Lucene search
K

5625 matches found

Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/07/03 12:0 a.m.•37 views

JVN#77432756 FreeStyleWiki cross-site scripting vulnerability

FreeStyleWiki, one of Wiki clones, contains a cross-site scripting vulnerability. Impact An arbitrary script could be executed if a FreeStyleWiki user views a specially crafted web page with Internet Explorer. Other web browsers that use the Internet Explorer browser engine may also be affected...

4.3CVSS6AI score0.11811EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/06/27 12:0 a.m.•32 views

JVN#18700809 Cybozu Garoon session fixation vulnerability

Cybozu Garoon, a groupware from Cybozu, contains a session fixation vulnerability which may allow an attacker to impersonate a user when the user logs into Cybozu Garoon using a session ID provided by the attacker. Impact A remote attacker impersonating a logged in user may execute arbitrary code...

6.8CVSS7.3AI score0.01524EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/06/27 12:0 a.m.•36 views

JVN#52363223: Cybozu Garoon vulnerable to arbitrary script execution

Cybozu Garoon, a groupware from Cybozu, contains a vulnerability that allows an attacker to execute an arbitrary script when a user views RSS feed. Impact An arbitrary script could be executed on the user's web browser. Solution Update the Software Apply the latest update provided by the vendor...

4.3CVSS6.6AI score0.01292EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/06/27 12:0 a.m.•34 views

JVN#18405927 Multiple Cybozu products vulnerable to cross-site request forgery

Multiple Cybozu products contain a cross-site request forgery vulnerability. Impact If a user views a malicious web page while logged onto the Cybozu web interface, the user's schedules and other configuration settings may be altered. Solution Update the Software Apply the latest updates provided...

6.8CVSS6.4AI score0.01044EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/06/25 12:0 a.m.•24 views

JVN#36635562 nProtect : Netizen denial of service (DoS) vulnerability

nProtect : Netizen from NetMove Corporation is security software that works only while communicating with specific web pages. nProtect : Netizen contains a denial of service DoS vulnerability. Impact An remote attacker could disable nProtect : Netizen by convincing a user to open a specially...

7.2AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/06/20 4:46 a.m.•3 views

CGIWrap error page cross-site scripting vulnerability

Overview CGIWrap error page is vulnerable to a cross-site scripting. CGIWrap is a gateway program that allows general users to use CGI scripts and HTML forms on the web server. CGIWrap contains a cross-site scripting vulnerability as it does not specify charset in the error page. Hirohisa Yamaguc...

4.3CVSS5.9AI score0.0125EPSS
Exploits0References9
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/06/20 4:45 a.m.•1 views

BlognPlus SQL injection vulnerability

Overview BlognPlus contains a SQL injection vulnerability. BlognPlus from R-ONE Computer is a software for creating blogs. BlognPlus for MySQL and for PostgreSQL contain a SQL injection vulnerability. According to the vendor, BlognPlus for Text is not affected by this vulnerability since it does...

7.5CVSS7.8AI score0.01096EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/06/19 12:0 a.m.•36 views

JVN#45389864 CGIWrap error page cross-site scripting vulnerability

CGIWrap is a gateway program that allows general users to use CGI scripts and HTML forms on the web server. CGIWrap contains a cross-site scripting vulnerability as it does not specify charset in the error page. Impact An arbitrary script may be executed on the user's web browser. Solution Update...

4.3CVSS5.5AI score0.0125EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/06/17 12:0 a.m.•37 views

JVN#14072646 BlognPlus SQL injection vulnerability

BlognPlus from R-ONE Computer is software for creating blogs. BlognPlus for MySQL and for PostgreSQL contain a SQL injection vulnerability. According to the vendor, BlognPlus for Text is not affected by this vulnerability since it does not use a database. Impact A remote attacker could obtain...

7.5CVSS7.2AI score0.01096EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/06/13 8:11 a.m.•6 views

X.Org Foundation X server buffer overflow vulnerability

Overview X server provided by the X.Org Foundation contains a buffer overflow vulnerability. The X.Org Foundation provides an open source implementation of the X Window System. The X server of this implementation contains a vulnerability in the handling of Portable Compiled Font PCF format fonts...

8.5CVSS7.9AI score0.05108EPSS
Exploits0References37
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/06/10 4:59 a.m.•4 views

Sleipnir and Grani vulnerable to arbitrary script execution when Bookmark search results are restored from history

Overview Sleipnir and Grani, web browsers from Fenrir & Co., contain a vulnerability in the bookmark search function that allows an attacker to execute an arbitrary script when search results are restored from history. Sleipnir and Grani, web browsers from Fenrir & Co., have a bookmark search...

4.3CVSS7AI score0.01065EPSS
Exploits0References9
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/06/10 4:57 a.m.•1 views

Pixelpost cross-site scripting vulnerability

Overview Pixelpost, an open source content management system used for photo albums, etc., contains a cross-site scripting vulnerability. Daiki Fukumori of Secure Sky Technology, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the vendors under Information Security Early Warnin...

2.6CVSS6AI score
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/06/10 12:0 a.m.•35 views

JVN#88935101: X.Org Foundation X server buffer overflow vulnerability

The X.Org Foundation provides an open source implementation of the X Window System. The X server of this implementation contains a vulnerability in the handling of Portable Compiled Font PCF format fonts that can be exploited to cause a buffer overflow. Impact An attacker with an established,...

7.5CVSS7.3AI score0.05108EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/06/06 3:1 a.m.•3 views

WEB MART from KENT WEB vulnerable to cross-site scripting

Overview WEB MART, from KENT WEB, contains a cross-site scripting vulnerability. WEB MART provided by KENT WEB is shopping cart software. WEB MART contains a cross-site scripting vulnerability. Akira Noda of Tokyo Institute of Technology reported this vulnerability to IPA. JPCERT/CC coordinated...

4.3CVSS6.2AI score0.01065EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/06/06 3:0 a.m.•1 views

JP1/Cm2/Network Node Manager Web Coordinated Function Multiple Vulnerabilities

Overview Multiple vulnerabilities have been found in the JP1/Cm2/Network Node Manager NNM Web coordinated function. Impact A remote attacker could execute arbitrary scripts or code, or cause a denial of service DoS condition. Solution Please refer to the 'Vendor Information' section for the...

7.5CVSS7.4AI score
Exploits0References1
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/06/06 3:0 a.m.•2 views

Groupmax World Wide Web Desktop/BUNSHOKANRI(=DocumentManagement) Cross-Site Scripting Vulnerability

Overview A cross-site scripting vulnerability has been found in the Groupmax World Wide Web Desktop/BUNSHOKANRI =DocumentManagement. Impact A remote attacker could execute malicious scripts. Solution Please refer to the 'Vendor Information' section for official countermesure and take appropriate...

4.3CVSS6.4AI score
Exploits0References1
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/06/06 3:0 a.m.•5 views

XMAP3 Denial of Service (DoS) Vulneability

Overview XMAP3's print function has a vulnerability that could cause a temporary denial of service DoS condition when receiving unexpected data. Impact An attacker could cause a denial of service DoS condition by sending unexpected data to XMAP3's print service. Solution Please refer to the 'Vend...

5CVSS6.7AI score
Exploits0References1
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/06/06 3:0 a.m.•3 views

Hitachi Groupmax Collaboration Products Cross-Site Scripting Vulnerability

Overview A cross-site scripting vulnerability has been found in the Hitachi Groupmax Collaboration products. Impact A remote attacker could execute arbitrary scripts. Solution Please refer to the 'Vendor Information' section for official countermesure and take appropriate action...

4.3CVSS6.6AI score
Exploits0References1
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/06/04 12:0 a.m.•28 views

JVN#25448394 Sleipnir and Grani vulnerable to arbitrary script execution when Bookmark search results are restored from history

Sleipnir and Grani, web browsers from Fenrir & Co., have a bookmark search function. When a user runs the search function, the search result is displayed in the web browser. If a specially crafted string is used in a search, an arbitrary script may be executed on the user's web browser when the...

4.3CVSS6.5AI score0.01065EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/30 12:0 a.m.•19 views

JVN#43906021 WEB MART from KENT WEB vulnerable to cross-site scripting

WEB MART provided by KENT WEB is shopping cart software. WEB MART contains a cross-site scripting vulnerability. Impact An arbitrary script could be executed on the user's web browser. Solution Update the Software Apply the latest update provided by the vendor. Products Affected WEB MART 1.61 and...

6.6AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•3 views

Multiple Yamaha routers vulnerable to cross-site request forgery

Overview The web interface in multiple Yamaha routers is vulnerable to cross-site request forgery. Multiple Yamaha routers provide a web-based interface for users to configure the settings of the routers. The web interface is vulnerable to cross-site request forgery. Impact If the administrator...

7.5CVSS6.9AI score0.00678EPSS
Exploits0References10
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•4 views

Lhaca LHZ Archive Extended Header Size Processing Buffer Overflow Vulnerability

Overview Lhaca does not process an LHZ archive with an invalid Extended Header Size properly, which could lead to buffer overflow. This problem is reported to be different from the issue identified in JVNDB-2007-000492 CVE-2007-3375. Impact An attacker could execute arbitrary code. Solution Pleas...

9.3CVSS7.2AI score0.04613EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•2 views

JP1/Cm2/Network Node Manager Denial of Service Vulnerability

Overview The JP1/Cm2/Network Node Manager NNM has vulnerability that can be exploited to cause a denial of service DoS. Impact A remote attacker could cause a denial of service DoS. Solution Please refer to the 'Vendor Information' section for the recommended workaround...

5CVSS6.8AI score
Exploits0References1
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•2 views

Symantec Backup Exec for Windows Server ActiveX Control Multiple Vulnerabilities

Overview The PVATLCalendar.PVCalendar.1 pvcalendar.ocx ActiveX control, a scheduler component of the Media Server in Symantec Backup Exec for Windows Server BEWS, includes the insecure Save method that mishandles strings assigned to certain properties listed below, which can be exploited to cause...

5.1CVSS7AI score0.0306EPSS
Exploits1References10
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•1 views

JP1/HIBUN Encryption/Decryption and Removable Media Control Malfunction Problems

Overview The encryption/decryption and removable media control function in JP1/HIBUN Advanced Edition Information Cypher and Advanced Edition Information Fortress may malfunction. Impact Information can be taken away using removable storage media. Solution Please refer to the 'Vendor Information'...

3.6CVSS6.8AI score
Exploits0References1
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•4 views

SEWB3/PLATFORM Denial of Service Vulnerability

Overview SEWB3/PLATFORM handles SEWB3 message improperly when it receives malformed data, which allows attackers to cause a Denial of Service DoS. Impact An attacker could cause a Denial of Service DoS. Solution Please refer to the 'Vendor Information' section for official remediation and take...

5CVSS6.7AI score0.01189EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•3 views

Symantec Backup Exec for Windows Server ActiveX Control Multiple Buffer Overflow Vulnerabilities

Overview The PVATLCalendar.PVCalendar.1 pvcalendar.ocx ActiveX control, a scheduler component of the Media Server in Symantec Backup Exec for Windows Server BEWS, includes the insecure Save method that mishandles long strings assigned to various properties listed below, which can be exploited to...

9.3CVSS7.6AI score0.50419EPSS
Exploits8References10
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•3 views

EUR Print Manager Denial of Service Vulnerability

Overview EUR Print Manager fails to accept job execution requests when it receives unexpected data, which could be exploited to cause a Denial of Service DoS condition. Impact An attacker could cause a Denial of Service DoD. Solution Please refer to the 'Vendor Information' section for official...

5CVSS6.9AI score0.01397EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•3 views

PC2M cross-site scripting vulnerability

Overview PC2M is an open source web application which converts web pages and images to be available on web-capable mobile devices such as cellphones and PDAs. PC2M contains a cross-site scripting vulnerability. Impact An arbitrary script can be executed on the user's web browser. Solution Update...

4.3CVSS6.3AI score0.01033EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•3 views

Cross-site scripting vulnerability in multiple Tor World CGI scripts

Overview Multiple Tor World CGI scripts contain a cross-site scripting vulnerability. Tor World provides CGI scripts for implementing search engines, message boards, and other tools. Multiple Tor World CGI scripts contain a cross-site scripting vulnerability. Impact An arbitrary script can be...

4.3CVSS6.4AI score0.01033EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•2 views

PerlMailer cross-site scripting vulnerability

Overview PerlMailer is a mail form CGI provided by "Homepage Decorator". A cross-site scripting vulnerability exists in PerlMailer. PerlMailer is a mail form CGI provided by "Homepage Decorator". It is used to send mail from a form on a web page. A cross-site scripting vulnerabiltiy exists in...

4.3CVSS6AI score0.01223EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•2 views

Mozilla Firefox cross-site scripting vulnerability

Overview Mozilla Firefox web browser contains a cross-site scripting vulnerability. Mozilla Firefox does not properly handle certain HTML documents in ShiftJIS encoding. According to MFSA 2008-13, this flaw could potentially be used to evade web-site input filters and result in a XSS attack hazar...

4.3CVSS7.9AI score0.0162EPSS
Exploits1References11
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•2 views

Cross-site scripting vulnerabilities in multiple Bluemoon Inc. XOOPS modules

Overview Mutiple Bluemoon Inc. XOOPS modules are vulnerable to cross-site scripting. Mutiple modules provided by Blumoon Inc. for XOOPS 2.0.x / XOOPS Cube 2.1 / ImpressCMS are vulnerable to cross-site scripting. Yosuke Yamada and Hirohisa Yamaguchi of NetAgent Co., Ltd. reported this vulnerabilit...

4.3CVSS6.2AI score0.01065EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•4 views

Multiple JustSystems products vulnerable to buffer overflow

Overview Multiple JustSystems products are vulnerable to buffer overflow. Multiple JustSystems products contain a vulnerability which allows a remote attacker to cause buffer overflow when a user opens or views a specially crafted .jtd file. Multiple products are affected by this vulnerability. F...

9.3CVSS7.8AI score0.04756EPSS
Exploits0References11
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•1 views

Cross-site scripting vulnerabilities in multiple Hal Networks shopping cart products

Overview Multiple Hal Networks shopping cart software products are vulnerable to cross-site scripting. Multiple shopping cart software products are affected by this vulnerability. For details, see the information provided by Hal Networks. Impact An arbitrary script can be executed on the user's w...

4.3CVSS6.3AI score0.01292EPSS
Exploits0References9
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•2 views

FTP bounce vulnerability in multiple Canon digital multifunction copiers and laser beam printers

Overview Multiple Canon digital multifunction copiers and laser beam printers contain a vulnerability that could allow a remote attacker to access other network devices via a built-in FTP server. The Canon Color imageRUNNER Series, imageRUNNER Series, imagePRESS Series, and laser beam printer...

6.4CVSS6.8AI score0.02051EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•0 views

Nagios cross-site scripting vulnerability

Overview Nagios from Nagios.org contains a cross-site scripting vulnerability. Nagios from Nagios.org is software that monitors network services, hosts, and other resources. Nagios contains a cross-site scripting vulnerability. Impact An arbitrary script can be executed on the user's web browser...

4.3CVSS6.1AI score
Exploits0References3
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•3 views

Namazu cross-site scripting vulnerability

Overview Namazu, Japanese full-text search engine, contains a cross-site scripting vulnerability. Namazu, Japanese full-text search engine does not specify charset in the ContentType header that could allow a remote attacker to execute an arbitrary script on the user's web browser. Impact An...

4.3CVSS6.2AI score0.01745EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•1 views

DesignForm cross-site scripting vulnerability

Overview DesignForm is a mail form CGI provided by GNB. A cross-site scripting vulnerability exists in DesignForm. DesignForm is a mail form CGI provided by GNB. It is used to send mail from a form on a web page. A cross-site scripting vulnerabiltiy exists in DesignForm. Impact An arbitrary scrip...

4.3CVSS6AI score0.01065EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•2 views

Lhaplus buffer overflow vulnerability

Overview Lhaplus, file compression/decompression software supporting multiple compression file formats, contains a buffer overflow vulnerability. Lhaplus, file compression/decompression software supporting multiple compression file formats, contains a buffer overflow vulnerability. If a user...

7.5CVSS7.8AI score0.03481EPSS
Exploits0References10
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•1 views

SquirrelMail cross-site scripting vulnerability

Overview SquirrelMail is a web-based email program provided by the SquirrelMail Project. SquirrelMail contains a cross-site scripting vulnerability as it does not adequately handle HTML email. Impact A malicious script may be executed on the user's web browser. Solution None...

4.3CVSS5.8AI score0.02034EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•3 views

Multiple email clients vulnerable in handling an attachement inapropriately

Overview Some email clients contain a vulnerability which may crash themselves as they do not properly handle an attached file with an particular file name. Impact Actual impact could differ depending on the email clients though, email clients may crash when hadling an attached file with a...

5CVSS6.7AI score0.01814EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•2 views

Minnu's filer2 vulnerable in allowing arbitrary Ruby script execution

Overview The Minnu's filer2 is a Unix file managing program. This software has a vulnerability that allows a attacker to execute arbitrary Ruby scripts with the privilege of the user running the Minnu's filer2. Impact An attacker could take over a user's account, steal the user's information or...

1.9CVSS7.2AI score
Exploits0References3
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•4 views

Trac cross-site scripting vulnerability

Overview Trac is a project management tool from Edgewall Software. InterAct Corp. provides a localized version of Trac in Japan. Trac wiki engine contains a cross-site scripting vulnerability. Impact A remote attacker could possibly execute an arbitrary script on the user's web browser. Solution...

4.3CVSS6.3AI score0.01369EPSS
Exploits0References10
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•2 views

Apache Struts Validator allows to bypass input data validation

Overview Apache Struts is a Web application framework from the Apache Software Foundation. Apache Struts contains a vulnerability allowing to bypass input data validation by the Validator. Impact Depending on the web application, an attacker may be able to manipulate unexpected operations by...

7.5CVSS8.6AI score0.06142EPSS
Exploits0References9
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•2 views

MyWeb SQL injection vulnerability

Overview Groupware MyWeb contains a SQL injection vulnerability. Impact A remote attacker could view or modify the database contents. Solution None...

7.5CVSS7.9AI score0.01214EPSS
Exploits0References9
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•2 views

CGI RESCUE WebFORM allows unauthorized email transmission

Overview WebFORM from CGI RESCUE is software which delivers the HTML form inputs via email. WebFORM fails to check the mail headers properly, allowing a remote attacker to send email to arbitrary addresses. According to the vendor's information, FORM2MAIL also contains a similar vulnerability, an...

5CVSS6.8AI score0.01463EPSS
Exploits0References9
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•1 views

Wiki clone products vulnerable to denial of service attacks

Overview Wiki clones allow a user via a web browser to edit documents on the web server. Some products of Wiki clones contain a vulnerability which consumes large amounts of CPU and memory resources when handling a particular request. Impact A remote attacker could execute a DoS denial of service...

5CVSS7AI score
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•1 views

ATutor cross-site scripting vulnerability

Overview ATutor, an open source e-learning content management system, contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Authentication information could be stolen as a result. Solution None...

4.3CVSS6.1AI score
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•1 views

ServerView directory traversal vulnerability

Overview ServerView, server monitoring software included in Fujitsu servers, contains a directory traversal vulnerability. Impact A remote attacker could view particular files on the server. Solution None...

5CVSS6.9AI score0.01779EPSS
Exploits0References7
Total number of security vulnerabilities5625