5609 matches found
JVN#84125369 Blogn vulnerable to cross-site request forgery
Blogn from R-ONE Computer is software for creating blogs. Blogn contains a cross-site request forgery vulnerability. Impact Contents created by Blogn may be editted or modified if the logged in user views a malicious web page. Solution Update the Software Apply the latest update provided by the...
JVN#27417220 mysql-lists from AquaGardenSoft Co.,Ltd. vulnerable to cross-site scripting
mysql-lists from AquaGardenSoft Co.,Ltd. is software to show MySQL data on the web browser. mysql-lists contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Apply the latest update provided by the vendor...
JVN#31723154 LacoodaST from SpaceTag, Inc. session fixation vulnerability
LacoodaST from SpaceTag, Inc. is groupware providing schedule and task managements, etc. LacoodaST contains a session fixation vulnerability. Impact A remote attacker impersonating a logged in user could manipulate the operation with the user's privilege. As a result, disclosure or alteration of...
JVN#53886050 Vulnerability in La!cooda WIZ and LacoodaST allowing an arbitrary PHP script execution
La!cooda WIZ from System Consultants Co., Ltd. and LacoodaST from SpaceTag, Inc. are groupware providing schedule and task managements, etc. La!cooda WIZ and LacoodaST contain a vulnerability which may allow a malicious user to execute an arbitrary PHP script on the server. Impact If an arbitrary...
JVN#52557009 La!cooda WIZ and LacoodaST vulnerable to cross-site scripting
La!cooda WIZ from System Consultants Co., Ltd. and LacoodaST from SpaceTag, Inc. are groupware providing schedule and task managements, etc. La!cooda WIZ and LacoodaST contain a cross-site scripting vulnerability. Impact An arbitrary script could be executed on the web browser of the user who...
JVN#83428818 La!cooda WIZ and LacoodaST vulnerable to cross-site request forgery
La!cooda WIZ from System Consultants Co., Ltd. and LacoodaST from SpaceTag, Inc. are groupware providing schedule and task managements, etc. La!cooda WIZ and LacoodaST contain a cross-site request forgery vulnerability. Impact Password or other configurations may be changed if the logged in user...
Virus Security and Virus Security ZERO denial of service (DoS) vulnerability
Overview Virus Security and Virus Security ZERO provided by SOURCENEXT CORPORATION contain a denial of service DoS vulnerability. Virus Security and Virus Security ZERO are anti-virus software provided by SOURCENEXT CORPORATION. Virus Security and Virus Security ZERO contain a denial of service D...
JVN#66077895 Virus Security and Virus Security ZERO denial of service (DoS) vulnerability
Virus Security and Virus Security ZERO are anti-virus software provided by SOURCENEXT CORPORATION. Virus Security and Virus Security ZERO contain a denial of service DoS vulnerability as they do not properly handle malicious compressed files when scanning. Impact The software may not function aft...
Multiple Panasonic Communications Co., Ltd. network cameras vulnerable to cross-site scripting
Overview Multiple Panasonic Communications Co., Ltd. network cameras contain a cross-site scripting vulnerability. Panasonic Communications Co., Ltd. network camera BL-C111/131 and BB-HCM511/531/580/581/527/515 error pages contain a cross-site scripting vulnerability. NetAgent Co., Ltd. reported...
JVN#33706820 Multiple Panasonic Communications Co., Ltd. network cameras vulnerable to cross-site scripting
Panasonic Communications Co., Ltd. network camera BL-C111/131 and BB-HCM511/531/580/581/527/515 error pages contain a cross-site scripting vulnerability. Impact An arbitrary script could be executed on the user's web browser. Solution Update the Software Apply the latest updates provided by the...
Cross-Site Scripting Vulnerability in Hitachi Collaboration - Online Community Management
Overview A cross-site scripting vulnerability has been found in Hitachi Collaboration - Online Community Management. Impact An attacker could execute a cross-site scripting attack. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate actio...
Cross-Site Scripting Vulnerability in Hitachi Web Server Status Information Display Function
Overview A cross-site scripting vulnerability has been found with the Status Information Display function of Hitachi Web Server. Impact An attacker could execute a cross-site scripting attack by sending a request that contains malicious scripts. The vulnerability does not affect the products if t...
Geeklog Forum Plugin vulnerable to cross-site scripting
Overview Geeklog Forum Plugin contains a cross-site scripting vulnerability. Geeklog Forum Plugin is a plugin for Geeklog, an open source contents management system. Geeklog Forum Plugin contains a cross-site scripting vulnerability. NetAgent Co., Ltd. reported this vulnerability to IPA. JPCERT/C...
K's CGI Access Log Kaiseki (Jcode.pm) vulnerable to cross-site scripting
Overview analysis.cgi included in K's CGI Access Log Kaiseki Jcode.pm contains a cross-site scripting vulnerability. K's CGI Access Log Kaiseki is a program to analyze access to a web page. analysis.cgi included in Access Log Kaiseki Jcode.pm contains a cross-site scripting vulnerability. The...
K's CGI Access Log Kaiseki (jcode.pl) vulnerable to cross-site scripting
Overview analysis.cgi included in K's CGI Access Log Kaiseki jcode.pl contains a cross-site scripting vulnerability. K's CGI Access Log Kaiseki is a program to analyze access to a web page. analysis.cgi included in Access Log Kaiseki Jcode.pl contains a cross-site scripting vulnerability. The...
JVN#60419863 Geeklog Forum Plugin vulnerable to cross-site scripting
Geeklog Forum Plugin is a plugin for Geeklog, an open source contents management system. Geeklog Forum Plugin contains a cross-site scripting vulnerability. Impact An arbitrary script could be executed on the user's web browser. Solution Update the Software Apply the latest update provided by the...
Multiple Century Systems routers vulnerable to cross-site request forgery
Overview The web interface in multiple Century Systems routers is vulnerable to cross-site request forgery. Multiple Century Systems Co., Ltd. routers provide a web-based interface for users to configure the routers. The web interface is vulnerable to cross-site request forgery. Hirotaka Katagiri...
WebProxy from LunarNight Laboratory vulnerable to cross-site scripting
Overview WebProxy provided by LunarNight Laboratory contains a cross-site scripting vulnerability. WebProxy is a perl script for web proxy provided by LunarNight Laboratory. WebProxy contains a cross-site scripting vulnerability. Shuya Ueki reported this vulnerability to IPA. JPCERT/CC coordinate...
Directory traversal vulnerability in WebLogic Server and WebLogic Express plug-ins
Overview WebLogic Server and WebLogic Express are application servers provided by Oracle formerly BEA Systems, Inc.. Plug-ins included in WebLogic Server and WebLogic Express contain a directory traversal vulnerability. WebLogic Server and WebLogic Express are application servers based on Java...
JVN#46869708 K's CGI Access Log Kaiseki (jcode.pl) vulnerable to cross-site scripting
K's CGI Access Log Kaiseki is a program to analyze access to a web page. analysis.cgi included in Access Log Kaiseki Jcode.pl contains a cross-site scripting vulnerability. Impact An arbitrary script could be executed on the user's web browser. Solution Update the Software Apply the latest update...
JVN#72065744 K's CGI Access Log Kaiseki (Jcode.pm) vulnerable to cross-site scripting
K's CGI Access Log Kaiseki is a program to analyze access to a web page. analysis.cgi included in Access Log Kaiseki Jcode.pm contains a cross-site scripting vulnerability. Impact An arbitrary script could be executed on the user's web browser. Solution Update the Software Apply the latest update...
JVN#67573833 Multiple Century Systems routers vulnerable to cross-site request forgery
Multiple Century Systems Co., Ltd. routers provide a web-based interface for users to configure the routers. The web interface is vulnerable to cross-site request forgery. Impact If the administrator views a malicious website while logged onto the web interface, the password and other configurati...
JVN#49704543 WebProxy from LunarNight Laboratory vulnerable to cross-site scripting
WebProxy is a perl script for web proxy provided by LunarNight Laboratory. WebProxy contains a cross-site scripting vulnerability. Impact An arbitrary script could be executed on the user's web browser. Solution Update the Software Apply the latest update provided by the developer. Products...
JVN#81667751 Directory traversal vulnerability in WebLogic Server and WebLogic Express plug-ins
WebLogic Server and WebLogic Express are application servers based on Java Platform Enterprise Edition 5 JavaEE5 and provided by Oracle formerly BEA Systems, Inc.. Plug-ins for Apache, Sun, and Microsoft IIS web servers which are included in WebLogic Server and WebLogic Express contain a director...
Safari installed in iPod touch and iPhone vulnerable in handling server certificates
Overview Safari web browser installed in iPod touch and iPhone contains a vulnerability which allows a self-signed or invalid server certificate to be accepted without the user's explicit concent. Safari is a web browser provided by Apple. Safari installed in iPod touch and iPhone accepts a...
JVN#88676089 Safari installed in iPod touch and iPhone vulnerable in handling server certificates
Safari is a web browser provided by Apple. Safari installed in iPod touch and iPhone accepts a self-signed or invalid server cerficate without the user's explicit concent when connecting via SSL/TLS. According to Apple, "When Safari accesses a website that uses a self-signed or invalid certificat...
Redmine vulnerable to cross-site scripting
Overview Redmine, open source project management software, contains a cross-site scripting vulnerbility. Redmine is open source project management software written by Ruby on Rails framework. Redmine contains a cross-site scripting vulnerability. Toshiharu Sugiyama of UBsecure, Inc. reported this...
FreeStyleWiki cross-site scripting vulnerability
Overview FreeStyleWiki contains a cross-site scripting vulnerability. FreeStyleWiki, one of Wiki clones, contains a cross-site scripting vulnerability. NetAgent Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...
Cybozu Garoon vulnerable to arbitrary script execution
Overview Cybozu Garoon, a groupware from Cybozu, contains a vulnerability that allows an attacker to execute an arbitrary script when a user views RSS feed. Yoshiki Kawada of LAC Little eArth Corporation reported this vulnerability to IPA. JPCERT/CC coordinated with the vendors under Information...
Cybozu Garoon session fixation vulnerability
Overview Cybozu Garoon, a groupware from Cybozu, contains a session fixation vulnerability. Cybozu Garoon, a groupware from Cybozu, contains a session fixation vulnerability which may allow an attacker to impersonate a user when the user logs into Cybozu Garoon using a session ID provided by the...
Multiple Cybozu products vulnerable to cross-site request forgery
Overview Multiple Cybozu products contain a cross-site request forgery vulnerability. Daiki Fukumori of Secure Sky Technology, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the vendors under Information Security Early Warning Partnership. Impact If a user views a malicious w...
Vulnerability in Sample Code in Hitachi uCosminexus Portal Framework Manuals
Overview The sample code provided in Hitachi uCosminexus Portal Framework Manuals has a vulnerability which could allow a logged-in user to view or update data with the privileges of those who have logged in later than the user. Impact A remote attacker could view or update files. Solution Please...
nProtect : Netizen denial of service (DoS) vulnerability
Overview nProtect : Netizen contains a denial of service DoS vulnerability. nProtect : Netizen from NetMove Corporation is security software that works only while communicating with specific web pages. nProtect : Netizen contains a denial of service DoS vulnerability. Yuji Ukai of Fourteenforty...
JVN#00945448 Redmine vulnerable to cross-site scripting
Redmine is open source project management software written by Ruby on Rails framework. Redmine contains a cross-site scripting vulnerability. Impact An arbitrary script can be executed on the user's web browser. Solution Update the Software Apply the latest update provided by the developer...
JVN#77432756 FreeStyleWiki cross-site scripting vulnerability
FreeStyleWiki, one of Wiki clones, contains a cross-site scripting vulnerability. Impact An arbitrary script could be executed if a FreeStyleWiki user views a specially crafted web page with Internet Explorer. Other web browsers that use the Internet Explorer browser engine may also be affected...
JVN#52363223: Cybozu Garoon vulnerable to arbitrary script execution
Cybozu Garoon, a groupware from Cybozu, contains a vulnerability that allows an attacker to execute an arbitrary script when a user views RSS feed. Impact An arbitrary script could be executed on the user's web browser. Solution Update the Software Apply the latest update provided by the vendor...
JVN#18700809 Cybozu Garoon session fixation vulnerability
Cybozu Garoon, a groupware from Cybozu, contains a session fixation vulnerability which may allow an attacker to impersonate a user when the user logs into Cybozu Garoon using a session ID provided by the attacker. Impact A remote attacker impersonating a logged in user may execute arbitrary code...
JVN#18405927 Multiple Cybozu products vulnerable to cross-site request forgery
Multiple Cybozu products contain a cross-site request forgery vulnerability. Impact If a user views a malicious web page while logged onto the Cybozu web interface, the user's schedules and other configuration settings may be altered. Solution Update the Software Apply the latest updates provided...
JVN#36635562 nProtect : Netizen denial of service (DoS) vulnerability
nProtect : Netizen from NetMove Corporation is security software that works only while communicating with specific web pages. nProtect : Netizen contains a denial of service DoS vulnerability. Impact An remote attacker could disable nProtect : Netizen by convincing a user to open a specially...
CGIWrap error page cross-site scripting vulnerability
Overview CGIWrap error page is vulnerable to a cross-site scripting. CGIWrap is a gateway program that allows general users to use CGI scripts and HTML forms on the web server. CGIWrap contains a cross-site scripting vulnerability as it does not specify charset in the error page. Hirohisa Yamaguc...
BlognPlus SQL injection vulnerability
Overview BlognPlus contains a SQL injection vulnerability. BlognPlus from R-ONE Computer is a software for creating blogs. BlognPlus for MySQL and for PostgreSQL contain a SQL injection vulnerability. According to the vendor, BlognPlus for Text is not affected by this vulnerability since it does...
JVN#45389864 CGIWrap error page cross-site scripting vulnerability
CGIWrap is a gateway program that allows general users to use CGI scripts and HTML forms on the web server. CGIWrap contains a cross-site scripting vulnerability as it does not specify charset in the error page. Impact An arbitrary script may be executed on the user's web browser. Solution Update...
JVN#14072646 BlognPlus SQL injection vulnerability
BlognPlus from R-ONE Computer is software for creating blogs. BlognPlus for MySQL and for PostgreSQL contain a SQL injection vulnerability. According to the vendor, BlognPlus for Text is not affected by this vulnerability since it does not use a database. Impact A remote attacker could obtain...
X.Org Foundation X server buffer overflow vulnerability
Overview X server provided by the X.Org Foundation contains a buffer overflow vulnerability. The X.Org Foundation provides an open source implementation of the X Window System. The X server of this implementation contains a vulnerability in the handling of Portable Compiled Font PCF format fonts...
Sleipnir and Grani vulnerable to arbitrary script execution when Bookmark search results are restored from history
Overview Sleipnir and Grani, web browsers from Fenrir & Co., contain a vulnerability in the bookmark search function that allows an attacker to execute an arbitrary script when search results are restored from history. Sleipnir and Grani, web browsers from Fenrir & Co., have a bookmark search...
Pixelpost cross-site scripting vulnerability
Overview Pixelpost, an open source content management system used for photo albums, etc., contains a cross-site scripting vulnerability. Daiki Fukumori of Secure Sky Technology, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the vendors under Information Security Early Warnin...
JVN#88935101: X.Org Foundation X server buffer overflow vulnerability
The X.Org Foundation provides an open source implementation of the X Window System. The X server of this implementation contains a vulnerability in the handling of Portable Compiled Font PCF format fonts that can be exploited to cause a buffer overflow. Impact An attacker with an established,...
WEB MART from KENT WEB vulnerable to cross-site scripting
Overview WEB MART, from KENT WEB, contains a cross-site scripting vulnerability. WEB MART provided by KENT WEB is shopping cart software. WEB MART contains a cross-site scripting vulnerability. Akira Noda of Tokyo Institute of Technology reported this vulnerability to IPA. JPCERT/CC coordinated...
JP1/Cm2/Network Node Manager Web Coordinated Function Multiple Vulnerabilities
Overview Multiple vulnerabilities have been found in the JP1/Cm2/Network Node Manager NNM Web coordinated function. Impact A remote attacker could execute arbitrary scripts or code, or cause a denial of service DoS condition. Solution Please refer to the 'Vendor Information' section for the...
Groupmax World Wide Web Desktop/BUNSHOKANRI(=DocumentManagement) Cross-Site Scripting Vulnerability
Overview A cross-site scripting vulnerability has been found in the Groupmax World Wide Web Desktop/BUNSHOKANRI =DocumentManagement. Impact A remote attacker could execute malicious scripts. Solution Please refer to the 'Vendor Information' section for official countermesure and take appropriate...