Lucene search
K
JvnMost viewed

5625 matches found

Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/09/09 7:21 a.m.•3 views

Fujitsu Interstage Application Server Access Control Update Problem

Overview Under certain conditions, the Single Sign-On function in the Fujitsu Interstage Application Server fails to properly update access control information. Impact Access control may not be properly implemented. Solution Please refer to the 'Vendor Information' section for the official...

4CVSS6.9AI score
Exploits0References3
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/09/02 8:22 a.m.•3 views

Blogn vulnerable to cross-site scripting

Overview Blogn from R-ONE Computer contains a cross-site scripting vulnerability. Blogn from R-ONE Computer is software for creating blogs. Blogn contains a cross-site scripting vulnerability. Masako Ohno of NetAgent Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the...

4.3CVSS6.2AI score0.01065EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/07/29 5:57 a.m.•3 views

Geeklog Forum Plugin vulnerable to cross-site scripting

Overview Geeklog Forum Plugin contains a cross-site scripting vulnerability. Geeklog Forum Plugin is a plugin for Geeklog, an open source contents management system. Geeklog Forum Plugin contains a cross-site scripting vulnerability. NetAgent Co., Ltd. reported this vulnerability to IPA. JPCERT/C...

4.3CVSS6.2AI score0.01223EPSS
Exploits0References9
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/07/24 5:23 a.m.•3 views

WebProxy from LunarNight Laboratory vulnerable to cross-site scripting

Overview WebProxy provided by LunarNight Laboratory contains a cross-site scripting vulnerability. WebProxy is a perl script for web proxy provided by LunarNight Laboratory. WebProxy contains a cross-site scripting vulnerability. Shuya Ueki reported this vulnerability to IPA. JPCERT/CC coordinate...

4.3CVSS6.2AI score0.02026EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/07/16 3:27 a.m.•3 views

Safari installed in iPod touch and iPhone vulnerable in handling server certificates

Overview Safari web browser installed in iPod touch and iPhone contains a vulnerability which allows a self-signed or invalid server certificate to be accepted without the user's explicit concent. Safari is a web browser provided by Apple. Safari installed in iPod touch and iPhone accepts a...

4.3CVSS6.2AI score0.01214EPSS
Exploits1References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/07/08 3:15 a.m.•3 views

Redmine vulnerable to cross-site scripting

Overview Redmine, open source project management software, contains a cross-site scripting vulnerbility. Redmine is open source project management software written by Ruby on Rails framework. Redmine contains a cross-site scripting vulnerability. Toshiharu Sugiyama of UBsecure, Inc. reported this...

4.3CVSS6.3AI score0.01065EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/07/08 3:14 a.m.•3 views

Cybozu Garoon vulnerable to arbitrary script execution

Overview Cybozu Garoon, a groupware from Cybozu, contains a vulnerability that allows an attacker to execute an arbitrary script when a user views RSS feed. Yoshiki Kawada of LAC Little eArth Corporation reported this vulnerability to IPA. JPCERT/CC coordinated with the vendors under Information...

4.3CVSS7AI score0.01292EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/07/08 3:14 a.m.•3 views

Multiple Cybozu products vulnerable to cross-site request forgery

Overview Multiple Cybozu products contain a cross-site request forgery vulnerability. Daiki Fukumori of Secure Sky Technology, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the vendors under Information Security Early Warning Partnership. Impact If a user views a malicious w...

6.8CVSS6.7AI score0.01044EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/06/20 4:46 a.m.•3 views

CGIWrap error page cross-site scripting vulnerability

Overview CGIWrap error page is vulnerable to a cross-site scripting. CGIWrap is a gateway program that allows general users to use CGI scripts and HTML forms on the web server. CGIWrap contains a cross-site scripting vulnerability as it does not specify charset in the error page. Hirohisa Yamaguc...

4.3CVSS5.9AI score0.0125EPSS
Exploits0References9
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/06/06 3:1 a.m.•3 views

WEB MART from KENT WEB vulnerable to cross-site scripting

Overview WEB MART, from KENT WEB, contains a cross-site scripting vulnerability. WEB MART provided by KENT WEB is shopping cart software. WEB MART contains a cross-site scripting vulnerability. Akira Noda of Tokyo Institute of Technology reported this vulnerability to IPA. JPCERT/CC coordinated...

4.3CVSS6.2AI score0.01065EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/06/06 3:0 a.m.•3 views

Hitachi Groupmax Collaboration Products Cross-Site Scripting Vulnerability

Overview A cross-site scripting vulnerability has been found in the Hitachi Groupmax Collaboration products. Impact A remote attacker could execute arbitrary scripts. Solution Please refer to the 'Vendor Information' section for official countermesure and take appropriate action...

4.3CVSS6.6AI score
Exploits0References1
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•3 views

Multiple Yamaha routers vulnerable to cross-site request forgery

Overview The web interface in multiple Yamaha routers is vulnerable to cross-site request forgery. Multiple Yamaha routers provide a web-based interface for users to configure the settings of the routers. The web interface is vulnerable to cross-site request forgery. Impact If the administrator...

7.5CVSS6.9AI score0.00678EPSS
Exploits0References10
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•3 views

Symantec Backup Exec for Windows Server ActiveX Control Multiple Buffer Overflow Vulnerabilities

Overview The PVATLCalendar.PVCalendar.1 pvcalendar.ocx ActiveX control, a scheduler component of the Media Server in Symantec Backup Exec for Windows Server BEWS, includes the insecure Save method that mishandles long strings assigned to various properties listed below, which can be exploited to...

9.3CVSS7.6AI score0.50419EPSS
Exploits8References10
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•3 views

EUR Print Manager Denial of Service Vulnerability

Overview EUR Print Manager fails to accept job execution requests when it receives unexpected data, which could be exploited to cause a Denial of Service DoS condition. Impact An attacker could cause a Denial of Service DoD. Solution Please refer to the 'Vendor Information' section for official...

5CVSS6.9AI score0.01397EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•3 views

PC2M cross-site scripting vulnerability

Overview PC2M is an open source web application which converts web pages and images to be available on web-capable mobile devices such as cellphones and PDAs. PC2M contains a cross-site scripting vulnerability. Impact An arbitrary script can be executed on the user's web browser. Solution Update...

4.3CVSS6.3AI score0.01033EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•3 views

Cross-site scripting vulnerability in multiple Tor World CGI scripts

Overview Multiple Tor World CGI scripts contain a cross-site scripting vulnerability. Tor World provides CGI scripts for implementing search engines, message boards, and other tools. Multiple Tor World CGI scripts contain a cross-site scripting vulnerability. Impact An arbitrary script can be...

4.3CVSS6.4AI score0.01033EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•3 views

Namazu cross-site scripting vulnerability

Overview Namazu, Japanese full-text search engine, contains a cross-site scripting vulnerability. Namazu, Japanese full-text search engine does not specify charset in the ContentType header that could allow a remote attacker to execute an arbitrary script on the user's web browser. Impact An...

4.3CVSS6.2AI score0.01745EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•3 views

Multiple email clients vulnerable in handling an attachement inapropriately

Overview Some email clients contain a vulnerability which may crash themselves as they do not properly handle an attached file with an particular file name. Impact Actual impact could differ depending on the email clients though, email clients may crash when hadling an attached file with a...

5CVSS6.7AI score0.01814EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•3 views

mail f/w system vulnerable to allow unauthorized email transmissionk

Overview mail f/w system is software that enables the the emailing of the contents of a form. A vulnerability exists in mail f/w system that allows a remote attacker to send email to arbitrary addresses, due to inadequate validation of certain values in mail headers. Impact A remote attacker may...

5CVSS6.9AI score0.01459EPSS
Exploits0References10
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•3 views

Ichitaro buffer overflow vulnerability

Overview Ichitaro, word-processing software contains a buffer overflow vulnerability. Impact Arbitrary code could be executed on the Ichitaro user's PC, if the user opens a specially crafted Ichitaro file sent by a remote attacker. Solution...

5.1CVSS7.4AI score0.02911EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•3 views

ServerView cross-site scripting vulnerability

Overview ServerView, server-monitoring software included with Fujitsu servers, contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution None...

4.3CVSS6.3AI score0.01275EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•3 views

Owl SQL injection vulnerability

Overview Owl, an open source document management and publishing system, contains an SQL injection vulnerability. Impact A remote attacker may modify or steal the database contents. Solution None...

7.5CVSS8AI score0.01308EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•3 views

Cybozu products vulnerable to directory traversal

Overview Multiple Cybozu products contain a directory traversal vulnerability. Impact A remote authenticated attacker could read an arbitrary file on the server. The files that can be viewed by an attacker depend on the environment where the Cybozu products are installed. Solution None...

4CVSS6.9AI score0.01548EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•3 views

MyODBC Japanese Conversion Edition denial of service vulnerability

Overview MyODBC is an ODBC driver that allows ODBC-compliant applications to communicate with a MySQL database. MyODBC Japanese Conversion Edition is a Windows version of the driver with additional Japanese encoding functionality released from SoftAgency. MyODBC Japanese Conversion Edition contai...

7.8CVSS6.7AI score0.01205EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•3 views

EC-CUBE cross-site scripting vulnerability

Overview EC-CUBE, an open source system for creating shopping websites, contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. If session information from a cookie is leaked, session hijacking could be conducted. Solution None...

4.3CVSS6.1AI score0.01262EPSS
Exploits0References12
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•3 views

Blogn cross-site scripting vulnerability

Overview Blogn, a script for the creation of blogs from R-ONE, contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. In addition, if session information from a cookie is leaked, an attacker could possibly conduct session hijacking...

6.8CVSS6AI score0.014EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•3 views

Shopping Basket Professional vulnerable to OS command injection

Overview Shopping Basket Professional provided by CGI RESCUE contains a vulnerability which allows a remote attacker to inject an arbitrary OS command as it does not properly validate input data. Impact A remote attacker could execute an arbitrary OS command on the server where Shopping Basket...

7.5CVSS7.2AI score0.01359EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•3 views

FENCE-Pro and Systemwalker Desktop Encryption self-decoding file vulnerability

Overview Fujitsu's encryption software FENCE-Pro and Systemwalker Desktop Encryption share the same components. A vulnerability exists in self-decoding files created using this software. Impact The third party could view the contents of self-decoding files and obtain the passwords used for the...

3.6CVSS6.8AI score0.00239EPSS
Exploits0References10
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•3 views

Interstage Application Server cross-site scripting vulnerability

Overview The Servlet Service for Interstage Business Application and the Servlet Service for Interstage Management Console may be referred to as "Servlet Service for Interstage Operation Management" in certain versions included in the Interstage product series from Fujitsu contain a cross-site...

4.3CVSS6.3AI score0.01551EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•3 views

Overlay Weaver cross-site scripting vulnerability

Overview Overlay Weaver is software for constructing and emulating overlay network. Overlay Weaver's DHT shell contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution None...

4.3CVSS6.3AI score0.01223EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•3 views

Canon Network Camera Server VB100 Series vulnerable to cross-site scripting

Overview Canon Network Camera Server VB100 Series contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed in the camera server management screen. Solution None...

4.3CVSS6.3AI score0.01233EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•3 views

Mayaa cross-site scripting vulnerability

Overview Mayaa, a Java template engine from the Seasar Project, contains a cross-site scripting vulnerability. Mayaa from the Seasar Project is an open source Java template engine. A cross-site scripting vulnerability exists in Mayaa. Impact An arbitrary script may be executed on the user's web...

4.3CVSS6.2AI score0.01223EPSS
Exploits0References9
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•3 views

Fulltext search CGI from futomi's CGI Cafe vulnerable to cross-site scripting

Overview Fulltext search CGI from futomi's CGI Cafe contains a cross-site scripting vulnerability. Fulltext search CGI, website search software from futomi's CGI Cafe, contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution...

4.3CVSS6.3AI score
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•3 views

Shopping Basket Pro directory traversal vulnerability

Overview A directory traversal vulnerability exists in Shopping Basket Pro from CGI RESCUE. Shopping Basket Pro from CGI RESCUE is shopping cart software. A directory traversal vulnerability exists in Shopping Basket Pro. Impact A remote attacker could obtain a list of the file and directory name...

5CVSS6.9AI score0.01838EPSS
Exploits0References9
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•3 views

7-ZIP32.DLL buffer overflow vulnerability

Overview 7-ZIP32.DLL, a library for compression and decompression supporting 7z, zip, and some other format files, contains a buffer overflow vulnerability. 7-ZIP32.DLL is an open source library for compression and decompression supporting 7z, zip, and some other format files. 7-ZIP32.DLL is base...

6.8CVSS8.1AI score0.05556EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•3 views

Safari allows access from HTTP to HTTPS

Overview Apple Safari contains a vulnerability that allows a remote attacker to access HTTPS content via an HTTP session. Safari is a default web browser installed in Mac OS X and iPhone. Safari contains a vulnerability that allows a remote attacker to access web page contents protected by SSL/TL...

6.8CVSS6.5AI score0.02569EPSS
Exploits0References12
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•3 views

Google Web Toolkit vulnerable to cross-site scripting

Overview Google Web Toolkit GWT is vulnerable to cross-site scripting. Google Web Toolkit GWT is an open source software development framework that allows web developers to create Ajax applications in Java. The benchmark reporting system in GWT is vulnerable to cross-site scripting. Impact An...

4.3CVSS6.5AI score0.00951EPSS
Exploits0References10
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•3 views

Cross-site scripting in Sun Java System Web Server and Sun Java System Web Proxy Server

Overview Sun Java System Web Server and Sun Java System Web Proxy Server are vulnerable to cross-site scripting. Sun Java System Web Server and Sun Java System Web Proxy Server, which are both web servers, provide a function for a user to view access logs and other records in a web browser. This...

4.3CVSS6.4AI score0.01875EPSS
Exploits0References13
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•3 views

Groupmax Collaboration Schedule Information Disclosure Vulnerability

Overview The Schedule component in Groupmax Collaboration contains an information disclosure vulnerability where non-disclosable information can be displayed on a schedule portlet. Impact Unintended information diasclosure could occur, which an attacker could exploit for further attack. Solution...

5CVSS6.2AI score0.01442EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•3 views

Serene Bach cross-site scripting vulnerability

Overview Serene Bach, a weblog management tool from SerendipityNZ Limited, contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Also, session information or credential information kept in a cookie could be leaked. Solution None...

6.8CVSS6.2AI score0.01695EPSS
Exploits0References10
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•3 views

Sleipnir RSS bar vulnerable in handling RSS data in an inappropriate security zone

Overview Sleipnir is a tabbed web browser developed in Japan by Fenrir & Co. Sleipnir RSS bar contains a vulnerability that RSS data is handled in an inappropriate security zone My Computer zone. Impact An arbitrary script could be executed in an inappropriate security zone. Solution None...

7.5CVSS6.8AI score0.01688EPSS
Exploits0References9
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•3 views

CCC Cleaner buffer overflow vulnerability

Overview CCC Cleaner, provided by Cyber Clean Center between January 25 and February 9, 2007, contains a buffer overflow vulnerability that occurs when it scans UPX-packed executables. This vulnerability is caused by a buffer overflow vulnerability in the scan processing of UPX compressed...

9.3CVSS7.3AI score0.083EPSS
Exploits0References13
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•3 views

MailDwarf vulnerability allows unauthorized sending of emails

Overview MailDwarf, released from HTML Dwarf, is a CGI program that enables a user to send e-mail message via web page. MailDwarf contains a vulnerability that allows unauthorized email to be sent to a different address set by the administrator. Impact A remote attacker may exploit the...

5CVSS6.8AI score0.01222EPSS
Exploits0References9
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•3 views

dotProject cross-site scripting vulnerability

Overview dotProject, an open source project management tool, contains a cross-site scripting vulnerability. This vulnerability is different from JVN97636431. Impact An arbitrary script may be executed on the user's web browser. In particular, if session information from a cookie is leaked, sessio...

4.3CVSS6.1AI score0.01263EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•3 views

Lhaplus buffer overflow vulnerability

Overview Lhaplus, file compression/decompression software supporting multiple compression file formats, contains a buffer overflow vulnerability. Lhaplus, file compression/decompression software supporting multiple compression file formats, contains a buffer overflow vulnerability. If a user...

6.8CVSS8AI score0.03456EPSS
Exploits0References9
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•3 views

Apache UTF-7 Encoding Cross-Site Scripting Vulnerability

Overview The modautoindex.c module in Apache HTTP Server is vulnerable to a cross-site scripting attack. When the charset on a server-generated page is undefined, the vulnerability allows attackers to inject arbitrary scripts or HTML via the P parameter using the UTF-7 charset. Impact An attacker...

6.1CVSS6.8AI score0.26188EPSS
Exploits0References26
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•3 views

Nessus report function vulnerable to arbitrary script execution

Overview Nessus scanning report in HTML format contains the target server's responses against Nessus scanning. Nessus fails to properly handle the responses. This may cause a script to be executed on a user's web browser when the user views the report. Nessus, a vulnerability scanner from Tenable...

5.8CVSS6.7AI score
Exploits0References3
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•3 views

KDDI sample CGI download program directory traversal vulnerability

Overview A directory traversal vulnerability exists in a sample CGI download program included with KDDI's EZFactory. A sample CGI download program is included with KDDI's EZFactory for downloading and saving data such as images and ringtones to EZweb compatible cellular phones. A directory...

7.8CVSS6.6AI score0.01996EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•3 views

Aruba Mobility Controller Series cross-site scripting vulnerability

Overview Aruba Mobility Controller series, switch products from Aruba Networks, contain a cross-site scripting vulnerability. Aruba Mobility Controller series, switch products from Aruba Networks, contain a cross-site scripting vulnerability in the login page to the web management screens. Impact...

4.3CVSS6.2AI score0.01484EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•3 views

Fuktommy.com httpd.pl including HTML preprocessor vulnerable to directory traversal

Overview httpd.pl from Fuktommy.com including an HTML preprocessor contains a directory traversal vulnerability. httpd.pl, an open source web server application program from Fuktommy.com including an HTML preprocessor, contains a directory traversal vulnerability. Impact A remote attacker could,...

5CVSS6.6AI score
Exploits0References2
Total number of security vulnerabilities5000