5625 matches found
JVN#04032535 Sun Java Runtime Environment (JRE) contains a vulnerability in processing XSLT transformations
The Sun Microsystems Java Runtime Environment JRE contains a vulnerability that could allow a remote attacker to elevate its privileges via an untrusted applet or application that is downloaded from a website to perform XSLT transformations on XML documents. Impact The impacts vary depending on t...
JVN#38893575 PC2M cross-site scripting vulnerability
PC2M is an open source web application which converts web pages and images to be available on web-capable mobile devices such as cellphones and PDAs. PC2M contains a cross-site scripting vulnerability. Impact An arbitrary script can be executed on the user's web browser. Solution Update the...
JVN#32981509 Ichitaro series buffer overflow vulnerability
The "Ichitaro" series word processing software, from JustSystems Corporation, contains a buffer overflow vulnerability. If a user opens a specially crafted jtd file or views it on a web browser, an attacker could execute arbitrary code with the privileges of the user. Impact An attacker could...
JVN#01913089 Fuktommy.com httpd.pl including HTML preprocessor vulnerable to directory traversal
httpd.pl, an open source web server application program from Fuktommy.com including an HTML preprocessor, contains a directory traversal vulnerability. Impact A remote attacker could, without authentication, view files on the server where httpd.pl is installed. This could lead to unintentional...
JVN#89497739 Meneame cross-site scripting vulnerability
Meneame, an open-source web application to build social bookmark systems, contains a cross-site scripting vulnerability, as it does not properly handle output data. Impact A remote attacker could execute an arbitrary script on the user's web browser. As a result, an attacker could possibly conduc...
JVN#84646028 open-gorotto cross-site scripting vulnerability
Impact An arbitrary script may be executed on the user's web browser. If session information from a cookie is leaked, an attacker could possibly conduct session hijacking. Solution Products Affected open-gorotto 2.0a 04/07/2006 and earlier...
JVN#31185550 tDiary arbitrary Ruby script execution vulnerability
Impact Depending on tDiary's configuration, an arbitrary Ruby script could be executed on the web server with tDiary's execution privilege. This could lead to information leak or erasure, password compromise, and contents alteration, etc. Solution Products Affected tDiary 2.0.3 tDiary...
JVN#30994815 MyODBC Japanese Conversion Edition denial of service vulnerability
Impact A remote attacker could cause a denial of service condition by sending a certain string in a response to a MySQL database. Solution Products Affected MyODBC Japanese Conversion Edition version 3.51.06, 2.50.29, 2.50.25 Development and maintenance of MyODBC Japanese Conversion Edition has...
JVN#85996645 NEC MultiWriter 1700C/7500C FTP server vulnerability
Impact A remote attacker could possibly conduct a FTP bounce attack via the printer's FTP server against another host. Solution Products Affected NEC MultiWriter 1700C model number: PR-L1700C Network Expansion Card PR-L1700C-MC NEC ColorMultiWriter 7500C model number: PR-L7500C For more...
JVN#93484133 TeraStation HD-HTGL series cross-site request forgery vulnerability
Impact If a TeraStation HD-HTGL administrator who logged into the web administration interface views a malicous website, an attacker could possibly modify configurations or delete data on the hard disk. Solution Products Affected HD-HTGL Series firmware Ver. 2.05-beta-1 and earlier...
JVN#82240092 Drupal cross-site scripting vulnerability
Impact An arbitrary script may be executed on the user's web browser. If session information from a cookie is leaked, an attacker could possible conduct session hijacking. Solution Products Affected Drupal 4.7.2 and earlier Drupal 4.6.8 and earlier...
JVN#76207423 Phorum cross-site scripting vulnerability
Impact An arbitrary script may be executed on the user's web browser. Solution Products Affected Phorum 5.1.13 and earlier...
JVN#16558862 RWiki cross-site scripting vulnerability
Impact A remote attacker could upload content containing malicious code to a server running vulnerable RWiki. As a result, an arbitrary script could then be executed on the user's web browser. Solution Products Affected RWiki/2.1.0pre1 - RWiki/2.1.0...
Multiple vulnerabilities in ServerView Agents for Windows
Overview ServerView Agents for Windows provided by Fsas Technologies Inc. is server management software. ServerView Agents for Windows contains multiple vulnerabilities listed below. Incorrect permission assignment for critical resource CWE-732 - CVE-2026-27788 Privilege chaining CWE-268 -...
NEC Aterm series vulnerable to cross-site scripting (NV26-002)
Overview Aterm series products provided by NEC Corporation contain the following vulnerability. Cross-site scripting CWE-79 - CVE-2026-6059 Noriaki Iwasaki of Cyber Defense Institute, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Earl...
"Kura Sushi Official App" vulnerable to improper certificate validation
Overview "Kura Sushi Official App" provided by EPG, Inc. contains the following vulnerability. Improper certificate validation on push notifications CWE-295 - CVE-2026-41872 This analysis assumes a man-in-the-middle attack being conducted with a malicious wireless LAN access point Tsuyoshi Ogawa ...
libXpm vulnerable to out-of-bounds read
Overview libXpm provided by X.Org Foundation incorrectly handles malformed XPM files, leading to an out-of-bounds read vulnerability. Out-of-bounds read CWE-125 - CVE-2026-4367 Naoki Wakamatsu reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security...
Open redirect vulnerability in multiple laser printers and MFPs which implement Ricoh Web Image Monitor
Overview Web Image Monitor provided by Ricoh Company, Ltd. is a web server that is included in and runs on laser printers and MFPs multifunction printers. Web Image Monitor contains the vulnerability listed below. Open redirect CWE-601 - CVE-2026-41226 Tony Kirkland of Sixgen Inc reported this...
OpenLiteSpeed and LSWS Enterprise vulnerable to OS command injection
Overview OpenLiteSpeed and LSWS Enterprise provided by LiteSpeed Technologies contain the following vulnerability. OS command injection CWE-78 - CVE-2026-31386 Daisuke Nakayama of Mizuho Financial Group, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...
JVN#66546573: ZXHN-F660T and ZXHN-F660A use a common credential for all installations
ZXHN-F660T and ZXHN-F660A provided by ZTE Japan. K.K. are ONU Optical Network Unit. ZXHN-F660T and ZXHN-F660A contain the following vulnerability. Use a common credential for all installations(CWE-1391) CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Base Score 8.7...
JVN#06238225: Pgpool-II vulnerable to authentication bypass by primary weakness
Pgpool-II provided by PgPool Global Development Group contains the following vulnerability. Authentication bypass by primary weakness CWE-305 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Base Score 9.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Base Score 9.8 CVE-2025-46801...
JVN#84627857: i-PRO Configuration Tool vulnerable to use of hard-coded cryptographic key
i-PRO Configuration Tool provided by i-PRO Co., Ltd. contains a vulnerability below. Use of hard-coded cryptographic key CWE-321 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N Base Score: 6.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Base Score: 5.5 CVE-2025-32730 Impact...
JVN#46615026: Multiple vulnerabilities in I-O DATA routers UD-LT1 and UD-LT1/EX
UD-LT1 and UD-LT1/EX provided by I-O DATA DEVICE, INC. contain multiple vulnerabilities listed below. Incorrect Permission Assignment for Critical Resource CWE-732 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Base Score 6.5 CVE-2024-45841 OS Command Injection CWE-78...
JVN#05136799: WordPress Plugin "VK All in One Expansion Unit" vulnerable to cross-site scripting
"Custom Alert Content" of WordPress Plugin "VK All in One Expansion Unit" provided by Vektor,Inc. contains a stored cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the web browser of the user who is accessing the web site using the product. Solution Update...
Insecure initial password configuration issue in SEIKO EPSON Web Config
Overview Web Config is software that allows users to check the status and change the settings of SEIKO EPSON products, e.g., printers and scanners, via a web browser. In the initial setting no administrative password is set, and when a user connects the device and configures Web Config settings f...
JVN#05579230: Multiple Alps System Integration products and the OEM products vulnerable to cross-site request forgery
Multiple Alps System Integration products and the OEM products contain a cross-site request forgery vulnerability CWE-352. Impact If a user views a malicious page while logged in, unintended operations may be performed. Solution Update the software or apply the workaround Update the software to t...
Multiple vulnerabilities in I-O DATA WN-AX1167GR
Overview WN-AX1167GR provided by I-O DATA DEVICE, INC. is a wireless LAN router. WN-AX1167GR contains multiple vulnerabilities listed below. Hard-coded credentials CWE-798 - CVE-2017-2280 OS command injection CWE-78 - CVE-2017-2281 Buffer overflow CWE-119 - CVE-2017-2282 Taizoh Tsukamoto of Mitsu...
Installer of Charamin OMP may insecurely load Dynamic Link Libraries
Overview The installer of Charamin OMP provided by Charamin steering committee contains an issue with the DLL search path, which may lead to insecurely load Dynamic Link Libraries CWE-427. Eili Masami of Tachibana Lab. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer...
a-blog cms vulnerable to cross-site scripting
Overview a-blog cms provided by appleple Inc. is a content management system CMS. a-blog cms contains a cross-site scripting vulnerability in the standard template of the comment functionality. Yuya Yoshida of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC...
JVN#63901692: Internet Explorer vulnerable to information disclosure
Internet Explorer contains an issue in handling XML files, which may result in information disclosure. Impact If a user opens a specially crafted XML file as a local file, other local files may be disclosed. Solution Upgrade the software Users of Windows 7 and later, Windows Server 2008 R2 and...
JVN#66596216: WikkaWiki vulnerable to cross-site scripting
WikkaWiki is an open source wiki written in PHP. WikkaWiki contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the software Update to the latest version according to the information provided by the developer. Product...
JVN#63451350: Clipboard contents alteration vulnerability in Internet Explorer
Internet Explorer contains a vulnerability in which the contents of the clipboard may be altered. As a result, when Internet Explorer is used with certain settings, the contents of the clipboard may be read or written from a website. Impact Contents contained in the clipboard may be leaked or...
JVN#52846259 JP1/Cm2/Network Node Manager vulnerable to cross-site scripting
Hitachi JP1/Cm2/Network Node Manager NNM is software that helps a network administrator manage network configurations, faults, and other elements. Hitachi NNM is vulnerable to cross-site scripting. Impact An arbitrary script can be executed on the user's web browser. Solution Update the Software...
JVN#75899905 Fuktommy.com httpd.pl included in its HTML preprocessor vulnerable in allowing an attacker to view arbitrary CGI source code
Fuktommy.com httpd.pl included in its HTML preprocessor is an open source web server. It contains a vulnerability which may allow an attacker to view CGI source code in the server as it does not properly handle a specially crafted HTTP request. Impact An attacker may be able to view CGI source co...
JVN#34058672 Nessus report function vulnerable to arbitrary script execution
Nessus, a vulnerability scanner from Tenable Network Security, Inc., is capable of providing test reports in HTML format. The report in HTML format contains the target server's responses against Nessus scanning. Nessus fails to properly handle the responses. This may cause a script to be executed...
JVN#05187780 Hiki arbitrary file deletion vulnerability
Hiki contains a vulnerability that allows an arbitrary file to be deleted on a server running Hiki. This is caused by the improper handling of a session management file. Impact A remote attacker may be able to delete arbitrary files with the privilege of the user running Hiki. Solution Upgrade th...
JVN#84430861 Sage vulnerable to arbitrary script execution
Impact An arbitrary script may be executed on Mozilla Firefox. For example, local files could be accessed. Solution Products Affected Sage 1.3.9 and earlier This vulnerability affects Sage++ as well. As of February 9, 2007, Sage++ is no longer available and is no longer being updated. It is...
JVN#80271113 MODx cross-site scripting vulnerability
Impact An arbitrary script may be executed on the user's web browser. If session information from a cookie is leaked, an attacker could possibly conduct session hijacking. Solution Products Affected MODx 0.9.2.x and earlier...
JVN#64354801 b2evolution cross-site scripting vulnerability
Impact An arbitrary script may be executed on the user's web browser. If session information from a cookie is leaked, session hijacking could be conducted. Solution Products Affected b2evolution Version 1.9.1 beta and earlier b2evolution Version 1.8.6 and earlier...
JVN#05123538 CGI RESCUE WebFORM vulnerable to cross-site scripting
Impact An abitrary script may be executed on the user's web browser. Solution Products Affected WebFORM 4.3 and earlier According to the vendor's website, another product Web Mailer also contains a similar vulnerability. We have confirmed that the fixed version of the Web Mailer is also released...
JVN#24879092 CGI RESCUE WebFORM missing mail content vulnerability
Impact Some part of the sender information in the message may be lost. Solution Products Affected WebFORM 4.3 and earlier According to the vendor's website, "Web Mailer" also contains a similar vulnerability...
JVN#57280612 phpComasy cross-site scripting vulnerability
Impact An arbitrary script may be executed on the user's web browser. If session information from a cookie is leaked, session hijacking could be conducted. Solution Products Affected phpComasy 0.7.9-pre and earlier...
JVN#84656399 Nucleus cross-site scripting vulnerability
Impact An arbitrary script could be executed on the web browser of an administrator with Nucleus super-admin privilege. If session information from a cookie is leaked, an attacker could possibly conduct session hijacking. Solution Products Affected Nucleus v3.23 and earlier...
JVN#07235355 desknet's buffer overflow vulnerability
Impact A remote attacker could execute an arbitrary command or code, or cause the DoS denial of service condition. Solution Products Affected version V4.5J R2.4 and earlier For more information, refer to the vendor's websites...
JVN#11048526 mail f/w system vulnerable to allow unauthorized email transmissionk
Impact A remote attacker may exploit this vulnerability to send unsolicited mails to arbitrary email addresses. Solution Products Affected mail f/w system 8.2 and earlier...
JVN#76686161: ServerView cross-site scripting vulnerability
Impact An arbitrary script may be executed on the user's web browser. Solution Products Affected ServerView V2.50 - V3.60L98 ServerView V4.10L11 - V4.11L81...
JVN#83768862 Ruby vulnerability caused by a problem with the alias funtion so that safe level 4 does not function as a sandbox
Impact An attacker could force programs to crash. Solution Products Affected Ruby 1.8.4-20060328 and earlier Snapshot versions As a workaround, we recommend that users update to the latest Ruby 1.8.4 snapshot version...
JVN#84091359 Trac cross-site scripting vulnerability
Impact A remote attacker could possibly execute an arbitrary script on the user's web browser. Solution Products Affected Trac 0.94 and earlier versions of 0.9 series Trac-ja 0.94 and earlier versions of 0.9 series...
JVN#93004125 BBSNote cross-site scripting vulnerability
Impact A malicious script may be executed on the user's web browser. Solution Products Affected BBSNote V8.00b15 to V8.00b18...
JVN#15972537 Fujitsu Java Runtime Environment reflection API vulnerability
Impact If a user downloads and executes a specially crafted applet, a remote attacker could access local files with the elevated privileges or execute arbitrary code with the privilege of the user running the applet. Solution Products Affected For more information, refer to the vendor's website...