5625 matches found
CGI RESCUE MiniBBS2000 directory traversal vulnerability
Overview MiniBBS2000 from CGI RESCUE contains a directory traversal vulnerability. MiniBBS2000, a message board script provided by CGI RESCUE, contains a directory traversal vulnerability. The vendor reported that the downloadable files addressing this vulnerability were incorrect v1.02. Files...
JVN#70599814 I-O DATA DEVICE HDL-F series cross-site request forgery vulnerability
The HDL-F series products provided by I-O DATA DEVICE, INC. are LAN connectable hard disk drives. Configuration of these devices are done through a web-based interface. This web interface is vulnerable to cross-site request forgery. Impact If a user views a malicious web page while logged into th...
JP1/Integrated Management Service Support Cross-Site Scripting Vulnerability
Overview JP1/Integrated Management Service Support is vulnerable to cross-site scripting due to failure to properly process requests. Impact An attacker could perform cross-site scripting attacks by embedding malicious scripts in a request. Solution Please refer to the 'Vendor Information' sectio...
JVN#86833991 CGI RESCUE MiniBBS2000 directory traversal vulnerability
MiniBBS2000, a message board script provided by CGI RESCUE, contains a directory traversal vulnerability. Impact A remote attacker could view files on the server where MiniBBS2000 is installed. This could lead to disclosure of file contents. Solution Update the Software Update to the latest versi...
GungHo LoadPrgAx vulnerable to arbitrary Java program execution
Overview LoadPrgAx ActiveX control from GungHo Online Entertainment, Inc. contains a vulnerability that allows an attacker to execute an arbitrary Java program. LoadPrgAx from GungHo Online Entertainment, Inc. is an ActiveX control that runs games provided by the company. LoadPrgAx contains a...
JVN#47875752 GungHo LoadPrgAx vulnerable to arbitrary Java program execution
LoadPrgAx from GungHo Online Entertainment, Inc. is an ActiveX control that runs games provided by the company. LoadPrgAx contains a vulnerability that allows an attacker to execute an arbitrary Java program that resides on a user's PC. Impact If a user views a specially crafted HTML document web...
sISAPILocation vulnerability bypasses HTTP header rewrite function
Overview sISAPILocation, an ISAPI Internet Server Application Program Interface filter, contains a vulnerability that allows the HTTP header rewrite function to be bypassed. sISAPILocation, developed by an individual developer, is an ISAPI filter for IIS Internet Information Services...
EC-CUBE vulnerable to SQL injection
Overview EC-CUBE provided by LOCKON CO.,LTD. contains a SQL injection vulnerability. EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains a SQL injection vulnerability. This vulnerability is different from JVN81111541. An updated version addressin...
JVN#67060882 sISAPILocation vulnerability bypasses HTTP header rewrite function
sISAPILocation, developed by an individual developer, is an ISAPI filter for IIS Internet Information Services. sISAPILocation contains a vulnerability that allows the HTTP header rewrite function to be bypassed. Impact When sISAPILocation is used to configure settings, such as to specify charact...
JVN#19072922 EC-CUBE vulnerable to SQL injection
EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains a SQL injection vulnerability. This vulnerability is different from JVN81111541. Impact A remote attacker could obtain the website administrator's privilege which was created using EC-CUBE...
CA ARCserver Backup and CA ARCserve Backup Client Agent Denial of Service (DoS) Vulnerability
Overview CA ARCserve Backup and CA ARCserve Backup Client Agent fail to properly handle packets with a large integer value used in an increment to TCP port 41523, which leads to a denial of service DoS. Impact A remote attacker could cause a denial of service DoS condition. Solution Please refer ...
BrightStor ARCserve and eTrust Antivirus Arbitrary Code Execution Vulnerability
Overview BrightStor ARCserve Backup and eTrust Antirus r7.1 have a problem in handling RPC requests and are vulnerable to arbitrary code execution. Impact A remote authenticated attacker could execute arbitrary code. Solution Please refer to the 'Vendor Information' section for the official...
Snoopy command injection vulnerability
Overview Snoopy, a PHP library contains a command injection vulnerability. Snoopy is an open source PHP library. Snoopy does not properly handle user-input data. This causes a vulnerability which may allow a remote attacker to execute an arbitrary command. Takeshi Terada of Mitsui Bussan Secure...
JVN#20502807 Snoopy command injection vulnerability
Snoopy is an open source PHP library. Snoopy does not properly handle user-input data. This causes a vulnerability which may allow a remote attacker to execute an arbitrary command. Impact An arbitrary command could be executed with the privilege of the server where Snoopy runs. Solution Update t...
Internet Explorer vulnerable in handling CDO protocol
Overview Internet Explorer is vulnerable in handling CDO Collaboration Data Objects protocol, which allows the download dialog box to be bypassed. When Internet Explorer IE accesses a website using CDO Collaboration Data Objects, IE processes the contents as CDO data, ignoring their actual conten...
MyNETS cross-site scripting vulnerability
Overview MyNETS, an open source SNS software, contains a cross-site scripting vulnerability. MyNETS from Usagi Project is an open source SNS Social Networking Service software. MyNETS contains a cross-site scripting vulnerability. Impact If a user views a specially crafted web page, an arbitrary...
hisa_cart information disclosure vulnerability
Overview hisacart from Hisanaga Electric Co.Ltd contains an information disclosure vulnerability. hisacart from Hisanaga Electric Co.Ltd is a shopping cart module for XOOPS. hisacart contains a vulnerability allowing the disclosure of users' information. Impact A remote attacker could obtain...
Movable Type cross-site scripting vulnerability
Overview Movable Type contains a cross-site scripting vulnerability. Movable Type, a web log system from Six Apart KK, contains a vulnerability resulting from the improper handling of the management page that can lead to cross-site scripting. This vulnerability is different from JVN30385652. An...
Blosxom vulnerable to cross-site scripting
Overview Blosxom, a weblog system contains a cross-site scripting vulnerability. Blosxom is an open source weblog system. Blosxom contains a cross-site scripting vulnerability. Yoshinori Ohta of Business Architects Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer...
JVN#53267766 MyNETS cross-site scripting vulnerability
MyNETS from Usagi Project is an open source SNS Social Networking Service software. MyNETS contains a cross-site scripting vulnerability. Impact If a user views a specially crafted web page, an arbitrary script may be executed on the user's web browser. As a result, user information may be...
JVN#03300113 Blosxom vulnerable to cross-site scripting
Blosxom is an open source weblog system. Blosxom contains a cross-site scripting vulnerability. Impact An arbitrary script can be executed on the user's web browser. Solution Update the Software Apply the latest udpate provided by the developer. Products Affected Blosxom 2.1.1 and earlier...
JVN#55410403 Internet Explorer vulnerable in handling CDO protocol
When Internet Explorer IE accesses a website using CDO Collaboration Data Objects, IE processes the contents as CDO data, ignoring their actual content types, and IE does not properly handle the Content-Disposition header field. This could cause a download dialog box not to be displayed prior to...
JVN#67334580 hisa_cart information disclosure vulnerability
hisacart from Hisanaga Electric Co.Ltd is a shopping cart module for XOOPS. hisacart contains a vulnerability allowing the disclosure of users' information. Impact A remote attacker could obtain information of registered users. Solution Update the Software An update is being distributed to...
JVN#81490697: Movable Type cross-site scripting vulnerability
Movable Type, a web log system from Six Apart KK, contains a vulnerability resulting from the improper handling of the management page that can lead to cross-site scripting. This vulnerability is different from JVN30385652. Impact An arbitrary script may be executed on the blog administrator's we...
Apache Tomcat allows access from a non-permitted IP address
Overview Apache Tomcat from The Apache Software Foundation contains a vulnerability which may allow a user from a non-premitted IP address to gain access. Apache Tomcat from the Apache Software Foundation is an implementation of the Java Servlet and JavaServer Page JSP technologies. Apache Tomcat...
JVN#30732239: Apache Tomcat allows access from a non-permitted IP address
Apache Tomcat from the Apache Software Foundation is an implementation of the Java Servlet and JavaServer Page JSP technologies. Apache Tomcat contains a vulnerability which may allow a user from a non-permitted IP address to gain access to a protected context. Impact Impact varies depending on t...
Nucleus EUC-JP Japanese Edition vulnerable to cross-site scripting
Overview Nucleus from The Nucleus Group contains a cross-site scripting vulnerability. According to the developer, it is confirmed that this vulnerability exist in Nucleus EUC-JP only, and Nucleus UTF-8 Japanese Edition and Nucleus English Edition are not affected. For more information, refer to...
JVN#92651529 Nucleus EUC-JP Japanese Edition vulnerable to cross-site scripting
Nucleus is an open source content management system provided by The Nucleus Group. Nucleus EUC-JP Japanese Edition contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the specific web browser. Solution Update the Software Apply the latest update provided b...
EC-CUBE cross-site scripting vulnerability
Overview EC-CUBE provided by LOCKON CO.,LTD. contains a cross-site scripting vulnerability. EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains a cross-site scripting vulnerability. This vulnerability is different from JVN61543834, JVN36085487, a...
EC-CUBE cross-site scripting vulnerability
Overview EC-CUBE provided by LOCKON CO.,LTD. contains a cross-site scripting vulnerability. EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains a cross-site scripting vulnerability. This vulnerability is different from JVN61543834, JVN26621646, a...
EC-CUBE cross-site scripting vulnerability
Overview EC-CUBE provided by LOCKON CO.,LTD. contains a cross-site scripting vulnerability. EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains a cross-site scripting vulnerability. This vulnerability is different from JVN61543834, JVN26621646, a...
EC-CUBE vulnerable to SQL injection
Overview EC-CUBE provided by LOCKON CO.,LTD. contains a SQL injection vulnerability. EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains a SQL injection vulnerability. Impact An remote attacker could obtain the website administrator's privilege...
JVN#36085487 EC-CUBE cross-site scripting vulnerability
EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains a cross-site scripting vulnerability. This vulnerability is different from JVN61543834, JVN26621646, and JVN99916563. Impact An arbitrary script could be executed on the user's web browser...
JVN#81111541 EC-CUBE vulnerable to SQL injection
EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains a SQL injection vulnerability. Impact A remote attacker could obtain the website administrator's privilege which was created using EC-CUBE. Solution Update the Software Apply the latest updates...
JVN#99916563 EC-CUBE cross-site scripting vulnerability
EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains a cross-site scripting vulnerability. This vulnerability is different from JVN61543834, JVN26621646, and JVN36085487. Impact An arbitrary script could be executed on the user's web browser...
JVN#26621646 EC-CUBE cross-site scripting vulnerability
EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains a cross-site scripting vulnerability. This vulnerability is different from JVN61543834, JVN36085487, and JVN99916563. Impact An arbitrary script could be executed on the user's web browser...
phpMyAdmin cross-site scripting vulnerability
Overview phpMyAdmin provided by The phpMyAdmin Project contains a cross-site scripting vulnerability. phpMyAdmin provided by The phpMyAdmin Project is software to handle the administration of MySQL over the web browser. phpMyAdmin contains a cross-site scripting vulnerability. Masako Oono of...
JVN#54824688 phpMyAdmin cross-site scripting vulnerability
phpMyAdmin provided by The phpMyAdmin Project is software to handle the administration of MySQL over the web browser. phpMyAdmin contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. According to the developer, Microsoft Internet...
Data Transfer Control Process Cessation Issue in XFIT/S/JCA and XFIT/S/ZGN
Overview Data transfer control process in XFIT/S/JCA or XFIT/S/ZGN would shut down when the designated port receives data unexpectedly. Impact Data transfer control process would shut down when XFIT/S/JCA or XFIT/S/ZGN receives data unexpectedly. Solution Please refer to the 'Vendor Information'...
Kantan WEB Server directory traversal vulnerability
Overview Kantan WEB Server provided by Arihiro Kurata contains a directory traversal vulnerability. Kantan WEB Server is a web server for Windows provided by Arihiro Kurata. Kantan WEB Server contains a directory traversal vulnerability. Daiki Fukumori of Secure Sky Technology, Inc. reported this...
Kantan WEB Server cross-site scripting vulnerability
Overview Kantan WEB Server provided by Arihiro Kurata contains a cross-site scripting vulnerability. Kantan WEB Server is a web server for Windows provided by Arihiro Kurata. Kantan WEB Server contains a cross-site scripting vulnerability. Daiki Fukumori of Secure Sky Technology, Inc. reported th...
Multiple Tor World CGI scripts vulnerable to arbitrary script execution
Overview Multiple Tor World CGI scripts contain a vulnerability which may allow an arbitrary script execution. Tor World provides CGI scripts for implementing search engines, message boards, and other tools. Multiple Tor World CGI scripts contain a vulnerability which may allow an attacker to...
Jasmine WebLink Template Multiple Vulnerabilities
Overview Jasmin WebLink is vulnerable to buffer overflow BOF, denial of service DoS and cross-site scripting XSS when executing templates. Impact A remote attacker could execute arbitrary code or cause a Denial of Service DoS condition against vulnerable Web sites. Solution Please refer to the...
JVN#94163107 Kantan WEB Server cross-site scripting vulnerability
Kantan WEB Server is a web server for Windows provided by Arihiro Kurata. Kantan WEB Server contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Apply the latest update provided by the developer. Products...
JVN#79026329 Kantan WEB Server directory traversal vulnerability
Kantan WEB Server is a web server for Windows provided by Arihiro Kurata. Kantan WEB Server contains a directory traversal vulnerability. Impact A remote attacker could view or obtain files on the server where Kantan WEB Server is installed. Solution Update the Software Apply the latest update...
Movable Type vulnerable to cross-site scripting
Overview Movable Type contains a cross-site scripting vulnerability. Movable Type, a web log system from Six Apart, contains a cross-site scripting vulnerability. Gaku Mochizuki of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the vendor unde...
Sound Master 2nd from High Norm vulnerable to cross-site scripting
Overview Sound Master 2nd from High Norm contains a cross-site scripting vulnerability. Sound Master 2nd from High Norm is a program to distribute digital music data. Sound Master 2nd contains a cross-site scripting vulnerability. Shuya Ueki reported this vulnerability to IPA. JPCERT/CC coordinat...
JVN#18616622 Multiple Tor World CGI scripts vulnerable to arbitrary script execution
Tor World provides CGI scripts for implementing search engines, message boards, and other tools. Multiple Tor World CGI scripts contain a vulnerability which may allow an attacker to inject an arbitrary script into the web page which is generated by the affected product. This vulnerability is...
JP1/NETM/DM SubManager and JP1/NETM/DM Client Process Termination Vulnerability
Overview JP1/NETM/DM SubManager and JP1/NETM/DM Client, enabled with the JP1 event notification setting, have a process termination vulnerability where process may terminate when error occurs while receiving job execution requests. Impact A computer may not be able to receive job execution reques...
Fujitsu Interstage Application Server Access Control Update Problem
Overview Under certain conditions, the Single Sign-On function in the Fujitsu Interstage Application Server fails to properly update access control information. Impact Access control may not be properly implemented. Solution Please refer to the 'Vendor Information' section for the official...