5625 matches found
JVN#58615092: Enisys Gw vulnerable to SQL injection
Enisys Gw provided by Techno Project Japan Co. is an open source groupware. Enisys Gw contains an SQL injection vulnerability CWE-89. Impact Information stored in the database may be obtained or altered by a remote unauthenticated attacker. Solution Update the Software Update to the latest versio...
JVN#07676450: Canary Labs Trend Web Server vulnerable to buffer overflow
Trend Web Server provided by Canary Labs is a solution used for data visualization. Trend Web Server contains a buffer overflow CWE-119 vulnerability. Impact A remote attacker may cause a denial-of-service DoS or execute arbitrary code when sending a specially crafted TCP packet. Solution Stop...
JVN#79633796: baserCMS vulnerable to SQL injection
baserCMS is an open-source Contents Management System CMS. baserCMS contains a vulnerability that allows an authenticated user to inject arbitrary SQL statements CWE-89. Impact A logged in attacker may execute arbitrary SQL statements. Solution Update the Software Update to the latest version...
JVN#24517322: Koritore vulnerable to URL whitelist bypass
Koritore provided by Newphoria Corporation Inc. is an application for both iOS or Android built using "applican". Koritore contains an issue where an arbitrary page may be loaded if the application is launched using the URL-scheme. Impact Android version of this app may allow an applican API to b...
JVN#17964918: Multiple I-O DATA LAN routers vulnerable in UPnP functionality
A wired LAN router NP-BBRS and a wireless LAN router WN-G54/R2 provided by I-O DATA DEVICE, INC. contain a vulnerability in the UPnP functionality. Impact The device may be used in a DDoS attack, as a SSDP reflector. Solution For NP-BBRS: Do not use NP-BBRS The developer has stated that the suppo...
JVN#50447904: Multiple Buffalo wireless LAN routers vulnerable to OS command injection
Multiple wireless LAN routers provided by BUFFALO INC. contain an OS command injection vulnerability. Impact An authenticated attacker may be able to execute arbitrary OS commands. Solution Update the Firmware Apply the appropriate firmware update provided by the developer. Products Affected...
JVN#96439865: EasyCTF vulnerable to session management
EasyCTF is a server side CGI used to score CTF Capture The Flag. EasyCTF contains a vulnerability in session management CWE-639. Impact A remote attacker without login credentials may log in. As a result, information may be disclosed. Solution Update the Software Update to the latest version...
JVN#30832515: All In One WP Security & Firewall vulnerable to SQL injection
All In One WP Security & Firewall is WordPress plugin that provides security functionality. All In One WP Security & Firewall contains a SQL injection vulnerability CWE-89. Impact If an administrator views a malicious page while logged in, an arbitrary SQL command may be executed. Solution Update...
JVN#77718330: Vulnerability in the jBCrypt key stretching process
jBCrypt is a Java implementation to compute password hashes. jBCrypt contains an integer overflow vulnerability in the key stretching process. An integer overflow occurs when the parameter for the repetition count is set to the maximum value allowed, 31. Impact When the hash value for a password ...
JVN#44544694: Zen Cart Japanese version vulnerable to cross-site scripting
Zen Cart is an open source system for creating shopping websites. Zen Cart Japanese version contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the web browser of a user who is logged on as an administrator. Solution For Zen Cart v1.5 ja variants: Update t...
JVN#30135729: SYNCK GRAPHICA Mailform Pro CGI vulnerable to remote code execution
Mailform Pro CGI provided by SYNCK GRAPHICA contains a flaw in the process of sending emails, which may result in an arbitrary code execution. Impact Arbitrary code may be executed on the server. Solution Update the Software Update to the latest version according to the information provided by th...
JVN#21907573: SEIL Series routers vulnerable to denial-of-service (DoS)
SEIL Series routers provided by Internet Initiative Japan Inc. contain a denial-of-service DoS vulnerability due to an issue in processing NTP requests. Impact By receiving a large volume of NTP request in a short time, the device might continue sending response packets. As a result, the device's...
JVN#87373393: BirdBlog vulnerable to cross-site scripting
BirdBlog is a weblog software. BirdBlog contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Do not use BirdBlog BirdBlog is no longer being developed or maintained, therefore it is recommended to stop using BirdBlog. Produc...
JVN#16485017: SLFileManager for Android vulnerable to directory traversal
SLFileManager provided by S-Link, Inc. contains a flaw in processing file names, which may result in a directory traversal CWE-22 vulnerability. Impact A remote, unauthenticated attacker may create an arbitrary file or overwrite an existing file in a directory that the application has privileges ...
JVN#04560253: Yuko Yuko App for Android fails to verify SSL server certificates
Yuko Yuko App for Android provided by Yuko Yuko Corporation fails to verify SSL server certificates. Impact A man-in-the-middle attack may allow an attacker to eavesdrop on an encrypted communication. As a result, an attacker may obtain information entered into web forms. Solution Update the...
JVN#42511610: acmailer contains a cross-site request forgery vulnerability
Several cgi programs in acmailer contain a cross-site request forgery vulnerability. Impact If a user views a malicious page while logged in, information registered in the product may be altered or deleted, or in some cases, the authorization privilege can be stolen. Solution Update the Software...
JVN#84335912: File Explorer vulnerable to directory traversal
File Explorer provided by NextApp, Inc. contains an issue in processing file names, which may result in a directory traversal CWE-22 vulnerability. Impact A remote, unauthenticated attacker may create an arbitrary file or overwrite an existing file in a directory that the application has privileg...
JVN#94838679: Cybozu Garoon vulnerable to cross-site scritping
Cybozu Garoon provided by Cybozu, Inc. is a groupware. Cybozu Garoon contains an issue in the function "Messages", which may result in a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the web browser of a user that is logged on. Solution Update the Softwa...
JVN#10603428: JR East Japan App for Android. contains an issue where it fails to verify SSL server certificates
JR East Japan App for Android. contains an issue where it fails to verify SSL server certificates. Impact A man-in-the-middle attack may allow an attacker to eavesdrop on an encrypted communication. Solution Update the Software Update to the latest version according to the information provided by...
JVN#00058727: Cybozu Remote Service Manager vulnerable to session fixation
Remote Service Manager provided by Cybozu,Inc. is a software to access on-premise systems such as Cybozu products via "Cybozu Remote Service". Remote Service Manager contains a session fixation vulnerability. Impact A remote, unauthenticated attacker may impersonate a registered user. As a result...
JVN#43254599: AutoCAD may insecurely load dynamic libraries
AutoCAD provided by Autodesk, Inc. is an application for comuputer-aided design CAD. AutoCAD contains an issue with the DLL search path, which may lead to insecurely loading dynamic libraries. Impact Arbitrary code may be executed with the privileges of the running application. Solution Upgrade t...
JVN#30050348: phpMyFAQ vulnerable to cross-site scripting
phpMyFAQ is an open source FAQ software. phpMyFAQ contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's Internet Explorer when using an older version of the browser. Solution Apply an Update Apply the appropriate update for the version of the...
JVN#50943964: phpMyFAQ vulnerable to cross-site request forgery
phpMyFAQ is an open source FAQ software. phpMyFAQ contains a cross-site request forgery vulnerability. Impact If a user views a malicious page while logged in, settings may be changed unintentionally. Solution Apply an Update Update to the latest version according to the information provided by t...
JVN#94245330: Cybozu Garoon vulnerable to denial-of-service (DoS)
Cybozu Garoon provided by Cybozu, Inc. is a groupware. Cybozu Garoon contains a denial-of-service DoS vulnerability. Impact A denial-of-service DoS attack via Garoon 3 Keitai may cause high CPU usage on the server. Solution Update the Software Update to the latest version according to the...
JVN#43886811: EC-CUBE vulnerable to directory traversal
EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains a directory traversal vulnerability. Note that this vulnerability is different from JVN04161229. Impact A remote attacker may obtain arbitrary image files on the server. Solution Apply the updat...
JVN#85371480: Wi-Fi Spot Configuration Software vulnerability in the connection process
Wi-Fi Spot Configuration Software provided by SoftBank contains a vulnerability within the process of connecting to Wi-Fi access points, which may lead to user information being sent unintentionally. Impact When connecting to a Wi-Fi access point, an attacker may obtain user information. Solution...
JVN#45545972: VxWorks SSH server (IPSSH) denial-of-service (DoS) vulnerability
The SSH server IPSSH implementation in VxWorks contains a denial-of-service DoS vulnerability due to an issue in processing authentication requests. Impact SSH access may become unavailable until the next reboot as a result of processing an authentication request. Solution Apply a patch Apply the...
JVN#05132866: Multiple Cisco products vulnerable to denial-of-service (DoS)
The SSH implementation in multiple Cisco products contains a denial-of-service DoS vulnerability. Impact A remote attacker may be able to cause a denial-of-service DoS. Solution Apply an update Update to the latest version according to the information provided by the developer. Products Affected ...
JVN#55924624: Kingsoft Writer vulnerable to buffer overflow
Kingsoft Writer is a software to edit document files. Kingsoft Writer contains a buffer overflow vulnerability. Impact When opening a specially crafted document, an arbitrary code may be executed. Solution Update the software Update to the latest version according to the information provided by t...
JVN#91387819: mora Downloader may insecurely load executable files
mora Downloader contains an issue in the file search path when loading files, which may insecurely load executables or other files. Impact An attacker may execute arbitrary code with the privilege of the running application. Solution Update the software Update to the latest version according to t...
JVN#69880570: Opera address bar spoofing vulnerability
Opera contains a vulnerability where certain characters may be displayed in the address bar, causing 2 URLs to potentially be indistinguishable from each other. Impact Phishing attacks may be possible, due to the difficulty in determining that the URL displayed in the address bar and the URL bein...
JVN#77947437: RSSOwl vulnerable to arbitrary script execution
RSSOwl is an RSS/Atom feed reader. RSSOwl is vulnerable to arbitrary script execution due to the improper processing during HTML page output based on feed information. Impact An arbitrary script may be executed on the user's web browser. Solution Update the software Update to the latest version...
JVN#60887968: Movable Type Plugin MailForm vulnerable to cross-site scripting
MailForm is a plugin for Movable Type. MailForm contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the fixed version according to the information provided by the developer. Products Affected...
JVN#04329324: Etomite vulnerable to cross-site scripting
Etomite is a content management system CMS. Etomite contains an issue with the processing of contents in the search field, which may result in cross-site scripting. Impact An arbitrary script may be executed on the user's web browser. Solution Update the software Update to the latest version...
JVN#29529126: Samba Web Administration Tool vulnerable to cross-site request forgery
Samba Web Administration Tool SWAT allows for Samba configuration through a web interface. SWAT contains a cross-site request forgery vulnerability. SWAT is disabled in a default configuration of Samba. Impact When a user is logged in to SWAT as root, an attacker may change configurations in Samb...
JVN#41222793: Plone vulnerable to cross-site scripting
Plone is an open source content management system CMS. Plone contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the web browser of an user who is logged on. Solution Update the Software Update to the latest version according to the information provided by...
JVN#47124169: Oracle iPlanet Web Server information disclosure vulnerability
Oracle iPlanet Web Server formerly Sun Java System Web Server is a web server. Oracle iPlanet Web Server contains an information disclosure vulnerability. Impact A remote attacker may obtain source code. Solution Update the software Update to the latest version according to information provided b...
JVN#86347943: SGX-SP Final and SGX-SP Final NE vulnerable to cross-site scripting
SGX-SP Final and SGX-SP Final NE are shopping cart software. SGX-SP Final and SGX-SP Final NE are vulnerable to cross-site scripting. Impact An arbitrary script may be executed on the user's web browser. Solution Update the software Update to the latest version according to the information provid...
JVN#30881447: SquirrelMail vulnerable to cross-site request forgery
SquirrelMail from SquirrelMail Project is an open source webmail web-based email. SquirrelMail contains an issue in processing of sending a message or setting changes, which may result in cross-site request forgery. Impact A remote attacker may send an arbitrary email or change the settings...
JVN#02175694: AttacheCase may insecurely load executable files
AttacheCase is a file encryption/decryption software. AttacheCase loads certain executables .exe when decrypting files, if certain settings are applied. AttacheCase contains an issue with the file search path, which may insecurely load executables. Impact An attacker may execute arbitrary code wi...
JVN#46026251: Safari address bar spoofing vulnerability
Safari contains a vulnerability where the address bar displays a character string that looks like a different URL than the URL that is being accessed. Impact Phishing attacks may be possible, due to the difficulty in determining that the URL displayed in the address bar and the URL being accessed...
JVN#85599999: Explzh may insecurely load executable files
Explzh is a file compression/extraction software supporting multiple file formats. Explzh loads certain executables .exe when extracting files. Explzh contains an issue with the file search path, which may insecurely load executables. Impact An attacker may execute arbitrary code with the privile...
JVN#18774708: Lhaplus may insecurely load executable files
Lhaplus is a file compression/extraction software supporting multiple file formats. Lhaplus loads certain executables .exe when extracting files. Lhaplus contains an issue with the file search path, which may insecurely load executables. Impact An attacker may execute arbitrary code with the...
JVN#14313132 Cisco Router and Security Device Manager vulnerable to cross-site scripting
Cisco Router and Security Device Manager SDM is a web-based device management tool for Cisco routers. Cisco Router and Security Device Manager SDM contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Upda...
JVN#03114223 SQL injection vulnerability in SKIP from SKIP User Group
SKIP from SKIP User Group is an open source SNS Social Networking Service software. SKIP contains a SQL injection vulnerability. Impact Contents created by SKIP can be altered or information saved by SKIP can be obtained by a user that can login to SKIP. Solution Update the software Update to the...
JVN#86833991 CGI RESCUE MiniBBS2000 directory traversal vulnerability
MiniBBS2000, a message board script provided by CGI RESCUE, contains a directory traversal vulnerability. Impact A remote attacker could view files on the server where MiniBBS2000 is installed. This could lead to disclosure of file contents. Solution Update the Software Update to the latest versi...
JVN#00945448 Redmine vulnerable to cross-site scripting
Redmine is open source project management software written by Ruby on Rails framework. Redmine contains a cross-site scripting vulnerability. Impact An arbitrary script can be executed on the user's web browser. Solution Update the Software Apply the latest update provided by the developer...
JVN#18405927 Multiple Cybozu products vulnerable to cross-site request forgery
Multiple Cybozu products contain a cross-site request forgery vulnerability. Impact If a user views a malicious web page while logged onto the Cybozu web interface, the user's schedules and other configuration settings may be altered. Solution Update the Software Apply the latest updates provided...
JVN#80057925: Cross-site scripting vulnerability in Apache HTTP Server "mod_imap" and "mod_imagemap"
The Apache HTTP Server is open source web server software. The Apache HTTP Server modules modimap and modimagemap provide server-side imagemap processing capability. The Apache HTTP Server modules modimap and modimagemap are vulnerable to cross-site scripting. Impact An arbitrary script can be...
JVN#62914675 Ruby vulnerability allowing to bypass safe level 4 as a sandbox
Impact An attacker could possibly execute an arbitrary script. Solution Products Affected Ruby 1.8.2 and earlier...