5625 matches found
JVN#77432756 FreeStyleWiki cross-site scripting vulnerability
FreeStyleWiki, one of Wiki clones, contains a cross-site scripting vulnerability. Impact An arbitrary script could be executed if a FreeStyleWiki user views a specially crafted web page with Internet Explorer. Other web browsers that use the Internet Explorer browser engine may also be affected...
JVN#18700809 Cybozu Garoon session fixation vulnerability
Cybozu Garoon, a groupware from Cybozu, contains a session fixation vulnerability which may allow an attacker to impersonate a user when the user logs into Cybozu Garoon using a session ID provided by the attacker. Impact A remote attacker impersonating a logged in user may execute arbitrary code...
JVN#52363223: Cybozu Garoon vulnerable to arbitrary script execution
Cybozu Garoon, a groupware from Cybozu, contains a vulnerability that allows an attacker to execute an arbitrary script when a user views RSS feed. Impact An arbitrary script could be executed on the user's web browser. Solution Update the Software Apply the latest update provided by the vendor...
JVN#18405927 Multiple Cybozu products vulnerable to cross-site request forgery
Multiple Cybozu products contain a cross-site request forgery vulnerability. Impact If a user views a malicious web page while logged onto the Cybozu web interface, the user's schedules and other configuration settings may be altered. Solution Update the Software Apply the latest updates provided...
JVN#36635562 nProtect : Netizen denial of service (DoS) vulnerability
nProtect : Netizen from NetMove Corporation is security software that works only while communicating with specific web pages. nProtect : Netizen contains a denial of service DoS vulnerability. Impact An remote attacker could disable nProtect : Netizen by convincing a user to open a specially...
CGIWrap error page cross-site scripting vulnerability
Overview CGIWrap error page is vulnerable to a cross-site scripting. CGIWrap is a gateway program that allows general users to use CGI scripts and HTML forms on the web server. CGIWrap contains a cross-site scripting vulnerability as it does not specify charset in the error page. Hirohisa Yamaguc...
BlognPlus SQL injection vulnerability
Overview BlognPlus contains a SQL injection vulnerability. BlognPlus from R-ONE Computer is a software for creating blogs. BlognPlus for MySQL and for PostgreSQL contain a SQL injection vulnerability. According to the vendor, BlognPlus for Text is not affected by this vulnerability since it does...
JVN#45389864 CGIWrap error page cross-site scripting vulnerability
CGIWrap is a gateway program that allows general users to use CGI scripts and HTML forms on the web server. CGIWrap contains a cross-site scripting vulnerability as it does not specify charset in the error page. Impact An arbitrary script may be executed on the user's web browser. Solution Update...
JVN#14072646 BlognPlus SQL injection vulnerability
BlognPlus from R-ONE Computer is software for creating blogs. BlognPlus for MySQL and for PostgreSQL contain a SQL injection vulnerability. According to the vendor, BlognPlus for Text is not affected by this vulnerability since it does not use a database. Impact A remote attacker could obtain...
X.Org Foundation X server buffer overflow vulnerability
Overview X server provided by the X.Org Foundation contains a buffer overflow vulnerability. The X.Org Foundation provides an open source implementation of the X Window System. The X server of this implementation contains a vulnerability in the handling of Portable Compiled Font PCF format fonts...
Sleipnir and Grani vulnerable to arbitrary script execution when Bookmark search results are restored from history
Overview Sleipnir and Grani, web browsers from Fenrir & Co., contain a vulnerability in the bookmark search function that allows an attacker to execute an arbitrary script when search results are restored from history. Sleipnir and Grani, web browsers from Fenrir & Co., have a bookmark search...
Pixelpost cross-site scripting vulnerability
Overview Pixelpost, an open source content management system used for photo albums, etc., contains a cross-site scripting vulnerability. Daiki Fukumori of Secure Sky Technology, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the vendors under Information Security Early Warnin...
JVN#88935101: X.Org Foundation X server buffer overflow vulnerability
The X.Org Foundation provides an open source implementation of the X Window System. The X server of this implementation contains a vulnerability in the handling of Portable Compiled Font PCF format fonts that can be exploited to cause a buffer overflow. Impact An attacker with an established,...
WEB MART from KENT WEB vulnerable to cross-site scripting
Overview WEB MART, from KENT WEB, contains a cross-site scripting vulnerability. WEB MART provided by KENT WEB is shopping cart software. WEB MART contains a cross-site scripting vulnerability. Akira Noda of Tokyo Institute of Technology reported this vulnerability to IPA. JPCERT/CC coordinated...
JP1/Cm2/Network Node Manager Web Coordinated Function Multiple Vulnerabilities
Overview Multiple vulnerabilities have been found in the JP1/Cm2/Network Node Manager NNM Web coordinated function. Impact A remote attacker could execute arbitrary scripts or code, or cause a denial of service DoS condition. Solution Please refer to the 'Vendor Information' section for the...
Groupmax World Wide Web Desktop/BUNSHOKANRI(=DocumentManagement) Cross-Site Scripting Vulnerability
Overview A cross-site scripting vulnerability has been found in the Groupmax World Wide Web Desktop/BUNSHOKANRI =DocumentManagement. Impact A remote attacker could execute malicious scripts. Solution Please refer to the 'Vendor Information' section for official countermesure and take appropriate...
XMAP3 Denial of Service (DoS) Vulneability
Overview XMAP3's print function has a vulnerability that could cause a temporary denial of service DoS condition when receiving unexpected data. Impact An attacker could cause a denial of service DoS condition by sending unexpected data to XMAP3's print service. Solution Please refer to the 'Vend...
Hitachi Groupmax Collaboration Products Cross-Site Scripting Vulnerability
Overview A cross-site scripting vulnerability has been found in the Hitachi Groupmax Collaboration products. Impact A remote attacker could execute arbitrary scripts. Solution Please refer to the 'Vendor Information' section for official countermesure and take appropriate action...
JVN#25448394 Sleipnir and Grani vulnerable to arbitrary script execution when Bookmark search results are restored from history
Sleipnir and Grani, web browsers from Fenrir & Co., have a bookmark search function. When a user runs the search function, the search result is displayed in the web browser. If a specially crafted string is used in a search, an arbitrary script may be executed on the user's web browser when the...
JVN#43906021 WEB MART from KENT WEB vulnerable to cross-site scripting
WEB MART provided by KENT WEB is shopping cart software. WEB MART contains a cross-site scripting vulnerability. Impact An arbitrary script could be executed on the user's web browser. Solution Update the Software Apply the latest update provided by the vendor. Products Affected WEB MART 1.61 and...
Multiple Yamaha routers vulnerable to cross-site request forgery
Overview The web interface in multiple Yamaha routers is vulnerable to cross-site request forgery. Multiple Yamaha routers provide a web-based interface for users to configure the settings of the routers. The web interface is vulnerable to cross-site request forgery. Impact If the administrator...
Lhaca LHZ Archive Extended Header Size Processing Buffer Overflow Vulnerability
Overview Lhaca does not process an LHZ archive with an invalid Extended Header Size properly, which could lead to buffer overflow. This problem is reported to be different from the issue identified in JVNDB-2007-000492 CVE-2007-3375. Impact An attacker could execute arbitrary code. Solution Pleas...
JP1/Cm2/Network Node Manager Denial of Service Vulnerability
Overview The JP1/Cm2/Network Node Manager NNM has vulnerability that can be exploited to cause a denial of service DoS. Impact A remote attacker could cause a denial of service DoS. Solution Please refer to the 'Vendor Information' section for the recommended workaround...
Symantec Backup Exec for Windows Server ActiveX Control Multiple Vulnerabilities
Overview The PVATLCalendar.PVCalendar.1 pvcalendar.ocx ActiveX control, a scheduler component of the Media Server in Symantec Backup Exec for Windows Server BEWS, includes the insecure Save method that mishandles strings assigned to certain properties listed below, which can be exploited to cause...
JP1/HIBUN Encryption/Decryption and Removable Media Control Malfunction Problems
Overview The encryption/decryption and removable media control function in JP1/HIBUN Advanced Edition Information Cypher and Advanced Edition Information Fortress may malfunction. Impact Information can be taken away using removable storage media. Solution Please refer to the 'Vendor Information'...
SEWB3/PLATFORM Denial of Service Vulnerability
Overview SEWB3/PLATFORM handles SEWB3 message improperly when it receives malformed data, which allows attackers to cause a Denial of Service DoS. Impact An attacker could cause a Denial of Service DoS. Solution Please refer to the 'Vendor Information' section for official remediation and take...
Symantec Backup Exec for Windows Server ActiveX Control Multiple Buffer Overflow Vulnerabilities
Overview The PVATLCalendar.PVCalendar.1 pvcalendar.ocx ActiveX control, a scheduler component of the Media Server in Symantec Backup Exec for Windows Server BEWS, includes the insecure Save method that mishandles long strings assigned to various properties listed below, which can be exploited to...
EUR Print Manager Denial of Service Vulnerability
Overview EUR Print Manager fails to accept job execution requests when it receives unexpected data, which could be exploited to cause a Denial of Service DoS condition. Impact An attacker could cause a Denial of Service DoD. Solution Please refer to the 'Vendor Information' section for official...
PC2M cross-site scripting vulnerability
Overview PC2M is an open source web application which converts web pages and images to be available on web-capable mobile devices such as cellphones and PDAs. PC2M contains a cross-site scripting vulnerability. Impact An arbitrary script can be executed on the user's web browser. Solution Update...
Cross-site scripting vulnerability in multiple Tor World CGI scripts
Overview Multiple Tor World CGI scripts contain a cross-site scripting vulnerability. Tor World provides CGI scripts for implementing search engines, message boards, and other tools. Multiple Tor World CGI scripts contain a cross-site scripting vulnerability. Impact An arbitrary script can be...
PerlMailer cross-site scripting vulnerability
Overview PerlMailer is a mail form CGI provided by "Homepage Decorator". A cross-site scripting vulnerability exists in PerlMailer. PerlMailer is a mail form CGI provided by "Homepage Decorator". It is used to send mail from a form on a web page. A cross-site scripting vulnerabiltiy exists in...
Mozilla Firefox cross-site scripting vulnerability
Overview Mozilla Firefox web browser contains a cross-site scripting vulnerability. Mozilla Firefox does not properly handle certain HTML documents in ShiftJIS encoding. According to MFSA 2008-13, this flaw could potentially be used to evade web-site input filters and result in a XSS attack hazar...
Cross-site scripting vulnerabilities in multiple Bluemoon Inc. XOOPS modules
Overview Mutiple Bluemoon Inc. XOOPS modules are vulnerable to cross-site scripting. Mutiple modules provided by Blumoon Inc. for XOOPS 2.0.x / XOOPS Cube 2.1 / ImpressCMS are vulnerable to cross-site scripting. Yosuke Yamada and Hirohisa Yamaguchi of NetAgent Co., Ltd. reported this vulnerabilit...
Multiple JustSystems products vulnerable to buffer overflow
Overview Multiple JustSystems products are vulnerable to buffer overflow. Multiple JustSystems products contain a vulnerability which allows a remote attacker to cause buffer overflow when a user opens or views a specially crafted .jtd file. Multiple products are affected by this vulnerability. F...
Cross-site scripting vulnerabilities in multiple Hal Networks shopping cart products
Overview Multiple Hal Networks shopping cart software products are vulnerable to cross-site scripting. Multiple shopping cart software products are affected by this vulnerability. For details, see the information provided by Hal Networks. Impact An arbitrary script can be executed on the user's w...
FTP bounce vulnerability in multiple Canon digital multifunction copiers and laser beam printers
Overview Multiple Canon digital multifunction copiers and laser beam printers contain a vulnerability that could allow a remote attacker to access other network devices via a built-in FTP server. The Canon Color imageRUNNER Series, imageRUNNER Series, imagePRESS Series, and laser beam printer...
Nagios cross-site scripting vulnerability
Overview Nagios from Nagios.org contains a cross-site scripting vulnerability. Nagios from Nagios.org is software that monitors network services, hosts, and other resources. Nagios contains a cross-site scripting vulnerability. Impact An arbitrary script can be executed on the user's web browser...
Namazu cross-site scripting vulnerability
Overview Namazu, Japanese full-text search engine, contains a cross-site scripting vulnerability. Namazu, Japanese full-text search engine does not specify charset in the ContentType header that could allow a remote attacker to execute an arbitrary script on the user's web browser. Impact An...
DesignForm cross-site scripting vulnerability
Overview DesignForm is a mail form CGI provided by GNB. A cross-site scripting vulnerability exists in DesignForm. DesignForm is a mail form CGI provided by GNB. It is used to send mail from a form on a web page. A cross-site scripting vulnerabiltiy exists in DesignForm. Impact An arbitrary scrip...
Lhaplus buffer overflow vulnerability
Overview Lhaplus, file compression/decompression software supporting multiple compression file formats, contains a buffer overflow vulnerability. Lhaplus, file compression/decompression software supporting multiple compression file formats, contains a buffer overflow vulnerability. If a user...
SquirrelMail cross-site scripting vulnerability
Overview SquirrelMail is a web-based email program provided by the SquirrelMail Project. SquirrelMail contains a cross-site scripting vulnerability as it does not adequately handle HTML email. Impact A malicious script may be executed on the user's web browser. Solution None...
Multiple email clients vulnerable in handling an attachement inapropriately
Overview Some email clients contain a vulnerability which may crash themselves as they do not properly handle an attached file with an particular file name. Impact Actual impact could differ depending on the email clients though, email clients may crash when hadling an attached file with a...
Minnu's filer2 vulnerable in allowing arbitrary Ruby script execution
Overview The Minnu's filer2 is a Unix file managing program. This software has a vulnerability that allows a attacker to execute arbitrary Ruby scripts with the privilege of the user running the Minnu's filer2. Impact An attacker could take over a user's account, steal the user's information or...
Trac cross-site scripting vulnerability
Overview Trac is a project management tool from Edgewall Software. InterAct Corp. provides a localized version of Trac in Japan. Trac wiki engine contains a cross-site scripting vulnerability. Impact A remote attacker could possibly execute an arbitrary script on the user's web browser. Solution...
Apache Struts Validator allows to bypass input data validation
Overview Apache Struts is a Web application framework from the Apache Software Foundation. Apache Struts contains a vulnerability allowing to bypass input data validation by the Validator. Impact Depending on the web application, an attacker may be able to manipulate unexpected operations by...
MyWeb SQL injection vulnerability
Overview Groupware MyWeb contains a SQL injection vulnerability. Impact A remote attacker could view or modify the database contents. Solution None...
CGI RESCUE WebFORM allows unauthorized email transmission
Overview WebFORM from CGI RESCUE is software which delivers the HTML form inputs via email. WebFORM fails to check the mail headers properly, allowing a remote attacker to send email to arbitrary addresses. According to the vendor's information, FORM2MAIL also contains a similar vulnerability, an...
Wiki clone products vulnerable to denial of service attacks
Overview Wiki clones allow a user via a web browser to edit documents on the web server. Some products of Wiki clones contain a vulnerability which consumes large amounts of CPU and memory resources when handling a particular request. Impact A remote attacker could execute a DoS denial of service...
ATutor cross-site scripting vulnerability
Overview ATutor, an open source e-learning content management system, contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Authentication information could be stolen as a result. Solution None...
ServerView directory traversal vulnerability
Overview ServerView, server monitoring software included in Fujitsu servers, contains a directory traversal vulnerability. Impact A remote attacker could view particular files on the server. Solution None...