Lucene search
K
JvnMost viewed

5625 matches found

Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•3 views

Cybozu products vulnerable to directory traversal

Overview Multiple Cybozu products contain a directory traversal vulnerability. Impact A remote authenticated attacker could read an arbitrary file on the server. The files that can be viewed by an attacker depend on the environment where the Cybozu products are installed. Solution None...

4CVSS6.9AI score0.01548EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•3 views

Hyper NIKKI System cross-site scripting vulnerability

Overview Hyper NIKKI System hns, web log software from the Hyper NIKKI System Project, contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. If session information from a cookie is leaked, an attacker could possibly conduct session...

4.3CVSS6.2AI score0.01273EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•3 views

Chama Cargo cross-site scripting vulnerability

Overview Chama Cargo, a cgi program written in perl for creating shopping websites, contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution None...

6.8CVSS6.3AI score0.014EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•3 views

a-blog cross-site scripting vulnerability

Overview a-blog, a server-based blog tool from appleple, Inc. contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. If session information from a cookie is leaked, an attacker could possibly conduct session hijacking. Solution None...

4.3CVSS6.2AI score0.01824EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•3 views

SugarCRM cross-site scripting vulnerability

Overview SugarCRM, open source CRM Customer Relationship Management software, contains a cross-site scripting vulnerability. This vulnerability is different from JVN30144870. Impact An arbitrary script could be executed on the user's web browser where the user logged into SugarCRM. If an attacker...

6.8CVSS6AI score0.01386EPSS
Exploits0References9
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•3 views

CGI RESCUE WebFORM vulnerable to cross-site scripting

Overview WebFORM, released from CGI RESCUE, is a CGI script written in perl that allows a user to send email messages via a HTML form. WebFORM contains a cross-site scripting vulnerability. Impact An abitrary script may be executed on the user's web browser. Solution None...

4.3CVSS6AI score0.01033EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•3 views

Sleipnir RSS bar vulnerable in handling RSS data in an inappropriate security zone

Overview Sleipnir is a tabbed web browser developed in Japan by Fenrir & Co. Sleipnir RSS bar contains a vulnerability that RSS data is handled in an inappropriate security zone My Computer zone. Impact An arbitrary script could be executed in an inappropriate security zone. Solution None...

7.5CVSS6.8AI score0.01688EPSS
Exploits0References9
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•3 views

Sleipnir RSS bar vulnerable in handling RSS data in an inappropriate security zone

Overview Sleipnir is a tabbed web browser developed in Japan by Fenrir & Co. Sleipnir RSS bar contains a vulnerability that RSS data is handled in an inappropriate security zone My Computer zone. Impact An arbitrary script could be executed in an inappropriate security zone. Solution None...

7.5CVSS6.8AI score0.01427EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•3 views

ColdFusion error page cross-site scripting vulnerability

Overview ColdFusion, web application development software from Adobe, contains a cross-site scripting vulnerability in its error page. This vulnerability is different from JVN28356427. Impact An arbitrary script may be executed on the user's web browser. If session information from a cookie is...

4.3CVSS6.1AI score0.08336EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•3 views

FENCE-Pro and Systemwalker Desktop Encryption self-decoding file vulnerability

Overview Fujitsu's encryption software FENCE-Pro and Systemwalker Desktop Encryption share the same components. A vulnerability exists in self-decoding files created using this software. Impact The third party could view the contents of self-decoding files and obtain the passwords used for the...

3.6CVSS6.8AI score0.00239EPSS
Exploits0References10
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•3 views

Shihonkanri Plus Ver2 GOOUT directory traversal vulnerability

Overview Shihonkanri Plus Ver2 GOOUT is open source software which enables a user to view data from Shihonkanri Plus via network. Shihonkanri Plus Ver2 GOOUT contains a directory traversal vulnerability. Impact A remote attacker could access files on the server on which Shihonkanri Plus Ver2 GOOU...

5CVSS6.6AI score
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•3 views

Advance-Flow cross-site scripting vulnerability

Overview Advance-Flow is an electronic authorization system. Advance-Flow contains a cross-site scripting vulnerability in its application form. Advance-Flow provided by OSK Co. LTD contains a cross-site scripting vulnerability, as it does not properly handle output data. Some application forms a...

5CVSS6.2AI score0.01263EPSS
Exploits0References9
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•3 views

Apache Tomcat cross-site scripting vulnerability

Overview Apache Tomcat, from the Apache Software Foundation, contains a cross-site scripting vulnerability. Apache Tomcat, provided by the Apache Software Foundation, is an implementation of Java Servlets and JavaServer Pages technologies. Apache Tomcat Web Application Manager contains a cross-si...

3.5CVSS6.1AI score0.03291EPSS
Exploits0References19
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•3 views

Aruba Mobility Controller Series cross-site scripting vulnerability

Overview Aruba Mobility Controller series, switch products from Aruba Networks, contain a cross-site scripting vulnerability. Aruba Mobility Controller series, switch products from Aruba Networks, contain a cross-site scripting vulnerability in the login page to the web management screens. Impact...

4.3CVSS6.2AI score0.01484EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•3 views

Mayaa cross-site scripting vulnerability

Overview Mayaa, a Java template engine from the Seasar Project, contains a cross-site scripting vulnerability. Mayaa from the Seasar Project is an open source Java template engine. A cross-site scripting vulnerability exists in Mayaa. Impact An arbitrary script may be executed on the user's web...

4.3CVSS6.2AI score0.01223EPSS
Exploits0References9
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•3 views

Fuktommy.com httpd.pl included in its HTML preprocessor vulnerable in allowing an attacker to view arbitrary CGI source code

Overview Fuktommy.com httpd.pl included in its HTML preprocessor contains a vulnerability which may allow an attacker to view arbitrary CGI source code. Fuktommy.com httpd.pl included in its HTML preprocessor is an open source web server. It contains a vulnerability which may allow an attacker to...

5CVSS6.7AI score
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•3 views

RoundCube Webmail cross-site request forgery vulnerability

Overview RoundCube Webmail from the RoundCube Project contains a cross-site request forgery vulnerability. RoundCube Webmail is an open source webmail client from the RoundCube Project. RoundCube Webmail contains a cross-site request forgery vulnerability that may allow disclosure of information...

2.6CVSS6.4AI score
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•3 views

Lhaplus buffer overflow vulnerability

Overview Lhaplus, file compression/decompression software supporting multiple compression file formats, contains a buffer overflow vulnerability. Lhaplus, file compression/decompression software supporting multiple compression file formats, contains a buffer overflow vulnerability. If a user...

6.8CVSS8AI score0.03456EPSS
Exploits0References9
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•3 views

Cybozu Office denial of service (DoS) vulnerability

Overview Cybozu Office contains a denial of service DoS vulnerability. Cybozu Office, web-based groupware, is vulnerable to a denial of service DoS attack because it fails to properly handle specially crafted HTTP requests. Impact A remote attacker can cause a denial of service DoS against the...

4.3CVSS6.8AI score
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•3 views

Multiple Cybozu products vulnerable to cross-site scripting

Overview Multiple Cybozu products are vulnerable to cross-site scripting. Multiple Cybozu products are vulnerable to cross-site scripting. This vulnerability is different from JVN90712589. Impact An arbitrary script can be executed on the user's web browser. Solution Update the Software Apply the...

4.3CVSS6.5AI score
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•3 views

Cross-site scripting in Sun Java System Web Server and Sun Java System Web Proxy Server

Overview Sun Java System Web Server and Sun Java System Web Proxy Server are vulnerable to cross-site scripting. Sun Java System Web Server and Sun Java System Web Proxy Server, which are both web servers, provide a function for a user to view access logs and other records in a web browser. This...

4.3CVSS6.4AI score0.01875EPSS
Exploits0References13
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•3 views

Groupmax Collaboration Schedule Information Disclosure Vulnerability

Overview The Schedule component in Groupmax Collaboration contains an information disclosure vulnerability where non-disclosable information can be displayed on a schedule portlet. Impact Unintended information diasclosure could occur, which an attacker could exploit for further attack. Solution...

5CVSS6.2AI score0.01442EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•3 views

LHA extrace_one Vuffer Overflow Vulnerability

Overview LHA lhext.c contains a buffer overflow vulnerability with the extractone funcation, which stems from improper handling of a 'w' option argument. Impact An remote attacker could execute arbitrary code. Solution Please refer to the 'Vendor Information' section for official remediation and...

10CVSS7.5AI score0.18827EPSS
Exploits0References10
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•3 views

Ruby CGI Session Management Insecure File Permission Vulnerability

Overview Ruby uses CGI::Session's FileStore. FileStore creates a session file with improper permission and this could lead to session information leak. Impact An attacker could hijack sessions utilizing stolen information. Solution Please refer to the 'Vendor Information' section for official...

2.1CVSS7.2AI score0.00364EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•3 views

Namazu cross-site scripting vulnerability

Overview Namazu is vulnerable to cross-site scripting due to a problem in namazu.cgi. If an illegal character is specified in a string search of namazu.cgi, the subsequent characters are not processed properly. Impact All sites that use namazu.cgi for search processing on websites are vulnerable ...

4.3CVSS5.9AI score0.01884EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•3 views

desknet's buffer overflow vulnerability

Overview destnet's contains multiple vulnerability. A malicious script may be executed when an user views a crafted HTML email or information. destnet's contains multiple vulnerability. - A malicious script may be executed when the user views an crafted HTML email or information. - A script writt...

5CVSS6.7AI score
Exploits0References3
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•3 views

DNS cache servers resource consumption by TCP SYN_SENT states

Overview DNS cache servers consume huge resources for communication with DNS authoritative servers in the following situation. 1 a user sends a query to the DNS cache server 2 the DNS cache server sends a UDP query to an authoritative server 3 when the authoritative server finds that the reply...

5CVSS7AI score
Exploits0References3
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•3 views

skk Arbitrary Code Execution Vulnerability

Overview skk Simple Kana to Kanji conversion software would create an insecure temporary file without taking proper security precautions. Impact An local attacker could overwrite arbitrary files. Solution Please refer to the 'Vendor Information' section for official remediation and take appropria...

4.6CVSS6.4AI score0.00358EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•3 views

Sun Java Runtime Environment (JRE) contains a vulnerability in processing XSLT transformations

Overview The Sun Microsystems Java Runtime Environment JRE contains a vulnerability that could allow privilege escalation in the processing of XSLT transformations. The Sun Microsystems Java Runtime Environment JRE contains a vulnerability that could allow a remote attacker to elevate its...

6.8CVSS7.5AI score0.05422EPSS
Exploits0References28
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•3 views

Sony mylo COM-2 does not verify server SSL certificate

Overview Sony mylo COM-2 contains a vulnerability where it does not verify the server certificate when connecting to a server via SSL/TLS. Sony mylo COM-2, a mobile terminal equipped with a web browser and media palyer, contains a vulnerability where it does not verify the server certificate when...

6.4CVSS6.4AI score0.01346EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•3 views

Virus Security heap overflow vulnerability

Overview SourceNext Virus Security has a problem in the email processing. It is affected by a heap overflow vulnerability when receiving specially crafted emails. Impact A remote attacker may cause a denial of service and execute arbitrary code with the Local System privilege. Solution None...

10CVSS7.9AI score
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•3 views

desknet's cross-site scripting vulnerability

Overview If a user views HTML email containing a malicious script, it could be executed. This problem allows execution of script having patterns other than those addressed in JVNF88C2C13 additional information to JVN89DE2014. Impact lf a login ID, password, or session information is leaked, an...

5CVSS6.5AI score
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•3 views

Vulnerability involving security zone handling in applications using Internet Explorer components

Overview Internet Explorer IE components apply different security levels for web content processing depending on the location zone of the web content. As a result, web content on the Internet is processed in the "Internet" zone with a higher security level than that set for web content in the...

6.4CVSS7AI score
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•3 views

OpenSSL version rollback vulnerability

Overview OpenSSL from OpenSSL Project contains a version rollback vulnerability. If a specific option is used on a server running OpenSSL, an attacker can force the client and the server to negotiate the SSL 2.0 protocol even if these parties both request TLS 1.0 protocol by crafting an attack on...

5CVSS5.9AI score0.04866EPSS
Exploits0References25
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•3 views

Wiki clone cross-site scripting vulnerability

Overview Some Wiki clones contain a vulnerability which could lead to cross-site scripting in their file attachment function. This could allow an attacker to execute an arbitrary script on the browser of a Wiki user. Impact An arbitrary script may be executed on the browser of the user who viewed...

4.3CVSS6.2AI score
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•3 views

WirelessIP5000 has multiple vulnerabilities

Overview WirelessIP5000, a wireless IP phone from Hitachi Cable, contains multiple vulnerabilities; - Illegal access using the port TCP3390 - SNMP access using an arbitrary community name - Access to the HTTP server by an unauthorized user in the factory default configuration - The HTTP server...

7.5CVSS6.9AI score0.01532EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•3 views

Cross-site scripting vulnerability in the Unicode version of msearch

Overview The Unicode version of msearch, a full text search engine for websites, contains a cross-site scripting vulnerability. This problem is caused by a function added to the Unicode version of msearch. Impact A malicious script may be executed on the user's web browser. Solution None...

4.3CVSS6.2AI score0.00948EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•3 views

Vulnerability in multiple web browsers allowing request spoofing attacks

Overview Multiple web browsers contain a vulnerability in the processing of XmlHttpRequest objects. XmlHttpRequest objects available in JavaScript provide a function to communicate with a server without reloading a web page. In general, JavaScript only allows communication within the same domain ...

5CVSS6.4AI score0.01789EPSS
Exploits0References15
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•3 views

msearch directory traversal vulnerability

Overview msearch, a full-text search engine for web sites, contains a directory traversal vulnerability when used on Windows and Linux servers. Impact A remote attacker could view msearch configuration files, index files, and other files written in the same format as these files. Solution None...

5CVSS7AI score
Exploits0References3
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•3 views

Tsuru-Kame Mail vulnerable in S/MIME signature verification

Overview Tsuru-Kame Mail contains the following vulnerabilities in the S/MIME signature verification: - S/MIME signature verification does not verify the certification path. - S/MIME signature verification does not verify the certification expiration date. The name of the software "Tsuru-Kame Mai...

5CVSS6.9AI score
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•3 views

Norton AntiVirus causes abnormal OS termination when scanning illegal files

Overview Symantec Norton AntiVirus 2004 and 2005 contain a vulnerability that causes an abnormal operating system termination of a computer, when their real-time scan feature is enabled and examining a file with a specially crafted file header. Impact An attacker could cause an abnormal OS...

7.8CVSS6.8AI score0.02867EPSS
Exploits0References10
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•3 views

Buffalo router configuration management interface vulnerable to remote access and password leakage

Overview Some Buffalo routers have a vulnerability that could allow remote access from the WAN side. A remote attacker could exploit this vulnerability to manipulate a router by gaining administrative privileges. By accessing the management interface, a remote attacker could also obtain user's...

6.4CVSS7AI score
Exploits0References3
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•3 views

w3ml cross-site scripting vulnerability

Overview w3ml, a program used to display mailing list logs on the web site, contains a cross-site scripting vulnerability. Impact An arbitrary script could be executed on the user's web browser which may allow an attacker to steal cookie information. Solution None...

5CVSS6.2AI score
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•3 views

Movable Type session management vulnerability

Overview Movable Type, a web log system from Six Apart KK, contains a vulnerability which could allow a remote attacker to gain illegal access. Impact A remote attacker could freely manipulate a web log by posting or deleting blog entries. Solution None...

5CVSS7.1AI score
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•3 views

Pochy denial-of-service (DoS) vulnerability

Overview Pochy, email client software operating in the Microsoft Windows environment, contains a vulnerability that may cause the processing to stop while the CPU load is high and a denial-of-service DoS after receiving a specific string. Impact A remote attacker could exploit this vulnerability ...

5CVSS6.7AI score
Exploits0References3
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•3 views

Interstage Application Server cross-site scripting vulnerability

Overview The Servlet Service for Interstage Business Application and the Servlet Service for Interstage Management Console may be referred to as "Servlet Service for Interstage Operation Management" in certain versions included in the Interstage product series from Fujitsu contain a cross-site...

4.3CVSS6.3AI score0.01551EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•3 views

Overlay Weaver cross-site scripting vulnerability

Overview Overlay Weaver is software for constructing and emulating overlay network. Overlay Weaver's DHT shell contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution None...

4.3CVSS6.3AI score0.01223EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•3 views

open-gorotto cross-site scripting vulnerability

Overview open-gorotto, open source software to create members-only community sites, contains a cross-site scripting vulnerability, as it does not properly handle output of usernames. Impact An arbitrary script may be executed on the user's web browser. If session information from a cookie is...

4.3CVSS6.1AI score0.01707EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•3 views

Nessus report function vulnerable to arbitrary script execution

Overview Nessus scanning report in HTML format contains the target server's responses against Nessus scanning. Nessus fails to properly handle the responses. This may cause a script to be executed on a user's web browser when the user views the report. Nessus, a vulnerability scanner from Tenable...

5.8CVSS6.7AI score
Exploits0References3
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•3 views

Apache Tomcat Host Manager cross-site scripting vulnerability

Overview Apache Tomcat, from the Apache Software Foundation, contains a cross-site scripting vulnerability. Apache Tomcat from the Apache Software Foundation is an implementation of the Java Servlet and JavaServer Page JSP technologies. The Host Manager Servlet does not properly filter user...

4.3CVSS5.7AI score0.58956EPSS
Exploits2References13
Total number of security vulnerabilities5000