WordPress Video Embed & Thumbnail Generator Plugin <= 1.9 - Remote Code Execution

Because of this vulnerability, the attackers can execute arbitrary commands via unspecified vectors. Solution Update the plugin...

Jenkins vulnerable to cross-site scripting

Overview Jenkins contains a cross-site scripting vulnerability. Jenkins is a continuous integration CI tool. Note that this vulnerability is different from JVN14791558. Minoru Sakai of SCSK Corporation reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information...

Movable Type vulnerable to OS command injection

Overview Movable Type contains an OS command injection vulnerability. Movable Type contains an OS command injection vulnerability in its file management system. Impact A user with a privilege to upload files may execute an arbitrary OS command. Solution Update the software Update to the latest...

Movable Type vulnerable to cross-site scripting

Overview Movable Type contains a cross-site scripting vulnerability. mt-wizard.cgi and Movable Type templates contain a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the software Update to the latest version of each produ...

JVN#49836527: Movable Type vulnerable to cross-site scripting

mt-wizard.cgi and Movable Type templates contain a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the software Update to the latest version of each product according to the information provided by the developer. Products...

JVN#70683217: Movable Type vulnerable to cross-site request forgery

Movable Type contains a cross-site request forgery vulnerability in entering comments and community functionality. Impact If a user views a malicious page while logged in, settings may be changed, data may be viewed or altered. Solution Update the software Update to the latest version for each...

JVN#54779201: Oracle WebLogic Server vulnerable to cross-site scripting

Oracle WebLogic Server contains a cross-site scripting vulnerability on the management console. Impact An arbitrary script may be executed on the browser of the user who is logged into the administration console of Oracle WebLogic Server. Solution Update the Software Apply the latest update...

JVN#63249231: Cogent DataHub vulnerable to HTTP header injection

Cogent DataHub provided by Cogent Real-Time Systems Inc. contains a HTTP header injection vulnerability also known as CRLF, carriage return line feed, injection vulnerability. Impact If a remote attacker sends a crafted HTTP header to a vulnerable system, forged information may be displayed on th...

JVN#04013920: Pligg vulnerable to cross-site scripting

Pligg is a Content Management System CMS. Pligg contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the software Update to the latest version according to the information provided by the developer. Products Affected...

JVN#36684331: WEB FORUM vulnerable to cross-site scripting

WEB FORUM provided by KENT-WEB is a bulletin board software. WEB FORUM contains a vulnerability in processing the web page to be output, which may result in cross-site scripting. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the lates...

WordPress Trending Theme 0.1 - Cross-Site Scripting

WordPress Trending theme's "cpage" parameter is prone to a cross-site scripting vulnerability. It fails to properly clean up user-supplied input. An attacker may execute arbitrary script code in the browser of an user in the context of the affected site. In this way the attacker can steal...

Megalith vulnerable to authentication bypass

Overview Megalith contains an authentication bypass vulnerability. Megalith is a bulletin board software. Megalith contains an authentication bypass vulnerability. Impact A remote attacker may obtain administrative privileges. Solution Update the software Update to the latest version according to...

JVN#45458289: Megalith vulnerable to authentication bypass

Megalith is a bulletin board software. Megalith contains an authentication bypass vulnerability. Impact A remote attacker may obtain administrative privileges. Solution Update the software Update to the latest version according to the information provided by the developer. Products Affected...

Sage vulnerable to arbitrary script execution

Overview Sage is vulnerable to arbitrary script execution. Note that this vulnerability is different from JVN30221194. Sage is an addon for Mozilla Firefox that adds an RSS/Atom feed reader. Sage is vulnerable to arbitrary script execution due to the improper processing during HTML page output...

Sage vulnerable to arbitrary script execution

Overview Sage is vulnerable to arbitrary script execution. Note that this vulnerability is different from JVN99203127. Sage is an addon for Mozilla Firefox that adds an RSS/Atom feed reader. Sage is vulnerable to arbitrary script execution due to the improper processing during HTML page output...

PT-2011-25: SQL injection vulnerabilities in Support Incident Tracker

Positive Research Center has discovered multiply SQL injection vulnerabilities in Support Incident Tracker. Application incorrectly validates input data, which allows attackers to conduct an SQL injection attack. "SQL Injection" is a way to bypass network protection and attack the database...

PT-2011-09: Arbitrary Command Execution in ManageEngine ServiceDesk Plus 8.0.0

The specialists of the Positive Research center have revealed an arbitrary code execution vulnerability in ManageEngine ServiceDesk Plus. If Microsoft SQL Server is used as application database server, insufficient validation of input settings for /CustomReporthandler.do script that is use to...

Internet Explorer vulnerable to cross-site scripting

Overview Internet Explorer contains a cross-site scripting vulnerability. Internet Explorer contains a cross-site scripting vulnerability due to the processing of malformed file names. Keigo Yamazaki of LAC Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer und...

JVN#73643130: Microsoft MSXML vulnerability in HTTP request processing

MSXML provided by Microsoft contains a vulnerability where HTTP requests for XMLHTTP objects are not processed properly. As a result, when going through a proxy server, information may be sent to another server. Impact When going through a proxy server, information such as authentication...

Java Web Start may insecurely load settings files

Overview Java Web Start provided Oracle may use unsafe methods for determining how to load settings files. Java Web Start is tool to distribute Java applications over the web and is contained in Java applications such as JRE Java Runtime Environment Java Web Start contains an issue with the file...