5625 matches found
ADPLAN cross-site scripting vulnerability
Overview ADPLAN Version 3, web access measurement software provided by Opt, Inc., contains a cross-site scripting vulnerability in the SEO search engine optimization module. ADPLAN Version 3, web access measurement software provided by Opt, Inc., contains a cross-site scripting vulnerability in t...
Meneame cross-site scripting vulnerability
Overview Meneame, an open source social bookmark system, contains a cross-site scripting vulnerability. Meneame, an open-source web application to build social bookmark systems, contains a cross-site scripting vulnerability, as it does not properly handle output data. Impact A remote attacker cou...
dotProject cross-site scripting vulnerability
Overview dotProject, an open source project management tool, contains a cross-site scripting vulnerability. This vulnerability is different from JVN97636431. Impact An arbitrary script may be executed on the user's web browser. In particular, if session information from a cookie is leaked, sessio...
Apache Tomcat sample web application cross-site scripting vulnerability
Overview Apache Tomcat, from the Apache Software Foundation, contains a cross-site scripting vulnerability in its sample program. Apache Tomcat from the Apache Software Foundation is an implementation of the Java Servlet and JavaServer Page JSP technologies. jsp-examples, a sample web application...
RaidenHTTPD cross-site scripting vulnerability
Overview RaidenHTTPD, from Sonei Information Systems TEAM JOHNLONG, contains a cross-site scripting vulnerability. RaidenHTTPD is a multipurpose web server for Windows provided by TEAM JOHNLONG. RaidenHTTPD contains a cross-site scripting vulnerability. Impact Arbitrary code could be executed on...
Aruba Mobility Controller Series cross-site scripting vulnerability
Overview Aruba Mobility Controller series, switch products from Aruba Networks, contain a cross-site scripting vulnerability. Aruba Mobility Controller series, switch products from Aruba Networks, contain a cross-site scripting vulnerability in the login page to the web management screens. Impact...
Safari URL spoofing vulnerability
Overview Apple's Safari contains a vulnerability that allows spoofing of URLs in the address bar. Apple's Safari is a web browser installed as default with Mac OS X. There is a problem in Safari where URLs displayed in the address bar could be spoofed to deceive Safari users. This could be...
WebCart cross-site scripting vulnerability
Overview WebCart, provided by CGI's, contains a cross-site scripting vulnerability. WebCart provided by CGI's is shopping cart software. WebCart's management interface contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution...
Shopping Basket Pro directory traversal vulnerability
Overview A directory traversal vulnerability exists in Shopping Basket Pro from CGI RESCUE. Shopping Basket Pro from CGI RESCUE is shopping cart software. A directory traversal vulnerability exists in Shopping Basket Pro. Impact A remote attacker could obtain a list of the file and directory name...
Fuktommy.com httpd.pl included in its HTML preprocessor vulnerable in allowing an attacker to view arbitrary CGI source code
Overview Fuktommy.com httpd.pl included in its HTML preprocessor contains a vulnerability which may allow an attacker to view arbitrary CGI source code. Fuktommy.com httpd.pl included in its HTML preprocessor is an open source web server. It contains a vulnerability which may allow an attacker to...
Fingerprint Authentication Software for Sony Pocket Bit installs hidden folders and files
Overview Fingerprint Authentication Software for Sony Pocket Bit installs hidden folders and files, that is, the folders and files are not visible using ordinary system tools. Some models of Sony Pocket Bit series contain Fingerprint Authentication Software. Fingerprint Authentication Software...
DeleGate DNS Message Decompression Denial of Service Vulnerability
Overview DNS implementation in DeleGate does not handle a compressed DNS packet properly, which could cause an infinite loop. Note that some other DNS packet processing systems have the issues related to this vulnerability. For more information on those systems, please refer to NISCC-589088 JVN a...
Vulnerability in multiple web browsers allowing request spoofing attacks
Overview Multiple web browsers contain a vulnerability in the processing of XmlHttpRequest objects. XmlHttpRequest objects available in JavaScript provide a function to communicate with a server without reloading a web page. In general, JavaScript only allows communication within the same domain ...
Ruby XMLRPC Arbitrary Command Execution Vulnerability
Overview utils.rb in The Ruby XMLRPC server sets an insecure default value for the publicinstancemethods function, which could cause the highly privileged function to be exposed. Impact An attacker could execute arbitrary command on the system running Ruby XMLRPC. Solution Please refer to the...
Webmin and Usermin authentication bypass vulnerability
Overview Webmin and Usermin, web-based system management tools for UNIX, contain a vulnerability which may allow a remote attacker to bypass authentication when PAM authentication is used. Impact A remote attacker could bypass Webmin and Usermin's authentication, and execute an arbitrary command...
Fujitsu Java Runtime Environment reflection API vulnerability
Overview A vulnerability exists in the reflection API in the Java Runtime Environment that may allow a Java applet to elevate its privileges bypassing its security restrictions. This problem was reported by Sun Microsystems as a vulnerability in Java Runtime Environment. Fujitsu's product is...
Tsuru-Kame Mail vulnerable in S/MIME signature verification
Overview Tsuru-Kame Mail contains the following vulnerabilities in the S/MIME signature verification: - S/MIME signature verification does not verify the certification path. - S/MIME signature verification does not verify the certification expiration date. The name of the software "Tsuru-Kame Mai...
Website connection problem when a mobile phone terminal uses specific QR code
Overview Mobile phone terminals supporting the two-dimensional code QR code read function are reported to have a website connection problem. When specific QR code is read, even if a user tries to connect to the URL string in the first line of the two URL lines displayed, the connection is...
Norton AntiVirus causes abnormal OS termination when scanning illegal files
Overview Symantec Norton AntiVirus 2004 and 2005 contain a vulnerability that causes an abnormal operating system termination of a computer, when their real-time scan feature is enabled and examining a file with a specially crafted file header. Impact An attacker could cause an abnormal OS...
Norton AntiVirus causes abnormal OS termination when a user edits a shared network file
Overview Symantec Norton AntiVirus 2005 contains a vulnerability which could cause abnormal OS termination if a user running the vulnerable Norton AntiVirus edits a file in the shared network folder if "SmartScan" is chosen in the "Which file types to scan for viruses" setting. Impact When a file...
Virus Security heap overflow vulnerability
Overview SourceNext Virus Security has a problem in the email processing. It is affected by a heap overflow vulnerability when receiving specially crafted emails. Impact A remote attacker may cause a denial of service and execute arbitrary code with the Local System privilege. Solution None...
WebUD arbitrary program execution vulnerability
Overview WebUD, a web accessibility support tool, contains a vulnerability in its components that are automatically executed on it, which may allow execution of arbitrary code when a user accesses a malicious website. Impact A remote attacker could execute an arbitrary program, or read or overwri...
Wiki clone cross-site scripting vulnerability
Overview Some Wiki clones contain a vulnerability which could lead to cross-site scripting in their file attachment function. This could allow an attacker to execute an arbitrary script on the browser of a Wiki user. Impact An arbitrary script may be executed on the browser of the user who viewed...
Virus Security memory leak vulnerability
Overview SourceNext Virus Security has a problem in processing a specially crafted email. When the email has a virus as an attachment and Virus Security detects that virus, memory leak occurs. Impact A remote attacker may conduct a denial of service DoS attack. Solution None...
tDiary cross-site request forgery vulnerability
Overview tDiary, a weblog system from the tDiary development project, contains a cross-site request forgery CSRF vulnerability. Impact If a user loads a malicious web page, an attacker could alter or delete the diary text or alter tDiary configurations. In addition, a remote attacker could execut...
WirelessIP5000 has multiple vulnerabilities
Overview WirelessIP5000, a wireless IP phone from Hitachi Cable, contains multiple vulnerabilities; - Illegal access using the port TCP3390 - SNMP access using an arbitrary community name - Access to the HTTP server by an unauthorized user in the factory default configuration - The HTTP server...
FreeStyleWiki command injection vulnerability
Overview A cross-site scripting vulnerability exists in FreeStyleWiki's web management interface. Impact A user having FreeStyleWiki administrative privileges but with no web server administrative privileges could execute arbitrary code with privileges to execute CGI on the web server. Solution N...
Hyper NIKKI System cross-site request forgery vulnerability
Overview Hyper NIKKI System hns, a weblog system from the Hyper NIKKI System Project, contains a cross-site request forgery CSRF vulnerability. Impact If a weblog administrator accesses a malicious web page, an attacker could add, alter, or delete the weblog text. If the weblog text is successful...
Multiple vulnerabilities in FreeStyleWiki including cross-site scripting
Overview FreeStyleWiki contains a cross-site scripting and a cross-site request forgery vulnerabilities. The cross-site scripting vulnerability could allow a remote attacker to create a web page containing a malicious script. The cross-site request forgery vulnerability could allow a remote...
BBSNote cross-site scripting vulnerability
Overview BBSNote, CGI bulletin board script, contains a cross-site scripting vulnerability due to improper handling of CGI arguments. Impact A malicious script may be executed on the user's web browser. Solution None...
Tomcat vulnerable in request processing
Overview Apache Tomcat, an implementation of the Java Servlet and JavaServer Pages technologies, contains a vulnerability in processing specific requests. To avoid this vulnerability, use the connectors other than AJP 1.3 Connector when connecting Apache Tomcat to a web server. Apache Tomcat...
Lha Directory Traversal Vulnerability in Testing and Extracting Process
Overview LHa for UNIX is vulnerable to directory traversal due to improper path validation when testing or extracting an archive. Impact An attacker could bypass access restriction and create arbitrary files in the directories for which he has no permission. Solution Please refer to the 'Vendor...
LHA Arbitrary Command Execution Vulnerability with Shell Metacharacter in Directory Name
Overview LHA is vulnerable to arbitrary command execution due to improper handling of directory names cantaining shell metacharacters. Impact An remote attacker could execute arbitrary command. Solution Please refer to the 'Vendor Information' section for official remediation and take appropriate...
LHa Vuffer Overflow Vulnerability in Testing and Extracting Process
Overview LHa for UNIX does not handle the header length information properly when testing or extracting an archive, which could lead to buffer overflow. Impact An attacker could execute arbitrary code with the privilege of the user running LHa. Solution Please refer to the 'Vendor Information'...
Ruby cgi.rb Denial of Service Vulnerability
Overview Ruby cgi.rb enters an infinite loop which leads it into Ddenial of Service DoS due to improper input validation. Impact An attacker could cause a Denial of Service DoS onto the systems. Solution Please refer to the 'Vendor Information' section for official remediation and take appropriat...
DeleGate Multiple Buffer Overflow Vulnerabilities
Overview DeleGate suffers buffer overflow when scanf, strncpy and other string handling process are set to fail with a long string sent by proxy. Impact An attacker could execute arbitrary code with the privileges of the user running DeleGate. Solution Please refer to the 'Vendor Information'...
KAME Racoon eay_check_x509cert Improper Certificate Verification Vulnerability
Overview eaycheckx509cert in Racoon successfully verifies certificates even when OpenSSL validation fails, which could allow remote attackers to bypass authentication. Impact An attacker could bypass IKE authentication using invalid X.509 cerfiticates. Solution Please refer to the 'Vendor...
Becky! Internet Mail vulnerability in S/MIME signature verification
Overview Becky! Internet Mail contains the following vulnerabilities in the S/MIME signature verification: - S/MIME signature verification does not verify the certification path. - S/MIME signature verification does not verify the certification expiration date. Impact Even if a recipient receives...
DeleGate SSLway Filter Buffer Overflow Vulnerability
Overview Delegate SSLway Filter contains a buffer overflow vulnerability which stems from lack of memory space to handle SSL certificates. Impact An attacker could execute arbitrary code with the privileges of the user running DeleGate. Solution Please refer to the 'Vendor Information' and...
Virus Buster Corporate Edition vulnerability
Overview Virus Buster Corporate Edition contains a vulnerability which may allow an attacker to view the OPP.ini file Outbreak Prevent Policy configuration file, when a specific URL is entered to the management console. Impact An attacker could distrubute viruses that sneak through the policy by...
Shuriken Pro3 S/MIME signature verification does not verify the From address
Overview Shuriken Pro3 contains a vulnerability in the S/MIME signature verification where the From address is not verified properly. Impact A user can not notice a forged message when it is signed with a proper digital signature and the From address is forged, because the software does not alert...
DNS cache servers resource consumption by TCP SYN_SENT states
Overview DNS cache servers consume huge resources for communication with DNS authoritative servers in the following situation. 1 a user sends a query to the DNS cache server 2 the DNS cache server sends a UDP query to an authoritative server 3 when the authoritative server finds that the reply...
Fujitsu Java Runtime Environment reflection API vulnerability
Overview A vulnerability exists in the reflection API in the Java Runtime Environment that may allow a Java applet to elevate its privileges bypassing its security restrictions. This problem was reported by Sun Microsystems as a vulnerability in Java Runtime Environment. Fujitsu's product is...
Ruby XMLRPC Server Denial of Service Vulnerability
Overview The User-level thread supported in Ruby does not switch while writing to a socket. This in turn blocks all subsequent procrsses when specially crafted requests are sent to the Web server and could result in a denial of service. Impact An attacker could cause a Denial of Service DoS...
mod_imap cross-site scripting vulnerability
Overview The "modimap" and "modimagemap" modules of the Apache HTTP Server are used for implementing server-side image map processing. modimap and modimagemap are affected by a cross-site scripting vulnerability when referer values are used in an image map in such a way that they do not handle...
McAfee VirusScan Engine buffer overflow vulnerability
Overview McAfee VirusScan Engine contains a buffer overflow vulnerability. Impact A buffer overflow may occur when scanning a malformed LHA file. Solution None...
Buffalo router configuration management interface vulnerable to remote access and password leakage
Overview Some Buffalo routers have a vulnerability that could allow remote access from the WAN side. A remote attacker could exploit this vulnerability to manipulate a router by gaining administrative privileges. By accessing the management interface, a remote attacker could also obtain user's...
Movable Type session management vulnerability
Overview Movable Type, a web log system from Six Apart KK, contains a vulnerability which could allow a remote attacker to gain illegal access. Impact A remote attacker could freely manipulate a web log by posting or deleting blog entries. Solution None...
SFS cross-site scripting vulnerability
Overview A cross-site scripting vulnerability exists in SFS Server-type Filtering System provided by the New Media Development Association. Impact When SFS is used for web browsing and a browsing request is filtered, an arbitrary script could be executed on the user's web browser. This may allow ...
Inappropriate interpretation of mailto URL scheme by mail client software
Overview The mailto URL scheme is used to designate the Internet email address on a web page. Specifying an email address and body text using the mailto URL scheme gives a template for a mail message. Many mail clients have a function to set a field specified by the mailto URL scheme in a mail...