Lucene search
K

5625 matches found

Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•1 views

WebUD arbitrary program execution vulnerability

Overview WebUD, a web accessibility support tool, contains a vulnerability in its components that are automatically executed on it, which may allow execution of arbitrary code when a user accesses a malicious website. Impact A remote attacker could execute an arbitrary program, or read or overwri...

6.8CVSS7.6AI score
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•5 views

Inappropriate interpretation of mailto URL scheme by mail client software

Overview The mailto URL scheme is used to designate the Internet email address on a web page. Specifying an email address and body text using the mailto URL scheme gives a template for a mail message. Many mail clients have a function to set a field specified by the mailto URL scheme in a mail...

4.3CVSS6.7AI score
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•1 views

tDiary cross-site request forgery vulnerability

Overview tDiary, a weblog system from the tDiary development project, contains a cross-site request forgery CSRF vulnerability. Impact If a user loads a malicious web page, an attacker could alter or delete the diary text or alter tDiary configurations. In addition, a remote attacker could execut...

5.1CVSS7AI score0.01911EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•1 views

QRcode Perl CGI & PHP script vulnerable to denial of service attack

Overview QRcode Perl CGI & PHP script, a QR code image generation tool, contains a vulnerability that may cause excessive consumption of server resources. Upon a specific request, resources of a server could be excessively comsumed until the server becomes unable to respond to requests from...

5CVSS7AI score
Exploits0References3
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•6 views

WirelessIP5000 has multiple vulnerabilities

Overview WirelessIP5000, a wireless IP phone from Hitachi Cable, contains multiple vulnerabilities; - Illegal access using the port TCP3390 - SNMP access using an arbitrary community name - Access to the HTTP server by an unauthorized user in the factory default configuration - The HTTP server...

7.5CVSS7AI score0.0115EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•3 views

Cross-site scripting vulnerability in the Unicode version of msearch

Overview The Unicode version of msearch, a full text search engine for websites, contains a cross-site scripting vulnerability. This problem is caused by a function added to the Unicode version of msearch. Impact A malicious script may be executed on the user's web browser. Solution None...

4.3CVSS6.2AI score0.00948EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•1 views

WebNote Clip vulnerable to OS command injection

Overview WebNote Clip is CGI software to create bulletin boards, calendars, reports, and diaries. WebNote Clip contains an OS command injection vulnerability as it does not validate inputs properly. Impact An attacker could execute an arbitrary OS command on the server with WebNote Clip installed...

7.5CVSS7.8AI score
Exploits0References3
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•2 views

Opera bookmark function vulnerability

Overview Opera Software ASA's Opera Web Browser contains a vulnerability that may cause a crash upon next startup if a specially crafted web page is registered in the bookmark. Impact An user cannot start Opera Web Browser because it crashes during startup. Solution None...

5CVSS6.8AI score0.03284EPSS
Exploits1References9
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•3 views

nProtect Netizen has multiple vulnerabilities

Overview nProtect Netizen contains multiple vulnerabilities. - It may fetch update files from an arbitrary site - It may download and save malicious files - It may cause an abnormal web browser termination Impact A remote attacker could lead a user to save a malicious file to the local storage an...

4.3CVSS7AI score0.01019EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•6 views

Apache Tomcat denial of service vulnerability

Overview Apache Tomcat is an implementation of the Java Servlet and JavaServer Pages technologies. Apache Tomcat contains a vulnerability that may allow a remote attacker to cause a denial of service DoS. Impact A remote attacker may cause a denial of service DoS. Solution...

5CVSS6.8AI score0.2344EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•5 views

Sylpheed Filename Buffer Overflow Vulnerability

Overview Sylpheed contains a buffer overflow vulnerability exploitable via attachements with MIME-encoded filename. Impact An attacker could execute arbitrary code with the privileges of the user running Sylpheed. Solution Please refer to the 'Vendor Information' and 'References' section for...

5.1CVSS7.7AI score0.01827EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•5 views

DeleGate DNS Message Decompression Denial of Service Vulnerability

Overview DNS implementation in DeleGate does not handle a compressed DNS packet properly, which could cause an infinite loop. Note that some other DNS packet processing systems have the issues related to this vulnerability. For more information on those systems, please refer to NISCC-589088 JVN a...

5CVSS6.7AI score0.02668EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•4 views

Sylpheed Email Header Buffer Overflow Vulnerability with non-ASCII Characters

Overview Sylpheed does not validate input data properly, which could lead to buffer overflow when it receives a message with the header containing non-ASCII characters. Impact An Attacker could execute arbitrary code with the privileges of the user running Sylpheed. Solution Please refer to the...

5.1CVSS7.7AI score0.03246EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•4 views

Ruby XMLRPC Arbitrary Command Execution Vulnerability

Overview utils.rb in The Ruby XMLRPC server sets an insecure default value for the publicinstancemethods function, which could cause the highly privileged function to be exposed. Impact An attacker could execute arbitrary command on the system running Ruby XMLRPC. Solution Please refer to the...

7.5CVSS7.7AI score0.06565EPSS
Exploits0References11
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•3 views

Vulnerability in multiple web browsers allowing request spoofing attacks

Overview Multiple web browsers contain a vulnerability in the processing of XmlHttpRequest objects. XmlHttpRequest objects available in JavaScript provide a function to communicate with a server without reloading a web page. In general, JavaScript only allows communication within the same domain ...

5CVSS6.4AI score0.01789EPSS
Exploits0References15
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•2 views

Webmin and Usermin authentication bypass vulnerability

Overview Webmin and Usermin, web-based system management tools for UNIX, contain a vulnerability which may allow a remote attacker to bypass authentication when PAM authentication is used. Impact A remote attacker could bypass Webmin and Usermin's authentication, and execute an arbitrary command...

9.3CVSS7.3AI score0.04127EPSS
Exploits0References9
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•1 views

OpenSSL version rollback vulnerability

Overview OpenSSL from OpenSSL Project contains a version rollback vulnerability. If a specific option is used on a server running OpenSSL, an attacker can force the client and the server to negotiate the SSL 2.0 protocol even if these parties both request TLS 1.0 protocol by crafting an attack on...

5CVSS5.9AI score0.04866EPSS
Exploits0References25
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•2 views

Ruby XMLRPC Server Denial of Service Vulnerability

Overview The User-level thread supported in Ruby does not switch while writing to a socket. This in turn blocks all subsequent procrsses when specially crafted requests are sent to the Web server and could result in a denial of service. Impact An attacker could cause a Denial of Service DoS...

5CVSS6.4AI score0.10192EPSS
Exploits0References12
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•3 views

Ruby vulnerability allowing to bypass safe level 4 as a sandbox

Overview Ruby is a object-oriented scripting language that supports execution of untrusted code with two mechanisms: "object taint" and "safe level". Ruby contains a vulnerability that may allow an attacker to execute an arbitrary script by bypassing the "safe level" checks. Impact An attacker...

7.5CVSS6.9AI score0.03256EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•5 views

Fujitsu Java Runtime Environment reflection API vulnerability

Overview A vulnerability exists in the reflection API in the Java Runtime Environment that may allow a Java applet to elevate its privileges bypassing its security restrictions. This problem was reported by Sun Microsystems as a vulnerability in Java Runtime Environment. Fujitsu's product is...

7.5CVSS7.5AI score0.05168EPSS
Exploits0References9
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•1 views

mod_imap cross-site scripting vulnerability

Overview The "modimap" and "modimagemap" modules of the Apache HTTP Server are used for implementing server-side image map processing. modimap and modimagemap are affected by a cross-site scripting vulnerability when referer values are used in an image map in such a way that they do not handle...

4.3CVSS6.5AI score0.73692EPSS
Exploits0References33
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•2 views

Tsuru-Kame Mail vulnerable in S/MIME signature verification

Overview Tsuru-Kame Mail contains the following vulnerabilities in the S/MIME signature verification: - S/MIME signature verification does not verify the certification path. - S/MIME signature verification does not verify the certification expiration date. The name of the software "Tsuru-Kame Mai...

5CVSS6.9AI score
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•2 views

msearch directory traversal vulnerability

Overview msearch, a full-text search engine for web sites, contains a directory traversal vulnerability when used on Windows and Linux servers. Impact A remote attacker could view msearch configuration files, index files, and other files written in the same format as these files. Solution None...

5CVSS7AI score
Exploits0References3
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•3 views

Norton AntiVirus causes abnormal OS termination when a user edits a shared network file

Overview Symantec Norton AntiVirus 2005 contains a vulnerability which could cause abnormal OS termination if a user running the vulnerable Norton AntiVirus edits a file in the shared network folder if "SmartScan" is chosen in the "Which file types to scan for viruses" setting. Impact When a file...

4CVSS6.7AI score0.00446EPSS
Exploits0References9
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•3 views

Buffalo router configuration management interface vulnerable to remote access and password leakage

Overview Some Buffalo routers have a vulnerability that could allow remote access from the WAN side. A remote attacker could exploit this vulnerability to manipulate a router by gaining administrative privileges. By accessing the management interface, a remote attacker could also obtain user's...

6.4CVSS7AI score
Exploits0References3
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•1 views

Movable Type session management vulnerability

Overview Movable Type, a web log system from Six Apart KK, contains a vulnerability which could allow a remote attacker to gain illegal access. Impact A remote attacker could freely manipulate a web log by posting or deleting blog entries. Solution None...

5CVSS7.1AI score
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•1 views

SFS cross-site scripting vulnerability

Overview A cross-site scripting vulnerability exists in SFS Server-type Filtering System provided by the New Media Development Association. Impact When SFS is used for web browsing and a browsing request is filtered, an arbitrary script could be executed on the user's web browser. This may allow ...

5CVSS6.1AI score
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•2 views

Vulnerability involving security zone handling in applications using Internet Explorer components

Overview Internet Explorer IE components apply different security levels for web content processing depending on the location zone of the web content. As a result, web content on the Internet is processed in the "Internet" zone with a higher security level than that set for web content in the...

6.4CVSS7AI score
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•4 views

Hiki cross-site scripting vulnerability

Overview Hiki, a Wiki clone from the Hiki development team, contains a cross-site scripting vulnerability. Impact A remote attacker could create a content containing attacking code and take over a session by stealing the session ID of the user who logged into the system. If the user logged into t...

4.3CVSS6.1AI score0.01208EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•4 views

Common Management Agent 3.x vulnerable to information leakage

Overview Common Management Agent used in ePolicy Orchestrator and ProtectionPilot has a problem in directory access right setting which allows an attacker to obtain or view a list of files. Impact A remote attacker could view files. Solution None...

5CVSS6.8AI score0.00481EPSS
Exploits1References9
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•2 views

Pochy denial-of-service (DoS) vulnerability

Overview Pochy, email client software operating in the Microsoft Windows environment, contains a vulnerability that may cause the processing to stop while the CPU load is high and a denial-of-service DoS after receiving a specific string. Impact A remote attacker could exploit this vulnerability ...

5CVSS6.7AI score
Exploits0References3
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•1 views

FreeStyleWiki command injection vulnerability

Overview A cross-site scripting vulnerability exists in FreeStyleWiki's web management interface. Impact A user having FreeStyleWiki administrative privileges but with no web server administrative privileges could execute arbitrary code with privileges to execute CGI on the web server. Solution N...

7.5CVSS6.9AI score
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•1 views

Kent Web PostMail vulnerable to third party mail relay

Overview Kent Web PostMail, form mail software that enables sending email from web pages, contains a vulnerability which may allow the third party to relay mail as it does not properly check input. Impact An attacker could possibly compromise the mail server to send an unsolicited email. Solution...

5CVSS6.8AI score
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•4 views

MitakeSearch cross-site scripting vulnerability

Overview MitakeSearch, a fulltext search system from Hewlett-Packard Japan, contains a cross-site scripting vulnerability due to improper validation of input character strings in the ranking CGI script file, ranking.pl. Impact A malicious script may be executed on the user's web browser. Solution...

4.3CVSS6.1AI score
Exploits0References3
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•2 views

Problem with referer header handling on mobile phone web browsers

Overview We have confirmed that web browser products from Openwave Systems Inc. used for the Internet connection service for mobile phones have a problem in its function of sending referer information under certain circumstances. This problem has been reported for KDDI's au mobile phones. KDDI,...

2.6CVSS6.6AI score
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•4 views

Tomcat vulnerable in request processing

Overview Apache Tomcat, an implementation of the Java Servlet and JavaServer Pages technologies, contains a vulnerability in processing specific requests. To avoid this vulnerability, use the connectors other than AJP 1.3 Connector when connecting Apache Tomcat to a web server. Apache Tomcat...

2.6CVSS4.9AI score0.06521EPSS
Exploits0References13
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•2 views

XOOPS cross-site scripting vulnerability

Overview XOOPS is an open source web content management system implemented in PHP. XOOPS itself and its forum modules have multiple vulnerabilities in validating private messages and forum articles. Impact A remote attacker may upload a script to be executed by a user reading a private message or...

4.3CVSS7.1AI score0.01629EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•5 views

Fujitsu Java Runtime Environment reflection API vulnerability

Overview A vulnerability exists in the reflection API in the Java Runtime Environment that may allow a Java applet to elevate its privileges bypassing its security restrictions. This problem was reported by Sun Microsystems as a vulnerability in Java Runtime Environment. Fujitsu's product is...

7.5CVSS7.3AI score0.05168EPSS
Exploits0References9
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•2 views

ppBlog cross-site scripting vulnerability

Overview ppBlog, a weblog program written in PHP, contains a cross-site scripting vulnerability in its search form. Impact A remote attacker could execute a malicious script. Solution...

4.3CVSS6.4AI score
Exploits0References3
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•3 views

McAfee VirusScan Engine buffer overflow vulnerability

Overview McAfee VirusScan Engine contains a buffer overflow vulnerability. Impact A buffer overflow may occur when scanning a malformed LHA file. Solution None...

7.5CVSS7.3AI score0.07125EPSS
Exploits1References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•3 views

Virus Security heap overflow vulnerability

Overview SourceNext Virus Security has a problem in the email processing. It is affected by a heap overflow vulnerability when receiving specially crafted emails. Impact A remote attacker may cause a denial of service and execute arbitrary code with the Local System privilege. Solution None...

10CVSS7.9AI score
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•2 views

Virus Security memory leak vulnerability

Overview SourceNext Virus Security has a problem in processing a specially crafted email. When the email has a virus as an attachment and Virus Security detects that virus, memory leak occurs. Impact A remote attacker may conduct a denial of service DoS attack. Solution None...

5CVSS6.8AI score
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•2 views

Wiki clone cross-site scripting vulnerability

Overview Some Wiki clones contain a vulnerability which could lead to cross-site scripting in their file attachment function. This could allow an attacker to execute an arbitrary script on the browser of a Wiki user. Impact An arbitrary script may be executed on the browser of the user who viewed...

4.3CVSS6.2AI score
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•3 views

desknet's cross-site scripting vulnerability

Overview If a user views HTML email containing a malicious script, it could be executed. This problem allows execution of script having patterns other than those addressed in JVNF88C2C13 additional information to JVN89DE2014. Impact lf a login ID, password, or session information is leaked, an...

5CVSS6.5AI score
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•3 views

Java Cryptography Extension 1.2.1 (JCE 1.2.1) will no longer function properly after July 28, 2005 due to the expiration of its digital certificate

Overview The digital certificate that was used to sign jar files in the Java Cryptography Extension JCE 1.2.1 expires on July 28, 2005. JCE 1.2.1 limits program behaviors after the expiration of the digital certificate. As a result, specific methods of JCE 1.2.1 will no longer work properly after...

2.6CVSS6.8AI score
Exploits0References16
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•7 views

Hiki cross-site scripting vulnerability

Overview Hiki, a Wiki clone from the Hiki development team, contains a cross-site scripting vulnerability. Impact A remote attacker could create a content containing attacking code and take over a session by stealing the session ID of the user who logged into the system. If the user logged into t...

4.3CVSS6.2AI score0.01235EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•3 views

WirelessIP5000 has multiple vulnerabilities

Overview WirelessIP5000, a wireless IP phone from Hitachi Cable, contains multiple vulnerabilities; - Illegal access using the port TCP3390 - SNMP access using an arbitrary community name - Access to the HTTP server by an unauthorized user in the factory default configuration - The HTTP server...

7.5CVSS6.9AI score0.01532EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•5 views

WirelessIP5000 has multiple vulnerabilities

Overview WirelessIP5000, a wireless IP phone from Hitachi Cable, contains multiple vulnerabilities; - Illegal access using the port TCP3390 - SNMP access using an arbitrary community name - Access to the HTTP server by an unauthorized user in the factory default configuration - The HTTP server...

7.5CVSS7AI score0.01532EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•9 views

WirelessIP5000 has multiple vulnerabilities

Overview WirelessIP5000, a wireless IP phone from Hitachi Cable, contains multiple vulnerabilities; - Illegal access using the port TCP3390 - SNMP access using an arbitrary community name - Access to the HTTP server by an unauthorized user in the factory default configuration - The HTTP server...

7.5CVSS7AI score0.00345EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•2 views

Hyper NIKKI System cross-site request forgery vulnerability

Overview Hyper NIKKI System hns, a weblog system from the Hyper NIKKI System Project, contains a cross-site request forgery CSRF vulnerability. Impact If a weblog administrator accesses a malicious web page, an attacker could add, alter, or delete the weblog text. If the weblog text is successful...

2.6CVSS6.1AI score
Exploits0References2
Total number of security vulnerabilities5625