5625 matches found
WebUD arbitrary program execution vulnerability
Overview WebUD, a web accessibility support tool, contains a vulnerability in its components that are automatically executed on it, which may allow execution of arbitrary code when a user accesses a malicious website. Impact A remote attacker could execute an arbitrary program, or read or overwri...
Inappropriate interpretation of mailto URL scheme by mail client software
Overview The mailto URL scheme is used to designate the Internet email address on a web page. Specifying an email address and body text using the mailto URL scheme gives a template for a mail message. Many mail clients have a function to set a field specified by the mailto URL scheme in a mail...
tDiary cross-site request forgery vulnerability
Overview tDiary, a weblog system from the tDiary development project, contains a cross-site request forgery CSRF vulnerability. Impact If a user loads a malicious web page, an attacker could alter or delete the diary text or alter tDiary configurations. In addition, a remote attacker could execut...
QRcode Perl CGI & PHP script vulnerable to denial of service attack
Overview QRcode Perl CGI & PHP script, a QR code image generation tool, contains a vulnerability that may cause excessive consumption of server resources. Upon a specific request, resources of a server could be excessively comsumed until the server becomes unable to respond to requests from...
WirelessIP5000 has multiple vulnerabilities
Overview WirelessIP5000, a wireless IP phone from Hitachi Cable, contains multiple vulnerabilities; - Illegal access using the port TCP3390 - SNMP access using an arbitrary community name - Access to the HTTP server by an unauthorized user in the factory default configuration - The HTTP server...
Cross-site scripting vulnerability in the Unicode version of msearch
Overview The Unicode version of msearch, a full text search engine for websites, contains a cross-site scripting vulnerability. This problem is caused by a function added to the Unicode version of msearch. Impact A malicious script may be executed on the user's web browser. Solution None...
WebNote Clip vulnerable to OS command injection
Overview WebNote Clip is CGI software to create bulletin boards, calendars, reports, and diaries. WebNote Clip contains an OS command injection vulnerability as it does not validate inputs properly. Impact An attacker could execute an arbitrary OS command on the server with WebNote Clip installed...
Opera bookmark function vulnerability
Overview Opera Software ASA's Opera Web Browser contains a vulnerability that may cause a crash upon next startup if a specially crafted web page is registered in the bookmark. Impact An user cannot start Opera Web Browser because it crashes during startup. Solution None...
nProtect Netizen has multiple vulnerabilities
Overview nProtect Netizen contains multiple vulnerabilities. - It may fetch update files from an arbitrary site - It may download and save malicious files - It may cause an abnormal web browser termination Impact A remote attacker could lead a user to save a malicious file to the local storage an...
Apache Tomcat denial of service vulnerability
Overview Apache Tomcat is an implementation of the Java Servlet and JavaServer Pages technologies. Apache Tomcat contains a vulnerability that may allow a remote attacker to cause a denial of service DoS. Impact A remote attacker may cause a denial of service DoS. Solution...
Sylpheed Filename Buffer Overflow Vulnerability
Overview Sylpheed contains a buffer overflow vulnerability exploitable via attachements with MIME-encoded filename. Impact An attacker could execute arbitrary code with the privileges of the user running Sylpheed. Solution Please refer to the 'Vendor Information' and 'References' section for...
DeleGate DNS Message Decompression Denial of Service Vulnerability
Overview DNS implementation in DeleGate does not handle a compressed DNS packet properly, which could cause an infinite loop. Note that some other DNS packet processing systems have the issues related to this vulnerability. For more information on those systems, please refer to NISCC-589088 JVN a...
Sylpheed Email Header Buffer Overflow Vulnerability with non-ASCII Characters
Overview Sylpheed does not validate input data properly, which could lead to buffer overflow when it receives a message with the header containing non-ASCII characters. Impact An Attacker could execute arbitrary code with the privileges of the user running Sylpheed. Solution Please refer to the...
Ruby XMLRPC Arbitrary Command Execution Vulnerability
Overview utils.rb in The Ruby XMLRPC server sets an insecure default value for the publicinstancemethods function, which could cause the highly privileged function to be exposed. Impact An attacker could execute arbitrary command on the system running Ruby XMLRPC. Solution Please refer to the...
Vulnerability in multiple web browsers allowing request spoofing attacks
Overview Multiple web browsers contain a vulnerability in the processing of XmlHttpRequest objects. XmlHttpRequest objects available in JavaScript provide a function to communicate with a server without reloading a web page. In general, JavaScript only allows communication within the same domain ...
Webmin and Usermin authentication bypass vulnerability
Overview Webmin and Usermin, web-based system management tools for UNIX, contain a vulnerability which may allow a remote attacker to bypass authentication when PAM authentication is used. Impact A remote attacker could bypass Webmin and Usermin's authentication, and execute an arbitrary command...
OpenSSL version rollback vulnerability
Overview OpenSSL from OpenSSL Project contains a version rollback vulnerability. If a specific option is used on a server running OpenSSL, an attacker can force the client and the server to negotiate the SSL 2.0 protocol even if these parties both request TLS 1.0 protocol by crafting an attack on...
Ruby XMLRPC Server Denial of Service Vulnerability
Overview The User-level thread supported in Ruby does not switch while writing to a socket. This in turn blocks all subsequent procrsses when specially crafted requests are sent to the Web server and could result in a denial of service. Impact An attacker could cause a Denial of Service DoS...
Ruby vulnerability allowing to bypass safe level 4 as a sandbox
Overview Ruby is a object-oriented scripting language that supports execution of untrusted code with two mechanisms: "object taint" and "safe level". Ruby contains a vulnerability that may allow an attacker to execute an arbitrary script by bypassing the "safe level" checks. Impact An attacker...
Fujitsu Java Runtime Environment reflection API vulnerability
Overview A vulnerability exists in the reflection API in the Java Runtime Environment that may allow a Java applet to elevate its privileges bypassing its security restrictions. This problem was reported by Sun Microsystems as a vulnerability in Java Runtime Environment. Fujitsu's product is...
mod_imap cross-site scripting vulnerability
Overview The "modimap" and "modimagemap" modules of the Apache HTTP Server are used for implementing server-side image map processing. modimap and modimagemap are affected by a cross-site scripting vulnerability when referer values are used in an image map in such a way that they do not handle...
Tsuru-Kame Mail vulnerable in S/MIME signature verification
Overview Tsuru-Kame Mail contains the following vulnerabilities in the S/MIME signature verification: - S/MIME signature verification does not verify the certification path. - S/MIME signature verification does not verify the certification expiration date. The name of the software "Tsuru-Kame Mai...
msearch directory traversal vulnerability
Overview msearch, a full-text search engine for web sites, contains a directory traversal vulnerability when used on Windows and Linux servers. Impact A remote attacker could view msearch configuration files, index files, and other files written in the same format as these files. Solution None...
Norton AntiVirus causes abnormal OS termination when a user edits a shared network file
Overview Symantec Norton AntiVirus 2005 contains a vulnerability which could cause abnormal OS termination if a user running the vulnerable Norton AntiVirus edits a file in the shared network folder if "SmartScan" is chosen in the "Which file types to scan for viruses" setting. Impact When a file...
Buffalo router configuration management interface vulnerable to remote access and password leakage
Overview Some Buffalo routers have a vulnerability that could allow remote access from the WAN side. A remote attacker could exploit this vulnerability to manipulate a router by gaining administrative privileges. By accessing the management interface, a remote attacker could also obtain user's...
Movable Type session management vulnerability
Overview Movable Type, a web log system from Six Apart KK, contains a vulnerability which could allow a remote attacker to gain illegal access. Impact A remote attacker could freely manipulate a web log by posting or deleting blog entries. Solution None...
SFS cross-site scripting vulnerability
Overview A cross-site scripting vulnerability exists in SFS Server-type Filtering System provided by the New Media Development Association. Impact When SFS is used for web browsing and a browsing request is filtered, an arbitrary script could be executed on the user's web browser. This may allow ...
Vulnerability involving security zone handling in applications using Internet Explorer components
Overview Internet Explorer IE components apply different security levels for web content processing depending on the location zone of the web content. As a result, web content on the Internet is processed in the "Internet" zone with a higher security level than that set for web content in the...
Hiki cross-site scripting vulnerability
Overview Hiki, a Wiki clone from the Hiki development team, contains a cross-site scripting vulnerability. Impact A remote attacker could create a content containing attacking code and take over a session by stealing the session ID of the user who logged into the system. If the user logged into t...
Common Management Agent 3.x vulnerable to information leakage
Overview Common Management Agent used in ePolicy Orchestrator and ProtectionPilot has a problem in directory access right setting which allows an attacker to obtain or view a list of files. Impact A remote attacker could view files. Solution None...
Pochy denial-of-service (DoS) vulnerability
Overview Pochy, email client software operating in the Microsoft Windows environment, contains a vulnerability that may cause the processing to stop while the CPU load is high and a denial-of-service DoS after receiving a specific string. Impact A remote attacker could exploit this vulnerability ...
FreeStyleWiki command injection vulnerability
Overview A cross-site scripting vulnerability exists in FreeStyleWiki's web management interface. Impact A user having FreeStyleWiki administrative privileges but with no web server administrative privileges could execute arbitrary code with privileges to execute CGI on the web server. Solution N...
Kent Web PostMail vulnerable to third party mail relay
Overview Kent Web PostMail, form mail software that enables sending email from web pages, contains a vulnerability which may allow the third party to relay mail as it does not properly check input. Impact An attacker could possibly compromise the mail server to send an unsolicited email. Solution...
MitakeSearch cross-site scripting vulnerability
Overview MitakeSearch, a fulltext search system from Hewlett-Packard Japan, contains a cross-site scripting vulnerability due to improper validation of input character strings in the ranking CGI script file, ranking.pl. Impact A malicious script may be executed on the user's web browser. Solution...
Problem with referer header handling on mobile phone web browsers
Overview We have confirmed that web browser products from Openwave Systems Inc. used for the Internet connection service for mobile phones have a problem in its function of sending referer information under certain circumstances. This problem has been reported for KDDI's au mobile phones. KDDI,...
Tomcat vulnerable in request processing
Overview Apache Tomcat, an implementation of the Java Servlet and JavaServer Pages technologies, contains a vulnerability in processing specific requests. To avoid this vulnerability, use the connectors other than AJP 1.3 Connector when connecting Apache Tomcat to a web server. Apache Tomcat...
XOOPS cross-site scripting vulnerability
Overview XOOPS is an open source web content management system implemented in PHP. XOOPS itself and its forum modules have multiple vulnerabilities in validating private messages and forum articles. Impact A remote attacker may upload a script to be executed by a user reading a private message or...
Fujitsu Java Runtime Environment reflection API vulnerability
Overview A vulnerability exists in the reflection API in the Java Runtime Environment that may allow a Java applet to elevate its privileges bypassing its security restrictions. This problem was reported by Sun Microsystems as a vulnerability in Java Runtime Environment. Fujitsu's product is...
ppBlog cross-site scripting vulnerability
Overview ppBlog, a weblog program written in PHP, contains a cross-site scripting vulnerability in its search form. Impact A remote attacker could execute a malicious script. Solution...
McAfee VirusScan Engine buffer overflow vulnerability
Overview McAfee VirusScan Engine contains a buffer overflow vulnerability. Impact A buffer overflow may occur when scanning a malformed LHA file. Solution None...
Virus Security heap overflow vulnerability
Overview SourceNext Virus Security has a problem in the email processing. It is affected by a heap overflow vulnerability when receiving specially crafted emails. Impact A remote attacker may cause a denial of service and execute arbitrary code with the Local System privilege. Solution None...
Virus Security memory leak vulnerability
Overview SourceNext Virus Security has a problem in processing a specially crafted email. When the email has a virus as an attachment and Virus Security detects that virus, memory leak occurs. Impact A remote attacker may conduct a denial of service DoS attack. Solution None...
Wiki clone cross-site scripting vulnerability
Overview Some Wiki clones contain a vulnerability which could lead to cross-site scripting in their file attachment function. This could allow an attacker to execute an arbitrary script on the browser of a Wiki user. Impact An arbitrary script may be executed on the browser of the user who viewed...
desknet's cross-site scripting vulnerability
Overview If a user views HTML email containing a malicious script, it could be executed. This problem allows execution of script having patterns other than those addressed in JVNF88C2C13 additional information to JVN89DE2014. Impact lf a login ID, password, or session information is leaked, an...
Java Cryptography Extension 1.2.1 (JCE 1.2.1) will no longer function properly after July 28, 2005 due to the expiration of its digital certificate
Overview The digital certificate that was used to sign jar files in the Java Cryptography Extension JCE 1.2.1 expires on July 28, 2005. JCE 1.2.1 limits program behaviors after the expiration of the digital certificate. As a result, specific methods of JCE 1.2.1 will no longer work properly after...
Hiki cross-site scripting vulnerability
Overview Hiki, a Wiki clone from the Hiki development team, contains a cross-site scripting vulnerability. Impact A remote attacker could create a content containing attacking code and take over a session by stealing the session ID of the user who logged into the system. If the user logged into t...
WirelessIP5000 has multiple vulnerabilities
Overview WirelessIP5000, a wireless IP phone from Hitachi Cable, contains multiple vulnerabilities; - Illegal access using the port TCP3390 - SNMP access using an arbitrary community name - Access to the HTTP server by an unauthorized user in the factory default configuration - The HTTP server...
WirelessIP5000 has multiple vulnerabilities
Overview WirelessIP5000, a wireless IP phone from Hitachi Cable, contains multiple vulnerabilities; - Illegal access using the port TCP3390 - SNMP access using an arbitrary community name - Access to the HTTP server by an unauthorized user in the factory default configuration - The HTTP server...
WirelessIP5000 has multiple vulnerabilities
Overview WirelessIP5000, a wireless IP phone from Hitachi Cable, contains multiple vulnerabilities; - Illegal access using the port TCP3390 - SNMP access using an arbitrary community name - Access to the HTTP server by an unauthorized user in the factory default configuration - The HTTP server...
Hyper NIKKI System cross-site request forgery vulnerability
Overview Hyper NIKKI System hns, a weblog system from the Hyper NIKKI System Project, contains a cross-site request forgery CSRF vulnerability. Impact If a weblog administrator accesses a malicious web page, an attacker could add, alter, or delete the weblog text. If the weblog text is successful...