Lucene search
K

5625 matches found

Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•4 views

HTTPD-User-Manage cross-site scripting vulnerability

Overview HTTPD-User-Manage is a set of Perl modules for managing user authentication information for web servers. It contains a cross-site scripting vulnerability in its CGI as it does not properly validate input strings. This problem does not occur when only the library for managing database is...

4.3CVSS6.1AI score
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•5 views

eBASEweb SQL injection vulnerability

Overview eBASEweb, an optional product in the eBASE series data management software from eBASE Co., Ltd., contains an SQL injection vulnerability as it does not completely sanitize user input data. eBASE Co., Ltd. has fixed this product and advised customers who have introduced this product to...

7.5CVSS8AI score0.01333EPSS
Exploits0References9
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•2 views

Multiple vulnerabilities in FreeStyleWiki including cross-site scripting

Overview FreeStyleWiki contains a cross-site scripting and a cross-site request forgery vulnerabilities. The cross-site scripting vulnerability could allow a remote attacker to create a web page containing a malicious script. The cross-site request forgery vulnerability could allow a remote...

5CVSS6.5AI score
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•2 views

Hyper Estraier directory traversal/denial of service vulnerability

Overview Hyper Estraier, a full text search system, contains a vulnerability in the process of creating index files. Impact If a remote attacker sends a specially crafted file and a user saves it in a search target directory, the attacker could register a file not to be searched in an index when...

5CVSS6.8AI score0.01388EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•3 views

BBSNote cross-site scripting vulnerability

Overview BBSNote, CGI bulletin board script, contains a cross-site scripting vulnerability due to improper handling of CGI arguments. Impact A malicious script may be executed on the user's web browser. Solution None...

5CVSS6.2AI score
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•3 views

Serene Bach cross-site scripting vulnerability

Overview Serene Bach, a weblog management tool from SerendipityNZ Limited, contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Also, session information or credential information kept in a cookie could be leaked. Solution None...

6.8CVSS6.2AI score0.01695EPSS
Exploits0References10
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•1 views

Movable Type cross-site scripting vulnerability

Overview Movable Type, a web log system from Six Apart, contains a cross-site scripting vulnerability. This vulnerability is different from JVN68295640. Impact An arbitrary script could be executed on the user's web browser or the display of a web page could be falsified. In addition, an attacker...

5CVSS6AI score
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•2 views

CGI RESCUE WebFORM vulnerable to HTTP header injection

Overview WebFORM released from CGI RESCUE is software that allows the emailing of contents of a HTML form. WebFORM contains a HTTP header injection vulnerability which is caused by improperly processing the output of HTTP headers. Impact Falsified information may be displayed or an arbitrary scri...

4.3CVSS7AI score
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•9 views

Fresh Reader RSS feed cross-site scripting vulnerability

Overview Fresh Reader from sidefeed, Inc. is a server-side web application that manages RSS information. Fresh Reader contains an RSS feed cross-site scripting vulnerability. Impact An arbitrary script could be executed on the web browser of a Fresh Reader user. Solution None...

6.8CVSS6.2AI score0.01401EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•4 views

phpAdsNew cross-site scripting vulnerability

Overview phpAdsNew, an open source web advertising management system, contains a cross-site scripting vulnerability. Note that phpAdsNew is now called "Openads." The products listed below use the same module as phpAdsNew thus they are also affected by the vulnerability. - phpPgAds 2.0.9-pr1 and...

6.8CVSS6.1AI score0.01433EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•4 views

Drupal cross-site scripting vulnerability

Overview Drupal, an open source content management system, contains a cross-site scripting vulnerability. This vulnerability is different from JVN82240092. Impact An arbitrary script could be executed on the browser of the user who logged into Drupal. In addition, if session information from a...

4.3CVSS6.2AI score0.02103EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•5 views

CGI RESCUE WebFORM missing mail content vulnerability

Overview WebFORM from CGI RESCUE is software that enables the emailing of contents of an HTML form. A vulnerability exists in WebFORM. By entering a particular string in the message body, a message missing sender information could be sent. Impact Some part of the sender information in the message...

5CVSS6.4AI score
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•2 views

b2evolution cross-site scripting vulnerability

Overview b2evolution, a blog publishing system, contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. If session information from a cookie is leaked, session hijacking could be conducted. Solution None...

4.3CVSS6.1AI score
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•3 views

Sleipnir RSS bar vulnerable in handling RSS data in an inappropriate security zone

Overview Sleipnir is a tabbed web browser developed in Japan by Fenrir & Co. Sleipnir RSS bar contains a vulnerability that RSS data is handled in an inappropriate security zone My Computer zone. Impact An arbitrary script could be executed in an inappropriate security zone. Solution None...

7.5CVSS6.8AI score0.01688EPSS
Exploits0References9
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•3 views

Sleipnir RSS bar vulnerable in handling RSS data in an inappropriate security zone

Overview Sleipnir is a tabbed web browser developed in Japan by Fenrir & Co. Sleipnir RSS bar contains a vulnerability that RSS data is handled in an inappropriate security zone My Computer zone. Impact An arbitrary script could be executed in an inappropriate security zone. Solution None...

7.5CVSS6.8AI score0.01427EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•3 views

CCC Cleaner buffer overflow vulnerability

Overview CCC Cleaner, provided by Cyber Clean Center between January 25 and February 9, 2007, contains a buffer overflow vulnerability that occurs when it scans UPX-packed executables. This vulnerability is caused by a buffer overflow vulnerability in the scan processing of UPX compressed...

9.3CVSS7.3AI score0.083EPSS
Exploits0References13
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•5 views

CCC Cleaner buffer overflow vulnerability

Overview CCC Cleaner, provided by Cyber Clean Center between January 25 and February 9, 2007, contains a buffer overflow vulnerability that occurs when it scans UPX-packed executables. This vulnerability is caused by a buffer overflow vulnerability in the scan processing of UPX compressed...

7.2CVSS7.3AI score0.00946EPSS
Exploits0References16
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•6 views

ColdFusion cross-site scripting vulnerability

Overview ColdFusion, web application development software from Adobe, contains a cross-site scripting vulnerability. According to the statements from the developer, this vulnerability does not arise when the "Enable Global Script Protection" setting is turned on. This vulnerability is different...

4.3CVSS6AI score0.03019EPSS
Exploits0References9
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•3 views

FENCE-Pro and Systemwalker Desktop Encryption self-decoding file vulnerability

Overview Fujitsu's encryption software FENCE-Pro and Systemwalker Desktop Encryption share the same components. A vulnerability exists in self-decoding files created using this software. Impact The third party could view the contents of self-decoding files and obtain the passwords used for the...

3.6CVSS6.8AI score0.00239EPSS
Exploits0References10
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•2 views

Mozilla Firefox cross-site scripting vulnerability

Overview Mozilla Firefox, web browser from Mozilla Corporation and Mozilla Japan, contains a cross-site scripting vulnerability. Mozilla Firefox interprets HTML data improperly and activates event handlers for invalid HTML elements, leading to a cross-site scripting vulnerability. Impact An...

4.3CVSS8.6AI score0.0213EPSS
Exploits0References17
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•1 views

BASP21 vulnerable to mail header injection

Overview BASP21 provided by B21Soft, Inc. is a component for Windows applications. BASP21 contains a mail header injection vulnerability. Tomoki Sanaki reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact The...

6.4CVSS7AI score0.01449EPSS
Exploits0References12
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•4 views

MailDwarf vulnerability allows unauthorized sending of emails

Overview MailDwarf, released from HTML Dwarf, is a CGI program that enables a user to send e-mail message via web page. MailDwarf contains a vulnerability that allows unauthorized email to be sent to a different address set by the administrator. Impact A remote attacker may exploit the...

5CVSS6.8AI score0.01222EPSS
Exploits0References9
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•10 views

CruiseWorks and Minna De Office vulnerable in access restrictions

Overview CruiseWorks and Minna De Office are groupware. They contain a vulnerability that the user's access restriction is not properly set. Impact An user with a standard privilege who logs into CruiseWorks or Minna De Office could possibly change the system configurations or information...

6.5CVSS6.5AI score0.00324EPSS
Exploits0References15
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•1 views

Shihonkanri Plus Ver2 GOOUT directory traversal vulnerability

Overview Shihonkanri Plus Ver2 GOOUT is open source software which enables a user to view data from Shihonkanri Plus via network. Shihonkanri Plus Ver2 GOOUT contains a directory traversal vulnerability. Impact A remote attacker could access files on the server on which Shihonkanri Plus Ver2 GOOU...

5CVSS6.6AI score
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•1 views

Apache Tomcat Accept-Language Header Cross-Site Scripting Vulnerability

Overview Apache Tomcat from the Apache Software Foundation contains a cross-site scripting vulnerability in the Accept-Language header handling. Apache Tomcat from the Apache Software Foundation is an implementation of the Java Servlet and JavaServer Page JSP technologies. Apache Tomcat contains ...

4.3CVSS6AI score0.19889EPSS
Exploits1References21
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•2 views

APOP password recovery vulnerability

Overview POP3 is a protocol for receiving email from mail servers. APOP is an authentication mechanism used by the POP3 protocol. It is reported that APOP passwords could be recovered by third parties. In its successful attack, the attacker spoofs itself as the mail server, provides challenge...

5.4CVSS9.3AI score0.02423EPSS
Exploits1References35
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•3 views

Canon Network Camera Server VB100 Series vulnerable to cross-site scripting

Overview Canon Network Camera Server VB100 Series contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed in the camera server management screen. Solution None...

4.3CVSS6.3AI score0.01233EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•5 views

Java Web Start vulnerable to execution of unauthorized system classes

Overview Java Web Start, included in the JRE Java Runtime Environment from Sun Microsystems and other products, contains a vulnerability allowing unauthorized execution of system classes. Java Web Start, included in the JRE Java Runtime Environment and other products, is a tool for distributing...

10CVSS7.3AI score0.04959EPSS
Exploits0References17
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•2 views

Advance-Flow cross-site scripting vulnerability

Overview Advance-Flow is an electronic authorization system. Advance-Flow contains a cross-site scripting vulnerability in its application form. Advance-Flow provided by OSK Co. LTD contains a cross-site scripting vulnerability, as it does not properly handle output data. Some application forms a...

5CVSS6.2AI score0.01263EPSS
Exploits0References9
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•4 views

HP System Management Homepage cross-site scripting vulnerability

Overview A cross-site scripting vulnerability exists in Hewlett-Packard HP System Management Homepage SMH. HP System Management Homepage SMH from Hewlett-Packard is a web-based interface that can manage HP servers. A cross-site scripting vulnerability exists in SMH. It is also confirmed that Comp...

4.3CVSS6.1AI score0.03871EPSS
Exploits0References11
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•1 views

ADPLAN cross-site scripting vulnerability

Overview ADPLAN Version 3, web access measurement software provided by Opt, Inc., contains a cross-site scripting vulnerability in the SEO search engine optimization module. ADPLAN Version 3, web access measurement software provided by Opt, Inc., contains a cross-site scripting vulnerability in t...

4.3CVSS5.8AI score0.01223EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•4 views

Internet Explorer vulnerable in MHTML handling

Overview Internet Explorer is vulnerable in handling MHTML MIME Encapsulation of Aggregate HTML protocol, which allows an arbitrary script execution. When Internet Explorer accesses a website with the MHTML protocol, Internet Explorer processes the contents as MHTML data, ignoring their actual...

4.3CVSS6.8AI score0.2504EPSS
Exploits1References12
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•4 views

rktSNS cross-site scripting vulnerability

Overview rktSNS, an open source social networking service engine provided by rakuto.net, contains a cross-site scripting vulnerability. rktSNS, provided by rakuto.net, is open source software for community site construction. rktSNS contains a cross-site scripting vulnerability. Impact An arbitrar...

4.3CVSS6.3AI score
Exploits0References3
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•4 views

RaidenHTTPD cross-site scripting vulnerability

Overview RaidenHTTPD, from Sonei Information Systems TEAM JOHNLONG, contains a cross-site scripting vulnerability. RaidenHTTPD is a multipurpose web server for Windows provided by TEAM JOHNLONG. RaidenHTTPD contains a cross-site scripting vulnerability. Impact Arbitrary code could be executed on...

10CVSS6.1AI score0.05191EPSS
Exploits1References13
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•3 views

Aruba Mobility Controller Series cross-site scripting vulnerability

Overview Aruba Mobility Controller series, switch products from Aruba Networks, contain a cross-site scripting vulnerability. Aruba Mobility Controller series, switch products from Aruba Networks, contain a cross-site scripting vulnerability in the login page to the web management screens. Impact...

4.3CVSS6.2AI score0.01484EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•4 views

Yayoi Kaikei improper handling of credential information

Overview Yayoi Kaikei Quick Navigator sends user credentials unencrypted. Yayoi Kaikei Quick Navigator makes the user log into the vendor's server, and sends the user credentials unencrypted. Impact By monitoring the communication between Quick Navigator and the vendor's server, an attacker can...

2.6CVSS6.9AI score
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•4 views

WebCart cross-site scripting vulnerability

Overview WebCart, provided by CGI's, contains a cross-site scripting vulnerability. WebCart provided by CGI's is shopping cart software. WebCart's management interface contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution...

6.4CVSS6.2AI score0.01263EPSS
Exploits0References9
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•3 views

Mayaa cross-site scripting vulnerability

Overview Mayaa, a Java template engine from the Seasar Project, contains a cross-site scripting vulnerability. Mayaa from the Seasar Project is an open source Java template engine. A cross-site scripting vulnerability exists in Mayaa. Impact An arbitrary script may be executed on the user's web...

4.3CVSS6.2AI score0.01223EPSS
Exploits0References9
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•3 views

Fulltext search CGI from futomi's CGI Cafe vulnerable to cross-site scripting

Overview Fulltext search CGI from futomi's CGI Cafe contains a cross-site scripting vulnerability. Fulltext search CGI, website search software from futomi's CGI Cafe, contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution...

4.3CVSS6.3AI score
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•2 views

Fuktommy.com httpd.pl included in its HTML preprocessor vulnerable in allowing an attacker to view arbitrary CGI source code

Overview Fuktommy.com httpd.pl included in its HTML preprocessor contains a vulnerability which may allow an attacker to view arbitrary CGI source code. Fuktommy.com httpd.pl included in its HTML preprocessor is an open source web server. It contains a vulnerability which may allow an attacker to...

5CVSS6.7AI score
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•6 views

Lhaplus buffer overflow vulnerability

Overview Lhaplus, software for compression and decompression supporting various compressed file formats, contains a buffer overflow vulnerability. Lhaplus, software for compression and decompression supporting various compressed file formats, contains a buffer overflow vulnerability. If a user...

7.5CVSS7.4AI score0.04119EPSS
Exploits1References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•4 views

Cosminexus javadoc Cross-Site Scripting Vulnerability

Overview The javadoc command of Cosminexus may generate an HTML file that contains cross-site scripting vulnerabilities. Impact An attacker could exploit said HTML file vulnerable to cross-site scripting. Solution Please refer to the 'Vendor Information' section for official remediation and take...

4.3CVSS6.2AI score0.01659EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•6 views

Cosminexus Denial of Service Vulnerability

Overview JSSE Java Secure Socket Extension in Cosminexua Developer's Kit for Java may fall into a denial of service condition when it handles an improper SSL/TLS handshake request. An attacker could exploit this vulnerability and cause a denial of service on the systems that establish an SSL/TLS...

5CVSS6.6AI score0.02198EPSS
Exploits0References9
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•2 views

TPBroker Denial of Service Vulnerability

Overview TPBroker Object Transaction Monitor and Cosminexus TPBroker Object Transaction Monitor terminate abnormally when the TSC Domain Manager receives invalid messages. Impact An attacker could cause a Denial of Service DoS condition. Solution Please refer to the 'Vendor Information' section f...

5CVSS6.7AI score0.01233EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•6 views

Cosminexus Agent Process Crash Vulnerability

Overview Cosminexus Agent process may crash when Cosminexus Agent receives specially crafted data from a process other than Cosminexus Manager. The crash doesn't affect the running applications launched by Cosminexux Agent. Impact An attacker could crash Cosminexus Agent process. Solution Please...

5CVSS6.7AI score0.01226EPSS
Exploits0References9
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•5 views

Webmin OS command injection vulnerability

Overview Webmin, a web-based system management tool, contains a vulnerability that allows an unauthorized Webmin user to execute OS commands. Webmin is a web-based system management tool. Webmin for Windows contains a vulnerability that allows an unauthorized Webmin user to execute OS commands by...

9CVSS7.4AI score0.02445EPSS
Exploits0References12
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•4 views

MouseoverDictionary vulnerable to arbitrary script execution

Overview MouseoverDictionary, an add-on for Mozilla Firefox, contains a vulnerability that allows an attacker to execute an arbitrary script. MouseoverDictionary, an add-on mouseover English-Japanese dictionary for Mozilla Firefox, contains a vulnerability that allows an attacker to execute an...

5.8CVSS6.6AI score0.01009EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•5 views

Hitachi Web Server SSL Client Authentication Vulnerability

Overview Hitachi Web Server accepts an SSL certificate sent by a clinet trying to connect to the Server even if the certificate is fraudulent. The vulnerability does not affect the product if the SSL authenticaton client feature is disabled. Impact An attacker could gain access with a fraudulent...

5CVSS7.6AI score0.04894EPSS
Exploits1References9
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•4 views

Hitachi Web Server Cross-Site Scripting Vulnerability with Server-Status Page

Overview When Hitachi Web Server receives a request that contains malicious scripts, they are inserted into the server-satus page the Server automatically creates. This allows the inserted malicious scripts to be executed on the client machines. The vulnerability does not affect the product if th...

4.3CVSS7.7AI score0.27783EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•2 views

Multiple Cybozu products vulnerable to HTTP header injection

Overview Multiple Cybozu products are vulnerable to HTTP header injection. Multiple Cybozu products are vulnerable to HTTP header injection because they do not properly process HTTP headers. Impact A remote attacker can conduct cache poisoning, send an arbitrary cookie, or execute an arbitrary...

4.3CVSS7.7AI score
Exploits0References2
Total number of security vulnerabilities5625