5625 matches found
Cybozu products vulnerable to directory traversal
Overview Multiple Cybozu products contain a directory traversal vulnerability. Impact A remote authenticated attacker could read an arbitrary file on the server. The files that can be viewed by an attacker depend on the environment where the Cybozu products are installed. Solution None...
Hyper NIKKI System cross-site scripting vulnerability
Overview Hyper NIKKI System hns, web log software from the Hyper NIKKI System Project, contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. If session information from a cookie is leaked, an attacker could possibly conduct session...
Chama Cargo cross-site scripting vulnerability
Overview Chama Cargo, a cgi program written in perl for creating shopping websites, contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution None...
a-blog cross-site scripting vulnerability
Overview a-blog, a server-based blog tool from appleple, Inc. contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. If session information from a cookie is leaked, an attacker could possibly conduct session hijacking. Solution None...
SugarCRM cross-site scripting vulnerability
Overview SugarCRM, open source CRM Customer Relationship Management software, contains a cross-site scripting vulnerability. This vulnerability is different from JVN30144870. Impact An arbitrary script could be executed on the user's web browser where the user logged into SugarCRM. If an attacker...
CGI RESCUE WebFORM vulnerable to cross-site scripting
Overview WebFORM, released from CGI RESCUE, is a CGI script written in perl that allows a user to send email messages via a HTML form. WebFORM contains a cross-site scripting vulnerability. Impact An abitrary script may be executed on the user's web browser. Solution None...
Sleipnir RSS bar vulnerable in handling RSS data in an inappropriate security zone
Overview Sleipnir is a tabbed web browser developed in Japan by Fenrir & Co. Sleipnir RSS bar contains a vulnerability that RSS data is handled in an inappropriate security zone My Computer zone. Impact An arbitrary script could be executed in an inappropriate security zone. Solution None...
Sleipnir RSS bar vulnerable in handling RSS data in an inappropriate security zone
Overview Sleipnir is a tabbed web browser developed in Japan by Fenrir & Co. Sleipnir RSS bar contains a vulnerability that RSS data is handled in an inappropriate security zone My Computer zone. Impact An arbitrary script could be executed in an inappropriate security zone. Solution None...
ColdFusion error page cross-site scripting vulnerability
Overview ColdFusion, web application development software from Adobe, contains a cross-site scripting vulnerability in its error page. This vulnerability is different from JVN28356427. Impact An arbitrary script may be executed on the user's web browser. If session information from a cookie is...
FENCE-Pro and Systemwalker Desktop Encryption self-decoding file vulnerability
Overview Fujitsu's encryption software FENCE-Pro and Systemwalker Desktop Encryption share the same components. A vulnerability exists in self-decoding files created using this software. Impact The third party could view the contents of self-decoding files and obtain the passwords used for the...
Shihonkanri Plus Ver2 GOOUT directory traversal vulnerability
Overview Shihonkanri Plus Ver2 GOOUT is open source software which enables a user to view data from Shihonkanri Plus via network. Shihonkanri Plus Ver2 GOOUT contains a directory traversal vulnerability. Impact A remote attacker could access files on the server on which Shihonkanri Plus Ver2 GOOU...
Advance-Flow cross-site scripting vulnerability
Overview Advance-Flow is an electronic authorization system. Advance-Flow contains a cross-site scripting vulnerability in its application form. Advance-Flow provided by OSK Co. LTD contains a cross-site scripting vulnerability, as it does not properly handle output data. Some application forms a...
Apache Tomcat cross-site scripting vulnerability
Overview Apache Tomcat, from the Apache Software Foundation, contains a cross-site scripting vulnerability. Apache Tomcat, provided by the Apache Software Foundation, is an implementation of Java Servlets and JavaServer Pages technologies. Apache Tomcat Web Application Manager contains a cross-si...
Aruba Mobility Controller Series cross-site scripting vulnerability
Overview Aruba Mobility Controller series, switch products from Aruba Networks, contain a cross-site scripting vulnerability. Aruba Mobility Controller series, switch products from Aruba Networks, contain a cross-site scripting vulnerability in the login page to the web management screens. Impact...
Mayaa cross-site scripting vulnerability
Overview Mayaa, a Java template engine from the Seasar Project, contains a cross-site scripting vulnerability. Mayaa from the Seasar Project is an open source Java template engine. A cross-site scripting vulnerability exists in Mayaa. Impact An arbitrary script may be executed on the user's web...
Fuktommy.com httpd.pl included in its HTML preprocessor vulnerable in allowing an attacker to view arbitrary CGI source code
Overview Fuktommy.com httpd.pl included in its HTML preprocessor contains a vulnerability which may allow an attacker to view arbitrary CGI source code. Fuktommy.com httpd.pl included in its HTML preprocessor is an open source web server. It contains a vulnerability which may allow an attacker to...
RoundCube Webmail cross-site request forgery vulnerability
Overview RoundCube Webmail from the RoundCube Project contains a cross-site request forgery vulnerability. RoundCube Webmail is an open source webmail client from the RoundCube Project. RoundCube Webmail contains a cross-site request forgery vulnerability that may allow disclosure of information...
Lhaplus buffer overflow vulnerability
Overview Lhaplus, file compression/decompression software supporting multiple compression file formats, contains a buffer overflow vulnerability. Lhaplus, file compression/decompression software supporting multiple compression file formats, contains a buffer overflow vulnerability. If a user...
Cybozu Office denial of service (DoS) vulnerability
Overview Cybozu Office contains a denial of service DoS vulnerability. Cybozu Office, web-based groupware, is vulnerable to a denial of service DoS attack because it fails to properly handle specially crafted HTTP requests. Impact A remote attacker can cause a denial of service DoS against the...
Multiple Cybozu products vulnerable to cross-site scripting
Overview Multiple Cybozu products are vulnerable to cross-site scripting. Multiple Cybozu products are vulnerable to cross-site scripting. This vulnerability is different from JVN90712589. Impact An arbitrary script can be executed on the user's web browser. Solution Update the Software Apply the...
Cross-site scripting in Sun Java System Web Server and Sun Java System Web Proxy Server
Overview Sun Java System Web Server and Sun Java System Web Proxy Server are vulnerable to cross-site scripting. Sun Java System Web Server and Sun Java System Web Proxy Server, which are both web servers, provide a function for a user to view access logs and other records in a web browser. This...
Groupmax Collaboration Schedule Information Disclosure Vulnerability
Overview The Schedule component in Groupmax Collaboration contains an information disclosure vulnerability where non-disclosable information can be displayed on a schedule portlet. Impact Unintended information diasclosure could occur, which an attacker could exploit for further attack. Solution...
LHA extrace_one Vuffer Overflow Vulnerability
Overview LHA lhext.c contains a buffer overflow vulnerability with the extractone funcation, which stems from improper handling of a 'w' option argument. Impact An remote attacker could execute arbitrary code. Solution Please refer to the 'Vendor Information' section for official remediation and...
Ruby CGI Session Management Insecure File Permission Vulnerability
Overview Ruby uses CGI::Session's FileStore. FileStore creates a session file with improper permission and this could lead to session information leak. Impact An attacker could hijack sessions utilizing stolen information. Solution Please refer to the 'Vendor Information' section for official...
Namazu cross-site scripting vulnerability
Overview Namazu is vulnerable to cross-site scripting due to a problem in namazu.cgi. If an illegal character is specified in a string search of namazu.cgi, the subsequent characters are not processed properly. Impact All sites that use namazu.cgi for search processing on websites are vulnerable ...
desknet's buffer overflow vulnerability
Overview destnet's contains multiple vulnerability. A malicious script may be executed when an user views a crafted HTML email or information. destnet's contains multiple vulnerability. - A malicious script may be executed when the user views an crafted HTML email or information. - A script writt...
DNS cache servers resource consumption by TCP SYN_SENT states
Overview DNS cache servers consume huge resources for communication with DNS authoritative servers in the following situation. 1 a user sends a query to the DNS cache server 2 the DNS cache server sends a UDP query to an authoritative server 3 when the authoritative server finds that the reply...
skk Arbitrary Code Execution Vulnerability
Overview skk Simple Kana to Kanji conversion software would create an insecure temporary file without taking proper security precautions. Impact An local attacker could overwrite arbitrary files. Solution Please refer to the 'Vendor Information' section for official remediation and take appropria...
Sun Java Runtime Environment (JRE) contains a vulnerability in processing XSLT transformations
Overview The Sun Microsystems Java Runtime Environment JRE contains a vulnerability that could allow privilege escalation in the processing of XSLT transformations. The Sun Microsystems Java Runtime Environment JRE contains a vulnerability that could allow a remote attacker to elevate its...
Sony mylo COM-2 does not verify server SSL certificate
Overview Sony mylo COM-2 contains a vulnerability where it does not verify the server certificate when connecting to a server via SSL/TLS. Sony mylo COM-2, a mobile terminal equipped with a web browser and media palyer, contains a vulnerability where it does not verify the server certificate when...
Virus Security heap overflow vulnerability
Overview SourceNext Virus Security has a problem in the email processing. It is affected by a heap overflow vulnerability when receiving specially crafted emails. Impact A remote attacker may cause a denial of service and execute arbitrary code with the Local System privilege. Solution None...
desknet's cross-site scripting vulnerability
Overview If a user views HTML email containing a malicious script, it could be executed. This problem allows execution of script having patterns other than those addressed in JVNF88C2C13 additional information to JVN89DE2014. Impact lf a login ID, password, or session information is leaked, an...
Vulnerability involving security zone handling in applications using Internet Explorer components
Overview Internet Explorer IE components apply different security levels for web content processing depending on the location zone of the web content. As a result, web content on the Internet is processed in the "Internet" zone with a higher security level than that set for web content in the...
OpenSSL version rollback vulnerability
Overview OpenSSL from OpenSSL Project contains a version rollback vulnerability. If a specific option is used on a server running OpenSSL, an attacker can force the client and the server to negotiate the SSL 2.0 protocol even if these parties both request TLS 1.0 protocol by crafting an attack on...
Wiki clone cross-site scripting vulnerability
Overview Some Wiki clones contain a vulnerability which could lead to cross-site scripting in their file attachment function. This could allow an attacker to execute an arbitrary script on the browser of a Wiki user. Impact An arbitrary script may be executed on the browser of the user who viewed...
WirelessIP5000 has multiple vulnerabilities
Overview WirelessIP5000, a wireless IP phone from Hitachi Cable, contains multiple vulnerabilities; - Illegal access using the port TCP3390 - SNMP access using an arbitrary community name - Access to the HTTP server by an unauthorized user in the factory default configuration - The HTTP server...
Cross-site scripting vulnerability in the Unicode version of msearch
Overview The Unicode version of msearch, a full text search engine for websites, contains a cross-site scripting vulnerability. This problem is caused by a function added to the Unicode version of msearch. Impact A malicious script may be executed on the user's web browser. Solution None...
Vulnerability in multiple web browsers allowing request spoofing attacks
Overview Multiple web browsers contain a vulnerability in the processing of XmlHttpRequest objects. XmlHttpRequest objects available in JavaScript provide a function to communicate with a server without reloading a web page. In general, JavaScript only allows communication within the same domain ...
msearch directory traversal vulnerability
Overview msearch, a full-text search engine for web sites, contains a directory traversal vulnerability when used on Windows and Linux servers. Impact A remote attacker could view msearch configuration files, index files, and other files written in the same format as these files. Solution None...
Tsuru-Kame Mail vulnerable in S/MIME signature verification
Overview Tsuru-Kame Mail contains the following vulnerabilities in the S/MIME signature verification: - S/MIME signature verification does not verify the certification path. - S/MIME signature verification does not verify the certification expiration date. The name of the software "Tsuru-Kame Mai...
Norton AntiVirus causes abnormal OS termination when scanning illegal files
Overview Symantec Norton AntiVirus 2004 and 2005 contain a vulnerability that causes an abnormal operating system termination of a computer, when their real-time scan feature is enabled and examining a file with a specially crafted file header. Impact An attacker could cause an abnormal OS...
Buffalo router configuration management interface vulnerable to remote access and password leakage
Overview Some Buffalo routers have a vulnerability that could allow remote access from the WAN side. A remote attacker could exploit this vulnerability to manipulate a router by gaining administrative privileges. By accessing the management interface, a remote attacker could also obtain user's...
w3ml cross-site scripting vulnerability
Overview w3ml, a program used to display mailing list logs on the web site, contains a cross-site scripting vulnerability. Impact An arbitrary script could be executed on the user's web browser which may allow an attacker to steal cookie information. Solution None...
Movable Type session management vulnerability
Overview Movable Type, a web log system from Six Apart KK, contains a vulnerability which could allow a remote attacker to gain illegal access. Impact A remote attacker could freely manipulate a web log by posting or deleting blog entries. Solution None...
Pochy denial-of-service (DoS) vulnerability
Overview Pochy, email client software operating in the Microsoft Windows environment, contains a vulnerability that may cause the processing to stop while the CPU load is high and a denial-of-service DoS after receiving a specific string. Impact A remote attacker could exploit this vulnerability ...
Interstage Application Server cross-site scripting vulnerability
Overview The Servlet Service for Interstage Business Application and the Servlet Service for Interstage Management Console may be referred to as "Servlet Service for Interstage Operation Management" in certain versions included in the Interstage product series from Fujitsu contain a cross-site...
Overlay Weaver cross-site scripting vulnerability
Overview Overlay Weaver is software for constructing and emulating overlay network. Overlay Weaver's DHT shell contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution None...
open-gorotto cross-site scripting vulnerability
Overview open-gorotto, open source software to create members-only community sites, contains a cross-site scripting vulnerability, as it does not properly handle output of usernames. Impact An arbitrary script may be executed on the user's web browser. If session information from a cookie is...
Nessus report function vulnerable to arbitrary script execution
Overview Nessus scanning report in HTML format contains the target server's responses against Nessus scanning. Nessus fails to properly handle the responses. This may cause a script to be executed on a user's web browser when the user views the report. Nessus, a vulnerability scanner from Tenable...
Apache Tomcat Host Manager cross-site scripting vulnerability
Overview Apache Tomcat, from the Apache Software Foundation, contains a cross-site scripting vulnerability. Apache Tomcat from the Apache Software Foundation is an implementation of the Java Servlet and JavaServer Page JSP technologies. The Host Manager Servlet does not properly filter user...