Lucene search
K

5625 matches found

Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/09/09 12:0 a.m.•31 views

JVN#30385652 Movable Type vulnerable to cross-site scripting

Movable Type, a web log system from Six Apart, contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on some web browsers. Solution Update the Software Apply the latest updates provided by the vendor. Products Affected Movable Type 3 version 3.36 and earlier...

4.3CVSS5.8AI score0.0105EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/09/09 12:0 a.m.•25 views

JVN#55010230 Sound Master 2nd from High Norm vulnerable to cross-site scripting

Sound Master 2nd from High Norm is a program to distribute digital music data. Sound Master 2nd contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Apply the latest update provided by the developer...

4.3CVSS6AI score0.01065EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/09/08 8:1 a.m.•1 views

Webservice-DIC shop_v50 and shop_v52 vulnerable to cross-site scripting

Overview Webservice-DIC shopv50 and shopv52 contain a cross-site scripting vulnerability. Webservice-DIC shopv50 and shopv52 are shopping cart software. shopv50 and shopv52 contain a cross-site scripting vulnerability. Shuya Ueki reported this vulnerability to IPA. JPCERT/CC coordinated with the...

6.1CVSS6.1AI score0.00957EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/09/05 3:24 a.m.•2 views

Hitachi JP1/File Transmission Server/FTP Unauthorized File Permission Change Vulnerability

Overview Hitachi JP1/File Transmission Server/FTP has a vulnerability which allows unauthorized users to change file permissions. Impact An unauthorized user could change file permissions. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropria...

5CVSS6.8AI score
Exploits0References3
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/09/05 3:23 a.m.•2 views

Hitachi JP1/File Transmission Server/FTP Transmission Failure Problem

Overview Hitachi JP1/File Transmission Server/FTP has a problem where file transmission fails due to the termination of the connection or failure of getting a response from the server when executing FTP commands with certain arguments. Impact When executing FTP commands with certain arguments, fi...

5CVSS7AI score
Exploits0References3
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/09/03 3:34 a.m.•5 views

Fujitsu Interstage Application Server Interstage Management Console Arbitrary File Read/Delete Vulnerability

Overview The Interstage Management Console used in Fujitsu Interstage Application Server has a vulnerability which allows remote attackers to read or delete arbitrary files. Impact A remote attacker could read or delete arbitrary files. Solution Please refer to the 'Vendor Information' section fo...

6.4CVSS6.9AI score0.01403EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/09/03 3:33 a.m.•5 views

Fujitsu Interstage Application Server Single Sign-On Buffer Overflow Vulnerability

Overview The Single Sign-On function in Fujitsu Interstage Application Server has a buffer overflow vulnerability due to improper URI handling. Impact A remote attacker could execute arbitrary code by sending a long URI. Solution Please refer to the 'Vendor Information' section for the vendor...

10CVSS8.1AI score0.04619EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/09/03 12:0 a.m.•25 views

JVN#79914432 Webservice-DIC shop_v50 and shop_v52 vulnerable to cross-site scripting

Webservice-DIC shopv50 and shopv52 are shopping cart software. shopv50 and shopv52 contain a cross-site scripting vulnerability. Impact This vulnerability can be exploited to conduct a cross-site scripting attack by an attacker. Solution Update the Software Administrators of the websites which us...

6.1CVSS5.9AI score0.00957EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/09/02 8:22 a.m.•3 views

Blogn vulnerable to cross-site scripting

Overview Blogn from R-ONE Computer contains a cross-site scripting vulnerability. Blogn from R-ONE Computer is software for creating blogs. Blogn contains a cross-site scripting vulnerability. Masako Ohno of NetAgent Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the...

4.3CVSS6.2AI score0.01065EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/09/02 8:22 a.m.•5 views

Blogn vulnerable to cross-site request forgery

Overview Blogn from R-ONE Computer contains a cross-site request forgery vulnerability. Blogn from R-ONE Computer is software for creating blogs. Blogn contains a cross-site request forgery vulnerability. Masako Ohno of NetAgent Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated...

6.8CVSS6.7AI score0.00581EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/09/02 8:5 a.m.•2 views

mysql-lists from AquaGardenSoft Co.,Ltd. vulnerable to cross-site scripting

Overview mysql-lists from AquaGardenSoft Co.,Ltd. contains a cross-site scripting vulnerability. mysql-lists from AquaGardenSoft Co.,Ltd. is software to show MySQL data on the web browser. mysql-lists contains a cross-site scripting vulnerability. Shuya Ueki reported this vulnerability to IPA...

4.3CVSS6.2AI score0.01065EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/09/02 8:3 a.m.•2 views

Vulnerability in La!cooda WIZ and LacoodaST allowing an arbitrary PHP script execution

Overview La!cooda WIZ and LacoodaST contain a vulnerability which may allow a malicious user to execute an arbitrary PHP script on the server. La!cooda WIZ from System Consultants Co., Ltd. and LacoodaST from SpaceTag, Inc. are groupware providing schedule and task managements, etc. La!cooda WIZ...

10CVSS7.1AI score0.0266EPSS
Exploits0References11
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/09/02 8:2 a.m.•2 views

La!cooda WIZ and LacoodaST vulnerable to cross-site scripting

Overview La!cooda WIZ and LacoodaST contain a cross-site scripting vulnerability. La!cooda WIZ from System Consultants Co., Ltd. and LacoodaST from SpaceTag, Inc. are groupware providing schedule and task managements, etc. La!cooda WIZ and LacoodaST contain a cross-site scripting vulnerability...

4.3CVSS6.1AI score0.01528EPSS
Exploits0References11
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/09/02 8:1 a.m.•2 views

LacoodaST from SpaceTag, Inc. session fixation vulnerability

Overview LacoodaST from SpaceTag, Inc. contains a session fixation vulnerability. LacoodaST from SpaceTag, Inc. is groupware providing schedule and task managements, etc. LacoodaST contains a session fixation vulnerability. Hirotaka Katagiri reported this vulnerability to IPA. JPCERT/CC coordinat...

9.1CVSS6.4AI score0.0133EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/09/02 7:58 a.m.•2 views

La!cooda WIZ and LacoodaST vulnerable to cross-site request forgery

Overview La!cooda WIZ and LacoodaST contain a cross-site request forgery vulnerability. La!cooda WIZ from System Consultants Co., Ltd. and LacoodaST from SpaceTag, Inc. are groupware providing schedule and task managements, etc. La!cooda WIZ and LacoodaST contain a cross-site request forgery...

6CVSS6.7AI score0.00559EPSS
Exploits0References11
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/08/29 12:0 a.m.•29 views

JVN#03859837 Blogn vulnerable to cross-site scripting

Blogn from R-ONE Computer is software for creating blogs. Blogn contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Apply the latest update provided by the vendor. Products Affected Blogn v1.9.7 and earl...

4.3CVSS6.1AI score0.01065EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/08/29 12:0 a.m.•22 views

JVN#84125369 Blogn vulnerable to cross-site request forgery

Blogn from R-ONE Computer is software for creating blogs. Blogn contains a cross-site request forgery vulnerability. Impact Contents created by Blogn may be editted or modified if the logged in user views a malicious web page. Solution Update the Software Apply the latest update provided by the...

6.8CVSS6.5AI score0.00581EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/08/26 12:0 a.m.•24 views

JVN#27417220 mysql-lists from AquaGardenSoft Co.,Ltd. vulnerable to cross-site scripting

mysql-lists from AquaGardenSoft Co.,Ltd. is software to show MySQL data on the web browser. mysql-lists contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Apply the latest update provided by the vendor...

4.3CVSS6AI score0.01065EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/08/21 12:0 a.m.•20 views

JVN#31723154 LacoodaST from SpaceTag, Inc. session fixation vulnerability

LacoodaST from SpaceTag, Inc. is groupware providing schedule and task managements, etc. LacoodaST contains a session fixation vulnerability. Impact A remote attacker impersonating a logged in user could manipulate the operation with the user's privilege. As a result, disclosure or alteration of...

9.1CVSS6.2AI score0.0133EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/08/21 12:0 a.m.•28 views

JVN#52557009 La!cooda WIZ and LacoodaST vulnerable to cross-site scripting

La!cooda WIZ from System Consultants Co., Ltd. and LacoodaST from SpaceTag, Inc. are groupware providing schedule and task managements, etc. La!cooda WIZ and LacoodaST contain a cross-site scripting vulnerability. Impact An arbitrary script could be executed on the web browser of the user who...

4.3CVSS6AI score0.01528EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/08/21 12:0 a.m.•36 views

JVN#83428818 La!cooda WIZ and LacoodaST vulnerable to cross-site request forgery

La!cooda WIZ from System Consultants Co., Ltd. and LacoodaST from SpaceTag, Inc. are groupware providing schedule and task managements, etc. La!cooda WIZ and LacoodaST contain a cross-site request forgery vulnerability. Impact Password or other configurations may be changed if the logged in user...

6CVSS6.4AI score0.00559EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/08/21 12:0 a.m.•39 views

JVN#53886050 Vulnerability in La!cooda WIZ and LacoodaST allowing an arbitrary PHP script execution

La!cooda WIZ from System Consultants Co., Ltd. and LacoodaST from SpaceTag, Inc. are groupware providing schedule and task managements, etc. La!cooda WIZ and LacoodaST contain a vulnerability which may allow a malicious user to execute an arbitrary PHP script on the server. Impact If an arbitrary...

10CVSS6.9AI score0.0266EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/08/14 9:15 a.m.•2 views

Virus Security and Virus Security ZERO denial of service (DoS) vulnerability

Overview Virus Security and Virus Security ZERO provided by SOURCENEXT CORPORATION contain a denial of service DoS vulnerability. Virus Security and Virus Security ZERO are anti-virus software provided by SOURCENEXT CORPORATION. Virus Security and Virus Security ZERO contain a denial of service D...

10CVSS6.7AI score0.02566EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/08/12 12:0 a.m.•43 views

JVN#66077895 Virus Security and Virus Security ZERO denial of service (DoS) vulnerability

Virus Security and Virus Security ZERO are anti-virus software provided by SOURCENEXT CORPORATION. Virus Security and Virus Security ZERO contain a denial of service DoS vulnerability as they do not properly handle malicious compressed files when scanning. Impact The software may not function aft...

10CVSS6.5AI score0.02566EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/08/04 5:34 a.m.•7 views

Multiple Panasonic Communications Co., Ltd. network cameras vulnerable to cross-site scripting

Overview Multiple Panasonic Communications Co., Ltd. network cameras contain a cross-site scripting vulnerability. Panasonic Communications Co., Ltd. network camera BL-C111/131 and BB-HCM511/531/580/581/527/515 error pages contain a cross-site scripting vulnerability. NetAgent Co., Ltd. reported...

4.3CVSS6.2AI score0.01223EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/07/31 12:0 a.m.•24 views

JVN#33706820 Multiple Panasonic Communications Co., Ltd. network cameras vulnerable to cross-site scripting

Panasonic Communications Co., Ltd. network camera BL-C111/131 and BB-HCM511/531/580/581/527/515 error pages contain a cross-site scripting vulnerability. Impact An arbitrary script could be executed on the user's web browser. Solution Update the Software Apply the latest updates provided by the...

4.3CVSS6AI score0.01223EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/07/30 4:46 a.m.•2 views

Cross-Site Scripting Vulnerability in Hitachi Collaboration - Online Community Management

Overview A cross-site scripting vulnerability has been found in Hitachi Collaboration - Online Community Management. Impact An attacker could execute a cross-site scripting attack. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate actio...

5.8CVSS6.3AI score
Exploits0References3
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/07/30 4:45 a.m.•2 views

Cross-Site Scripting Vulnerability in Hitachi Web Server Status Information Display Function

Overview A cross-site scripting vulnerability has been found with the Status Information Display function of Hitachi Web Server. Impact An attacker could execute a cross-site scripting attack by sending a request that contains malicious scripts. The vulnerability does not affect the products if t...

4.3CVSS7.5AI score0.75891EPSS
Exploits1References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/07/29 5:57 a.m.•3 views

Geeklog Forum Plugin vulnerable to cross-site scripting

Overview Geeklog Forum Plugin contains a cross-site scripting vulnerability. Geeklog Forum Plugin is a plugin for Geeklog, an open source contents management system. Geeklog Forum Plugin contains a cross-site scripting vulnerability. NetAgent Co., Ltd. reported this vulnerability to IPA. JPCERT/C...

4.3CVSS6.2AI score0.01223EPSS
Exploits0References9
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/07/29 5:56 a.m.•1 views

K's CGI Access Log Kaiseki (Jcode.pm) vulnerable to cross-site scripting

Overview analysis.cgi included in K's CGI Access Log Kaiseki Jcode.pm contains a cross-site scripting vulnerability. K's CGI Access Log Kaiseki is a program to analyze access to a web page. analysis.cgi included in Access Log Kaiseki Jcode.pm contains a cross-site scripting vulnerability. The...

5CVSS6.1AI score
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/07/29 5:56 a.m.•1 views

K's CGI Access Log Kaiseki (jcode.pl) vulnerable to cross-site scripting

Overview analysis.cgi included in K's CGI Access Log Kaiseki jcode.pl contains a cross-site scripting vulnerability. K's CGI Access Log Kaiseki is a program to analyze access to a web page. analysis.cgi included in Access Log Kaiseki Jcode.pl contains a cross-site scripting vulnerability. The...

5CVSS6.1AI score0.01263EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/07/25 12:0 a.m.•27 views

JVN#60419863 Geeklog Forum Plugin vulnerable to cross-site scripting

Geeklog Forum Plugin is a plugin for Geeklog, an open source contents management system. Geeklog Forum Plugin contains a cross-site scripting vulnerability. Impact An arbitrary script could be executed on the user's web browser. Solution Update the Software Apply the latest update provided by the...

4.3CVSS6AI score0.01223EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/07/24 5:23 a.m.•1 views

Multiple Century Systems routers vulnerable to cross-site request forgery

Overview The web interface in multiple Century Systems routers is vulnerable to cross-site request forgery. Multiple Century Systems Co., Ltd. routers provide a web-based interface for users to configure the routers. The web interface is vulnerable to cross-site request forgery. Hirotaka Katagiri...

4CVSS6.8AI score0.0059EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/07/24 5:23 a.m.•3 views

WebProxy from LunarNight Laboratory vulnerable to cross-site scripting

Overview WebProxy provided by LunarNight Laboratory contains a cross-site scripting vulnerability. WebProxy is a perl script for web proxy provided by LunarNight Laboratory. WebProxy contains a cross-site scripting vulnerability. Shuya Ueki reported this vulnerability to IPA. JPCERT/CC coordinate...

4.3CVSS6.2AI score0.02026EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/07/24 5:22 a.m.•4 views

Directory traversal vulnerability in WebLogic Server and WebLogic Express plug-ins

Overview WebLogic Server and WebLogic Express are application servers provided by Oracle formerly BEA Systems, Inc.. Plug-ins included in WebLogic Server and WebLogic Express contain a directory traversal vulnerability. WebLogic Server and WebLogic Express are application servers based on Java...

7.5CVSS6.3AI score0.03093EPSS
Exploits0References11
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/07/23 12:0 a.m.•31 views

JVN#46869708 K's CGI Access Log Kaiseki (jcode.pl) vulnerable to cross-site scripting

K's CGI Access Log Kaiseki is a program to analyze access to a web page. analysis.cgi included in Access Log Kaiseki Jcode.pl contains a cross-site scripting vulnerability. Impact An arbitrary script could be executed on the user's web browser. Solution Update the Software Apply the latest update...

4.3CVSS5.9AI score0.01263EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/07/23 12:0 a.m.•20 views

JVN#72065744 K's CGI Access Log Kaiseki (Jcode.pm) vulnerable to cross-site scripting

K's CGI Access Log Kaiseki is a program to analyze access to a web page. analysis.cgi included in Access Log Kaiseki Jcode.pm contains a cross-site scripting vulnerability. Impact An arbitrary script could be executed on the user's web browser. Solution Update the Software Apply the latest update...

4.3CVSS5.9AI score0.01263EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/07/22 12:0 a.m.•13 views

JVN#67573833 Multiple Century Systems routers vulnerable to cross-site request forgery

Multiple Century Systems Co., Ltd. routers provide a web-based interface for users to configure the routers. The web interface is vulnerable to cross-site request forgery. Impact If the administrator views a malicious website while logged onto the web interface, the password and other configurati...

7.2AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/07/18 12:0 a.m.•48 views

JVN#81667751 Directory traversal vulnerability in WebLogic Server and WebLogic Express plug-ins

WebLogic Server and WebLogic Express are application servers based on Java Platform Enterprise Edition 5 JavaEE5 and provided by Oracle formerly BEA Systems, Inc.. Plug-ins for Apache, Sun, and Microsoft IIS web servers which are included in WebLogic Server and WebLogic Express contain a director...

7.5CVSS6.1AI score0.03093EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/07/18 12:0 a.m.•53 views

JVN#49704543 WebProxy from LunarNight Laboratory vulnerable to cross-site scripting

WebProxy is a perl script for web proxy provided by LunarNight Laboratory. WebProxy contains a cross-site scripting vulnerability. Impact An arbitrary script could be executed on the user's web browser. Solution Update the Software Apply the latest update provided by the developer. Products...

4.3CVSS6.1AI score0.02026EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/07/16 3:27 a.m.•3 views

Safari installed in iPod touch and iPhone vulnerable in handling server certificates

Overview Safari web browser installed in iPod touch and iPhone contains a vulnerability which allows a self-signed or invalid server certificate to be accepted without the user's explicit concent. Safari is a web browser provided by Apple. Safari installed in iPod touch and iPhone accepts a...

4.3CVSS6.2AI score0.01214EPSS
Exploits1References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/07/14 12:0 a.m.•48 views

JVN#88676089 Safari installed in iPod touch and iPhone vulnerable in handling server certificates

Safari is a web browser provided by Apple. Safari installed in iPod touch and iPhone accepts a self-signed or invalid server cerficate without the user's explicit concent when connecting via SSL/TLS. According to Apple, "When Safari accesses a website that uses a self-signed or invalid certificat...

4.3CVSS6AI score0.01214EPSS
Exploits1
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/07/08 3:15 a.m.•3 views

Redmine vulnerable to cross-site scripting

Overview Redmine, open source project management software, contains a cross-site scripting vulnerbility. Redmine is open source project management software written by Ruby on Rails framework. Redmine contains a cross-site scripting vulnerability. Toshiharu Sugiyama of UBsecure, Inc. reported this...

4.3CVSS6.3AI score0.01065EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/07/08 3:14 a.m.•4 views

FreeStyleWiki cross-site scripting vulnerability

Overview FreeStyleWiki contains a cross-site scripting vulnerability. FreeStyleWiki, one of Wiki clones, contains a cross-site scripting vulnerability. NetAgent Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...

4.3CVSS6.2AI score0.11811EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/07/08 3:14 a.m.•3 views

Cybozu Garoon vulnerable to arbitrary script execution

Overview Cybozu Garoon, a groupware from Cybozu, contains a vulnerability that allows an attacker to execute an arbitrary script when a user views RSS feed. Yoshiki Kawada of LAC Little eArth Corporation reported this vulnerability to IPA. JPCERT/CC coordinated with the vendors under Information...

4.3CVSS7AI score0.01292EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/07/08 3:14 a.m.•4 views

Cybozu Garoon session fixation vulnerability

Overview Cybozu Garoon, a groupware from Cybozu, contains a session fixation vulnerability. Cybozu Garoon, a groupware from Cybozu, contains a session fixation vulnerability which may allow an attacker to impersonate a user when the user logs into Cybozu Garoon using a session ID provided by the...

6.8CVSS7.4AI score0.01524EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/07/08 3:14 a.m.•3 views

Multiple Cybozu products vulnerable to cross-site request forgery

Overview Multiple Cybozu products contain a cross-site request forgery vulnerability. Daiki Fukumori of Secure Sky Technology, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the vendors under Information Security Early Warning Partnership. Impact If a user views a malicious w...

6.8CVSS6.7AI score0.01044EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/07/07 1:38 a.m.•2 views

Vulnerability in Sample Code in Hitachi uCosminexus Portal Framework Manuals

Overview The sample code provided in Hitachi uCosminexus Portal Framework Manuals has a vulnerability which could allow a logged-in user to view or update data with the privileges of those who have logged in later than the user. Impact A remote attacker could view or update files. Solution Please...

6CVSS7AI score
Exploits0References1
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/07/07 1:24 a.m.•1 views

nProtect : Netizen denial of service (DoS) vulnerability

Overview nProtect : Netizen contains a denial of service DoS vulnerability. nProtect : Netizen from NetMove Corporation is security software that works only while communicating with specific web pages. nProtect : Netizen contains a denial of service DoS vulnerability. Yuji Ukai of Fourteenforty...

4.3CVSS6.6AI score
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/07/07 12:0 a.m.•34 views

JVN#00945448 Redmine vulnerable to cross-site scripting

Redmine is open source project management software written by Ruby on Rails framework. Redmine contains a cross-site scripting vulnerability. Impact An arbitrary script can be executed on the user's web browser. Solution Update the Software Apply the latest update provided by the developer...

4.3CVSS6AI score0.01065EPSS
Exploits0
Total number of security vulnerabilities5625