Lucene search
K

5625 matches found

Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/03/21 12:0 a.m.•28 views

JVN#00892830 Namazu cross-site scripting vulnerability

Namazu, Japanese full-text search engine does not specify charset in the ContentType header that could allow a remote attacker to execute an arbitrary script on the user's web browser. Impact An arbitrary script could be executed on the user's web browser. Solution Update the Software Update to t...

7.3AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/03/18 12:0 a.m.•26 views

JVN#13159997 Multiple I-O DATA DEVICE wireless LAN routers default configuration does not set authentication

The authentication for the web administration interface for the WN-APG/R-Series and WN-WAPG/R-Series wireless LAN routers from I-O DATA DEVICE is disabled in the default configuration. This vulnerability may allow a remote attacker to access the web administration interface without authentication...

7.5AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/03/12 12:0 a.m.•11 views

JVN#79114735 Google Desktop cross-site scripting vulnerability

Google Desktop, software for searching information on local computers, contains a cross-site scripting vulnerability. Impact An arbitrary script could be executed on the web browser of a user who uses Google Desktop. Solution According to the vendor, this vulnerability has been fixed in Google...

6.3AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/03/11 12:0 a.m.•15 views

JVN#04032535 Sun Java Runtime Environment (JRE) contains a vulnerability in processing XSLT transformations

The Sun Microsystems Java Runtime Environment JRE contains a vulnerability that could allow a remote attacker to elevate its privileges via an untrusted applet or application that is downloaded from a website to perform XSLT transformations on XML documents. Impact The impacts vary depending on t...

7.7AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/03/07 12:0 a.m.•17 views

JVN#10606373 BFup ActiveX Control buffer overflow vulnerability

BFup ActiveX Control is developed by an individual that provides file upload and download functionality. BFup ActiveX Control contains a buffer overflow vulnerability. According to the developer of BFup ActiveX Control, this vulnerability only exists in BFup ActiveX Control developed by the...

8.5AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/03/07 12:0 a.m.•13 views

JVN#21312708 MTCMS WYSIWYG Editor cross-site scripting vulnerability

MTCMS WYSIWYG Editor from SKYARC System is management software used to update Movable Type contents, etc. The install.cgi in MTCMS WYSIWYG Editor contains a cross-site scripting vulnerability. Impact An arbitrary script could be executed on the user's web browser. Solution Workarounds The vendor...

6.5AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/03/07 12:0 a.m.•19 views

JVN#95014590 Zimbra Collaboration Suite script execution vulnerability

Zimbra Collaboration Suite is a web collaboration tool that provides calendar, address book, webmail, and other functions. Zimbra Collaboration Suite 4.0.3 and 4.5.6 contain a vulnerability that could allow a remote attacker to execute an arbitrary script on the user's web browser. Impact If a us...

7.3AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/03/05 12:0 a.m.•28 views

JVN#10056705 FTP bounce vulnerability in multiple Canon digital multifunction copiers and laser beam printers

The Canon Color imageRUNNER Series, imageRUNNER Series, imagePRESS Series, and laser beam printer series are digital multifunction copiers and printers. Some of these products contain a vulnerability that could allow a remote attacker to access other network devices via a built-in FTP server...

6.4CVSS6.3AI score0.02051EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/02/29 12:0 a.m.•13 views

JVN#53757727 Nagios cross-site scripting vulnerability

Nagios from Nagios.org is software that monitors network services, hosts, and other resources. Nagios contains a cross-site scripting vulnerability. Impact An arbitrary script can be executed on the user's web browser. Solution Update the Software Update the software to the latest version accordi...

6.5AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/02/21 12:0 a.m.•17 views

JVN#54593414 Cross-site scripting vulnerability in multiple Tor World CGI scripts

Tor World provides CGI scripts for implementing search engines, message boards, and other tools. Multiple Tor World CGI scripts contain a cross-site scripting vulnerability. Impact An arbitrary script can be executed on the user's web browser. Solution Update the Software Apply the latest update...

6.7AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/02/21 12:0 a.m.•27 views

JVN#42381549 Internet Scanner reporting engine vulnerable to cross-site scripting

IBM Internet Scanner has a function to generate a report as an HTML file. Internet Scanner's reporting engine does not properly sanitize data before generating this report. This vulnerability may allow an attacker to insert an arbitrary script, which is executed on the user's web browser when the...

6.4AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/02/12 12:0 a.m.•66 views

JVN#09470767 Apache Tomcat fails to properly handle cookie value

Apache Tomcat from the Apache Software Foundation is a web container that implements both Java Servlets and JavaServer Pages. Apache Tomcat from the Apache Software Foundation contains a vulnerability that could allow a remote attacker to coerce a crafted cookie to a user's web browser. The...

5CVSS4.8AI score0.62575EPSS
Exploits5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/02/07 12:0 a.m.•15 views

JVN#38893575 PC2M cross-site scripting vulnerability

PC2M is an open source web application which converts web pages and images to be available on web-capable mobile devices such as cellphones and PDAs. PC2M contains a cross-site scripting vulnerability. Impact An arbitrary script can be executed on the user's web browser. Solution Update the...

6.7AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/02/05 12:0 a.m.•13 views

JVN#91868305 RaidenHTTPD cross-site scripting vulnerability

RaidenHTTPD is a multipurpose web server for Windows provided by TEAM JOHNLONG. RaidenHTTPD contains a cross-site scripting vulnerability. Impact An arbitrary script can be executed on the user's web browser. Solution Update the Software Apply the latest update provided by the vendor. Products...

6.7AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/01/28 12:0 a.m.•19 views

JVN#01162446 Cross-site scripting vulnerabilities in multiple Hal Networks shopping cart products

Multiple Hal Networks shopping cart software products are vulnerable to cross-site scripting. Impact An arbitrary script can be executed on the user's web browser. Solution Update the Software Apply the latest updates provided by the vendor. For more information, refer to the vendor's website...

6.5AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/01/28 12:0 a.m.•40 views

JVN#88575577 Multiple Yamaha routers vulnerable to cross-site request forgery

Multiple Yamaha routers provide a web-based interface for users to configure the settings of the routers. The web interface is vulnerable to cross-site request forgery. Impact If the administrator views a malicious website while logged onto the web interface, the password and other configuration...

7.1AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/01/07 12:0 a.m.•17 views

JVN#08237857 Multiple JustSystems products vulnerable to buffer overflow

Multiple JustSystems products contain a vulnerability which allows a remote attacker to cause buffer overflow when a user opens or views a specially crafted .jtd file. Impact If a user opens a specially crafted .jtd file or views a web page containing a specially crafted .jtd file, arbitrary code...

7.7AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2007/12/26 12:0 a.m.•30 views

JVN#33044255 GreaseKit and Creammonkey allows execution of userscript functions

GreaseKit and Creammonkey are plugins that enable user scripting to Safari and other Apple Webkit applications, and they provide APIs callable only from userscripts. GreaseKit and Creammonkey are vulnerable in allowing APIs called from a web page. Impact When a user views a specially crafted web...

6.8AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2007/12/25 12:0 a.m.•17 views

JVN#44736880 WinAce buffer overflow vulnerability

WinAce provided by e-merge GmbH is software to compress and decompress files in multiple types of compression format. WinAce is vulnerable to buffer overflow. When WinAce decompresses a specially crafted file, this vulnerability can be exploited to execute arbitrary code with the privilege of the...

8.2AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2007/12/21 12:0 a.m.•21 views

JVN#89292430 Cross-site scripting in Sun Java System Web Server and Sun Java System Web Proxy Server

Sun Java System Web Server and Sun Java System Web Proxy Server, which are both web servers, provide a function for a user to view access logs and other records in a web browser. This function is vulnerable to cross-site scripting. Impact An arbitrary script can be executed on the user's web...

6.8AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2007/12/20 12:0 a.m.•31 views

JVN#45675516 Flash Player vulnerable in handling cross-domain policy files

Adobe Flash Player is a player for the Flash media format and enables frame-based animations with sound to be viewed within a web browser. According to Adobe's "About allowing cross-domain data loading", "When a Flash document attempts to access data from another domain, Flash Player automaticall...

9.3CVSS5.8AI score0.08467EPSS
Exploits1
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2007/12/20 12:0 a.m.•41 views

JVN#50876069 Flash Player allows to send arbitrary HTTP headers

Adobe Flash Player is a player for the Flash media format and enables frame-based animations with sound to be viewed within a web browser. Flash Player contains a vulnerability that could allow a remote attacker to modify HTTP headers of client requests and conduct a HTTP request splitting attack...

5.8CVSS6.3AI score0.04743EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2007/12/18 12:0 a.m.•12 views

JVN#75130343 Google Web Toolkit vulnerable to cross-site scripting

Google Web Toolkit GWT is an open source software development framework that allows web developers to create Ajax applications in Java. The benchmark reporting system in GWT is vulnerable to cross-site scripting. Impact An arbitrary script can be executed on the user's web browser. Solution Updat...

6.5AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2007/12/13 12:0 a.m.•35 views

JVN#80057925: Cross-site scripting vulnerability in Apache HTTP Server "mod_imap" and "mod_imagemap"

The Apache HTTP Server is open source web server software. The Apache HTTP Server modules modimap and modimagemap provide server-side imagemap processing capability. The Apache HTTP Server modules modimap and modimagemap are vulnerable to cross-site scripting. Impact An arbitrary script can be...

4.3CVSS9.3AI score0.46603EPSS
Exploits1
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2007/12/13 12:0 a.m.•14 views

JVN#52846259 JP1/Cm2/Network Node Manager vulnerable to cross-site scripting

Hitachi JP1/Cm2/Network Node Manager NNM is software that helps a network administrator manage network configurations, faults, and other elements. Hitachi NNM is vulnerable to cross-site scripting. Impact An arbitrary script can be executed on the user's web browser. Solution Update the Software...

6.6AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2007/12/12 12:0 a.m.•10 views

JVN#23120863 Rainboard cross-site scripting vulnerability

The Rainboard bulletin board software provided by UDON is vulnerable to cross-site scripting. Impact An arbitrary script can be executed on the user's web browser. Solution Update the Software Apply the latest update provided by the developer. Products Affected Rainboard 2.02 and earlier...

6.8AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2007/12/11 12:0 a.m.•12 views

JVN#77414947 Cybozu Office denial of service (DoS) vulnerability

Cybozu Office, web-based groupware, is vulnerable to a denial of service DoS attack because it fails to properly handle specially crafted HTTP requests. Impact A remote attacker can cause a denial of service DoS against the server. Solution Update the Software For more information, refer to the...

7.1AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2007/12/11 12:0 a.m.•17 views

JVN#90712589 Multiple Cybozu products vulnerable to cross-site scripting

Multiple Cybozu products are vulnerable to cross-site scripting. This vulnerability is different from JVN50342989. Impact An arbitrary script can be executed on the user's web browser. Solution Update the Software Apply the latest updates provided by the vendor. Products Affected Cybozu Office 6....

6.9AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2007/12/11 12:0 a.m.•16 views

JVN#50342989 Multiple Cybozu products vulnerable to cross-site scripting

Multiple Cybozu products are vulnerable to cross-site scripting. This vulnerability is different from JVN90712589. Impact An arbitrary script can be executed on the user's web browser. Solution Update the Software Apply the latest updates provided by the vendor. Products Affected Cybozu Office 6....

6.9AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2007/12/11 12:0 a.m.•13 views

JVN#77730435 Multiple Cybozu products vulnerable to HTTP header injection

Multiple Cybozu products are vulnerable to HTTP header injection because they do not properly process HTTP headers. Impact A remote attacker can conduct cache poisoning, send an arbitrary cookie, or execute an arbitrary script on the user's web browser. Solution Update the Software For more...

7.8AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2007/12/07 12:0 a.m.•19 views

JVN#02854109 HttpLogger vulnerable to cross-site scripting

Klab HttpLogger is full-text search software for web browser histories. HttpLogger is vulnerable to cross-site scripting. Impact An arbitrary script can be executed on the user's web browser. Solution Update the Software Apply the latest update provided by the developer. For more information, ref...

6.6AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2007/12/04 12:0 a.m.•32 views

JVN#66291445 SonicStage CP buffer overflow vulnerability

Sony SonicStage CP is software for music management. SonicStage CP contains a vulnerability that can be exploited to cause a buffer overflow when importing a specially crafted playlist file with the .m3u extension. Impact Importing a specially crafted playlist file with the .m3u extension can cau...

9.3CVSS7.7AI score0.10919EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2007/11/22 12:0 a.m.•38 views

JVN#82610488 Lhaplus buffer overflow vulnerability

Lhaplus, file compression/decompression software supporting multiple compression file formats, contains a buffer overflow vulnerability. If a user decompresses a specially crafted file, an attacker could execute arbitrary code with the privilege of the user. This vulnerability is different from...

6.6CVSS7.7AI score0.03456EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2007/11/21 12:0 a.m.•16 views

JVN#55833292 FileMaker cross-site scripting vulnerability

FileMaker is database software from FileMaker, Inc. FileMaker contains a cross-site scripting vulnerability in its "Instant Web Publishing" function that enables users to publish database contents on the web. Impact An attacker could execute an arbitrary script on the web browser of a user who...

6.7AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2007/11/20 12:0 a.m.•13 views

JVN#33218020 Feed2JS cross-site scripting vulnerability

Feed2JS Feed to JavaScript is an open source web application which converts RSS feeds into JavaScript. Feed2JS contains a cross-site scripting vulnerability. Impact An attacker could execute an arbitrary script on the user's web browser. Solution Update the Software Apply the latest updates...

6.7AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2007/11/19 12:0 a.m.•12 views

JVN#33820033 RoundCube Webmail cross-site request forgery vulnerability

RoundCube Webmail is an open source webmail client from the RoundCube Project. RoundCube Webmail contains a cross-site request forgery vulnerability that may allow disclosure of information such as email subject lines. Impact Information such as email subject lines may be disclosed on the web...

6.7AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2007/11/13 12:0 a.m.•17 views

JVN#65427327 Sleipnir and Grani Bookmark Search vulnerable to arbitrary script execution

Sleipnir and Grani, web browsers from Fenrir & Co., have a bookmark search function. When a user runs the search function, the search result is displayed in the web browser. If a specially crafted URL is registered to the bookmark, an attacker could execute an arbitrary script on the user's web...

7.2AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2007/11/09 12:0 a.m.•20 views

JVN#99453765 Cross-site scripting vulnerability in updir.php in UPDIR.NET

updir.php from UPDIR.NET is software for publishing and managing image files, etc. on web servers. By installing updir.php on a web server, users are able to upload image files, etc. on the web server and publish and manage the uploaded files. updir.php contains a cross-site scripting vulnerabili...

6.7AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2007/11/07 12:0 a.m.•13 views

JVN#84565055 Lotus Domino cross-site scripting vulnerability

IBM Lotus Domino is server software for Lotus Notes, groupware from IBM. Lotus Domino contains a cross-site scripting vulnerability. Impact An attacker could execute an arbitrary script on the web browser of a user who accesses a Lotus Domino server. Solution Update the Software For Lotus Domino...

6.6AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2007/11/05 12:0 a.m.•12 views

JVN#79295963 NetCommons cross-site scripting vulnerability

NetCommons from the NetCommons Project is an open source content management system which provides e-learning and groupware functions. NetCommons contains a cross-site scripting vulnerability. This vulnerability is different from JVN51301450. Impact An attacker could execute an arbitrary script on...

6.7AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2007/10/25 12:0 a.m.•20 views

JVN#50495547 Ichitaro series buffer overflow vulnerability

The "Ichitaro" series word processing software, from JustSystems Corporation, contains a buffer overflow vulnerability. If a user opens a specially crafted jtd file or views it on a web browser, an attacker could execute arbitrary code with the privileges of the user. Impact An attacker could...

8.5AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2007/10/25 12:0 a.m.•15 views

JVN#32981509 Ichitaro series buffer overflow vulnerability

The "Ichitaro" series word processing software, from JustSystems Corporation, contains a buffer overflow vulnerability. If a user opens a specially crafted jtd file or views it on a web browser, an attacker could execute arbitrary code with the privileges of the user. Impact An attacker could...

8.5AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2007/10/25 12:0 a.m.•16 views

JVN#29211062 Ichitaro series buffer overflow vulnerability

The "Ichitaro" series word processing software, from JustSystems Corporation, contains a buffer overflow vulnerability. If a user opens a specially crafted jtd file or views it on a web browser, an attacker could execute arbitrary code with the privileges of the user. Impact An attacker could...

8.5AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2007/10/12 12:0 a.m.•12 views

JVN#63304072 MouseoverDictionary vulnerable to arbitrary script execution

MouseoverDictionary, an add-on mouseover English-Japanese dictionary for Mozilla Firefox, contains a vulnerability that allows an attacker to execute an arbitrary script on the user's web browser as it does not handle the sidebar HTML page properly. Impact An attacker could execute an arbitrary...

7AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2007/10/12 12:0 a.m.•19 views

JVN#71872818 AirStation series and BroadStation series vulnerable to cross-site request forgery

Buffalo's AirStation series and BroadStation series routers have a web administration interface that can be accessed from a web browser to configure their functional settings. The web administration interface is vulnerable to cross-site request forgery. Impact If the administrator of such a produ...

7.2AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2007/10/05 12:0 a.m.•17 views

JVN#61323184 PowerArchiver buffer overflow vulnerability

PowerArchiver, file compression/decompression software from ConeXware, Inc. supporting multiple compression file formats, contains a buffer overflow vulnerability. If a user opens a specially crafted file, an attacker could execute arbitrary code with the privileges of the user. Impact An attacke...

9.3CVSS7.5AI score0.04756EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2007/10/03 12:0 a.m.•41 views

JVN#61208749 Webmin OS command injection vulnerability

Webmin is a web-based system management tool. Webmin for Windows contains a vulnerability that allows an unauthorized Webmin user to execute OS commands by entering a specially crafted URL. Impact An attacker could execute arbitrary OS commands with Local System privileges on a computer where...

9CVSS7AI score0.02445EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2007/10/01 12:0 a.m.•72 views

JVN#79013771 Safari allows access from HTTP to HTTPS

Safari is a default web browser installed in Mac OS X and iPhone. Safari contains a vulnerability that allows a remote attacker to access web page contents protected by SSL/TLS from an HTTP page in the same domain. Impact A remote attacker could obtain or change the web page contents protected by...

6.8CVSS7.5AI score0.02569EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2007/09/28 12:0 a.m.•13 views

JVN#70075625 Aipo session fixation vulnerability

Aipo from Aimluck, Inc. is groupware including functions such as scheduler and intra-blogging. Aipo contains a session fixation vulnerability which may allow an attacker to impersonate a user when the user logs into AIPO with the session ID sent by the attacker. Impact This vulnerability may allo...

7AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2007/09/21 12:0 a.m.•31 views

JVN#70734805 Lhaplus buffer overflow vulnerability

Lhaplus, software for compression and decompression supporting various compressed file formats, contains a buffer overflow vulnerability. If a user opens a specially crafted file, arbitrary code could be executed with the privilege of the user. Impact Arbitrary code could be executed with the...

7.5CVSS7.2AI score0.04119EPSS
Exploits1
Total number of security vulnerabilities5625