Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

List of fake or duplicated security vulnerabilities we declined to accept in 2018. #205

Closed
zsxsoft opened this issue Feb 15, 2019 · 7 comments

Comments

@zsxsoft
Copy link
Contributor

zsxsoft commented Feb 15, 2019

Duplicated

CVE-2018-7737

Author: @ponyma233
Detail: https://github.com/ponyma233/cms/blob/master/Z-Blog_1.5.1.1740_bugs.md (Deleted at 16/Feb)
Detail: https://packetstormsecurity.com/files/147063/Z-Blog-1.5.1.1740-Full-Path-Disclosure.html
Duplicated with CVE-2018-6846. We fixed them after CVE-2018-6846 confirmed. See: 7f09eb1

CVE-2018-7736

Author: @ponyma233
Detail: https://github.com/ponyma233/cms/blob/master/Z-Blog_1.5.1.1740_bugs.md
Detail: https://packetstormsecurity.com/files/147066/Z-Blog-1.5.1.1740-Cross-Site-Scripting.html
As same as CVE-2018-10680 and CVE-2018-11208. We decline to accept it as a valid issue. If you get the admin privilege, we have so many self-xss ways.

Useless

CVE-2018-10680

Author: @Oran9e
Detail: #185
We declined to accept a self-xss with admin privilege.

CVE-2018-11208

Author: @Jayway007
Detail: #187
We declined to accept a self-xss with admin privilege.

Fake

CVE-2018-19556

Author: @novysodope
Detail: https://github.com/novysodope/Z-BlogPHP1.5Zero/commit/49b1b99d2df0fd2a3ae61655b516a1c6bc998b57
It's Adobe's bug, not us. As him said, see CVE-2017-1125 and CVE-2018-4901.

CVE-2018-19463

Author: @novysodope
Detail: https://github.com/novysodope/Z-BlogPHP1.5Zero/commit/8526931c1e5fbe185740d91f9b286c38d3401445
It's fake. We have no dynamic including. No one can run PHP by uploading an image in current version. By the way, it needs authentication.

CVE-2018-11209

Author: @Jayway007
Detail: #188
It's a joke. I laughed.

@zsxsoft zsxsoft changed the title The List of fake or duplicated security vulnerabilities we declined to accept in 2018. List of fake or duplicated security vulnerabilities we declined to accept in 2018. Feb 15, 2019
@zsxsoft
Copy link
Contributor Author

zsxsoft commented Feb 15, 2019

This issue will be a hall of shame for speculative people.

@zsxsoft zsxsoft pinned this issue Feb 15, 2019
@zsxsoft
Copy link
Contributor Author

zsxsoft commented Feb 15, 2019

Share a tutorial of requesting for a CVE ID from the team of @ponyma233 : http://5ecurity.cn/index.php/archives/242/

Fantastic!

@zsxsoft zsxsoft closed this as completed Mar 21, 2019
@SilverBut
Copy link

any updates? waiting for more numbers in my resume-keyword-blacklist.md ;-)

@SameleTom
Copy link

只是混个CVE 干嘛那么较真。 何况老美认识汉字么,不得给它翻译一下。

@zsxsoft
Copy link
Contributor Author

zsxsoft commented Jan 3, 2020

@SameleTom 要是你确实发现了一个货真价实的漏洞我自然是没意见的,但你可以看一下这里交的都是啥。不能容忍用虚假报漏洞为自己脸上贴金的行为。

@novysodope
Copy link

novysodope commented Jan 3, 2020 via email

@zblogcn zblogcn deleted a comment from SameleTom Jan 3, 2020
@zblogcn zblogcn deleted a comment from SameleTom Jan 3, 2020
@zblogcn zblogcn deleted a comment from SameleTom Jan 3, 2020
@zblogcn zblogcn deleted a comment from SameleTom Jan 3, 2020
@zblogcn zblogcn deleted a comment from SameleTom Jan 3, 2020
@zblogcn zblogcn deleted a comment from SameleTom Jan 3, 2020
@zblogcn zblogcn deleted a comment from SameleTom Jan 3, 2020
@zblogcn zblogcn deleted a comment from SameleTom Jan 3, 2020
@zblogcn zblogcn deleted a comment from novysodope Jan 3, 2020
@involvements involvements unpinned this issue Jun 24, 2020
@wdssmq
Copy link
Contributor

wdssmq commented Jun 29, 2021

https://www.cnvd.org.cn/flaw/show/CNVD-2021-10364

先贴在这里 ↑↑

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

5 participants