6722 matches found
Trend Micro Internet Security Arbitrary Script Execution Vulnerability
Trend Micro Internet Security is a set of Trend Micro Trend Micro integrated with personal firewall, anti-virus, anti-spam and other features in one network security software. A security vulnerability exists in versions 8 and 10 of Trend Micro Internet Security, which can be exploited by attacker...
ZeewaysCMS Multiple Vulnerabilities
ZeewaysCMS is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:zeewayscms:zeeway"; ifdescriptio...
Trend Micro enterprise products HTTP header injection vulnerability
Overview Multiple enterprise products provided by Trend Micro Incorporated contain a HTTP header injection vulnerability. According to the developer, exploiting the vulnerability requires access to the LAN environment of the user. Trend Micro Incorporated reported this vulnerability to JPCERT/CC ...
Trend Micro Internet Security vulnerable to arbitrary script execution
Overview Trend Micro Internet Security provided by Trend Micro Incorporated contains a vulnerability that may allow arbitrary script execution. According to the developer, attempts to exploit the vulnerability will not succeed from external networks when the default settings are used. Trend Micro...
JVN#48789425: Trend Micro Internet Security multiple vulnerabilities
Trend Micro Internet Security provided by Trend Micro Incorporated contains the following vulnerabilities. Access Restriction Flaw - CVE-2016-1225 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N| Base Score: 5.3 CVSS v2| AV:N/AC:L/Au:N/C:P/I:N/A:N| Base...
Cybozu Garoon vulnerable to cross-site scripting
Overview Cybozu Garoon is a groupware. Cybozu Garoon contains a cross-site scripting vulnerability. Note that this vulnerability is different from JVN37121456. Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated...
WordPress plugin "Markdown on Save Improved" vulnerable to cross-site scripting
Overview The WordPress plugin "Markdown on Save Improved" contains a stored cross-site scripting CWE-79 vulnerability. Kenta Yamamoto of Cryptography Laboratory,Department of Information and Communication Engineering, Graduate School of Tokyo Denki University reported this vulnerability to IPA...
HumHub vulnerable to cross-site scripting
Overview HumHub is a software framework for developing a social networking service SNS. HumHub contains a cross-site scripting vulnerability. Satoru Nagaoka of Cyber Defense Institute, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Ear...
Web Mailing List vulnerable to cross-site scripting
Overview Web Mailing List provided by Epoch Ltd. contains a cross-site scripting vulnerability CWE-79. Yuya Yoshida of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An...
ferretCMS cross-site scripting vulnerability (CNVD-2016-03510)
FerretCMS is a content management system. A cross-site scripting vulnerability exists in FerretCMS due to a failure to validate user input effectively. An attacker is able to execute malicious script code on the affected site...
a-blog cms vulnerable to cross-site scripting
Overview a-blog cms provided by appleple Inc. is a content management system CMS. a-blog cms contains a cross-site scripting vulnerability in the standard template of the comment functionality. Yuya Yoshida of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC...
CVE-2016-1667
The TreeScope::adoptIfNeeded function in WebKit/Source/core/dom/TreeScope.cpp in the DOM implementation in Blink, as used in Google Chrome before 50.0.2661.102, does not prevent script execution during node-adoption operations, which allows remote attackers to bypass the Same Origin Policy via a...
CVE-2016-1667
The TreeScope::adoptIfNeeded function in WebKit/Source/core/dom/TreeScope.cpp in the DOM implementation in Blink, as used in Google Chrome before 50.0.2661.102, does not prevent script execution during node-adoption operations, which allows remote attackers to bypass the Same Origin Policy via a...
WN-G300R Series vulnerable to cross-site scripting
Overview WN-G300R Series provided by I-O DATA DEVICE, INC. contains a cross-site scripting vulnerability. WN-G300R Series provided by I-O DATA DEVICE, INC. is a wireless LAN router. WN-G300R Series contains a stored cross-site scripting vulnerability CWE-79. Satoshi Ogawa of Mitsui Bussan Secure...
Multiple shiro8 Co., Ltd. freearea_ addition_plugins for EC-CUBE vulnerable to cross-site scripting
Overview EC-CUBE plugin "categoryfreearea additionplugin" and "itemdetailfreearea additionplugin" provided by shiro8 Co., Ltd. contain a cross-site scripting vulnerability CWE-79. Gen Sato of TRADE WORKS Co.,Ltd. Security Dept. reported this vulnerability to IPA. JPCERT/CC coordinated with the...
Microsoft Edge Elevation of Privilege Vulnerability
Microsoft Edge is the web browser built into the Windows 10 version. Microsoft Edge suffers from an elevation of privilege vulnerability in its implementation due to the program failing to properly validate JavaScript.A remote attacker could exploit this vulnerability to run scripts with elevated...
baserCMS plugin "Recruit Plugin" vulnerable to cross-site scripting
Overview baserCMS plugin "Recruit Plugin" contains a cross-site scripting vulnerability. CWE-79 Takaesu Isao of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An...
Disc Organization System (DORG) Multiple Vulnerabilities
Disc Organization System DORG is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:dorg:dorg";...
jenkins: API tokens of other users available to admins (SECURITY-200)
Jenkins before 1.638 and LTS before 1.625.2 do not properly restrict access to API tokens which might allow remote administrators to gain privileges and run scripts by using an API token of another user...
SAP 3D Visual Enterprise Viewer Memory Error References Remote Code Execution Vulnerability
SAP 3D Visual Enterprise Viewer VEV is a suite of software from SAP for viewing, zooming, panning and rotating interactive 3D data and playing step-by-step animations. A security vulnerability exists in SAP 3D Visual Enterprise Viewer. The vulnerability could be exploited by an attacker to execut...