5625 matches found
JVN#29083866: Segue vulnerable to cross-site scripting
Segue is a content management system. Segue contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Do not use Segue Segue services will no longer be available after August 31, 2012. Refer to the information provided by the...
JVN#63941302: WEB MART from KENT-WEB vulnerable to cross-site scripting
WEB MART provided by KENT-WEB is a system for creating shopping websites. WEB MART contains a vulnerability when using Microsoft IE's CSS expressions, which may result in cross-site scripting. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Updat...
JVN#92830293: TOSHIBA TEC e-Studio series vulnerable to authentication bypass
e-Studio is a multi-function peripheral MFP. Multiple e-Studio series products contain a vulnerability in web-based management utility, which may result in an authentication bypass. Impact An attacker that can access the product may log in with administrative privileges. As a result, settings may...
JVN#63249231: Cogent DataHub vulnerable to HTTP header injection
Cogent DataHub provided by Cogent Real-Time Systems Inc. contains a HTTP header injection vulnerability also known as CRLF, carriage return line feed, injection vulnerability. Impact If a remote attacker sends a crafted HTTP header to a vulnerable system, forged information may be displayed on th...
JVN#34980730: A-Form vulnerable in restricting access
A-Form is a plug-in for Movable Type that adds mail forms and survey forms. A-Form contains a vulnerability in restricting access permissions. Impact Information managed by A-Form may be altered by a user who does not have administrative privileges. Solution Update the Software Update to the late...
JVN#16617002: BaserCMS vulnerable to access restriction
BaserCMS is an open-source Contents Management System CMS. BaserCMS contains a vulnerability in access restriction where adding a user in the user group "operators" which is created by default when BaserCMS is installed. Impact Users without administrative privileges may obtain administrative...
JVN#28973089: SemanticScuttle vulnerable to cross-site scripting
SemanticScuttle is a social bookmarking tool. SemanticScuttle contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the software Update to the latest version according to the information provided by the developer...
JVN#43105011: Android vulnerability where an incorrect SSL certificate is displayed
Android OS contains a vulnerability where a SSL certificate from an outside site is displayed when a user attempts to display a SSL certificate from a site that reads in contents from an outside site. Impact An attacker may trick the user into believing the site being visited is safe, which may...
JVN#86220950: Google Search Appliance vulnerable to cross-site scripting
Google Search Appliance from Google is a product that provides searching services for an intranet service or a website. Google Search Appliance contains a cross-site scripting vulnerability. Impact An arbitrary script may executed on the user's web browser. Solution Update the software Update to...
JVN#17844633: XnView may insecurely load executable files
XnView is a software for viewing and converting graphic files. XnView loads certain executables when using the "Open containing folder" function. XnView contains an issue with the file search path, which may insecurely load executables. Impact An attacker may execute arbitrary code with the...
JVN#01547302: ALZip vulnerable to buffer overflow
ALZip is a file compression/extraction software from ESTsoft Japan Corp. ALZip contains a buffer overflow vulnerability due to improper handling of mim files. Impact When opening a specially crafted file, arbitrary code may be executed. Solution Re-install the software Download ALZip 8.21 after...
JVN#29212182: Java Web Start may insecurely load policy files
Java Web Start is tool to distribute Java applications over the web and is contained in Java applications such as JRE Java Runtime Environment Java Web Start contains an issue with the file search path, which may insecurely load policy files. Impact An attacker may execute arbitrary code with the...
JVN#45658190: Movable Type vulnerable to cross-site scripting
Movable Type, a web log system from Six Apart KK, contains a cross-site scripting vulnerability due to an issue in the management screen. This vulnerability is different than the previous vulnerabilities disclosed on JVN. Impact An arbitrary script may be executed on the user's web browser...
JVN#99977321: Picasa may insecurely load executable files
Picasa is a software for viewing and managing photos. Picasa loads certain executables when using the "Locate on Disk" function. Picasa contains an issue with the file search path, which may insecurely load executables. Impact An attacker may execute arbitrary code with the privilege of the runni...
JVN#50704770: Aipo vulnerable to SQL injection
Aipo from Aimluck, Inc. is groupware including functions such as scheduler and intra-office blogging. Aipo contains a SQL injection vulnerability. Impact Contents that are managed by Aipo may be viewed by a user that can login to Aipo. Solution Update the Software Update to the latest version...
JVN#48425028: Flash Player access restriction bypass vulnerability
When Flash Player references a different website than the site where Flash contents are hosted, the referenced site must be allowed access by the cross-domain policy file. Flash Player contains a vulnerability where access restrictions set by the cross-domain policy file may be bypassed. Impact...
JVN#19774883 MODx vulnerable to SQL injection
MODx provided by the MODx CMS Project is a Contents Management System CMS software. MODx contains a SQL injection vulnerability. Impact A remote attacker may view or modify information stored by the product. Solution Update the Software Update to the latest version according to the information...
JVN#73331060 tDiary plugin tb-send.rb vulnerable to cross-site scripting
tDiary is a weblog software. tDiary plugin tb-send.rb contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on some web browsers. Solution Update the Software Update according to the information provided by the developer. Products Affected tDiary 2.2.2full set...
JVN#85821104 Active! mail 2003 session ID disclosure vulnerability
Active! mail 2003 from TransWARE Co. is a web-based email software. Active! mail 2003 contains a vulnerability in which session IDs may be disclosed. Impact A remote attacker could impersonate a user of Active! mail 2003. As a result, the user's email may be viewed or configurations may be...
JVN#33822756 Canon IT Solutions Inc. ACCESSGUARDIAN vulnerable to cross-site scripting
Canon IT Solutions Inc. ACCESSGUARDIAN is a web security gateway. ACCESSGUARDIAN contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest version according to the information provided by...
JVN#65914253 Directory traversal vulnerability in multiple phpspot products
Multiple products BBS Software etc. provided by phpspot contain a directory traversal vulnerablility. Impact A remote attacker could view files on the server where the product is installed. This could lead to disclosure of contents. Solution Update the software Update to latest version according ...
JVN#20478978 Site Calendar 'mycaljp' vulnerable to cross-site scripting
Site Calendar 'mycaljp' is a calendar plugin for Geeklog, which is an open source content management system. Site Calendar 'mycaljp' contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the late...
JVN#21388501 ColdFusion vulnerable to cross-site scripting
ColdFusion from Adobe is a software to develop web applications. ColdFusion contains a cross-site scripting vulnerability. This vulnerability is different from JVN28356427 and JVN48566866. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Apply the...
JVN#43233160 Cross-site scripting vulnerability in SKIP from SKIP User Group
SKIP from SKIP User Group is an open source SNS Social Networking Service software. SKIP contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on certain web browsers. Solution Update the software Update to the latest version according to the information provid...
JVN#33846134 Ichitaro series buffer overflow vulnerability
The "Ichitaro" series word processing software, from JustSystems Corporation, contains an issue in the reading of Rich Text Files resulting in a buffer overflow vulnerability. When a user opens a specially crafted file locally or through a website, arbitrary code may be executed with privleges of...
JVN#36802959 MyNETS cross-site scripting vulnerability
MyNETS from Usagi Project is an open source SNS Social Networking Service software. MyNETS contains a cross-site scripting vulnerability. Impact If a user views a specially crafted web page, an arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the...
JVN#18700809 Cybozu Garoon session fixation vulnerability
Cybozu Garoon, a groupware from Cybozu, contains a session fixation vulnerability which may allow an attacker to impersonate a user when the user logs into Cybozu Garoon using a session ID provided by the attacker. Impact A remote attacker impersonating a logged in user may execute arbitrary code...
JVN#66291445 SonicStage CP buffer overflow vulnerability
Sony SonicStage CP is software for music management. SonicStage CP contains a vulnerability that can be exploited to cause a buffer overflow when importing a specially crafted playlist file with the .m3u extension. Impact Importing a specially crafted playlist file with the .m3u extension can cau...
JVN#38605899 Mozilla Firefox cross-site scripting vulnerability
Mozilla Firefox interprets HTML data improperly and activates event handlers for invalid HTML elements, leading to a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Upgrade the Software Mozilla has released Firefox 2.0.0.2 and...
JVN#44724673: Java Web Start vulnerable to execution of unauthorized system classes
Java Web Start, included in the JRE Java Runtime Environment and other products, is a tool for distributing Java applications over the web. A vulnerability exists in an implementation of Java Web Start which may allow Java Web Start Application including a malformed JAR file to execute an...
JVN#84798830 Denial of service vulnerability in Ruby CGI library (cgi.rb)
Impact A remote attacker could possibly conduct a DoS attack on a Ruby server by sending it a specially crafted request. Solution Products Affected 1.8 series 1.8.5 and all previous versions Developer version 1.9 series 2006-12-04 and all previous versions For more information, refer to the...
JVN#29845579: Cybozu Office vulnerable to bypass browsing restrictions in Custom App
Cybozu Office provided by Cybozu, Inc. contains a vulnerability which allows to bypass browsing restrictions in Custom App CWE-201. Impact A user who can login to the product may view data that the user does not have access by conducting 'search' under certain conditions. Solution Update the...
JVN#43215077: Multiple vulnerabilities in UNIVERSAL PASSPORT RX
UNIVERSAL PASSPORT RX provided by Japan System Techniques Co., Ltd. contains multiple vulnerabilities listed below. Cross-site scripting CWE-79 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N Base Score 5.4 CVE-2023-42427 Dependency on vulnerable third-party component CWE-1395 Known vulnerability in...
JVN#44033918: Zeroshell vulnerable to OS command injection
The web interface of Zeroshell, Linux distribution provided by Zeroshell.org, contains an OS command injection vulnerability CWE-78. Impact Processing a crafted HTTP request may lead to an arbitrary OS command execution. Solution Stop using the product The developer states that the affected produ...
JVN#36060509: "WPS Office" vulnerable to OS command injection
"WPS Office" which was provided by KINGSOFT JAPAN, INC. contains an OS command injection vulnerability CWE-78. Impact If a remote attacker who can conduct a man-in-the-middle attack connects the product to a malicious server and sends a specially crafted data, an arbitrary OS command may be...
JVN#11705010: Beekeeper Studio vulnerable to code injection
Beekeeper Studio provided by Beekeeper Studio, Inc. contains a code injection vulnerability CWE-74. Impact A remote authenticated attacker may execute arbitrary JavaScript code with the privilege of the application on the PC where the affected product is installed. As a result, an arbitrary OS...
JVN#18765463: Multiple cross-site scripting vulnerabilities in SHIRASAGI
SHIRASAGI provided by SHIRASAGI Project contains multiple vulnerabilities listed below. Stored cross-site scripting vulnerability on Schedule function CWE-79 - CVE-2023-22425 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N| Base Score: 5.4 CVSS v2|...
JVN#60320736: NEC PC Settings Tool vulnerable to missing authentication for critical function
PC Settings Tool is an application pre-installed on computers provided by NEC by default. PC Settings Tool Library contained in the application is vulnerable to missing authentication for critical function CWE-306. Impact A general user of the computer which the affected product is installed may...
JVN#63023305: InBody App vulnerable to information disclosure
InBody App provided by InBody Japan Inc. works with the household body composition analyzer InBody Dial manufactured and sold by InBody Japan Inc., and as a part of its functions, it manages and stores data such as weight, BMI, skeletal muscle mass, and fat mass measured by InBody Dial. InBody Ap...
JVN#87403477: Application and self-extracting archive containing the application of "FLET'S v4 / v6 address selection tool" may insecurely load Dynamic Link Libraries
Application and self-extracting archive containing the application of "FLET'S v4 / v6 address selection tool" provided by NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Impact Arbitra...
JVN#99737748: AppCheck may insecurely invoke an executable file
AppCheck provided by JIRANSOFT JAPAN, INC. is an anti-ransomware software. AppCheck and its installer contains an issue with the search path for executable files, which may lead to insecurely invoke an executable file CWE-427. Impact Arbitrary code may be executed with the privilege of the user...
JVN#39619137: Toshiba FlashAir does not require authentication in "Internet pass-thru Mode"
FlashAir by Toshiba Corporation is a SDHC memory card which provides "Internet pass-thru Mode", allowing devices to access the internet while connecting to FlashAir. When configured in "Internet pass-thru Mode", FlashAir acts both as a station and as an access point. When "Internet pass-thru Mode...
JVN#42262137: simple chat vulnerable to cross-site scripting
simple chat provided by Let's PHP! contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the user's web browser. Solution Update the software Update to the latest version according to the information provided by the developer. Products Affected simple...
JVN#02576342: Cybozu Mailwise vulnerable to information disclosure
Cybozu Mailwise contains an information disclosure vulnerability in the mail view page. Impact When a user opens a specially crafted email, an attacker can notice that the user read the email. Solution Update the Software Update to the latest version according to the information provided by the...
JVN#13582657: WordPress plugin "Nofollow Links" vulnerable to cross-site scripting
The WordPress plugin "Nofollow Links" contains a cross-site scripting CWE-79 vulnerability in nofollow-links.php. Impact An arbitrary script may be executed on the web browser of a user who is logged on as an administrator. Solution Update the plugin Update the plugin according to the information...
JVN#43529183: Jetstar App for iOS fails to verify SSL server certificates
Jetstar App for iOS provided by Jetstar Airways Pty Ltd. fails to verify SSL server certificates. Impact A man-in-the-middle attack may allow an attacker to eavesdrop on an encrypted communication. Solution Update the application Update to the latest version according to the information provided ...
JVN#85359294: WL-330NUL vulnerable to denial-of-service (DoS)
WL-330NUL provided by ASUS Japan Inc. is a portable wireless LAN router. WL-330NUL contains a denial-of-service DoS vulnerability. Impact An attacker who can access the product may be able to cause a denial-of-service DoS. Solution Update the Firmware Update the firmware to the latest version...
JVN#69462495: WL-330NUL information management vulnerability
WL-330NUL provided by ASUS Japan Inc. is a portable wireless LAN router. WL-330NUL contains an issue in information management. Impact An attacker that can access the product may obtain the WPA2-PSK passphrase. Solution Update the Firmware Update the firmware to the latest version according to th...
JVN#35845584: Frame high-speed chat vulnerable to cross-site scripting
Frame high-speed chat provided by Let's PHP! contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the user's web browser. Solution Apply an Update Update to the latest version according to the information provided by the developer. Products Affected...
JVN#71088919: applican vulnerable to script injection
applican provided by Newphoria Corporation Inc. is a platform to build hybrid applications for both iOS and Android. applican is vulnerable to script injection due to an issue in processing SSID. Impact When an application built using applican processes a specially crafted SSID, an arbitrary scri...