Lucene search
K

5625 matches found

Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•4 views

Sun Java System Web Server cross-site scripting vulnerability

Overview Sun Java System Web Server originally called Sun ONE Web Server contains a cross-site scripting vulnerability. A vulnerable web server does not adequately validate the HTTP REFERER header before using the contents in the default error page. Impact A malicious script may be executed on th...

6.8CVSS6.2AI score0.03398EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•1 views

Ruby contains a vulnerability that prevents safe level 4 from functioning as a sandbox.

Overview Safe level is a security model provided by Ruby language that limits the operation of untrusted objects. A vulnerability that allows an attacker to bypass the safe level restrictions and execute inaccessible methods ex. destructive methods was confirmed. Impact An attacker may be able to...

6.4CVSS7.4AI score0.05739EPSS
Exploits0References12
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•1 views

Nagasaki Electronic Prefectural Office System authentication information vulnerability

Overview Nagasaki Prefectural Government has developed an open source electronic prefectural office system. The system hardcodes some credential information and a remote attacker could impersonate genuine users. Impact A remote attacker could impersonate genuine users. As a result, the attacker...

5CVSS6.7AI score
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•2 views

Minnu's filer2 vulnerable in allowing arbitrary Ruby script execution

Overview The Minnu's filer2 is a Unix file managing program. This software has a vulnerability that allows a attacker to execute arbitrary Ruby scripts with the privilege of the user running the Minnu's filer2. Impact An attacker could take over a user's account, steal the user's information or...

1.9CVSS7.2AI score
Exploits0References3
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•1 views

CAFEMILK Shopping Cart CGI cross-site scripting vulnerability

Overview CAFEMILK Shopping Cart CGI contains a cross-site scripting vulnerability as it does not properly validate input strings. Impact A malicious script may be executed on the user's web browser. Personal information, recorded in cookies issued by CAFEMILK SHOPPING CART CGI, may be leaked...

4.3CVSS6.2AI score
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•2 views

FreeStyleWiki cross-site scripting vulnerability

Overview FreeStyleWiki, a Wiki clone program implemented in Perl, contains a cross-site scripting vulnerability. Impact An rbitrary script may be executed on the user's web browser. In addition, if session information from a cookie is leaked, an attacker could possibly conduct session hijacking...

4.3CVSS6AI score
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•4 views

Trac cross-site scripting vulnerability

Overview Trac is a project management tool from Edgewall Software. InterAct Corp. provides a localized version of Trac in Japan. Trac wiki engine contains a cross-site scripting vulnerability. Impact A remote attacker could possibly execute an arbitrary script on the user's web browser. Solution...

4.3CVSS6.3AI score0.01369EPSS
Exploits0References10
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•2 views

MyWeb SQL injection vulnerability

Overview Groupware MyWeb contains a SQL injection vulnerability. Impact A remote attacker could view or modify the database contents. Solution None...

7.5CVSS7.9AI score0.01214EPSS
Exploits0References9
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•2 views

RWiki cross-site scripting vulnerability

Overview RWiki, software written in Ruby providing Wiki functions, contains a cross-site scripting vulnerability, as content is not adequately escaped for display. Impact A remote attacker could upload content containing malicious code to a server running vulnerable RWiki. As a result, an arbitra...

4.3CVSS6.5AI score0.01802EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•2 views

CGI RESCUE WebFORM allows unauthorized email transmission

Overview WebFORM from CGI RESCUE is software which delivers the HTML form inputs via email. WebFORM fails to check the mail headers properly, allowing a remote attacker to send email to arbitrary addresses. According to the vendor's information, FORM2MAIL also contains a similar vulnerability, an...

5CVSS6.8AI score0.01491EPSS
Exploits0References9
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•1 views

CGI RESCUE WebFORM allows unauthorized email transmission

Overview WebFORM from CGI RESCUE is software which delivers the HTML form inputs via email. WebFORM fails to check the mail headers properly, allowing a remote attacker to send email to arbitrary addresses. According to the vendor's information, FORM2MAIL also contains a similar vulnerability, an...

7.5CVSS6.8AI score0.01709EPSS
Exploits0References9
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•1 views

Wiki clone products vulnerable to denial of service attacks

Overview Wiki clones allow a user via a web browser to edit documents on the web server. Some products of Wiki clones contain a vulnerability which consumes large amounts of CPU and memory resources when handling a particular request. Impact A remote attacker could execute a DoS denial of service...

5CVSS6.7AI score0.02227EPSS
Exploits0References9
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•3 views

Drupal cross-site scripting vulnerability

Overview Drupal, an open source content management system, contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. If session information from a cookie is leaked, an attacker could possible conduct session hijacking. Solution None...

4.3CVSS5.9AI score0.01346EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•2 views

Dokeos cross-site scripting vulnerability

Overview Dokeos, an open source e-learning content management system, contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. In particular, if session information from a cookie is leaked, an attacker could possibly conduct session...

4.3CVSS6.1AI score0.01158EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•2 views

NetCommons cross-site scripting vulnerability

Overview NetCommons is an open source content management system, combining e-learning and groupware functionality. NetCommons is developed and distributed by the NetCommons Project. NetCommons contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's...

6.8CVSS6.2AI score0.01251EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•3 views

Owl cross-site scripting vulnerability

Overview Owl, an open source document management and publishing system, contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. As a result, web pages could be spoofed. Solution...

4.3CVSS6.2AI score0.01272EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•3 views

mail f/w system vulnerable to allow unauthorized email transmissionk

Overview mail f/w system is software that enables the the emailing of the contents of a form. A vulnerability exists in mail f/w system that allows a remote attacker to send email to arbitrary addresses, due to inadequate validation of certain values in mail headers. Impact A remote attacker may...

5CVSS6.9AI score0.01459EPSS
Exploits0References10
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•3 views

Cybozu products vulnerable to directory traversal

Overview Multiple Cybozu products contain a directory traversal vulnerability. Impact A remote authenticated attacker could read an arbitrary file on the server. The files that can be viewed by an attacker depend on the environment where the Cybozu products are installed. Solution None...

4CVSS6.9AI score0.0329EPSS
Exploits0References9
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•3 views

Cybozu products vulnerable to directory traversal

Overview Multiple Cybozu products contain a directory traversal vulnerability. Impact A remote authenticated attacker could read an arbitrary file on the server. The files that can be viewed by an attacker depend on the environment where the Cybozu products are installed. Solution None...

4CVSS6.9AI score0.01548EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•2 views

TeraStation HD-HTGL series cross-site request forgery vulnerability

Overview TeraStation HD-HTGL series provided by Buffalo, Inc. are hard disks for LAN connection and have administrative web interface. The administrative interface for the TeraStation HD-HTGL contains a cross-site request forgety CSRF vulnerability. Impact If a TeraStation HD-HTGL administrator w...

7.6CVSS6.8AI score0.01095EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•3 views

NEC MultiWriter 1700C/7500C FTP server vulnerability

Overview NEC printers contain a vulnerability which allow connection to external FTP servers via the printer's internal FTP server. Although the printer's FTP server can connect to a target FTP server, it cannot send files to a target FTP server. Impact A remote attacker could possibly conduct a...

7.8CVSS7AI score0.01205EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•2 views

desknet's buffer overflow vulnerability

Overview desknet's, web-based groupware, contains a buffer overflow vulnerability. Impact A remote attacker could execute an arbitrary command or code, or cause the DoS denial of service condition. Solution None...

7.5CVSS7.8AI score0.02775EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•3 views

MyODBC Japanese Conversion Edition denial of service vulnerability

Overview MyODBC is an ODBC driver that allows ODBC-compliant applications to communicate with a MySQL database. MyODBC Japanese Conversion Edition is a Windows version of the driver with additional Japanese encoding functionality released from SoftAgency. MyODBC Japanese Conversion Edition contai...

7.8CVSS6.7AI score0.01205EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•3 views

EC-CUBE cross-site scripting vulnerability

Overview EC-CUBE, an open source system for creating shopping websites, contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. If session information from a cookie is leaked, session hijacking could be conducted. Solution None...

4.3CVSS6.1AI score0.01262EPSS
Exploits0References12
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•2 views

tDiary cross-site scripting vulnerability

Overview tDiary, a weblog system from the tDiary development project, contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution None...

4.3CVSS6.1AI score0.01612EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•3 views

Chama Cargo cross-site scripting vulnerability

Overview Chama Cargo, a cgi program written in perl for creating shopping websites, contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution None...

6.8CVSS6.3AI score0.014EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•1 views

TikiWiki cross-site scripting vulnerability

Overview TikiWiki, one of Wiki clones, contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution None...

2.6CVSS6.3AI score
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•1 views

Shobo Shobo Nikki System (sns) cross-site scripting vulnerability

Overview Shobo Shobo Nikki System sns, weblog scripts provided by Project Amateras, contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Also, the administrator's password could be disclosed if cookie information is leaked. Solution...

6.8CVSS6.2AI score0.01242EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•3 views

SugarCRM cross-site scripting vulnerability

Overview SugarCRM, open source CRM Customer Relationship Management software, contains a cross-site scripting vulnerability. This vulnerability is different from JVN30144870. Impact An arbitrary script could be executed on the user's web browser where the user logged into SugarCRM. If an attacker...

6.8CVSS6AI score0.01386EPSS
Exploits0References9
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•1 views

Ruby vulnerability caused by a problem with the alias funtion so that safe level 4 does not function as a sandbox

Overview Safe levels exist as a part of the Ruby language security model, in order to limit the operation of untrusted objects. Ruby contains a vulnerability which may allow an attacker to bypass the safe level restrictions and execute normally inaccessible methods, due to a problem in Ruby's ali...

6.4CVSS7.4AI score0.05739EPSS
Exploits0References12
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•4 views

tDiary arbitrary Ruby script execution vulnerability

Overview tDiary is weblog software maintained by the tDiary development project. tDiary contains a vulnerability which allows a remote attacker to execute arbitrary Ruby scripts on a vulnerable system. Impact Depending on tDiary's configuration, an arbitrary Ruby script could be executed on the w...

6CVSS7.4AI score0.00979EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•2 views

Joomla! cross-site scripting vulnerability

Overview Joomla!, an open source content management system, contains a cross-site scripting vulnerability. This vulnerability is different from JVN79484135. Impact An arbitrary script may be executed on the user's web browser. If session information in a cookie is leaked, an attacker could possib...

7.5CVSS5.9AI score0.01263EPSS
Exploits0References13
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•4 views

JP1 Request Handling Denial of Service Vulnerabilities

Overview Hitachi JP1 products fails to handle unexpected requests and data, which could be exploited to cause a denial of service condition. Impact An attacker could cause a Denial of Service DoS. Solution Please refer to the 'Vendor Information' section for official remediation and take...

5CVSS6.7AI score0.01596EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•3 views

Microsoft Internet Explorer address bar spoofing vulnerability

Overview Microsoft Internet Explorer contains an address bar spoofing vulnerability. A remote attacker can cause a spoofed content to be displayed in a user's web browser window. The address bar and other parts of the trust user interface can be displayed in the context of a trusted site while th...

4.3CVSS6.7AI score0.19154EPSS
Exploits0References10
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•2 views

Microsoft Windows Indexing Service cross-site scripting vulnerability

Overview Microsoft Windows Indexing Service contains a cross-site scripting vulnerability. Impact If the Indexing Service in Internet Information Services IIS provides search capabilities, an arbitrary script could be executed on the user's web browser. Solution None...

4.3CVSS6AI score0.33221EPSS
Exploits0References12
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•1 views

Eudora Japanese version stops working after the application crashes

Overview Eudora is a mail client from QUALCOMM. The Eudora Japanese version sold by Livedoor contains a vulnerability to crash, caused by previewing an email that has a corrupt image attachment. Impact Eudora Japanese version stops functioning, once crashed by opening an email message containing ...

5CVSS6.8AI score
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•1 views

Nagasaki Electronic Prefectural Office System SQL injection vulnerability

Overview Nagasaki Prefectural Government has developed an open source electronic prefectural office system. The system contains SQL injection vulnerabilities. Impact A remote attacker may view or modify the database contents. Solution None...

7.5CVSS8.3AI score
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•1 views

QUICK CART OS command injection vulnerability

Overview QUICK CART is a shopping cart system that provides functionalities used for managing an Internet store. An OS command injection vulnerability exists in QUICK CART as it does not properly validate the user input. Impact A remote attacker could execute arbitrary operating system commands o...

7.5CVSS8.2AI score
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•1 views

QUICK CART cross-site scripting vulnerability

Overview QUICK CART is a shopping cart system for building Internet shop sites. QUICK CART contains a cross-site scripting vulnerability as it does not validate inputs properly. Impact An arbitrary script could be executed on the user's web browser. Solution None...

4.3CVSS6.2AI score
Exploits0References3
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•2 views

DonutP and UnDonut confirmation dialog display vulnerability

Overview DonutP and its successor, unDonut, are IE-based tabbed web browsers. In DonutP and old versions of unDonut, Donut.P API does not require explicit user consent. Therefore DonutP and unDonut contain a vulnerability which may allow an attacker to execute a cross-site scripting and other...

4.3CVSS6.2AI score
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•1 views

Multiple email clients vulnerable to directory traversal due to inappropriate unicode handling

Overview Some email clients contain a vulnerability when handling an attached file with a file name using unicode. This may result in a directory traversal attack or displaying a file name diffrently from the actual file name. Impact Actual impact could differ depending on the email clients thoug...

5CVSS7AI score
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•6 views

RWiki arbitrary Ruby script execution vulnerability

Overview RWiki, one of Wiki clones, contains a vulnerability allowing execution of arbitrary Ruby scripts on its edit mode page. Impact A remote attacker could execute an arbitrary Ruby script on the server where RWiki is installed, with the privilege running RWiki. Solution...

7.5CVSS7.1AI score0.01555EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•3 views

Joomla! cross-site scripting vulnerability

Overview Joomla!, an open source content management system, contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. If session information from a cookie is leaked, an attacker could possibly conduct session hijacking. Solution None...

7.5CVSS6.1AI score0.01692EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•2 views

dotProject cross-site scripting vulnerability

Overview dotProject, an open source project management tool, contains a cross-site scripting vulnerability. This vulnerability is different from JVN97636431. Impact An arbitrary script may be executed on the user's web browser. In particular, if session information from a cookie is leaked, an...

4.3CVSS6AI score0.02251EPSS
Exploits0References11
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•1 views

Wiki clone products vulnerable to denial of service attacks

Overview Wiki clones allow a user via a web browser to edit documents on the web server. Some products of Wiki clones contain a vulnerability which consumes large amounts of CPU and memory resources when handling a particular request. Impact A remote attacker could execute a DoS denial of service...

5CVSS7AI score
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•3 views

ServerView cross-site scripting vulnerability

Overview ServerView, server-monitoring software included with Fujitsu servers, contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution None...

4.3CVSS6.3AI score0.01275EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•3 views

Geeklog cross-site scripting vulnerability

Overview Geeklog, an open source content management system, contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. If session information from a cookie is leaked, an attacker could possibly conduct session hijacking. Solution None...

4.3CVSS6.1AI score0.01518EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•1 views

ATutor cross-site scripting vulnerability

Overview ATutor, an open source e-learning content management system, contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Authentication information could be stolen as a result. Solution None...

4.3CVSS6.1AI score
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•1 views

ServerView directory traversal vulnerability

Overview ServerView, server monitoring software included in Fujitsu servers, contains a directory traversal vulnerability. Impact A remote attacker could view particular files on the server. Solution None...

5CVSS6.9AI score0.01779EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•2 views

Loudblog cross-site scripting vulnerability

Overview Loudblog, an open source content management system used for podcasting, etc., contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. If session information from a cookie is leaked, an attacker could possibly condust session...

4.3CVSS6.2AI score0.01275EPSS
Exploits0References8
Total number of security vulnerabilities5625