5625 matches found
Sun Java System Web Server cross-site scripting vulnerability
Overview Sun Java System Web Server originally called Sun ONE Web Server contains a cross-site scripting vulnerability. A vulnerable web server does not adequately validate the HTTP REFERER header before using the contents in the default error page. Impact A malicious script may be executed on th...
Ruby contains a vulnerability that prevents safe level 4 from functioning as a sandbox.
Overview Safe level is a security model provided by Ruby language that limits the operation of untrusted objects. A vulnerability that allows an attacker to bypass the safe level restrictions and execute inaccessible methods ex. destructive methods was confirmed. Impact An attacker may be able to...
Nagasaki Electronic Prefectural Office System authentication information vulnerability
Overview Nagasaki Prefectural Government has developed an open source electronic prefectural office system. The system hardcodes some credential information and a remote attacker could impersonate genuine users. Impact A remote attacker could impersonate genuine users. As a result, the attacker...
Minnu's filer2 vulnerable in allowing arbitrary Ruby script execution
Overview The Minnu's filer2 is a Unix file managing program. This software has a vulnerability that allows a attacker to execute arbitrary Ruby scripts with the privilege of the user running the Minnu's filer2. Impact An attacker could take over a user's account, steal the user's information or...
CAFEMILK Shopping Cart CGI cross-site scripting vulnerability
Overview CAFEMILK Shopping Cart CGI contains a cross-site scripting vulnerability as it does not properly validate input strings. Impact A malicious script may be executed on the user's web browser. Personal information, recorded in cookies issued by CAFEMILK SHOPPING CART CGI, may be leaked...
FreeStyleWiki cross-site scripting vulnerability
Overview FreeStyleWiki, a Wiki clone program implemented in Perl, contains a cross-site scripting vulnerability. Impact An rbitrary script may be executed on the user's web browser. In addition, if session information from a cookie is leaked, an attacker could possibly conduct session hijacking...
Trac cross-site scripting vulnerability
Overview Trac is a project management tool from Edgewall Software. InterAct Corp. provides a localized version of Trac in Japan. Trac wiki engine contains a cross-site scripting vulnerability. Impact A remote attacker could possibly execute an arbitrary script on the user's web browser. Solution...
MyWeb SQL injection vulnerability
Overview Groupware MyWeb contains a SQL injection vulnerability. Impact A remote attacker could view or modify the database contents. Solution None...
RWiki cross-site scripting vulnerability
Overview RWiki, software written in Ruby providing Wiki functions, contains a cross-site scripting vulnerability, as content is not adequately escaped for display. Impact A remote attacker could upload content containing malicious code to a server running vulnerable RWiki. As a result, an arbitra...
CGI RESCUE WebFORM allows unauthorized email transmission
Overview WebFORM from CGI RESCUE is software which delivers the HTML form inputs via email. WebFORM fails to check the mail headers properly, allowing a remote attacker to send email to arbitrary addresses. According to the vendor's information, FORM2MAIL also contains a similar vulnerability, an...
CGI RESCUE WebFORM allows unauthorized email transmission
Overview WebFORM from CGI RESCUE is software which delivers the HTML form inputs via email. WebFORM fails to check the mail headers properly, allowing a remote attacker to send email to arbitrary addresses. According to the vendor's information, FORM2MAIL also contains a similar vulnerability, an...
Wiki clone products vulnerable to denial of service attacks
Overview Wiki clones allow a user via a web browser to edit documents on the web server. Some products of Wiki clones contain a vulnerability which consumes large amounts of CPU and memory resources when handling a particular request. Impact A remote attacker could execute a DoS denial of service...
Drupal cross-site scripting vulnerability
Overview Drupal, an open source content management system, contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. If session information from a cookie is leaked, an attacker could possible conduct session hijacking. Solution None...
Dokeos cross-site scripting vulnerability
Overview Dokeos, an open source e-learning content management system, contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. In particular, if session information from a cookie is leaked, an attacker could possibly conduct session...
NetCommons cross-site scripting vulnerability
Overview NetCommons is an open source content management system, combining e-learning and groupware functionality. NetCommons is developed and distributed by the NetCommons Project. NetCommons contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's...
Owl cross-site scripting vulnerability
Overview Owl, an open source document management and publishing system, contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. As a result, web pages could be spoofed. Solution...
mail f/w system vulnerable to allow unauthorized email transmissionk
Overview mail f/w system is software that enables the the emailing of the contents of a form. A vulnerability exists in mail f/w system that allows a remote attacker to send email to arbitrary addresses, due to inadequate validation of certain values in mail headers. Impact A remote attacker may...
Cybozu products vulnerable to directory traversal
Overview Multiple Cybozu products contain a directory traversal vulnerability. Impact A remote authenticated attacker could read an arbitrary file on the server. The files that can be viewed by an attacker depend on the environment where the Cybozu products are installed. Solution None...
Cybozu products vulnerable to directory traversal
Overview Multiple Cybozu products contain a directory traversal vulnerability. Impact A remote authenticated attacker could read an arbitrary file on the server. The files that can be viewed by an attacker depend on the environment where the Cybozu products are installed. Solution None...
TeraStation HD-HTGL series cross-site request forgery vulnerability
Overview TeraStation HD-HTGL series provided by Buffalo, Inc. are hard disks for LAN connection and have administrative web interface. The administrative interface for the TeraStation HD-HTGL contains a cross-site request forgety CSRF vulnerability. Impact If a TeraStation HD-HTGL administrator w...
NEC MultiWriter 1700C/7500C FTP server vulnerability
Overview NEC printers contain a vulnerability which allow connection to external FTP servers via the printer's internal FTP server. Although the printer's FTP server can connect to a target FTP server, it cannot send files to a target FTP server. Impact A remote attacker could possibly conduct a...
desknet's buffer overflow vulnerability
Overview desknet's, web-based groupware, contains a buffer overflow vulnerability. Impact A remote attacker could execute an arbitrary command or code, or cause the DoS denial of service condition. Solution None...
MyODBC Japanese Conversion Edition denial of service vulnerability
Overview MyODBC is an ODBC driver that allows ODBC-compliant applications to communicate with a MySQL database. MyODBC Japanese Conversion Edition is a Windows version of the driver with additional Japanese encoding functionality released from SoftAgency. MyODBC Japanese Conversion Edition contai...
EC-CUBE cross-site scripting vulnerability
Overview EC-CUBE, an open source system for creating shopping websites, contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. If session information from a cookie is leaked, session hijacking could be conducted. Solution None...
tDiary cross-site scripting vulnerability
Overview tDiary, a weblog system from the tDiary development project, contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution None...
Chama Cargo cross-site scripting vulnerability
Overview Chama Cargo, a cgi program written in perl for creating shopping websites, contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution None...
TikiWiki cross-site scripting vulnerability
Overview TikiWiki, one of Wiki clones, contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution None...
Shobo Shobo Nikki System (sns) cross-site scripting vulnerability
Overview Shobo Shobo Nikki System sns, weblog scripts provided by Project Amateras, contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Also, the administrator's password could be disclosed if cookie information is leaked. Solution...
SugarCRM cross-site scripting vulnerability
Overview SugarCRM, open source CRM Customer Relationship Management software, contains a cross-site scripting vulnerability. This vulnerability is different from JVN30144870. Impact An arbitrary script could be executed on the user's web browser where the user logged into SugarCRM. If an attacker...
Ruby vulnerability caused by a problem with the alias funtion so that safe level 4 does not function as a sandbox
Overview Safe levels exist as a part of the Ruby language security model, in order to limit the operation of untrusted objects. Ruby contains a vulnerability which may allow an attacker to bypass the safe level restrictions and execute normally inaccessible methods, due to a problem in Ruby's ali...
tDiary arbitrary Ruby script execution vulnerability
Overview tDiary is weblog software maintained by the tDiary development project. tDiary contains a vulnerability which allows a remote attacker to execute arbitrary Ruby scripts on a vulnerable system. Impact Depending on tDiary's configuration, an arbitrary Ruby script could be executed on the w...
Joomla! cross-site scripting vulnerability
Overview Joomla!, an open source content management system, contains a cross-site scripting vulnerability. This vulnerability is different from JVN79484135. Impact An arbitrary script may be executed on the user's web browser. If session information in a cookie is leaked, an attacker could possib...
JP1 Request Handling Denial of Service Vulnerabilities
Overview Hitachi JP1 products fails to handle unexpected requests and data, which could be exploited to cause a denial of service condition. Impact An attacker could cause a Denial of Service DoS. Solution Please refer to the 'Vendor Information' section for official remediation and take...
Microsoft Internet Explorer address bar spoofing vulnerability
Overview Microsoft Internet Explorer contains an address bar spoofing vulnerability. A remote attacker can cause a spoofed content to be displayed in a user's web browser window. The address bar and other parts of the trust user interface can be displayed in the context of a trusted site while th...
Microsoft Windows Indexing Service cross-site scripting vulnerability
Overview Microsoft Windows Indexing Service contains a cross-site scripting vulnerability. Impact If the Indexing Service in Internet Information Services IIS provides search capabilities, an arbitrary script could be executed on the user's web browser. Solution None...
Eudora Japanese version stops working after the application crashes
Overview Eudora is a mail client from QUALCOMM. The Eudora Japanese version sold by Livedoor contains a vulnerability to crash, caused by previewing an email that has a corrupt image attachment. Impact Eudora Japanese version stops functioning, once crashed by opening an email message containing ...
Nagasaki Electronic Prefectural Office System SQL injection vulnerability
Overview Nagasaki Prefectural Government has developed an open source electronic prefectural office system. The system contains SQL injection vulnerabilities. Impact A remote attacker may view or modify the database contents. Solution None...
QUICK CART OS command injection vulnerability
Overview QUICK CART is a shopping cart system that provides functionalities used for managing an Internet store. An OS command injection vulnerability exists in QUICK CART as it does not properly validate the user input. Impact A remote attacker could execute arbitrary operating system commands o...
QUICK CART cross-site scripting vulnerability
Overview QUICK CART is a shopping cart system for building Internet shop sites. QUICK CART contains a cross-site scripting vulnerability as it does not validate inputs properly. Impact An arbitrary script could be executed on the user's web browser. Solution None...
DonutP and UnDonut confirmation dialog display vulnerability
Overview DonutP and its successor, unDonut, are IE-based tabbed web browsers. In DonutP and old versions of unDonut, Donut.P API does not require explicit user consent. Therefore DonutP and unDonut contain a vulnerability which may allow an attacker to execute a cross-site scripting and other...
Multiple email clients vulnerable to directory traversal due to inappropriate unicode handling
Overview Some email clients contain a vulnerability when handling an attached file with a file name using unicode. This may result in a directory traversal attack or displaying a file name diffrently from the actual file name. Impact Actual impact could differ depending on the email clients thoug...
RWiki arbitrary Ruby script execution vulnerability
Overview RWiki, one of Wiki clones, contains a vulnerability allowing execution of arbitrary Ruby scripts on its edit mode page. Impact A remote attacker could execute an arbitrary Ruby script on the server where RWiki is installed, with the privilege running RWiki. Solution...
Joomla! cross-site scripting vulnerability
Overview Joomla!, an open source content management system, contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. If session information from a cookie is leaked, an attacker could possibly conduct session hijacking. Solution None...
dotProject cross-site scripting vulnerability
Overview dotProject, an open source project management tool, contains a cross-site scripting vulnerability. This vulnerability is different from JVN97636431. Impact An arbitrary script may be executed on the user's web browser. In particular, if session information from a cookie is leaked, an...
Wiki clone products vulnerable to denial of service attacks
Overview Wiki clones allow a user via a web browser to edit documents on the web server. Some products of Wiki clones contain a vulnerability which consumes large amounts of CPU and memory resources when handling a particular request. Impact A remote attacker could execute a DoS denial of service...
ServerView cross-site scripting vulnerability
Overview ServerView, server-monitoring software included with Fujitsu servers, contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution None...
Geeklog cross-site scripting vulnerability
Overview Geeklog, an open source content management system, contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. If session information from a cookie is leaked, an attacker could possibly conduct session hijacking. Solution None...
ATutor cross-site scripting vulnerability
Overview ATutor, an open source e-learning content management system, contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Authentication information could be stolen as a result. Solution None...
ServerView directory traversal vulnerability
Overview ServerView, server monitoring software included in Fujitsu servers, contains a directory traversal vulnerability. Impact A remote attacker could view particular files on the server. Solution None...
Loudblog cross-site scripting vulnerability
Overview Loudblog, an open source content management system used for podcasting, etc., contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. If session information from a cookie is leaked, an attacker could possibly condust session...