164 matches found
SetucoCMS vulnerable to code injection
Overview SetucoCMS provided by SetucoCMS Project is a content management system CMS. SetucoCMS contains code injection vulnerability. Shoji Baba reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning partnership. Impact Arbitrary code...
SetucoCMS vulnerable to session management
Overview SetucoCMS provided by SetucoCMS Project is a content management system CMS. SetucoCMS contains session management vulnerability. Satoshi Ogawa of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security...
[SECURITY] Fedora 25 Update: irssi-0.8.20-1.fc25
Irssi is a modular IRC client with Perl scripting. Only text-mode frontend is currently supported. The GTK/GNOME frontend is no longer being maintained...
RUSTSEC-2016-0004 libusb is unmaintained; use rusb instead
The libusb crate has not seen a release since September 2016, and its author is unresponsive. The rusb crate is a maintained fork: https://github.com/a1ien/rusb...
Regular Expression Denial of Service
Overview All versions of the bleach package are vulnerable to a regular expression denial of service attack when certain types of input are passed into the sanitize function. Recommendation The bleach package is not currently maintained, and has not seen an update since 2014. To mitigate this...
Twit BBS vulnerable to cross-site scripting
Overview Twit BBS provided by LEMON-S PHP contains a persistent cross-site scripting CWE-79 vulnerability due to the processing of imagetitle parameter in index.php. Shoji Baba reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...
yoyaku_v41 vulnerable to OS command injection
Overview yoyakuv41 provided by Webservice-DIC is a software to manage conference room reservations. yoyakuv41 contains an OS command injection vulnerability CWE-78. Shoji Baba reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...
yoyaku_v41 vulnerable to authentication bypass
Overview yoyakuv41 provided by Webservice-DIC is a software to manage conference room reservations. yoyakuv41 contains an authentication bypass vulnerability CWE-592. Shoji Baba reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...
WordPress theme flashy vulnerable to cross-site scripting
Overview flashy is a theme for WordPress. flashy contains a cross-site scripting vulnerability. Koki Takahashi reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An arbitrary script may be executed on the user'...
LinPHA vulnerable to cross-site scripting
Overview LinPHA is a software to manage and host image files on the web. LinPHA contains a cross-site scripting vulnerability. Daiki Fukumori of Cyber Defense Institute, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...
i-HTTPD vulnerable to cross-site scripting
Overview i-HTTPD is a web server for Windows. i-HTTPD contains a flaw in processing HTTP header, which may lead to cross-site scripting CWE-79. Note that this vulnerability is different from JVN89613370. Yamagata of webappsec.jp reported this vulnerability to IPA. JPCERT/CC coordinated with the...
i-HTTPD vulnerable to cross-site scripting
Overview i-HTTPD is a web server for Windows. i-HTTPD contains a flaw in generating a directory index page, which may lead to a cross-site scripting CWE-79. Note that this vulnerability is different from JVN87910097. Yamagata of webappsec.jp reported this vulnerability to IPA. JPCERT/CC coordinat...
"File Upload BBS" of i-HTTPD vulnerable to remote command execution
Overview i-HTTPD is a web server for Windows, implementing Server Side Includes SSI. i-HTTPD contains "File Upload BBS". When "File Upload BBS" is activated, a user can upload files on the server, and i-HTTPD processes SSI directives in the uploaded files CWE-97. Yamagata of webappsec.jp reported...
Aflax vulnerable to cross-site scripting
Overview Aflax is a JavaScript library that enables developers to use JavaScript to fully utilize all of the features of the Adobe Flash runtime. Aflax contains a cross-site scripting vulnerability. Yuji Tounai of bogus.jp reported this vulnerability to JPCERT/CC. JPCERT/CC coordinated with the...
BirdBlog vulnerable to cross-site scripting
Overview BirdBlog is a weblog software. BirdBlog contains a cross-site scripting vulnerability. Daiki Fukumori of Cyber Defense Institute, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An arbitrary...
Bump for Android vulnerable in handling of implicit intents
Overview Bump for Android is an application that allows users to share information and files. Bump for Android contains a vulnerability in the handling of implicit intents. Gaku Mochizuki of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the...
DirPHP 1.0 - Local File Inclusion
DirPHP 1.0 - Local File Inclusion Exploit Title: DirPHP - version 1.0 Local File Inclusion Google Dork: intext:DirPHP - version 1.0 - Created & Maintained by Stuart Montgomery Date: 7/26/14 Exploit Author: -Chosen- Contact: [email protected] Version: DirPHP - Version 1.0 Tested on: n...
Site@School 2.4.10 SQL Injection & XSS vulnerabilities
Advisory: Site@School 2.4.10 SQL Injection & XSS vulnerabilities Advisory ID: SSCHADV2011-030 Author: Stefan Schurtz Affected Software: Successfully tested on Site@School 2.4.10 Vendor URL: http://sourceforge.net/projects/siteatschool/ Vendor Status: insecure and no longer maintained CVE-ID: -...
Fedora Update for chmsee FEDORA-2010-1936
Check for the Version of chmsee OpenVAS Vulnerability Test Fedora Update for chmsee FEDORA-2010-1936 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the term...
[SECURITY] Fedora 11 Update: chmsee-1.0.1-10.fc11
A gtk2 chm document viewer. It uses chmlib to extract files. It uses gecko to display pages. It supports displaying multilingual pages due to gecko. It features bookmarks and tabs. The tabs could be used to jump inside the chm file conveniently. Its UI is clean and handy, also is well localized. ...