5625 matches found
Movable Type Enterprise cross-site scripting vulnerability
Overview Movable Type Enterprise contains a cross-site scripting vulnerability. Movable Type Enterprise, a web log system from Six Apart KK for business users, contains a cross-site scripting vulnerability. This vulnerability is different from JVN02216739. This vulnerability has been fixed in...
Movable Type Enterprise cross-site scripting vulnerability
Overview Movable Type Enterprise contains a cross-site scripting vulnerability. Movable Type Enterprise, a web log system from Six Apart KK for business users, contains a cross-site scripting vulnerability. This vulnerability is different from JVN30385652 and JVN81490697. Yosuke HASEGAWA of...
I-O DATA DEVICE HDL-F series cross-site request forgery vulnerability
Overview The HDL-F series products from I-O DATA DEVICE, INC. are LAN connectable hard disk drives. The web interface for administration in the products contains a cross-site request forgery vulnerability. The HDL-F series products provided by I-O DATA DEVICE, INC. are LAN connectable hard disk...
JP1/VERITAS NetBackup JAVA Administration GUI Privilege Escalation Vulnerability
Overview The JAVA Administration Graphical User Interface GUI in JP1/VERITAS NetBackup contains a privilege escalation vulnerability. Impact A remote authenticated attacker could gain escalated privileges. Solution Please refer to the 'Vendor Information' section for the official countermeasure a...
CGI RESCUE MiniBBS2000 directory traversal vulnerability
Overview MiniBBS2000 from CGI RESCUE contains a directory traversal vulnerability. MiniBBS2000, a message board script provided by CGI RESCUE, contains a directory traversal vulnerability. The vendor reported that the downloadable files addressing this vulnerability were incorrect v1.02. Files...
GungHo LoadPrgAx vulnerable to arbitrary Java program execution
Overview LoadPrgAx ActiveX control from GungHo Online Entertainment, Inc. contains a vulnerability that allows an attacker to execute an arbitrary Java program. LoadPrgAx from GungHo Online Entertainment, Inc. is an ActiveX control that runs games provided by the company. LoadPrgAx contains a...
CA ARCserver Backup and CA ARCserve Backup Client Agent Denial of Service (DoS) Vulnerability
Overview CA ARCserve Backup and CA ARCserve Backup Client Agent fail to properly handle packets with a large integer value used in an increment to TCP port 41523, which leads to a denial of service DoS. Impact A remote attacker could cause a denial of service DoS condition. Solution Please refer ...
Apache Tomcat allows access from a non-permitted IP address
Overview Apache Tomcat from The Apache Software Foundation contains a vulnerability which may allow a user from a non-premitted IP address to gain access. Apache Tomcat from the Apache Software Foundation is an implementation of the Java Servlet and JavaServer Page JSP technologies. Apache Tomcat...
EC-CUBE cross-site scripting vulnerability
Overview EC-CUBE provided by LOCKON CO.,LTD. contains a cross-site scripting vulnerability. EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains a cross-site scripting vulnerability. This vulnerability is different from JVN61543834, JVN26621646, a...
EC-CUBE vulnerable to SQL injection
Overview EC-CUBE provided by LOCKON CO.,LTD. contains a SQL injection vulnerability. EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains a SQL injection vulnerability. Impact An remote attacker could obtain the website administrator's privilege...
Kantan WEB Server directory traversal vulnerability
Overview Kantan WEB Server provided by Arihiro Kurata contains a directory traversal vulnerability. Kantan WEB Server is a web server for Windows provided by Arihiro Kurata. Kantan WEB Server contains a directory traversal vulnerability. Daiki Fukumori of Secure Sky Technology, Inc. reported this...
Hitachi JP1/File Transmission Server/FTP Transmission Failure Problem
Overview Hitachi JP1/File Transmission Server/FTP has a problem where file transmission fails due to the termination of the connection or failure of getting a response from the server when executing FTP commands with certain arguments. Impact When executing FTP commands with certain arguments, fi...
Blogn vulnerable to cross-site scripting
Overview Blogn from R-ONE Computer contains a cross-site scripting vulnerability. Blogn from R-ONE Computer is software for creating blogs. Blogn contains a cross-site scripting vulnerability. Masako Ohno of NetAgent Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the...
mysql-lists from AquaGardenSoft Co.,Ltd. vulnerable to cross-site scripting
Overview mysql-lists from AquaGardenSoft Co.,Ltd. contains a cross-site scripting vulnerability. mysql-lists from AquaGardenSoft Co.,Ltd. is software to show MySQL data on the web browser. mysql-lists contains a cross-site scripting vulnerability. Shuya Ueki reported this vulnerability to IPA...
Cross-Site Scripting Vulnerability in Hitachi Collaboration - Online Community Management
Overview A cross-site scripting vulnerability has been found in Hitachi Collaboration - Online Community Management. Impact An attacker could execute a cross-site scripting attack. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate actio...
Cross-Site Scripting Vulnerability in Hitachi Web Server Status Information Display Function
Overview A cross-site scripting vulnerability has been found with the Status Information Display function of Hitachi Web Server. Impact An attacker could execute a cross-site scripting attack by sending a request that contains malicious scripts. The vulnerability does not affect the products if t...
Geeklog Forum Plugin vulnerable to cross-site scripting
Overview Geeklog Forum Plugin contains a cross-site scripting vulnerability. Geeklog Forum Plugin is a plugin for Geeklog, an open source contents management system. Geeklog Forum Plugin contains a cross-site scripting vulnerability. NetAgent Co., Ltd. reported this vulnerability to IPA. JPCERT/C...
WebProxy from LunarNight Laboratory vulnerable to cross-site scripting
Overview WebProxy provided by LunarNight Laboratory contains a cross-site scripting vulnerability. WebProxy is a perl script for web proxy provided by LunarNight Laboratory. WebProxy contains a cross-site scripting vulnerability. Shuya Ueki reported this vulnerability to IPA. JPCERT/CC coordinate...
Safari installed in iPod touch and iPhone vulnerable in handling server certificates
Overview Safari web browser installed in iPod touch and iPhone contains a vulnerability which allows a self-signed or invalid server certificate to be accepted without the user's explicit concent. Safari is a web browser provided by Apple. Safari installed in iPod touch and iPhone accepts a...
Redmine vulnerable to cross-site scripting
Overview Redmine, open source project management software, contains a cross-site scripting vulnerbility. Redmine is open source project management software written by Ruby on Rails framework. Redmine contains a cross-site scripting vulnerability. Toshiharu Sugiyama of UBsecure, Inc. reported this...
Multiple Cybozu products vulnerable to cross-site request forgery
Overview Multiple Cybozu products contain a cross-site request forgery vulnerability. Daiki Fukumori of Secure Sky Technology, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the vendors under Information Security Early Warning Partnership. Impact If a user views a malicious w...
CGIWrap error page cross-site scripting vulnerability
Overview CGIWrap error page is vulnerable to a cross-site scripting. CGIWrap is a gateway program that allows general users to use CGI scripts and HTML forms on the web server. CGIWrap contains a cross-site scripting vulnerability as it does not specify charset in the error page. Hirohisa Yamaguc...
WEB MART from KENT WEB vulnerable to cross-site scripting
Overview WEB MART, from KENT WEB, contains a cross-site scripting vulnerability. WEB MART provided by KENT WEB is shopping cart software. WEB MART contains a cross-site scripting vulnerability. Akira Noda of Tokyo Institute of Technology reported this vulnerability to IPA. JPCERT/CC coordinated...
skk Arbitrary Code Execution Vulnerability
Overview skk Simple Kana to Kanji conversion software would create an insecure temporary file without taking proper security precautions. Impact An local attacker could overwrite arbitrary files. Solution Please refer to the 'Vendor Information' section for official remediation and take appropria...
LHA extrace_one Vuffer Overflow Vulnerability
Overview LHA lhext.c contains a buffer overflow vulnerability with the extractone funcation, which stems from improper handling of a 'w' option argument. Impact An remote attacker could execute arbitrary code. Solution Please refer to the 'Vendor Information' section for official remediation and...
LHA Arbitrary Command Execution Vulnerability with Shell Metacharacter in Directory Name
Overview LHA is vulnerable to arbitrary command execution due to improper handling of directory names cantaining shell metacharacters. Impact An remote attacker could execute arbitrary command. Solution Please refer to the 'Vendor Information' section for official remediation and take appropriate...
desknet's buffer overflow vulnerability
Overview destnet's contains multiple vulnerability. A malicious script may be executed when an user views a crafted HTML email or information. destnet's contains multiple vulnerability. - A malicious script may be executed when the user views an crafted HTML email or information. - A script writt...
Vulnerability in multiple web browsers allowing request spoofing attacks
Overview Multiple web browsers contain a vulnerability in the processing of XmlHttpRequest objects. XmlHttpRequest objects available in JavaScript provide a function to communicate with a server without reloading a web page. In general, JavaScript only allows communication within the same domain ...
Ruby vulnerability allowing to bypass safe level 4 as a sandbox
Overview Ruby is a object-oriented scripting language that supports execution of untrusted code with two mechanisms: "object taint" and "safe level". Ruby contains a vulnerability that may allow an attacker to execute an arbitrary script by bypassing the "safe level" checks. Impact An attacker...
Fujitsu Java Runtime Environment reflection API vulnerability
Overview A vulnerability exists in the reflection API in the Java Runtime Environment that may allow a Java applet to elevate its privileges bypassing its security restrictions. This problem was reported by Sun Microsystems as a vulnerability in Java Runtime Environment. Fujitsu's product is...
Norton AntiVirus causes abnormal OS termination when a user edits a shared network file
Overview Symantec Norton AntiVirus 2005 contains a vulnerability which could cause abnormal OS termination if a user running the vulnerable Norton AntiVirus edits a file in the shared network folder if "SmartScan" is chosen in the "Which file types to scan for viruses" setting. Impact When a file...
Virus Security heap overflow vulnerability
Overview SourceNext Virus Security has a problem in the email processing. It is affected by a heap overflow vulnerability when receiving specially crafted emails. Impact A remote attacker may cause a denial of service and execute arbitrary code with the Local System privilege. Solution None...
desknet's cross-site scripting vulnerability
Overview If a user views HTML email containing a malicious script, it could be executed. This problem allows execution of script having patterns other than those addressed in JVNF88C2C13 additional information to JVN89DE2014. Impact lf a login ID, password, or session information is leaked, an...
WirelessIP5000 has multiple vulnerabilities
Overview WirelessIP5000, a wireless IP phone from Hitachi Cable, contains multiple vulnerabilities; - Illegal access using the port TCP3390 - SNMP access using an arbitrary community name - Access to the HTTP server by an unauthorized user in the factory default configuration - The HTTP server...
Multiple vulnerabilities in FreeStyleWiki including cross-site scripting
Overview FreeStyleWiki contains a cross-site scripting and a cross-site request forgery vulnerabilities. The cross-site scripting vulnerability could allow a remote attacker to create a web page containing a malicious script. The cross-site request forgery vulnerability could allow a remote...
BBSNote cross-site scripting vulnerability
Overview BBSNote, CGI bulletin board script, contains a cross-site scripting vulnerability due to improper handling of CGI arguments. Impact A malicious script may be executed on the user's web browser. Solution None...
Buffalo router configuration management interface vulnerable to remote access and password leakage
Overview Some Buffalo routers have a vulnerability that could allow remote access from the WAN side. A remote attacker could exploit this vulnerability to manipulate a router by gaining administrative privileges. By accessing the management interface, a remote attacker could also obtain user's...
w3ml cross-site scripting vulnerability
Overview w3ml, a program used to display mailing list logs on the web site, contains a cross-site scripting vulnerability. Impact An arbitrary script could be executed on the user's web browser which may allow an attacker to steal cookie information. Solution None...
Java Cryptography Extension 1.2.1 (JCE 1.2.1) will no longer function properly after July 28, 2005 due to the expiration of its digital certificate
Overview The digital certificate that was used to sign jar files in the Java Cryptography Extension JCE 1.2.1 expires on July 28, 2005. JCE 1.2.1 limits program behaviors after the expiration of the digital certificate. As a result, specific methods of JCE 1.2.1 will no longer work properly after...
Pochy denial-of-service (DoS) vulnerability
Overview Pochy, email client software operating in the Microsoft Windows environment, contains a vulnerability that may cause the processing to stop while the CPU load is high and a denial-of-service DoS after receiving a specific string. Impact A remote attacker could exploit this vulnerability ...
Cross-site scripting vulnerability in the Unicode version of msearch
Overview The Unicode version of msearch, a full text search engine for websites, contains a cross-site scripting vulnerability. This problem is caused by a function added to the Unicode version of msearch. Impact A malicious script may be executed on the user's web browser. Solution None...
nProtect Netizen has multiple vulnerabilities
Overview nProtect Netizen contains multiple vulnerabilities. - It may fetch update files from an arbitrary site - It may download and save malicious files - It may cause an abnormal web browser termination Impact A remote attacker could lead a user to save a malicious file to the local storage an...
Lha Directory Traversal Vulnerability in Testing and Extracting Process
Overview LHa for UNIX is vulnerable to directory traversal due to improper path validation when testing or extracting an archive. Impact An attacker could bypass access restriction and create arbitrary files in the directories for which he has no permission. Solution Please refer to the 'Vendor...
LHA Buffer Overflow Vulnerability with lack of Path Length Validation
Overview LHA is vulnerable to buffer overflow due to improper handling of a pathname in the LHarc Format 2 header for an .LHZ archive. Impact An remote attacker coulf execute arbitrary code. Solution Please refer to the 'Vendor Information' section for official remediation and take appropriate...
Ruby cgi.rb Denial of Service Vulnerability
Overview Ruby cgi.rb enters an infinite loop which leads it into Ddenial of Service DoS due to improper input validation. Impact An attacker could cause a Denial of Service DoS onto the systems. Solution Please refer to the 'Vendor Information' section for official remediation and take appropriat...
Namazu cross-site scripting vulnerability
Overview Namazu is vulnerable to cross-site scripting due to a problem in namazu.cgi. If an illegal character is specified in a string search of namazu.cgi, the subsequent characters are not processed properly. Impact All sites that use namazu.cgi for search processing on websites are vulnerable ...
Ichitaro buffer overflow vulnerability
Overview Ichitaro, word-processing software contains a buffer overflow vulnerability. Impact Arbitrary code could be executed on the Ichitaro user's PC, if the user opens a specially crafted Ichitaro file sent by a remote attacker. Solution...
NEC MultiWriter 1700C/7500C FTP server vulnerability
Overview NEC printers contain a vulnerability which allow connection to external FTP servers via the printer's internal FTP server. Although the printer's FTP server can connect to a target FTP server, it cannot send files to a target FTP server. Impact A remote attacker could possibly conduct a...
NEC MultiWriter 1700C web server authentication bypass vulnerability
Overview Certain NEC printers have build-in web servers. They contain a vulnerability, where unauthorized users could change the system configuration. Impact A remote attacker could change the system configuration of the printer's built-in web server. Solution None...
MyODBC Japanese Conversion Edition denial of service vulnerability
Overview MyODBC is an ODBC driver that allows ODBC-compliant applications to communicate with a MySQL database. MyODBC Japanese Conversion Edition is a Windows version of the driver with additional Japanese encoding functionality released from SoftAgency. MyODBC Japanese Conversion Edition contai...