5625 matches found
Google Web Toolkit vulnerable to cross-site scripting
Overview Google Web Toolkit GWT is vulnerable to cross-site scripting. Google Web Toolkit GWT is an open source software development framework that allows web developers to create Ajax applications in Java. The benchmark reporting system in GWT is vulnerable to cross-site scripting. Impact An...
Cross-site scripting in Sun Java System Web Server and Sun Java System Web Proxy Server
Overview Sun Java System Web Server and Sun Java System Web Proxy Server are vulnerable to cross-site scripting. Sun Java System Web Server and Sun Java System Web Proxy Server, which are both web servers, provide a function for a user to view access logs and other records in a web browser. This...
GreaseKit and Creammonkey allows execution of userscript functions
Overview GreaseKit and Creammonkey contains a vulnerability that can be exploited to execute functions for userscripts. GreaseKit and Creammonkey are plugins that enable user scripting to Safari and other Apple Webkit applications, and they provide APIs callable only from userscripts. GreaseKit a...
Ichitaro series buffer overflow vulnerability
Overview The "Ichitaro" series word processing software contains a buffer overflow vulnerability. This vulnerability is different from JVN32981509 and JVN50495547. The "Ichitaro" series word processing software, from JustSystems Corporation, contains a buffer overflow vulnerability. If a user ope...
Ichitaro series buffer overflow vulnerability
Overview The "Ichitaro" series word processing software contains a buffer overflow vulnerability. This vulnerability is different from JVN29211062 and JVN50495547. The "Ichitaro" series word processing software, from JustSystems Corporation, contains a buffer overflow vulnerability. If a user ope...
Groupmax Collaboration Schedule Information Disclosure Vulnerability
Overview The Schedule component in Groupmax Collaboration contains an information disclosure vulnerability where non-disclosable information can be displayed on a schedule portlet. Impact Unintended information diasclosure could occur, which an attacker could exploit for further attack. Solution...
Apache UTF-7 Encoding Cross-Site Scripting Vulnerability
Overview The modautoindex.c module in Apache HTTP Server is vulnerable to a cross-site scripting attack. When the charset on a server-generated page is undefined, the vulnerability allows attackers to inject arbitrary scripts or HTML via the P parameter using the UTF-7 charset. Impact An attacker...
Multiple JustSystems products vulnerable to buffer overflow
Overview Multiple JustSystems products are vulnerable to buffer overflow. Multiple JustSystems products contain a vulnerability which allows a remote attacker to cause buffer overflow when a user opens or views a specially crafted .jtd file. Multiple products are affected by this vulnerability. F...
Zimbra Collaboration Suite script execution vulnerability
Overview Zimbra Collaboration Suite, a web collaboration tool from Zimbra, Inc., contains a vulnerability that could allow a remote attacker to execute an arbitrary script on the user's web browser. Zimbra Collaboration Suite is a web collaboration tool that provides calendar, address book,...
Cross-site scripting vulnerabilities in multiple Hal Networks shopping cart products
Overview Multiple Hal Networks shopping cart software products are vulnerable to cross-site scripting. Multiple shopping cart software products are affected by this vulnerability. For details, see the information provided by Hal Networks. Impact An arbitrary script can be executed on the user's w...
Multiple Yamaha routers vulnerable to cross-site request forgery
Overview The web interface in multiple Yamaha routers is vulnerable to cross-site request forgery. Multiple Yamaha routers provide a web-based interface for users to configure the settings of the routers. The web interface is vulnerable to cross-site request forgery. Impact If the administrator...
RaidenHTTPD cross-site scripting vulnerability
Overview RaidenHTTPD, from Sonei Information Systems TEAM JOHNLONG, contains a cross-site scripting vulnerability. This issue is different from JVN90438169. RaidenHTTPD is a multipurpose web server for Windows provided by TEAM JOHNLONG. RaidenHTTPD contains a cross-site scripting vulnerability...
PC2M cross-site scripting vulnerability
Overview PC2M is an open source web application which converts web pages and images to be available on web-capable mobile devices such as cellphones and PDAs. PC2M contains a cross-site scripting vulnerability. Impact An arbitrary script can be executed on the user's web browser. Solution Update...
FTP bounce vulnerability in multiple Canon digital multifunction copiers and laser beam printers
Overview Multiple Canon digital multifunction copiers and laser beam printers contain a vulnerability that could allow a remote attacker to access other network devices via a built-in FTP server. The Canon Color imageRUNNER Series, imageRUNNER Series, imagePRESS Series, and laser beam printer...
Nagios cross-site scripting vulnerability
Overview Nagios from Nagios.org contains a cross-site scripting vulnerability. Nagios from Nagios.org is software that monitors network services, hosts, and other resources. Nagios contains a cross-site scripting vulnerability. Impact An arbitrary script can be executed on the user's web browser...
PerlMailer cross-site scripting vulnerability
Overview PerlMailer is a mail form CGI provided by "Homepage Decorator". A cross-site scripting vulnerability exists in PerlMailer. PerlMailer is a mail form CGI provided by "Homepage Decorator". It is used to send mail from a form on a web page. A cross-site scripting vulnerabiltiy exists in...
Sony mylo COM-2 does not verify server SSL certificate
Overview Sony mylo COM-2 contains a vulnerability where it does not verify the server certificate when connecting to a server via SSL/TLS. Sony mylo COM-2, a mobile terminal equipped with a web browser and media palyer, contains a vulnerability where it does not verify the server certificate when...
EUR Print Manager Denial of Service Vulnerability
Overview EUR Print Manager fails to accept job execution requests when it receives unexpected data, which could be exploited to cause a Denial of Service DoS condition. Impact An attacker could cause a Denial of Service DoD. Solution Please refer to the 'Vendor Information' section for official...
JP1/HIBUN Encryption/Decryption and Removable Media Control Malfunction Problems
Overview The encryption/decryption and removable media control function in JP1/HIBUN Advanced Edition Information Cypher and Advanced Edition Information Fortress may malfunction. Impact Information can be taken away using removable storage media. Solution Please refer to the 'Vendor Information'...
Symantec Backup Exec for Windows Server ActiveX Control Multiple Buffer Overflow Vulnerabilities
Overview The PVATLCalendar.PVCalendar.1 pvcalendar.ocx ActiveX control, a scheduler component of the Media Server in Symantec Backup Exec for Windows Server BEWS, includes the insecure Save method that mishandles long strings assigned to various properties listed below, which can be exploited to...
Symantec Backup Exec for Windows Server ActiveX Control Multiple Vulnerabilities
Overview The PVATLCalendar.PVCalendar.1 pvcalendar.ocx ActiveX control, a scheduler component of the Media Server in Symantec Backup Exec for Windows Server BEWS, includes the insecure Save method that mishandles strings assigned to certain properties listed below, which can be exploited to cause...
Google Desktop cross-site scripting vulnerability
Overview Google Desktop contains a cross-site scripting vulnerability. Google Desktop, software for searching information on local computers, contains a cross-site scripting vulnerability. Impact An arbitrary script could be executed on the web browser of a user who uses Google Desktop. Solution...
Cross-site scripting vulnerability in multiple Tor World CGI scripts
Overview Multiple Tor World CGI scripts contain a cross-site scripting vulnerability. Tor World provides CGI scripts for implementing search engines, message boards, and other tools. Multiple Tor World CGI scripts contain a cross-site scripting vulnerability. Impact An arbitrary script can be...
Multiple I-O DATA DEVICE wireless LAN routers default configuration does not set authentication
Overview The web administration interface for the WN-APG/R-Series and WN-WAPG/R-Series wireless LAN routers from I-O DATA DEVICE disables authentication in the default configuration. The authentication for the web administration interface for the WN-APG/R-Series and WN-WAPG/R-Series wireless LAN...
Sun Java Runtime Environment (JRE) contains a vulnerability in processing XSLT transformations
Overview The Sun Microsystems Java Runtime Environment JRE contains a vulnerability that could allow privilege escalation in the processing of XSLT transformations. The Sun Microsystems Java Runtime Environment JRE contains a vulnerability that could allow a remote attacker to elevate its...
Mozilla Firefox cross-site scripting vulnerability
Overview Mozilla Firefox web browser contains a cross-site scripting vulnerability. Mozilla Firefox does not properly handle certain HTML documents in ShiftJIS encoding. According to MFSA 2008-13, this flaw could potentially be used to evade web-site input filters and result in a XSS attack hazar...
Cross-site scripting vulnerabilities in multiple Bluemoon Inc. XOOPS modules
Overview Mutiple Bluemoon Inc. XOOPS modules are vulnerable to cross-site scripting. Mutiple modules provided by Blumoon Inc. for XOOPS 2.0.x / XOOPS Cube 2.1 / ImpressCMS are vulnerable to cross-site scripting. Yosuke Yamada and Hirohisa Yamaguchi of NetAgent Co., Ltd. reported this vulnerabilit...
SEWB3/PLATFORM Denial of Service Vulnerability
Overview SEWB3/PLATFORM handles SEWB3 message improperly when it receives malformed data, which allows attackers to cause a Denial of Service DoS. Impact An attacker could cause a Denial of Service DoS. Solution Please refer to the 'Vendor Information' section for official remediation and take...
JP1/Cm2/Network Node Manager Denial of Service Vulnerability
Overview The JP1/Cm2/Network Node Manager NNM has vulnerability that can be exploited to cause a denial of service DoS. Impact A remote attacker could cause a denial of service DoS. Solution Please refer to the 'Vendor Information' section for the recommended workaround...
Internet Scanner reporting engine vulnerable to cross-site scripting
Overview IBM Internet Scanner has a function to generate a report as an HTML file. Internet Scanner's reporting engine does not properly sanitize data before generating this report. This vulnerability may allow an attacker to insert an arbitrary script, which is executed on the user's web browser...
Apache Tomcat fails to properly handle cookie value
Overview Apache Tomcat from the Apache Software Foundation contains a vulnerability that could allow a remote attacker to coerce a crafted cookie to a user's web browser. Apache Tomcat from the Apache Software Foundation is a web container that implements both Java Servlets and JavaServer Pages...
BFup ActiveX Control buffer overflow vulnerability
Overview BFup ActiveX Control contains a buffer overflow vulnerability. BFup ActiveX Control is developed by an individual that provides file upload and download functionality. BFup ActiveX Control contains a buffer overflow vulnerability. According to the developer of BFup ActiveX Control, this...
DesignForm cross-site scripting vulnerability
Overview DesignForm is a mail form CGI provided by GNB. A cross-site scripting vulnerability exists in DesignForm. DesignForm is a mail form CGI provided by GNB. It is used to send mail from a form on a web page. A cross-site scripting vulnerabiltiy exists in DesignForm. Impact An arbitrary scrip...
Lhaplus buffer overflow vulnerability
Overview Lhaplus, file compression/decompression software supporting multiple compression file formats, contains a buffer overflow vulnerability. Lhaplus, file compression/decompression software supporting multiple compression file formats, contains a buffer overflow vulnerability. If a user...
Cross-site scripting vulnerability in updir.php in UPDIR.NET
Overview updir.php in UPDIR.NET contains a cross-site scripting vulnerability in the full-text search and file upload functions. updir.php from UPDIR.NET is software for publishing and managing image files, etc. on web servers. By installing updir.php on a web server, users are able to upload ima...
KDDI sample CGI download program directory traversal vulnerability
Overview A directory traversal vulnerability exists in a sample CGI download program included with KDDI's EZFactory. A sample CGI download program is included with KDDI's EZFactory for downloading and saving data such as images and ringtones to EZweb compatible cellular phones. A directory...
APOP password recovery vulnerability
Overview POP3 is a protocol for receiving email from mail servers. APOP is an authentication mechanism used by the POP3 protocol. It is reported that APOP passwords could be recovered by third parties. In its successful attack, the attacker spoofs itself as the mail server, provides challenge...
Hitachi Web Server Cross-Site Scripting Vulnerability with Server-Status Page
Overview When Hitachi Web Server receives a request that contains malicious scripts, they are inserted into the server-satus page the Server automatically creates. This allows the inserted malicious scripts to be executed on the client machines. The vulnerability does not affect the product if th...
Canon Network Camera Server VB100 Series vulnerable to cross-site scripting
Overview Canon Network Camera Server VB100 Series contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed in the camera server management screen. Solution None...
Tomcat vulnerable in request processing
Overview Apache Tomcat, an implementation of the Java Servlet and JavaServer Pages technologies, contains a vulnerability in processing specific requests. To avoid this vulnerability, use the connectors other than AJP 1.3 Connector when connecting Apache Tomcat to a web server. Apache Tomcat...
Namazu cross-site scripting vulnerability
Overview Namazu, Japanese full-text search engine, contains a cross-site scripting vulnerability. Namazu, Japanese full-text search engine does not specify charset in the ContentType header that could allow a remote attacker to execute an arbitrary script on the user's web browser. Impact An...
McAfee VirusScan Engine buffer overflow vulnerability
Overview McAfee VirusScan Engine contains a buffer overflow vulnerability. Impact A buffer overflow may occur when scanning a malformed LHA file. Solution None...
MTCMS WYSIWYG Editor cross-site scripting vulnerability
Overview MTCMS WYSIWYG Editor, weblog management software from SKYARC System, contains a cross-site scripting vulnerability. MTCMS WYSIWYG Editor from SKYARC System is management software used to update Movable Type contents, etc. The install.cgi in MTCMS WYSIWYG Editor contains a cross-site...
RaidenHTTPD cross-site scripting vulnerability
Overview RaidenHTTPD, from Sonei Information Systems TEAM JOHNLONG, contains a cross-site scripting vulnerability. RaidenHTTPD is a multipurpose web server for Windows provided by TEAM JOHNLONG. RaidenHTTPD contains a cross-site scripting vulnerability. Impact Arbitrary code could be executed on...
JVN#31351020 Cross-site scripting vulnerabilities in multiple Bluemoon Inc. XOOPS modules
Mutiple modules provided by Blumoon Inc. for XOOPS 2.0.x / XOOPS Cube 2.1 / ImpressCMS are vulnerable to cross-site scripting. Impact An arbitrary script can be executed on the user's web browser. Solution Update the Software Update the product to the latest version according to the information...
JVN#74468481 Lhaplus buffer overflow vulnerability
Lhaplus, file compression/decompression software supporting multiple compression file formats, contains a buffer overflow vulnerability. If a user decompresses a specially crafted file, an attacker could execute arbitrary code with the privilege of the user. This vulnerability is different from...
JVN#76788395 Sony mylo COM-2 does not verify server SSL certificate
Sony mylo COM-2, a mobile terminal equipped with a web browser and media palyer, contains a vulnerability where it does not verify the server certificate when connecting to a server via SSL/TLS. Impact Normally, when a client connects to a web server through a SSL/TLS connection, it would verify...
JVN#21563357 Mozilla Firefox cross-site scripting vulnerability
Mozilla Firefox does not properly handle certain HTML documents in ShiftJIS encoding. According to MFSA 2008-13, this flaw could potentially be used to evade web-site input filters and result in a XSS attack hazard. Impact An arbitrary script may be executed on the user's web browser. Solution...
JVN#76669770 PerlMailer cross-site scripting vulnerability
PerlMailer is a mail form CGI provided by "Homepage Decorator". It is used to send mail from a form on a web page. A cross-site scripting vulnerabiltiy exists in PerlMailer. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest...
JVN#58803701 DesignForm cross-site scripting vulnerability
DesignForm is a mail form CGI provided by GNB. It is used to send mail from a form on a web page. A cross-site scripting vulnerabiltiy exists in DesignForm. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest version according to...