Request History

4 previous requests available

• Restore to current request
• nvdreves/view/209267
• jvninfos/view/41380
• nvdreves/view/302637
• jvninfos/index/page:12449/sort:jvnurl/direction:asc/Jvninfos:cveinfos

Session

• 0(null)

Request

Cake Params

• plugin(null)
• controllerjvninfos
• actionindex
• named(array)
  • page633
  • sortcveinfo_id
  • directiondesc
• pass(empty)
• paging(array)
  • Jvninfo(array)
    • page633
    • current5
    • count68839
    • prevPage(true)
    • nextPage(true)
    • pageCount13768
    • order(array)
      • Jvninfo.cveinfo_iddesc
    • limit5
    • options(array)
      • page633
      • order(array)
        • Jvninfo.cveinfo_iddesc
      • sortcveinfo_id
      • directiondesc
      • conditions(empty)
    • paramTypenamed

Post data

No post data.

Query string

No querystring data.

Cookie

To view Cookies, add CookieComponent to Controller

Current Route

• keys(array)
  • 0controller
  • 1action
• options(array)
  • defaultRoute(true)
• defaults(array)
  • plugin(null)
• template/:controller/:action/*

Sql Logs

Logs

View Variables

• jvninfos(array)
  • 0(array)
    • Jvninfo(array)
      • id1312
      • nameJVNDB-2016-002085
      • titleDrupal の User モジュールの "have you forgotten your password" のリンクにおける重要なユーザ名情報を取得される脆弱性
      • summaryDrupal の User モジュールの "have you forgotten your password" のリンクには、重要なユーザ名情報を取得される脆弱性が存在します。
      • cveinfo_nameCVE-2016-3170
      • cveinfo_id89676
      • nvdinfo_nameCVE-2016-3170
      • nvdinfo_id19015
      • cvssv25
      • cvssv35.3
      • jvnurlhttp://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-002085.html
      • published_date2016-02-24
      • registered_date2016-04-18
      • last_updated_date2016-04-18
      • deleted(null)
      • created0000-00-00 00:00:00
      • modified(null)
    • Cveinfo(array)
      • id89676
      • nameCVE-2016-2857
      • statusCandidate
      • descriptionThe net_checksum_calculate function in net/checksum.c in QEMU allows local guest OS users to cause a denial of service (out-of-bounds heap read and crash) via the payload length in a crafted packet.
      • phaseAssigned (20160306)
      • votesNone (candidate not yet proposed)
      • comments(null)
      • deleted(null)
      • created0000-00-00 00:00:00
      • modified0000-00-00 00:00:00
    • Nvdinfo(array)
      • id19015
      • nameCVE-2016-3170
      • descriptionThe "have you forgotten your password" links in the User module in Drupal 7.x before 7.43 and 8.x before 8.0.4 allow remote attackers to obtain sensitive username information by leveraging a configuration that permits using an email address to login and a module that permits logging in.
      • reject(null)
      • CVSS_version2
      • CVSS_score5
      • severityMedium
      • CVSS_base_score5
      • CVSS_impact_subscore2.9
      • CVSS_exploit_subscore10
      • nvd_xml_version(null)
      • CVSS_vector(AV:N/AC:L/Au:N/C:P/I:N/A:N)
      • sourcecve
      • pub_date2017-01-19
      • published2016-04-12
      • modified_date2016-04-14
      • typeCVE
      • seq2016-3170
      • deleted(null)
      • created(null)
      • modified(null)
  • 1(array)
    • Jvninfo(array)
      • id1245
      • nameJVNDB-2016-002018
      • titleDrupal の User モジュールにおける権限を取得される脆弱性
      • summaryDrupal の User モジュールには、権限を取得される脆弱性が存在します。
      • cveinfo_nameCVE-2016-3169
      • cveinfo_id89675
      • nvdinfo_nameCVE-2016-3169
      • nvdinfo_id19014
      • cvssv26.8
      • cvssv38.1
      • jvnurlhttp://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-002018.html
      • published_date2016-02-24
      • registered_date2016-04-15
      • last_updated_date2016-04-15
      • deleted(null)
      • created0000-00-00 00:00:00
      • modified(null)
    • Cveinfo(array)
      • id89675
      • nameCVE-2016-2856
      • statusCandidate
      • descriptionpt_chown in the glibc package before 2.19-18+deb8u4 on Debian jessie; the elibc package before 2.15-0ubuntu10.14 on Ubuntu 12.04 LTS and before 2.19-0ubuntu6.8 on Ubuntu 14.04 LTS; and the glibc package before 2.21-0ubuntu4.2 on Ubuntu 15.10 and before 2.23-0ubuntu1 on Ubuntu 16.04 LTS and 16.10 lacks a namespace check associated with file-descriptor passing, which allows local users to capture keystrokes and spoof data, and possibly gain privileges, via pts read and write operations, related to debian/sysdeps/linux.mk. NOTE: this is not considered a vulnerability in the upstream GNU C Library because the upstream documentation has a clear security recommendation against the --enable-pt_chown option.
      • phaseAssigned (20160306)
      • votesNone (candidate not yet proposed)
      • comments(null)
      • deleted(null)
      • created0000-00-00 00:00:00
      • modified0000-00-00 00:00:00
    • Nvdinfo(array)
      • id19014
      • nameCVE-2016-3169
      • descriptionThe User module in Drupal 6.x before 6.38 and 7.x before 7.43 allows remote attackers to gain privileges by leveraging contributed or custom code that calls the user_save function with an explicit category and loads all roles into the array.
      • reject(null)
      • CVSS_version2
      • CVSS_score6.8
      • severityMedium
      • CVSS_base_score6.8
      • CVSS_impact_subscore6.4
      • CVSS_exploit_subscore8.6
      • nvd_xml_version(null)
      • CVSS_vector(AV:N/AC:M/Au:N/C:P/I:P/A:P)
      • sourcecve
      • pub_date2017-01-19
      • published2016-04-12
      • modified_date2016-04-12
      • typeCVE
      • seq2016-3169
      • deleted(null)
      • created(null)
      • modified(null)
  • 2(array)
    • Jvninfo(array)
      • id1311
      • nameJVNDB-2016-002084
      • titleDrupal の System モジュールにおけるサイト管理者の認証をハイジャックされる脆弱性
      • summaryDrupal の System モジュールには、サイト管理者の認証をハイジャックされ、任意の JSON エンコードコンテンツを持つファイルをダウンロードおよび実行される脆弱性が存在します。
      • cveinfo_nameCVE-2016-3168
      • cveinfo_id89674
      • nvdinfo_nameCVE-2016-3168
      • nvdinfo_id19013
      • cvssv28.5
      • cvssv36.4
      • jvnurlhttp://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-002084.html
      • published_date2016-02-24
      • registered_date2016-04-18
      • last_updated_date2016-04-18
      • deleted(null)
      • created0000-00-00 00:00:00
      • modified(null)
    • Cveinfo(array)
      • id89674
      • nameCVE-2016-2855
      • statusCandidate
      • descriptionThe Huawei Mobile Broadband HL Service 22.001.25.00.03 and earlier uses a weak ACL for the MobileBrServ program data directory, which allows local users to gain SYSTEM privileges by modifying VERSION.dll.
      • phaseAssigned (20160306)
      • votesNone (candidate not yet proposed)
      • comments(null)
      • deleted(null)
      • created0000-00-00 00:00:00
      • modified0000-00-00 00:00:00
    • Nvdinfo(array)
      • id19013
      • nameCVE-2016-3168
      • descriptionThe System module in Drupal 6.x before 6.38 and 7.x before 7.43 might allow remote attackers to hijack the authentication of site administrators for requests that download and run files with arbitrary JSON-encoded content, aka a "reflected file download vulnerability."
      • reject(null)
      • CVSS_version2
      • CVSS_score8.5
      • severityHigh
      • CVSS_base_score8.5
      • CVSS_impact_subscore10
      • CVSS_exploit_subscore6.8
      • nvd_xml_version(null)
      • CVSS_vector(AV:N/AC:M/Au:S/C:C/I:C/A:C)
      • sourcecve
      • pub_date2017-01-19
      • published2016-04-12
      • modified_date2016-04-14
      • typeCVE
      • seq2016-3168
      • deleted(null)
      • created(null)
      • modified(null)
  • 3(array)
    • Jvninfo(array)
      • id1244
      • nameJVNDB-2016-002017
      • titleDrupal の drupal_goto 関数におけるオープンリダイレクトの脆弱性
      • summaryDrupal の drupal_goto 関数には、PHP 5.4.7 未満で使用される場合、オープンリダイレクトの脆弱性が存在します。
      • cveinfo_nameCVE-2016-3167
      • cveinfo_id89673
      • nvdinfo_nameCVE-2016-3167
      • nvdinfo_id19012
      • cvssv25.8
      • cvssv37.4
      • jvnurlhttp://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-002017.html
      • published_date2016-02-24
      • registered_date2016-04-15
      • last_updated_date2016-04-15
      • deleted(null)
      • created0000-00-00 00:00:00
      • modified(null)
    • Cveinfo(array)
      • id89673
      • nameCVE-2016-2854
      • statusCandidate
      • descriptionThe aufs module for the Linux kernel 3.x and 4.x does not properly maintain POSIX ACL xattr data, which allows local users to gain privileges by leveraging a group-writable setgid directory.
      • phaseAssigned (20160306)
      • votesNone (candidate not yet proposed)
      • comments(null)
      • deleted(null)
      • created0000-00-00 00:00:00
      • modified0000-00-00 00:00:00
    • Nvdinfo(array)
      • id19012
      • nameCVE-2016-3167
      • descriptionOpen redirect vulnerability in the drupal_goto function in Drupal 6.x before 6.38, when used with PHP before 5.4.7, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a double-encoded URL in the "destination" parameter.
      • reject(null)
      • CVSS_version2
      • CVSS_score6.4
      • severityMedium
      • CVSS_base_score6.4
      • CVSS_impact_subscore4.9
      • CVSS_exploit_subscore10
      • nvd_xml_version(null)
      • CVSS_vector(AV:N/AC:L/Au:N/C:P/I:P/A:N)
      • sourcecve
      • pub_date2017-01-19
      • published2016-04-12
      • modified_date2016-04-18
      • typeCVE
      • seq2016-3167
      • deleted(null)
      • created(null)
      • modified(null)
  • 4(array)
    • Jvninfo(array)
      • id1243
      • nameJVNDB-2016-002016
      • titleDrupal の drupal_set_header 関数における CRLF インジェクションの脆弱性
      • summaryDrupal の drupal_set_header 関数には、PHP 5.1.2 未満で使用される場合、CRLF インジェクションの脆弱性が存在します。
      • cveinfo_nameCVE-2016-3166
      • cveinfo_id89672
      • nvdinfo_nameCVE-2016-3166
      • nvdinfo_id19011
      • cvssv24.3
      • cvssv35.9
      • jvnurlhttp://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-002016.html
      • published_date2016-02-24
      • registered_date2016-04-15
      • last_updated_date2016-04-15
      • deleted(null)
      • created0000-00-00 00:00:00
      • modified(null)
    • Cveinfo(array)
      • id89672
      • nameCVE-2016-2853
      • statusCandidate
      • descriptionThe aufs module for the Linux kernel 3.x and 4.x does not properly restrict the mount namespace, which allows local users to gain privileges by mounting an aufs filesystem on top of a FUSE filesystem, and then executing a crafted setuid program.
      • phaseAssigned (20160306)
      • votesNone (candidate not yet proposed)
      • comments(null)
      • deleted(null)
      • created0000-00-00 00:00:00
      • modified0000-00-00 00:00:00
    • Nvdinfo(array)
      • id19011
      • nameCVE-2016-3166
      • descriptionCRLF injection vulnerability in the drupal_set_header function in Drupal 6.x before 6.38, when used with PHP before 5.1.2, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks by leveraging a module that allows user-submitted data to appear in HTTP headers.
      • reject(null)
      • CVSS_version2
      • CVSS_score4.3
      • severityMedium
      • CVSS_base_score4.3
      • CVSS_impact_subscore2.9
      • CVSS_exploit_subscore8.6
      • nvd_xml_version(null)
      • CVSS_vector(AV:N/AC:M/Au:N/C:N/I:P/A:N)
      • sourcecve
      • pub_date2017-01-19
      • published2016-04-12
      • modified_date2016-04-12
      • typeCVE
      • seq2016-3166
      • deleted(null)
      • created(null)
      • modified(null)
• $request->data(empty)
• $this->validationErrors(array)
  • Jvninfo(empty)
  • Cveinfo(empty)
  • Nvdinfo(empty)
• Loaded Helpers(array)
  • 0Number
  • 1SimpleGraph
  • 2Paginator
  • 3DebugTimer
  • 4Toolbar
  • 5Html
  • 6Text
  • 7Form
  • 8Session
  • 9HtmlToolbar

App Constants

No application environment available.

CakePHP Constants

Constant	Value
APP	/virtual/inogo77/public_html/jvn/app/
APP_DIR	app
APPLIBS	/virtual/inogo77/public_html/jvn/app/Lib/
CACHE	/virtual/inogo77/public_html/jvn/app/tmp/cache/
CAKE	/virtual/inogo77/public_html/jvn/lib/Cake/
CAKE_CORE_INCLUDE_PATH	/virtual/inogo77/public_html/jvn/lib
CORE_PATH	/virtual/inogo77/public_html/jvn/lib/
CAKE_VERSION	2.6.0
CSS	/virtual/inogo77/public_html/jvn/app/webroot/css/
CSS_URL	css/
DS	/
FULL_BASE_URL	http://inogo77.s500.xrea.com
IMAGES	/virtual/inogo77/public_html/jvn/app/webroot/img/
IMAGES_URL	img/
JS	/virtual/inogo77/public_html/jvn/app/webroot/js/
JS_URL	js/
LOGS	/virtual/inogo77/public_html/jvn/app/tmp/logs/
ROOT	/virtual/inogo77/public_html/jvn
TESTS	/virtual/inogo77/public_html/jvn/app/Test/
TMP	/virtual/inogo77/public_html/jvn/app/tmp/
VENDORS	/virtual/inogo77/public_html/jvn/vendors/
WEBROOT_DIR	webroot
WWW_ROOT	/virtual/inogo77/public_html/jvn/app/webroot/

PHP Environment

Environment Variable	Value
Php Version	5.6.40
Phprc	php56.ini
Php Fcgi Children	1
Pwd	/virtual/inogo77/public_html/.fast-cgi-bin
Php Fcgi Max Requests	10000
Shlvl	0
Path	/usr/local/bin:/usr/bin:/bin
Http Connection	close
Script Name	/jvn/app/webroot/index.php
Request Uri	/jvn/jvninfos/index/page:633/sort:cveinfo_id/direction:desc
Query String
Request Method	GET
Server Protocol	HTTP/1.1
Gateway Interface	CGI/1.1
Redirect Url	/jvn/app/webroot/jvninfos/index/page:633/sort:cveinfo_id/direction:desc
Remote Port	20155
Script Filename	/virtual/inogo77/public_html/jvn/app/webroot/index.php
Server Admin	[no address given]
Context Document Root	/virtual/inogo77/public_html
Context Prefix
Request Scheme	http
Document Root	/virtual/inogo77/public_html
Remote Addr	18.191.223.26
Server Port	80
Server Addr	160.251.151.205
Server Name	inogo77.s500.xrea.com
Server Software	Apache
Server Signature
Http Host	inogo77.s500.xrea.com
Http Accept Encoding	gzip, br, zstd, deflate
Http User Agent	Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ClaudeBot/1.0; +claudebot@anthropic.com)
Http Accept	*/*
Gem Home	/usr/local/rvm/gems/ruby-2.3.0
X Dostranslated Ip	18.191.223.26
Mm Country Code	US
Mmdb Info	result found
Mmdb Addr	18.191.223.26
Unique Id	aCuG1MgR6PzhXVvBftgB5wAAAdA
Redirect Status	200
Redirect Gem Home	/usr/local/rvm/gems/ruby-2.3.0
Redirect X Dostranslated Ip	18.191.223.26
Redirect Mm Country Code	US
Redirect Mmdb Info	result found
Redirect Mmdb Addr	18.191.223.26
Redirect Unique Id	aCuG1MgR6PzhXVvBftgB5wAAAdA
Redirect Redirect Status	200
Redirect Redirect Gem Home	/usr/local/rvm/gems/ruby-2.3.0
Redirect Redirect X Dostranslated Ip	18.191.223.26
Redirect Redirect Mm Country Code	US
Redirect Redirect Mmdb Info	result found
Redirect Redirect Mmdb Addr	18.191.223.26
Redirect Redirect Unique Id	aCuG1MgR6PzhXVvBftgB5wAAAdA
Fcgi Role	RESPONDER
Php Self	/jvn/app/webroot/index.php
Request Time Float	1747683028.8827
Request Time	1747683028

Included Files

Include Paths

• 0/virtual/inogo77/public_html/jvn/lib
• 2/opt/remi/php56/root/usr/share/pear
• 3/opt/remi/php56/root/usr/share/php
• 4/usr/share/pear
• 5/usr/share/php
• 6-> /virtual/inogo77/public_html/jvn/lib/Cake/

Included Files

• core(array)
  • Cache(array)
    • 0CORE/Cache/Cache.php
    • 1CORE/Cache/Engine/FileEngine.php
    • 2CORE/Cache/CacheEngine.php
  • Component(array)
    • 0CORE/Controller/Component/SessionComponent.php
    • 1CORE/Controller/Component/PaginatorComponent.php
  • Config(array)
    • 0CORE/Config/routes.php
    • 1CORE/Config/config.php
  • Controller(array)
    • 0CORE/Controller/Controller.php
    • 1CORE/Controller/ComponentCollection.php
    • 2CORE/Controller/Component.php
  • Datasource(array)
    • 0CORE/Model/Datasource/CakeSession.php
    • 1CORE/Model/Datasource/Database/Mysql.php
    • 2CORE/Model/Datasource/DboSource.php
    • 3CORE/Model/Datasource/DataSource.php
  • Error(array)
    • 0CORE/Error/exceptions.php
    • 1CORE/Error/ErrorHandler.php
  • I18n(array)
    • 0CORE/I18n/I18n.php
    • 1CORE/I18n/L10n.php
  • Log(array)
    • 0CORE/Log/CakeLog.php
    • 1CORE/Log/LogEngineCollection.php
    • 2CORE/Log/Engine/FileLog.php
    • 3CORE/Log/Engine/BaseLog.php
    • 4CORE/Log/CakeLogInterface.php
  • Model(array)
    • 0CORE/Model/Model.php
    • 1CORE/Model/BehaviorCollection.php
    • 2CORE/Model/ConnectionManager.php
  • Network(array)
    • 0CORE/Network/CakeRequest.php
    • 1CORE/Network/CakeResponse.php
  • Other(array)
    • 0CORE/bootstrap.php
    • 1CORE/basics.php
    • 2CORE/Core/App.php
    • 3CORE/Core/Configure.php
    • 4CORE/Core/CakePlugin.php
    • 5CORE/Event/CakeEventListener.php
    • 6CORE/Event/CakeEvent.php
    • 7CORE/Event/CakeEventManager.php
    • 8CORE/Core/Object.php
  • Routing(array)
    • 0CORE/Routing/Dispatcher.php
    • 1CORE/Routing/Filter/AssetDispatcher.php
    • 2CORE/Routing/DispatcherFilter.php
    • 3CORE/Routing/Filter/CacheDispatcher.php
    • 4CORE/Routing/Router.php
    • 5CORE/Routing/Route/CakeRoute.php
    • 6CORE/Routing/Route/PluginShortRoute.php
  • Utility(array)
    • 0CORE/Utility/Hash.php
    • 1CORE/Utility/Inflector.php
    • 2CORE/Utility/ObjectCollection.php
    • 3CORE/Utility/Debugger.php
    • 4CORE/Utility/String.php
    • 5CORE/Utility/ClassRegistry.php
  • View(array)
    • 0CORE/View/HelperCollection.php
• app(array)
  • Component(array)
    • 0APP/Controller/Component/CommonComponent.php
  • Config(array)
    • 0APP/Config/core.php
    • 1APP/Config/bootstrap.php
    • 2APP/Config/routes.php
    • 3APP/Config/database.php
  • Controller(array)
    • 0APP/Controller/JvninfosController.php
    • 1APP/Controller/AppController.php
  • Model(array)
    • 0APP/Model/Jvninfo.php
    • 1APP/Model/AppModel.php
    • 2APP/Model/Cveinfo.php
    • 3APP/Model/Nvdinfo.php
  • Other(array)
    • 0APP/webroot/index.php
• plugins(array)
  • DebugKit(array)
    • Component(array)
      • 0DebugKit/Controller/Component/ToolbarComponent.php
    • Other(array)
      • 0DebugKit/Lib/DebugMemory.php
      • 1DebugKit/Lib/Panel/HistoryPanel.php
      • 2DebugKit/Lib/DebugPanel.php
      • 3DebugKit/Lib/Panel/SessionPanel.php
      • 4DebugKit/Lib/Panel/RequestPanel.php
      • 5DebugKit/Lib/Panel/SqlLogPanel.php
      • 6DebugKit/Lib/Panel/TimerPanel.php
      • 7DebugKit/Lib/Panel/LogPanel.php
      • 8DebugKit/Lib/Panel/VariablesPanel.php
      • 9DebugKit/Lib/Panel/EnvironmentPanel.php
      • 10DebugKit/Lib/Panel/IncludePanel.php
      • 11DebugKit/Lib/DebugTimer.php
    • Log(array)
      • 0DebugKit/Lib/Log/Engine/DebugKitLog.php