5625 matches found
JVN#30385652 Movable Type vulnerable to cross-site scripting
Movable Type, a web log system from Six Apart, contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on some web browsers. Solution Update the Software Apply the latest updates provided by the vendor. Products Affected Movable Type 3 version 3.36 and earlier...
JVN#55010230 Sound Master 2nd from High Norm vulnerable to cross-site scripting
Sound Master 2nd from High Norm is a program to distribute digital music data. Sound Master 2nd contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Apply the latest update provided by the developer...
Webservice-DIC shop_v50 and shop_v52 vulnerable to cross-site scripting
Overview Webservice-DIC shopv50 and shopv52 contain a cross-site scripting vulnerability. Webservice-DIC shopv50 and shopv52 are shopping cart software. shopv50 and shopv52 contain a cross-site scripting vulnerability. Shuya Ueki reported this vulnerability to IPA. JPCERT/CC coordinated with the...
Hitachi JP1/File Transmission Server/FTP Unauthorized File Permission Change Vulnerability
Overview Hitachi JP1/File Transmission Server/FTP has a vulnerability which allows unauthorized users to change file permissions. Impact An unauthorized user could change file permissions. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropria...
Hitachi JP1/File Transmission Server/FTP Transmission Failure Problem
Overview Hitachi JP1/File Transmission Server/FTP has a problem where file transmission fails due to the termination of the connection or failure of getting a response from the server when executing FTP commands with certain arguments. Impact When executing FTP commands with certain arguments, fi...
Fujitsu Interstage Application Server Interstage Management Console Arbitrary File Read/Delete Vulnerability
Overview The Interstage Management Console used in Fujitsu Interstage Application Server has a vulnerability which allows remote attackers to read or delete arbitrary files. Impact A remote attacker could read or delete arbitrary files. Solution Please refer to the 'Vendor Information' section fo...
Fujitsu Interstage Application Server Single Sign-On Buffer Overflow Vulnerability
Overview The Single Sign-On function in Fujitsu Interstage Application Server has a buffer overflow vulnerability due to improper URI handling. Impact A remote attacker could execute arbitrary code by sending a long URI. Solution Please refer to the 'Vendor Information' section for the vendor...
JVN#79914432 Webservice-DIC shop_v50 and shop_v52 vulnerable to cross-site scripting
Webservice-DIC shopv50 and shopv52 are shopping cart software. shopv50 and shopv52 contain a cross-site scripting vulnerability. Impact This vulnerability can be exploited to conduct a cross-site scripting attack by an attacker. Solution Update the Software Administrators of the websites which us...
Blogn vulnerable to cross-site scripting
Overview Blogn from R-ONE Computer contains a cross-site scripting vulnerability. Blogn from R-ONE Computer is software for creating blogs. Blogn contains a cross-site scripting vulnerability. Masako Ohno of NetAgent Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the...
Blogn vulnerable to cross-site request forgery
Overview Blogn from R-ONE Computer contains a cross-site request forgery vulnerability. Blogn from R-ONE Computer is software for creating blogs. Blogn contains a cross-site request forgery vulnerability. Masako Ohno of NetAgent Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated...
mysql-lists from AquaGardenSoft Co.,Ltd. vulnerable to cross-site scripting
Overview mysql-lists from AquaGardenSoft Co.,Ltd. contains a cross-site scripting vulnerability. mysql-lists from AquaGardenSoft Co.,Ltd. is software to show MySQL data on the web browser. mysql-lists contains a cross-site scripting vulnerability. Shuya Ueki reported this vulnerability to IPA...
Vulnerability in La!cooda WIZ and LacoodaST allowing an arbitrary PHP script execution
Overview La!cooda WIZ and LacoodaST contain a vulnerability which may allow a malicious user to execute an arbitrary PHP script on the server. La!cooda WIZ from System Consultants Co., Ltd. and LacoodaST from SpaceTag, Inc. are groupware providing schedule and task managements, etc. La!cooda WIZ...
La!cooda WIZ and LacoodaST vulnerable to cross-site scripting
Overview La!cooda WIZ and LacoodaST contain a cross-site scripting vulnerability. La!cooda WIZ from System Consultants Co., Ltd. and LacoodaST from SpaceTag, Inc. are groupware providing schedule and task managements, etc. La!cooda WIZ and LacoodaST contain a cross-site scripting vulnerability...
LacoodaST from SpaceTag, Inc. session fixation vulnerability
Overview LacoodaST from SpaceTag, Inc. contains a session fixation vulnerability. LacoodaST from SpaceTag, Inc. is groupware providing schedule and task managements, etc. LacoodaST contains a session fixation vulnerability. Hirotaka Katagiri reported this vulnerability to IPA. JPCERT/CC coordinat...
La!cooda WIZ and LacoodaST vulnerable to cross-site request forgery
Overview La!cooda WIZ and LacoodaST contain a cross-site request forgery vulnerability. La!cooda WIZ from System Consultants Co., Ltd. and LacoodaST from SpaceTag, Inc. are groupware providing schedule and task managements, etc. La!cooda WIZ and LacoodaST contain a cross-site request forgery...
JVN#03859837 Blogn vulnerable to cross-site scripting
Blogn from R-ONE Computer is software for creating blogs. Blogn contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Apply the latest update provided by the vendor. Products Affected Blogn v1.9.7 and earl...
JVN#84125369 Blogn vulnerable to cross-site request forgery
Blogn from R-ONE Computer is software for creating blogs. Blogn contains a cross-site request forgery vulnerability. Impact Contents created by Blogn may be editted or modified if the logged in user views a malicious web page. Solution Update the Software Apply the latest update provided by the...
JVN#27417220 mysql-lists from AquaGardenSoft Co.,Ltd. vulnerable to cross-site scripting
mysql-lists from AquaGardenSoft Co.,Ltd. is software to show MySQL data on the web browser. mysql-lists contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Apply the latest update provided by the vendor...
JVN#31723154 LacoodaST from SpaceTag, Inc. session fixation vulnerability
LacoodaST from SpaceTag, Inc. is groupware providing schedule and task managements, etc. LacoodaST contains a session fixation vulnerability. Impact A remote attacker impersonating a logged in user could manipulate the operation with the user's privilege. As a result, disclosure or alteration of...
JVN#52557009 La!cooda WIZ and LacoodaST vulnerable to cross-site scripting
La!cooda WIZ from System Consultants Co., Ltd. and LacoodaST from SpaceTag, Inc. are groupware providing schedule and task managements, etc. La!cooda WIZ and LacoodaST contain a cross-site scripting vulnerability. Impact An arbitrary script could be executed on the web browser of the user who...
JVN#83428818 La!cooda WIZ and LacoodaST vulnerable to cross-site request forgery
La!cooda WIZ from System Consultants Co., Ltd. and LacoodaST from SpaceTag, Inc. are groupware providing schedule and task managements, etc. La!cooda WIZ and LacoodaST contain a cross-site request forgery vulnerability. Impact Password or other configurations may be changed if the logged in user...
JVN#53886050 Vulnerability in La!cooda WIZ and LacoodaST allowing an arbitrary PHP script execution
La!cooda WIZ from System Consultants Co., Ltd. and LacoodaST from SpaceTag, Inc. are groupware providing schedule and task managements, etc. La!cooda WIZ and LacoodaST contain a vulnerability which may allow a malicious user to execute an arbitrary PHP script on the server. Impact If an arbitrary...
Virus Security and Virus Security ZERO denial of service (DoS) vulnerability
Overview Virus Security and Virus Security ZERO provided by SOURCENEXT CORPORATION contain a denial of service DoS vulnerability. Virus Security and Virus Security ZERO are anti-virus software provided by SOURCENEXT CORPORATION. Virus Security and Virus Security ZERO contain a denial of service D...
JVN#66077895 Virus Security and Virus Security ZERO denial of service (DoS) vulnerability
Virus Security and Virus Security ZERO are anti-virus software provided by SOURCENEXT CORPORATION. Virus Security and Virus Security ZERO contain a denial of service DoS vulnerability as they do not properly handle malicious compressed files when scanning. Impact The software may not function aft...
Multiple Panasonic Communications Co., Ltd. network cameras vulnerable to cross-site scripting
Overview Multiple Panasonic Communications Co., Ltd. network cameras contain a cross-site scripting vulnerability. Panasonic Communications Co., Ltd. network camera BL-C111/131 and BB-HCM511/531/580/581/527/515 error pages contain a cross-site scripting vulnerability. NetAgent Co., Ltd. reported...
JVN#33706820 Multiple Panasonic Communications Co., Ltd. network cameras vulnerable to cross-site scripting
Panasonic Communications Co., Ltd. network camera BL-C111/131 and BB-HCM511/531/580/581/527/515 error pages contain a cross-site scripting vulnerability. Impact An arbitrary script could be executed on the user's web browser. Solution Update the Software Apply the latest updates provided by the...
Cross-Site Scripting Vulnerability in Hitachi Collaboration - Online Community Management
Overview A cross-site scripting vulnerability has been found in Hitachi Collaboration - Online Community Management. Impact An attacker could execute a cross-site scripting attack. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate actio...
Cross-Site Scripting Vulnerability in Hitachi Web Server Status Information Display Function
Overview A cross-site scripting vulnerability has been found with the Status Information Display function of Hitachi Web Server. Impact An attacker could execute a cross-site scripting attack by sending a request that contains malicious scripts. The vulnerability does not affect the products if t...
Geeklog Forum Plugin vulnerable to cross-site scripting
Overview Geeklog Forum Plugin contains a cross-site scripting vulnerability. Geeklog Forum Plugin is a plugin for Geeklog, an open source contents management system. Geeklog Forum Plugin contains a cross-site scripting vulnerability. NetAgent Co., Ltd. reported this vulnerability to IPA. JPCERT/C...
K's CGI Access Log Kaiseki (Jcode.pm) vulnerable to cross-site scripting
Overview analysis.cgi included in K's CGI Access Log Kaiseki Jcode.pm contains a cross-site scripting vulnerability. K's CGI Access Log Kaiseki is a program to analyze access to a web page. analysis.cgi included in Access Log Kaiseki Jcode.pm contains a cross-site scripting vulnerability. The...
K's CGI Access Log Kaiseki (jcode.pl) vulnerable to cross-site scripting
Overview analysis.cgi included in K's CGI Access Log Kaiseki jcode.pl contains a cross-site scripting vulnerability. K's CGI Access Log Kaiseki is a program to analyze access to a web page. analysis.cgi included in Access Log Kaiseki Jcode.pl contains a cross-site scripting vulnerability. The...
JVN#60419863 Geeklog Forum Plugin vulnerable to cross-site scripting
Geeklog Forum Plugin is a plugin for Geeklog, an open source contents management system. Geeklog Forum Plugin contains a cross-site scripting vulnerability. Impact An arbitrary script could be executed on the user's web browser. Solution Update the Software Apply the latest update provided by the...
Multiple Century Systems routers vulnerable to cross-site request forgery
Overview The web interface in multiple Century Systems routers is vulnerable to cross-site request forgery. Multiple Century Systems Co., Ltd. routers provide a web-based interface for users to configure the routers. The web interface is vulnerable to cross-site request forgery. Hirotaka Katagiri...
WebProxy from LunarNight Laboratory vulnerable to cross-site scripting
Overview WebProxy provided by LunarNight Laboratory contains a cross-site scripting vulnerability. WebProxy is a perl script for web proxy provided by LunarNight Laboratory. WebProxy contains a cross-site scripting vulnerability. Shuya Ueki reported this vulnerability to IPA. JPCERT/CC coordinate...
Directory traversal vulnerability in WebLogic Server and WebLogic Express plug-ins
Overview WebLogic Server and WebLogic Express are application servers provided by Oracle formerly BEA Systems, Inc.. Plug-ins included in WebLogic Server and WebLogic Express contain a directory traversal vulnerability. WebLogic Server and WebLogic Express are application servers based on Java...
JVN#46869708 K's CGI Access Log Kaiseki (jcode.pl) vulnerable to cross-site scripting
K's CGI Access Log Kaiseki is a program to analyze access to a web page. analysis.cgi included in Access Log Kaiseki Jcode.pl contains a cross-site scripting vulnerability. Impact An arbitrary script could be executed on the user's web browser. Solution Update the Software Apply the latest update...
JVN#72065744 K's CGI Access Log Kaiseki (Jcode.pm) vulnerable to cross-site scripting
K's CGI Access Log Kaiseki is a program to analyze access to a web page. analysis.cgi included in Access Log Kaiseki Jcode.pm contains a cross-site scripting vulnerability. Impact An arbitrary script could be executed on the user's web browser. Solution Update the Software Apply the latest update...
JVN#67573833 Multiple Century Systems routers vulnerable to cross-site request forgery
Multiple Century Systems Co., Ltd. routers provide a web-based interface for users to configure the routers. The web interface is vulnerable to cross-site request forgery. Impact If the administrator views a malicious website while logged onto the web interface, the password and other configurati...
JVN#81667751 Directory traversal vulnerability in WebLogic Server and WebLogic Express plug-ins
WebLogic Server and WebLogic Express are application servers based on Java Platform Enterprise Edition 5 JavaEE5 and provided by Oracle formerly BEA Systems, Inc.. Plug-ins for Apache, Sun, and Microsoft IIS web servers which are included in WebLogic Server and WebLogic Express contain a director...
JVN#49704543 WebProxy from LunarNight Laboratory vulnerable to cross-site scripting
WebProxy is a perl script for web proxy provided by LunarNight Laboratory. WebProxy contains a cross-site scripting vulnerability. Impact An arbitrary script could be executed on the user's web browser. Solution Update the Software Apply the latest update provided by the developer. Products...
Safari installed in iPod touch and iPhone vulnerable in handling server certificates
Overview Safari web browser installed in iPod touch and iPhone contains a vulnerability which allows a self-signed or invalid server certificate to be accepted without the user's explicit concent. Safari is a web browser provided by Apple. Safari installed in iPod touch and iPhone accepts a...
JVN#88676089 Safari installed in iPod touch and iPhone vulnerable in handling server certificates
Safari is a web browser provided by Apple. Safari installed in iPod touch and iPhone accepts a self-signed or invalid server cerficate without the user's explicit concent when connecting via SSL/TLS. According to Apple, "When Safari accesses a website that uses a self-signed or invalid certificat...
Redmine vulnerable to cross-site scripting
Overview Redmine, open source project management software, contains a cross-site scripting vulnerbility. Redmine is open source project management software written by Ruby on Rails framework. Redmine contains a cross-site scripting vulnerability. Toshiharu Sugiyama of UBsecure, Inc. reported this...
FreeStyleWiki cross-site scripting vulnerability
Overview FreeStyleWiki contains a cross-site scripting vulnerability. FreeStyleWiki, one of Wiki clones, contains a cross-site scripting vulnerability. NetAgent Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...
Cybozu Garoon vulnerable to arbitrary script execution
Overview Cybozu Garoon, a groupware from Cybozu, contains a vulnerability that allows an attacker to execute an arbitrary script when a user views RSS feed. Yoshiki Kawada of LAC Little eArth Corporation reported this vulnerability to IPA. JPCERT/CC coordinated with the vendors under Information...
Cybozu Garoon session fixation vulnerability
Overview Cybozu Garoon, a groupware from Cybozu, contains a session fixation vulnerability. Cybozu Garoon, a groupware from Cybozu, contains a session fixation vulnerability which may allow an attacker to impersonate a user when the user logs into Cybozu Garoon using a session ID provided by the...
Multiple Cybozu products vulnerable to cross-site request forgery
Overview Multiple Cybozu products contain a cross-site request forgery vulnerability. Daiki Fukumori of Secure Sky Technology, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the vendors under Information Security Early Warning Partnership. Impact If a user views a malicious w...
Vulnerability in Sample Code in Hitachi uCosminexus Portal Framework Manuals
Overview The sample code provided in Hitachi uCosminexus Portal Framework Manuals has a vulnerability which could allow a logged-in user to view or update data with the privileges of those who have logged in later than the user. Impact A remote attacker could view or update files. Solution Please...
nProtect : Netizen denial of service (DoS) vulnerability
Overview nProtect : Netizen contains a denial of service DoS vulnerability. nProtect : Netizen from NetMove Corporation is security software that works only while communicating with specific web pages. nProtect : Netizen contains a denial of service DoS vulnerability. Yuji Ukai of Fourteenforty...
JVN#00945448 Redmine vulnerable to cross-site scripting
Redmine is open source project management software written by Ruby on Rails framework. Redmine contains a cross-site scripting vulnerability. Impact An arbitrary script can be executed on the user's web browser. Solution Update the Software Apply the latest update provided by the developer...