5609 matches found
hisa_cart information disclosure vulnerability
Overview hisacart from Hisanaga Electric Co.Ltd contains an information disclosure vulnerability. hisacart from Hisanaga Electric Co.Ltd is a shopping cart module for XOOPS. hisacart contains a vulnerability allowing the disclosure of users' information. Impact A remote attacker could obtain...
Movable Type cross-site scripting vulnerability
Overview Movable Type contains a cross-site scripting vulnerability. Movable Type, a web log system from Six Apart KK, contains a vulnerability resulting from the improper handling of the management page that can lead to cross-site scripting. This vulnerability is different from JVN30385652. An...
Blosxom vulnerable to cross-site scripting
Overview Blosxom, a weblog system contains a cross-site scripting vulnerability. Blosxom is an open source weblog system. Blosxom contains a cross-site scripting vulnerability. Yoshinori Ohta of Business Architects Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer...
JVN#03300113 Blosxom vulnerable to cross-site scripting
Blosxom is an open source weblog system. Blosxom contains a cross-site scripting vulnerability. Impact An arbitrary script can be executed on the user's web browser. Solution Update the Software Apply the latest udpate provided by the developer. Products Affected Blosxom 2.1.1 and earlier...
JVN#55410403 Internet Explorer vulnerable in handling CDO protocol
When Internet Explorer IE accesses a website using CDO Collaboration Data Objects, IE processes the contents as CDO data, ignoring their actual content types, and IE does not properly handle the Content-Disposition header field. This could cause a download dialog box not to be displayed prior to...
JVN#53267766 MyNETS cross-site scripting vulnerability
MyNETS from Usagi Project is an open source SNS Social Networking Service software. MyNETS contains a cross-site scripting vulnerability. Impact If a user views a specially crafted web page, an arbitrary script may be executed on the user's web browser. As a result, user information may be...
JVN#67334580 hisa_cart information disclosure vulnerability
hisacart from Hisanaga Electric Co.Ltd is a shopping cart module for XOOPS. hisacart contains a vulnerability allowing the disclosure of users' information. Impact A remote attacker could obtain information of registered users. Solution Update the Software An update is being distributed to...
JVN#81490697: Movable Type cross-site scripting vulnerability
Movable Type, a web log system from Six Apart KK, contains a vulnerability resulting from the improper handling of the management page that can lead to cross-site scripting. This vulnerability is different from JVN30385652. Impact An arbitrary script may be executed on the blog administrator's we...
Apache Tomcat allows access from a non-permitted IP address
Overview Apache Tomcat from The Apache Software Foundation contains a vulnerability which may allow a user from a non-premitted IP address to gain access. Apache Tomcat from the Apache Software Foundation is an implementation of the Java Servlet and JavaServer Page JSP technologies. Apache Tomcat...
JVN#30732239: Apache Tomcat allows access from a non-permitted IP address
Apache Tomcat from the Apache Software Foundation is an implementation of the Java Servlet and JavaServer Page JSP technologies. Apache Tomcat contains a vulnerability which may allow a user from a non-permitted IP address to gain access to a protected context. Impact Impact varies depending on t...
Nucleus EUC-JP Japanese Edition vulnerable to cross-site scripting
Overview Nucleus from The Nucleus Group contains a cross-site scripting vulnerability. According to the developer, it is confirmed that this vulnerability exist in Nucleus EUC-JP only, and Nucleus UTF-8 Japanese Edition and Nucleus English Edition are not affected. For more information, refer to...
JVN#92651529 Nucleus EUC-JP Japanese Edition vulnerable to cross-site scripting
Nucleus is an open source content management system provided by The Nucleus Group. Nucleus EUC-JP Japanese Edition contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the specific web browser. Solution Update the Software Apply the latest update provided b...
EC-CUBE cross-site scripting vulnerability
Overview EC-CUBE provided by LOCKON CO.,LTD. contains a cross-site scripting vulnerability. EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains a cross-site scripting vulnerability. This vulnerability is different from JVN61543834, JVN36085487, a...
EC-CUBE cross-site scripting vulnerability
Overview EC-CUBE provided by LOCKON CO.,LTD. contains a cross-site scripting vulnerability. EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains a cross-site scripting vulnerability. This vulnerability is different from JVN61543834, JVN26621646, a...
EC-CUBE cross-site scripting vulnerability
Overview EC-CUBE provided by LOCKON CO.,LTD. contains a cross-site scripting vulnerability. EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains a cross-site scripting vulnerability. This vulnerability is different from JVN61543834, JVN26621646, a...
EC-CUBE vulnerable to SQL injection
Overview EC-CUBE provided by LOCKON CO.,LTD. contains a SQL injection vulnerability. EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains a SQL injection vulnerability. Impact An remote attacker could obtain the website administrator's privilege...
JVN#26621646 EC-CUBE cross-site scripting vulnerability
EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains a cross-site scripting vulnerability. This vulnerability is different from JVN61543834, JVN36085487, and JVN99916563. Impact An arbitrary script could be executed on the user's web browser...
JVN#81111541 EC-CUBE vulnerable to SQL injection
EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains a SQL injection vulnerability. Impact A remote attacker could obtain the website administrator's privilege which was created using EC-CUBE. Solution Update the Software Apply the latest updates...
JVN#99916563 EC-CUBE cross-site scripting vulnerability
EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains a cross-site scripting vulnerability. This vulnerability is different from JVN61543834, JVN26621646, and JVN36085487. Impact An arbitrary script could be executed on the user's web browser...
JVN#36085487 EC-CUBE cross-site scripting vulnerability
EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains a cross-site scripting vulnerability. This vulnerability is different from JVN61543834, JVN26621646, and JVN99916563. Impact An arbitrary script could be executed on the user's web browser...
phpMyAdmin cross-site scripting vulnerability
Overview phpMyAdmin provided by The phpMyAdmin Project contains a cross-site scripting vulnerability. phpMyAdmin provided by The phpMyAdmin Project is software to handle the administration of MySQL over the web browser. phpMyAdmin contains a cross-site scripting vulnerability. Masako Oono of...
JVN#54824688 phpMyAdmin cross-site scripting vulnerability
phpMyAdmin provided by The phpMyAdmin Project is software to handle the administration of MySQL over the web browser. phpMyAdmin contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. According to the developer, Microsoft Internet...
Data Transfer Control Process Cessation Issue in XFIT/S/JCA and XFIT/S/ZGN
Overview Data transfer control process in XFIT/S/JCA or XFIT/S/ZGN would shut down when the designated port receives data unexpectedly. Impact Data transfer control process would shut down when XFIT/S/JCA or XFIT/S/ZGN receives data unexpectedly. Solution Please refer to the 'Vendor Information'...
Kantan WEB Server directory traversal vulnerability
Overview Kantan WEB Server provided by Arihiro Kurata contains a directory traversal vulnerability. Kantan WEB Server is a web server for Windows provided by Arihiro Kurata. Kantan WEB Server contains a directory traversal vulnerability. Daiki Fukumori of Secure Sky Technology, Inc. reported this...
Kantan WEB Server cross-site scripting vulnerability
Overview Kantan WEB Server provided by Arihiro Kurata contains a cross-site scripting vulnerability. Kantan WEB Server is a web server for Windows provided by Arihiro Kurata. Kantan WEB Server contains a cross-site scripting vulnerability. Daiki Fukumori of Secure Sky Technology, Inc. reported th...
Multiple Tor World CGI scripts vulnerable to arbitrary script execution
Overview Multiple Tor World CGI scripts contain a vulnerability which may allow an arbitrary script execution. Tor World provides CGI scripts for implementing search engines, message boards, and other tools. Multiple Tor World CGI scripts contain a vulnerability which may allow an attacker to...
Jasmine WebLink Template Multiple Vulnerabilities
Overview Jasmin WebLink is vulnerable to buffer overflow BOF, denial of service DoS and cross-site scripting XSS when executing templates. Impact A remote attacker could execute arbitrary code or cause a Denial of Service DoS condition against vulnerable Web sites. Solution Please refer to the...
JVN#94163107 Kantan WEB Server cross-site scripting vulnerability
Kantan WEB Server is a web server for Windows provided by Arihiro Kurata. Kantan WEB Server contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Apply the latest update provided by the developer. Products...
JVN#79026329 Kantan WEB Server directory traversal vulnerability
Kantan WEB Server is a web server for Windows provided by Arihiro Kurata. Kantan WEB Server contains a directory traversal vulnerability. Impact A remote attacker could view or obtain files on the server where Kantan WEB Server is installed. Solution Update the Software Apply the latest update...
Movable Type vulnerable to cross-site scripting
Overview Movable Type contains a cross-site scripting vulnerability. Movable Type, a web log system from Six Apart, contains a cross-site scripting vulnerability. Gaku Mochizuki of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the vendor unde...
Sound Master 2nd from High Norm vulnerable to cross-site scripting
Overview Sound Master 2nd from High Norm contains a cross-site scripting vulnerability. Sound Master 2nd from High Norm is a program to distribute digital music data. Sound Master 2nd contains a cross-site scripting vulnerability. Shuya Ueki reported this vulnerability to IPA. JPCERT/CC coordinat...
JVN#18616622 Multiple Tor World CGI scripts vulnerable to arbitrary script execution
Tor World provides CGI scripts for implementing search engines, message boards, and other tools. Multiple Tor World CGI scripts contain a vulnerability which may allow an attacker to inject an arbitrary script into the web page which is generated by the affected product. This vulnerability is...
JP1/NETM/DM SubManager and JP1/NETM/DM Client Process Termination Vulnerability
Overview JP1/NETM/DM SubManager and JP1/NETM/DM Client, enabled with the JP1 event notification setting, have a process termination vulnerability where process may terminate when error occurs while receiving job execution requests. Impact A computer may not be able to receive job execution reques...
Fujitsu Interstage Application Server Access Control Update Problem
Overview Under certain conditions, the Single Sign-On function in the Fujitsu Interstage Application Server fails to properly update access control information. Impact Access control may not be properly implemented. Solution Please refer to the 'Vendor Information' section for the official...
JVN#30385652 Movable Type vulnerable to cross-site scripting
Movable Type, a web log system from Six Apart, contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on some web browsers. Solution Update the Software Apply the latest updates provided by the vendor. Products Affected Movable Type 3 version 3.36 and earlier...
JVN#55010230 Sound Master 2nd from High Norm vulnerable to cross-site scripting
Sound Master 2nd from High Norm is a program to distribute digital music data. Sound Master 2nd contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Apply the latest update provided by the developer...
Webservice-DIC shop_v50 and shop_v52 vulnerable to cross-site scripting
Overview Webservice-DIC shopv50 and shopv52 contain a cross-site scripting vulnerability. Webservice-DIC shopv50 and shopv52 are shopping cart software. shopv50 and shopv52 contain a cross-site scripting vulnerability. Shuya Ueki reported this vulnerability to IPA. JPCERT/CC coordinated with the...
Hitachi JP1/File Transmission Server/FTP Unauthorized File Permission Change Vulnerability
Overview Hitachi JP1/File Transmission Server/FTP has a vulnerability which allows unauthorized users to change file permissions. Impact An unauthorized user could change file permissions. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropria...
Hitachi JP1/File Transmission Server/FTP Transmission Failure Problem
Overview Hitachi JP1/File Transmission Server/FTP has a problem where file transmission fails due to the termination of the connection or failure of getting a response from the server when executing FTP commands with certain arguments. Impact When executing FTP commands with certain arguments, fi...
Fujitsu Interstage Application Server Interstage Management Console Arbitrary File Read/Delete Vulnerability
Overview The Interstage Management Console used in Fujitsu Interstage Application Server has a vulnerability which allows remote attackers to read or delete arbitrary files. Impact A remote attacker could read or delete arbitrary files. Solution Please refer to the 'Vendor Information' section fo...
Fujitsu Interstage Application Server Single Sign-On Buffer Overflow Vulnerability
Overview The Single Sign-On function in Fujitsu Interstage Application Server has a buffer overflow vulnerability due to improper URI handling. Impact A remote attacker could execute arbitrary code by sending a long URI. Solution Please refer to the 'Vendor Information' section for the vendor...
JVN#79914432 Webservice-DIC shop_v50 and shop_v52 vulnerable to cross-site scripting
Webservice-DIC shopv50 and shopv52 are shopping cart software. shopv50 and shopv52 contain a cross-site scripting vulnerability. Impact This vulnerability can be exploited to conduct a cross-site scripting attack by an attacker. Solution Update the Software Administrators of the websites which us...
Blogn vulnerable to cross-site scripting
Overview Blogn from R-ONE Computer contains a cross-site scripting vulnerability. Blogn from R-ONE Computer is software for creating blogs. Blogn contains a cross-site scripting vulnerability. Masako Ohno of NetAgent Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the...
Blogn vulnerable to cross-site request forgery
Overview Blogn from R-ONE Computer contains a cross-site request forgery vulnerability. Blogn from R-ONE Computer is software for creating blogs. Blogn contains a cross-site request forgery vulnerability. Masako Ohno of NetAgent Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated...
mysql-lists from AquaGardenSoft Co.,Ltd. vulnerable to cross-site scripting
Overview mysql-lists from AquaGardenSoft Co.,Ltd. contains a cross-site scripting vulnerability. mysql-lists from AquaGardenSoft Co.,Ltd. is software to show MySQL data on the web browser. mysql-lists contains a cross-site scripting vulnerability. Shuya Ueki reported this vulnerability to IPA...
Vulnerability in La!cooda WIZ and LacoodaST allowing an arbitrary PHP script execution
Overview La!cooda WIZ and LacoodaST contain a vulnerability which may allow a malicious user to execute an arbitrary PHP script on the server. La!cooda WIZ from System Consultants Co., Ltd. and LacoodaST from SpaceTag, Inc. are groupware providing schedule and task managements, etc. La!cooda WIZ...
La!cooda WIZ and LacoodaST vulnerable to cross-site scripting
Overview La!cooda WIZ and LacoodaST contain a cross-site scripting vulnerability. La!cooda WIZ from System Consultants Co., Ltd. and LacoodaST from SpaceTag, Inc. are groupware providing schedule and task managements, etc. La!cooda WIZ and LacoodaST contain a cross-site scripting vulnerability...
LacoodaST from SpaceTag, Inc. session fixation vulnerability
Overview LacoodaST from SpaceTag, Inc. contains a session fixation vulnerability. LacoodaST from SpaceTag, Inc. is groupware providing schedule and task managements, etc. LacoodaST contains a session fixation vulnerability. Hirotaka Katagiri reported this vulnerability to IPA. JPCERT/CC coordinat...
La!cooda WIZ and LacoodaST vulnerable to cross-site request forgery
Overview La!cooda WIZ and LacoodaST contain a cross-site request forgery vulnerability. La!cooda WIZ from System Consultants Co., Ltd. and LacoodaST from SpaceTag, Inc. are groupware providing schedule and task managements, etc. La!cooda WIZ and LacoodaST contain a cross-site request forgery...
JVN#03859837 Blogn vulnerable to cross-site scripting
Blogn from R-ONE Computer is software for creating blogs. Blogn contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Apply the latest update provided by the vendor. Products Affected Blogn v1.9.7 and earl...