5625 matches found
JVN#15222211: Cybozu Garoon vulnerable to cross-site request forgery
Cybozu Garoon provided by Cybozu,Inc. is a groupware. Cybozu Garoon contains a cross-site request forgery vulnerability CWE-352. Impact If a user views a malicious page while logged in, the user may be forced to log out. Solution Update the Software Update to the latest version according to the...
JVN#32504719: Usermin cross-site scripting vulnerabilities
Usermin is a web-based interface used to manage webmail. Usermin contains reflected cross-site scripting vulnerabilities in /filter/saveforward.cgi, /filter/save.cgi and /man/search.cgi. Impact An arbitrary script may be executed on a logged in user's web browser. Solution Update the software...
JVN#74244518: Splunk Enterprise and Splunk Light vulnerable to cross-site scripting
Splunk Enterprise and Splunk Light contain a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest version according to the information provided by the developer. Products Affected Splunk...
JVN#68364327: WAONサービスアプリ App for Android fails to verify SSL server certificates
WAONサービスアプリ App for Android provided by AEON CO., LTD. fails to verify SSL server certificates. Impact A man-in-the-middle attack may allow an attacker to eavesdrop on an encrypted communication. Solution Update the Application Update to the latest version according to the information provided by...
JVN#14749391: Multiple directory traversal vulnerabilities in Cybozu Garoon
Cybozu Garoon is a groupware. Cybozu Garoon contains following multiple directory traversal vulnerabilities. Directory traversal in the function "Files" - CVE-2016-1191 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N| Base Score: 5.3 CVSS v2|...
JVN#13794955: Source code of Old_GSI_Maps prior to January, 2015 vulnerable to directory traversal
kml2jsonp.php contained in source code of OldGSIMaps prior to January, 2015 provided by the Geospatial Information Authority of Japan GSI contains a directory traversal vulnerability CWE-22. Impact When the product is used in Windows, a remote attacker may obtain arbitrary files from the server...
JVN#00460236: NetCommons vulnerable to privilege escalation
NetCommons provided by the NetCommons Project contains a privilege escalation vulnerability. Impact A user with secretariat privileges "CLERK" may create a user with system administrator privileges "SYSTEMADMIN". Solution Update the Software Update the software according to the information provid...
JVN#91638315: FileMaker server issue where PHP source code may be viewable
FileMaker server contains an issue where PHP source code may be viewable when Custom Web Publishing with PHP is enabled. Impact PHP source code may be viewable. Solution Apply an Update Update to the latest version according to the information provided by the developer. Products Affected FileMake...
JVN#21025396: Multiple PHP code execution vulnerabilitles in Cybozu Garoon
Cybozu Garoon is a groupware. Cybozu Garoon contains multiple PHP code execution vulnerabilities. CyVDB-863 Cybozu Garoon allows remote authenticated users to execute arbitrary PHP code, CyVDB-867 Cybozu Garoon allows remote authenticated users to execute arbitrary PHP code CVE-2015-5646 CyVDB-86...
JVN#52248864: yoyaku_v41 vulnerable to authentication bypass
yoyakuv41 provided by Webservice-DIC is a software to manage conference room reservations. yoyakuv41 contains an authentication bypass vulnerability CWE-592. Impact A remote attacker could bypass yoyakuv41's authentication, and make an unintentional reservation. Solution Do not use yoyakuv41...
JVN#86680970: Gazou BBS plus vulnerability in file upload processing
Gazou BBS plus provided by LEMON-S PHP contains a vulnerability in the processing of file uploads. Impact An image file may be specially crafted to upload arbitrary HTML files. Solution Apply an Update Apply the update according to the information provided by the provider. Products Affected Gazou...
JVN#61935381: Simple Oekaki BBS vulnerability where arbitary files may be deleted
Simple Oekaki BBS provided by LEMON-S PHP contains a flaw in parsing the oekakis parameter in index.php, which may allow a remote attacker to delete arbitrary files. Impact A remote attacker may delete arbitrary files on the server. Solution Update the Software Update to the latest version...
JVN#19578958: Symfony vulnerable to code injection
Symfony is an open source web application framework provided by SensioLabs. Symfony contains a code injection vulnerability. Applications with ESI support enabled and using the Symfony built-in reverse proxy the HttpCache class are affected. Impact Arbitrary PHP code may be executed on the server...
JVN#26860747: TransmitMail vulnerable to cross-site scripting
TransmitMail is a PHP based mail form. TransmitMail contains a cross-site scripting CWE-79 vulnerability due to the processing of file names. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest version according to the informatio...
JVN#16406395: "File Upload BBS" of i-HTTPD vulnerable to remote command execution
i-HTTPD is a web server for Windows, implementing Server Side Includes SSI. i-HTTPD contains "File Upload BBS". When "File Upload BBS" is activated, a user can upload files on the server, and i-HTTPD processes SSI directives in the uploaded files CWE-97. Impact An arbitrary command may be execute...
JVN#80583739: Cybozu Garoon vulnerable to cross-site scritping
Cybozu Garoon provided by Cybozu, Inc. is a groupware. Cybozu Garoon contains an issue in the function "Notices portlet", which may result in a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the web browser of a user that is logged on. Solution Update the...
JVN#90519014: Cybozu Garoon Phone Messages vulnerable to denial-of-service (DoS)
Cybozu Garoon provided by Cybozu, Inc. is a groupware. Cybozu Garoon contains a denial-of-service DoS vulnerability in the Phone Messages function. Impact Processing input from a user who can log in to the system may cause denial-of-service DoS condition on the server by consuming high system...
JVN#87729477: Cybozu Garoon vulnerable to session fixation
Cybozu Garoon provided by Cybozu,Inc. is a groupware. Cybozu Garoon contains a session fixation vulnerability. Impact A remote, unauthenticated attacker may impersonate a registered user. As a result, information may be disclosed or altered. Solution Update the Software Update to the latest versi...
JVN#84221103: Cybozu Garoon vulnerable to mail header injection
Cybozu Garoon provided by Cybozu,Inc. is a groupware. Cybozu Garoon contains a mail header injection vulnerability in the Phone Messages function. Impact If the function that forwards Phone Messages to an email address is configured, the header of the email to be forwarded may be altered. Solutio...
JVN#68663052: Oracle Outside In vulnerable to denial-of-service (DoS)
Oracle Outside In is a library to decode over 500 file types. Oracle Outside In contains a denial-of-service DoS vulnerability. Impact When Oracle Outside In processes a specially crafted Hangul Word Processor file, the process may hang. Solution Apply an update Update to the latest version...
JVN#65923092: VxWorks WebCLI vulnerable to denial-of-service (DoS)
The VxWorks WebCLI contains a denial-of-service DoS vulnerability due to an issue in parsing command strings. Impact An attacker that can login to a CLI session may cause the current CLI session to crash. Solution Apply a patch Apply the appropriate patch according to the information provided by...
JVN#09223079: imgboard vulnerable to cross-site scripting
imgboard provided by imgboard.com CGI Download Center formerly 1998 t-club CGI Download Center is a bulletin board software that supports posting picture files. imgboard contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution...
JVN#58160713: MyWebSearch vulnerable to cross-site scripting
MyWebSearch is a CGI script for searching within a website. MyWebSearch contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest version according to the information provided by the...
JVN#77393797: Cybozu Live for Android vulnerable in the WebView class
Cybozu Live for Android is a client software for Cybozu Live. Cybozu Live for Android contains a vulnerability in the WebView class. Impact When there is a malicious file in the user's Android device, clicking a file:// hyperlink may lead to the malicious file being opened and information managed...
JVN#58102473: WEB PATIO vulnerable to cross-site scripting
WEB PATIO is a bulletin-board software. WEB PATIO contains a vulnerability in handling cookies, which may result in cross-site scripting. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest version according to the information...
JVN#95378720: Multiple JustSystems products may insecurely load dynamic libraries
Multiple JustSystems products contain an issue with the DLL search path, which may lead to insecurely loading dynamic libraries. Impact Arbitrary code may be executed with the privileges of the running application. Solution Update the software Apply the appropriate update according to the...
JVN#09619876: Multiple JustSystems products vulnerable to buffer overflow
Multiple products provided by JustSystems Corporation contain a buffer overflow vulnerability due to improper handling of image files. Impact If this vulnerability is exploited, a system may be crashed or arbitrary code may be executed. Solution Update the Software Apply the appropriate update...
JVN#33283707: ActiveScriptRuby vulnerable to arbitrary Ruby script execution
ActiveScriptRuby is a software to implement Ruby into a Windows environment. ActiveScriptRuby contains a vulnerability where an arbitrary Ruby script may be executed on the web browser that can execute ActiveX controls when HTML is displayed. Impact A remote attacker may be able to obtain...
JVN#56653852: SquirrelMail plugin Autocomplete vulnerable to cross-site scripting
The Autocomplete plugin in SquirrelMail searches for registered email addresses in user contacts as the user types into specific fields. The Autocomplete plugin contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the...
JVN#79099262: Apache Struts 2 vulnerable to an arbitrary Java method execution
Apache Struts 2 is a framework to create Java web applications. Apache Struts 2 contains an arbitrary Java method execution vulnerability due to improper conversion in OGNL expression if a non-string property is contained in action. Impact If a remote attacker sends a malformed request parameter ...
JVN#72854072: Aipo vulnerable to cross-site request forgery
Aipo from Aimluck, Inc. is groupware including functions such as scheduler and intra-office blogging. Aipo contains a cross-site request forgery vulnerability. Impact If an administrative user views a malicious page while logged into Aipo, data stored within Aipo may be altered. Solution Update t...
JVN#74649877: Mozilla Firefox vulnerable to cross-site scripting
Mozilla Firefox contains a vulnerability in the rendering of Cascading Style Sheets CSS, which may result in cross-site scripting. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest version according to the information provided ...
JVN#59779256: Cybozu Garoon vulnerable to cross-site scripting
Cybozu Garoon is a groupware. Cybozu Garoon contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the web browser of an user who is logged on. Solution Update the software Update to the latest version according to the information provided by the developer...
JVN#71542734: F-Secure Internet Gatekeeper for Linux authentication issue
F-Secure Internet Gatekeeper for Linux provided by F-Secure Corporation is an anti-virus product. F-Secure Internet Gatekeeper for Linux contains an issue where authentication is not present. Impact A remote attacker may view access logs that are stored by the product. Solution Update the firmwar...
JVN#33301529: Internet Explorer vulnerable to cross-site scripting
Microsoft Internet Explorer contains a vulnerability in handling specific ISO-2022-JP encoded characters, which may result in cross-site scripting. Impact An arbitrary script may be executed. Solution Update the Software Apply the latest update according to the information provided by Microsoft...
JVN#68536660: Archive Decoder may insecurely load executable files
Archive Decoder is a file extraction software that supports multiple file formats. Archive Decoder loads certain executables .exe when extracting files. Archive Decoder contains an issue with the file search path, which may insecurely load executables. Impact An attacker may execute arbitrary cod...
JVN#90248889: Interstage Application Server vulnerable in request processing
The Servlet service provided by the Interstage Application Server from Fujitsu Limited, contains a vulnerability where certain requests may be handled improperly depending on the settings at the load balancing device. Impact Invalid requests may be processed or user information may be leaked...
JVN#33977065 WebCalenderC3 cross-site scripting vulnerability
WebCalenderC3 from C3 Corp. is a calender software. WebCalenderC3 contains a cross-site scripting vulnerability. According to the developer, they were not able to reproduce the vulnerability. However, to mitigate against potential security risks, the developer has released a security enhanced...
JVN#00152874 P forum vulnerable to directory traversal
P forum from Rocomotion is a bulletin board software. P forum contains a directory traversal vulnerability. Impact A remote attacker could view an arbitrary file on the server. Solution Update the Software Update to the latest version according to the information provided by the developer. This...
JVN#32788272 PHP-I-BOARD from Let's PHP! vulnerable to directory traversal
PHP-I-BOARD from Let's PHP! is a bulletin board software. PHP-I-BOARD contains a directory traversal vulnerability. Impact A remote attacker could view an arbitrary file on the server. Solution Update the Software Update to the latest version according to the information provided by the developer...
JVN#81111541 EC-CUBE vulnerable to SQL injection
EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains a SQL injection vulnerability. Impact A remote attacker could obtain the website administrator's privilege which was created using EC-CUBE. Solution Update the Software Apply the latest updates...
JVN#31351020 Cross-site scripting vulnerabilities in multiple Bluemoon Inc. XOOPS modules
Mutiple modules provided by Blumoon Inc. for XOOPS 2.0.x / XOOPS Cube 2.1 / ImpressCMS are vulnerable to cross-site scripting. Impact An arbitrary script can be executed on the user's web browser. Solution Update the Software Update the product to the latest version according to the information...
JVN#82610488 Lhaplus buffer overflow vulnerability
Lhaplus, file compression/decompression software supporting multiple compression file formats, contains a buffer overflow vulnerability. If a user decompresses a specially crafted file, an attacker could execute arbitrary code with the privilege of the user. This vulnerability is different from...
JVN#72595280 Flash Player allows to send arbitrary Referer headers
Adobe Flash Player is a multimedia and application browser plugin for viewing Adobe Flash contents. Flash Player contains a vulnerability allowing to send arbitrary Referer headers. Impact As a flash file swf can send an arbitrary Referer header and Flash Player cannot properly validate Referer...
JVN#67974490 Webmin directory traversal vulnerability
Impact A remote attacker could view files on the computer without authentication. Private information could be leaked as a result. Solution Products Affected Webmin 1.280 and earlier Usermin 1.210 and earlier As of June 30, 2006, patched versions of the module addressing this vulnerability for al...
JVN#39546799: Mailform Pro CGI generating error messages containing sensitive information
Mailform Pro CGI provided by SYNCK GRAPHICA contains a vulnerability listed below. Generation of error message containing sensitive information CWE-209 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N Base Score 6.3 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N Base Score 3.7...
JVN#24885537: Multiple vulnerabilities in ELECOM wireless LAN routers and access points
Multiple wireless LAN routers and access points provided by ELECOM CO.,LTD. contain multiple vulnerabilities listed below. Cross-site scripting vulnerability due to an improper processing of input values in easysetup.cgi and menu.cgi CWE-79 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Base Score...
JVN#86156389: Remarshal unlimitedly expanding YAML alias nodes
Remarshal provided by Remarshal Project expands YAML alias nodes unlimitedly CWE-674, hence Remarshal is vulnerable to Billion Laughs Attack. Impact Processing untrusted YAML files may cause a denial-of-service DoS condition. Solution Update the Software Update to the latest version according to...
JVN#08237727: Citadel WebCit vulnerable to cross-site scripting on Instant Messaging facility
Citadel WebCit provided by Citadel contains a cross-site scripting vulnerability CWE-79. Impact When a malicious user sends an instant message with some JavaScript code, the script may be executed on the web browser of the victim user. Solution Update the software Update the software to the lates...
JVN#17434995: Shihonkanri Plus vulnerable to relative path traversal
Shihonkanri Plus provided by EKAKIN contains a relative path traversal vulnerability CWE-23. Impact An attacker may execute arbitrary code by having a legitimate user import a specially crafted backup file of the product. Solution Update the software Update the software to the latest version...