5625 matches found
Groupmax Workflow - Development Kit for Active Server Pages Cross-Site Scripting Vulnerability
Overview Groupmax Workflow - Development Kit for Active Server Pages contains a cross-site scripting vulnerability. Impact A remote attacker could have the users execute malicious scripts. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropria...
sISAPILocation vulnerability bypasses HTTP header rewrite function
Overview sISAPILocation, an ISAPI Internet Server Application Program Interface filter, contains a vulnerability that allows the HTTP header rewrite function to be bypassed. sISAPILocation, developed by an individual developer, is an ISAPI filter for IIS Internet Information Services...
phpMyAdmin cross-site scripting vulnerability
Overview phpMyAdmin provided by The phpMyAdmin Project contains a cross-site scripting vulnerability. phpMyAdmin provided by The phpMyAdmin Project is software to handle the administration of MySQL over the web browser. phpMyAdmin contains a cross-site scripting vulnerability. Masako Oono of...
Data Transfer Control Process Cessation Issue in XFIT/S/JCA and XFIT/S/ZGN
Overview Data transfer control process in XFIT/S/JCA or XFIT/S/ZGN would shut down when the designated port receives data unexpectedly. Impact Data transfer control process would shut down when XFIT/S/JCA or XFIT/S/ZGN receives data unexpectedly. Solution Please refer to the 'Vendor Information'...
Movable Type vulnerable to cross-site scripting
Overview Movable Type contains a cross-site scripting vulnerability. Movable Type, a web log system from Six Apart, contains a cross-site scripting vulnerability. Gaku Mochizuki of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the vendor unde...
Directory traversal vulnerability in WebLogic Server and WebLogic Express plug-ins
Overview WebLogic Server and WebLogic Express are application servers provided by Oracle formerly BEA Systems, Inc.. Plug-ins included in WebLogic Server and WebLogic Express contain a directory traversal vulnerability. WebLogic Server and WebLogic Express are application servers based on Java...
FreeStyleWiki cross-site scripting vulnerability
Overview FreeStyleWiki contains a cross-site scripting vulnerability. FreeStyleWiki, one of Wiki clones, contains a cross-site scripting vulnerability. NetAgent Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...
Cybozu Garoon session fixation vulnerability
Overview Cybozu Garoon, a groupware from Cybozu, contains a session fixation vulnerability. Cybozu Garoon, a groupware from Cybozu, contains a session fixation vulnerability which may allow an attacker to impersonate a user when the user logs into Cybozu Garoon using a session ID provided by the...
Sleipnir and Grani vulnerable to arbitrary script execution when Bookmark search results are restored from history
Overview Sleipnir and Grani, web browsers from Fenrir & Co., contain a vulnerability in the bookmark search function that allows an attacker to execute an arbitrary script when search results are restored from history. Sleipnir and Grani, web browsers from Fenrir & Co., have a bookmark search...
Lhaca LHZ Archive Extended Header Size Processing Buffer Overflow Vulnerability
Overview Lhaca does not process an LHZ archive with an invalid Extended Header Size properly, which could lead to buffer overflow. This problem is reported to be different from the issue identified in JVNDB-2007-000492 CVE-2007-3375. Impact An attacker could execute arbitrary code. Solution Pleas...
SEWB3/PLATFORM Denial of Service Vulnerability
Overview SEWB3/PLATFORM handles SEWB3 message improperly when it receives malformed data, which allows attackers to cause a Denial of Service DoS. Impact An attacker could cause a Denial of Service DoS. Solution Please refer to the 'Vendor Information' section for official remediation and take...
Multiple JustSystems products vulnerable to buffer overflow
Overview Multiple JustSystems products are vulnerable to buffer overflow. Multiple JustSystems products contain a vulnerability which allows a remote attacker to cause buffer overflow when a user opens or views a specially crafted .jtd file. Multiple products are affected by this vulnerability. F...
Trac cross-site scripting vulnerability
Overview Trac is a project management tool from Edgewall Software. InterAct Corp. provides a localized version of Trac in Japan. Trac wiki engine contains a cross-site scripting vulnerability. Impact A remote attacker could possibly execute an arbitrary script on the user's web browser. Solution...
04WebServer directory traversal vulnerability
Overview 04WebServer, an open source web server, contains a vulnerability allowing directory traversal bypassing user authentication. Impact A remote attacker could bypass a user authentication and view server files. Solution None...
Multiple vulnerabilities in Webmin and Usermin
Overview Webmin and Usermin, web-based system management tools, contain the following vulnerabilities: - Execution of arbitrary files and viewing source code by bypassing Webmin and Usermin's access restrictions - Cross-site scripting We are aware that these vulnerabilities have been addressed in...
Sun Java System Web Server cross-site scripting vulnerability
Overview Sun Java System Web Server originally called Sun ONE Web Server contains a cross-site scripting vulnerability. A vulnerable web server does not adequately validate the HTTP REFERER header before using the contents in the default error page. Impact A malicious script may be executed on th...
phpAdsNew cross-site scripting vulnerability
Overview phpAdsNew, an open source web advertising management system, contains a cross-site scripting vulnerability. Note that phpAdsNew is now called "Openads." The products listed below use the same module as phpAdsNew thus they are also affected by the vulnerability. - phpPgAds 2.0.9-pr1 and...
CGI RESCUE WebFORM missing mail content vulnerability
Overview WebFORM from CGI RESCUE is software that enables the emailing of contents of an HTML form. A vulnerability exists in WebFORM. By entering a particular string in the message body, a message missing sender information could be sent. Impact Some part of the sender information in the message...
CCC Cleaner division-by-zero vulnerability when scanning UPX-packed executables
Overview CCC Cleaner, provided from Cyber Clean Center between January 25 and March 12, 2007, contains a division-by-zero vulnerability that occurs when it scans UPX-packed executables. This vulnerability is caused by the "Antivirus UPX Parsing Kernel Buffer Overflow Vulnerability" on TrendMicro'...
Lunascape RSS reader arbitrary script execution vulnerability
Overview A vulnerability exists in the web browser Lunascape's RSS reader. An arbitrary script embedded in RSS feeds could be executed as the output of RSS information is not properly handled. Impact Arbitrary JavaScript could be executed within Lunascape's RSS reader. Solution None...
HP System Management Homepage cross-site scripting vulnerability
Overview A cross-site scripting vulnerability exists in Hewlett-Packard HP System Management Homepage SMH. HP System Management Homepage SMH from Hewlett-Packard is a web-based interface that can manage HP servers. A cross-site scripting vulnerability exists in SMH. It is also confirmed that Comp...
Internet Explorer vulnerable in MHTML handling
Overview Internet Explorer is vulnerable in handling MHTML MIME Encapsulation of Aggregate HTML protocol, which allows an arbitrary script execution. When Internet Explorer accesses a website with the MHTML protocol, Internet Explorer processes the contents as MHTML data, ignoring their actual...
WebCart cross-site scripting vulnerability
Overview WebCart, provided by CGI's, contains a cross-site scripting vulnerability. WebCart provided by CGI's is shopping cart software. WebCart's management interface contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution...
Cosminexus javadoc Cross-Site Scripting Vulnerability
Overview The javadoc command of Cosminexus may generate an HTML file that contains cross-site scripting vulnerabilities. Impact An attacker could exploit said HTML file vulnerable to cross-site scripting. Solution Please refer to the 'Vendor Information' section for official remediation and take...
PowerArchiver buffer overflow vulnerability
Overview PowerArchiver from ConeXware, Inc. contains a buffer overflow vulnerability. PowerArchiver, file compression/decompression software from ConeXware, Inc. supporting multiple compression file formats, contains a buffer overflow vulnerability. If a user opens a specially crafted file, an...
Hitachi JP1/File Transmission Server/FTP Authentication Bypass Vulnerability
Overview Hitachi JP1/File Transmission Server/FTP contains a vulnerability which could be exploited to bypass authentication. Impact An attacker could view the files in a certain directory. Solution Please refer to the 'Vendor Information' section for official remediation and take appropriate...
Drupal cross-site scripting vulnerability
Overview Drupal, an open source content management system, contains a cross-site scripting vulnerability. This vulnerability is different from JVN82240092. Impact An arbitrary script could be executed on the browser of the user who logged into Drupal. In addition, if session information from a...
NewsGlue and Ikinari Jijyoutsuu arbitrary script execution vulnerability
Overview NewsGlue and Ikinari Jijyoutsuu are RSS readers. An arbitrary script embedded in RSS feeds could be executed in either of the RSS readers, as they fail to handle the output of RSS information properly. Impact An arbitrary script could be executed in NewsGlue or Ikinari Jijyoutsuu...
Homepage Builder sample CGI programs vulnerable to OS command injection
Overview Some of the CGI sample programs included in Homepage Builder provided by IBM Japan contains a vulnerability which may allow an attacker to inject an arbitrary OS command. According to the vendor, it is confirmed that vulnerable CGI sample programs are not included in the demo versions of...
Meneame cross-site scripting vulnerability
Overview Meneame, an open source social bookmark system, contains a cross-site scripting vulnerability. Meneame, an open-source web application to build social bookmark systems, contains a cross-site scripting vulnerability, as it does not properly handle output data. Impact A remote attacker cou...
Internet Explorer vulnerable in handling MHTML protocol
Overview Internet Explorer is vulnerable in handling MHTML MIME Encapsulation of Aggregate HTML protocol, which allows the download dialog box to be bypassed. Some versions of Outlook Express are affected because the vulnerability is contained in Outlook Express component used by Internet Explore...
sHTTPd cross-site scripting vulnerability
Overview sHTTPd, from Uchu Ninja Neko-dan, contains a cross-site scripting vulnerability. sHTTPd from Uchu Ninja Neko-dan is a web server for Windows. sHTTPd contains a cross-site scripting vunerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the...
RaidenHTTPD cross-site scripting vulnerability
Overview RaidenHTTPD, from Sonei Information Systems TEAM JOHNLONG, contains a cross-site scripting vulnerability. RaidenHTTPD is a multipurpose web server for Windows provided by TEAM JOHNLONG. RaidenHTTPD contains a cross-site scripting vulnerability. Impact Arbitrary code could be executed on...
Yayoi Kaikei improper handling of credential information
Overview Yayoi Kaikei Quick Navigator sends user credentials unencrypted. Yayoi Kaikei Quick Navigator makes the user log into the vendor's server, and sends the user credentials unencrypted. Impact By monitoring the communication between Quick Navigator and the vendor's server, an attacker can...
Ichitaro series buffer overflow vulnerability
Overview The "Ichitaro" series word processing software contains a buffer overflow vulnerability. This vulnerability is different from JVN32981509 and JVN50495547. The "Ichitaro" series word processing software, from JustSystems Corporation, contains a buffer overflow vulnerability. If a user ope...
Hitachi JP1/File Transmission Server/FTP Denial of Service Vulnerability
Overview Hitachi JP1/File Transmission Server/FTP does not handle certain FTP command arguments properly, which could trigger Denial of Service DoS incidents. Impact An attacker could cause a Denial of Service DoS condition using the FTP commands with certain file names. Solution Please refer to...
JP1/Cm2/Network Node Manager Arbitrary Code Execution Vulnerability
Overview Shared Trace Service in JP1/Cm2/Network Node Manager NNM is vulnerable to arbitrary code execution. Impact An attacker could execute arbitrary code. Solution Please refer to the 'Vendor Information' section for the vendor recommended workaround...
Cosminexus Component Container Session Handling Vulnerability
Overview The session failover function in Cosminexus Component Container may fail to handle session information properly and allow one user's session data to be used as aonther user's session data. Impact A remote attacker could gain unauthorized access to other users' session and obtain sensitiv...
rktSNS cross-site scripting vulnerability
Overview rktSNS, an open source social networking service engine provided by rakuto.net, contains a cross-site scripting vulnerability. rktSNS, provided by rakuto.net, is open source software for community site construction. rktSNS contains a cross-site scripting vulnerability. Impact An arbitrar...
Safari URL spoofing vulnerability
Overview Apple's Safari contains a vulnerability that allows spoofing of URLs in the address bar. Apple's Safari is a web browser installed as default with Mac OS X. There is a problem in Safari where URLs displayed in the address bar could be spoofed to deceive Safari users. This could be...
Hitachi Web Server SSL Client Authentication Vulnerability
Overview Hitachi Web Server accepts an SSL certificate sent by a clinet trying to connect to the Server even if the certificate is fraudulent. The vulnerability does not affect the product if the SSL authenticaton client feature is disabled. Impact An attacker could gain access with a fraudulent...
GreaseKit and Creammonkey allows execution of userscript functions
Overview GreaseKit and Creammonkey contains a vulnerability that can be exploited to execute functions for userscripts. GreaseKit and Creammonkey are plugins that enable user scripting to Safari and other Apple Webkit applications, and they provide APIs callable only from userscripts. GreaseKit a...
Cybozu Office 6 information disclosure vulnerability
Overview A vulnerability exists in Cybozu Office 6 allowing the disclosure of registered users or groups information. Cybozu Office 6 provides several login methods. One of the methods, meant to be used in the Internet, allows direct entry of a username. However, even when this method is used,...
tDiary arbitrary Ruby script execution vulnerability
Overview tDiary is weblog software maintained by the tDiary development project. tDiary contains a vulnerability which allows a remote attacker to execute arbitrary Ruby scripts on a vulnerable system. Impact Depending on tDiary's configuration, an arbitrary Ruby script could be executed on the w...
MDPro cross-site scripting vulnerability
Overview MDPro, an open source content management system, contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. In addition, if session information from a cookie is leaked, an attacker could possibly conduct session hijacking. Solutio...
Kmail CGI authentication bypass vulnerability
Overview Kmail CGI is a web mail system for cellular phones. Kmail CGI contains a user authentication bypass vulnerability. Impact A remote attacker may bypass Kmail CGI's user authentication, and view or delete the emails of Kmail users. Solution None...
JP1 Request Handling Denial of Service Vulnerabilities
Overview Hitachi JP1 products fails to handle unexpected requests and data, which could be exploited to cause a denial of service condition. Impact An attacker could cause a Denial of Service DoS. Solution Please refer to the 'Vendor Information' section for official remediation and take...
Hiki cross-site scripting vulnerability
Overview Hiki, a Wiki clone from the Hiki development team, contains a cross-site scripting vulnerability. Impact A remote attacker could create a content containing attacking code and take over a session by stealing the session ID of the user who logged into the system. If the user logged into t...
Canna irw_through Buffer Overflow Vulnerability
Overview Canna contains a buffer overflow vulnerability in the irwthrough function. Impact A local attacker could execute arbitrary code with the privileges of the 'bin' user. Solution Please refer to the 'Vendor Information' section for official remediation and take appropriate action...
LHa Vuffer Overflow Vulnerability in Testing and Extracting Process
Overview LHa for UNIX does not handle the header length information properly when testing or extracting an archive, which could lead to buffer overflow. Impact An attacker could execute arbitrary code with the privilege of the user running LHa. Solution Please refer to the 'Vendor Information'...