friends and colleagues within the organization to identify some of them. Below is a list of the identified CVEs:<\/p>\n","protected":false},"author":1,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"footnotes":""},"class_list":["post-41","page","type-page","status-publish","hentry"],"_links":{"self":[{"href":"https:\/\/jasveermaan.com\/index.php\/wp-json\/wp\/v2\/pages\/41","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/jasveermaan.com\/index.php\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/jasveermaan.com\/index.php\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/jasveermaan.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/jasveermaan.com\/index.php\/wp-json\/wp\/v2\/comments?post=41"}],"version-history":[{"count":4,"href":"https:\/\/jasveermaan.com\/index.php\/wp-json\/wp\/v2\/pages\/41\/revisions"}],"predecessor-version":[{"id":70,"href":"https:\/\/jasveermaan.com\/index.php\/wp-json\/wp\/v2\/pages\/41\/revisions\/70"}],"wp:attachment":[{"href":"https:\/\/jasveermaan.com\/index.php\/wp-json\/wp\/v2\/media?parent=41"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}