Lucene search
K

1065 matches found

Japan Vulnerability Notes
Japan Vulnerability Notes
added 2008/09/02 8:22 a.m.5 views

Blogn vulnerable to cross-site request forgery

Overview Blogn from R-ONE Computer contains a cross-site request forgery vulnerability. Blogn from R-ONE Computer is software for creating blogs. Blogn contains a cross-site request forgery vulnerability. Masako Ohno of NetAgent Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated...

6.8CVSS6.7AI score0.00581EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2008/08/21 12:0 a.m.35 views

JVN#83428818 La!cooda WIZ and LacoodaST vulnerable to cross-site request forgery

La!cooda WIZ from System Consultants Co., Ltd. and LacoodaST from SpaceTag, Inc. are groupware providing schedule and task managements, etc. La!cooda WIZ and LacoodaST contain a cross-site request forgery vulnerability. Impact Password or other configurations may be changed if the logged in user...

6CVSS6.4AI score0.00559EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2008/07/29 5:56 a.m.1 views

K's CGI Access Log Kaiseki (jcode.pl) vulnerable to cross-site scripting

Overview analysis.cgi included in K's CGI Access Log Kaiseki jcode.pl contains a cross-site scripting vulnerability. K's CGI Access Log Kaiseki is a program to analyze access to a web page. analysis.cgi included in Access Log Kaiseki Jcode.pl contains a cross-site scripting vulnerability. The...

5CVSS6.1AI score0.01263EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2008/07/23 12:0 a.m.20 views

JVN#72065744 K's CGI Access Log Kaiseki (Jcode.pm) vulnerable to cross-site scripting

K's CGI Access Log Kaiseki is a program to analyze access to a web page. analysis.cgi included in Access Log Kaiseki Jcode.pm contains a cross-site scripting vulnerability. Impact An arbitrary script could be executed on the user's web browser. Solution Update the Software Apply the latest update...

4.3CVSS5.9AI score0.01263EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2008/07/08 3:14 a.m.3 views

Multiple Cybozu products vulnerable to cross-site request forgery

Overview Multiple Cybozu products contain a cross-site request forgery vulnerability. Daiki Fukumori of Secure Sky Technology, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the vendors under Information Security Early Warning Partnership. Impact If a user views a malicious w...

6.8CVSS6.7AI score0.01044EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2008/05/20 3:0 p.m.2 views

eBASEweb SQL injection vulnerability

Overview eBASEweb, an optional product in the eBASE series data management software from eBASE Co., Ltd., contains an SQL injection vulnerability as it does not completely sanitize user input data. eBASE Co., Ltd. has fixed this product and advised customers who have introduced this product to...

7.5CVSS8AI score0.01333EPSS
Exploits0References9
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2008/05/20 3:0 p.m.2 views

rktSNS cross-site scripting vulnerability

Overview rktSNS, an open source social networking service engine provided by rakuto.net, contains a cross-site scripting vulnerability. rktSNS, provided by rakuto.net, is open source software for community site construction. rktSNS contains a cross-site scripting vulnerability. Impact An arbitrar...

4.3CVSS6.3AI score
Exploits0References3
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2008/05/20 3:0 p.m.1 views

Nessus report function vulnerable to arbitrary script execution

Overview Nessus scanning report in HTML format contains the target server's responses against Nessus scanning. Nessus fails to properly handle the responses. This may cause a script to be executed on a user's web browser when the user views the report. Nessus, a vulnerability scanner from Tenable...

5.8CVSS6.7AI score
Exploits0References3
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2008/05/20 3:0 p.m.2 views

Sleipnir and Grani Bookmark Search vulnerable to arbitrary script execution

Overview Sleipnir and Grani, web browsers from Fenrir & Co., contain a vulnerability in the bookmark search function that allows an attacker to execute an arbitrary script. Sleipnir and Grani, web browsers from Fenrir & Co., have a bookmark search function. When a user runs the search function, t...

4.3CVSS6.8AI score0.02216EPSS
Exploits0References10
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2008/05/20 3:0 p.m.2 views

HttpLogger vulnerable to cross-site scripting

Overview KLab HttpLogger is vulnerable to cross-site scripting. Klab HttpLogger is full-text search software for web browser histories. HttpLogger is vulnerable to cross-site scripting. Impact An arbitrary script can be executed on the user's web browser. Solution Update the Software Apply the...

4.3CVSS6.5AI score0.01659EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2008/05/20 3:0 p.m.4 views

Ichitaro series buffer overflow vulnerability

Overview The "Ichitaro" series word processing software contains a buffer overflow vulnerability. This vulnerability is different from JVN29211062 and JVN32981509. The "Ichitaro" series word processing software, from JustSystems Corporation, contains a buffer overflow vulnerability. If a user ope...

9.3CVSS7.9AI score0.05741EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2008/05/20 3:0 p.m.2 views

MouseoverDictionary vulnerable to arbitrary script execution

Overview MouseoverDictionary, an add-on for Mozilla Firefox, contains a vulnerability that allows an attacker to execute an arbitrary script. MouseoverDictionary, an add-on mouseover English-Japanese dictionary for Mozilla Firefox, contains a vulnerability that allows an attacker to execute an...

5.8CVSS6.6AI score0.01009EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2008/05/20 3:0 p.m.3 views

Namazu cross-site scripting vulnerability

Overview Namazu, Japanese full-text search engine, contains a cross-site scripting vulnerability. Namazu, Japanese full-text search engine does not specify charset in the ContentType header that could allow a remote attacker to execute an arbitrary script on the user's web browser. Impact An...

4.3CVSS6.2AI score0.01745EPSS
Exploits0References8
Packet Storm
Packet Storm
added 2008/04/28 12:0 a.m.32 views

hpu-insecure.txt

&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&& Insecure Methods in HP Update Software. Remote: Yes Execute code remotely is possible using methods ExecuteAsync and Execute :- If a user visits the malicious page the attacker can execute code...

7.4AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2008/04/23 12:0 a.m.26 views

JVN#76788395 Sony mylo COM-2 does not verify server SSL certificate

Sony mylo COM-2, a mobile terminal equipped with a web browser and media palyer, contains a vulnerability where it does not verify the server certificate when connecting to a server via SSL/TLS. Impact Normally, when a client connects to a web server through a SSL/TLS connection, it would verify...

6.4CVSS6.2AI score0.01346EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2008/03/27 12:0 a.m.12 views

JVN#76669770 PerlMailer cross-site scripting vulnerability

PerlMailer is a mail form CGI provided by "Homepage Decorator". It is used to send mail from a form on a web page. A cross-site scripting vulnerabiltiy exists in PerlMailer. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest...

6.4AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2008/03/07 12:0 a.m.16 views

JVN#10606373 BFup ActiveX Control buffer overflow vulnerability

BFup ActiveX Control is developed by an individual that provides file upload and download functionality. BFup ActiveX Control contains a buffer overflow vulnerability. According to the developer of BFup ActiveX Control, this vulnerability only exists in BFup ActiveX Control developed by the...

8.5AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2008/02/21 12:0 a.m.26 views

JVN#42381549 Internet Scanner reporting engine vulnerable to cross-site scripting

IBM Internet Scanner has a function to generate a report as an HTML file. Internet Scanner's reporting engine does not properly sanitize data before generating this report. This vulnerability may allow an attacker to insert an arbitrary script, which is executed on the user's web browser when the...

6.4AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2008/02/12 12:0 a.m.65 views

JVN#09470767 Apache Tomcat fails to properly handle cookie value

Apache Tomcat from the Apache Software Foundation is a web container that implements both Java Servlets and JavaServer Pages. Apache Tomcat from the Apache Software Foundation contains a vulnerability that could allow a remote attacker to coerce a crafted cookie to a user's web browser. The...

5CVSS4.8AI score0.62575EPSS
Exploits5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2007/12/18 12:0 a.m.11 views

JVN#75130343 Google Web Toolkit vulnerable to cross-site scripting

Google Web Toolkit GWT is an open source software development framework that allows web developers to create Ajax applications in Java. The benchmark reporting system in GWT is vulnerable to cross-site scripting. Impact An arbitrary script can be executed on the user's web browser. Solution Updat...

6.5AI score
Exploits0
Rows per page
Query Builder