5625 matches found
MouseoverDictionary vulnerable to arbitrary script execution
Overview MouseoverDictionary, an add-on for Mozilla Firefox, contains a vulnerability that allows an attacker to execute an arbitrary script. MouseoverDictionary, an add-on mouseover English-Japanese dictionary for Mozilla Firefox, contains a vulnerability that allows an attacker to execute an...
Sleipnir and Grani Bookmark Search vulnerable to arbitrary script execution
Overview Sleipnir and Grani, web browsers from Fenrir & Co., contain a vulnerability in the bookmark search function that allows an attacker to execute an arbitrary script. Sleipnir and Grani, web browsers from Fenrir & Co., have a bookmark search function. When a user runs the search function, t...
RoundCube Webmail cross-site request forgery vulnerability
Overview RoundCube Webmail from the RoundCube Project contains a cross-site request forgery vulnerability. RoundCube Webmail is an open source webmail client from the RoundCube Project. RoundCube Webmail contains a cross-site request forgery vulnerability that may allow disclosure of information...
Lhaplus buffer overflow vulnerability
Overview Lhaplus, file compression/decompression software supporting multiple compression file formats, contains a buffer overflow vulnerability. Lhaplus, file compression/decompression software supporting multiple compression file formats, contains a buffer overflow vulnerability. If a user...
Cybozu Office denial of service (DoS) vulnerability
Overview Cybozu Office contains a denial of service DoS vulnerability. Cybozu Office, web-based groupware, is vulnerable to a denial of service DoS attack because it fails to properly handle specially crafted HTTP requests. Impact A remote attacker can cause a denial of service DoS against the...
Multiple Cybozu products vulnerable to cross-site scripting
Overview Multiple Cybozu products are vulnerable to cross-site scripting. Multiple Cybozu products are vulnerable to cross-site scripting. This vulnerability is different from JVN50342989. Impact An arbitrary script can be executed on the user's web browser. Solution Update the Software Apply the...
Google Web Toolkit vulnerable to cross-site scripting
Overview Google Web Toolkit GWT is vulnerable to cross-site scripting. Google Web Toolkit GWT is an open source software development framework that allows web developers to create Ajax applications in Java. The benchmark reporting system in GWT is vulnerable to cross-site scripting. Impact An...
Cross-site scripting in Sun Java System Web Server and Sun Java System Web Proxy Server
Overview Sun Java System Web Server and Sun Java System Web Proxy Server are vulnerable to cross-site scripting. Sun Java System Web Server and Sun Java System Web Proxy Server, which are both web servers, provide a function for a user to view access logs and other records in a web browser. This...
Hitachi JP1/File Transmission Server/FTP Denial of Service Vulnerability
Overview Hitachi JP1/File Transmission Server/FTP does not handle certain FTP command arguments properly, which could trigger Denial of Service DoS incidents. Impact An attacker could cause a Denial of Service DoS condition using the FTP commands with certain file names. Solution Please refer to...
Apache UTF-7 Encoding Cross-Site Scripting Vulnerability
Overview The modautoindex.c module in Apache HTTP Server is vulnerable to a cross-site scripting attack. When the charset on a server-generated page is undefined, the vulnerability allows attackers to inject arbitrary scripts or HTML via the P parameter using the UTF-7 charset. Impact An attacker...
Cosminexus Component Container Session Handling Vulnerability
Overview The session failover function in Cosminexus Component Container may fail to handle session information properly and allow one user's session data to be used as aonther user's session data. Impact A remote attacker could gain unauthorized access to other users' session and obtain sensitiv...
Cosminexus Developer's Kit for Java Buffer Overflow and Denial of Service Vulnerabilities
Overview The image-processing APIs in Cosminexus Developer's Kit for Java is vulnerable to buffer overflow and a Denial od Service DoS. Impact An attacker could cause a Denial of Service DoS or execute arbitrary code. Solution Please refer to the 'Vendor Information' section for official...
Cosminexus javadoc Cross-Site Scripting Vulnerability
Overview The javadoc command of Cosminexus may generate an HTML file that contains cross-site scripting vulnerabilities. Impact An attacker could exploit said HTML file vulnerable to cross-site scripting. Solution Please refer to the 'Vendor Information' section for official remediation and take...
TPBroker Denial of Service Vulnerability
Overview TPBroker Object Transaction Monitor and Cosminexus TPBroker Object Transaction Monitor terminate abnormally when the TSC Domain Manager receives invalid messages. Impact An attacker could cause a Denial of Service DoS condition. Solution Please refer to the 'Vendor Information' section f...
Cosminexus Agent Process Crash Vulnerability
Overview Cosminexus Agent process may crash when Cosminexus Agent receives specially crafted data from a process other than Cosminexus Manager. The crash doesn't affect the running applications launched by Cosminexux Agent. Impact An attacker could crash Cosminexus Agent process. Solution Please...
Safari allows access from HTTP to HTTPS
Overview Apple Safari contains a vulnerability that allows a remote attacker to access HTTPS content via an HTTP session. Safari is a default web browser installed in Mac OS X and iPhone. Safari contains a vulnerability that allows a remote attacker to access web page contents protected by SSL/TL...
Hitachi Web Server SSL Client Authentication Vulnerability
Overview Hitachi Web Server accepts an SSL certificate sent by a clinet trying to connect to the Server even if the certificate is fraudulent. The vulnerability does not affect the product if the SSL authenticaton client feature is disabled. Impact An attacker could gain access with a fraudulent...
Lotus Domino cross-site scripting vulnerability
Overview IBM Lotus Domino contains a cross-site scripting vulnerability. IBM Lotus Domino is server software for Lotus Notes, groupware from IBM. Lotus Domino contains a cross-site scripting vulnerability. Impact An attacker could execute an arbitrary script on the web browser of a user who...
JP1/Cm2/Network Node Manager vulnerable to cross-site scripting
Overview Hitachi JP1/Cm2/Network Node Manager NNM is vulnerable to cross-site scripting. Hitachi JP1/Cm2/Network Node Manager NNM is software that helps a network administrator manage network configurations, faults, and other elements. Hitachi NNM is vulnerable to cross-site scripting. Impact An...
Multiple Cybozu products vulnerable to HTTP header injection
Overview Multiple Cybozu products are vulnerable to HTTP header injection. Multiple Cybozu products are vulnerable to HTTP header injection because they do not properly process HTTP headers. Impact A remote attacker can conduct cache poisoning, send an arbitrary cookie, or execute an arbitrary...
HttpLogger vulnerable to cross-site scripting
Overview KLab HttpLogger is vulnerable to cross-site scripting. Klab HttpLogger is full-text search software for web browser histories. HttpLogger is vulnerable to cross-site scripting. Impact An arbitrary script can be executed on the user's web browser. Solution Update the Software Apply the...
Rainboard cross-site scripting vulnerability
Overview The Rainboard bulletin board software is vulnerable to cross-site scripting. The Rainboard bulletin board software provided by UDON is vulnerable to cross-site scripting. Impact An arbitrary script can be executed on the user's web browser. Solution Update the Software Apply the latest...
Flash Player allows to send arbitrary HTTP headers
Overview Adobe Flash Player contains a vulnerability that could allow a remote attacker to modify HTTP headers of client requests and conduct a HTTP request splitting attack. Adobe Flash Player is a player for the Flash media format and enables frame-based animations with sound to be viewed withi...
Flash Player vulnerable in handling cross-domain policy files
Overview Adobe Flash Player contains a vulnerability caused by improper handling of cross-domain policy files. Adobe Flash Player is a player for the Flash media format and enables frame-based animations with sound to be viewed within a web browser. According to Adobe's "About allowing cross-doma...
WinAce buffer overflow vulnerability
Overview WinAce provided by e-merge GmbH is vulnerable to buffer overflow. WinAce provided by e-merge GmbH is software to compress and decompress files in multiple types of compression format. WinAce is vulnerable to buffer overflow. When WinAce decompresses a specially crafted file, this...
Ichitaro series buffer overflow vulnerability
Overview The "Ichitaro" series word processing software contains a buffer overflow vulnerability. This vulnerability is different from JVN29211062 and JVN32981509. The "Ichitaro" series word processing software, from JustSystems Corporation, contains a buffer overflow vulnerability. If a user ope...
Ichitaro series buffer overflow vulnerability
Overview The "Ichitaro" series word processing software contains a buffer overflow vulnerability. This vulnerability is different from JVN29211062 and JVN50495547. The "Ichitaro" series word processing software, from JustSystems Corporation, contains a buffer overflow vulnerability. If a user ope...
Groupmax Collaboration Schedule Information Disclosure Vulnerability
Overview The Schedule component in Groupmax Collaboration contains an information disclosure vulnerability where non-disclosable information can be displayed on a schedule portlet. Impact Unintended information diasclosure could occur, which an attacker could exploit for further attack. Solution...
Hitachi JP1/File Transmission Server/FTP Authentication Bypass Vulnerability
Overview Hitachi JP1/File Transmission Server/FTP contains a vulnerability which could be exploited to bypass authentication. Impact An attacker could view the files in a certain directory. Solution Please refer to the 'Vendor Information' section for official remediation and take appropriate...
SonicStage CP buffer overflow vulnerability
Overview SonicStage CP is vulnerable to buffer overflow. Sony SonicStage CP is software for music management. SonicStage CP contains a vulnerability that can be exploited to cause a buffer overflow when importing a specially crafted playlist file with the .m3u extension. Impact Importing a...
Cross-site scripting vulnerability in Apache HTTP Server "mod_imap" and "mod_imagemap"
Overview modimap and modimagemap modules of the Apache HTTP Server are vulnerable to cross-site scripting. The Apache HTTP Server is open source web server software. The Apache HTTP Server modules modimap and modimagemap provide server-side imagemap processing capability. The Apache HTTP Server...
AirStation series and BroadStation series vulnerable to cross-site request forgery
Overview Buffalo's AirStation Series and BroadStation Series routers are vulnerable to cross-site request forgery. Buffalo's AirStation series and BroadStation series routers have a web administration interface that can be accessed from a web browser to configure their functional settings. The we...
GreaseKit and Creammonkey allows execution of userscript functions
Overview GreaseKit and Creammonkey contains a vulnerability that can be exploited to execute functions for userscripts. GreaseKit and Creammonkey are plugins that enable user scripting to Safari and other Apple Webkit applications, and they provide APIs callable only from userscripts. GreaseKit a...
Cosminexus Application Server Incorrect Group Permission Handling Vulnerability
Overview When a logical J2EE server or logical user server is started from Cosminexus Manager in Cosminexus Application Server, Cosminexus Manager may assign the wrong user's group permissions to an activated server process. Impact An attacker could exploit the vulnerability to obtain...
Cross-site scripting vulnerability in updir.php in UPDIR.NET
Overview updir.php in UPDIR.NET contains a cross-site scripting vulnerability in the full-text search and file upload functions. updir.php from UPDIR.NET is software for publishing and managing image files, etc. on web servers. By installing updir.php on a web server, users are able to upload ima...
FileMaker cross-site scripting vulnerability
Overview FileMaker from FileMaker, Inc. contains a cross-site scripting vulnerability. FileMaker is database software from FileMaker, Inc. FileMaker contains a cross-site scripting vulnerability in its "Instant Web Publishing" function that enables users to publish database contents on the web...
Feed2JS cross-site scripting vulnerability
Overview Feed2JS Feed to JavaScript, an open source web application, contains a cross-site scripting vulnerability. Feed2JS Feed to JavaScript is an open source web application which converts RSS feeds into JavaScript. Feed2JS contains a cross-site scripting vulnerability. Impact An attacker coul...
Multiple Cybozu products vulnerable to cross-site scripting
Overview Multiple Cybozu products are vulnerable to cross-site scripting. Multiple Cybozu products are vulnerable to cross-site scripting. This vulnerability is different from JVN90712589. Impact An arbitrary script can be executed on the user's web browser. Solution Update the Software Apply the...
Ichitaro series buffer overflow vulnerability
Overview The "Ichitaro" series word processing software contains a buffer overflow vulnerability. This vulnerability is different from JVN32981509 and JVN50495547. The "Ichitaro" series word processing software, from JustSystems Corporation, contains a buffer overflow vulnerability. If a user ope...
JP1/Cm2/Network Node Manager Arbitrary Code Execution Vulnerability
Overview Shared Trace Service in JP1/Cm2/Network Node Manager NNM is vulnerable to arbitrary code execution. Impact An attacker could execute arbitrary code. Solution Please refer to the 'Vendor Information' section for the vendor recommended workaround...
Fresh Reader RSS feed cross-site scripting vulnerability
Overview Fresh Reader from sidefeed, Inc. is a server-side web application that manages RSS information. Fresh Reader contains an RSS feed cross-site scripting vulnerability. Impact An arbitrary script could be executed on the web browser of a Fresh Reader user. Solution None...
CGI RESCUE WebFORM missing mail content vulnerability
Overview WebFORM from CGI RESCUE is software that enables the emailing of contents of an HTML form. A vulnerability exists in WebFORM. By entering a particular string in the message body, a message missing sender information could be sent. Impact Some part of the sender information in the message...
Sleipnir RSS bar vulnerable in handling RSS data in an inappropriate security zone
Overview Sleipnir is a tabbed web browser developed in Japan by Fenrir & Co. Sleipnir RSS bar contains a vulnerability that RSS data is handled in an inappropriate security zone My Computer zone. Impact An arbitrary script could be executed in an inappropriate security zone. Solution None...
MODx cross-site scripting vulnerability
Overview MODxl, an open source content management system, contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. If session information from a cookie is leaked, an attacker could possibly conduct session hijacking. Solution None...
Sage vulnerable to arbitrary script execution
Overview Sage is an RSS and Atom feed reader extension for Mozilla Firefox. If a malicious script is embedded in an RSS feed, Sage does not properly handle the data, which may allow an arbitrary script to be executed on a user's web browser. Impact An arbitrary script may be executed on Mozilla...
ColdFusion cross-site scripting vulnerability
Overview ColdFusion, web application development software from Adobe, contains a cross-site scripting vulnerability. According to the statements from the developer, this vulnerability does not arise when the "Enable Global Script Protection" setting is turned on. This vulnerability is different...
MailDwarf cross-site scripting vulnerability
Overview MailDwarf is a mail form CGI provided by HTML Dwarf. MailDwarf contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution...
open-gorotto cross-site scripting vulnerability
Overview open-gorotto, open source software to create members-only community sites, contains a cross-site scripting vulnerability, as it does not properly handle output of usernames. Impact An arbitrary script may be executed on the user's web browser. If session information from a cookie is...
Lunascape RSS reader arbitrary script execution vulnerability
Overview A vulnerability exists in the web browser Lunascape's RSS reader. An arbitrary script embedded in RSS feeds could be executed as the output of RSS information is not properly handled. Impact Arbitrary JavaScript could be executed within Lunascape's RSS reader. Solution None...
Homepage Builder sample CGI programs vulnerable to OS command injection
Overview Some of the CGI sample programs included in Homepage Builder provided by IBM Japan contains a vulnerability which may allow an attacker to inject an arbitrary OS command. According to the vendor, it is confirmed that vulnerable CGI sample programs are not included in the demo versions of...