5609 matches found
QUICK CART OS command injection vulnerability
Overview QUICK CART is a shopping cart system that provides functionalities used for managing an Internet store. An OS command injection vulnerability exists in QUICK CART as it does not properly validate the user input. Impact A remote attacker could execute arbitrary operating system commands o...
RWiki arbitrary Ruby script execution vulnerability
Overview RWiki, one of Wiki clones, contains a vulnerability allowing execution of arbitrary Ruby scripts on its edit mode page. Impact A remote attacker could execute an arbitrary Ruby script on the server where RWiki is installed, with the privilege running RWiki. Solution...
RWiki cross-site scripting vulnerability
Overview RWiki, software written in Ruby providing Wiki functions, contains a cross-site scripting vulnerability, as content is not adequately escaped for display. Impact A remote attacker could upload content containing malicious code to a server running vulnerable RWiki. As a result, an arbitra...
Wiki clone products vulnerable to denial of service attacks
Overview Wiki clones allow a user via a web browser to edit documents on the web server. Some products of Wiki clones contain a vulnerability which consumes large amounts of CPU and memory resources when handling a particular request. Impact A remote attacker could execute a DoS denial of service...
Geeklog cross-site scripting vulnerability
Overview Geeklog, an open source content management system, contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. If session information from a cookie is leaked, an attacker could possibly conduct session hijacking. Solution None...
Loudblog cross-site scripting vulnerability
Overview Loudblog, an open source content management system used for podcasting, etc., contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. If session information from a cookie is leaked, an attacker could possibly condust session...
04WebServer cross-site scripting vulnerability
Overview 04WebServer, open source web server software, contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution None...
04WebServer directory traversal vulnerability
Overview 04WebServer, an open source web server, contains a vulnerability allowing directory traversal bypassing user authentication. Impact A remote attacker could bypass a user authentication and view server files. Solution None...
MDPro cross-site scripting vulnerability
Overview MDPro, an open source content management system, contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. In addition, if session information from a cookie is leaked, an attacker could possibly conduct session hijacking. Solutio...
Ichitaro buffer overflow vulnerability
Overview Ichitaro, word-processing software contains a buffer overflow vulnerability. Impact Arbitrary code could be executed on the Ichitaro user's PC, if the user opens a specially crafted Ichitaro file sent by a remote attacker. Solution...
Webmin directory traversal vulnerability
Overview Webmin is a web-based system management tool. Webmin contains a directory traversal vulnerability which allows to bypass authentication. As of June 30, 2006, patched versions of the module addressing this vulnerability for all OS platforms are available from the vendor. This vulnerabilit...
Fujitsu Java Runtime Environment reflection API vulnerability
Overview A vulnerability exists in the reflection API in the Java Runtime Environment that may allow a Java applet to elevate its privileges bypassing its security restrictions. This problem was reported by Sun Microsystems as a vulnerability in Java Runtime Environment. Fujitsu's product is...
Cybozu Office browser script execution vulnerability
Overview The HTML-mail compliant web mail function of Cybozu Office contains a vulnerability that may allow an attacker to execute browser script. Impact If a Cybozu Office user logs into the system and opens an email containing exploit code sent by a remote attacker using the web mail function,...
Website connection problem when a mobile phone terminal uses specific QR code
Overview Mobile phone terminals supporting the two-dimensional code QR code read function are reported to have a website connection problem. When specific QR code is read, even if a user tries to connect to the URL string in the first line of the two URL lines displayed, the connection is...
Norton AntiVirus causes abnormal OS termination when scanning illegal files
Overview Symantec Norton AntiVirus 2004 and 2005 contain a vulnerability that causes an abnormal operating system termination of a computer, when their real-time scan feature is enabled and examining a file with a specially crafted file header. Impact An attacker could cause an abnormal OS...
WebUD arbitrary program execution vulnerability
Overview WebUD, a web accessibility support tool, contains a vulnerability in its components that are automatically executed on it, which may allow execution of arbitrary code when a user accesses a malicious website. Impact A remote attacker could execute an arbitrary program, or read or overwri...
FreeStyleWiki command injection vulnerability
Overview A cross-site scripting vulnerability exists in FreeStyleWiki's web management interface. Impact A user having FreeStyleWiki administrative privileges but with no web server administrative privileges could execute arbitrary code with privileges to execute CGI on the web server. Solution N...
Kent Web PostMail vulnerable to third party mail relay
Overview Kent Web PostMail, form mail software that enables sending email from web pages, contains a vulnerability which may allow the third party to relay mail as it does not properly check input. Impact An attacker could possibly compromise the mail server to send an unsolicited email. Solution...
Problem with referer header handling on mobile phone web browsers
Overview We have confirmed that web browser products from Openwave Systems Inc. used for the Internet connection service for mobile phones have a problem in its function of sending referer information under certain circumstances. This problem has been reported for KDDI's au mobile phones. KDDI,...
Tomcat vulnerable in request processing
Overview Apache Tomcat, an implementation of the Java Servlet and JavaServer Pages technologies, contains a vulnerability in processing specific requests. To avoid this vulnerability, use the connectors other than AJP 1.3 Connector when connecting Apache Tomcat to a web server. Apache Tomcat...
DNS cache servers resource consumption by TCP SYN_SENT states
Overview DNS cache servers consume huge resources for communication with DNS authoritative servers in the following situation. 1 a user sends a query to the DNS cache server 2 the DNS cache server sends a UDP query to an authoritative server 3 when the authoritative server finds that the reply...
Canna irw_through Buffer Overflow Vulnerability
Overview Canna contains a buffer overflow vulnerability in the irwthrough function. Impact A local attacker could execute arbitrary code with the privileges of the 'bin' user. Solution Please refer to the 'Vendor Information' section for official remediation and take appropriate action...
Symantec Backup Exec for Windows Server ActiveX Control Multiple Buffer Overflow Vulnerabilities
Overview The PVATLCalendar.PVCalendar.1 pvcalendar.ocx ActiveX control, a scheduler component of the Media Server in Symantec Backup Exec for Windows Server BEWS, includes the insecure Save method that mishandles long strings assigned to various properties listed below, which can be exploited to...
Fresh Reader RSS feed cross-site scripting vulnerability
Overview Fresh Reader from sidefeed, Inc. is a server-side web application that manages RSS information. Fresh Reader contains an RSS feed cross-site scripting vulnerability. Impact An arbitrary script could be executed on the web browser of a Fresh Reader user. Solution None...
Trac cross-site scripting vulnerability
Overview Trac is a project management tool from Edgewall Software. InterAct Corp. provides a localized version of Trac in Japan. Trac wiki engine contains a cross-site scripting vulnerability which affects Microsoft Internet Explorer. Impact A remote attacker could possibly execute an arbitrary...
Shihonkanri Plus Ver2 GOOUT directory traversal vulnerability
Overview Shihonkanri Plus Ver2 GOOUT is open source software which enables a user to view data from Shihonkanri Plus via network. Shihonkanri Plus Ver2 GOOUT contains a directory traversal vulnerability. Impact A remote attacker could access files on the server on which Shihonkanri Plus Ver2 GOOU...
InfoBarrier4 self-decrypted file vulnerability
Overview InfoBarrier4 provided by FFC Limited contains a vulnerability in self-decrypted files created using InfoBarrier4 encryption. Impact The third party could view the contents of self-decrypted files or obtain the passwords used for self-decryption. Solution None...
open-gorotto cross-site scripting vulnerability
Overview open-gorotto, open source software to create members-only community sites, contains a cross-site scripting vulnerability, as it does not properly handle output of usernames. Impact An arbitrary script may be executed on the user's web browser. If session information from a cookie is...
Canon Network Camera Server VB100 Series vulnerable to cross-site scripting
Overview Canon Network Camera Server VB100 Series contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed in the camera server management screen. Solution None...
Safari URL spoofing vulnerability
Overview Apple's Safari contains a vulnerability that allows spoofing of URLs in the address bar. Apple's Safari is a web browser installed as default with Mac OS X. There is a problem in Safari where URLs displayed in the address bar could be spoofed to deceive Safari users. This could be...
Tuigwaa cross-site scripting vulnerability
Overview Tuigwaa, from the Tuigwaa Project, contains a cross-site scripting vulnerability. Tuigwaa from the Tuigwaa Project is open source software to develop web applications. Tuigwaa contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web...
Lotus Domino cross-site scripting vulnerability
Overview IBM Lotus Domino contains a cross-site scripting vulnerability. IBM Lotus Domino is server software for Lotus Notes, groupware from IBM. Lotus Domino contains a cross-site scripting vulnerability. Impact An attacker could execute an arbitrary script on the web browser of a user who...
AirStation series and BroadStation series vulnerable to cross-site request forgery
Overview Buffalo's AirStation Series and BroadStation Series routers are vulnerable to cross-site request forgery. Buffalo's AirStation series and BroadStation series routers have a web administration interface that can be accessed from a web browser to configure their functional settings. The we...
FTP bounce vulnerability in multiple Canon digital multifunction copiers and laser beam printers
Overview Multiple Canon digital multifunction copiers and laser beam printers contain a vulnerability that could allow a remote attacker to access other network devices via a built-in FTP server. The Canon Color imageRUNNER Series, imageRUNNER Series, imagePRESS Series, and laser beam printer...
Sun Java Runtime Environment (JRE) contains a vulnerability in processing XSLT transformations
Overview The Sun Microsystems Java Runtime Environment JRE contains a vulnerability that could allow privilege escalation in the processing of XSLT transformations. The Sun Microsystems Java Runtime Environment JRE contains a vulnerability that could allow a remote attacker to elevate its...
Namazu cross-site scripting vulnerability
Overview Namazu, Japanese full-text search engine, contains a cross-site scripting vulnerability. Namazu, Japanese full-text search engine does not specify charset in the ContentType header that could allow a remote attacker to execute an arbitrary script on the user's web browser. Impact An...
Drupal cross-site scripting vulnerability
Overview Drupal, an open source content management system, contains a cross-site scripting vulnerability. This vulnerability is different from JVN82240092. Impact An arbitrary script could be executed on the browser of the user who logged into Drupal. In addition, if session information from a...
Adobe JRun cross-site scripting vulnerability
Overview Adobe JRun is an application server based on J2EE Java 2 Platform Enterprise Edition. Adobe JRun contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the browser of the administrator logged into Adobe JRun. In addition, if session information from ...
Mozilla Firefox cross-site scripting vulnerability
Overview Mozilla Firefox, web browser from Mozilla Corporation and Mozilla Japan, contains a cross-site scripting vulnerability. Mozilla Firefox interprets HTML data improperly and activates event handlers for invalid HTML elements, leading to a cross-site scripting vulnerability. Impact An...
MailDwarf vulnerability allows unauthorized sending of emails
Overview MailDwarf, released from HTML Dwarf, is a CGI program that enables a user to send e-mail message via web page. MailDwarf contains a vulnerability that allows unauthorized email to be sent to a different address set by the administrator. Impact A remote attacker may exploit the...
ADPLAN cross-site scripting vulnerability
Overview ADPLAN Version 3, web access measurement software provided by Opt, Inc., contains a cross-site scripting vulnerability in the SEO search engine optimization module. ADPLAN Version 3, web access measurement software provided by Opt, Inc., contains a cross-site scripting vulnerability in t...
Cross-site scripting vulnerability in Apache HTTP Server "mod_imap" and "mod_imagemap"
Overview modimap and modimagemap modules of the Apache HTTP Server are vulnerable to cross-site scripting. The Apache HTTP Server is open source web server software. The Apache HTTP Server modules modimap and modimagemap provide server-side imagemap processing capability. The Apache HTTP Server...
Cosminexus Application Server Incorrect Group Permission Handling Vulnerability
Overview When a logical J2EE server or logical user server is started from Cosminexus Manager in Cosminexus Application Server, Cosminexus Manager may assign the wrong user's group permissions to an activated server process. Impact An attacker could exploit the vulnerability to obtain...
Multiple I-O DATA DEVICE wireless LAN routers default configuration does not set authentication
Overview The web administration interface for the WN-APG/R-Series and WN-WAPG/R-Series wireless LAN routers from I-O DATA DEVICE disables authentication in the default configuration. The authentication for the web administration interface for the WN-APG/R-Series and WN-WAPG/R-Series wireless LAN...
PerlMailer cross-site scripting vulnerability
Overview PerlMailer is a mail form CGI provided by "Homepage Decorator". A cross-site scripting vulnerability exists in PerlMailer. PerlMailer is a mail form CGI provided by "Homepage Decorator". It is used to send mail from a form on a web page. A cross-site scripting vulnerabiltiy exists in...
SEWB3/PLATFORM Denial of Service Vulnerability
Overview SEWB3/PLATFORM handles SEWB3 message improperly when it receives malformed data, which allows attackers to cause a Denial of Service DoS. Impact An attacker could cause a Denial of Service DoS. Solution Please refer to the 'Vendor Information' section for official remediation and take...
Movable Type cross-site scripting vulnerability
Overview Movable Type, a web log system from Six Apart, contains a cross-site scripting vulnerability. This vulnerability is different from JVN68295640. Impact An arbitrary script could be executed on the user's web browser or the display of a web page could be falsified. In addition, an attacker...
ColdFusion cross-site scripting vulnerability
Overview ColdFusion, web application development software from Adobe, contains a cross-site scripting vulnerability. According to the statements from the developer, this vulnerability does not arise when the "Enable Global Script Protection" setting is turned on. This vulnerability is different...
Internet Explorer vulnerable in MHTML handling
Overview Internet Explorer is vulnerable in handling MHTML MIME Encapsulation of Aggregate HTML protocol, which allows an arbitrary script execution. When Internet Explorer accesses a website with the MHTML protocol, Internet Explorer processes the contents as MHTML data, ignoring their actual...
Fuktommy.com httpd.pl included in its HTML preprocessor vulnerable in allowing an attacker to view arbitrary CGI source code
Overview Fuktommy.com httpd.pl included in its HTML preprocessor contains a vulnerability which may allow an attacker to view arbitrary CGI source code. Fuktommy.com httpd.pl included in its HTML preprocessor is an open source web server. It contains a vulnerability which may allow an attacker to...