5609 matches found
XMAP3 Denial of Service (DoS) Vulneability
Overview XMAP3's print function has a vulnerability that could cause a temporary denial of service DoS condition when receiving unexpected data. Impact An attacker could cause a denial of service DoS condition by sending unexpected data to XMAP3's print service. Solution Please refer to the 'Vend...
Hitachi Groupmax Collaboration Products Cross-Site Scripting Vulnerability
Overview A cross-site scripting vulnerability has been found in the Hitachi Groupmax Collaboration products. Impact A remote attacker could execute arbitrary scripts. Solution Please refer to the 'Vendor Information' section for official countermesure and take appropriate action...
JVN#25448394 Sleipnir and Grani vulnerable to arbitrary script execution when Bookmark search results are restored from history
Sleipnir and Grani, web browsers from Fenrir & Co., have a bookmark search function. When a user runs the search function, the search result is displayed in the web browser. If a specially crafted string is used in a search, an arbitrary script may be executed on the user's web browser when the...
JVN#43906021 WEB MART from KENT WEB vulnerable to cross-site scripting
WEB MART provided by KENT WEB is shopping cart software. WEB MART contains a cross-site scripting vulnerability. Impact An arbitrary script could be executed on the user's web browser. Solution Update the Software Apply the latest update provided by the vendor. Products Affected WEB MART 1.61 and...
Google Desktop cross-site scripting vulnerability
Overview Google Desktop contains a cross-site scripting vulnerability. Google Desktop, software for searching information on local computers, contains a cross-site scripting vulnerability. Impact An arbitrary script could be executed on the web browser of a user who uses Google Desktop. Solution...
DesignForm cross-site scripting vulnerability
Overview DesignForm is a mail form CGI provided by GNB. A cross-site scripting vulnerability exists in DesignForm. DesignForm is a mail form CGI provided by GNB. It is used to send mail from a form on a web page. A cross-site scripting vulnerabiltiy exists in DesignForm. Impact An arbitrary scrip...
JP1/Cm2/Network Node Manager Denial of Service Vulnerability
Overview The JP1/Cm2/Network Node Manager NNM has vulnerability that can be exploited to cause a denial of service DoS. Impact A remote attacker could cause a denial of service DoS. Solution Please refer to the 'Vendor Information' section for the recommended workaround...
Shopping Basket Professional vulnerable to OS command injection
Overview Shopping Basket Professional provided by CGI RESCUE contains a vulnerability which allows a remote attacker to inject an arbitrary OS command as it does not properly validate input data. Impact A remote attacker could execute an arbitrary OS command on the server where Shopping Basket...
MailDwarf cross-site scripting vulnerability
Overview MailDwarf is a mail form CGI provided by HTML Dwarf. MailDwarf contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution...
Homepage Builder sample CGI programs vulnerable to OS command injection
Overview Some of the CGI sample programs included in Homepage Builder provided by IBM Japan contains a vulnerability which may allow an attacker to inject an arbitrary OS command. According to the vendor, it is confirmed that vulnerable CGI sample programs are not included in the demo versions of...
rktSNS cross-site scripting vulnerability
Overview rktSNS, an open source social networking service engine provided by rakuto.net, contains a cross-site scripting vulnerability. rktSNS, provided by rakuto.net, is open source software for community site construction. rktSNS contains a cross-site scripting vulnerability. Impact An arbitrar...
Safari allows access from HTTP to HTTPS
Overview Apple Safari contains a vulnerability that allows a remote attacker to access HTTPS content via an HTTP session. Safari is a default web browser installed in Mac OS X and iPhone. Safari contains a vulnerability that allows a remote attacker to access web page contents protected by SSL/TL...
Webmin OS command injection vulnerability
Overview Webmin, a web-based system management tool, contains a vulnerability that allows an unauthorized Webmin user to execute OS commands. Webmin is a web-based system management tool. Webmin for Windows contains a vulnerability that allows an unauthorized Webmin user to execute OS commands by...
NetCommons cross-site scripting vulnerability
Overview NetCommons from the NetCommons Project contains a cross-site scripting vulnerability. NetCommons from the NetCommons Project is an open source content management system which provides e-learning and groupware functions. NetCommons contains a cross-site scripting vulnerability. This...
Cross-site scripting vulnerability in updir.php in UPDIR.NET
Overview updir.php in UPDIR.NET contains a cross-site scripting vulnerability in the full-text search and file upload functions. updir.php from UPDIR.NET is software for publishing and managing image files, etc. on web servers. By installing updir.php on a web server, users are able to upload ima...
Cybozu Office denial of service (DoS) vulnerability
Overview Cybozu Office contains a denial of service DoS vulnerability. Cybozu Office, web-based groupware, is vulnerable to a denial of service DoS attack because it fails to properly handle specially crafted HTTP requests. Impact A remote attacker can cause a denial of service DoS against the...
Flash Player vulnerable in handling cross-domain policy files
Overview Adobe Flash Player contains a vulnerability caused by improper handling of cross-domain policy files. Adobe Flash Player is a player for the Flash media format and enables frame-based animations with sound to be viewed within a web browser. According to Adobe's "About allowing cross-doma...
Nagasaki Electronic Prefectural Office System SQL injection vulnerability
Overview Nagasaki Prefectural Government has developed an open source electronic prefectural office system. The system contains SQL injection vulnerabilities. Impact A remote attacker may view or modify the database contents. Solution None...
Wiki clone products vulnerable to denial of service attacks
Overview Wiki clones allow a user via a web browser to edit documents on the web server. Some products of Wiki clones contain a vulnerability which consumes large amounts of CPU and memory resources when handling a particular request. Impact A remote attacker could execute a DoS denial of service...
ATutor cross-site scripting vulnerability
Overview ATutor, an open source e-learning content management system, contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Authentication information could be stolen as a result. Solution None...
NetCommons cross-site scripting vulnerability
Overview NetCommons is an open source content management system, combining e-learning and groupware functionality. NetCommons is developed and distributed by the NetCommons Project. NetCommons contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's...
TeraStation HD-HTGL series cross-site request forgery vulnerability
Overview TeraStation HD-HTGL series provided by Buffalo, Inc. are hard disks for LAN connection and have administrative web interface. The administrative interface for the TeraStation HD-HTGL contains a cross-site request forgety CSRF vulnerability. Impact If a TeraStation HD-HTGL administrator w...
phpComasy cross-site scripting vulnerability
Overview phpComasy, an open source content management system, contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. If session information from a cookie is leaked, session hijacking could be conducted. Solution None...
Blogn cross-site scripting vulnerability
Overview Blogn, a script for the creation of blogs from R-ONE, contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. In addition, if session information from a cookie is leaked, an attacker could possibly conduct session hijacking...
Chama Cargo cross-site scripting vulnerability
Overview Chama Cargo, a cgi program written in perl for creating shopping websites, contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution None...
pnamazu cross-site scripting vulnerability
Overview pnamazu, the Perl version program of the full-text search engine Namazu, contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution None...
DeleGate DNS Message Decompression Denial of Service Vulnerability
Overview DNS implementation in DeleGate does not handle a compressed DNS packet properly, which could cause an infinite loop. Note that some other DNS packet processing systems have the issues related to this vulnerability. For more information on those systems, please refer to NISCC-589088 JVN a...
McAfee VirusScan Engine buffer overflow vulnerability
Overview McAfee VirusScan Engine contains a buffer overflow vulnerability. Impact A buffer overflow may occur when scanning a malformed LHA file. Solution None...
Virus Security heap overflow vulnerability
Overview SourceNext Virus Security has a problem in the email processing. It is affected by a heap overflow vulnerability when receiving specially crafted emails. Impact A remote attacker may cause a denial of service and execute arbitrary code with the Local System privilege. Solution None...
LHA Arbitrary Command Execution Vulnerability with Shell Metacharacter in Directory Name
Overview LHA is vulnerable to arbitrary command execution due to improper handling of directory names cantaining shell metacharacters. Impact An remote attacker could execute arbitrary command. Solution Please refer to the 'Vendor Information' section for official remediation and take appropriate...
LHA Buffer Overflow Vulnerability with lack of Path Length Validation
Overview LHA is vulnerable to buffer overflow due to improper handling of a pathname in the LHarc Format 2 header for an .LHZ archive. Impact An remote attacker coulf execute arbitrary code. Solution Please refer to the 'Vendor Information' section for official remediation and take appropriate...
Ruby CGI Session Management Insecure File Permission Vulnerability
Overview Ruby uses CGI::Session's FileStore. FileStore creates a session file with improper permission and this could lead to session information leak. Impact An attacker could hijack sessions utilizing stolen information. Solution Please refer to the 'Vendor Information' section for official...
Virus Buster Corporate Edition vulnerability
Overview Virus Buster Corporate Edition contains a vulnerability which may allow an attacker to view the OPP.ini file Outbreak Prevent Policy configuration file, when a specific URL is entered to the management console. Impact An attacker could distrubute viruses that sneak through the policy by...
Becky! Internet Mail vulnerability in S/MIME signature verification
Overview Becky! Internet Mail contains the following vulnerabilities in the S/MIME signature verification: - S/MIME signature verification does not verify the certification path. - S/MIME signature verification does not verify the certification expiration date. Impact Even if a recipient receives...
JP1/HIBUN Encryption/Decryption and Removable Media Control Malfunction Problems
Overview The encryption/decryption and removable media control function in JP1/HIBUN Advanced Edition Information Cypher and Advanced Edition Information Fortress may malfunction. Impact Information can be taken away using removable storage media. Solution Please refer to the 'Vendor Information'...
Apache Tomcat Accept-Language Header Cross-Site Scripting Vulnerability
Overview Apache Tomcat from the Apache Software Foundation contains a cross-site scripting vulnerability in the Accept-Language header handling. Apache Tomcat from the Apache Software Foundation is an implementation of the Java Servlet and JavaServer Page JSP technologies. Apache Tomcat contains ...
Lunascape RSS reader arbitrary script execution vulnerability
Overview A vulnerability exists in the web browser Lunascape's RSS reader. An arbitrary script embedded in RSS feeds could be executed as the output of RSS information is not properly handled. Impact Arbitrary JavaScript could be executed within Lunascape's RSS reader. Solution None...
Advance-Flow cross-site scripting vulnerability
Overview Advance-Flow is an electronic authorization system. Advance-Flow contains a cross-site scripting vulnerability in its application form. Advance-Flow provided by OSK Co. LTD contains a cross-site scripting vulnerability, as it does not properly handle output data. Some application forms a...
Apache Tomcat sample web application cross-site scripting vulnerability
Overview Apache Tomcat, from the Apache Software Foundation, contains a cross-site scripting vulnerability in its sample program. Apache Tomcat from the Apache Software Foundation is an implementation of the Java Servlet and JavaServer Page JSP technologies. jsp-examples, a sample web application...
Apache Tomcat cross-site scripting vulnerability
Overview Apache Tomcat, from the Apache Software Foundation, contains a cross-site scripting vulnerability. Apache Tomcat, provided by the Apache Software Foundation, is an implementation of Java Servlets and JavaServer Pages technologies. Apache Tomcat Web Application Manager contains a cross-si...
Nessus report function vulnerable to arbitrary script execution
Overview Nessus scanning report in HTML format contains the target server's responses against Nessus scanning. Nessus fails to properly handle the responses. This may cause a script to be executed on a user's web browser when the user views the report. Nessus, a vulnerability scanner from Tenable...
HttpLogger vulnerable to cross-site scripting
Overview KLab HttpLogger is vulnerable to cross-site scripting. Klab HttpLogger is full-text search software for web browser histories. HttpLogger is vulnerable to cross-site scripting. Impact An arbitrary script can be executed on the user's web browser. Solution Update the Software Apply the...
Multiple Cybozu products vulnerable to cross-site scripting
Overview Multiple Cybozu products are vulnerable to cross-site scripting. Multiple Cybozu products are vulnerable to cross-site scripting. This vulnerability is different from JVN50342989. Impact An arbitrary script can be executed on the user's web browser. Solution Update the Software Apply the...
Flash Player allows to send arbitrary HTTP headers
Overview Adobe Flash Player contains a vulnerability that could allow a remote attacker to modify HTTP headers of client requests and conduct a HTTP request splitting attack. Adobe Flash Player is a player for the Flash media format and enables frame-based animations with sound to be viewed withi...
Nagasaki Electronic Prefectural Office System authentication information vulnerability
Overview Nagasaki Prefectural Government has developed an open source electronic prefectural office system. The system hardcodes some credential information and a remote attacker could impersonate genuine users. Impact A remote attacker could impersonate genuine users. As a result, the attacker...
QUICK CART cross-site scripting vulnerability
Overview QUICK CART is a shopping cart system for building Internet shop sites. QUICK CART contains a cross-site scripting vulnerability as it does not validate inputs properly. Impact An arbitrary script could be executed on the user's web browser. Solution None...
Wiki clone products vulnerable to denial of service attacks
Overview Wiki clones allow a user via a web browser to edit documents on the web server. Some products of Wiki clones contain a vulnerability which consumes large amounts of CPU and memory resources when handling a particular request. Impact A remote attacker could execute a DoS denial of service...
Cybozu products vulnerable to directory traversal
Overview Multiple Cybozu products contain a directory traversal vulnerability. Impact A remote authenticated attacker could read an arbitrary file on the server. The files that can be viewed by an attacker depend on the environment where the Cybozu products are installed. Solution None...
NEC MultiWriter 1700C web server authentication bypass vulnerability
Overview Certain NEC printers have build-in web servers. They contain a vulnerability, where unauthorized users could change the system configuration. Impact A remote attacker could change the system configuration of the printer's built-in web server. Solution None...
EC-CUBE cross-site scripting vulnerability
Overview EC-CUBE, an open source system for creating shopping websites, contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. If session information from a cookie is leaked, session hijacking could be conducted. Solution None...