FTP bounce vulnerability in multiple Canon digital multifunction copiers and laser beam printers

Overview Multiple Canon digital multifunction copiers and laser beam printers contain a vulnerability that could allow a remote attacker to access other network devices via a built-in FTP server. The Canon Color imageRUNNER Series, imageRUNNER Series, imagePRESS Series, and laser beam printer...

Namazu cross-site scripting vulnerability

Overview Namazu, Japanese full-text search engine, contains a cross-site scripting vulnerability. Namazu, Japanese full-text search engine does not specify charset in the ContentType header that could allow a remote attacker to execute an arbitrary script on the user's web browser. Impact An...

SEWB3/PLATFORM Denial of Service Vulnerability

Overview SEWB3/PLATFORM handles SEWB3 message improperly when it receives malformed data, which allows attackers to cause a Denial of Service DoS. Impact An attacker could cause a Denial of Service DoS. Solution Please refer to the 'Vendor Information' section for official remediation and take...

Symantec Backup Exec for Windows Server ActiveX Control Multiple Buffer Overflow Vulnerabilities

Overview The PVATLCalendar.PVCalendar.1 pvcalendar.ocx ActiveX control, a scheduler component of the Media Server in Symantec Backup Exec for Windows Server BEWS, includes the insecure Save method that mishandles long strings assigned to various properties listed below, which can be exploited to...

Website connection problem when a mobile phone terminal uses specific QR code

Overview Mobile phone terminals supporting the two-dimensional code QR code read function are reported to have a website connection problem. When specific QR code is read, even if a user tries to connect to the URL string in the first line of the two URL lines displayed, the connection is...

Zimbra Collaboration Suite script execution vulnerability

Overview Zimbra Collaboration Suite, a web collaboration tool from Zimbra, Inc., contains a vulnerability that could allow a remote attacker to execute an arbitrary script on the user's web browser. Zimbra Collaboration Suite is a web collaboration tool that provides calendar, address book,...

Apache Tomcat fails to properly handle cookie value

Overview Apache Tomcat from the Apache Software Foundation contains a vulnerability that could allow a remote attacker to coerce a crafted cookie to a user's web browser. Apache Tomcat from the Apache Software Foundation is a web container that implements both Java Servlets and JavaServer Pages...

Mozilla Firefox cross-site scripting vulnerability

Overview Mozilla Firefox web browser contains a cross-site scripting vulnerability. Mozilla Firefox does not properly handle certain HTML documents in ShiftJIS encoding. According to MFSA 2008-13, this flaw could potentially be used to evade web-site input filters and result in a XSS attack hazar...

Symantec Backup Exec for Windows Server ActiveX Control Multiple Vulnerabilities

Overview The PVATLCalendar.PVCalendar.1 pvcalendar.ocx ActiveX control, a scheduler component of the Media Server in Symantec Backup Exec for Windows Server BEWS, includes the insecure Save method that mishandles strings assigned to certain properties listed below, which can be exploited to cause...

CGI RESCUE WebFORM vulnerable to HTTP header injection

Overview WebFORM released from CGI RESCUE is software that allows the emailing of contents of a HTML form. WebFORM contains a HTTP header injection vulnerability which is caused by improperly processing the output of HTTP headers. Impact Falsified information may be displayed or an arbitrary scri...

Sleipnir RSS bar vulnerable in handling RSS data in an inappropriate security zone

Overview Sleipnir is a tabbed web browser developed in Japan by Fenrir & Co. Sleipnir RSS bar contains a vulnerability that RSS data is handled in an inappropriate security zone My Computer zone. Impact An arbitrary script could be executed in an inappropriate security zone. Solution None...

MODx cross-site scripting vulnerability

Overview MODxl, an open source content management system, contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. If session information from a cookie is leaked, an attacker could possibly conduct session hijacking. Solution None...

Overlay Weaver cross-site scripting vulnerability

Overview Overlay Weaver is software for constructing and emulating overlay network. Overlay Weaver's DHT shell contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution None...

APOP password recovery vulnerability

Overview POP3 is a protocol for receiving email from mail servers. APOP is an authentication mechanism used by the POP3 protocol. It is reported that APOP passwords could be recovered by third parties. In its successful attack, the attacker spoofs itself as the mail server, provides challenge...

HP System Management Homepage cross-site scripting vulnerability

Overview A cross-site scripting vulnerability exists in Hewlett-Packard HP System Management Homepage SMH. HP System Management Homepage SMH from Hewlett-Packard is a web-based interface that can manage HP servers. A cross-site scripting vulnerability exists in SMH. It is also confirmed that Comp...

Lhaca LHZ Archive Extended Header Size Processing Buffer Overflow Vulnerability

Overview Lhaca does not process an LHZ archive with an invalid Extended Header Size properly, which could lead to buffer overflow. This problem is reported to be different from the issue identified in JVNDB-2007-000492 CVE-2007-3375. Impact An attacker could execute arbitrary code. Solution Pleas...

Flash Player allows to send arbitrary Referer headers

Overview Flash Player from Adobe contains a vulnerability allowing to send arbitrary Referer headers. Flash Player from Adobe is a multimedia and application browser plugin for viewing Adobe Flash contents. Flash Player contains a vulnerability allowing to send arbitrary Referer headers. Impact A...

Mayaa cross-site scripting vulnerability

Overview Mayaa, a Java template engine from the Seasar Project, contains a cross-site scripting vulnerability. Mayaa from the Seasar Project is an open source Java template engine. A cross-site scripting vulnerability exists in Mayaa. Impact An arbitrary script may be executed on the user's web...

Cosminexus Developer's Kit for Java Buffer Overflow and Denial of Service Vulnerabilities

Overview The image-processing APIs in Cosminexus Developer's Kit for Java is vulnerable to buffer overflow and a Denial od Service DoS. Impact An attacker could cause a Denial of Service DoS or execute arbitrary code. Solution Please refer to the 'Vendor Information' section for official...

Ichitaro series buffer overflow vulnerability

Overview The "Ichitaro" series word processing software contains a buffer overflow vulnerability. This vulnerability is different from JVN32981509 and JVN50495547. The "Ichitaro" series word processing software, from JustSystems Corporation, contains a buffer overflow vulnerability. If a user ope...

GreaseKit and Creammonkey allows execution of userscript functions

Overview GreaseKit and Creammonkey contains a vulnerability that can be exploited to execute functions for userscripts. GreaseKit and Creammonkey are plugins that enable user scripting to Safari and other Apple Webkit applications, and they provide APIs callable only from userscripts. GreaseKit a...

dotProject cross-site scripting vulnerability

Overview dotProject, an open source project management tool, contains a cross-site scripting vulnerability. As of June 5, 2006, it is confirmed that Internet Explorer is affected by this vulnerability. It is also confirmed that Mozilla Firefox and Opera are not affected by this vulnerability...

Joomla! cross-site scripting vulnerability

Overview Joomla!, an open source content management system, contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. If session information from a cookie is leaked, an attacker could possibly conduct session hijacking. Solution None...

Drupal cross-site scripting vulnerability

Overview Drupal, an open source content management system, contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. If session information from a cookie is leaked, an attacker could possible conduct session hijacking. Solution None...

Owl cross-site scripting vulnerability

Overview Owl, an open source document management and publishing system, contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. As a result, web pages could be spoofed. Solution...

Nucleus cross-site scripting vulnerability

Overview Nucleus, an open source content management system, contains a cross-site scripting vulnerability. Impact An arbitrary script could be executed on the web browser of an administrator with Nucleus super-admin privilege. If session information from a cookie is leaked, an attacker could...

Multiple vulnerabilities in Webmin and Usermin

Overview Webmin and Usermin, web-based system management tools, contain the following vulnerabilities: - Execution of arbitrary files and viewing source code by bypassing Webmin and Usermin's access restrictions - Cross-site scripting We are aware that these vulnerabilities have been addressed in...

Vulnerability in multiple web browsers allowing request spoofing attacks

Overview Multiple web browsers contain a vulnerability in the processing of XmlHttpRequest objects. XmlHttpRequest objects available in JavaScript provide a function to communicate with a server without reloading a web page. In general, JavaScript only allows communication within the same domain ...

Fujitsu Java Runtime Environment reflection API vulnerability

Overview A vulnerability exists in the reflection API in the Java Runtime Environment that may allow a Java applet to elevate its privileges bypassing its security restrictions. This problem was reported by Sun Microsystems as a vulnerability in Java Runtime Environment. Fujitsu's product is...

msearch directory traversal vulnerability

Overview msearch, a full-text search engine for web sites, contains a directory traversal vulnerability when used on Windows and Linux servers. Impact A remote attacker could view msearch configuration files, index files, and other files written in the same format as these files. Solution None...

WirelessIP5000 has multiple vulnerabilities

Overview WirelessIP5000, a wireless IP phone from Hitachi Cable, contains multiple vulnerabilities; - Illegal access using the port TCP3390 - SNMP access using an arbitrary community name - Access to the HTTP server by an unauthorized user in the factory default configuration - The HTTP server...

HTTPD-User-Manage cross-site scripting vulnerability

Overview HTTPD-User-Manage is a set of Perl modules for managing user authentication information for web servers. It contains a cross-site scripting vulnerability in its CGI as it does not properly validate input strings. This problem does not occur when only the library for managing database is...

Lha Directory Traversal Vulnerability in Testing and Extracting Process

Overview LHa for UNIX is vulnerable to directory traversal due to improper path validation when testing or extracting an archive. Impact An attacker could bypass access restriction and create arbitrary files in the directories for which he has no permission. Solution Please refer to the 'Vendor...

SquirrelMail cross-site scripting vulnerability

Overview SquirrelMail is a web-based email program provided by the SquirrelMail Project. SquirrelMail contains a cross-site scripting vulnerability as it does not adequately handle HTML email. Impact A malicious script may be executed on the user's web browser. Solution None...

Winny buffer overflow vulnerability

Overview Winny, P2P file-sharing exchange software, contains a buffer overflow vulnerability. As of May 25, 2006, exploit information is publicly available. Currently we are not aware of any attacks. It is recommended that users avoid using Winny. Impact If a remote attacker sends a malicious...

Apache Struts Validator allows to bypass input data validation

Overview Apache Struts is a Web application framework from the Apache Software Foundation. Apache Struts contains a vulnerability allowing to bypass input data validation by the Validator. Impact Depending on the web application, an attacker may be able to manipulate unexpected operations by...

ServerView directory traversal vulnerability

Overview ServerView, server monitoring software included in Fujitsu servers, contains a directory traversal vulnerability. Impact A remote attacker could view particular files on the server. Solution None...

Dokeos cross-site scripting vulnerability

Overview Dokeos, an open source e-learning content management system, contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. In particular, if session information from a cookie is leaked, an attacker could possibly conduct session...

mail f/w system vulnerable to allow unauthorized email transmissionk

Overview mail f/w system is software that enables the the emailing of the contents of a form. A vulnerability exists in mail f/w system that allows a remote attacker to send email to arbitrary addresses, due to inadequate validation of certain values in mail headers. Impact A remote attacker may...

NEC MultiWriter 1700C/7500C FTP server vulnerability

Overview NEC printers contain a vulnerability which allow connection to external FTP servers via the printer's internal FTP server. Although the printer's FTP server can connect to a target FTP server, it cannot send files to a target FTP server. Impact A remote attacker could possibly conduct a...

Ruby XMLRPC Arbitrary Command Execution Vulnerability

Overview utils.rb in The Ruby XMLRPC server sets an insecure default value for the publicinstancemethods function, which could cause the highly privileged function to be exposed. Impact An attacker could execute arbitrary command on the system running Ruby XMLRPC. Solution Please refer to the...

Common Management Agent 3.x vulnerable to information leakage

Overview Common Management Agent used in ePolicy Orchestrator and ProtectionPilot has a problem in directory access right setting which allows an attacker to obtain or view a list of files. Impact A remote attacker could view files. Solution None...

BBSNote cross-site scripting vulnerability

Overview BBSNote, CGI bulletin board script, contains a cross-site scripting vulnerability due to improper handling of CGI arguments. Impact A malicious script may be executed on the user's web browser. Solution None...

LHA extrace_one Vuffer Overflow Vulnerability

Overview LHA lhext.c contains a buffer overflow vulnerability with the extractone funcation, which stems from improper handling of a 'w' option argument. Impact An remote attacker could execute arbitrary code. Solution Please refer to the 'Vendor Information' section for official remediation and...

Ruby cgi.rb Denial of Service Vulnerability

Overview Ruby cgi.rb enters an infinite loop which leads it into Ddenial of Service DoS due to improper input validation. Impact An attacker could cause a Denial of Service DoS onto the systems. Solution Please refer to the 'Vendor Information' section for official remediation and take appropriat...

Shuriken Pro3 S/MIME signature verification does not verify the certificate authenticity

Overview Shuriken Pro3 contains a vulnerability in the S/MIME signature verification where the authenticity of the certificate is not verified when verifying the S/MIME digital signature of an email message. Impact A user can not notice a forged message when it is signed with a malicious digital...

Cross-site scripting vulnerabilities in multiple Hal Networks shopping cart products

Overview Multiple Hal Networks shopping cart software products are vulnerable to cross-site scripting. Multiple shopping cart software products are affected by this vulnerability. For details, see the information provided by Hal Networks. Impact An arbitrary script can be executed on the user's w...

PC2M cross-site scripting vulnerability

Overview PC2M is an open source web application which converts web pages and images to be available on web-capable mobile devices such as cellphones and PDAs. PC2M contains a cross-site scripting vulnerability. Impact An arbitrary script can be executed on the user's web browser. Solution Update...

BFup ActiveX Control buffer overflow vulnerability

Overview BFup ActiveX Control contains a buffer overflow vulnerability. BFup ActiveX Control is developed by an individual that provides file upload and download functionality. BFup ActiveX Control contains a buffer overflow vulnerability. According to the developer of BFup ActiveX Control, this...

CCC Cleaner buffer overflow vulnerability

Overview CCC Cleaner, provided by Cyber Clean Center between January 25 and February 9, 2007, contains a buffer overflow vulnerability that occurs when it scans UPX-packed executables. This vulnerability is caused by a buffer overflow vulnerability in the scan processing of UPX compressed...